Users
An Ansible role to create users, groups, email aliases, configure sudo and lock
down root account SSH access. The intended use case is to replace setting up
an LDAP or NIS server. The role also installs sudo and creates a sudoers group
that can use sudo with a password. A password is also set if provided. For
generating the password hash needed, under Debian run: echo MyPassword
| mkpasswd -m sha-512 -s
and under OpenBSD run: echo MyPassword |
encrypt
. If provided, email alias and SSH authorized keys are set. If
users_lock_root_ssh
is set to True
(by default it is) then SSH
root login is disabled. Another use case is to manage system users, for example
to disable the local root login add root to the users
variable with the
password *************
, setting an email address will also set mail
forwarding.
Requirements
See meta/main.yml
and assertions at the top of tasks/main.yml
.
Role Variables
See defaults/main.yml
.
Dependencies
See meta/main.yml
.
Example Playbook
See tests/playbook.yml
.
Testing
Testing requires Python 2.7, Vagrant and Virtualbox. Install the Python dependencies, dependent roles and roles required for testing:
pip install -r tests/requirements.txt
ansible-galaxy install git+file://$(pwd),$(git rev-parse --abbrev-ref HEAD) -p .molecule/roles
molecule dependency
To run the full test suite:
pre-commit run --all-files
molecule test --platform all
License
This software is licensed under the MIT license (see the LICENSE.txt
file).
Author Information
Nimrod Adar, contact me or visit my website. Patches are welcome via git send-email. The repository is located at: https://www.shore.co.il/git/.