Moving sudo/user setup flow to avoid lockout

This commit is contained in:
Tyler Hale 2025-06-12 15:34:29 -06:00
parent 4238aa6db8
commit f754623316
Signed by: Tyler
GPG key ID: C7CC4B910D88EF96
2 changed files with 34 additions and 27 deletions

View file

@ -27,6 +27,14 @@
pool: '^(Red Hat Enterprise Server|Red Hat Virtualization)$'
when: ansible_distribution == 'RedHat' and (base_redhat_subscription_org_id != "" and base_redhat_subscription_activationkey != "")
- name: "*** SUDO Configuration ***"
include_tasks:
file: core_sudo.yml
apply:
tags: sudo
tags:
- sudo
- name: "*** Users Configuration ***"
include_tasks:
file: core_users.yml
@ -55,14 +63,6 @@
tags:
- ssh
- name: "*** SUDO Configuration ***"
include_tasks:
file: core_sudo.yml
apply:
tags: sudo
tags:
- sudo
- name: "*** Generate Self-Signed Cert ***"
include_tasks:
file: core_cert.yml

View file

@ -2,6 +2,32 @@
# file: roles/base/tasks/core_users.yml
- name: "{{ user.username }} user setup"
user:
name: "{{ user.username }}"
state: "{{ user.state | default('present') }}"
force: true
- name: "Setup {{ user.username }} authorized keys"
authorized_key:
user: "{{ user.username }}"
state: "{{ user.state | default('present') }}"
key: "{{ user.ssh_keys | join('\n') }}"
exclusive: "{{ user.ssh_keys_force | default('false') }}"
tags:
- authorized_key
when: ( user.ssh_keys is defined ) and ( user.ssh_keys is not url )
- name: "Setup {{ user.username }} authorized keys from url"
authorized_key:
user: "{{ user.username }}"
state: "{{ user.state | default('present') }}"
key: "{{ user.ssh_keys }}"
exclusive: "{{ user.ssh_keys_force | default('false') }}"
tags:
- authorized_key
when: ( user.ssh_keys is defined ) and ( user.ssh_keys is url )
- name: "{{ user.username }} user password lock"
user:
name: "{{ user.username }}"
state: "{{ user.state | default('present') }}"
@ -23,22 +49,3 @@
password: "{{ user.password | default('*') }}"
when: user.password is defined
- name: "Setup {{ user.username }} authorized keys"
authorized_key:
user: "{{ user.username }}"
state: "{{ user.state | default('present') }}"
key: "{{ user.ssh_keys | join('\n') }}"
exclusive: "{{ user.ssh_keys_force | default('false') }}"
tags:
- authorized_key
when: ( user.ssh_keys is defined ) and ( user.ssh_keys is not url )
- name: "Setup {{ user.username }} authorized keys from url"
authorized_key:
user: "{{ user.username }}"
state: "{{ user.state | default('present') }}"
key: "{{ user.ssh_keys }}"
exclusive: "{{ user.ssh_keys_force | default('false') }}"
tags:
- authorized_key
when: ( user.ssh_keys is defined ) and ( user.ssh_keys is url )