Skip to content

Latest commit

 

History

History
59 lines (42 loc) · 2.15 KB

README.md

File metadata and controls

59 lines (42 loc) · 2.15 KB

Build Status Galaxy Role

ansible-role-users

Ansible Role to add local unix users

Calling the role

When you call the role, you can set gather_facts to false if you want. It should work without though.

- name: Configure users
  hosts: admin_hosts
  gather_facts: false
  roles:
     - ansible-role-users

Role Variables

More examples can be found in tests/test.yml:

admingroup: "admin"
adminshell: "/bin/bash"
adminusers:
 - {name: admin1, state: 'present', uid: 5001, group: "{{admingroup}}", shell: "{{adminshell}}", pubkey: "ssh-rsa KEY admin1@example.com" }
adminremove_passwords: false
 - {name: badadmin2, state: 'absent', uid: 5001, group: "{{admingroup}}", shell: "{{adminshell}}", pubkey: "ssh-rsa KEY badadmin2@example.com" }
 - {name: rsyncuser1, state: 'present', uid: 5003, group: "{{admingroup}}", shell: "{{adminshell}}", pubkey: "ssh-rsa KEY rsync1@example.com", options: 'command="/usr/local/bin/rrsync /allow/rrsync/here/directory",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding' }
  • adminremove_passwords: True
  • this will set passwords on the users to "*"
  • admin_sudoers: True
  • this will add the admingroup to sudoers

multiple ssh keys to a single user

  - { name: multisshkeyuser, uid: 5004, group: "{{admingroup}}", groups: "agroup,bgroup", state: "present", shell: "{{adminshell}}", pubkeys: [ { pubkey: "ssh-rsa KEY1" }, { pubkey: "ssh-rsa KEY2" }, { pubkey: "ssh-rsa KEY3", key_state: 'absent' } ] }

Caveats

Modifying a logged in user's UID does not work. Don't do it. The role anticipates this and only modifies group and groups for those users.

groups key of a user: This can be several groups, but it currently needs to be a string or the usermod command becomes unhappy.

License

MIT

Contributors