Update sshkey deployment to work with new variable system

2020-03-17 22:49:34 -04:00
parent 182cdb20ae
commit 6544f30114
2 changed files with 31 additions and 12 deletions
--- a/tasks/deploy-ssh-keys.yml
+++ b/tasks/deploy-ssh-keys.yml
@@ -0,0 +1,19 @@
+---
+- name: Create SSH directory
+  become: true
+  file:
+    path: /home/{{ item.name }}/.ssh
+    state: directory
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: 0644
+  loop: "{{ _users_local }}"
+
+- name: Update authorized keys
+  become: true
+  authorized_key:
+    user: "{{ item.name }}"
+    key: "{{ item.sshkeys | join('\n') }}"
+    state: present
+    exclusive: true
+  loop: "{{ _users_local }}"
--- a/tasks/preprocess-users.yml
+++ b/tasks/preprocess-users.yml
@@ -5,35 +5,35 @@

 - name: Reconcile user targets with host targets to get host users
  set_fact:
-    users_local: >-
+    _users_local: >-
      {{
-      users_local | default([]) + ([item] if item.targets | intersect(local_targets) else [])
+      _users_local | default([]) + ([item] if item.targets | intersect(omni_local_targets) else [])
      }}
  loop: "{{ omni_users }}"

 - name: Determine local user names
  set_fact:
-    users_local_names: "{{ users_local_names | default([]) + [item.name] }}"
-  loop: "{{ users_local }}"
+    _users_local_names: "{{ _users_local_names | default([]) + [item.name] }}"
+  loop: "{{ _users_local }}"

 - name: Determine administrative users
  set_fact:
-    users_local_admin: >-
+    _users_local_admin: >-
      {{
-      users_local_admin | default([]) + ([item] if item.admin | default(False) else [])
+      _users_local_admin | default([]) + ([item] if item.admin | default(False) else [])
      }}
-  loop: "{{ users_local }}"
+  loop: "{{ _users_local }}"

 - name: Determine existing users
  shell: 'grep omni /etc/group | cut -d: -f4 | tr "," "\n"'
  changed_when: false
-  register: users_local_existing
+  register: _users_local_existing

 - name: Determine removed users
  set_fact:
-    users_local_removed: >-
+    _users_local_removed: >-
      {{
-      users_local_removed | default([]) +
-      ([item] if item not in users_local_names else [])
+      _users_local_removed | default([]) +
+      ([item] if item not in _users_local_names else [])
      }}
-  loop: "{{ users_local_existing.stdout_lines }}"
+  loop: "{{ _users_local_existing.stdout_lines }}"