Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
C
configuration
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
edx
configuration
Commits
4352fbca
Commit
4352fbca
authored
Mar 10, 2014
by
John Jarvis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
changing USER_INFO to user_info
parent
baded88e
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
31 additions
and
24 deletions
+31
-24
playbooks/roles/analytics-server/meta/main.yml
+1
-1
playbooks/roles/bastion/defaults/main.yml
+1
-1
playbooks/roles/bastion/meta/main.yml
+1
-1
playbooks/roles/common/meta/main.yml
+4
-1
playbooks/roles/edxapp/meta/main.yml
+1
-1
playbooks/roles/user/defaults/main.yml
+8
-4
playbooks/roles/user/tasks/main.yml
+14
-14
playbooks/roles/user/templates/restricted.sudoers.conf.j2
+1
-1
No files found.
playbooks/roles/analytics-server/meta/main.yml
View file @
4352fbca
---
dependencies
:
-
role
:
user
USER_INFO
:
user_info
:
-
name
:
"
{{
AS_AUTOMATOR_NAME
}}"
type
:
restricted
sudo_cmds
:
"
{{
AS_AUTOMATOR_SUDO_CMDS
}}"
...
...
playbooks/roles/bastion/defaults/main.yml
View file @
4352fbca
...
...
@@ -16,7 +16,7 @@
# to the databases from the bastion
# box, it needs to be a subset of the
# users created on the box which is
# USER_INFO + BASTION_USER_INFO
#
COMMON_
USER_INFO + BASTION_USER_INFO
BASTION_REPLICA_USERS
:
[]
...
...
playbooks/roles/bastion/meta/main.yml
View file @
4352fbca
...
...
@@ -12,5 +12,5 @@
#
dependencies
:
-
role
:
user
USER_INFO
:
"
{{
BASTION_USER_INFO
}}"
user_info
:
"
{{
BASTION_USER_INFO
}}"
-
aws
playbooks/roles/common/meta/main.yml
View file @
4352fbca
---
dependencies
:
-
user
-
role
:
user
user_info
:
"
{{
COMMON_USER_INFO
}}"
playbooks/roles/edxapp/meta/main.yml
View file @
4352fbca
...
...
@@ -7,7 +7,7 @@ dependencies:
rbenv_ruby_version
:
"
{{
edxapp_ruby_version
}}"
-
devpi
-
role
:
user
USER_INFO
:
user_info
:
-
name
:
"
{{
EDXAPP_AUTOMATOR_NAME
}}"
sudo_cmds
:
"
{{
EDXAPP_AUTOMATOR_SUDO_CMDS
}}"
type
:
restricted
...
...
playbooks/roles/user/defaults/main.yml
View file @
4352fbca
...
...
@@ -11,10 +11,6 @@
# Vars for role user
#
# Role parameters
# Override this list
USER_INFO
:
[]
#
# vars are namespace with the module name.
...
...
@@ -32,3 +28,11 @@ USER_CMD_PROMPT: ""
# this var
user_rbash_links
:
-
/usr/bin/sudo
# parameter for this role,
# must be set when called and should NOT
# be set in extra vars since it
# will take precedence over the paramter
user_info
:
[]
playbooks/roles/user/tasks/main.yml
View file @
4352fbca
...
...
@@ -39,7 +39,7 @@
# #
#
# - role: user
#
USER_INFO
:
#
user_info
:
# # This restricted user is defined in meta/
# # for edxapp, it creates a user that can only
# # run manage.py commands
...
...
@@ -69,7 +69,7 @@
# which can be passed in as a paramter to the role.
#
-
debug
:
var=
USER_INFO
-
debug
:
var=
user_info
-
name
:
create the edxadmin group
group
:
name=edxadmin state=present
...
...
@@ -85,20 +85,20 @@
user
:
name={{ item.name }}
shell=/bin/bash
with_items
:
USER_INFO
with_items
:
user_info
-
name
:
create .ssh directory
file
:
path=/home/{{ item.name }}/.ssh state=directory mode=0750
owner={{ item.name }}
with_items
:
USER_INFO
with_items
:
user_info
-
name
:
assign admin role to admin users
user
:
name={{ item.name }}
groups=edxadmin
when
:
item.type is defined and item.type == 'admin'
with_items
:
USER_INFO
with_items
:
user_info
# authorized_keys2 used here so that personal
# keys can be copied to authorized_keys
...
...
@@ -112,7 +112,7 @@
dest=/home/{{ item.name }}/.ssh/authorized_keys2 mode=0640
owner={{ item.name }}
when
:
item.github is defined
with_items
:
USER_INFO
with_items
:
user_info
-
name
:
copy additional authorized keys
copy
:
>
...
...
@@ -121,7 +121,7 @@
owner={{ item.name }}
mode=0440
when
:
item.authorized_keys is defined
with_items
:
USER_INFO
with_items
:
user_info
-
name
:
create bashrc file for normal users
template
:
>
...
...
@@ -129,14 +129,14 @@
dest=/home/{{ item.name }}/.bashrc mode=0640
owner={{ item.name }}
when
:
not (item.type is defined and item.type == 'restricted')
with_items
:
USER_INFO
with_items
:
user_info
-
name
:
create .profile for all users
template
:
>
src=default.profile.j2
dest=/home/{{ item.name }}/.profile mode=0640
owner={{ item.name }}
with_items
:
USER_INFO
with_items
:
user_info
########################################################
# All tasks below this line are for restricted users
...
...
@@ -146,7 +146,7 @@
name={{ item.name }}
shell=/bin/rbash
when
:
item.type is defined and item.type == 'restricted'
with_items
:
USER_INFO
with_items
:
user_info
-
name
:
create bashrc file for restricted users
template
:
>
...
...
@@ -154,7 +154,7 @@
dest=/home/{{ item.name }}/.bashrc mode=0640
owner={{ item.name }}
when
:
item.type is defined and item.type == 'restricted'
with_items
:
USER_INFO
with_items
:
user_info
-
name
:
create sudoers file from template
template
:
...
...
@@ -168,14 +168,14 @@
-
name
:
change home directory ownership to root for restricted users
shell
:
"
chown
-R
root:{{
item.name
}}
/home/{{
item.name
}}"
when
:
item.type is defined and item.type == 'restricted'
with_items
:
USER_INFO
with_items
:
user_info
-
name
:
create ~/bin directory
file
:
path=/home/{{ item.name }}/bin state=directory mode=0750
owner="root" group={{ item.name }}
when
:
item.type is defined and item.type == 'restricted'
with_items
:
USER_INFO
with_items
:
user_info
-
name
:
create allowed command links
file
:
...
...
@@ -184,5 +184,5 @@
state
:
link
when
:
item[0].type is defined and item[0].type == 'restricted'
with_nested
:
-
USER_INFO
-
user_info
-
user_rbash_links
playbooks/roles/user/templates/restricted.sudoers.conf.j2
View file @
4352fbca
{% for user in
USER_INFO
-%}
{% for user in
user_info
-%}
{% if 'sudo_cmds' in user -%}
{% for cmd in user['sudo_cmds'] -%}
{{ user['name'] }} {{ cmd }}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment