Tyler/Ansible-Linux_Base
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Wiki Activity

Adding option for configuring a secondary account

Browse source
This commit is contained in:
Tyler Hale 2022-08-25 09:30:20 -06:00
parent c1656f82ec
commit 17d06adb73
Signed by: Tyler
GPG key ID: C7CC4B910D88EF96
4 changed files with 34 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
README.md
View file

@ -14,24 +14,25 @@ If the "base_core_hostname" variable is defined, it is recommended to set the an
### Core Variables
| Variable | Default | Choices | Comments |
| -------------------------------------------- | ------------- | ----------- | -------------------------------------------------------------------------- |
| base_core_cert_common_name | nodename | | Common name for created self-signed cert |
| base_core_firewall_configure | True | True, False | Allows the firewall to be configured |
| base_core_hostname | "" | | Defines the computer hostname |
| base_core_install_updates | True | True, False | Install all available updates for the distro at runtime |
| base_core_management_user | ansible_user | | Defines the account that ansible will use for management in the future |
| base_core_management_user_disable_password | False | True, False | When enabled the password for the management user account will be disabled |
| base_core_motd_banner | "" | | Banner to be added to MOTD if desired |
| base_core_motd_configure | True | True, False | Allows the MOTD to be configured |
| base_core_root_ca_basename | "" | | Basename of the cert for local system reference |
| base_core_root_ca_convert | False | True, False | Converts the defined certificate from DER to PEM type |
| base_core_root_ca_url | "" | | URL of a Root CA to install |
| base_core_ssh_permit_password_authentication | False | True, False | Permits the use of passwords for ssh |
| base_core_ssh_permit_root_login | False | True, False | Permits the use of root logins for ssh |
| base_core_ssh_public_keys_user | "" | | Added the public keys to an additional user if defined |
| base_core_timezone | America/Boise | | Defines the timezone to apply to the client |
| base_core_web_management | False | True, False | Enables installation of the Cockpit web management package(s) |
| Variable | Default | Choices | Comments |
| -------------------------------------------- | ------------- | ----------- | ------------------------------------------------------------------------------- |
| base_core_cert_common_name | nodename | | Common name for created self-signed cert |
| base_core_firewall_configure | True | True, False | Allows the firewall to be configured |
| base_core_hostname | "" | | Defines the computer hostname |
| base_core_install_updates | True | True, False | Install all available updates for the distro at runtime |
| base_core_management_user | ansible_user | | Defines the account that ansible will use for management in the future |
| base_core_management_user_disable_password | False | True, False | When enabled the password for the management user account will be disabled |
| base_core_motd_banner | "" | | Banner to be added to MOTD if desired |
| base_core_motd_configure | True | True, False | Allows the MOTD to be configured |
| base_core_root_ca_basename | "" | | Basename of the cert for local system reference |
| base_core_root_ca_convert | False | True, False | Converts the defined certificate from DER to PEM type |
| base_core_root_ca_url | "" | | URL of a Root CA to install |
| base_core_secondary_user | "" | | Defines a secondary account that ansible configure for management in the future |
| base_core_secondary_user_disable_password | False | True, False | When enabled the password for the secondary user account will be disabled |
| base_core_ssh_permit_password_authentication | False | True, False | Permits the use of passwords for ssh |
| base_core_ssh_permit_root_login | False | True, False | Permits the use of root logins for ssh |
| base_core_timezone | America/Boise | | Defines the timezone to apply to the client |
| base_core_web_management | False | True, False | Enables installation of the Cockpit web management package(s) |
## Example

11
roles/base/defaults/main.yml
View file

@ -8,12 +8,18 @@
# General
# =======
# User that should have the authorized keys added
# User that should be configured for future management
base_core_management_user: "{{ ansible_user }}"
# Secondary user that may be configured for future management
base_core_secondary_user: ""
# If enabled, the password for the management user account will be disabled
base_core_management_user_disable_password: false
# If enabled, the password for the secondary user account will be disabled
base_core_secondary_user_disable_password: false
# Install all available updates at runtime
base_core_install_updates: true
@ -53,9 +59,6 @@ base_core_root_ca_url: ""
# SSH
# ===
# Added the public keys to an additional user if defined
base_core_ssh_public_keys_user: ""
# Allow ssh root login
base_core_ssh_permit_root_login: false

6
roles/base/tasks/core.yml
View file

@ -83,3 +83,9 @@
name: "{{ base_core_management_user }}"
password_lock: yes
when: base_core_management_user_disable_password == true
- name: Disable password for secondary management account
user:
name: "{{ base_core_secondary_user }}"
password_lock: yes
when: base_core_secondary_user != "" and base_core_secondary_user_disable_password == true

4
roles/base/tasks/core_ssh.yml
View file

@ -30,12 +30,12 @@
- name: Setup authorized keys for secondary user
authorized_key:
user: "{{ base_core_ssh_public_keys_user }}"
user: "{{ base_core_secondary_user }}"
state: present
key: '{{ lookup("file", item) }}'
with_fileglob:
- "public_keys/*"
when: base_core_ssh_public_keys_user != ""
when: base_core_secondary_user != ""
tags:
- authorized_key