sansible.users_and_groups

Panoramica Versioni Approfondimenti

Users and Roles

Master: Build Status
Develop: Build Status

This role manages operating system users and groups.

Installation and Dependencies

This role doesn't have any dependencies.

To install it, run ansible-galaxy install sansible.users_and_groups or add this to your roles.yml:

- name: sansible.users_and_groups
  version: v2.0

Then execute ansible-galaxy install -p ./roles -r roles.yml.

Tags

This role has two tags: build and maintain.

  • build - Makes sure the specified groups and users are created.
  • maintain - Manages users on an existing setup.

Examples

Here’s a simple example to create two users and two groups.

- name: Configure User Access
  hosts: sandbox

  roles:
    - name: sansible.users_and_groups
      sansible_users_and_groups_groups:
        - name: lorem
          system: yes
        - name: ipsum
      sansible_users_and_groups_users:
        - name: lorem.ipsum
          groups:
            - ipsum
            - lorem
          ssh_key: ./lorem.ipsum.pub
        - name: dolor.ament
          groups:
            - ipsum

To create a restricted SFTP user (follow this guide for detailed steps):

- name: Configure User Access
  hosts: sandbox

  roles:
    - name: sansible.users_and_groups
      sansible_users_and_groups_authorized_keys_dir: /etc/ssh/authorized_keys
      sansible_users_and_groups_groups:
        - name: sftp_only
      sansible_users_and_groups_users:
        - name: sftp
          group: sftp_only
          home: /mnt/sftp_vol

Often, you would keep the list of users in an external variables file or group/host variables file.

- name: Configure User Access
  hosts: sandbox

  vars_files:
    - "vars/sandbox/users.yml"

  roles:
    - name: sansible.users_and_groups
      sansible_users_and_groups_groups: "{{ base_image.os_groups }}"
      sansible_users_and_groups_users: "{{ base_image.admins }}"

    - name: sansible.users_and_groups
      sansible_users_and_groups_users: "{{ developers }}"

To add a specific group to sudoers:

- name: Configure User Access
  hosts: sandbox

  vars_files:
    - "vars/sandbox/users.yml"

  roles:
    - name: sansible.users_and_groups
      sansible_users_and_groups_groups: "{{ base_image.os_groups }}"
      sansible_users_and_groups_users: "{{ base_image.admins }}"

    - name: sansible.users_and_groups
      sansible_users_and_groups_users: "{{ developers }}"

    - name: sansible.users_and_groups
      sansible_users_and_groups_sudoers:
        - name: wheel
          user: "%wheel"
          runas: "ALL=(ALL)"
          commands: "NOPASSWD: ALL"

You can use a whitelist groups option to allow users based on context.

For the variable file with users:

---

# vars/users.yml

sansible_users_and_groups_groups:
  - name: admins
  - name: developer_group_alpha
  - name: developer_group_beta
sansible_users_and_groups_users:
  - name: admin.user
    group: admins
  - name: alpha.user
    group: developer_group_alpha
  - name: beta.user
    group: developer_group_beta

In a base image:

---

# playbooks/base_image.yml

- name: Base Image
  hosts: "{{ hosts }}"

  vars_files:
    - vars/users.yml

  roles:
    - role: sansible.users_and_groups
      sansible_users_and_groups_whitelist_groups:
        - admins

    - role: base_image

In a service role:

---

# playbooks/alpha_service.yml

- name: Alpha Service
  hosts: "{{ hosts }}"

  vars_files:
    - vars/users.yml

  roles:
    - role: sansible.users_and_groups
      sansible_users_and_groups_whitelist_groups:
        - admins
        - developer_group_alpha

    - role: alpha_service
Informazioni sul progetto

Users and Groups Management Made Simple

role system
Installa
ansible-galaxy install sansible.users_and_groups
GitHub repository
13 stelle
19 fork
4 problemi aperti
Licenza
mit
Download
59.2k
Proprietario
sansible
See https://github.com/sansible/sansible for more information