Commit 4352fbca by John Jarvis

changing USER_INFO to user_info

parent baded88e
---
dependencies:
- role: user
USER_INFO:
user_info:
- name: "{{ AS_AUTOMATOR_NAME }}"
type: restricted
sudo_cmds: "{{ AS_AUTOMATOR_SUDO_CMDS }}"
......
......@@ -16,7 +16,7 @@
# to the databases from the bastion
# box, it needs to be a subset of the
# users created on the box which is
# USER_INFO + BASTION_USER_INFO
# COMMON_USER_INFO + BASTION_USER_INFO
BASTION_REPLICA_USERS: []
......
......@@ -12,5 +12,5 @@
#
dependencies:
- role: user
USER_INFO: "{{ BASTION_USER_INFO }}"
user_info: "{{ BASTION_USER_INFO }}"
- aws
---
dependencies:
- user
- role: user
user_info: "{{ COMMON_USER_INFO }}"
......@@ -7,7 +7,7 @@ dependencies:
rbenv_ruby_version: "{{ edxapp_ruby_version }}"
- devpi
- role: user
USER_INFO:
user_info:
- name: "{{ EDXAPP_AUTOMATOR_NAME }}"
sudo_cmds: "{{ EDXAPP_AUTOMATOR_SUDO_CMDS }}"
type: restricted
......
......@@ -11,10 +11,6 @@
# Vars for role user
#
# Role parameters
# Override this list
USER_INFO: []
#
# vars are namespace with the module name.
......@@ -32,3 +28,11 @@ USER_CMD_PROMPT: ""
# this var
user_rbash_links:
- /usr/bin/sudo
# parameter for this role,
# must be set when called and should NOT
# be set in extra vars since it
# will take precedence over the paramter
user_info: []
......@@ -39,7 +39,7 @@
# #
#
# - role: user
# USER_INFO:
# user_info:
# # This restricted user is defined in meta/
# # for edxapp, it creates a user that can only
# # run manage.py commands
......@@ -69,7 +69,7 @@
# which can be passed in as a paramter to the role.
#
- debug: var=USER_INFO
- debug: var=user_info
- name: create the edxadmin group
group: name=edxadmin state=present
......@@ -85,20 +85,20 @@
user:
name={{ item.name }}
shell=/bin/bash
with_items: USER_INFO
with_items: user_info
- name: create .ssh directory
file:
path=/home/{{ item.name }}/.ssh state=directory mode=0750
owner={{ item.name }}
with_items: USER_INFO
with_items: user_info
- name: assign admin role to admin users
user:
name={{ item.name }}
groups=edxadmin
when: item.type is defined and item.type == 'admin'
with_items: USER_INFO
with_items: user_info
# authorized_keys2 used here so that personal
# keys can be copied to authorized_keys
......@@ -112,7 +112,7 @@
dest=/home/{{ item.name }}/.ssh/authorized_keys2 mode=0640
owner={{ item.name }}
when: item.github is defined
with_items: USER_INFO
with_items: user_info
- name: copy additional authorized keys
copy: >
......@@ -121,7 +121,7 @@
owner={{ item.name }}
mode=0440
when: item.authorized_keys is defined
with_items: USER_INFO
with_items: user_info
- name: create bashrc file for normal users
template: >
......@@ -129,14 +129,14 @@
dest=/home/{{ item.name }}/.bashrc mode=0640
owner={{ item.name }}
when: not (item.type is defined and item.type == 'restricted')
with_items: USER_INFO
with_items: user_info
- name: create .profile for all users
template: >
src=default.profile.j2
dest=/home/{{ item.name }}/.profile mode=0640
owner={{ item.name }}
with_items: USER_INFO
with_items: user_info
########################################################
# All tasks below this line are for restricted users
......@@ -146,7 +146,7 @@
name={{ item.name }}
shell=/bin/rbash
when: item.type is defined and item.type == 'restricted'
with_items: USER_INFO
with_items: user_info
- name: create bashrc file for restricted users
template: >
......@@ -154,7 +154,7 @@
dest=/home/{{ item.name }}/.bashrc mode=0640
owner={{ item.name }}
when: item.type is defined and item.type == 'restricted'
with_items: USER_INFO
with_items: user_info
- name: create sudoers file from template
template:
......@@ -168,14 +168,14 @@
- name: change home directory ownership to root for restricted users
shell: "chown -R root:{{ item.name }} /home/{{ item.name }}"
when: item.type is defined and item.type == 'restricted'
with_items: USER_INFO
with_items: user_info
- name: create ~/bin directory
file:
path=/home/{{ item.name }}/bin state=directory mode=0750
owner="root" group={{ item.name }}
when: item.type is defined and item.type == 'restricted'
with_items: USER_INFO
with_items: user_info
- name: create allowed command links
file:
......@@ -184,5 +184,5 @@
state: link
when: item[0].type is defined and item[0].type == 'restricted'
with_nested:
- USER_INFO
- user_info
- user_rbash_links
{% for user in USER_INFO -%}
{% for user in user_info -%}
{% if 'sudo_cmds' in user -%}
{% for cmd in user['sudo_cmds'] -%}
{{ user['name'] }} {{ cmd }}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment