From e825e39cb75c016ea13c0115168063153da1c442 Mon Sep 17 00:00:00 2001 From: discopatrick Date: Sat, 11 Feb 2017 13:46:46 +0000 Subject: [PATCH] more refactoring of remote-admin-user playbook --- group_vars/all.yml | 1 + group_vars/development.yml | 4 ---- group_vars/staging.yml | 4 +++- remote-admin-user.yml | 11 +++-------- roles/admin_user/defaults/main.yml | 5 +++++ roles/admin_user/tasks/main.yml | 12 ++++++------ roles/remote_user_test/tasks/main.yml | 6 +++++- 7 files changed, 23 insertions(+), 20 deletions(-) create mode 100644 group_vars/all.yml create mode 100644 roles/admin_user/defaults/main.yml diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1 @@ +--- diff --git a/group_vars/development.yml b/group_vars/development.yml index 4f0a714..ed97d53 100644 --- a/group_vars/development.yml +++ b/group_vars/development.yml @@ -1,5 +1 @@ --- - -# this actually gets overriden by ansible_ssh_user in the inventory, -# but should be defined here regardless, to avoid an undefined variable error -my_remote_user: vagrant diff --git a/group_vars/staging.yml b/group_vars/staging.yml index cf47f33..234f534 100644 --- a/group_vars/staging.yml +++ b/group_vars/staging.yml @@ -1,3 +1,5 @@ --- -my_remote_user: admin +admin_user: + name: admin + group: admin diff --git a/remote-admin-user.yml b/remote-admin-user.yml index 2efd32a..ff977ba 100644 --- a/remote-admin-user.yml +++ b/remote-admin-user.yml @@ -2,19 +2,14 @@ - name: create an admin user (i.e. a non-root sudoer) hosts: all:!development # development machines on vagrant already have a sudoer - remote_user: root # Digital Ocean machines are provided with a root user by default + remote_user: root # Digital Ocean machines are provided with a root user by default, so we use this user to create our admin user. roles: - admin_user - name: test the admin user hosts: staging - remote_user: admin - - pre_tasks: - - debug: - var: my_remote_user + remote_user: "{{ admin_user.name }}" roles: - # - { role: admin_user, when: "'development' not in group_names" } - - { role: remote_user_test, tags: ['remote_user_test'] } + - remote_user_test diff --git a/roles/admin_user/defaults/main.yml b/roles/admin_user/defaults/main.yml new file mode 100644 index 0000000..234f534 --- /dev/null +++ b/roles/admin_user/defaults/main.yml @@ -0,0 +1,5 @@ +--- + +admin_user: + name: admin + group: admin diff --git a/roles/admin_user/tasks/main.yml b/roles/admin_user/tasks/main.yml index 379e72f..be4fdf7 100644 --- a/roles/admin_user/tasks/main.yml +++ b/roles/admin_user/tasks/main.yml @@ -2,23 +2,23 @@ - name: create admin group group: - name: admin + name: "{{ admin_user.group }}" - name: Allow admin group to have passwordless sudo lineinfile: dest: /etc/sudoers state: present - regexp: '^%admin' - line: '%admin ALL=(ALL) NOPASSWD: ALL' + regexp: '^%{{ admin_user.group }}' + line: '%{{ admin_user.group }} ALL=(ALL) NOPASSWD: ALL' - name: create admin user in admin group user: - name: admin - groups: admin + name: "{{ admin_user.name }}" + groups: "{{ admin_user.group }}" append: yes shell: /bin/bash - name: add ssh public key for admin user authorized_key: - user: admin + user: "{{ admin_user.name }}" key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" diff --git a/roles/remote_user_test/tasks/main.yml b/roles/remote_user_test/tasks/main.yml index acb78f0..f763ad5 100644 --- a/roles/remote_user_test/tasks/main.yml +++ b/roles/remote_user_test/tasks/main.yml @@ -12,6 +12,10 @@ debug: msg: "user: {{ user_name.stdout }} --- home: {{ user_home.stdout }}" -- name: test sudo pwd +- name: test sudo on the pwd command become: yes command: pwd + register: sudo_result + +- debug: + var: sudo_result.stdout