majic-ansible-roles Changeset

Changeset - fe6cdb2443c7

Parent rev.

Child rev.

[Not reviewed]

0 4 0

Branko Majic (branko) - 9 years ago 2015-08-30 19:14:54
branko@majic.rs

MAR-19: Simplified the parameters for common role, making a lot of them optional with some sane defaults. Switched to using an actual list for additional groups.

4 files changed with 33 insertions and 32 deletions:

docs/rolereference.rst

roles/common/defaults/main.yml

roles/common/tasks/main.yml

testsite/group_vars/all.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -227,11 +227,11 @@ The role implements the following: @@
 Parameters
 ~~~~~~~~~~
 **apt_proxy** (string, optional)
+**apt_proxy** (string, optional, ``None``)
   URI of a caching proxy that should be used when retrieving the packages via
-  apt. Default is no proxy.
   apt.
 **os_users** (list, optional)
+**os_users** (list, optional, ``[]``)
   A list of operating system users that should be set-up on a server. Each item
   is a dictionary with the following options describing the user parameters:
@@ @@ -239,50 +239,48 @@ Parameters @@
     Name of the operating system user that should be created. User's default
     group will have the same name as the user.
-  **uid** (number, mandatory)
+  **uid** (number, optional, ``whatever OS picks``)
     UID for the operating system user. User's default group will have a GID
     identical to the user's UID.
     identical to the user's UID if specified. Otherwise user's default group
     will have OS-determined GID.
   **additional_groups** (string, mandatory)
     Comma-separated list of additional groups that a user should belong to. If
     no additional groups should be appended to user's list of groups, set it to
     empty string (``""``).
   **additional_groups** (list, optional, ``[]``)
     Comma-separated list of additional groups that a user should belong to.
-  **authorized_keys** (list, mandatory)
+  **authorized_keys** (list, optional, ``[]``)
     List of SSH public keys that should be deployed to user's authorized_keys
     truststore. If no authorized keys should be deployed, set it to empty list
     (``[]``).
     truststore.
-  **password** (string, mandatory)
+  **password** (string, optional, ``!`` - no password)
     Encrypted password that should be set for the user.
 **os_groups** (list, optional)
+**os_groups** (list, optional, ``[]``)
   A list of operating system groups that should be set-up on a server. Each item
   is a dictionary with the following options describing the group parameters:
   **name** (string, mandatory)
     Name of the operating system group that should be created.
-  **gid** (number, mandatory)
+  **gid** (number, optional, ``whatever OS picks``)
     GID for the operating system group.
 **common_packages** (list, optional)
+**common_packages** (list, optional, ``[]``)
   List of additional operating system packages that should be installed on the
   server. Each element of the list should be a simple string denoting the name
   of the package.
 **ca_certificates** (list, optional)
+**ca_certificates** (list, optional, ``[]``)
   List of additional CA certificate files that should be deployed on the
   server. Each element of the list should be a filepath to a CA certificate file
   on originating (Ansible) host that should be copied to destination
   server.
-**incoming_connection_limit** (string, mandatory)
+**incoming_connection_limit** (string, optional, ``3/second``)
   Rate at which the incoming ICMP echo-request packages and new TCP connections
   will be accepted at. The value should be specified in the same format as value
   for the ``iptables hashlimit`` option ``--hashlimit-upto``.
-**incoming_connection_limit_burst** (string, mandatory)
+**incoming_connection_limit_burst** (string, optional, ``9``)
   Initial burst of packages that should be accepted when the client with
   distinct source IP address connects to the server for the first time (usually
   higher than ``incoming_connection_limit``), even if it would go above the
@@ @@ -302,14 +300,13 @@ packages on all servers: @@
   os_users:
     - name: admin
       uid: 1000
       additional_groups: sudo
       additional_groups:
         - sudo
       authorized_keys:
         - "{{ lookup('file', '/home/admin/.ssh/id_rsa.pub') }}"
       password: '$6$AaJRWtqyX5pk$IP8DUjgY0y2zqMom9BAc.O9qHoQWLFCmEsPRCika6l/Xh87cp2SnlMywH0.r4uEcbHnoicQG46V9VrJ8fxp2d.'
     - name: john
       uid: 1001
       additional_groups: ""
       authorized_keys: []
       password: '$6$AaJRWtqyX5pk$IP8DUjgY0y2zqMom9BAc.O9qHoQWLFCmEsPRCika6l/Xh87cp2SnlMywH0.r4uEcbHnoicQG46V9VrJ8fxp2d.'
   os_groups:

roles/common/defaults/main.yml

➞

Show inline comments

@@ @@ -3,4 +3,6 @@ @@
 packages: []
 os_users: []
 os_groups: []
 ca_certificates: []
@@ \ No newline at end of file @@
 ca_certificates: []
 incoming_connection_limit: 3/second
 incoming_connection_limit_burst: 9
@@ \ No newline at end of file @@

roles/common/tasks/main.yml

➞

Show inline comments

@@ @@ -30,23 +30,23 @@ @@
   with_items: common_packages
 - name: Set-up operating system groups
   group: name="{{ item.name }}" gid="{{ item.gid }}" state=present
+  group: name="{{ item.name }}" gid="{{ item.gid | default(omit) }}" state=present
   with_items: os_groups
 - name: Set-up operating system user groups
   group: name="{{ item.name }}" gid="{{ item.uid }}" state=present
+  group: name="{{ item.name }}" gid="{{ item.uid | default(omit) }}" state=present
   with_items: os_users
 - name: Set-up operating system users
   user: name="{{ item.name }}" uid="{{ item.uid }}" group="{{ item.name }}"
         groups="{{ item.additional_groups }}" append=yes shell=/bin/bash state=present
         password="{{ item.password }}"
   user: name="{{ item.name }}" uid="{{ item.uid | default(omit) }}" group="{{ item.name }}"
         groups="{{ ",".join(item.additional_groups | default([])) }}" append=yes shell=/bin/bash state=present
         password="{{ item.password | default('!') }}"
   with_items: os_users
 - name: Set-up authorised keys
   authorized_key: user="{{ item.0.name }}" key="{{ item.1 }}"
   with_subelements:
     - os_users
+    - "{{ os_users | selectattr('authorized_keys', 'defined') | list }}"
     - authorized_keys
 - name: Disable remote logins for root

testsite/group_vars/all.yml

➞

Show inline comments

@@ @@ -15,14 +15,16 @@ ansible_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" @@
 os_users:
   - name: admin
     uid: 1000
     additional_groups: sudo
     additional_groups:
       - sudo
     authorized_keys:
       - "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
     password: '$6$/aerscJY6aevRG$ABBCymEDtk2mHW/dklre9dMEdgZNJvVHsGLCzgjGmy61FssZ.KW7ePcO2wsMGIkHcg3mZlrA4dhYh.APq9OQu0'
   - name: johndoe
     uid: 1001
     additional_groups: "office,developer"
     authorized_keys: []
     additional_groups:
       - office
       - developer
     password: '$6$cJnUatae7cMz23fl$O3HE2TslnEaKaTDSZnvuDDrfqILAiuMV1wOPGVnkUQFxUu3gIWZOyO7AI1OWYkqeQMVBiezpSqYNiQy6NF6bi0'
 os_groups:

0 comments (0 inline, 0 general)