readme
This commit is contained in:
parent
0e38e26bdc
commit
79b83b6e29
36
README.md
36
README.md
@ -1,8 +1,8 @@
|
|||||||
Provision ansible user
|
Provision management user
|
||||||
=========
|
=========
|
||||||
> This repository is only a mirror. Development and testing is done on a private gitlab server.
|
> This repository is only a mirror. Development and testing is done on a private gitlab server.
|
||||||
|
|
||||||
This role configures the ansible service user on **debian-based** distributions.
|
This role configures the management user on **debian-based** distributions.
|
||||||
|
|
||||||
Requirements
|
Requirements
|
||||||
------------
|
------------
|
||||||
@ -11,60 +11,60 @@ None.
|
|||||||
|
|
||||||
Role Variables
|
Role Variables
|
||||||
--------------
|
--------------
|
||||||
Available variables are listed below, along with default values. A sample file for the default values is available in `default/provision_ansible_user.yml.sample` in case you need it for any `group_vars` or `host_vars` configuration.
|
Available variables are listed below, along with default values. A sample file for the default values is available in `default/provision_management_user.yml.sample` in case you need it for any `group_vars` or `host_vars` configuration.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
provision_ansible_user_name: ansible # by default, set to ansible
|
provision_management_user_name: ansible # by default, set to ansible
|
||||||
```
|
```
|
||||||
This variable sets the name to configure for the service account.
|
This variable sets the name to configure for the service account.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
provision_ansible_user_group: ansible # by default, set to ansible
|
provision_management_user_group: ansible # by default, set to ansible
|
||||||
```
|
```
|
||||||
This variable sets the primary group to configure for the service account.
|
This variable sets the primary group to configure for the service account.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
provision_ansible_user_password: "*" # by default, set to *
|
provision_management_user_password: "*" # by default, set to *
|
||||||
```
|
```
|
||||||
This variable sets the password of the account, by default, it is set to "*", which means password authentication is disabled.
|
This variable sets the password of the account, by default, it is set to "*", which means password authentication is disabled.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
provision_ansible_user_is_system: true # by default, set to true
|
provision_management_user_is_system: true # by default, set to true
|
||||||
```
|
```
|
||||||
This variable describe whether the account should be a system user or not. Default (and recommended) is `true`.
|
This variable describe whether the account should be a system user or not. Default (and recommended) is `true`.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
provision_ansible_user_home: /opt/{{ provision_ansible_user_name }} # by default, set to /opt/{{ provision_ansible_user_name }}
|
provision_management_user_home: /opt/{{ provision_management_user_name }} # by default, set to /opt/{{ provision_management_user_name }}
|
||||||
```
|
```
|
||||||
This variable sets the home for the service account. By default the home of the account is set in /opt/.
|
This variable sets the home for the service account. By default the home of the account is set in /opt/.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
provision_ansible_user_shell: /bin/bash # by default, set to /bin/bash
|
provision_management_user_shell: /bin/bash # by default, set to /bin/bash
|
||||||
```
|
```
|
||||||
This variable sets the shell to be used by the account. Defaults to bash.
|
This variable sets the shell to be used by the account. Defaults to bash.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
provision_ansible_user_sudoer: false # by default, set to false
|
provision_management_user_sudoer: false # by default, set to false
|
||||||
```
|
```
|
||||||
This variable defines if the user should be root. For security reasons, this defaults to `false`, but should probably be `true` in a real world scenario.
|
This variable defines if the user should be root. For security reasons, this defaults to `false`, but should probably be `true` in a real world scenario.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
provision_ansible_user_add_ssh_key: false # by default, set to false
|
provision_management_user_add_ssh_key: false # by default, set to false
|
||||||
```
|
```
|
||||||
This variable defines if ssh_keys should be added to the authroized_keys file for the user. Defaults to `false` because there is no "default" ssh_key. This should be set to true and a key passed to the role.
|
This variable defines if ssh_keys should be added to the authroized_keys file for the user. Defaults to `false` because there is no "default" ssh_key. This should be set to true and a key passed to the role.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
provision_ansible_user_ssh_key: # by default, not set
|
provision_management_user_ssh_key: # by default, not set
|
||||||
```
|
```
|
||||||
This variable contains the ssh public key to use by ansible to log in the service account. Defaults to `None`, but should be set by the operator, and preferably obfuscated (see examples).
|
This variable contains the ssh public key to use by ansible to log in the service account. Defaults to `None`, but should be set by the operator, and preferably obfuscated (see examples).
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
provision_ansible_user_ssh_key_options: "" # by default, set to ""
|
provision_management_user_ssh_key_options: "" # by default, set to ""
|
||||||
```
|
```
|
||||||
This variable sets the potential ssh options to add in the authorized_keys file. Default to no options.
|
This variable sets the potential ssh options to add in the authorized_keys file. Default to no options.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
provision_ansible_user_ssh_key_exclusive: true # by default, set to true
|
provision_management_user_ssh_key_exclusive: true # by default, set to true
|
||||||
```
|
```
|
||||||
This variable defines if the ssh public key passed above should be the only key to log into this account. For security reasons, it is recommended that this gets set to `true`.
|
This variable defines if the ssh public key passed above should be the only key to log into this account. For security reasons, it is recommended that this gets set to `true`.
|
||||||
|
|
||||||
@ -80,7 +80,7 @@ Example Playbook
|
|||||||
# calling the role inside a playbook with either the default or group_vars/host_vars
|
# calling the role inside a playbook with either the default or group_vars/host_vars
|
||||||
- hosts: servers
|
- hosts: servers
|
||||||
roles:
|
roles:
|
||||||
- ednxzu.provision_ansible_user
|
- ednxzu.provision_management_user
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
@ -116,10 +116,10 @@ Example Playbook
|
|||||||
|
|
||||||
- name: "Provision ansible user"
|
- name: "Provision ansible user"
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: ednxzu.provision_ansible_user
|
name: ednxzu.provision_management_user
|
||||||
vars:
|
vars:
|
||||||
provision_ansible_user_add_ssh_key: true
|
provision_management_user_add_ssh_key: true
|
||||||
provision_ansible_user_ssh_key: "{{ _keypair.public_key }}"
|
provision_management_user_ssh_key: "{{ _keypair.public_key }}"
|
||||||
```
|
```
|
||||||
|
|
||||||
License
|
License
|
||||||
|
Loading…
Reference in New Issue
Block a user