Created
July 29, 2016 03:32
-
-
Save JCallicoat/ec5576cce08a2567893ba032aab177cf to your computer and use it in GitHub Desktop.
Playbook to create system users in wheel group, allow wheel passwordless sudo, and add their key to authorized_keys to allow ssh login
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# | |
# /opt/rpc-openstack/rpcd/playbooks/customer_users.yml | |
# | |
- name: Create customers users and keys | |
hosts: | |
- infra_hosts | |
- compute_hosts | |
- log_hosts | |
- mons_hosts | |
- osds_hosts | |
- storage_hosts | |
- swift_hosts | |
user: root | |
tasks: | |
- name: Make sure we have a "wheel" group | |
group: | |
name: wheel | |
state: present | |
- name: Allow "wheel" group to have passwordless sudo | |
lineinfile: | |
dest: /etc/sudoers | |
state: present | |
regexp: "^%wheel" | |
line: "%wheel ALL=(ALL) NOPASSWD: ALL" | |
- name: Add customer users to "wheel" group | |
user: | |
name: "{{ item.name }}" | |
groups: wheel | |
append: yes | |
with_items: "{{ customer_users }}" | |
- name: Add customer users keys to authorized_keys | |
authorized_key: | |
user: "{{ item.name }}" | |
key: "{{ item.key }}" | |
with_items: "{{ customer_users }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/openstack_deploy/user_extras_variables.yml | |
# add this variable to the bottom of existing file | |
customer_users: | |
- { name: 'user1', key: 'ssh-rsa ...' } | |
- { name: 'user2', key: 'ssh-rsa ...' } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment