This role allows for treating users as data.
It combines management of users, group and
ssh public keys. All of the
user module
parameters are optional except name and ssh_keys.
All v1.7 users parameters are supported except a few. They will be supported
once the default(omit) feature is released. Support for these are presently
omitted:
- login_class
- ssh_key_*
- group
There are two variables, users_and_groups and users_and_groups_defaults.
You can probably ignore the latter. You can view their defaults in
defaults/main.yml.
Here's a likely playbook. I'll get to the vars_files later:
---
- hosts: all
sudo: True
vars_files:
- vars/users/alice.yml
- vars/users/bob.yml
roles:
- { role: bugi.users_and_groups , users_and_groups: "{{ users_and_groups }}" }You'd probably define the users_and_groups variable in a host_vars file.
Here's pretty much the same thing, but inline. From this you can figure out what to put in that host_vars file.
- hosts: all
sudo: True
vars_files:
- vars/users/alice.yml
- vars/users/bob.yml
vars:
users_and_groups_default:
shell: /bin/bash
home_prefix: /home
roles:
- role: users_and_groups
users_and_groups:
users:
- "{{ user_alice }}"
- "{{ user_bob }}"
users_removed:
- name: cindy
remove: yes
groups: []
groups_removed: []Here's the vars/users/alice.yml file:
---
# Each user is an assoc array consisting of
# name
# ssh_keys (a list)
# revoked_ssh_key_files (a list)
# and a lot of optional stuff
# see also:
# http://docs.ansible.com/user_module.html
# http://docs.ansible.com/authorized_key_module.html
user_alice:
name: alice
uid: 1000
groups: [ adm , sudo ]
append: yes
password: '$6$encrypted_password' # Generate with mkpasswd --method=SHA-512
shell: /bin/bash
update_password: on_create
ssh_keys:
- file: /etc/ansible/assets/public_keys/alice_0.pub
state: presentPatches welcome...
None
MIT
- name: Brian Grossman
github: https://github.com/bugi