main.yml
1.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
---
- name: Playbook para agregar usuario ansible
hosts: "{{ target | default('all') }}" # todos los nodos a administrar
become: true
vars:
ansible_local_user: ansible
tasks:
- name: asegurarse que existe el grupo {{ ansible_local_user }}
group:
name: "{{ ansible_local_user }}"
state: present
system: yes
- name: add {{ ansible_local_user }} sudoers file
copy:
content: "%{{ ansible_local_user }} ALL=(ALL) NOPASSWD: ALL"
dest: /etc/sudoers.d/{{ ansible_local_user }}
validate: '/usr/sbin/visudo -cf %s'
mode: '0440'
- name: add user {{ ansible_local_user }}
user:
name: "{{ ansible_local_user }}"
group: "{{ ansible_local_user }}"
home: "/home/{{ ansible_local_user }}/"
shell: /bin/bash
state: present
expires: -1
system: yes
password: "$6$o1V2XCTCdSuzEgnN$Qphuv/imqP6ZlHEXX1uVVm.zqr/DS5XrtmyBfYG.XUFyrkWLcl9SPssUWAwQ5L.c49a5hJOugpBDanT/Rakv8."
notify:
- ansible password does not expires
- name: Set ssh keybase login
authorized_key:
user: "{{ ansible_local_user }}"
path: /home/{{ ansible_local_user }}/.ssh/authorized_keys
key: "{{ item }}"
with_file:
- id_rsa.pub
tags:
- ssh_keybase_login
handlers:
- name: ansible password does not expires
command: "chage -m -1 -M -1 -W -1 -E -1 {{ ansible_local_user }}"
...