File: _user_accounts.yml

package info (click to toggle)
python-mitogen 0.3.43-1
  • links: PTS, VCS
  • area: main
  • in suites: forky
  • size: 6,816 kB
  • sloc: python: 24,940; sh: 144; makefile: 74; perl: 19; ansic: 18
file content (90 lines) | stat: -rw-r--r-- 2,555 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
#
# Add users expected by tests. Assumes passwordless sudo to root.
#
# WARNING: this creates non-privilged accounts with pre-set passwords!
#
- name: Mitogen test users and groups
  hosts: all
  gather_facts: true
  strategy: mitogen_free
  become: true
  pre_tasks:
    - name: Disable non-localhost SSH for Mitogen users
      when: false
      blockinfile:
        path: /etc/ssh/sshd_config
        block: |
          Match User mitogen__* Address !127.0.0.1
            DenyUsers *

    - name: Create Mitogen test groups
      group:
        name: "{{ item.name }}"
      with_items: "{{ mitogen_test_groups }}"

    - name: Create user accounts
      vars:
        password: "{{ item.name | replace('mitogen__', '') }}_password"
      user:
        name: "{{ item.name }}"
        shell: /bin/bash
        groups: >-
          {{
            system_groups[ansible_system]
            + (item.groups | default(['mitogen__group']))
          }}
        password: >-
          {%- if ansible_system == 'Darwin' -%}
          {{ password }}
          {%- else -%}
          {{ password | password_hash('sha256') }}
          {%- endif -%}
        hidden: true  # Only has effect on macOS
      with_items: "{{ mitogen_test_users }}"

    - name: Readonly homedir for one account
      file:
        path: ~mitogen__readonly_homedir
        owner: root
        recurse: true
        state: directory

    - name: Slow bash profile for one account
      copy:
        dest: ~mitogen__slow_user/.{{item}}
        src: ../data/docker/mitogen__slow_user.profile
        owner: mitogen__slow_user
        group: mitogen__group
        mode: u=rw,go=r
      with_items:
      - bashrc
      - profile

    - name: "Login throws permission denied errors (issue #271)"
      copy:
        dest: ~mitogen__permdenied/.{{item}}
        src: ../data/docker/mitogen__permdenied.profile
        owner: mitogen__permdenied
        group: mitogen__group
        mode: u=rw,go=r
      with_items:
      - bashrc
      - profile

    - name: Install pubkey for mitogen__has_sudo_pubkey
      block:
        - file:
            path: ~mitogen__has_sudo_pubkey/.ssh
            state: directory
            mode: go=
            owner: mitogen__has_sudo_pubkey
            group: mitogen__group
        - copy:
            dest: ~mitogen__has_sudo_pubkey/.ssh/authorized_keys
            src: ../data/docker/mitogen__has_sudo_pubkey.key.pub
            mode: go=
            owner: mitogen__has_sudo_pubkey
            group: mitogen__group

  roles:
    - role: sudoers