Management user

A role for managing a management user.

Requirements

• Hosts should be bootstrapped for ansible usage (have python,...)
• Root privileges, eg become: yes
• useradd, userdel and usermod should be available on the host
• sudo should be available (attention: this role will enable sudoers.d if not enabled)

Role Variables

Variable	Description	Default value
management_user_list	List of management users	[ management_user_settings ]
management_user_list_host	List of management users	[]
management_user_list_group	List of management users	[]
management_user_settings	Default Settings for the management user (see details!)	see details
management_user_key	SSH key for the default user settings	~/.ssh/id_rsa.pub

management_user_list, _list_host and _list_group are merged when managing the users. You can use the host and group lists to specify users per host or group off hosts.

management_user_settings details

By default a user with following data will be created;

management_user_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

management_user_settings:
  name: management
  comment: Ansible
  shell: '/bin/bash'
  authorized_keys:
    - key: "{{ management_user_key }}"
      exclusive: yes
  sudo:
    hosts: ALL
    as: ALL
    commands: ALL
    nopasswd: yes

When using the default settings, the ssh key can be overridden using the management_user_key variable.

It is however recomended to use your own custom user settings. More information about the available attributes can be found in the documentation of the GROG user, authorized-key and sudo roles.

Dependencies

• GROG.user
• GROG.authorized-key
• GROG.sudo

Example Playbook

---
- hosts: all
  roles:
  - { role: GROG.management-user, become: yes }

Contributing

All assistance, changes or ideas welcome!

Author

By G. Roggemans

License

MIT