Skip to content

Commit

Permalink
more refactoring of remote-admin-user playbook
Browse files Browse the repository at this point in the history
  • Loading branch information
@discopatrick
discopatrick committed Feb 11, 2017
1 parent 6918f45 commit e825e39
Show file tree
Hide file tree
Showing 7 changed files with 23 additions and 20 deletions.
1 change: 1 addition & 0 deletions group_vars/all.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
---
4 changes: 0 additions & 4 deletions group_vars/development.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1 @@
---

# this actually gets overriden by ansible_ssh_user in the inventory,
# but should be defined here regardless, to avoid an undefined variable error
my_remote_user: vagrant
4 changes: 3 additions & 1 deletion group_vars/staging.yml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
---

my_remote_user: admin
admin_user:
name: admin
group: admin
11 changes: 3 additions & 8 deletions remote-admin-user.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,14 @@

- name: create an admin user (i.e. a non-root sudoer)
hosts: all:!development # development machines on vagrant already have a sudoer
remote_user: root # Digital Ocean machines are provided with a root user by default
remote_user: root # Digital Ocean machines are provided with a root user by default, so we use this user to create our admin user.

roles:
- admin_user

- name: test the admin user
hosts: staging
remote_user: admin

pre_tasks:
- debug:
var: my_remote_user
remote_user: "{{ admin_user.name }}"

roles:
# - { role: admin_user, when: "'development' not in group_names" }
- { role: remote_user_test, tags: ['remote_user_test'] }
- remote_user_test
5 changes: 5 additions & 0 deletions roles/admin_user/defaults/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---

admin_user:
name: admin
group: admin
12 changes: 6 additions & 6 deletions roles/admin_user/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,23 @@

- name: create admin group
group:
name: admin
name: "{{ admin_user.group }}"

- name: Allow admin group to have passwordless sudo
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%admin'
line: '%admin ALL=(ALL) NOPASSWD: ALL'
regexp: '^%{{ admin_user.group }}'
line: '%{{ admin_user.group }} ALL=(ALL) NOPASSWD: ALL'

- name: create admin user in admin group
user:
name: admin
groups: admin
name: "{{ admin_user.name }}"
groups: "{{ admin_user.group }}"
append: yes
shell: /bin/bash

- name: add ssh public key for admin user
authorized_key:
user: admin
user: "{{ admin_user.name }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
6 changes: 5 additions & 1 deletion roles/remote_user_test/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@
debug:
msg: "user: {{ user_name.stdout }} --- home: {{ user_home.stdout }}"

- name: test sudo pwd
- name: test sudo on the pwd command
become: yes
command: pwd
register: sudo_result

- debug:
var: sudo_result.stdout

0 comments on commit e825e39

Please sign in to comment.