From 090c66581312a008caece399186abc2a997bc563 Mon Sep 17 00:00:00 2001 From: Aaron LI Date: Sat, 24 Feb 2018 16:53:19 +0800 Subject: bootstrap: improve group/user creation; add block marker for sshd_config --- roles/bootstrap/tasks/main.yml | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'roles/bootstrap/tasks') diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml index 52eae5d..3ab7e35 100644 --- a/roles/bootstrap/tasks/main.yml +++ b/roles/bootstrap/tasks/main.yml @@ -5,17 +5,25 @@ - debug: var=ansible_ssh_port - debug: var=ansible_ssh_private_key_file -- name: User - create deployment user account (group) +- name: group - check deployment group + command: pw groupshow "{{ deploy_user }}" + register: pw_cmd + +- name: group - create deployment group command: pw groupadd "{{ deploy_user }}" -g 999 - ignore_errors: true + when: pw_cmd.rc != 0 + +- name: user - check deployment user + command: pw usershow "{{ deploy_user }}" + register: pw_cmd -- name: User - create deployment user account (user) +- name: user - create deployment user command: > pw useradd "{{ deploy_user }}" -u 999 -g "{{ deploy_user }}" -m -d "/var/{{ deploy_user }}" - -C "Ansible Deployment" - ignore_errors: true + -c "Ansible Deployment" + when: pw_cmd.rc != 0 - name: SSH - authorized_keys for the deployment user authorized_key: @@ -35,10 +43,10 @@ - name: SSH - disable password auth for the deployment user blockinfile: path: /etc/ssh/sshd_config + marker: "# {mark} ANSIBLE MANAGED - ansible" block: | Match User {{ deploy_user }} PasswordAuthentication no - backup: true validate: "sshd -t -f %s" notify: restart-sshd -- cgit v1.2.2