Adding option for configuring a secondary account
This commit is contained in:
parent
c1656f82ec
commit
17d06adb73
4 changed files with 34 additions and 24 deletions
|
@ -15,7 +15,7 @@ If the "base_core_hostname" variable is defined, it is recommended to set the an
|
|||
### Core Variables
|
||||
|
||||
| Variable | Default | Choices | Comments |
|
||||
| -------------------------------------------- | ------------- | ----------- | -------------------------------------------------------------------------- |
|
||||
| -------------------------------------------- | ------------- | ----------- | ------------------------------------------------------------------------------- |
|
||||
| base_core_cert_common_name | nodename | | Common name for created self-signed cert |
|
||||
| base_core_firewall_configure | True | True, False | Allows the firewall to be configured |
|
||||
| base_core_hostname | "" | | Defines the computer hostname |
|
||||
|
@ -27,9 +27,10 @@ If the "base_core_hostname" variable is defined, it is recommended to set the an
|
|||
| base_core_root_ca_basename | "" | | Basename of the cert for local system reference |
|
||||
| base_core_root_ca_convert | False | True, False | Converts the defined certificate from DER to PEM type |
|
||||
| base_core_root_ca_url | "" | | URL of a Root CA to install |
|
||||
| base_core_secondary_user | "" | | Defines a secondary account that ansible configure for management in the future |
|
||||
| base_core_secondary_user_disable_password | False | True, False | When enabled the password for the secondary user account will be disabled |
|
||||
| base_core_ssh_permit_password_authentication | False | True, False | Permits the use of passwords for ssh |
|
||||
| base_core_ssh_permit_root_login | False | True, False | Permits the use of root logins for ssh |
|
||||
| base_core_ssh_public_keys_user | "" | | Added the public keys to an additional user if defined |
|
||||
| base_core_timezone | America/Boise | | Defines the timezone to apply to the client |
|
||||
| base_core_web_management | False | True, False | Enables installation of the Cockpit web management package(s) |
|
||||
|
||||
|
|
|
@ -8,12 +8,18 @@
|
|||
# General
|
||||
# =======
|
||||
|
||||
# User that should have the authorized keys added
|
||||
# User that should be configured for future management
|
||||
base_core_management_user: "{{ ansible_user }}"
|
||||
|
||||
# Secondary user that may be configured for future management
|
||||
base_core_secondary_user: ""
|
||||
|
||||
# If enabled, the password for the management user account will be disabled
|
||||
base_core_management_user_disable_password: false
|
||||
|
||||
# If enabled, the password for the secondary user account will be disabled
|
||||
base_core_secondary_user_disable_password: false
|
||||
|
||||
# Install all available updates at runtime
|
||||
base_core_install_updates: true
|
||||
|
||||
|
@ -53,9 +59,6 @@ base_core_root_ca_url: ""
|
|||
# SSH
|
||||
# ===
|
||||
|
||||
# Added the public keys to an additional user if defined
|
||||
base_core_ssh_public_keys_user: ""
|
||||
|
||||
# Allow ssh root login
|
||||
base_core_ssh_permit_root_login: false
|
||||
|
||||
|
|
|
@ -83,3 +83,9 @@
|
|||
name: "{{ base_core_management_user }}"
|
||||
password_lock: yes
|
||||
when: base_core_management_user_disable_password == true
|
||||
|
||||
- name: Disable password for secondary management account
|
||||
user:
|
||||
name: "{{ base_core_secondary_user }}"
|
||||
password_lock: yes
|
||||
when: base_core_secondary_user != "" and base_core_secondary_user_disable_password == true
|
||||
|
|
|
@ -30,12 +30,12 @@
|
|||
|
||||
- name: Setup authorized keys for secondary user
|
||||
authorized_key:
|
||||
user: "{{ base_core_ssh_public_keys_user }}"
|
||||
user: "{{ base_core_secondary_user }}"
|
||||
state: present
|
||||
key: '{{ lookup("file", item) }}'
|
||||
with_fileglob:
|
||||
- "public_keys/*"
|
||||
when: base_core_ssh_public_keys_user != ""
|
||||
when: base_core_secondary_user != ""
|
||||
tags:
|
||||
- authorized_key
|
||||
|
||||
|
|
Loading…
Reference in a new issue