skylab/omni-ansible
Archived
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix myriad bugs in playbooks

Browse Source 
Update inventory
This commit is contained in:
Ethan Paul
2018-12-22 13:55:36 -05:00
parent fd77dbfca4
commit 9a35e992d0
12 changed files with 99 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
playbooks/update-users-local.yml Normal file
View File

@@ -0,0 +1,161 @@
---
- import_playbook: dependencies.yml
- hosts: all
name: Prompt for variables
tasks:
- import_tasks: tasks/users-preprocessing.yml
- name: Create local user accounts
tags: users_create
become: true
block:
- name: Create groups
group:
name: "{{ item }}"
state: present
with_items:
- "{{ targets }}"
- omni
- name: Create users
user:
name: "{{ item.name }}"
comment: "{{ item.fullname | default('') }}"
shell: /bin/bash
groups: "{{ item.targets | intersect(targets) }} + {{ [ 'omni' ] if item.name != 'root' else [] }}"
system: "{{ item.svc | default('no') }}"
state: present
generate_ssh_key: "{{ 'yes' if generate_keys|bool == true else 'no' }}"
ssh_key_comment: "{{ item.name }}@{{ inventory_hostname }}"
ssh_key_bits: 4096
password: "{{ item.password }}"
with_items:
- "{{ local_users | difference([None]) }}"
- name: Copy new keys
when: generate_keys|bool == true
fetch:
dest: "{{ playbook_dir + '/keys/' + item.name + '/' + inventory_hostname + '.pub' if item.name != 'root' and item.name != 'ansible' else '/dev/null' }}"
flat: yes
fail_on_missing: no
src: /home/{{ item.name }}/.ssh/id_rsa.pub
validate_checksum: no
with_items:
- "{{ local_users | difference([None]) }}"
- name: Delete users that have been removed
tags: users_delete
block:
- name: Determine existing users
shell: 'grep omni /etc/group | cut -d: -f4 | tr "," "\n"'
changed_when: false
register: existing_users
- name: Coallate user names
set_fact:
user_names: "{{ user_names | default([]) + [item.name] }}"
with_items: "{{ users }}"
- name: Determine removed users
set_fact:
removed_users: "{{ existing_users.stdout_lines | difference(user_names) }}"
- name: Delete removed user accounts
become: true
user:
name: "{{ item }}"
state: absent
with_items: "{{ removed_users }}"
- name: Grant sudo permissions
tags: users_sudo
block:
- name: Add users to sudo group on Fedora/CentOS/RHEL
when: ansible_distribution == "Fedora" or ansible_distribution == "Red Hat Enterprise Linux" or ansible_distribution == "CentOS"
become: true
user:
name: "{{ item }}"
groups: wheel
state: present
with_items:
- "{{ local_admin_users | difference([None]) }}"
- name: Disable sudo password for ansible
become: true
lineinfile:
create: yes
path: /etc/sudoers.d/30-ansible
line: "ansible ALL=(ALL) NOPASSWD:ALL"
mode: 0644
- name: Disable sudo password for admin users
become: true
lineinfile:
create: yes
path: /etc/sudoers.d/40-admin
line: "{{ item }} ALL=(ALL) NOPASSWD:ALL"
mode: 0644
state: "{{ 'absent' if disable_sudo_password|bool == false else 'present' }}"
with_items:
- "{{ local_admin_users | difference([None] )}}"
- name: Configure GNOME
tags: users_gnome
when: ansible_distribution == "Fedora" and disable_gnome_user_list|bool == true
block:
- name: Configure GDM profile
become: true
blockinfile:
path: /etc/ssh/sshd_config
block: |
user-db:user
system-db:gdm
file-db:/usr/share/gdm/greeter-dconf-defaults
- name: Configure GDM keyfile
become: true
blockinfile:
path: /etc/dconf/db/gdm.d/00-login-screen
block: |
[org/gnome/login-screen]
# Do not show the user list
disable-user-list=true
- name: Delete existing user database
become: true
file:
path: /var/lib/gdm/.config/dconf/user
state: absent
- name: Restart dconf database
become: true
shell: dconf update
- name: Install public keys
tags: users_keys
become: true
block:
- name: Ensure SSH directory exists
file:
state: directory
path: /home/{{ item.name }}/.ssh
with_items: "{{ local_users | difference([None]) }}"
- name: Put keys on remote
authorized_key:
user: "{{ item.name }}"
key: "{{ lookup('pipe','cat keys/' + item.name + '/*') if item.name != 'root' else '' }}"
state: present
exclusive: yes
with_items: "{{ local_users | difference([None]) }}"
- name: Ensure proper ownership of user home directories
become: true
file:
group: "{{ item.name }}"
owner: "{{ item.name }}"
path: /home/{{ item.name }}
recurse: yes
state: directory
with_items:
- "{{ local_users | difference([None]) }}"