The purpose of this role is to add users and groups on your system.
GitHub | GitLab | Quality | Downloads | Version |
---|---|---|---|---|
This example is taken from molecule/default/converge.yml
and is tested on each push, pull request and release.
---
- name: Converge
hosts: all
become: yes
gather_facts: yes
roles:
- role: robertdebock.users
# You can create groups:
users_group_list:
- name: robertdb
gid: 1024
- name: users
# You can also remove groups.
- name: notgroup
state: absent
# A system group is also possible.
- name: systemgroup
system: yes
# You can create users.
users_user_list:
- name: root
cron_allow: yes
# You can remove authorized keys.
unauthorized_keys:
- "ssh-rsa XYZYX54321"
- name: robertdb
comment: Robert de Bock
uid: 1024
# The `group` and `groups` listed here should exist.
group: robertdb
# groups: A comma separated string of groups
# groups: users,wheel
groups: users
cron_allow: yes
sudo_options: "ALL=(ALL) NOPASSWD: ALL"
# Adding an authorized key.
authorized_keys:
- "ssh-rsa ABC123"
# EPOCH timestamp when an account should expire.
# Typically a positive value like: `1641971487`.
# The value `-1` removes the expiry time.
expires: -1
password_validity_days: 9
# Test username with dots
- name: robert.d.b
comment: Robert de Bock with dots in username
uid: 1025
# The `group` and `groups` listed here should exist.
group: robertdb
# groups: A comma separated string of groups
# groups: users,wheel
groups: users
cron_allow: yes
sudo_options: "ALL=(ALL) NOPASSWD: ALL"
# Adding an authorized key.
authorized_keys:
- "ssh-rsa ABC123"
# EPOCH timestamp when an account should expire.
# Typically a positive value like: `1641971487`.
# The value `-1` removes the expiry time.
expires: -1
password_validity_days: 9
# Here a user is removed.
- name: notuser
state: absent
- name: keyuser
manage_ssh_key: yes
- name: privkeyuser
# This user will have ssh-keys generated.
manage_ssh_key: yes
copy_private_key: yes
- name: multiplekeys
authorized_keys:
- "ssh-rsa ABC1234"
- "ssh-rsa ABC12345"
- name: passuser
# You can set a password. (Hashed and salted.)
password: "$6$mysecretsalt$qJbapG68nyRab3gxvKWPUcs2g3t0oMHSHMnSKecYNpSi3CuZm.GbBqXO8BE6EI6P1JUefhA0qvD7b5LSh./PU1"
update_password: on_create
- name: remotekey
authorized_keys:
# You can also download a public key from a URL.
- "https://raw.githubusercontent.com/shaanr/smdb/master/file.pub"
- name: systemuser
system: yes
- name: multisudo
# An account that can run just a few commands without a password.
sudo_options:
- "ALL= NOPASSWD: /usr/bin/systemctl restart httpd"
- "ALL= NOPASSWD: /usr/bin/systemctl start httpd"
- "ALL= NOPASSWD: /usr/bin/systemctl stop httpd"
The machine needs to be prepared. In CI this is done using molecule/default/prepare.yml
:
---
- name: Prepare
hosts: all
gather_facts: no
become: yes
roles:
- role: robertdebock.bootstrap
- role: robertdebock.core_dependencies
tasks:
- name: Set authorized keys for root
ansible.posix.authorized_key:
user: root
state: present
key: "ssh-rsa XYZYX54321"
Also see a full explanation and example on how to use these roles.
The default values for the variables are set in defaults/main.yml
:
---
# defaults file for users
# The location to store ssh keys for user
users_ssh_key_directory: ssh_keys
# The default shell if not overwritten.
users_shell: /bin/bash
# manage cron permissions via /etc/cron.allow
users_cron_allow: yes
# should homedirectories be created?
users_create_home: yes
- pip packages listed in requirements.txt.
The following roles are used to prepare a system. You can prepare your system in another way.
Requirement | GitHub | GitLab |
---|---|---|
robertdebock.bootstrap | ||
robertdebock.core_dependencies |
This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.
Here is an overview of related roles:
This role has been tested on these container images:
container | tags |
---|---|
Alpine | all |
Amazon | Candidate |
EL | 8 |
Debian | all |
Fedora | all |
opensuse | all |
Ubuntu | all |
The minimum version of Ansible required is 2.10, tests have been done to:
- The previous version.
- The current version.
- The development version.
If you find issues, please register them in GitHub
Please consider sponsoring me.