From 77269a2c3fd4cbffa9e1568e70d019049f2ad589 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Fri, 18 Jan 2019 09:30:42 -0500 Subject: [PATCH 1/3] Fixed problem with ssh keys ssh key variable is a list of keys, not a single key. Use a loop and the authorized keys module to fix this. --- roles/accounts/tasks/main.yml | 31 ++++++------------------------- roles/accounts/tasks/user.yml | 22 ++++++++++++++++++++++ 2 files changed, 28 insertions(+), 25 deletions(-) create mode 100644 roles/accounts/tasks/user.yml diff --git a/roles/accounts/tasks/main.yml b/roles/accounts/tasks/main.yml index 27b4b90..0524374 100644 --- a/roles/accounts/tasks/main.yml +++ b/roles/accounts/tasks/main.yml @@ -1,26 +1,7 @@ --- -- name: Create admins accounts - user: - state: present - name: '{{ item.value.name }}' - uid: '{{ item.value.uid }}' - password: '{{ item.value.password_hash_openbsd }}' - groups: wheel - shell: /bin/ksh - append: yes - with_dict: - "{{ evolix_users }}" - tags: - - admin - -- name: Add admins ssh keys - lineinfile: - state: present - dest: '/home/{{ item.value.name }}/.ssh/authorized_keys' - line: '{{ item.value.ssh_keys }}' - create: yes - with_dict: - "{{ evolix_users }}" - tags: - - admin - +- name: Create user accounts + include: user.yml + vars: + user: "{{ item.value }}" + with_dict: "{{ evolinux_users }}" + when: evolinux_users != {} \ No newline at end of file diff --git a/roles/accounts/tasks/user.yml b/roles/accounts/tasks/user.yml new file mode 100644 index 0000000..c3538d6 --- /dev/null +++ b/roles/accounts/tasks/user.yml @@ -0,0 +1,22 @@ +--- +- name: "User '{{ user.name }}' is present" + user: + state: present + name: '{{ user.name }}' + uid: '{{ user.uid }}' + password: '{{ user.password_hash_openbsd }}' + groups: wheel + shell: /bin/ksh + append: yes + tags: + - admin + +- name: "SSH public keys for '{{ user.name }}' are present" + authorized_key: + user: "{{ user.name }}" + key: "{{ ssk_key }}" + state: present + with_items: "{{ user.ssh_keys }}" + loop_control: + loop_var: ssk_key + when: user.ssh_keys is defined \ No newline at end of file From 846e9aba0ee2920d7ca6510287913b0f0de06336 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Fri, 18 Jan 2019 15:05:37 -0500 Subject: [PATCH 2/3] Adds admin tag back to ssh-key task --- roles/accounts/tasks/user.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/accounts/tasks/user.yml b/roles/accounts/tasks/user.yml index c3538d6..109c8a5 100644 --- a/roles/accounts/tasks/user.yml +++ b/roles/accounts/tasks/user.yml @@ -19,4 +19,6 @@ with_items: "{{ user.ssh_keys }}" loop_control: loop_var: ssk_key - when: user.ssh_keys is defined \ No newline at end of file + when: user.ssh_keys is defined + tags: + - admin \ No newline at end of file From 3ce0addd593ec832264d2fd5616848aa8c5ccc89 Mon Sep 17 00:00:00 2001 From: Tristan PILAT Date: Tue, 22 Jan 2019 10:31:29 +0100 Subject: [PATCH 3/3] Fix daily.local file permissions --- roles/base/tasks/evobackup.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/base/tasks/evobackup.yml b/roles/base/tasks/evobackup.yml index 3ac7b05..669c86f 100644 --- a/roles/base/tasks/evobackup.yml +++ b/roles/base/tasks/evobackup.yml @@ -15,6 +15,6 @@ path: /etc/daily.local line: '#sh /usr/share/scripts/zzz_evobackup' owner: root - mode: "0700" + mode: "0644" tags: - evobackup