adfinis.users

Panoramica Versioni Approfondimenti

Users

This role creates user accounts for customers and Adfinis.

Requirements

This role requires a non-root user with sudo permissions ({{users_default_user}}, see Role Variables section below).

This user sets up the initial accounts and is then deleted at the end of the process. If you run the role again, you will not be able to log in since the user has been removed.

It's recommended to use this role in two steps within your playbooks:

  1. The first time, use remote_user: {{users_default_user}}.
  2. After that, use the main user account or root, if permitted.

It's a good idea to maintain one playbook for initial setup and another for ongoing management.

Role Dependencies

(none)

Role Variables

Mandatory

  • users_root_password_salt (string, default: unset):
    This is the salt used for hashing the root password.
    Note: Only needed if users_root_password is set, and users_root_password_is_hashed is false.

  • users_customer_group (string):
    This is the name of the group for all customer accounts.
    Note: Required only if users_customer is not empty.

Optional

  • users_root_password (string, default: unset):
    If this is empty, the root password remains unchanged. If set and users_root_password_is_hashed is false, it is clear text, and you need to set users_root_password_salt. If set and users_root_password_is_hashed is true, it is expected to be a hashed password.

  • users_root_password_is_hashed (boolean, default: false):
    If true, it means users_root_password is already hashed, and you do not need to provide users_root_password_salt.

  • users_root_authorized_keys (list, default: []):
    This is a list of SSH public keys allowed to log in as root.
    Each item has:

    • key (string, mandatory):
      The public key itself.
    • comment (string, optional, default: unset):
      A comment added to the key line (commonly user@host).
    • description (string, optional, default: unset):
      A human-readable description to include as a comment above the key line.
    • options (string, optional, default: unset):
      Options for the key to be added at the beginning of the key line.

  • users_adfinis (list, default: []):
    This is a list of Adfinis user accounts to create. Each will belong to the {{users_adfinis_group}} group. Any existing, unlisted non-system users in this group will be deleted.
    Each item has:

    • username (string, mandatory):
      The user account name.
    • authorized_keys (list, default: []):
      SSH public keys for logging in as root (same format as users_root_authorized_keys).

  • users_adfinis_group (string, default: adfinis):
    This is the name of the group for all Adfinis user accounts.

  • users_adfinis_ssh_pubkey_options (string, default: unset):
    Options for SSH keys to be used with all keys.

  • users_adfinis_homedir_mode (file permission mode, default: 0700):
    File permission setting for each Adfinis user's home directory.
    Note: Due to a prior issue with Jinja2, the mode must be passed as a string to avoid errors, or specific Ansible configuration must be enabled.

  • users_adfinis_unrestricted_sudo (boolean, default: true):
    Indicates if Adfinis users have unrestricted sudo access.

  • users_adfinis_user_remove_home (boolean, default: false):
    Indicates if the home directory should also be deleted when an Adfinis user account is removed.

  • users_customer (list, default: []):
    This is a list of customer user accounts to create. Each will belong to the {{users_customer_group}}. The structure is the same as users_adfinis.

  • users_customer_homedir_mode (file permission mode, default: 0755):
    File permission setting for each customer user's home directory.
    The default allows others to read so customers can use certain commands with sudo -u and still access their files.
    Note: Same Jinja2 issue mentioned above applies here.

  • users_customer_unrestricted_sudo (boolean, default: false):
    Indicates if the customer users have unrestricted sudo permissions.

  • users_default_user (string, default: adfinis):
    Name of the initially existing non-root user account, which will be deleted.

  • users_default_user_remove_home (boolean, default: false):
    If true, the home directory of the initial non-root user will also be removed.

Role Tags

  • init: Same as combining role::users:root and role::users:adfinis.
  • role::users: All tasks related to user management.
  • role::users:root: Tasks for creating the root user account.
  • role::users:adfinis: Tasks for creating Adfinis user accounts.
  • role::users:adfinis:create: Tasks for creating Adfinis accounts without deletion.
  • role::users:adfinis:delete: Tasks for removing unnecessary Adfinis accounts.
  • role::users:customer: Tasks for adding customer user accounts.
  • role::users:default: Tasks for cleaning up the default user account.

Support Policy

Only the latest version of this software is supported (see the Tags page).

Once a new version is released, the previous version will no longer receive any bug fixes.

Informazioni sul progetto

Set up root and user accounts

role usermanagement
Installa
ansible-galaxy install adfinis.users
GitHub repository
0 stelle
1 fork
0 problemi aperti
Licenza
Unknown
Download
176
Proprietario
Adfinis
Potential. Unlocked.