ansible-roles/provision_management_user
ansible-roles/provision_management_user
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: remove become from role, fix #1
Some checks failed
test / Molecule tests (default, debian11) (push) Blocked by required conditions
Details
test / Molecule tests (default, debian12) (push) Blocked by required conditions
Details
test / Molecule tests (default, ubuntu2004) (push) Blocked by required conditions
Details
test / Molecule tests (default, ubuntu2204) (push) Blocked by required conditions
Details
test / Molecule tests (with_ssh_keys, debian11) (push) Blocked by required conditions
Details
test / Molecule tests (with_ssh_keys, debian12) (push) Blocked by required conditions
Details
test / Molecule tests (with_ssh_keys, ubuntu2004) (push) Blocked by required conditions
Details
test / Molecule tests (with_ssh_keys, ubuntu2204) (push) Blocked by required conditions
Details
test / Linting (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Bertrand Lanson 2023-12-03 18:10:56 +01:00
parent 40210f9b6d
commit 9038f8a2ba
12 changed files with 16 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
handlers/main.yml
View File

@ -4,5 +4,4 @@
ansible.builtin.service: ansible.builtin.service:
name: sshd name: sshd
state: restarted state: restarted
become: true
listen: "systemctl-restart-sshd" listen: "systemctl-restart-sshd"

1
molecule/default/converge.yml
View File

@ -1,6 +1,7 @@
--- ---
- name: Converge - name: Converge
hosts: all hosts: all
become: true
tasks: tasks:
- name: "Include ednxzu.provision_management_user" - name: "Include ednxzu.provision_management_user"
ansible.builtin.include_role: ansible.builtin.include_role:

20
molecule/default/verify.yml
View File

@ -1,23 +1,9 @@
--- ---
- name: Verify - name: Verify
hosts: all hosts: all
gather_facts: false gather_facts: true
become: true
tasks: tasks:
- name: "Test: file /etc/hosts"
block:
- name: "Stat file /etc/hosts"
ansible.builtin.stat:
path: "/etc/hosts"
register: stat_etc_hosts
- name: "Verify file /etc/hosts"
ansible.builtin.assert:
that:
- stat_etc_hosts.stat.exists
- stat_etc_hosts.stat.isreg
- stat_etc_hosts.stat.pw_name == 'root'
- stat_etc_hosts.stat.gr_name == 'root'
- name: "Test: ubuntu user and group" - name: "Test: ubuntu user and group"
block: block:
- name: "Getent user ansible" - name: "Getent user ansible"
@ -48,7 +34,6 @@
ansible.builtin.stat: ansible.builtin.stat:
path: "/etc/sudoers.d/ubuntu" path: "/etc/sudoers.d/ubuntu"
register: stat_etc_sudoers_d_ubuntu register: stat_etc_sudoers_d_ubuntu
become: true
- name: "Verify file /etc/sudoers.d/ubuntu" - name: "Verify file /etc/sudoers.d/ubuntu"
ansible.builtin.assert: ansible.builtin.assert:
@ -61,7 +46,6 @@
ansible.builtin.stat: ansible.builtin.stat:
path: "/home/ubuntu/.ssh/authorized_keys" path: "/home/ubuntu/.ssh/authorized_keys"
register: stat_home_ubuntu_ssh_authorized_keys register: stat_home_ubuntu_ssh_authorized_keys
become: true
- name: "Verify file /home/ubuntu/.ssh/authorized_keys" - name: "Verify file /home/ubuntu/.ssh/authorized_keys"
ansible.builtin.assert: ansible.builtin.assert:

1
molecule/default_vagrant/converge.yml
View File

@ -1,6 +1,7 @@
--- ---
- name: Converge - name: Converge
hosts: all hosts: all
become: true
tasks: tasks:
- name: "Include ednxzu.provision_management_user" - name: "Include ednxzu.provision_management_user"
ansible.builtin.include_role: ansible.builtin.include_role:

22
molecule/default_vagrant/verify.yml
View File

@ -2,26 +2,8 @@
- name: Verify - name: Verify
hosts: all hosts: all
gather_facts: true gather_facts: true
become: true
tasks: tasks:
- name: "Test: file /etc/hosts"
block:
- name: "Stat file /etc/hosts"
ansible.builtin.stat:
path: "/etc/hosts"
register: stat_etc_hosts
- name: "Verify file /etc/hosts"
vars:
etc_hosts_group:
ubuntu: "adm"
debian: "root"
ansible.builtin.assert:
that:
- stat_etc_hosts.stat.exists
- stat_etc_hosts.stat.isreg
- stat_etc_hosts.stat.pw_name == 'root'
- stat_etc_hosts.stat.gr_name == etc_hosts_group[(ansible_distribution|lower)]
- name: "Test: ubuntu user and group" - name: "Test: ubuntu user and group"
block: block:
- name: "Getent user ansible" - name: "Getent user ansible"
@ -52,7 +34,6 @@
ansible.builtin.stat: ansible.builtin.stat:
path: "/etc/sudoers.d/ubuntu" path: "/etc/sudoers.d/ubuntu"
register: stat_etc_sudoers_d_ubuntu register: stat_etc_sudoers_d_ubuntu
become: true
- name: "Verify file /etc/sudoers.d/ubuntu" - name: "Verify file /etc/sudoers.d/ubuntu"
ansible.builtin.assert: ansible.builtin.assert:
@ -65,7 +46,6 @@
ansible.builtin.stat: ansible.builtin.stat:
path: "/home/ubuntu/.ssh/authorized_keys" path: "/home/ubuntu/.ssh/authorized_keys"
register: stat_home_ubuntu_ssh_authorized_keys register: stat_home_ubuntu_ssh_authorized_keys
become: true
- name: "Verify file /home/ubuntu/.ssh/authorized_keys" - name: "Verify file /home/ubuntu/.ssh/authorized_keys"
ansible.builtin.assert: ansible.builtin.assert:

1
molecule/with_ssh_keys/converge.yml
View File

@ -1,6 +1,7 @@
--- ---
- name: Converge - name: Converge
hosts: all hosts: all
become: true
tasks: tasks:
- name: "Include ednxzu.provision_management_user" - name: "Include ednxzu.provision_management_user"
ansible.builtin.include_role: ansible.builtin.include_role:

22
molecule/with_ssh_keys/verify.yml
View File

@ -1,23 +1,9 @@
--- ---
- name: Verify - name: Verify
hosts: all hosts: all
gather_facts: false gather_facts: true
become: true
tasks: tasks:
- name: "Test: file /etc/hosts"
block:
- name: "Stat file /etc/hosts"
ansible.builtin.stat:
path: "/etc/hosts"
register: stat_etc_hosts
- name: "Verify file /etc/hosts"
ansible.builtin.assert:
that:
- stat_etc_hosts.stat.exists
- stat_etc_hosts.stat.isreg
- stat_etc_hosts.stat.pw_name == 'root'
- stat_etc_hosts.stat.gr_name == 'root'
- name: "Test: ubuntu user and group" - name: "Test: ubuntu user and group"
block: block:
- name: "Getent user ansible" - name: "Getent user ansible"
@ -48,13 +34,11 @@
ansible.builtin.stat: ansible.builtin.stat:
path: "/etc/sudoers.d/ubuntu" path: "/etc/sudoers.d/ubuntu"
register: stat_etc_sudoers_d_ubuntu register: stat_etc_sudoers_d_ubuntu
become: true
- name: "Slurp file /etc/sudoers.d/ubuntu" - name: "Slurp file /etc/sudoers.d/ubuntu"
ansible.builtin.slurp: ansible.builtin.slurp:
src: "/etc/sudoers.d/ubuntu" src: "/etc/sudoers.d/ubuntu"
register: slurp_etc_sudoers_d_ubuntu register: slurp_etc_sudoers_d_ubuntu
become: true
- name: "Verify file /etc/sudoers.d/ubuntu" - name: "Verify file /etc/sudoers.d/ubuntu"
ansible.builtin.assert: ansible.builtin.assert:
@ -72,13 +56,11 @@
ansible.builtin.stat: ansible.builtin.stat:
path: "/home/ubuntu/.ssh/authorized_keys" path: "/home/ubuntu/.ssh/authorized_keys"
register: stat_home_ubuntu_ssh_authorized_keys register: stat_home_ubuntu_ssh_authorized_keys
become: true
- name: "Slurp file /home/ubuntu/.ssh/authorized_keys" - name: "Slurp file /home/ubuntu/.ssh/authorized_keys"
ansible.builtin.slurp: ansible.builtin.slurp:
src: "/home/ubuntu/.ssh/authorized_keys" src: "/home/ubuntu/.ssh/authorized_keys"
register: slurp_home_ubuntu_ssh_authorized_keys register: slurp_home_ubuntu_ssh_authorized_keys
become: true
- name: "Verify file /home/ubuntu/.ssh/authorized_keys" - name: "Verify file /home/ubuntu/.ssh/authorized_keys"
ansible.builtin.assert: ansible.builtin.assert:

1
molecule/with_ssh_keys_vagrant/converge.yml
View File

@ -1,6 +1,7 @@
--- ---
- name: Converge - name: Converge
hosts: all hosts: all
become: true
tasks: tasks:
- name: "Include ednxzu.provision_management_user" - name: "Include ednxzu.provision_management_user"
ansible.builtin.include_role: ansible.builtin.include_role:

24
molecule/with_ssh_keys_vagrant/verify.yml
View File

@ -2,26 +2,8 @@
- name: Verify - name: Verify
hosts: all hosts: all
gather_facts: true gather_facts: true
become: true
tasks: tasks:
- name: "Test: file /etc/hosts"
block:
- name: "Stat file /etc/hosts"
ansible.builtin.stat:
path: "/etc/hosts"
register: stat_etc_hosts
- name: "Verify file /etc/hosts"
vars:
etc_hosts_group:
ubuntu: "adm"
debian: "root"
ansible.builtin.assert:
that:
- stat_etc_hosts.stat.exists
- stat_etc_hosts.stat.isreg
- stat_etc_hosts.stat.pw_name == 'root'
- stat_etc_hosts.stat.gr_name == etc_hosts_group[(ansible_distribution|lower)]
- name: "Test: ubuntu user and group" - name: "Test: ubuntu user and group"
block: block:
- name: "Getent user ansible" - name: "Getent user ansible"
@ -52,13 +34,11 @@
ansible.builtin.stat: ansible.builtin.stat:
path: "/etc/sudoers.d/ubuntu" path: "/etc/sudoers.d/ubuntu"
register: stat_etc_sudoers_d_ubuntu register: stat_etc_sudoers_d_ubuntu
become: true
- name: "Slurp file /etc/sudoers.d/ubuntu" - name: "Slurp file /etc/sudoers.d/ubuntu"
ansible.builtin.slurp: ansible.builtin.slurp:
src: "/etc/sudoers.d/ubuntu" src: "/etc/sudoers.d/ubuntu"
register: slurp_etc_sudoers_d_ubuntu register: slurp_etc_sudoers_d_ubuntu
become: true
- name: "Verify file /etc/sudoers.d/ubuntu" - name: "Verify file /etc/sudoers.d/ubuntu"
ansible.builtin.assert: ansible.builtin.assert:
@ -76,13 +56,11 @@
ansible.builtin.stat: ansible.builtin.stat:
path: "/home/ubuntu/.ssh/authorized_keys" path: "/home/ubuntu/.ssh/authorized_keys"
register: stat_home_ubuntu_ssh_authorized_keys register: stat_home_ubuntu_ssh_authorized_keys
become: true
- name: "Slurp file /home/ubuntu/.ssh/authorized_keys" - name: "Slurp file /home/ubuntu/.ssh/authorized_keys"
ansible.builtin.slurp: ansible.builtin.slurp:
src: "/home/ubuntu/.ssh/authorized_keys" src: "/home/ubuntu/.ssh/authorized_keys"
register: slurp_home_ubuntu_ssh_authorized_keys register: slurp_home_ubuntu_ssh_authorized_keys
become: true
- name: "Verify file /home/ubuntu/.ssh/authorized_keys" - name: "Verify file /home/ubuntu/.ssh/authorized_keys"
ansible.builtin.assert: ansible.builtin.assert:

2
tasks/add_ssh_keys.yml
View File

@ -7,4 +7,4 @@
comment: "{{ provision_management_user_name }}@{{ ansible_hostname }}" comment: "{{ provision_management_user_name }}@{{ ansible_hostname }}"
key_options: "{{ provision_management_user_ssh_key_options }}" key_options: "{{ provision_management_user_ssh_key_options }}"
exclusive: "{{ provision_management_user_ssh_key_exclusive }}" exclusive: "{{ provision_management_user_ssh_key_exclusive }}"
become: true

4
tasks/configure_host.yml
View File

@ -10,7 +10,7 @@
notify: notify:
- systemctl-restart-sshd - systemctl-restart-sshd
when: provision_management_user_disable_root_password_auth when: provision_management_user_disable_root_password_auth
become: true
- name: "Lock root authentication" - name: "Lock root authentication"
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
@ -22,4 +22,4 @@
notify: notify:
- systemctl-restart-sshd - systemctl-restart-sshd
when: provision_management_user_disable_root_login when: provision_management_user_disable_root_login
become: true

6
tasks/create_user.yml
View File

@ -5,7 +5,7 @@
name: "{{ provision_management_user_group }}" name: "{{ provision_management_user_group }}"
state: present state: present
system: "{{ provision_management_user_is_system }}" system: "{{ provision_management_user_is_system }}"
become: true
- name: "Create user {{ provision_management_user_name }}" - name: "Create user {{ provision_management_user_name }}"
ansible.builtin.user: ansible.builtin.user:
@ -17,7 +17,7 @@
shell: "{{ provision_management_user_shell }}" shell: "{{ provision_management_user_shell }}"
system: "{{ provision_management_user_is_system }}" system: "{{ provision_management_user_is_system }}"
create_home: true create_home: true
become: true
- name: "Add user to sudoers" - name: "Add user to sudoers"
community.general.sudoers: community.general.sudoers:
@ -27,4 +27,4 @@
nopassword: true nopassword: true
setenv: true setenv: true
when: provision_management_user_sudoer when: provision_management_user_sudoer
become: true