blob: 8ba9c7c6861138c8b997e2bfef7220704125ca96 [file] [log] [blame]
---
# users tasks/main.yml
#
# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
# SPDX-License-Identifier: Apache-2.0
- name: include OS-specific vars
include_vars: "{{ ansible_os_family }}.yml"
- name: include OS-specific tasks
include_tasks: "{{ ansible_os_family }}.yml"
- name: Create groups
group:
name: "{{ item }}"
with_items: "{{ users_groups }}"
- name: Create user accounts
user:
name: "{{ item.username }}"
comment: "{{ item.fullname | default(item.username) }}"
password: "{{ item[users_os_pw_type] }}"
home: "{{ item.homedir | default(omit) }}"
system: "{{ item.system | default(false) }}"
shell: "{{ item.shell | default(users_default_shell) }}"
with_items: "{{ userlist }}"
- name: Add user to sudo-capable group if they're a sudoer
when: "'sudoer' in item and item.sudoer"
user:
name: "{{ item.username }}"
groups: "{{ users_os_sudoers_group }}"
append: true
with_items: "{{ userlist }}"
- name: Add user to any extra_groups
when: "'extra_groups' in item and item.extra_groups"
user:
name: "{{ item.username }}"
groups: "{{ item.extra_groups }}"
append: true
with_items: "{{ userlist }}"
- name: Add ssh key to user account, removing all others
when: "item.ssh_key | default(true)"
authorized_key:
user: "{{ item.username }}"
key: "{{ lookup('file', item.username ~ '.pub') }}"
exclusive: true
with_items: "{{ userlist }}"
- name: Add users_sudoers file (if specified)
when: "users_sudoers | length > 0"
template:
src: "users_sudoers.j2"
dest: "/etc/sudoers.d/users_sudoers"
owner: "root"
group: "root"
mode: 0440
validate: "visudo -c -s -f %s"