Moving sudo/user setup flow to avoid lockout

2025-06-12 15:34:29 -06:00 · 2025-06-12 15:34:29 -06:00 · f754623316
commit f754623316
parent 4238aa6db8
2 changed files with 34 additions and 27 deletions
--- a/roles/base/tasks/core.yml
+++ b/roles/base/tasks/core.yml
@ -27,6 +27,14 @@
    pool: '^(Red Hat Enterprise Server|Red Hat Virtualization)$'
  when: ansible_distribution == 'RedHat' and (base_redhat_subscription_org_id != "" and base_redhat_subscription_activationkey != "")

+- name: "*** SUDO Configuration ***"
+  include_tasks:
+    file: core_sudo.yml
+    apply:
+      tags: sudo
+  tags:
+  - sudo
+
 - name: "*** Users Configuration ***"
  include_tasks:
    file: core_users.yml
@ -55,14 +63,6 @@
  tags:
  - ssh

- name: "*** SUDO Configuration ***"
-  include_tasks:
-    file: core_sudo.yml
-    apply:
-      tags: sudo
-  tags:
-  - sudo
-
 - name: "*** Generate Self-Signed Cert ***"
  include_tasks:
    file: core_cert.yml
--- a/roles/base/tasks/core_users.yml
+++ b/roles/base/tasks/core_users.yml
@ -2,6 +2,32 @@
 # file: roles/base/tasks/core_users.yml

 - name: "{{ user.username }} user setup"
+  user:
+    name: "{{ user.username }}"
+    state: "{{ user.state | default('present') }}"
+    force: true
+
+- name: "Setup {{ user.username }} authorized keys"
+  authorized_key:
+    user: "{{ user.username }}"
+    state: "{{ user.state | default('present') }}"
+    key: "{{ user.ssh_keys | join('\n') }}"
+    exclusive: "{{ user.ssh_keys_force | default('false') }}"
+  tags:
+  - authorized_key
+  when: ( user.ssh_keys is defined ) and ( user.ssh_keys is not url )
+
+- name: "Setup {{ user.username }} authorized keys from url"
+  authorized_key:
+    user: "{{ user.username }}"
+    state: "{{ user.state | default('present') }}"
+    key: "{{ user.ssh_keys }}"
+    exclusive: "{{ user.ssh_keys_force | default('false') }}"
+  tags:
+  - authorized_key
+  when: ( user.ssh_keys is defined ) and ( user.ssh_keys is url )
+
+- name: "{{ user.username }} user password lock"
  user:
    name: "{{ user.username }}"
    state: "{{ user.state | default('present') }}"
@ -23,22 +49,3 @@
    password: "{{ user.password | default('*') }}"
  when: user.password is defined

- name: "Setup {{ user.username }} authorized keys"
-  authorized_key:
-    user: "{{ user.username }}"
-    state: "{{ user.state | default('present') }}"
-    key: "{{ user.ssh_keys | join('\n') }}"
-    exclusive: "{{ user.ssh_keys_force | default('false') }}"
-  tags:
-  - authorized_key
-  when: ( user.ssh_keys is defined ) and ( user.ssh_keys is not url )
-
- name: "Setup {{ user.username }} authorized keys from url"
-  authorized_key:
-    user: "{{ user.username }}"
-    state: "{{ user.state | default('present') }}"
-    key: "{{ user.ssh_keys }}"
-    exclusive: "{{ user.ssh_keys_force | default('false') }}"
-  tags:
-  - authorized_key
-  when: ( user.ssh_keys is defined ) and ( user.ssh_keys is url )