Skip to content
Snippets Groups Projects
Select Git revision
  • d4aa54c64eac97482848395d729621255a427227
  • master default protected
2 results

create_users_groups.yml

Blame
  • create_users_groups.yml 2.87 KiB
    ---
    - name: create sysadmin groups
      ansible.builtin.group:
        name: "{{ item.name }}"
        state: "{{ item.state | default('present') }}"
        system: "{{ item.system | default('false') }}"
      loop: "{{ vault_groups | flatten(levels=1) }}"
    
    - name: create individual primary user group (HUMAN USERS)
      ansible.builtin.group:
        name: "{{ item.key }}"
        state: "{{ item.value.state }}"
        gid: "{{ item.value.uid }}"
      loop: "{{ human_users | dict2items }}"
      when: ( item.value.state == "present" )
    
    - name: create individual primary user group (ROBOT USERS)
      ansible.builtin.group:
        name: "{{ item.key }}"
        state: "{{ item.value.state }}"
        gid: "{{ item.value.uid }}"
      loop: "{{ robot_users | dict2items }}"
      when: ( item.value.state == "present" )
    
    # do NOT run this before skel configuration has been rolled out!
    - name: create HUMAN users
      ansible.builtin.user:
        comment: "{{ item.value.comment }}"
        create_home: true
        group: "{{ item.key }}"
        groups: "{{ item.value.groups }}"
        home: "/home/{{ item.key }}/"
        name: "{{ item.key }}"
        password: "{{ item.value.password }}"
        shell: "{{ item.value.shell | default('/bin/bash') }}"
        state: "{{ item.value.state | default('present') }}"
        uid: "{{ item.value.uid }}"
        update_password: on_create
      loop: "{{ human_users | dict2items }}"
      when:
        - item.value.state == "present"
        - item.key != ansible_user        # we cannot modify the user that is used to make the connection, because the Python process uses it
      no_log: true
    
    - name: lock HUMAN users
      ansible.builtin.user:
        name: "{{ item.key }}"
        password_lock: "{{ item.value.password_lock }}"
      loop: "{{ human_users | dict2items }}"
      when:
        - item.value.state == "present"
        - item.key != ansible_user        # we cannot modify the user that is used to make the connection, because the Python process uses it
    
    - name: create ROBOT users
      ansible.builtin.user:
        comment: "{{ item.value.comment }}"
        create_home: true
        group: "{{ item.key }}"
        groups: "{{ item.value.groups }}"
        home: "/home/{{ item.key }}/"
        name: "{{ item.key }}"
        password: "{{ item.value.password }}"
        shell: "{{ item.value.shell | default('/bin/bash') }}"
        state: "{{ item.value.state | default('present') }}"
        uid: "{{ item.value.uid }}"
        update_password: on_create
      loop: "{{ robot_users | dict2items }}"
      when:
        - item.value.state == "present"
        - item.key != ansible_user        # we cannot modify the user that is used to make the connection, because the Python process uses it