Adding option for configuring a secondary account

This commit is contained in:
Tyler Hale 2022-08-25 09:30:20 -06:00
parent c1656f82ec
commit 17d06adb73
Signed by: Tyler
GPG key ID: C7CC4B910D88EF96
4 changed files with 34 additions and 24 deletions

View file

@ -15,7 +15,7 @@ If the "base_core_hostname" variable is defined, it is recommended to set the an
### Core Variables ### Core Variables
| Variable | Default | Choices | Comments | | Variable | Default | Choices | Comments |
| -------------------------------------------- | ------------- | ----------- | -------------------------------------------------------------------------- | | -------------------------------------------- | ------------- | ----------- | ------------------------------------------------------------------------------- |
| base_core_cert_common_name | nodename | | Common name for created self-signed cert | | base_core_cert_common_name | nodename | | Common name for created self-signed cert |
| base_core_firewall_configure | True | True, False | Allows the firewall to be configured | | base_core_firewall_configure | True | True, False | Allows the firewall to be configured |
| base_core_hostname | "" | | Defines the computer hostname | | base_core_hostname | "" | | Defines the computer hostname |
@ -27,9 +27,10 @@ If the "base_core_hostname" variable is defined, it is recommended to set the an
| base_core_root_ca_basename | "" | | Basename of the cert for local system reference | | base_core_root_ca_basename | "" | | Basename of the cert for local system reference |
| base_core_root_ca_convert | False | True, False | Converts the defined certificate from DER to PEM type | | base_core_root_ca_convert | False | True, False | Converts the defined certificate from DER to PEM type |
| base_core_root_ca_url | "" | | URL of a Root CA to install | | base_core_root_ca_url | "" | | URL of a Root CA to install |
| base_core_secondary_user | "" | | Defines a secondary account that ansible configure for management in the future |
| base_core_secondary_user_disable_password | False | True, False | When enabled the password for the secondary user account will be disabled |
| base_core_ssh_permit_password_authentication | False | True, False | Permits the use of passwords for ssh | | base_core_ssh_permit_password_authentication | False | True, False | Permits the use of passwords for ssh |
| base_core_ssh_permit_root_login | False | True, False | Permits the use of root logins for ssh | | base_core_ssh_permit_root_login | False | True, False | Permits the use of root logins for ssh |
| base_core_ssh_public_keys_user | "" | | Added the public keys to an additional user if defined |
| base_core_timezone | America/Boise | | Defines the timezone to apply to the client | | base_core_timezone | America/Boise | | Defines the timezone to apply to the client |
| base_core_web_management | False | True, False | Enables installation of the Cockpit web management package(s) | | base_core_web_management | False | True, False | Enables installation of the Cockpit web management package(s) |

View file

@ -8,12 +8,18 @@
# General # General
# ======= # =======
# User that should have the authorized keys added # User that should be configured for future management
base_core_management_user: "{{ ansible_user }}" base_core_management_user: "{{ ansible_user }}"
# Secondary user that may be configured for future management
base_core_secondary_user: ""
# If enabled, the password for the management user account will be disabled # If enabled, the password for the management user account will be disabled
base_core_management_user_disable_password: false base_core_management_user_disable_password: false
# If enabled, the password for the secondary user account will be disabled
base_core_secondary_user_disable_password: false
# Install all available updates at runtime # Install all available updates at runtime
base_core_install_updates: true base_core_install_updates: true
@ -53,9 +59,6 @@ base_core_root_ca_url: ""
# SSH # SSH
# === # ===
# Added the public keys to an additional user if defined
base_core_ssh_public_keys_user: ""
# Allow ssh root login # Allow ssh root login
base_core_ssh_permit_root_login: false base_core_ssh_permit_root_login: false

View file

@ -83,3 +83,9 @@
name: "{{ base_core_management_user }}" name: "{{ base_core_management_user }}"
password_lock: yes password_lock: yes
when: base_core_management_user_disable_password == true when: base_core_management_user_disable_password == true
- name: Disable password for secondary management account
user:
name: "{{ base_core_secondary_user }}"
password_lock: yes
when: base_core_secondary_user != "" and base_core_secondary_user_disable_password == true

View file

@ -30,12 +30,12 @@
- name: Setup authorized keys for secondary user - name: Setup authorized keys for secondary user
authorized_key: authorized_key:
user: "{{ base_core_ssh_public_keys_user }}" user: "{{ base_core_secondary_user }}"
state: present state: present
key: '{{ lookup("file", item) }}' key: '{{ lookup("file", item) }}'
with_fileglob: with_fileglob:
- "public_keys/*" - "public_keys/*"
when: base_core_ssh_public_keys_user != "" when: base_core_secondary_user != ""
tags: tags:
- authorized_key - authorized_key