Gitiles
Code Review Sign In
gerrit.opencord.org / ansible / role / users / 00108f26664e68286cf8dc5a6f592d3f714b9e0a / . / tasks / main.yml
blob: c0b2b39e741aa554c687eeff16991e515c4ce1de [file] [log] [blame]
Zack Williams2894e4f2020-09-17 09:45:17 -0700[diff] [blame]1---
2# users tasks/main.yml
3#
4# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
5# SPDX-License-Identifier: Apache-2.0
6
7- name: include OS-specific vars
8 include_vars: "{{ ansible_os_family }}.yml"
9
10- name: include OS-specific tasks
11 include_tasks: "{{ ansible_os_family }}.yml"
12
13- name: Create user accounts
14 user:
15 name: "{{ item.username }}"
16 comment: "{{ item.fullname | default(item.username) }}"
17 password: "{{ item[users_os_pw_type] }}"
18 home: "{{ item.homedir | default(omit) }}"
19 system: "{{ item.system | default(false) }}"
20 with_items: "{{ userlist }}"
21
22- name: Add user to sudo-capable group if they're a sudoer
23 when: "'sudoer' in item and item.sudoer"
24 user:
25 name: "{{ item.username }}"
26 groups: "{{ users_os_sudoers_group }}"
27 append: true
28 with_items: "{{ userlist }}"
29
30- name: Add user to any extra_groups
31 when: "'extra_groups' in item and item.extra_groups"
32 user:
33 name: "{{ item.username }}"
34 groups: "{{ item.extra_groups }}"
35 append: true
36 with_items: "{{ userlist }}"
37
38- name: Add ssh key to user account, removing all others
39 when: "item.ssh_key | default(true)"
40 authorized_key:
41 user: "{{ item.username }}"
42 key: "{{ lookup('file', item.username ~ '.pub') }}"
43 exclusive: true
44 with_items: "{{ userlist }}"
Zack Williams00108f22020-10-30 14:01:28 -0700[diff] [blame^]45
46- name: Add users_sudoers file (if specified)
47 when: "users_sudoers | length > 0"
48 template:
49 src: "users_sudoers.j2"
50 dest: "/etc/sudoers.d/users_sudoers"
51 owner: "root"
52 group: "root"
53 mode: 0440
54 validate: "visudo -c -s -f %s"