Adding option for configuring a secondary account
This commit is contained in:
parent
c1656f82ec
commit
17d06adb73
4 changed files with 34 additions and 24 deletions
|
@ -15,7 +15,7 @@ If the "base_core_hostname" variable is defined, it is recommended to set the an
|
||||||
### Core Variables
|
### Core Variables
|
||||||
|
|
||||||
| Variable | Default | Choices | Comments |
|
| Variable | Default | Choices | Comments |
|
||||||
| -------------------------------------------- | ------------- | ----------- | -------------------------------------------------------------------------- |
|
| -------------------------------------------- | ------------- | ----------- | ------------------------------------------------------------------------------- |
|
||||||
| base_core_cert_common_name | nodename | | Common name for created self-signed cert |
|
| base_core_cert_common_name | nodename | | Common name for created self-signed cert |
|
||||||
| base_core_firewall_configure | True | True, False | Allows the firewall to be configured |
|
| base_core_firewall_configure | True | True, False | Allows the firewall to be configured |
|
||||||
| base_core_hostname | "" | | Defines the computer hostname |
|
| base_core_hostname | "" | | Defines the computer hostname |
|
||||||
|
@ -27,9 +27,10 @@ If the "base_core_hostname" variable is defined, it is recommended to set the an
|
||||||
| base_core_root_ca_basename | "" | | Basename of the cert for local system reference |
|
| base_core_root_ca_basename | "" | | Basename of the cert for local system reference |
|
||||||
| base_core_root_ca_convert | False | True, False | Converts the defined certificate from DER to PEM type |
|
| base_core_root_ca_convert | False | True, False | Converts the defined certificate from DER to PEM type |
|
||||||
| base_core_root_ca_url | "" | | URL of a Root CA to install |
|
| base_core_root_ca_url | "" | | URL of a Root CA to install |
|
||||||
|
| base_core_secondary_user | "" | | Defines a secondary account that ansible configure for management in the future |
|
||||||
|
| base_core_secondary_user_disable_password | False | True, False | When enabled the password for the secondary user account will be disabled |
|
||||||
| base_core_ssh_permit_password_authentication | False | True, False | Permits the use of passwords for ssh |
|
| base_core_ssh_permit_password_authentication | False | True, False | Permits the use of passwords for ssh |
|
||||||
| base_core_ssh_permit_root_login | False | True, False | Permits the use of root logins for ssh |
|
| base_core_ssh_permit_root_login | False | True, False | Permits the use of root logins for ssh |
|
||||||
| base_core_ssh_public_keys_user | "" | | Added the public keys to an additional user if defined |
|
|
||||||
| base_core_timezone | America/Boise | | Defines the timezone to apply to the client |
|
| base_core_timezone | America/Boise | | Defines the timezone to apply to the client |
|
||||||
| base_core_web_management | False | True, False | Enables installation of the Cockpit web management package(s) |
|
| base_core_web_management | False | True, False | Enables installation of the Cockpit web management package(s) |
|
||||||
|
|
||||||
|
|
|
@ -8,12 +8,18 @@
|
||||||
# General
|
# General
|
||||||
# =======
|
# =======
|
||||||
|
|
||||||
# User that should have the authorized keys added
|
# User that should be configured for future management
|
||||||
base_core_management_user: "{{ ansible_user }}"
|
base_core_management_user: "{{ ansible_user }}"
|
||||||
|
|
||||||
|
# Secondary user that may be configured for future management
|
||||||
|
base_core_secondary_user: ""
|
||||||
|
|
||||||
# If enabled, the password for the management user account will be disabled
|
# If enabled, the password for the management user account will be disabled
|
||||||
base_core_management_user_disable_password: false
|
base_core_management_user_disable_password: false
|
||||||
|
|
||||||
|
# If enabled, the password for the secondary user account will be disabled
|
||||||
|
base_core_secondary_user_disable_password: false
|
||||||
|
|
||||||
# Install all available updates at runtime
|
# Install all available updates at runtime
|
||||||
base_core_install_updates: true
|
base_core_install_updates: true
|
||||||
|
|
||||||
|
@ -53,9 +59,6 @@ base_core_root_ca_url: ""
|
||||||
# SSH
|
# SSH
|
||||||
# ===
|
# ===
|
||||||
|
|
||||||
# Added the public keys to an additional user if defined
|
|
||||||
base_core_ssh_public_keys_user: ""
|
|
||||||
|
|
||||||
# Allow ssh root login
|
# Allow ssh root login
|
||||||
base_core_ssh_permit_root_login: false
|
base_core_ssh_permit_root_login: false
|
||||||
|
|
||||||
|
|
|
@ -83,3 +83,9 @@
|
||||||
name: "{{ base_core_management_user }}"
|
name: "{{ base_core_management_user }}"
|
||||||
password_lock: yes
|
password_lock: yes
|
||||||
when: base_core_management_user_disable_password == true
|
when: base_core_management_user_disable_password == true
|
||||||
|
|
||||||
|
- name: Disable password for secondary management account
|
||||||
|
user:
|
||||||
|
name: "{{ base_core_secondary_user }}"
|
||||||
|
password_lock: yes
|
||||||
|
when: base_core_secondary_user != "" and base_core_secondary_user_disable_password == true
|
||||||
|
|
|
@ -30,12 +30,12 @@
|
||||||
|
|
||||||
- name: Setup authorized keys for secondary user
|
- name: Setup authorized keys for secondary user
|
||||||
authorized_key:
|
authorized_key:
|
||||||
user: "{{ base_core_ssh_public_keys_user }}"
|
user: "{{ base_core_secondary_user }}"
|
||||||
state: present
|
state: present
|
||||||
key: '{{ lookup("file", item) }}'
|
key: '{{ lookup("file", item) }}'
|
||||||
with_fileglob:
|
with_fileglob:
|
||||||
- "public_keys/*"
|
- "public_keys/*"
|
||||||
when: base_core_ssh_public_keys_user != ""
|
when: base_core_secondary_user != ""
|
||||||
tags:
|
tags:
|
||||||
- authorized_key
|
- authorized_key
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue