Initial commit.

Anadea · Feb 9, 2015 · e18b414 · e18b414
commit e18b414
Show file tree

Hide file tree

Showing 7 changed files with 141 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,61 @@
+Admin Users
+===========
+
+Manage admin users, authorized keys and sudo access.
+
+Requirements
+------------
+
+None.
+
+Role Variables
+--------------
+
+Define the following variables in your inventory or playbook to create, update
+and remove admin users:
+
+    admin_users:
+      - username: joe
+        fullname: "Joe User"
+        pubkey: "ssh-rsa ..."
+      - username: jim
+        fullname: "Jim User"
+        pubkey: "ssh-rsa ..."
+
+    admin_users_sudo_nopasswd: yes
+
+    admin_users_to_remove:
+      - bob
+      - fred
+
+Dependencies
+------------
+
+None.
+
+Example Playbook
+----------------
+
+The following playbook updates admin users on dev and prod servers with
+different options:
+
+    - hosts: dev-servers
+      roles:
+        - role: cchurch.admin-users
+          admin_users: dev_admin_users
+     - hosts: prod-servers
+       roles:
+         - role: cchurch.admin-users
+           admin_users: prod_admin_users
+           admin_users_sudo_nopasswd: no
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Chris Church
+[email protected]
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+
+admin_users: []
+# - username: joe
+#   fullname: "Joe User"
+#   pubkey: "ssh-rsa ..."
+
+admin_users_sudo_nopasswd: yes
+
+admin_users_to_remove: []
+# - bob
+# - fred
diff --git a/meta/main.yml b/meta/main.yml
@@ -0,0 +1,21 @@
+---
+
+galaxy_info:
+  author: Chris Church
+  description: 
+  company: 'Nine More Minutes, Inc.'
+  license: BSD
+  min_ansible_version: 1.7
+  platforms:
+    - name: EL
+      versions: all
+    - name: Fedora
+      versions: all
+    - name: Ubuntu
+      versions: all
+    - name: Debian
+      versions: all
+  categories:
+    - system
+
+dependencies: []
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+
+- name: include os specific variables
+  include_vars: '{{ ansible_os_family }}.yml'
+
+- name: create admin users
+  user:
+    name: '{{item.username}}'
+    comment: '{{item.fullname}}'
+    groups: '{{admin_users_sudo_group}}'
+    append: yes
+  with_items: admin_users
+
+- name: remove admin users
+  user:
+    name: '{{item}}'
+    state: absent
+  with_items: admin_users_to_remove
+
+- name: update authorized keys for admin users
+  authorized_key:
+    user: '{{item.username}}'
+    key: '{{item.pubkey}}'
+  with_items: admin_users
+
+- name: 'enable sudo with no password for {{admin_users_sudo_group}} group'
+  template:
+    src: sudo_nopasswd
+    dest: /etc/sudoers.d/sudo_nopasswd
+    mode: 0440
+    owner: root
+    group: root
+  when: admin_users_sudo_nopasswd
+
+- name: disable sudo with no password
+  file:
+    path: /etc/sudoers.d/sudo_nopasswd
+    state: absent
+  when: not admin_users_sudo_password
diff --git a/templates/sudo_nopasswd b/templates/sudo_nopasswd
@@ -0,0 +1,2 @@
+# Enable password-less sudo for users in {{admin_users_sudo_group}} group.
+%{{admin_users_sudo_group}} ALL=(ALL) NOPASSWD: ALL
diff --git a/vars/Debian.yml b/vars/Debian.yml
@@ -0,0 +1,3 @@
+---
+
+admin_users_sudo_group: sudo
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
@@ -0,0 +1,3 @@
+---
+
+admin_users_sudo_group: wheel
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# Enable password-less sudo for users in {{admin_users_sudo_group}} group.
		%{{admin_users_sudo_group}} ALL=(ALL) NOPASSWD: ALL