Select Git revision
create_users_groups.yml

Jörg Sachse authored
create_users_groups.yml 2.87 KiB
---
- name: create sysadmin groups
ansible.builtin.group:
name: "{{ item.name }}"
state: "{{ item.state | default('present') }}"
system: "{{ item.system | default('false') }}"
loop: "{{ vault_groups | flatten(levels=1) }}"
- name: create individual primary user group (HUMAN USERS)
ansible.builtin.group:
name: "{{ item.key }}"
state: "{{ item.value.state }}"
gid: "{{ item.value.uid }}"
loop: "{{ human_users | dict2items }}"
when: ( item.value.state == "present" )
- name: create individual primary user group (ROBOT USERS)
ansible.builtin.group:
name: "{{ item.key }}"
state: "{{ item.value.state }}"
gid: "{{ item.value.uid }}"
loop: "{{ robot_users | dict2items }}"
when: ( item.value.state == "present" )
# do NOT run this before skel configuration has been rolled out!
- name: create HUMAN users
ansible.builtin.user:
comment: "{{ item.value.comment }}"
create_home: true
group: "{{ item.key }}"
groups: "{{ item.value.groups }}"
home: "/home/{{ item.key }}/"
name: "{{ item.key }}"
password: "{{ item.value.password }}"
shell: "{{ item.value.shell | default('/bin/bash') }}"
state: "{{ item.value.state | default('present') }}"
uid: "{{ item.value.uid }}"
update_password: on_create
loop: "{{ human_users | dict2items }}"
when:
- item.value.state == "present"
- item.key != ansible_user # we cannot modify the user that is used to make the connection, because the Python process uses it
no_log: true
- name: lock HUMAN users
ansible.builtin.user:
name: "{{ item.key }}"
password_lock: "{{ item.value.password_lock }}"
loop: "{{ human_users | dict2items }}"
when:
- item.value.state == "present"
- item.key != ansible_user # we cannot modify the user that is used to make the connection, because the Python process uses it
- name: create ROBOT users
ansible.builtin.user:
comment: "{{ item.value.comment }}"
create_home: true
group: "{{ item.key }}"
groups: "{{ item.value.groups }}"
home: "/home/{{ item.key }}/"
name: "{{ item.key }}"
password: "{{ item.value.password }}"
shell: "{{ item.value.shell | default('/bin/bash') }}"
state: "{{ item.value.state | default('present') }}"
uid: "{{ item.value.uid }}"
update_password: on_create
loop: "{{ robot_users | dict2items }}"
when:
- item.value.state == "present"
- item.key != ansible_user # we cannot modify the user that is used to make the connection, because the Python process uses it