first commit

2019-01-21 18:51:25 +08:00
commit 87957c15b5
2 changed files with 63 additions and 0 deletions
@@ -0,0 +1,49 @@
+# users ansible role.
+Create user and optionally put user into sudoers. By default, user is added to ssh_access group.
+
+## Required variables:
+user:
+  name: john
+  group: clientadmin
+  pwhash: sha512 hash
+  sudoers: yes/no
+
+## Usage:
+Create a playbook like this
+```
+---
+- name: create user rs-test1
+  hosts: test1
+  become: yes
+  roles:
+    - role: users
+      vars:
+        user:
+          name: rs-test1
+          group: clientadmin
+          pwhash: "$6$fqpO..."
+          sudoers: yes
+```
+
+
+## How to generate pwhash
+```mkpasswd -m sha-512```
+
+or use the following python script which generates random password and a hash at the same time
+
+```
+#!/usr/bin/env python3
+import string
+import crypt
+import threading
+from random import *
+characters = string.ascii_letters + "~@#$%^&*()-_+=23456789"
+
+def genOne():
+    password =  "".join(choice(characters) for x in range(randint(10, 15)));
+    salt = crypt.mksalt(method=crypt.METHOD_SHA512);
+    print (password, "|", crypt.crypt(password,salt=salt));
+
+for i in range(4):
+    threading.Thread(target=genOne, args=()).start()
+```
@@ -0,0 +1,14 @@
+- name: Create user {{ user.name }}
+  user:
+    name: "{{ user.name }}"
+    shell: /bin/bash
+    groups: "{{ user.group }},ssh_access"
+    password: "{{ user.pwhash }}"
+
+- name: Add user to sudoers
+  lineinfile:
+    path: "/etc/sudoers.d/{{ user.name }}"
+    create: yes
+    line: "{{ user.name }} ALL=(ALL) NOPASSWD: ALL"
+  when: user.sudoers 
+