ansible-roles/webapps/evoadmin-web/tasks/user.yml

---

- name: Create evoadmin account
  user:
    name: evoadmin
    comment: "Evoadmin Web Account"
    home: "{{ evoadmin_home_dir}}"
    password: "!"

- name: Create www-evoadmin group
  group:
    name: www-evoadmin
    state: present

- name: "Create www-evoadmin and add to group shadow (jessie)"
  user:
    name: www-evoadmin
    groups: shadow
    append: yes
  when: ansible_distribution_release == "jessie"

- name: "Create www-evoadmin (Debian 9 or later)"
  user:
    name: www-evoadmin
  when: ansible_distribution_major_version | version_compare('9', '>=')

- name: Git is needed to clone the evoadmin repository
  apt:
    name: git
    state: present

- name: "Clone evoadmin repository (jessie)"
  git:
    repo: https://forge.evolix.org/evoadmin-web.git
    dest: "{{ evoadmin_document_root}}"
    version: jessie
    update: no
  when: ansible_distribution_release == "jessie"

- name: "Clone evoadmin repository (Debian 9 or later)"
  git:
    repo: https://forge.evolix.org/evoadmin-web.git
    dest: "{{ evoadmin_document_root}}"
    version: master
    update: yes
  when: ansible_distribution_major_version | version_compare('9', '>=')

- name: Change ownership on git repository
  file:
    dest: "{{ evoadmin_document_root}}"
    owner: "{{ evoadmin_username }}"
    group: "{{ evoadmin_username }}"
    recurse: yes

- include_role:
    name: remount-usr
  when: evoadmin_scripts_dir | search ("/usr")

- name: "Create {{ evoadmin_scripts_dir }}"
  file:
    dest: "{{ evoadmin_scripts_dir }}"
    # recurse: yes
    mode: "0700"
    state: directory

- name: Install scripts like web-add.sh
  shell: "cp {{ evoadmin_document_root}}/scripts/* {{ evoadmin_scripts_dir }}/"
  args:
    creates: "{{ evoadmin_scripts_dir }}/web-add.sh"

# we use a shell command to have a "changed" thet really reflects the result.
- name: Fix permissions
  command: "chmod -R --verbose u=rwX,g=rX,o= {{ evoadmin_document_root }}"
  register: command_result
  changed_when: "'changed' in command_result.stdout"
  # failed_when: False
  args:
    warn: no

- name: Add evoadmin sudoers file
  template:
    src: sudoers.j2
    dest: /etc/sudoers.d/evoadmin
    mode: "0600"
    validate: "visudo -cf %s"
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`---`

			`- name: Create evoadmin account`
			`user:`
			`name: evoadmin`
			`comment: "Evoadmin Web Account"`
			`home: "{{ evoadmin_home_dir}}"`
			`password: "!"`

			`- name: Create www-evoadmin group`
			`group:`
			`name: www-evoadmin`
			`state: present`

we need www-evoadmin user in Debian 9 2017-09-18 22:36:14 +02:00			`- name: "Create www-evoadmin and add to group shadow (jessie)"`
			`user:`
			`name: www-evoadmin`
			`groups: shadow`
			`append: yes`
			`when: ansible_distribution_release == "jessie"`

			`- name: "Create www-evoadmin (Debian 9 or later)"`
			`user:`
			`name: www-evoadmin`
			`when: ansible_distribution_major_version \| version_compare('9', '>=')`

evoadmin-web: clarify ansible code 2017-10-07 23:04:47 +02:00			`- name: Git is needed to clone the evoadmin repository`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`apt:`
			`name: git`
			`state: present`

we don't need anymore shadow group in Debian 9 or later 2017-09-08 04:03:04 +02:00			`- name: "Clone evoadmin repository (jessie)"`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`git:`
			`repo: https://forge.evolix.org/evoadmin-web.git`
			`dest: "{{ evoadmin_document_root}}"`
First step to use new evoadmin / FPM 2017-08-23 04:28:21 +02:00			`version: jessie`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`update: no`
First step to use new evoadmin / FPM 2017-08-23 04:28:21 +02:00			`when: ansible_distribution_release == "jessie"`

we don't need anymore shadow group in Debian 9 or later 2017-09-08 04:03:04 +02:00			`- name: "Clone evoadmin repository (Debian 9 or later)"`
First step to use new evoadmin / FPM 2017-08-23 04:28:21 +02:00			`git:`
			`repo: https://forge.evolix.org/evoadmin-web.git`
			`dest: "{{ evoadmin_document_root}}"`
			`version: master`
			`update: yes`
			`when: ansible_distribution_major_version \| version_compare('9', '>=')`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00
evoadmin-web: stay privileged Becoming an unprivilegied user is problemetic for Ansible. We continue being root, but change the permissions on created files. 2017-10-07 21:48:00 +02:00			`- name: Change ownership on git repository`
			`file:`
			`dest: "{{ evoadmin_document_root}}"`
			`owner: "{{ evoadmin_username }}"`
evoadmin-web: document root should belong to group too 2017-10-07 23:05:20 +02:00			`group: "{{ evoadmin_username }}"`
evoadmin-web: stay privileged Becoming an unprivilegied user is problemetic for Ansible. We continue being root, but change the permissions on created files. 2017-10-07 21:48:00 +02:00			`recurse: yes`

Move /usr rw remount into remount-usr role 2017-11-07 12:18:02 +01:00			`- include_role:`
			`name: remount-usr`
Remount /usr rw before writing on it 2017-08-03 22:15:27 +02:00			`when: evoadmin_scripts_dir \| search ("/usr")`

evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`- name: "Create {{ evoadmin_scripts_dir }}"`
			`file:`
			`dest: "{{ evoadmin_scripts_dir }}"`
			`# recurse: yes`
			`mode: "0700"`
			`state: directory`

			`- name: Install scripts like web-add.sh`
			`shell: "cp {{ evoadmin_document_root}}/scripts/* {{ evoadmin_scripts_dir }}/"`
			`args:`
			`creates: "{{ evoadmin_scripts_dir }}/web-add.sh"`

			`# we use a shell command to have a "changed" thet really reflects the result.`
			`- name: Fix permissions`
evoadmin-web: clarify ansible code 2017-10-07 23:04:47 +02:00			`command: "chmod -R --verbose u=rwX,g=rX,o= {{ evoadmin_document_root }}"`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`register: command_result`
			`changed_when: "'changed' in command_result.stdout"`
packweb/evoadmin: cleanup * extracted tasks * more variables * more templates * less bugs 2017-07-03 18:23:39 +02:00			`# failed_when: False`
evoadmin-web: clarify ansible code 2017-10-07 23:04:47 +02:00			`args:`
			`warn: no`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00
			`- name: Add evoadmin sudoers file`
			`template:`
			`src: sudoers.j2`
			`dest: /etc/sudoers.d/evoadmin`
			`mode: "0600"`
			`validate: "visudo -cf %s"`