diff options
| author | Aaron LI <aly@aaronly.me> | 2018-02-24 16:53:19 +0800 |
|---|---|---|
| committer | Aaron LI <aly@aaronly.me> | 2018-03-14 11:28:44 +0800 |
| commit | 090c66581312a008caece399186abc2a997bc563 (patch) | |
| tree | 8b533e15a39d58e8999c17cda8ec9a9c697ad8ba /roles/bootstrap | |
| parent | 71dfbbe0291218bcb3ffaa9997d8aaf6d98a3259 (diff) | |
| download | ansible-dfly-vps-090c66581312a008caece399186abc2a997bc563.tar.bz2 | |
bootstrap: improve group/user creation; add block marker for sshd_config
Diffstat (limited to 'roles/bootstrap')
| -rw-r--r-- | roles/bootstrap/tasks/main.yml | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml index 52eae5d..3ab7e35 100644 --- a/roles/bootstrap/tasks/main.yml +++ b/roles/bootstrap/tasks/main.yml @@ -5,17 +5,25 @@ - debug: var=ansible_ssh_port - debug: var=ansible_ssh_private_key_file -- name: User - create deployment user account (group) +- name: group - check deployment group + command: pw groupshow "{{ deploy_user }}" + register: pw_cmd + +- name: group - create deployment group command: pw groupadd "{{ deploy_user }}" -g 999 - ignore_errors: true + when: pw_cmd.rc != 0 + +- name: user - check deployment user + command: pw usershow "{{ deploy_user }}" + register: pw_cmd -- name: User - create deployment user account (user) +- name: user - create deployment user command: > pw useradd "{{ deploy_user }}" -u 999 -g "{{ deploy_user }}" -m -d "/var/{{ deploy_user }}" - -C "Ansible Deployment" - ignore_errors: true + -c "Ansible Deployment" + when: pw_cmd.rc != 0 - name: SSH - authorized_keys for the deployment user authorized_key: @@ -35,10 +43,10 @@ - name: SSH - disable password auth for the deployment user blockinfile: path: /etc/ssh/sshd_config + marker: "# {mark} ANSIBLE MANAGED - ansible" block: | Match User {{ deploy_user }} PasswordAuthentication no - backup: true validate: "sshd -t -f %s" notify: restart-sshd |