Switching user management solution

2025-02-02 20:37:05 -07:00 · 2025-02-02 20:37:05 -07:00 · c83cad2e88
commit c83cad2e88
parent 82dffd5b1d
17 changed files with 51 additions and 80 deletions
--- a/roles/base/tasks/core.yml
+++ b/roles/base/tasks/core.yml
@ -27,6 +27,17 @@
    pool: '^(Red Hat Enterprise Server|Red Hat Virtualization)$'
  when: ansible_distribution == 'RedHat' and (base_redhat_subscription_org_id != "" and base_redhat_subscription_activationkey != "")

+- name: "*** Users Configuration ***"
+  include_tasks:
+    file: core_users.yml
+    apply:
+      tags: users
+  loop: "{{ base_users }}"
+  loop_control:
+    loop_var: user
+  tags:
+  - users
+
 - name: "*** MOTD Configuration ***"
  include_tasks: 
    file: core_motd.yml
@ -77,15 +88,3 @@
  when: base_core_web_management == true
  tags:
  - web_management
-
- name: Disable password for management account
-  user:
-    name: "{{ base_core_management_user }}"
-    password_lock: yes
-  when: base_core_management_user_disable_password == true
-
- name: Disable password for secondary management account
-  user:
-    name: "{{ base_core_secondary_user }}"
-    password_lock: yes
-  when: base_core_secondary_user != "" and base_core_secondary_user_disable_password == true
--- a/roles/base/tasks/core_ssh.yml
+++ b/roles/base/tasks/core_ssh.yml
@ -18,27 +18,6 @@
  tags:
  - issue

- name: Setup authorized keys
-  authorized_key:
-    user: "{{ base_core_management_user }}"
-    state: present
-    key: '{{ lookup("file", item) }}'
-  with_fileglob:
-    - "public_keys/*"
-  tags:
-  - authorized_key
-
- name: Setup authorized keys for secondary user
-  authorized_key:
-    user: "{{ base_core_secondary_user }}"
-    state: present
-    key: '{{ lookup("file", item) }}'
-  with_fileglob:
-    - "public_keys/*"
-  when: base_core_secondary_user != ""
-  tags:
-  - authorized_key
-
 - name: Configure SSH root login
  lineinfile:
    path: /etc/ssh/sshd_config
--- a/roles/base/tasks/core_users.yml
+++ b/roles/base/tasks/core_users.yml
@ -0,0 +1,33 @@
+---
+# file: roles/base/tasks/core_users.yml
+
+- name: "{{ user.username }} user setup"
+  user:
+    name: "{{ user.username }}"
+    password_lock: "{{ user.disable_password | default(false) }}"
+
+- name: "Configure {{ user.username }} password"
+  user:
+    name: "{{ user.username }}"
+    password: "{{ user.password | default('*') }}"
+  when: user.password is defined
+
+- name: "Setup {{ user.username }} authorized keys"
+  authorized_key:
+    user: "{{ user.username }}"
+    state: present
+    key: "{{ user.ssh_keys | join('\n') }}"
+    exclusive: "{{ user.ssh_keys_force | default('false') }}"
+  tags:
+  - authorized_key
+  when: ( user.ssh_keys is defined ) and ( user.ssh_keys is not url )
+
+- name: "Setup {{ user.username }} authorized keys from url"
+  authorized_key:
+    user: "{{ user.username }}"
+    state: present
+    key: "{{ user.ssh_keys }}"
+    exclusive: "{{ user.ssh_keys_force | default('false') }}"
+  tags:
+  - authorized_key
+  when: ( user.ssh_keys is defined ) and ( user.ssh_keys is url )