From 1216fec5e3b7c5504b1b3e7ba9a0d900c2913b85 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Fri, 8 Sep 2017 16:06:41 +0000 Subject: [PATCH] Use the singleplatform-eng.users role to create the kayobe ansible user --- ansible/kayobe-ansible-user.yml | 40 +++++++++++++-------------------- 1 file changed, 16 insertions(+), 24 deletions(-) diff --git a/ansible/kayobe-ansible-user.yml b/ansible/kayobe-ansible-user.yml index 50612c3c0..85dfb7930 100644 --- a/ansible/kayobe-ansible-user.yml +++ b/ansible/kayobe-ansible-user.yml @@ -3,28 +3,20 @@ hosts: seed:overcloud vars: ansible_user: "{{ bootstrap_user }}" - tasks: - - block: - - name: Ensure the Kayobe Ansible group exists - group: - name: "{{ kayobe_ansible_user }}" - state: present - - - name: Ensure the Kayobe Ansible user account exists - user: - name: "{{ kayobe_ansible_user }}" - group: "{{ kayobe_ansible_user }}" - comment: "Kayobe Ansible SSH access" - state: present - - - name: Ensure the Kayobe Ansible user has passwordless sudo - copy: - content: "{{ kayobe_ansible_user }} ALL=(ALL) NOPASSWD: ALL" - dest: "/etc/sudoers.d/kayobe-ansible-user" - mode: 0440 - - - name: Ensure the Kayobe Ansible user has authorized our SSH key - authorized_key: - user: "{{ kayobe_ansible_user }}" - key: "{{ lookup('file', ssh_public_key_path) }}" + roles: + - role: singleplatform-eng.users + users: + - username: "{{ kayobe_ansible_user }}" + name: Kayobe deployment user + append: True + ssh_key: + - "{{ lookup('file', ssh_public_key_path) }}" + become: True + + post_tasks: + - name: Ensure the Kayobe Ansible user has passwordless sudo + copy: + content: "{{ kayobe_ansible_user }} ALL=(ALL) NOPASSWD: ALL" + dest: "/etc/sudoers.d/kayobe-ansible-user" + mode: 0440 become: True