Users and Groups Role
Variables:
%YAML 1.2 --- delta_groups: - name: pink - { name: blue, gid: '1999' } - { name: colours, system: yes } - { name: shades, state: absent } delta_users: - name: blue group: blue groups: colours,users,sudo comment: Blue User,,, # GECOS info uid: '1999' - name: purple group: purple groups: colours password: $6$asdfasdf$... - name: placeholder create_home: no - { name: yellow, state: absent, remove: yes, force: yes } - name: root password: '!*' password_lock: yes # - name: debianadmin # groups: audio,bluetooth,cdrom,dip,floppy,lpadmin,netdev,plugdev,scanner,users,video # ... # - name: ubuntuadmin # groups: adm,cdrom,dialout,dip,fax,floppy,lpadmin,plugdev,sambashare,tape,users,video # ... # - name: raspbianadmin # groups: adm,audio,cdrom,dialout,games,gpio,i2c,input,netdev,plugdev,spi,sudo,users,video # ... # - name: archadmin # groups: users,wheel # ... delta_authorized_keys: - user: blue key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQ... exclusive: yes - user: red key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQ... state: absent delta_sudoers: - path: /etc/sudoers.d/red block: | Defaults:red !requiretty red ALL=(ALL) NOPASSWD:ALL create: yes mode: '0440' validate: visudo --quiet --check --file=%s - path: /etc/sudoers.d/green block: | green ALL=(ALL) ALL create: yes mode: '0440' validate: visudo -q -c -f %s - path: /etc/sudoers.d/blue block: | blue ALL=(ALL:ALL) ALL create: yes mode: '0440' - path: /etc/sudoers.d/purple block: | purple ALL=(ALL:ALL) ALL purple ALL=NOPASSWD: /usr/bin/foo create: yes mode: '0440'
Examples:
# Playbook ansible-playbook \ --ask-become-pass \ --become \ --extra-vars=@my_vars.yaml \ --inventory=inventories/staging/ \ --user=bob \ start.yaml # Ad-hoc with SSH key ansible localhost \ --args=tasks/main.yaml \ --extra-vars=@my_vars.yaml --key-file=~/.ssh/id_rsa_foo \ --module-name=import_tasks \ --user=bob # Ad-hoc without SSH key ansible all \ --args=tasks/main.yaml \ --extra-vars=ansible_password=armpit --extra-vars=@my_vars.yaml \ --inventory=10.0.0.1, \ --module-name=include_tasks \ --user=root
- ansible/ansible#43131
- https://raymii.org/s/tutorials/Ansible_-_Only_if_a_file_exists_or_does_not_exist.html
- https://raymii.org/s/tutorials/Ansible_-_Sudo_Safety_and_Sanity_Checks.html
- https://serverfault.com/questions/901491/checking-sudoers-d-files-with-ansible
- https://github.com/wtcross/ansible-sudoers/blob/master/tasks/main.yml
- https://stackoverflow.com/a/41837196
- https://leucos.github.io/ansible-files-layout