Moving sudo/user setup flow to avoid lockout
This commit is contained in:
parent
4238aa6db8
commit
f754623316
GPG key ID:
C7CC4B910D88EF96
2 changed files with 34 additions and 27 deletions
|
|
@ -27,6 +27,14 @@
|
||||||
pool: '^(Red Hat Enterprise Server|Red Hat Virtualization)$'
|
pool: '^(Red Hat Enterprise Server|Red Hat Virtualization)$'
|
||||||
when: ansible_distribution == 'RedHat' and (base_redhat_subscription_org_id != "" and base_redhat_subscription_activationkey != "")
|
when: ansible_distribution == 'RedHat' and (base_redhat_subscription_org_id != "" and base_redhat_subscription_activationkey != "")
|
||||||
|
|
||||||
|
- name: "*** SUDO Configuration ***"
|
||||||
|
include_tasks:
|
||||||
|
file: core_sudo.yml
|
||||||
|
apply:
|
||||||
|
tags: sudo
|
||||||
|
tags:
|
||||||
|
- sudo
|
||||||
|
|
||||||
- name: "*** Users Configuration ***"
|
- name: "*** Users Configuration ***"
|
||||||
include_tasks:
|
include_tasks:
|
||||||
file: core_users.yml
|
file: core_users.yml
|
||||||
|
|
@ -55,14 +63,6 @@
|
||||||
tags:
|
tags:
|
||||||
- ssh
|
- ssh
|
||||||
|
|
||||||
- name: "*** SUDO Configuration ***"
|
|
||||||
include_tasks:
|
|
||||||
file: core_sudo.yml
|
|
||||||
apply:
|
|
||||||
tags: sudo
|
|
||||||
tags:
|
|
||||||
- sudo
|
|
||||||
|
|
||||||
- name: "*** Generate Self-Signed Cert ***"
|
- name: "*** Generate Self-Signed Cert ***"
|
||||||
include_tasks:
|
include_tasks:
|
||||||
file: core_cert.yml
|
file: core_cert.yml
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,32 @@
|
||||||
# file: roles/base/tasks/core_users.yml
|
# file: roles/base/tasks/core_users.yml
|
||||||
|
|
||||||
- name: "{{ user.username }} user setup"
|
- name: "{{ user.username }} user setup"
|
||||||
|
user:
|
||||||
|
name: "{{ user.username }}"
|
||||||
|
state: "{{ user.state | default('present') }}"
|
||||||
|
force: true
|
||||||
|
|
||||||
|
- name: "Setup {{ user.username }} authorized keys"
|
||||||
|
authorized_key:
|
||||||
|
user: "{{ user.username }}"
|
||||||
|
state: "{{ user.state | default('present') }}"
|
||||||
|
key: "{{ user.ssh_keys | join('\n') }}"
|
||||||
|
exclusive: "{{ user.ssh_keys_force | default('false') }}"
|
||||||
|
tags:
|
||||||
|
- authorized_key
|
||||||
|
when: ( user.ssh_keys is defined ) and ( user.ssh_keys is not url )
|
||||||
|
|
||||||
|
- name: "Setup {{ user.username }} authorized keys from url"
|
||||||
|
authorized_key:
|
||||||
|
user: "{{ user.username }}"
|
||||||
|
state: "{{ user.state | default('present') }}"
|
||||||
|
key: "{{ user.ssh_keys }}"
|
||||||
|
exclusive: "{{ user.ssh_keys_force | default('false') }}"
|
||||||
|
tags:
|
||||||
|
- authorized_key
|
||||||
|
when: ( user.ssh_keys is defined ) and ( user.ssh_keys is url )
|
||||||
|
|
||||||
|
- name: "{{ user.username }} user password lock"
|
||||||
user:
|
user:
|
||||||
name: "{{ user.username }}"
|
name: "{{ user.username }}"
|
||||||
state: "{{ user.state | default('present') }}"
|
state: "{{ user.state | default('present') }}"
|
||||||
|
|
@ -23,22 +49,3 @@
|
||||||
password: "{{ user.password | default('*') }}"
|
password: "{{ user.password | default('*') }}"
|
||||||
when: user.password is defined
|
when: user.password is defined
|
||||||
|
|
||||||
- name: "Setup {{ user.username }} authorized keys"
|
|
||||||
authorized_key:
|
|
||||||
user: "{{ user.username }}"
|
|
||||||
state: "{{ user.state | default('present') }}"
|
|
||||||
key: "{{ user.ssh_keys | join('\n') }}"
|
|
||||||
exclusive: "{{ user.ssh_keys_force | default('false') }}"
|
|
||||||
tags:
|
|
||||||
- authorized_key
|
|
||||||
when: ( user.ssh_keys is defined ) and ( user.ssh_keys is not url )
|
|
||||||
|
|
||||||
- name: "Setup {{ user.username }} authorized keys from url"
|
|
||||||
authorized_key:
|
|
||||||
user: "{{ user.username }}"
|
|
||||||
state: "{{ user.state | default('present') }}"
|
|
||||||
key: "{{ user.ssh_keys }}"
|
|
||||||
exclusive: "{{ user.ssh_keys_force | default('false') }}"
|
|
||||||
tags:
|
|
||||||
- authorized_key
|
|
||||||
when: ( user.ssh_keys is defined ) and ( user.ssh_keys is url )
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue