blob: c7929e9808a2b281480e14eefceb80154921efdf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
# Role `unix_users` – manage Unix users
This role creates or updates Unix users.
## Configuration
This role makes use of the following variables:
* `unix_users_version` – MANDATORY: The playbook should set this
to the version of the role it expects to use.
* `unix_users` – OPTIONAL: A list of Unix accounts to create.
Defaults to the empty list. Each item in the list is a dict with the
following keys:
* `username` – MANDATORY: the username of the account
* `comment` – OPTIONAL: the real name (or GECOS field) of the
new account
* `shell` – OPTIONAL: the login shell
* `system` – OPTIONAL: boolean, is this a system user?
* `sudo` – OPTIONAL: boolean, should the account have password-less sudo?
* `ssh_key` – OPTIONAL: text of key to install as `~/.ssh/id_rsa`
* `ssh_key_pub` – OPTIONAL: text of key to install as `~/.ssh/id_rsa.pub`
* `authorized_keys` – OPTIONAL: text of contents of
`~/.ssh/authorized_keys`
* `password` – OPTIONAL: encrypted password
* `groups` – OPTIONAL: list of additional groups to which user
should be added
Create the encrypted password with something like:
~~~yaml
password: "{{ lookup('pipe', 'pass show foo | mkpasswd --method=sha-512 --stdin') }}"
~~~
## Create normal user with unix_users
~~~scenario
given a host running Debian
then the host has no user foo
when I use role unix_users
and I use variables from foo.yml
and I run the playbook
then the host has user foo
and the user foo on host has encrypted password foopass
and the user foo on host has shell /bin/true
and the user foo on host has authorized_keys containing "ssh-rsa"
and the user foo on host is in group operator
~~~
~~~{#foo.yml .file .yaml}
unix_users_version: 2
unix_users:
- username: foo
comment: Foo Bar
shell: /bin/true
password: foopass
authorized_keys: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKVaQfxzzwpwk763IcPBs308TpYYp6+NTOMvYaj3j3ewz8feYQg3lOlKo/5xaPug2ZywG6v6tpn/p0drovT5YAIPJitP7yJAfEzJe/gO7c9uwx0uIpe6cc8bwRG0XFdUVK0EneB6LpIec+3juj4zitGBm0ffIoLDhJ7J0daTzQN62rZaw/2SjSvgbfnu3a2BYRPz1NGiXdvOCbytVSLlUAR6SxNPrFdh/BJnS4umyDaBL/1j2yaw/WlkfZPn5Ni3USZLRcbHnBUUbo64iwBwJabhdpeh0xLGTqDkaeudUgZjlrRHFyCbwJTPtDzJsPLb5HKGGzdXPHP7Lk6PM2CIOz liw@exolobe1
groups: [operator]
~~~
|