skylab/omni-ansible
Archived
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Setup configure-auth playbook to deploy authentication parameters

Browse Source
This commit is contained in:
Ethan Paul 2020-03-17 22:49:57 -04:00
parent 6544f30114
commit 5c1d5a3a5c
1 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
playbooks/configure-auth.yml
View File

@ -1,14 +1,12 @@
--- ---
- name: Configure local users - import_playbook: meta.yml
hosts: all:!network
tags: - name: Configure system authentication
- auth hosts: all
- ssh
- users
roles: roles:
- role: sshd - role: sshd
tasks: tasks:
- import_tasks: tasks/preprocess-local-users.yml - import_tasks: tasks/preprocess-users.yml
- name: Create local user accounts - name: Create local user accounts
tags: users_create tags: users_create
@ -18,7 +16,7 @@
group: group:
name: "{{ item }}" name: "{{ item }}"
state: present state: present
loop: "{{ local_targets + ['omni'] }}" loop: "{{ omni_local_targets + ['omni'] }}"
- name: Load user passwords - name: Load user passwords
include_vars: include_vars:
@ -29,19 +27,19 @@
name: "{{ item.name }}" name: "{{ item.name }}"
comment: "{{ item.fullname | default('') }}" comment: "{{ item.fullname | default('') }}"
shell: /bin/bash shell: /bin/bash
groups: "{{ item.targets | intersect(local_targets) + ['omni'] }}" groups: "{{ item.targets | intersect(omni_local_targets) + ['omni'] }}"
system: "{{ item.svc | default(False) }}" system: "{{ item.svc | default(false) }}"
state: present state: present
generate_ssh_key: false generate_ssh_key: false
password: "{{ users_secrets[item.name] }}" password: "{{ omni_users_secrets[item.name] }}"
loop: "{{ users_local }}" loop: "{{ _users_local }}"
- name: Delete removed user accounts - name: Delete removed user accounts
become: true become: true
user: user:
name: "{{ item }}" name: "{{ item }}"
state: absent state: absent
loop: "{{ users_local_removed | default([]) | difference(protected_users) }}" loop: "{{ _users_local_removed | default([]) | difference(omni_protected_users) }}"
- name: Grant sudo permissions to admin user accounts - name: Grant sudo permissions to admin user accounts
become: true become: true
@ -49,7 +47,7 @@
name: "{{ item.name }}" name: "{{ item.name }}"
groups: "{{ 'wheel' if ansible_os_family | lower == 'redhat' else 'sudo' }}" groups: "{{ 'wheel' if ansible_os_family | lower == 'redhat' else 'sudo' }}"
state: present state: present
loop: "{{ users_local_admin }}" loop: "{{ _users_local_admin }}"
- name: Disable sudo password for ansible - name: Disable sudo password for ansible
become: true become: true
@ -66,8 +64,8 @@
path: /etc/sudoers.d/40-admin path: /etc/sudoers.d/40-admin
line: "{{ item.name }} ALL=(ALL) NOPASSWD:ALL" line: "{{ item.name }} ALL=(ALL) NOPASSWD:ALL"
mode: 0644 mode: 0644
state: "{{ 'present' if disable_sudo_password | bool == true else 'absent' }}" state: "{{ 'present' if omni_disable_sudo_password | default(false) | bool == true else 'absent' }}"
loop: "{{ users_local_admin }}" loop: "{{ _users_local_admin }}"
- name: Ensure proper ownership of user home directories - name: Ensure proper ownership of user home directories
become: true become: true
@ -77,4 +75,6 @@
path: /home/{{ item.name }} path: /home/{{ item.name }}
recurse: true recurse: true
state: directory state: directory
loop: "{{ users_local }}" loop: "{{ _users_local }}"
- import_tasks: tasks/deploy-ssh-keys.yml