Skip to content
Snippets Groups Projects
Commit d2b99cde authored by Juraj Paluba's avatar Juraj Paluba Committed by Kamil Andoniadis
Browse files

Resolve "Extend functionality to remove users."

parent b42c7678
No related branches found
No related tags found
No related merge requests found
kypo_user_access_username:
kypo_user_access_ssh_public_key: '{{ hostvars["man"]["user_public_key_path"] }}'
kypo_user_access_username: user-access
# Remove kypo_user_access_ssh_public_key_deprecated in future releases.
kypo_user_access_ssh_public_key_deprecated: '{{ hostvars["man"]["user_public_key_path"] | default("") }}'
kypo_user_access_ssh_public_key: '{{ kypo_global_ssh_public_user_key | default(kypo_user_access_ssh_public_key_deprecated) }}'
kypo_user_access_ssh_public_key_options:
kypo_user_access_password:
kypo_user_access_present: True
- name: ensure existence of user
user:
name: '{{ kypo_user_access_username }}'
shell: /bin/bash
- name: ensure existence of SSH directory
file:
path: /home/{{ kypo_user_access_username }}/.ssh
state: directory
owner: '{{ kypo_user_access_username }}'
group: '{{ kypo_user_access_username }}'
mode: 0700
- name: add public key to authorized keys
authorized_key:
user: '{{ kypo_user_access_username }}'
key: '{{ lookup("file", kypo_user_access_ssh_public_key) }}'
key_options: '{{ kypo_user_access_ssh_public_key_options | default(omit)}}'
- name: set password if defined
user:
name: '{{ kypo_user_access_username }}'
password: '{{ kypo_user_access_password | password_hash("sha512") }}'
when: kypo_user_access_password is defined and kypo_user_access_password
- name: ensure existence of user
user:
name: '{{ kypo_user_access_username }}'
shell: /bin/bash
- name: ensure existence of SSH directory
file:
path: /home/{{ kypo_user_access_username }}/.ssh
state: directory
owner: '{{ kypo_user_access_username }}'
group: '{{ kypo_user_access_username }}'
mode: 0700
- name: add public key to authorized keys
authorized_key:
user: '{{ kypo_user_access_username }}'
key: '{{ lookup("file", kypo_user_access_ssh_public_key) }}'
- name: set password if defined
user:
name: '{{ kypo_user_access_username }}'
password: '{{ kypo_user_access_password | password_hash("sha512") }}'
when: kypo_user_access_password is defined and kypo_user_access_password
- include_tasks: create_user.yml
when: kypo_user_access_present
- include_tasks: remove_user.yml
when: not kypo_user_access_present
- name: remove kypo jump host
user:
name: '{{ kypo_user_access_username }}'
state: absent
remove: yes
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment