Initial commit of users role
Change-Id: I808c990019b059e0a412986d9b4c010689255581
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..92f7ca2
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,44 @@
+---
+# users tasks/main.yml
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+- name: include OS-specific vars
+ include_vars: "{{ ansible_os_family }}.yml"
+
+- name: include OS-specific tasks
+ include_tasks: "{{ ansible_os_family }}.yml"
+
+- name: Create user accounts
+ user:
+ name: "{{ item.username }}"
+ comment: "{{ item.fullname | default(item.username) }}"
+ password: "{{ item[users_os_pw_type] }}"
+ home: "{{ item.homedir | default(omit) }}"
+ system: "{{ item.system | default(false) }}"
+ with_items: "{{ userlist }}"
+
+- name: Add user to sudo-capable group if they're a sudoer
+ when: "'sudoer' in item and item.sudoer"
+ user:
+ name: "{{ item.username }}"
+ groups: "{{ users_os_sudoers_group }}"
+ append: true
+ with_items: "{{ userlist }}"
+
+- name: Add user to any extra_groups
+ when: "'extra_groups' in item and item.extra_groups"
+ user:
+ name: "{{ item.username }}"
+ groups: "{{ item.extra_groups }}"
+ append: true
+ with_items: "{{ userlist }}"
+
+- name: Add ssh key to user account, removing all others
+ when: "item.ssh_key | default(true)"
+ authorized_key:
+ user: "{{ item.username }}"
+ key: "{{ lookup('file', item.username ~ '.pub') }}"
+ exclusive: true
+ with_items: "{{ userlist }}"