Update readme with examples for adding new users

2023-12-05 03:50:59 +00:00 · 2023-12-05 03:50:59 +00:00 · 727a178cd4
commit 727a178cd4
parent 1eb16d93d7
4 changed files with 24 additions and 9 deletions
--- a/ansible/README.md
+++ b/ansible/README.md
@ -14,6 +14,16 @@ $ ansible-playbook -i hosts redbrick-ansible.yml

 This command assumes `hosts` is your hosts file, you can copy the sample host file and modify the credentials in `group_vars`

+## Examples
+
+### Adding new users to aperture
+
+When you want to add a new user to all of the aperture servers, run the below command. You'll also need to edit [`roles/ssh/defaults/main.yml`](./roles/ssh/defaults/main.yml`).
+
+```
+ansible-playbook -i hosts redbrick-ansible.yml -e "created_users_pass=hellothere"
+```
+
 ## Contributing

 Please add all roles into the `roles` directory, following the same directory structure.
--- a/ansible/redbrick-ansible.yml
+++ b/ansible/redbrick-ansible.yml
@ -8,12 +8,12 @@
  roles:
      - { role: git-compare-head } # Prevent execution on out-of-date or divergent branches

-# - name: Redbrick general management
-#   hosts: all
-#   roles:
-#- { role: apt } # update all packages, equivalent to `apt update && apt upgrade`
-#- { role: ssh } # add users defined in roles/defaults/main.yml
-#- { role: fail2ban } # add and configure fail2ban with jail file located in `templates/fail2ban.jail`
+- name: Redbrick general management
+  hosts: all
+  roles:
+      - { role: apt } # update all packages, equivalent to `apt update && apt upgrade`
+      - { role: ssh } # add users defined in roles/defaults/main.yml
+      - { role: fail2ban } # add and configure fail2ban with jail file located in `templates/fail2ban.jail`

 # - name: Configure Nomad & Consul
 #   hosts: nomad
--- a/ansible/roles/ssh/defaults/main.yml
+++ b/ansible/roles/ssh/defaults/main.yml
@ -2,9 +2,12 @@
 # a current listing of all admins who have ssh access to Redbrick.

 github_users:
-  - user: distro
-    # omitting account variable won't add any github keys to the user.
-    account: DistroByte
+  - user: mojito # user account
+    account: DistroByte # github account
+    groups: ["sudo"] # list of groups
+    passwordless_sudo: true
+  - user: jameson
+    account: wizzdom
    groups: ["sudo"]
    passwordless_sudo: true

--- a/ansible/roles/ssh/tasks/main.yml
+++ b/ansible/roles/ssh/tasks/main.yml
@ -14,6 +14,8 @@
    append: yes
    home: /home/{{ item.user | default(item) }}
    state: present
+    password: "{{ created_users_pass }}"
+    update_password: "on_create"
  with_items: "{{ github_users }}"

 - name: Ensure authorized_keys for GitHub user accounts are present