enh: role now takes a list of users in the userlist variable

2019-05-03 19:50:29 +08:00
parent f374207c92
commit 1ee5043781
3 changed files with 24 additions and 38 deletions
@@ -4,16 +4,9 @@ Create user and optionally put user into sudoers. By default, user is added to s

 URL: https://xpk.headdesk.me/git/xpk/role.users

-## Required variables:
-```
-user:
-  name: john
-  group: clientadmin
-  sudoers: yes/no
-```
-
 ## Usage:
-Create a playbook like this
+Provide the userlist, group, and sudoers variables in a playbook, e.g:
+
 ```
 ---
 - name: create user user1
@@ -22,10 +15,11 @@ Create a playbook like this
  roles:
    - role: users
      vars:
-        user:
-          name: user1
-          group: staff
-          sudoers: yes
+        userlist:
+          - foo1
+          - foo2
+        group: staff
+        sudoers: yes
 ```

 ## Tested on
@@ -1,14 +0,0 @@
-#!/usr/bin/env python3
-import string
-import crypt
-import threading
-from random import *
-characters = string.ascii_letters + "~@#%^*()-_+=23456789"
-
-def genOne():
-    password =  "".join(choice(characters) for x in range(randint(12, 16)));
-    salt = crypt.mksalt(method=crypt.METHOD_SHA512);
-    print (password, "|", crypt.crypt(password,salt=salt));
-
-for i in range(4):
-    threading.Thread(target=genOne, args=()).start()
@@ -3,25 +3,31 @@
    name: ssh_access
    state: present

- set_fact:
-    plain_pass: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,hexdigitsi length=15') }}"
-
- name: Create user {{ user.name }}
+- name: Create user
  user:
-    name: "{{ user.name }}"
+    name: "{{item}}"
    shell: /bin/bash
-    groups: "{{ user.group }},ssh_access"
-    password: "{{ plain_pass | password_hash('sha512') }}"
+    groups: "{{ group }},ssh_access"
+    password: "{{lookup('password', 'cred.' + item + '.pass chars=ascii_letters,digits,hexdigitsi length=15') | password_hash('sha512')}}"
+  with_items: "{{userlist}}"

 - name: Add user to sudoers
  lineinfile:
-    path: "/etc/sudoers.d/{{ user.name }}"
+    path: "/etc/sudoers.d/{{item}}"
    create: yes
-    line: "{{ user.name }} ALL=(ALL) NOPASSWD: ALL"
+    line: "{{ item }} ALL=(ALL) NOPASSWD: ALL"
    mode: 0440
-  when: user.sudoers 
+  when: sudoers
+  with_items: "{{userlist}}"

 - name: Display generated password
  debug:
-    msg: "Generated password for {{ user.name }}: {{ plain_pass }}"
+    msg: "Generated password for {{item}}: {{lookup('password', 'cred.' + item + '.pass chars=ascii_letters,digits,hexdigitsi length=15')}}"
+  with_items: "{{userlist}}"
+
+- name: Remove password files created by ansible
+  file:
+    path: cred.{{item}}.pass
+    state: absent
+  with_items: "{{userlist}}"