IAM role
Configures users and groups.
Usage
Configure the role.
vars.yml
iam_root_password: "{{ vault_iam_root_password }}"
iam_disallow_ssh_root_access: false # default: true
iam_allow_ssh_password_authentication: true # default: false
iam_groups:
- name: wheel
add_group_to_sudoers: true
- name: guests
add_group_to_sudoers: false
iam_users:
- username: admin
comment: "Administrator"
ssh_public_key: "ssh-rsa ANzaC1yc2EA...KHgKLVcBaeKQ== admin@example.com"
groups: wheel,docker
shell: /bin/zsh
zshrc: |
PROMPT="$fg[cyan]%}$USER@%{$fg[blue]%}%m ${PROMPT}"
hosts:
- server1
- server2
- username: bot
comment: "Bot Example"
ssh_public_key: "ssh-ed25519 ANzaC1yc2EA...KHgKLVcBaeKQ== bot@example.com"
ssh_private_key: "{{ vault_bot_ssh_private_key }}"
hosts:
- server1
host_iam_users:
- username: bobmeyer
comment: "Bob Meyer"
passwort: "{{ vault_iam_users_bobmeyer_password }}"
hosts:
- server1
And include it in your playbook.
- hosts: iam
roles:
- role: iam
Docs
Set password manually
Run sudo passwd $USERNAME
to set the password.
Add user to group manually
Run sudo usermod -a -G sshusers janikvonrotz
to add a user to a group.
Generate ssh key pair
Generate a ssh key pair for the username.
SSH_USERNAME=n8ncloud
ssh-keygen -t ed25519 -C "$SSH_USERNAME" -f ./id_ed25519
echo "vault_${SSH_USERNAME}_ssh_private_key: |"
cat ./id_ed25519 | sed 's/^/ /'
echo "ssh_public_key: $(cat ./id_ed25519.pub)"