Created
May 5, 2017 15:11
-
-
Save creisor/118d995726c51c6427004214957d12e2 to your computer and use it in GitHub Desktop.
Ansible tasks for adding users to hosts, and adding their authorized keys to other users so they can login as those users
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: add users | |
user: | |
name: "{{ item.name }}" | |
state: present | |
groups: "{{ item.groups }}" | |
shell: /bin/bash | |
with_items: "{{ users }}" | |
- name: add authorized keys | |
authorized_key: | |
user: "{{ item.name }}" | |
key: "{{ item.authorized_keys_url }}" | |
with_items: "{{ users }}" | |
when: item.authorized_keys_url is defined | |
- name: create bin directory | |
file: | |
path: "/home/{{ item.name }}/bin" | |
state: directory | |
owner: "{{ item.name }}" | |
group: "{{ item.name }}" | |
mode: 0755 | |
with_items: "{{ users }}" | |
when: item.create_bin_dir | |
- name: add login_as | |
authorized_key: | |
user: "{{ item[0] }}" | |
key: "{{ users | selectattr('name', 'equalto', item[1]) | map(attribute='authorized_keys_url') | join }}" | |
with_nested: | |
- "{{ users| selectattr('login_as', 'defined') | map(attribute='name') | list }}" | |
- "{{ users| selectattr('login_as', 'defined') | map(attribute='login_as') | join }}" | |
tags: login_as |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
users: | |
- | |
name: creisor | |
groups: admins | |
authorized_keys_url: "http://some_url/authorized_keys" | |
aws_access_key_url: "https://some_secrets_url/secrets.json" | |
create_bin_dir: true | |
- | |
name: janedoe | |
groups: web_admins | |
authorized_keys_url: "http://some_url/authorized_keys" | |
create_bin_dir: false | |
- | |
name: joeblow | |
groups: ops | |
authorized_keys_url: "http://some_url/authorized_keys" | |
create_bin_dir: false | |
- | |
name: backup | |
groups: | |
aws_access_key_url: "https://some_secrets_url/secrets.json" | |
create_bin_dir: true | |
login_as: | |
- creisor | |
- janedoe | |
- joeblow |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment