ansible-roles/tomcat-instance/tasks/user.yml

---

- fail:
    msg: "You must provide a value for the 'tomcat_instance_port' variable."
  when: tomcat_instance_port is not defined or tomcat_instance_port | length == 0


- name: "Test if uid '{{ tomcat_instance_port }}' exists"
  command: 'id -un -- "{{ tomcat_instance_port }}"'
  register: get_login_from_id
  failed_when: False
  changed_when: False
  check_mode: no

- name: "Fail if uid already exists for another user"
  fail:
    msg: "Uid '{{ tomcat_instance_port }}' is already used by '{{ get_login_from_id.stdout }}'. You must change uid for '{{ tomcat_instance_name }}'"
  when:
    - get_login_from_id.rc == 0
    - get_login_from_id.stdout != tomcat_instance_name

- name: Create group instance
  group:
    name: "{{ tomcat_instance_name }}"
    gid: "{{ tomcat_instance_port }}"

- name: Create user instance
  user:
    name: "{{ tomcat_instance_name }}"
    group: "{{ tomcat_instance_name }}"
    uid: "{{ tomcat_instance_port }}"
    home: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}"
    shell: '/bin/bash'
    createhome: no

- name: Create home dir
  file:
    path: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}"
    state: directory
    owner: "{{ tomcat_instance_name }}"
    group: "{{ tomcat_instance_name }}"
    mode: "u=rwx,g=rwxs,o="

- name: Is /etc/aliases present?
  stat:
    path: /etc/aliases
  register: etc_aliases

- name: Set mail alias for user
  lineinfile:
    dest: '/etc/aliases'
    state: present
    line: "{{ tomcat_instance_name }}: {{ tomcat_instance_mail }}"
    regexp: "{{ tomcat_instance_name }}:"
  when: etc_aliases.stat.exists and tomcat_instance_mail is defined
  register: tomcat_instance_mail_alias

- name: Run newaliases
  command: newaliases
  when: tomcat_instance_mail_alias is changed

- name: Enable sudo right
  lineinfile:
    dest: '/etc/sudoers.d/tomcat'
    state: present
    mode: "0440"
    create: yes
    line: "%{{ tomcat_instance_name }} ALL = ({{ tomcat_instance_name }}) SETENV: ALL"
    validate: 'visudo -cf %s'

- name: Enable sudo right for deploy user
  lineinfile:
    dest: '/etc/sudoers.d/tomcat'
    state: present
    mode: "0440"
    create: yes
    line: "{{ tomcat_instance_deploy_user }} ALL = ({{ tomcat_instance_name }}) NOPASSWD: SETENV: ALL"
    validate: 'visudo -cf %s'
  when: tomcat_instance_deploy_user is defined

- name: Enable sudo right for service management
  lineinfile:
    dest: '/etc/sudoers.d/tomcat'
    state: present
    mode: "0440"
    create: yes
    line: "%{{ tomcat_instance_name }} ALL = (root) NOPASSWD: {{ item }}"
    validate: 'visudo -cf %s'
  loop:
    - "/bin/systemctl start tomcat@{{ tomcat_instance_name }}.service"
    - "/bin/systemctl stop tomcat@{{ tomcat_instance_name }}.service"
    - "/bin/systemctl status tomcat@{{ tomcat_instance_name }}.service"
    - "/bin/systemctl status -l tomcat@{{ tomcat_instance_name }}.service"
    - "/bin/systemctl enable tomcat@{{ tomcat_instance_name }}.service"
    - "/bin/systemctl disable tomcat@{{ tomcat_instance_name }}.service"

- name: Enable sudo right for deploy user for service management
  lineinfile:
    dest: '/etc/sudoers.d/tomcat'
    state: present
    mode: "0440"
    create: yes
    line: "{{ tomcat_instance_deploy_user }} ALL = (root) NOPASSWD: {{ item }}"
    validate: 'visudo -cf %s'
  when: tomcat_instance_deploy_user is defined
  loop:
    - "/bin/systemctl start tomcat@{{ tomcat_instance_name }}.service"
    - "/bin/systemctl stop tomcat@{{ tomcat_instance_name }}.service"
    - "/bin/systemctl status tomcat@{{ tomcat_instance_name }}.service"
    - "/bin/systemctl status -l tomcat@{{ tomcat_instance_name }}.service"
    - "/bin/systemctl enable tomcat@{{ tomcat_instance_name }}.service"
    - "/bin/systemctl disable tomcat@{{ tomcat_instance_name }}.service"