Skip to content

Instantly share code, notes, and snippets.

@silentworks
Forked from fulv/main.yml
Created April 28, 2018 10:07
Show Gist options
  • Save silentworks/ae2cbd1bd75af9936ac1b291b050b0fc to your computer and use it in GitHub Desktop.
Save silentworks/ae2cbd1bd75af9936ac1b291b050b0fc to your computer and use it in GitHub Desktop.
Ansible - Creating users and copying ssh keypair files to the remote server
Put this in your `local-configure.yml` file, add as many users as you need:
users:
- name: fulvio
sudoer: yes
auth_key: ssh-rsa blahblahblahsomekey this is actually the public key in cleartext
- name: plone_buildout
group: plone_group
sudoer: no
auth_key: ssh-rsa blahblahblah ansible-generated on default
keyfiles: keyfiles/plone_buildout
In your playbook root folder, create a folder `keyfiles`. In it, create a subfolder for
each username for which you want to copy keyfiles to the server. Put the private and public key files,
as well as any other files, such as `known_hosts` in the user subfolder.
Add the follwing line in `playbook.yml` under `roles:` (e.g. right under `- role: ANXS.hostname`):
- role: create_users
Copy the gist file `main.yml` to `/roles/create_users/tasks`.
Now run your playbook.
That's it!
---
# vars:
# users:
# - name: steve
# sudoer: yes
# auth_key: ssh-rsa ...
- name: Ensure plone_group
group: name=plone_group
# see http://docs.ansible.com/ansible/user_module.html
- name: Add users
user:
name={{ item.name }}
system={{ item.sudoer }}
shell=/bin/bash
append=yes
groups={{ item.group }}
# this is just a default password, I think it's SHA512 for "changeme"
password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0
update_password=on_create
when: item.group is defined
with_items: users
- name: Add users
user:
name={{ item.name }}
system={{ item.sudoer }}
shell=/bin/bash
password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0
update_password=on_create
when: item.group is not defined
with_items: users
- name: Add .ssh directories
file:
path=/home/{{ item.name }}/.ssh
state=directory
mode=0700
owner={{ item.name }}
group={{ item.group|default(item.name) }}
with_items: users
- name: Add keys
lineinfile:
dest=/home/{{ item.name }}/.ssh/authorized_keys
state=present
create=yes
line="{{ item.auth_key }}"
owner={{ item.name }}
group={{ item.group|default(item.name) }}
mode=0644
when: item.auth_key is defined
with_items: users
- name: Add to sudoers
copy:
dest: /etc/sudoers.d/{{ item.name }}
content: |
{{ item.name }} ALL=(ALL) ALL
{{ item.name }} ALL=(plone_daemon, plone_buildout) NOPASSWD:ALL
{{ item.name }} ALL=(root) NOPASSWD:/usr/bin/supervisorctl
#
when: item.sudoer
with_items: users
- name: SSH keys
copy:
src={{ item.keyfiles }}/
dest=/home/{{ item.name }}/.ssh/
owner={{ item.name }}
group={{ item.group|default(item.name) }}
mode=0600
when: item.keyfiles is defined
with_items: users
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment