From 87957c15b5042de99cf72cb356beea9043597ee1 Mon Sep 17 00:00:00 2001 From: Ken Fong Date: Mon, 21 Jan 2019 18:51:25 +0800 Subject: [PATCH] first commit --- README.md | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ tasks/main.yml | 14 ++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 README.md create mode 100644 tasks/main.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..8c709e4 --- /dev/null +++ b/README.md @@ -0,0 +1,49 @@ +# users ansible role. +Create user and optionally put user into sudoers. By default, user is added to ssh_access group. + +## Required variables: +user: + name: john + group: clientadmin + pwhash: sha512 hash + sudoers: yes/no + +## Usage: +Create a playbook like this +``` +--- +- name: create user rs-test1 + hosts: test1 + become: yes + roles: + - role: users + vars: + user: + name: rs-test1 + group: clientadmin + pwhash: "$6$fqpO..." + sudoers: yes +``` + + +## How to generate pwhash +```mkpasswd -m sha-512``` + +or use the following python script which generates random password and a hash at the same time + +``` +#!/usr/bin/env python3 +import string +import crypt +import threading +from random import * +characters = string.ascii_letters + "~@#$%^&*()-_+=23456789" + +def genOne(): + password = "".join(choice(characters) for x in range(randint(10, 15))); + salt = crypt.mksalt(method=crypt.METHOD_SHA512); + print (password, "|", crypt.crypt(password,salt=salt)); + +for i in range(4): + threading.Thread(target=genOne, args=()).start() +``` diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..73bef9f --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,14 @@ +- name: Create user {{ user.name }} + user: + name: "{{ user.name }}" + shell: /bin/bash + groups: "{{ user.group }},ssh_access" + password: "{{ user.pwhash }}" + +- name: Add user to sudoers + lineinfile: + path: "/etc/sudoers.d/{{ user.name }}" + create: yes + line: "{{ user.name }} ALL=(ALL) NOPASSWD: ALL" + when: user.sudoers +