This role will assume the setup of users accounts and ssh keys:
It's part of the ELAO Ansible stack but can be used as a stand alone component.
- Ansible 1.8.0+
None.
Using ansible galaxy cli:
ansible-galaxy install elao.users,2.0Using ansible galaxy requirements file:
- src: elao.users
version: 2.0Using ansible galaxy cli:
ansible-galaxy install elao.users,1.0Using ansible galaxy requirements file:
- src: elao.users
version: 1.0None
| Name | Default | Type | Description |
|---|---|---|---|
elao_users |
Array | Array | List of unix users. |
elao_users.name |
- | String | Username. |
elao_users.group |
- | String | User's primary group. |
elao_users.groups |
- | Array | Array of user's secondary groups. |
elao_users_groups |
- | Array | Array of groups to be created. |
elao_users_groups.name |
- | String | Name of the group to manage. |
elao_users_groups.system |
- | Boolean | If yes, indicates that the group created is a system group. |
elao_users_authorized_keys |
Array | Array | List of authorized ssh keys |
elao_users_authorized_keys.user |
- | String | Username. |
elao_users_authorized_keys.keys |
Array | Array | Collection of user's ssh keys. |
elao_users_authorized_keys.options |
Array | Array | List of ssh options for the user. |
The elao_userskey will allow to define our users by:
- A name
- A main group
- Some secondary groups
- Some exclusive authorized keys
- Some private/public keys
elao_users:
- name: foo
group: users
groups: ['sudo']
authorized_keys:
- "{{ lookup('file', playbook_dir ~ '/files/users/keys/[email protected]') }}"
- "no-port-forwarding,from=\"10.0.1.*\" {{ lookup('file', playbook_dir ~ '/files/users/keys/[email protected]') }}
keys:
- name: id_rsa
public: "{{ lookup('file', playbook_dir ~ '/files/users/keys/[email protected]') }}"
private: "{{ lookup('file', playbook_dir ~ '/files/users/keys/[email protected]') }}"
gpg_keys:
- key: FOOOBAAR
public: "{{ lookup('file', playbook_dir ~ '/files/users/gpg_keys/[email protected]') }}"
secret: "{{ lookup('file', playbook_dir ~ '/files/users/gpg_keys/[email protected]') }}"You can create your own group by using the elao_users_groups by specifying:
- A name
- If the group is a "system group"
elao_users_groups:
- name: ops
system: falseelao_users_authorized_keys:
- user: gateway
keys:
- key: "{{ lookup('file', playbook_dir ~ '/files/users/keys/[email protected]') }}"
state: absent
- "{{ lookup('file', playbook_dir ~ '/files/users/keys/[email protected]') }}"
options:
- no-pty
- no-X11-forwarding
- user: root
keys:
- key: "{{ lookup('file', playbook_dir ~ '/files/users/keys/[email protected]') }}"
- key: "{{ lookup('file', playbook_dir ~ '/files/users/keys/[email protected]') }}"
- key: "{{ lookup('file', playbook_dir ~ '/files/users/keys/[email protected]') }}"
- user: elao
keys:
- key: "{{ lookup('file', playbook_dir ~ '/files/users/keys/[email protected]') }}"
- key: "{{ lookup('file', playbook_dir ~ '/files/users/keys/[email protected]') }}"- hosts: servers
roles:
- { role: elao.users }
MIT