summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2017-12-06 14:42:13 +0200
committerLars Wirzenius <liw@liw.fi>2017-12-06 14:42:13 +0200
commit99d9654aad3e89bed54e9cff46ce69b155729340 (patch)
tree09f92d4d8f2680477a44ddd5d717ee8456d7807c
parent5ace3b2ef61776fee6e9a72ac5af478afa746432 (diff)
parentafdf7b83bcea213402c68a6d01c2269f4d4a2d82 (diff)
downloaddebian-ansible-99d9654aad3e89bed54e9cff46ce69b155729340.tar.gz
Merge branch 'liw/ssh'
-rw-r--r--roles/unix_users/defaults/main.yml11
-rw-r--r--roles/unix_users/tasks/main.yml40
2 files changed, 49 insertions, 2 deletions
diff --git a/roles/unix_users/defaults/main.yml b/roles/unix_users/defaults/main.yml
index d79958e..5914b08 100644
--- a/roles/unix_users/defaults/main.yml
+++ b/roles/unix_users/defaults/main.yml
@@ -5,6 +5,10 @@
# shell -- the shell to use (defaults to /bin/bash)
# system -- yes/no, is user a system user (default no)
# sudo -- yes/no, should user have sudo access? (without password)
+# ssh_key -- install this as ~/.ssh/id_rsa
+# ssh_key_pub -- install this as ~/.ssh/id_rsa.pub
+# ssh_key_pub -- install this as ~/.ssh/id_rsa.pub
+# authorized_keys -- install this as ~/.ssh/authorized_keys
#
unix_users: []
@@ -17,5 +21,10 @@ unix_users: []
#
# You MUST create a file for each user in unix_users. An empty file
# will do.
+#
+# THIS IS NOW DEPRECATED. DO NOT USE. If you leave this empty, the old,
+# deprecated way of installing authorized_keys files is skipped. If you
+# still use that, then set it in your own vars. But switch to the new
+# way asap: set authorized_keys field for the user, see above.
-authkeys_dir: /
+authkeys_dir:
diff --git a/roles/unix_users/tasks/main.yml b/roles/unix_users/tasks/main.yml
index ad9095f..d948dc8 100644
--- a/roles/unix_users/tasks/main.yml
+++ b/roles/unix_users/tasks/main.yml
@@ -6,12 +6,50 @@
shell: "{{ item.shell|default('/bin/bash') }}"
system: "{{ item.system|default('no') }}"
-- name: add keys to authorized_keys
+- name: create ~/.ssh for each user
with_items: "{{ unix_users }}"
+ when: item.ssh_key is defined or item.ssh_key_pub is defined or item.authorized_keys is defined
+ file:
+ state: directory
+ path: "/home/{{ item.username }}/.ssh"
+ owner: "{{ item.username }}"
+ group: "{{ item.username }}"
+ mode: 0755
+
+- name: install ssh private keys
+ with_items: "{{ unix_users }}"
+ when: item.ssh_key is defined
+ copy:
+ content: "{{ item.ssh_key }}"
+ dest: "/home/{{ item.username }}/.ssh/id_rsa"
+ owner: "{{ item.username }}"
+ group: "{{ item.username }}"
+ mode: 0600
+
+- name: install ssh public keys
+ with_items: "{{ unix_users }}"
+ when: item.ssh_key_pub is defined
+ copy:
+ content: "{{ item.ssh_key_pub }}"
+ dest: "/home/{{ item.username }}/.ssh/id_rsa.pub"
+ owner: "{{ item.username }}"
+ group: "{{ item.username }}"
+ mode: 0600
+
+- name: add keys to authorized_keys (deprecated way)
+ with_items: "{{ unix_users }}"
+ when: authkeys_dir != None
authorized_key:
user: "{{ item.username }}"
key: "{{ lookup('file', authkeys_dir + '/' + item.username) }}"
+- name: add keys to authorized_keys (new way)
+ with_items: "{{ unix_users }}"
+ when: item.authorized_keys is defined
+ authorized_key:
+ user: "{{ item.username }}"
+ key: "{{ item.authorized_keys }}"
+
- name: give sudo access
with_items: "{{ unix_users }}"
when: "{{ item.sudo|default(False) }}"