Update sshkey deployment to work with new variable system
This commit is contained in:
parent
182cdb20ae
commit
6544f30114
19
tasks/deploy-ssh-keys.yml
Normal file
19
tasks/deploy-ssh-keys.yml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
- name: Create SSH directory
|
||||||
|
become: true
|
||||||
|
file:
|
||||||
|
path: /home/{{ item.name }}/.ssh
|
||||||
|
state: directory
|
||||||
|
owner: "{{ item.name }}"
|
||||||
|
group: "{{ item.name }}"
|
||||||
|
mode: 0644
|
||||||
|
loop: "{{ _users_local }}"
|
||||||
|
|
||||||
|
- name: Update authorized keys
|
||||||
|
become: true
|
||||||
|
authorized_key:
|
||||||
|
user: "{{ item.name }}"
|
||||||
|
key: "{{ item.sshkeys | join('\n') }}"
|
||||||
|
state: present
|
||||||
|
exclusive: true
|
||||||
|
loop: "{{ _users_local }}"
|
||||||
@ -5,35 +5,35 @@
|
|||||||
|
|
||||||
- name: Reconcile user targets with host targets to get host users
|
- name: Reconcile user targets with host targets to get host users
|
||||||
set_fact:
|
set_fact:
|
||||||
users_local: >-
|
_users_local: >-
|
||||||
{{
|
{{
|
||||||
users_local | default([]) + ([item] if item.targets | intersect(local_targets) else [])
|
_users_local | default([]) + ([item] if item.targets | intersect(omni_local_targets) else [])
|
||||||
}}
|
}}
|
||||||
loop: "{{ omni_users }}"
|
loop: "{{ omni_users }}"
|
||||||
|
|
||||||
- name: Determine local user names
|
- name: Determine local user names
|
||||||
set_fact:
|
set_fact:
|
||||||
users_local_names: "{{ users_local_names | default([]) + [item.name] }}"
|
_users_local_names: "{{ _users_local_names | default([]) + [item.name] }}"
|
||||||
loop: "{{ users_local }}"
|
loop: "{{ _users_local }}"
|
||||||
|
|
||||||
- name: Determine administrative users
|
- name: Determine administrative users
|
||||||
set_fact:
|
set_fact:
|
||||||
users_local_admin: >-
|
_users_local_admin: >-
|
||||||
{{
|
{{
|
||||||
users_local_admin | default([]) + ([item] if item.admin | default(False) else [])
|
_users_local_admin | default([]) + ([item] if item.admin | default(False) else [])
|
||||||
}}
|
}}
|
||||||
loop: "{{ users_local }}"
|
loop: "{{ _users_local }}"
|
||||||
|
|
||||||
- name: Determine existing users
|
- name: Determine existing users
|
||||||
shell: 'grep omni /etc/group | cut -d: -f4 | tr "," "\n"'
|
shell: 'grep omni /etc/group | cut -d: -f4 | tr "," "\n"'
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: users_local_existing
|
register: _users_local_existing
|
||||||
|
|
||||||
- name: Determine removed users
|
- name: Determine removed users
|
||||||
set_fact:
|
set_fact:
|
||||||
users_local_removed: >-
|
_users_local_removed: >-
|
||||||
{{
|
{{
|
||||||
users_local_removed | default([]) +
|
_users_local_removed | default([]) +
|
||||||
([item] if item not in users_local_names else [])
|
([item] if item not in _users_local_names else [])
|
||||||
}}
|
}}
|
||||||
loop: "{{ users_local_existing.stdout_lines }}"
|
loop: "{{ _users_local_existing.stdout_lines }}"
|
||||||
|
|||||||
Reference in New Issue
Block a user