From 7c88dcf5f7b6b4aabf72f99a7c6715e7768d75cd Mon Sep 17 00:00:00 2001 From: Santiago Lo Coco Date: Fri, 12 Apr 2024 21:10:59 +0000 Subject: [PATCH] Update local_accounts --- slococo/playground/README.md | 105 +++++++++++++++++- slococo/playground/meta/runtime.yml | 2 +- .../local_accounts/meta/argument_specs.yml | 5 +- .../roles/local_accounts/tasks/main.yml | 2 +- .../roles/local_accounts/tests/test.yml | 2 +- 5 files changed, 109 insertions(+), 7 deletions(-) diff --git a/slococo/playground/README.md b/slococo/playground/README.md index 86f5668..8c82348 100644 --- a/slococo/playground/README.md +++ b/slococo/playground/README.md @@ -1,3 +1,106 @@ # Ansible Collection - slococo.playground -Documentation for the collection. +## Overview + +This Ansible collection contains two roles: `local_accounts` and `ssh_config`. These roles are designed to automate the configuration of local user accounts and SSH daemon settings on target hosts. + +## Requirements + +- Ansible version supporting collections (`ansible-core` > 2.12) + +## Role: local_accounts + +### Description + +This role configures multiple local user accounts on the target host as specified in a list of dictionaries variable. + +### Variables + +- `local_users`: List of dictionaries defining each local user account with the following fields: + - `name`: Username + - `shell`: Login shell for the user + - `userid`: User ID + - `expiry_date`: Expiry date for the account (optional) + - `home`: Path for the home directory (optional) + - `groups`: List of groups the user belongs to (optional) + +### Usage + +Include the `local_accounts` role in your playbook and define the `local_users` variable accordingly. + +```yaml +- name: Configure local accounts + hosts: target_hosts + roles: + - role: slococo.playground.local_accounts + vars: + local_accounts_list: + - name: local_adm + shell: /bin/bash + userid: 38000087 + expiry_date: null + home: /home/local_adm + groups: [primary_group] + - name: local_log + shell: /bin/sh + userid: 38000088 + expiry_date: "2024-12-31" + home: /home/local_log + groups: [primary_group] +``` + +### Additional Functionality + +The role also supports configuring passwordless authentication for the local users created. + +## Role: ssh_config + +### Description + +This role ensures the SSH daemon on the target host has specific options configured. + +### Variables + +No additional variables required. + +### Usage + +Include the `ssh_config` role in your playbook. + +```yaml +- name: Configure SSH + hosts: target_hosts + roles: + - role: MyAutomationCollection.ssh_config +``` + +### SSH Configuration + +The role ensures the following SSH options are configured with the specified values: +- `PasswordAuthentication`: yes +- `PermitEmptyPasswords`: no +- `PermitRootLogin`: no + +## Bonus Task: Dry-run (Checkmode) Support + +Both roles support dry-run (checkmode) and are idempotent. + +## Testing + +Test the roles on a test host, such as a local VM. + +## Uploading to Ansible Galaxy + +While not required for this task, the collection is prepared for uploading to Ansible Galaxy or any private Automation Hub. + +## Author + +[Your Name] + +## License + +[License information] + +## Acknowledgments + +[Optional: Any acknowledgments or credits] \ No newline at end of file diff --git a/slococo/playground/meta/runtime.yml b/slococo/playground/meta/runtime.yml index 898ad8f..c2ea658 100644 --- a/slococo/playground/meta/runtime.yml +++ b/slococo/playground/meta/runtime.yml @@ -1,2 +1,2 @@ --- -requires_ansible: '>=2.15.0' +requires_ansible: '>=2.12.0' diff --git a/slococo/playground/roles/local_accounts/meta/argument_specs.yml b/slococo/playground/roles/local_accounts/meta/argument_specs.yml index 16dd729..4f03604 100644 --- a/slococo/playground/roles/local_accounts/meta/argument_specs.yml +++ b/slococo/playground/roles/local_accounts/meta/argument_specs.yml @@ -22,10 +22,9 @@ argument_specs: required: true description: The user ID for the local user. expiry_date: - type: float + type: str required: false - default: null - description: The expiry date for the local user (in epoch). + description: The expiry date for the local user (in '%Y-%m-%d', e.g. 2024-12-31). home: type: path required: false diff --git a/slococo/playground/roles/local_accounts/tasks/main.yml b/slococo/playground/roles/local_accounts/tasks/main.yml index 0ec9980..f6d7f7e 100644 --- a/slococo/playground/roles/local_accounts/tasks/main.yml +++ b/slococo/playground/roles/local_accounts/tasks/main.yml @@ -4,7 +4,7 @@ name: "{{ item.name }}" shell: "{{ item.shell }}" uid: "{{ item.userid }}" - expires: "{{ item.expiry_date | default(omit) }}" + expires: "{{ (((item.expiry_date + ' 00:00:00') | to_datetime).strftime('%s')) if item.expiry_date is defined else omit }}" home: "{{ item.home | default(omit) }}" groups: "{{ item.groups | default(omit) }}" generate_ssh_key: yes diff --git a/slococo/playground/roles/local_accounts/tests/test.yml b/slococo/playground/roles/local_accounts/tests/test.yml index b6bed26..3ad87db 100644 --- a/slococo/playground/roles/local_accounts/tests/test.yml +++ b/slococo/playground/roles/local_accounts/tests/test.yml @@ -12,7 +12,7 @@ - name: test_user2 shell: /bin/zsh userid: 1002 - expiry_date: '1735689599' + expiry_date: '2024-12-31' home: /home/test_user3 groups: docker