From f7546233164597fb36b3dd17a2932021d6a0c8c7 Mon Sep 17 00:00:00 2001 From: Tyler Hale Date: Thu, 12 Jun 2025 15:34:29 -0600 Subject: [PATCH] Moving sudo/user setup flow to avoid lockout --- roles/base/tasks/core.yml | 16 ++++++------ roles/base/tasks/core_users.yml | 45 +++++++++++++++++++-------------- 2 files changed, 34 insertions(+), 27 deletions(-) diff --git a/roles/base/tasks/core.yml b/roles/base/tasks/core.yml index 4fce338..d616ebc 100644 --- a/roles/base/tasks/core.yml +++ b/roles/base/tasks/core.yml @@ -27,6 +27,14 @@ pool: '^(Red Hat Enterprise Server|Red Hat Virtualization)$' when: ansible_distribution == 'RedHat' and (base_redhat_subscription_org_id != "" and base_redhat_subscription_activationkey != "") +- name: "*** SUDO Configuration ***" + include_tasks: + file: core_sudo.yml + apply: + tags: sudo + tags: + - sudo + - name: "*** Users Configuration ***" include_tasks: file: core_users.yml @@ -55,14 +63,6 @@ tags: - ssh -- name: "*** SUDO Configuration ***" - include_tasks: - file: core_sudo.yml - apply: - tags: sudo - tags: - - sudo - - name: "*** Generate Self-Signed Cert ***" include_tasks: file: core_cert.yml diff --git a/roles/base/tasks/core_users.yml b/roles/base/tasks/core_users.yml index 2292490..d701f11 100644 --- a/roles/base/tasks/core_users.yml +++ b/roles/base/tasks/core_users.yml @@ -2,6 +2,32 @@ # file: roles/base/tasks/core_users.yml - name: "{{ user.username }} user setup" + user: + name: "{{ user.username }}" + state: "{{ user.state | default('present') }}" + force: true + +- name: "Setup {{ user.username }} authorized keys" + authorized_key: + user: "{{ user.username }}" + state: "{{ user.state | default('present') }}" + key: "{{ user.ssh_keys | join('\n') }}" + exclusive: "{{ user.ssh_keys_force | default('false') }}" + tags: + - authorized_key + when: ( user.ssh_keys is defined ) and ( user.ssh_keys is not url ) + +- name: "Setup {{ user.username }} authorized keys from url" + authorized_key: + user: "{{ user.username }}" + state: "{{ user.state | default('present') }}" + key: "{{ user.ssh_keys }}" + exclusive: "{{ user.ssh_keys_force | default('false') }}" + tags: + - authorized_key + when: ( user.ssh_keys is defined ) and ( user.ssh_keys is url ) + +- name: "{{ user.username }} user password lock" user: name: "{{ user.username }}" state: "{{ user.state | default('present') }}" @@ -23,22 +49,3 @@ password: "{{ user.password | default('*') }}" when: user.password is defined -- name: "Setup {{ user.username }} authorized keys" - authorized_key: - user: "{{ user.username }}" - state: "{{ user.state | default('present') }}" - key: "{{ user.ssh_keys | join('\n') }}" - exclusive: "{{ user.ssh_keys_force | default('false') }}" - tags: - - authorized_key - when: ( user.ssh_keys is defined ) and ( user.ssh_keys is not url ) - -- name: "Setup {{ user.username }} authorized keys from url" - authorized_key: - user: "{{ user.username }}" - state: "{{ user.state | default('present') }}" - key: "{{ user.ssh_keys }}" - exclusive: "{{ user.ssh_keys_force | default('false') }}" - tags: - - authorized_key - when: ( user.ssh_keys is defined ) and ( user.ssh_keys is url )