CreateUserTask/setup.yml at main · muxalko/CreateUserTask · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
- hosts: localhost
  gather_facts: false

  # privilege user read from encrypted file
  vars_files: passwd.yml
  vars:
    ansible_become: true
    ansible_become_method: sudo
    #should be root
    #ansible_become_user: "{{ root_username }}"
    ansible_become_pass: "{{ root_password }}" # from passwd.yam vault

  tasks:
  - name: Create group
    group:
      name: "{{ user_to_add }}"
      state: present

  - name: Add user
    user:
      name: "{{ user_to_add }}"
      shell: /bin/bash
      group: "{{ user_to_add }}"
      state: present
      comment: User {{ user_to_add }} Created by Jenkins+Ansible

  - name: Check file exists.
    stat:
      path: "{{ public_key_filepath }}"
    register: file_details

  - name: Add public key to authorized_hosts
    authorized_key:
      user: "{{ user_to_add }}"
      state: present
      key: "{{ lookup('file', '{{ public_key_filepath }}') }}"
    when: file_details.stat.exists

  - name: Delete public key
    file:
      state: absent
      path: "{{ public_key_filepath }}"

  - name: Change permissions for readme file
    file:
      path: readme_bob.txt
      owner: "{{ user_to_add }}"
      group: "{{ user_to_add }}"
      mode: 0440