Skip to content
Snippets Groups Projects
Commit 274cb2b4 authored by Jörg Sachse's avatar Jörg Sachse
Browse files

fix: only add SSH keys when they are due to be added, don't ignore errors, use...

fix: only add SSH keys when they are due to be added, don't ignore errors, use FQCMs, convert 'with_dict' to 'loop', correct typo for var name
parent 29a87517
No related branches found
No related tags found
No related merge requests found
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
key: "{{ item.value.ssh_key_current | default('') }}" key: "{{ item.value.ssh_key_current | default('') }}"
state: present state: present
with_dict: "{{ human_users }}" with_dict: "{{ human_users }}"
ignore_errors: "yes" when: item.value.state != "absent"
- name: gültige SSH-Keys für Public-Key Authentication einspielen (ROBOT_USERS) - name: gültige SSH-Keys für Public-Key Authentication einspielen (ROBOT_USERS)
authorized_key: authorized_key:
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
key: "{{ item.value.ssh_key_current | default('') }}" key: "{{ item.value.ssh_key_current | default('') }}"
state: present state: present
with_dict: "{{ robot_users }}" with_dict: "{{ robot_users }}"
ignore_errors: "yes" when: item.value.state != "absent"
- name: alle gültigen SSH-Keys zum Installationsuser hinzufügen - name: alle gültigen SSH-Keys zum Installationsuser hinzufügen
authorized_key: authorized_key:
...@@ -24,4 +24,4 @@ ...@@ -24,4 +24,4 @@
key: "{{ item.value.ssh_key_current | default('') }}" key: "{{ item.value.ssh_key_current | default('') }}"
state: present state: present
with_dict: "{{ human_users }}" with_dict: "{{ human_users }}"
ignore_errors: "yes" when: item.value.state != "absent"
--- ---
- name: SSH-Keys gelöschter Benutzer entfernen (HUMAN USERS) - name: SSH-Keys gelöschter Benutzer entfernen (HUMAN USERS)
authorized_key: ansible.posix.authorized_key:
user: "{{ item.key }}" user: "{{ item.key }}"
key: "{{ item.value.ssh_key_current }}" key: "{{ item.value.ssh_key_current }}"
state: absent state: absent
with_dict: "{{ human_users | combine(robot_users) }}" loop: "{{ human_users | combine(robot_users) | dict2items }}"
when: when:
- item.value.state == "absent" - item.value.state == "absent"
- not item.value.ssh_key_current - item.value.ssh_key_current is not defined
ignore_errors: true
- name: alte/ungültige SSH-Keys für Public-Key Authentication entfernen (tut nur etwas, wenn in vars ssh_key_old und ssh_comment_old hinterlegt sind) - name: alte/ungültige SSH-Keys für Public-Key Authentication entfernen (tut nur etwas, wenn in vars ssh_key_old UND ssh_comment_old hinterlegt sind)
authorized_key: ansible.posix.authorized_key:
user: "{{ item.key }}" user: "{{ item.key }}"
key: "{{ item.value.ssh_key_old }}" key: "{{ item.value.ssh_key_old }}"
comment: "{{ item.vaule.ssh_comment_old }}" comment: "{{ item.value.ssh_comment_old }}"
state: absent state: absent
with_dict: "{{ human_users | combine(robot_users) }}" loop: "{{ human_users | combine(robot_users) | dict2items }}"
when: when:
- not item.value.ssh_key_old - item.value.ssh_key_old is defined
- not item.vaule.ssh_comment_old - item.value.ssh_comment_old is defined
ignore_errors: true - item.value.ssh_key_old != item.value.ssh_key_current
- name: alle ungültigen SSH-Keys vom Installationsuser entfernen - name: alle ungültigen SSH-Keys vom Installationsuser entfernen
authorized_key: ansible.posix.authorized_key:
user: "{{ vault_install_username }}" user: "{{ vault_install_username }}"
key: "{{ item.value.ssh_key_current }}" key: "{{ item.value.ssh_key_current }}"
state: absent state: absent
with_dict: "{{ human_users }}" loop: "{{ human_users | dict2items }}"
when: ( item.value.state == "absent" ) when: ( item.value.state == "absent" )
ignore_errors: true
# - name: debug
# debug:
# msg: "{{ item.value.state }}"
# with_dict: "{{ human_users }}"
# tags: [ssh]
- name: delete HUMAN users - name: delete HUMAN users
user: ansible.builtin.user:
name: "{{ item.key }}" name: "{{ item.key }}"
state: "{{ item.value.state }}" state: "{{ item.value.state }}"
remove: true remove: true
with_dict: "{{ human_users }}" loop: "{{ human_users | dict2items }}"
when: ( item.value.state == "absent" ) when: ( item.value.state == "absent" )
ignore_errors: "yes"
- name: delete individual primary user group (HUMAN USERS) - name: delete individual primary user group (HUMAN USERS)
group: ansible.builtin.group:
name: "{{ item.key }}" name: "{{ item.key }}"
state: "{{ item.value.state }}" state: "{{ item.value.state }}"
with_dict: "{{ human_users }}" loop: "{{ human_users | dict2items }}"
when: ( item.value.state == "absent" ) when: ( item.value.state == "absent" )
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment