users
javiergayala.users
This is an opinionated role that creates users on servers.
Role Variables
users_list
: list containing dictionaries of users to addname
: username to creategroups
: comma delimited list of secondary groups. Defaults to none.ssh_key
: text string containing the user's public ssh key which will be placed in/home/$USER/.ssh/authorized_keys
sudoers
: if set toyes
, user will be added to the server's sudoers file.sudo_opts
: dictionary containing options to use for the sudoers file.passwordless
: (Boolean) defaults to "False
". Set to "True
" to allowsudo
commands to not prompt for a password.hosts
: defaults toALL
. Hosts that user is allowed to runsudo
on.run_as
: defaults to(ALL)
. Users allowed to run sudo commands as.commands
: defaults toALL
. Commands user is allowed to run withsudo
.requiretty
: (Boolean) not set by default. Set toFalse
to disable the requirement for a TTY when using sudo.
user_sshkey_exclusive
: defaults tono
. Setting toyes
tells ansible to manage the keys in theauthorized_keys
file, and removes any not defined in the play.use_os_prompt
: defaults tono
. Setting toyes
orTrue
will make it so that this user does NOT use the specialized bash prompt. This is useful for service accounts, such as thejenkins
orrswebteam
deployment account, or any accounts that do not use aTTY
.
users_list:
- name: deployment
groups: apache
ssh_key: >
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGY
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
sudoers: "yes"
sudo_opts:
passwordless: "True"
hosts: "ALL"
run_as: "(ALL)"
commands: "ALL"
requiretty: "False"
use_os_prompt: "yes"
- name: user1
ssh_key: https://github.com/javiergayala.keys
sudoers: "no"
- name: user2
Example Playbook
- hosts: servers
roles:
- { role: javiergayala.users, users_list: [{ name: user1 }] }
Testing
You will need the following in order test and run this role:
It is highly recommended that you use a virtualenv for testing:
PYENV_HOME=$WORKSPACE/.pyenv/
# Delete previously built virtualenv
if [ -d $PYENV_HOME ]; then
rm -rf $PYENV_HOME
fi
# Create virtualenv and install necessary packages
virtualenv --no-site-packages $PYENV_HOME
. $PYENV_HOME/bin/activate
pip install -r pip-requirements.txt
molecule test --all
License
BSD
Author Information
Javier Ayala [email protected]
ansible-galaxy install javiergayala/ansible-role-user