stationgroup/ansible-experiments
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

required varaibles / remove append group / blocks in shell

Browse source
This commit is contained in:
Vincent Van der Kussen 2018-08-26 15:10:15 +02:00
parent c53f502220
commit 59749462c0
8 changed files with 145 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
add-users-groups-authorized_keys-dot-files/ansible.cfg
View file

@ -6,8 +6,8 @@ retry_files_save_path = /tmp/
inventory=./hosts inventory=./hosts
host_key_checking=False host_key_checking=False
gathering = smart gathering = smart
#stdout_callback=unixy stdout_callback=unixy
stdout_callback=debug #stdout_callback=debug
[privilege_escalation] [privilege_escalation]
become=True become=True

15
add-users-groups-authorized_keys-dot-files/group_vars/all
View file

@ -5,28 +5,39 @@ user_groups:
- name: mysecondgroup - name: mysecondgroup
gid: 702 gid: 702
state: absent state: absent
- name: admin
gid: 703
state: present
users: users:
- name: remember - name: remember
state: present state: present
password: "blabla" password: "blabla"
groups: groups:
- mygroup - mygroup
- admin
uid: 1100 uid: 1100
enable_sudo: false
keys: keys:
- file: key1 - file: key1
state: present state: present
bash_lines: bash_lines:
- line: "testline" - line: "#testline"
state: present state: present
- line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh"
state: present state: present
- line: "alias ls='ls lah'" - line: "alias ls='ls lah'"
state: present state: present
bash_blocks:
- content: |
#testing
#multiline
state: absent
ssh_config: ssh_config:
- ServerAliveInterval: 10 - ServerAliveInterval: 10
- name: test - name: test
state: present
keys: keys:
- file: key2 - file: key2
state: absent state: absent

3
add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml
View file

@ -13,7 +13,7 @@
group: "{{ item.item.name }}" group: "{{ item.item.name }}"
mode: 0600 mode: 0600
state: touch state: touch
when: item.stat.exists == False when: item.stat.exists == False and item.item.state == "present"
with_items: with_items:
- "{{ sshconfig.results }}" - "{{ sshconfig.results }}"
no_log: True no_log: True
@ -42,3 +42,4 @@
- "{{ users }}" - "{{ users }}"
- ssh_config - ssh_config
- skip_missing: true - skip_missing: true
when: item.0.state == "present"

25
add-users-groups-authorized_keys-dot-files/roles/users/README.md
View file

@ -17,11 +17,15 @@ Ansible roles to create/configure users on Linux/FreeBSD.
| password | string of an encrypted value(1) | string | | password | string of an encrypted value(1) | string |
| groups | additional groups the user should belong to | list | | groups | additional groups the user should belong to | list |
| uid | optionally specify a user id | int | | uid | optionally specify a user id | int |
| enable_sudo | Enable passwordless sudo for the given user | bool |
| keys | list of dictionaries | list | | keys | list of dictionaries | list |
| bash_lines | configure lines in .bashrc | list | | bash_lines | configure lines in .bashrc | list |
| bash_blocks | configure lines in .bashrc | list |
| csh_lines | configure lines in .cshrc | list | | csh_lines | configure lines in .cshrc | list |
| csh__blocks | configure lines in .cshrc | list |
(1) https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module (1) https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module
## Default variables ## Default variables
The default shells depending on the OS are: The default shells depending on the OS are:
@ -45,6 +49,7 @@ users:
groups: groups:
- mygroup - mygroup
uid: 1100 uid: 1100
enable_sudo: true
keys: keys:
- file: key1 - file: key1
state: present state: present
@ -53,7 +58,13 @@ users:
state: present state: present
- line: "alias ls='ls lah'" - line: "alias ls='ls lah'"
state: present state: present
bash_blocks:
- content: |
#testing
#multiline
state: present
- name: test - name: test
enable_sudo: false
keys: keys:
- file: key2 - file: key2
state: absent state: absent
@ -95,6 +106,9 @@ This role allows you to add or remove lines to a user's `.bashrc` or `cshrc` fil
Add items to the **shell_lines** key in the **users** variable. Each item exists of a _line_ and _state_ key. Add items to the **shell_lines** key in the **users** variable. Each item exists of a _line_ and _state_ key.
**lines**
Use _lines_ if you want to make sure a single line is present or not.
Example: Example:
``` ```
shell_lines: shell_lines:
@ -106,5 +120,16 @@ shell_lines:
state: present state: present
``` ```
**blocks**
use blocks if you want to make sure a number of lines that belong together are
present or not.
Example:
```
bash_blocks:
- content: |
if [ condition ]; then
do something
state: present
```

7
add-users-groups-authorized_keys-dot-files/roles/users/tasks/main.yml
View file

@ -1,4 +1,11 @@
--- ---
- name: Check for required variables
fail:
msg: "Variable: 'users.name' or 'users.state' NOT defined!"
with_items: "{{ users }}"
when: item.state is not defined or item.name is not defined
- include_tasks: set_facts.yml - include_tasks: set_facts.yml
- include_tasks: users.yml - include_tasks: users.yml
- include_tasks: ssh_config.yml - include_tasks: ssh_config.yml

18
add-users-groups-authorized_keys-dot-files/roles/users/tasks/set_facts.yml
View file

@ -1,3 +1,4 @@
# Set default shell
- set_fact: - set_fact:
default_shell: "{{ default_freebsd_shell }}" default_shell: "{{ default_freebsd_shell }}"
when: ansible_os_family == 'FreeBSD' when: ansible_os_family == 'FreeBSD'
@ -6,3 +7,20 @@
default_shell: "{{ default_linux_shell }}" default_shell: "{{ default_linux_shell }}"
when: ansible_os_family == 'Debian' when: ansible_os_family == 'Debian'
# Set sudoers path
- set_fact:
sudoers_path: /usr/local/etc/sudoers.d
when: ansible_os_family == 'FreeBSD'
- set_fact:
sudoers_path: /etc/sudoers.d
when: ansible_os_family == 'Debian'
# Set sudo config path
- set_fact:
sudo_config_path: /usr/local/etc/sudoers
when: ansible_os_family == 'FreeBSD'
- set_fact:
sudo_config_path: /etc/sudoers
when: ansible_os_family == 'Debian'

3
add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml
View file

@ -1,3 +1,4 @@
- name: Ensure .ssh folder is created - name: Ensure .ssh folder is created
file: file:
path: "/home/{{item.name}}/.ssh" path: "/home/{{item.name}}/.ssh"
@ -7,6 +8,7 @@
group: "{{ item.name }}" group: "{{ item.name }}"
with_items: with_items:
- "{{ users }}" - "{{ users }}"
when: item.state == "present"
- name: Configure authorized_keys - name: Configure authorized_keys
@ -17,4 +19,5 @@
with_subelements: with_subelements:
- "{{ users }}" - "{{ users }}"
- keys - keys
when: item.0.state is defined and item.0.state == "present"

83
add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml
View file

@ -1,5 +1,5 @@
--- ---
- name: Ensure groups exist - name: Add/Remove group
group: group:
name: "{{ item.name }}" name: "{{ item.name }}"
gid: "{{ item.gid | default(omit) }}" gid: "{{ item.gid | default(omit) }}"
@ -7,7 +7,7 @@
with_items: "{{ user_groups }}" with_items: "{{ user_groups }}"
- name: Ensure users exist - name: Add/Remove user
user: user:
name: "{{ item.name }}" name: "{{ item.name }}"
state: "{{ item.state | default('present') }}" state: "{{ item.state | default('present') }}"
@ -15,12 +15,12 @@
groups: "{{ item.groups | default(omit) }}" groups: "{{ item.groups | default(omit) }}"
uid: "{{ item.uid | default(omit) }}" uid: "{{ item.uid | default(omit) }}"
shell: "{{ item.shell | default(default_shell) }}" shell: "{{ item.shell | default(default_shell) }}"
append: yes remove: yes
no_log: True no_log: False
with_items: "{{ users }}" with_items: "{{ users }}"
- name: Configure bashrc - name: Configure bashrc lines
lineinfile: lineinfile:
path: "/home/{{ item.0.name }}/.bashrc" path: "/home/{{ item.0.name }}/.bashrc"
line: "{{ item.1.line }}" line: "{{ item.1.line }}"
@ -30,17 +30,84 @@
- "{{ users }}" - "{{ users }}"
- bash_lines - bash_lines
- skip_missing: true - skip_missing: true
when: ansible_os_family == 'Debian' when: ansible_os_family == 'Debian' and item.0.state == "present"
- name: Configure bashrc blocks
blockinfile:
path: "/home/{{ item.0.name }}/.bashrc"
content: "{{ item.1.content }}"
marker: "# {mark} ANSIBLE managed content. Block item #{{ listitem }}"
state: "{{ item.1.state | default('present') }}"
backup: yes
with_subelements:
- "{{ users }}"
- bash_blocks
- skip_missing: true
when: ansible_os_family == 'Debian' and item.0.state == "present"
loop_control:
index_var: listitem
- name: Configure cshrc - name: Configure cshrc lines
lineinfile: lineinfile:
path: "/home/{{ item.0.name }}/.cshrc" path: "/home/{{ item.0.name }}/.cshrc"
line: "{{ item.1.line }}" line: "{{ item.1.line }}"
state: "{{ item.1.state | default('present')}}" state: "{{ item.1.state | default('present')}}"
backup: yes
with_subelements: with_subelements:
- "{{ users }}" - "{{ users }}"
- csh_lines - csh_lines
- skip_missing: true - skip_missing: true
when: ansible_os_family == 'FreeBSD' when: ansible_os_family == 'FreeBSD' and item.0.state == "present"
- name: Configure cshrc blocks
blockinfile:
path: "/home/{{ item.0.name }}/.cshrc"
content: "{{ item.1.conent }}"
marker: "# {mark} ANSIBLE managed content. Block item #{{ listitem }}"
state: "{{ item.1.state | default('present')}}"
backup: yes
with_subelements:
- "{{ users }}"
- csh_blocks
- skip_missing: true
when: ansible_os_family == 'FreeBSD' and item.0.state == "present"
loop_control:
index_var: listitem
- name: Ensure sudo is installed (Debian)
apt:
name: sudo
update_cache: yes
cache_valid_time: "{{ apt_cache_valid | default('86400') }}"
when: ansible_os_family == "Debian"
- name: Ensure sudo is installed (FreeBSD)
portinstall:
name: sudo
state: present
when: ansible_os_family == "FreeBSD"
- name: Enable sudo for user
lineinfile:
path: "{{ sudoers_path }}/{{ item.name }}"
line: "{{ item.name }} ALL=(ALL) NOPASSWD:ALL"
state: present
create: true
when: item.enable_sudo is defined and item.enable_sudo == true
with_items: "{{ users }}"
- name: Disable sudo for user
file:
path: "{{ sudoers_path }}/{{ item.name }}"
state: absent
when: item.enable_sudo is defined and item.enable_sudo == false
with_items: "{{ users }}"
- name: Include sudoers.d
lineinfile:
dest: "{{ sudo_config_path }}"
state: present
regexp: '^\#includedir {{ sudoers_path }}'
line: '#includedir {{ sudoers_path }}'
validate: 'visudo -cf %s'