silentworks · April 28, 2018 10:07
diff --git a/gistfile1.txt b/gistfile1.txt
 Put this in your `local-configure.yml` file, add as many users as you need:

    users:
      - name: fulvio
        sudoer: yes
        auth_key: ssh-rsa blahblahblahsomekey this is actually the public key in cleartext
      - name: plone_buildout
        group: plone_group
        sudoer: no
        auth_key: ssh-rsa blahblahblah ansible-generated on default
        keyfiles: keyfiles/plone_buildout

 In your playbook root folder, create a folder `keyfiles`.  In it, create a subfolder for 
 each username for which you want to copy keyfiles to the server.  Put the private and public key files,
 as well as any other files, such as `known_hosts` in the user subfolder.

 Add the follwing line in `playbook.yml` under `roles:` (e.g. right under `- role: ANXS.hostname`):

    - role: create_users

 Copy the gist file `main.yml` to `/roles/create_users/tasks`.

 Now run your playbook.
 That's it!
diff --git a/main.yml b/main.yml
 ---

 # vars:
 #   users:
 #     - name: steve
 #       sudoer: yes
 #       auth_key: ssh-rsa ...


 - name: Ensure plone_group
  group: name=plone_group

 # see http://docs.ansible.com/ansible/user_module.html
 - name: Add users
  user:
    name={{ item.name }}
    system={{ item.sudoer }}
    shell=/bin/bash
    append=yes
    groups={{ item.group  }}
    # this is just a default password, I think it's SHA512 for "changeme"
    password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0
    update_password=on_create
  when: item.group is defined
  with_items: users

 - name: Add users
  user:
    name={{ item.name }}
    system={{ item.sudoer }}
    shell=/bin/bash
    password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0
    update_password=on_create
  when: item.group is not defined
  with_items: users

 - name: Add .ssh directories
  file:
    path=/home/{{ item.name }}/.ssh
    state=directory
    mode=0700
    owner={{ item.name }}
    group={{ item.group|default(item.name)  }}
  with_items: users

 - name: Add keys
  lineinfile:
    dest=/home/{{ item.name }}/.ssh/authorized_keys
    state=present
    create=yes
    line="{{ item.auth_key }}"
    owner={{ item.name }}
    group={{ item.group|default(item.name)  }}
    mode=0644
  when: item.auth_key is defined
  with_items: users

 - name: Add to sudoers
  copy:
    dest: /etc/sudoers.d/{{ item.name }}
    content: |
             {{ item.name }}  ALL=(ALL) ALL
             {{ item.name }}  ALL=(plone_daemon, plone_buildout) NOPASSWD:ALL
             {{ item.name }}  ALL=(root) NOPASSWD:/usr/bin/supervisorctl
             #
  when: item.sudoer
  with_items: users

 - name: SSH keys
  copy:
    src={{ item.keyfiles }}/
    dest=/home/{{ item.name }}/.ssh/
    owner={{ item.name }}
    group={{ item.group|default(item.name) }}
    mode=0600
  when: item.keyfiles is defined
  with_items: users
	Put this in your `local-configure.yml` file, add as many users as you need:

	users:
	- name: fulvio
	sudoer: yes
	auth_key: ssh-rsa blahblahblahsomekey this is actually the public key in cleartext
	- name: plone_buildout
	group: plone_group
	sudoer: no
	auth_key: ssh-rsa blahblahblah ansible-generated on default
	keyfiles: keyfiles/plone_buildout

	In your playbook root folder, create a folder `keyfiles`. In it, create a subfolder for
	each username for which you want to copy keyfiles to the server. Put the private and public key files,
	as well as any other files, such as `known_hosts` in the user subfolder.

	Add the follwing line in `playbook.yml` under `roles:` (e.g. right under `- role: ANXS.hostname`):

	- role: create_users

	Copy the gist file `main.yml` to `/roles/create_users/tasks`.

	Now run your playbook.
	That's it!
	---

	# vars:
	# users:
	# - name: steve
	# sudoer: yes
	# auth_key: ssh-rsa ...


	- name: Ensure plone_group
	group: name=plone_group

	# see http://docs.ansible.com/ansible/user_module.html
	- name: Add users
	user:
	name={{ item.name }}
	system={{ item.sudoer }}
	shell=/bin/bash
	append=yes
	groups={{ item.group }}
	# this is just a default password, I think it's SHA512 for "changeme"
	password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0
	update_password=on_create
	when: item.group is defined
	with_items: users

	- name: Add users
	user:
	name={{ item.name }}
	system={{ item.sudoer }}
	shell=/bin/bash
	password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0
	update_password=on_create
	when: item.group is not defined
	with_items: users

	- name: Add .ssh directories
	file:
	path=/home/{{ item.name }}/.ssh
	state=directory
	mode=0700
	owner={{ item.name }}
	group={{ item.group\|default(item.name) }}
	with_items: users

	- name: Add keys
	lineinfile:
	dest=/home/{{ item.name }}/.ssh/authorized_keys
	state=present
	create=yes
	line="{{ item.auth_key }}"
	owner={{ item.name }}
	group={{ item.group\|default(item.name) }}
	mode=0644
	when: item.auth_key is defined
	with_items: users

	- name: Add to sudoers
	copy:
	dest: /etc/sudoers.d/{{ item.name }}
	content: \|
	{{ item.name }} ALL=(ALL) ALL
	{{ item.name }} ALL=(plone_daemon, plone_buildout) NOPASSWD:ALL
	{{ item.name }} ALL=(root) NOPASSWD:/usr/bin/supervisorctl
	#
	when: item.sudoer
	with_items: users

	- name: SSH keys
	copy:
	src={{ item.keyfiles }}/
	dest=/home/{{ item.name }}/.ssh/
	owner={{ item.name }}
	group={{ item.group\|default(item.name) }}
	mode=0600
	when: item.keyfiles is defined
	with_items: users