--- # --- # - webadmin user/group # --- - name: (webadmin-user.yml) Ensure webadmin group exists group: name: '{{ item.name }}' state: present gid: '{{ item.group_id | default(omit) }}' with_items: '{{ webadmin_user }}' loop_control: label: "{{ item.name }}" when: - groups['webadmin']|string is search(inventory_hostname) - webadmin_user is defined - item.group_id is defined tags: - webadmin - groups-exists - name: (webadmin-user.yml) Ensure webadmin user exists user: name: '{{ item.name }}' state: present uid: '{{ item.user_id | default(omit) }}' group: '{{ item.name | default(omit) }}' home: '{{ item.home | default(omit) }}' shell: '{{ item.shell|d("/bin/bash") }}' password: "{{ item.password }}" update_password: on_create with_items: '{{ webadmin_user }}' loop_control: label: "{{ item.name }}" when: - groups['webadmin']|string is search(inventory_hostname) - webadmin_user is defined tags: - webadmin - users-exists - name: (webadmin-user.yml) Ensure authorized_key files for webadmin user is present authorized_key: user: "{{ item.0.name }}" key: "{{ item.1 }}" state: present with_subelements: - '{{ webadmin_user }}' - ssh_keys loop_control: label: "{{ item.0.name }} key: {{ idx + 1 }}" index_var: idx when: - groups['webadmin']|string is search(inventory_hostname) - webadmin_user is defined tags: - webadmin - authorized_key - name: (webadmin-user.yml) Copy default ed25519 ssh private key to user webadmin copy: src: '{{ item.priv_key_src }}' dest: '{{ item.priv_key_dest }}' owner: '{{ item.login }}' group: '{{ item.login }}' mode: '0600' #when: groups['oopen_server']|string is search(inventory_hostname) when: - insert_webadmin_ssh_keypair|bool with_items: '{{ webadmin_ssh_keypair }}' loop_control: label: 'dest: {{ item.priv_key_dest }}' tags: - webadmin - webadmin-defaut-ssh-keypair - name: (webadmin-user.yml) Copy default ssh key ed25519 public key to user webadmin copy: src: '{{ item.pub_key_src }}' dest: '{{ item.pub_key_dest }}' owner: '{{ item.login }}' group: '{{ item.login }}' mode: '0644' with_items: '{{ webadmin_ssh_keypair }}' loop_control: label: 'dest: {{ item.pub_key_dest }}' when: - insert_webadmin_ssh_keypair|bool tags: - webadmin - webadmin-defaut-ssh-keypair - name: (webadmin-user.yml) Ensure .ssh/config of user webadmin is up-to-date template: src: var/www/.ssh/config.j2 dest: '~webadmin/.ssh/config' owner: webadmin group: webadmin mode: '0644' when: - insert_webadmin_ssh_keypair|bool tags: - webadmin - webadmin-defaut-ssh-keypair # devel-repos contains SVN repositiries; webadmin must have ssh access to # to webadmin at devel-repos to manage SVN repository # - name: (webadmin-user.yml) Ensure authorized_key on devel-repos hosts contains public key authorized_key: user: "{{ item.login }}" key: "{{ lookup('file', item.pub_key_src) }}" state: present with_items: '{{ webadmin_ssh_keypair }}' loop_control: label: 'authorized_keys - webadmin: root' when: inventory_hostname == item.target tags: - webadmin - authorized_key - insert_webadmin_ssh_public_key # --- # Check if local template directories exists # --- - name: (users-systemfiles.yml) Check if local template directory exists for webadmin local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }} with_items: "{{ webadmin_user }}" loop_control: label: '{{ item.name }}' register: local_template_dir_webadmin # -- # Copy .bashrc # --- #- name: (webadmin-user.yml) Check if webadmin's file '.bashrc.ORIG' exists # stat: # path: "~{{ item.item.name }}/.bashrc.ORIG" # register: bashrc_webadmin_orig_exists # with_items: "{{ local_template_dir_webadmin.results }}" # loop_control: # label: '{{ item.item.name }}' # when: # - item.stat.exists # tags: # - webadmin # - bash # #- name: (webadmin-user.yml) Backup existing webadmin's .bashrc file # command: cp ~{{ item.item.item.name }}/.bashrc ~{{ item.item.item.name }}/.bashrc.ORIG # loop: "{{ bashrc_webadmin_orig_exists.results }}" # loop_control: # label: '{{ item.item.item.name }}' # when: # - item.stat.exists == False # tags: # - webadmin # - bash - name: (webadmin-user.yml) Check if webadmin's file '.bashrc.ORIG' exists stat: path: "~{{ item.name }}/.bashrc.ORIG" register: bashrc_webadmin_orig_exists with_items: "{{ webadmin_user }}" loop_control: label: '{{ item.name }}' tags: - webadmin - bash - name: (webadmin-user.yml) Backup existing webadmin's .bashrc file command: cp -a ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG loop: "{{ bashrc_webadmin_orig_exists.results }}" loop_control: label: '{{ item.item.name }}' when: - item.stat.exists == False tags: - webadmin - bash - name: (webadmin-user.yml) copy new .bashrc for webadmin if it exists copy: src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') }}" dest: "~{{ item.item.name }}/.bashrc" owner: "{{ item.item.name }}" group: "{{ item.item.name }}" mode: 0644 with_items: "{{ local_template_dir_webadmin.results }}" loop_control: label: '{{ item.item.name }}' when: - item.stat.exists - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') tags: - webadmin - bash # -- # Copy .profile # --- - name: (webadmin-user.yml) Check if webadmin's file '.profile.ORIG' exists stat: path: "~{{ item.name }}/.profile.ORIG" register: profile_webadmin_orig_exists with_items: "{{ webadmin_user }}" loop_control: label: '{{ item.name }}' tags: - webadmin - profile - name: (webadmin-user.yml) Backup existing users .profile file command: cp -a ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG with_items: "{{ profile_webadmin_orig_exists.results }}" loop_control: label: '{{ item.item.name }}' when: - item.stat.exists == False tags: - webadmin - profile - name: (webadmin-user.yml) copy .profile for user webadmin if it exists copy: src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') }}" dest: "~{{ item.item.name }}/.profile" owner: "{{ item.item.name }}" group: "{{ item.item.name }}" mode: 0644 with_items: "{{ local_template_dir_webadmin.results }}" loop_control: label: '{{ item.item.name }}' when: - item.stat.exists - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') tags: - webadmin - profile # -- # Copy .vimrc # --- - name: (webadmin-user.yml) copy .vimrc for user webadmin if it exists copy: src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') }}" dest: "~{{ item.item.name }}/.vimrc" owner: "{{ item.item.name }}" group: "{{ item.item.name }}" mode: 0644 with_items: "{{ local_template_dir_webadmin.results }}" loop_control: label: '{{ item.item.name }}' when: - item.stat.exists - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') tags: - webadmin - vim - name: (users-systemfiles.yml) Check if local template directory .vim exists for webadmin local_action: stat path={{ inventory_dir }}/files/homedirs/webadmin/.vim register: local_template_dir_vim_webadmin with_items: "{{ webadmin_user }}" loop_control: label: '{{ item.name }}' - name: (webadmin-user.yml) copy .vim directory for user webadmin if it exists copy: src: "{{ inventory_dir + '/files/homedirs/' + item.item.name + '/.vim' }}" dest: "~{{ item.item.name }}" owner: "{{ item.item.name }}" group: "{{ item.item.name }}" mode: 0644 with_items: "{{ local_template_dir_vim_webadmin.results }}" loop_control: label: '{{ item.item.name }}' when: - item.stat.exists tags: - webadmin - vim