-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathuser_create.yml
69 lines (67 loc) · 1.84 KB
/
user_create.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
---
# add devices with connectivity to the "running_hosts" group
- hosts: all
connection: local
gather_facts: no
tasks:
- block:
- name: determine hosts that are up
wait_for_connection:
timeout: 5
vars:
ansible_connection: ssh
- name: running_hosts
group_by:
key: "running_hosts"
rescue:
- debug: msg="cannot connect to {{inventory_hostname}}"
- hosts: running_hosts
become: true
#connection: local
vars:
username: "{{ userplus }}"
usergroups: "ansible,wheel"
userpasswordhash: "{{ userpassword | password_hash('sha512') }}"
username_remove: "{{ userminus }}"
handlers:
- name: "Restart sshd"
service:
name: "sshd"
state: "restarted"
tasks:
- name: "Create user accounts"
become: true
user:
name: "{{ username }}"
groups: "{{ usergroups }}"
append: yes
password: "{{ userpasswordhash }}"
generate_ssh_key: yes
#local: yes
state: "present"
- name: "Remove old user accounts in remove_users"
user:
name: "{{ username_remove }}"
state: "absent"
# - name: upload_user_key
# copy:
# src: "/home/ansible/.ssh/id_rsa.pub"
# dest: "/home/ansible/"
- name: "Add authorized keys"
authorized_key:
user: "{{ username }}"
key: "{{ lookup('file', '/home/ansible/.ssh/id_rsa.pub') }}"
path: /home/{{ username }}/.ssh/authorized_keys
- name: "Allow admin users to sudo without a password"
lineinfile:
dest: "/etc/sudoers" # path: in version 2.3
state: "present"
regexp: "^%wheel"
line: "%wheel ALL=(ALL) NOPASSWD: ALL"
- name: "Disable root login via SSH"
lineinfile:
dest: "/etc/ssh/sshd_config"
regexp: "^PermitRootLogin"
line: "PermitRootLogin no"
notify: "Restart sshd"
...