From a8189ca2a9e606c5555663d47456a3e78c8146cc Mon Sep 17 00:00:00 2001 From: qburst-arjunm Date: Fri, 16 Feb 2024 17:07:10 +0530 Subject: [PATCH 1/4] adding ansible role for user-management --- README.md | 3 +- ansible/README.md | 79 +++++++++++++++++++ ansible/main.yml | 7 ++ ansible/user-management/defaults/main.yml | 1 + .../user-management/tasks/aws-add-user.yml | 38 +++++++++ .../tasks/jenkins-add-user.yml | 27 +++++++ .../user-management/tasks/linux-add-user.yml | 21 +++++ ansible/user-management/tasks/main.yml | 15 ++++ .../user-management/tasks/mysql-add-user.yml | 42 ++++++++++ .../tasks/postgres-add-user.yml | 25 ++++++ ansible/user-management/tests/inventory | 2 + ansible/user-management/vars/main.yml | 28 +++++++ 12 files changed, 287 insertions(+), 1 deletion(-) create mode 100644 ansible/README.md create mode 100644 ansible/main.yml create mode 100644 ansible/user-management/defaults/main.yml create mode 100644 ansible/user-management/tasks/aws-add-user.yml create mode 100644 ansible/user-management/tasks/jenkins-add-user.yml create mode 100644 ansible/user-management/tasks/linux-add-user.yml create mode 100644 ansible/user-management/tasks/main.yml create mode 100644 ansible/user-management/tasks/mysql-add-user.yml create mode 100644 ansible/user-management/tasks/postgres-add-user.yml create mode 100644 ansible/user-management/tests/inventory create mode 100644 ansible/user-management/vars/main.yml diff --git a/README.md b/README.md index fda79cd..35cb459 100644 --- a/README.md +++ b/README.md @@ -11,4 +11,5 @@ To facilitate easy navigation and access to the resources within this repository 1. [**Scripts**](/scripts/README.md): Within this folder, you will find a collection of various scripts that have been developed to automate tasks and streamline processes. These scripts have proven to be valuable tools, enhancing productivity in various workflows. 2. [**GitHub Actions**](/github-actions/README.md): This folder contains a selection of GitHub Actions that have been designed to optimize workflows. These actions offer a reusable and configurable approach for achieving efficiency and consistency in your development practices. -3. [**Terraform**](/terraform/README.md): In this folder, you will discover a comprehensive set of Terraform modules created to address common use cases. These modules helps you to rapidly provision and manage infrastructure resources with ease, leveraging the power and flexibility of Terraform. \ No newline at end of file +3. [**Terraform**](/terraform/README.md): In this folder, you will discover a comprehensive set of Terraform modules created to address common use cases. These modules helps you to rapidly provision and manage infrastructure resources with ease, leveraging the power and flexibility of Terraform. +4. [**Ansible**](/ansible/README.md): In this folder, you will discover a comprehensive set of ansible roles to create/manage users. This role helps you to easily manage users in different platforms like AWS, Linux, Jenkins, MySQL and Postgres. \ No newline at end of file diff --git a/ansible/README.md b/ansible/README.md new file mode 100644 index 0000000..d61c0a5 --- /dev/null +++ b/ansible/README.md @@ -0,0 +1,79 @@ +# Ansible Role for User Management +========= + +Ansible playbook to create user accounts in AWS, Jenkins, Linux, MySQL and PostgreSQL. + +# Requirements +------------ + +The role can be executed on any machine having Linux OS with the below packages. + - Ansible + - Python + - pymysql + - mysql-client + - postgresql-client + - awscli + +# Role Variables +-------------- + +Available variables are listed below (user-management/vars/main.yml): + +users + - aws + - linux + - jenkins + - mysql + - postgres + +# Role tasks +------------- + +Available tasks are listed below (user-management/tasks/) + +tasks + - aws-add-user.yml + - jenkins-add-user.yml + - linux-add-user.yml + - mysql-add-user.yml + - postgres-add-user.yml + +# Dependencies +------------ + +1. Configure AWS access key and secret key for running aws user creation. +2. Modify Jenkins authorization security by enabling necessary permission for the admin user. +3. Grant access to the IP from where you are running this playbook in the MySQL server. +4. Allow necessary access in all the servers. + + +# Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + --- + - name: Ansible roles to create/manage users + hosts: servers + gather_facts: true + become: yes + roles: + - role: user-management + +The same is provided in the main.yml residing outside the role. You can use the following command to run all the tasks. + +### ansible-playbook main.yml + +You can use --skip-tags to exclude any particular role + +### Ex: ansible-playbook main.yml --skip-tags linux + +# License +------- + +BSD + +# Author Information +------------------ + +QBurst DevOps Team \ No newline at end of file diff --git a/ansible/main.yml b/ansible/main.yml new file mode 100644 index 0000000..3f11c0f --- /dev/null +++ b/ansible/main.yml @@ -0,0 +1,7 @@ +--- +- name: Ansible roles to create/manage users + hosts: localhost + gather_facts: true + become: yes + roles: + - role: user-management \ No newline at end of file diff --git a/ansible/user-management/defaults/main.yml b/ansible/user-management/defaults/main.yml new file mode 100644 index 0000000..036a59d --- /dev/null +++ b/ansible/user-management/defaults/main.yml @@ -0,0 +1 @@ +### NA \ No newline at end of file diff --git a/ansible/user-management/tasks/aws-add-user.yml b/ansible/user-management/tasks/aws-add-user.yml new file mode 100644 index 0000000..0790d44 --- /dev/null +++ b/ansible/user-management/tasks/aws-add-user.yml @@ -0,0 +1,38 @@ +--- +- name: Ensuring AWS IAM User does not exist + amazon.aws.iam_user_info: + name: "{{ users.aws.username }}" + register: user_info_result + +- name: Creating AWS IAM User + amazon.aws.iam_user: + name: "{{ users.aws.username }}" + state: present + password: "{{ users.aws.password }}" + password_reset_required: false + when: user_info_result.iam_users | length == 0 + +- name: Attaching AWS IAM Policy to IAM User + amazon.aws.iam_user: + name: "{{ users.aws.username }}" + managed_policies: "{{ users.aws.policy }}" + state: present + +- name: Check if access key exists for the IAM user + community.aws.iam_access_key_info: + user_name: "{{ users.aws.username }}" + register: iam_access_key_info_result + +- name: Creating AWS Access key for IAM user + community.aws.iam_access_key: + user_name: "{{ users.aws.username }}" + state: present + register: iam_access_key_result + when: iam_access_key_info_result.access_keys | length == 0 + +- name: Storing Credentials in home folder + copy: + content: "{{ iam_access_key_result.access_key.access_key_id }}:{{ iam_access_key_result.secret_access_key }}" + dest: "./aws_credentials.txt" + mode: "0600" + when: iam_access_key_info_result.access_keys | length == 0 \ No newline at end of file diff --git a/ansible/user-management/tasks/jenkins-add-user.yml b/ansible/user-management/tasks/jenkins-add-user.yml new file mode 100644 index 0000000..80eb738 --- /dev/null +++ b/ansible/user-management/tasks/jenkins-add-user.yml @@ -0,0 +1,27 @@ +--- +- name: Adding new user to Jenkins + jenkins_script: + url: "{{ users.jenkins.jenkins_host }}" + user: "{{ users.jenkins.admin_username }}" + password: "{{ users.jenkins.admin_password }}" + script: | + import jenkins.model.* + import hudson.security.* + + def instance = Jenkins.getInstance() + def existingUser = instance.securityRealm.allUsers.find {it.id == "{{ users.jenkins.new_username }}"} + println "Value of existingUser: $existingUser" + if (existingUser == null) { + def hudsonRealm = new HudsonPrivateSecurityRealm(false) + hudsonRealm.createAccount("{{ users.jenkins.new_username }}","{{ users.jenkins.new_password }}") + instance.setSecurityRealm(hudsonRealm) + instance.save() + } + else { + println("user already exists") + } + register: result + +- name: Printing result + debug: + var: result diff --git a/ansible/user-management/tasks/linux-add-user.yml b/ansible/user-management/tasks/linux-add-user.yml new file mode 100644 index 0000000..6d13128 --- /dev/null +++ b/ansible/user-management/tasks/linux-add-user.yml @@ -0,0 +1,21 @@ +--- +- name: Checking if the user already exists in Linux + command: getent passwd {{ users.linux.username }} + register: user_check + ignore_errors: true + when: "ansible_os_family == 'RedHat' or ansible_os_family == 'Debian'" + +- debug: + var: user_check + +- name: Creating new user in Linux + user: + name: "{{ users.linux.username }}" + state: present + groups: "{{ users.linux.groups }}" + password: "{{ users.linux.password }}" + shell: "{{ shell | default('/bin/bash') }}" + comment: "{{ comment | default('') }}" + update_password: always + when: "ansible_os_family == 'RedHat' or ansible_os_family == 'Debian' and user_check.rc != 0" + diff --git a/ansible/user-management/tasks/main.yml b/ansible/user-management/tasks/main.yml new file mode 100644 index 0000000..db74acd --- /dev/null +++ b/ansible/user-management/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- include: linux-add-user.yml + tags: linux + +- include: jenkins-add-user.yml + tags: jenkins + +- include: aws-add-user.yml + tags: aws + +- include: mysql-add-user.yml + tags: mysql + +- include: postgres-add-user.yml + tags: postgres \ No newline at end of file diff --git a/ansible/user-management/tasks/mysql-add-user.yml b/ansible/user-management/tasks/mysql-add-user.yml new file mode 100644 index 0000000..30f705a --- /dev/null +++ b/ansible/user-management/tasks/mysql-add-user.yml @@ -0,0 +1,42 @@ +--- + - name: Installing MySQL Python library + pip: + name: + - mysql-client + - pymysql + executable: pip3 + when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'CentOS' + ignore_errors: yes + + - name: Checking if MySQL user already exists + mysql_query: + login_host: "{{ users.mysql.mysql_host }}" # Replace with the correct host name + login_user: root # Assuming default MySQL superuser + login_password: "{{ users.mysql.mysql_root_password }}" # Specify the password for the MySQL superuser + login_db: mysql # Replace with the correct database name + query: "SELECT User FROM mysql.user WHERE User='{{ users.mysql.mysql_new_user }}';" + register: mysql_user_check + + - debug: + var: mysql_user_check + + - name: Checking if user exists + debug: + msg: "User already exists" + when: mysql_user_check.rowcount[0] > 0 + + - name: Creating MySQL User + mysql_user: + name: "{{ users.mysql.mysql_new_user }}" # specify the new user + password: "{{ users.mysql.mysql_new_password }}" # specify the new user password + priv: "*.*:ALL" # Example privilege; adjust as needed + state: present + login_user: root # Assuming default MySQL superuser + login_password: "{{ users.mysql.mysql_root_password }}" # Specify the password for the MySQL superuser + login_host: "{{ users.mysql.mysql_host }}" # Replace with the correct host name + when: mysql_user_check.rowcount[0] == 0 + register: user_creation_result + + - name: Printing Creation Result + debug: + var: user_creation_result \ No newline at end of file diff --git a/ansible/user-management/tasks/postgres-add-user.yml b/ansible/user-management/tasks/postgres-add-user.yml new file mode 100644 index 0000000..eb25f17 --- /dev/null +++ b/ansible/user-management/tasks/postgres-add-user.yml @@ -0,0 +1,25 @@ + - name: Querying PostgreSQL for user existence + community.general.postgresql_query: + db: "{{ users.postgres.postgres_db }}" # Replace with the correct database name + login_host: "{{ users.postgres.postgres_host }}" # Replace with the correct host name + login_user: "{{ users.postgres.postgres_root_user }}" # Assuming default PostgreSQL superuser + login_password: "{{ users.postgres.postgres_root_password }}" # Specify the password for the PostgreSQL superuser + query: "SELECT 1 FROM pg_roles WHERE rolname='{{ users.postgres.postgres_new_user }}'" + register: user_exists + ignore_errors: true + + - name: Checking if the user already exist + debug: + msg: "User already exists" + when: user_exists.rowcount > 0 + + - name: Creating PostgreSQL user + community.postgresql.postgresql_user: + db: "{{ users.postgres.postgres_db }}" # Replace with the correct database name + login_host: "{{ users.postgres.postgres_host }}" # Replace with the correct host name + login_user: "{{ users.postgres.postgres_root_user }}" # Assuming default PostgreSQL superuser + login_password: "{{ users.postgres.postgres_root_password }}" # Specify the password for the PostgreSQL superuser + name: "{{ users.postgres.postgres_new_user }}" # specify the new user + password: "{{ users.postgres.postgres_new_password }}" # specify the new user password + priv: "ALL" # Example privilege; adjust as needed + when: user_exists.rowcount == 0 \ No newline at end of file diff --git a/ansible/user-management/tests/inventory b/ansible/user-management/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/ansible/user-management/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/ansible/user-management/vars/main.yml b/ansible/user-management/vars/main.yml new file mode 100644 index 0000000..b7dabde --- /dev/null +++ b/ansible/user-management/vars/main.yml @@ -0,0 +1,28 @@ +--- +users: + linux: + username: linux + password: linux@12# + groups: sudo + jenkins: + new_username: jenkins + new_password: jenkins@12# + jenkins_host: http://localhost:8080 + admin_username: admin + admin_password: admin@12# + aws: + username: aws_user + password: aws_user@12# + policy: AmazonS3FullAccess + mysql: + mysql_root_password: root@12# + mysql_new_user: mysql + mysql_new_password: mysql@12# + mysql_host: localhost + postgres: + postgres_root_password: root@12# + postgres_root_user: root + postgres_new_user: postgres_user + postgres_new_password: postgres_user@12# + postgres_host: localhost + postgres_db: root \ No newline at end of file From ee1f8e18e2d277699c6576a7e63f42ec1d0831a0 Mon Sep 17 00:00:00 2001 From: qburst-arjunm Date: Sat, 17 Feb 2024 11:57:32 +0530 Subject: [PATCH 2/4] Readme update --- ansible/README.md | 85 ++++--------------------------- ansible/user-management/README.md | 79 ++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+), 74 deletions(-) create mode 100644 ansible/user-management/README.md diff --git a/ansible/README.md b/ansible/README.md index d61c0a5..1740370 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -1,79 +1,16 @@ -# Ansible Role for User Management +# Ansible Roles ========= -Ansible playbook to create user accounts in AWS, Jenkins, Linux, MySQL and PostgreSQL. +## Structure +- **ansible** +This is where the various roles resides. -# Requirements ------------- +## Prerequisites +- Ansible +- Python -The role can be executed on any machine having Linux OS with the below packages. - - Ansible - - Python - - pymysql - - mysql-client - - postgresql-client - - awscli +## Role List +### 1. User-management +[User management in various tools](/ansible/user-management/main.yml) -# Role Variables --------------- - -Available variables are listed below (user-management/vars/main.yml): - -users - - aws - - linux - - jenkins - - mysql - - postgres - -# Role tasks -------------- - -Available tasks are listed below (user-management/tasks/) - -tasks - - aws-add-user.yml - - jenkins-add-user.yml - - linux-add-user.yml - - mysql-add-user.yml - - postgres-add-user.yml - -# Dependencies ------------- - -1. Configure AWS access key and secret key for running aws user creation. -2. Modify Jenkins authorization security by enabling necessary permission for the admin user. -3. Grant access to the IP from where you are running this playbook in the MySQL server. -4. Allow necessary access in all the servers. - - -# Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - --- - - name: Ansible roles to create/manage users - hosts: servers - gather_facts: true - become: yes - roles: - - role: user-management - -The same is provided in the main.yml residing outside the role. You can use the following command to run all the tasks. - -### ansible-playbook main.yml - -You can use --skip-tags to exclude any particular role - -### Ex: ansible-playbook main.yml --skip-tags linux - -# License -------- - -BSD - -# Author Information ------------------- - -QBurst DevOps Team \ No newline at end of file + This role will help you to manage/create users in various tools. \ No newline at end of file diff --git a/ansible/user-management/README.md b/ansible/user-management/README.md new file mode 100644 index 0000000..d61c0a5 --- /dev/null +++ b/ansible/user-management/README.md @@ -0,0 +1,79 @@ +# Ansible Role for User Management +========= + +Ansible playbook to create user accounts in AWS, Jenkins, Linux, MySQL and PostgreSQL. + +# Requirements +------------ + +The role can be executed on any machine having Linux OS with the below packages. + - Ansible + - Python + - pymysql + - mysql-client + - postgresql-client + - awscli + +# Role Variables +-------------- + +Available variables are listed below (user-management/vars/main.yml): + +users + - aws + - linux + - jenkins + - mysql + - postgres + +# Role tasks +------------- + +Available tasks are listed below (user-management/tasks/) + +tasks + - aws-add-user.yml + - jenkins-add-user.yml + - linux-add-user.yml + - mysql-add-user.yml + - postgres-add-user.yml + +# Dependencies +------------ + +1. Configure AWS access key and secret key for running aws user creation. +2. Modify Jenkins authorization security by enabling necessary permission for the admin user. +3. Grant access to the IP from where you are running this playbook in the MySQL server. +4. Allow necessary access in all the servers. + + +# Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + --- + - name: Ansible roles to create/manage users + hosts: servers + gather_facts: true + become: yes + roles: + - role: user-management + +The same is provided in the main.yml residing outside the role. You can use the following command to run all the tasks. + +### ansible-playbook main.yml + +You can use --skip-tags to exclude any particular role + +### Ex: ansible-playbook main.yml --skip-tags linux + +# License +------- + +BSD + +# Author Information +------------------ + +QBurst DevOps Team \ No newline at end of file From 2e07fbd9a9eec3d1902d5d323bfaa8f3f07dad9c Mon Sep 17 00:00:00 2001 From: qburst-arjunm Date: Mon, 6 May 2024 01:45:14 +0530 Subject: [PATCH 3/4] module update --- README.md | 2 +- ansible/README.md | 2 +- ansible/user-management/README.md | 3 -- .../user-management/tasks/aws-add-user.yml | 22 +++++--- .../tasks/jenkins-add-user.yml | 12 +++-- .../user-management/tasks/linux-add-user.yml | 31 +++++------ .../user-management/tasks/mysql-add-user.yml | 21 +++++--- .../tasks/postgres-add-user.yml | 28 +++++----- ansible/user-management/vars/main.yml | 53 +++++++++++-------- 9 files changed, 97 insertions(+), 77 deletions(-) diff --git a/README.md b/README.md index 35cb459..04fac7e 100644 --- a/README.md +++ b/README.md @@ -12,4 +12,4 @@ To facilitate easy navigation and access to the resources within this repository 1. [**Scripts**](/scripts/README.md): Within this folder, you will find a collection of various scripts that have been developed to automate tasks and streamline processes. These scripts have proven to be valuable tools, enhancing productivity in various workflows. 2. [**GitHub Actions**](/github-actions/README.md): This folder contains a selection of GitHub Actions that have been designed to optimize workflows. These actions offer a reusable and configurable approach for achieving efficiency and consistency in your development practices. 3. [**Terraform**](/terraform/README.md): In this folder, you will discover a comprehensive set of Terraform modules created to address common use cases. These modules helps you to rapidly provision and manage infrastructure resources with ease, leveraging the power and flexibility of Terraform. -4. [**Ansible**](/ansible/README.md): In this folder, you will discover a comprehensive set of ansible roles to create/manage users. This role helps you to easily manage users in different platforms like AWS, Linux, Jenkins, MySQL and Postgres. \ No newline at end of file +4. [**Ansible**](/ansible/README.md): In this folder, you will discover a comprehensive set of Ansible roles to run many common scenarios. \ No newline at end of file diff --git a/ansible/README.md b/ansible/README.md index 1740370..1b6dc93 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -13,4 +13,4 @@ This is where the various roles resides. ### 1. User-management [User management in various tools](/ansible/user-management/main.yml) - This role will help you to manage/create users in various tools. \ No newline at end of file + This role helps you to manage/creates users in different platforms like AWS, Linux, Jenkins, MySQL and Postgres. \ No newline at end of file diff --git a/ansible/user-management/README.md b/ansible/user-management/README.md index d61c0a5..82b289b 100644 --- a/ansible/user-management/README.md +++ b/ansible/user-management/README.md @@ -68,9 +68,6 @@ You can use --skip-tags to exclude any particular role ### Ex: ansible-playbook main.yml --skip-tags linux -# License -------- - BSD # Author Information diff --git a/ansible/user-management/tasks/aws-add-user.yml b/ansible/user-management/tasks/aws-add-user.yml index 0790d44..dc59890 100644 --- a/ansible/user-management/tasks/aws-add-user.yml +++ b/ansible/user-management/tasks/aws-add-user.yml @@ -1,38 +1,44 @@ --- - name: Ensuring AWS IAM User does not exist amazon.aws.iam_user_info: - name: "{{ users.aws.username }}" + name: "{{ item.username }}" register: user_info_result + with_items: "{{ users.aws }}" - name: Creating AWS IAM User amazon.aws.iam_user: - name: "{{ users.aws.username }}" + name: "{{ item.username }}" state: present - password: "{{ users.aws.password }}" + password: "{{ item.password }}" password_reset_required: false when: user_info_result.iam_users | length == 0 + with_items: "{{ users.aws }}" - name: Attaching AWS IAM Policy to IAM User amazon.aws.iam_user: - name: "{{ users.aws.username }}" - managed_policies: "{{ users.aws.policy }}" + name: "{{ item.username }}" + managed_policies: "{{ item.policy }}" state: present + with_items: "{{ users.aws }}" - name: Check if access key exists for the IAM user community.aws.iam_access_key_info: - user_name: "{{ users.aws.username }}" + user_name: "{{ item.username }}" register: iam_access_key_info_result + with_items: "{{ users.aws }}" - name: Creating AWS Access key for IAM user community.aws.iam_access_key: - user_name: "{{ users.aws.username }}" + user_name: "{{ item.username }}" state: present register: iam_access_key_result when: iam_access_key_info_result.access_keys | length == 0 + with_items: "{{ users.aws }}" - name: Storing Credentials in home folder copy: content: "{{ iam_access_key_result.access_key.access_key_id }}:{{ iam_access_key_result.secret_access_key }}" dest: "./aws_credentials.txt" mode: "0600" - when: iam_access_key_info_result.access_keys | length == 0 \ No newline at end of file + when: iam_access_key_info_result.access_keys | length == 0 + with_items: "{{ users.aws }}" \ No newline at end of file diff --git a/ansible/user-management/tasks/jenkins-add-user.yml b/ansible/user-management/tasks/jenkins-add-user.yml index 80eb738..860e49c 100644 --- a/ansible/user-management/tasks/jenkins-add-user.yml +++ b/ansible/user-management/tasks/jenkins-add-user.yml @@ -1,19 +1,19 @@ --- - name: Adding new user to Jenkins jenkins_script: - url: "{{ users.jenkins.jenkins_host }}" - user: "{{ users.jenkins.admin_username }}" - password: "{{ users.jenkins.admin_password }}" + url: "{{ item.jenkins_host }}" + user: "{{ item.admin_username }}" + password: "{{ item.admin_password }}" script: | import jenkins.model.* import hudson.security.* def instance = Jenkins.getInstance() - def existingUser = instance.securityRealm.allUsers.find {it.id == "{{ users.jenkins.new_username }}"} + def existingUser = instance.securityRealm.allUsers.find {it.id == "{{ item.new_username }}"} println "Value of existingUser: $existingUser" if (existingUser == null) { def hudsonRealm = new HudsonPrivateSecurityRealm(false) - hudsonRealm.createAccount("{{ users.jenkins.new_username }}","{{ users.jenkins.new_password }}") + hudsonRealm.createAccount("{{ item.new_username }}","{{ item.new_password }}") instance.setSecurityRealm(hudsonRealm) instance.save() } @@ -21,7 +21,9 @@ println("user already exists") } register: result + with_items: "{{ users.jenkins }}" - name: Printing result debug: var: result + with_items: "{{ users.jenkins }}" diff --git a/ansible/user-management/tasks/linux-add-user.yml b/ansible/user-management/tasks/linux-add-user.yml index 6d13128..7f653ae 100644 --- a/ansible/user-management/tasks/linux-add-user.yml +++ b/ansible/user-management/tasks/linux-add-user.yml @@ -1,21 +1,18 @@ --- -- name: Checking if the user already exists in Linux - command: getent passwd {{ users.linux.username }} - register: user_check - ignore_errors: true - when: "ansible_os_family == 'RedHat' or ansible_os_family == 'Debian'" - -- debug: - var: user_check - -- name: Creating new user in Linux +- name: Create user user: - name: "{{ users.linux.username }}" + name: "{{ item.username }}" + uid: "{{ item.uid }}" + state: present + groups: "{{ item.groups }}" + shell: /bin/bash + home: "{{ item.home_directory | default('/home/' + item.username) }}" + with_items: "{{ users.linux }}" + +- name: Add SSH public key to authorized_keys + authorized_key: + user: "{{ item.username }}" + key: "{{ item.ssh_key }}" state: present - groups: "{{ users.linux.groups }}" - password: "{{ users.linux.password }}" - shell: "{{ shell | default('/bin/bash') }}" - comment: "{{ comment | default('') }}" - update_password: always - when: "ansible_os_family == 'RedHat' or ansible_os_family == 'Debian' and user_check.rc != 0" + with_items: "{{ users.linux }}" diff --git a/ansible/user-management/tasks/mysql-add-user.yml b/ansible/user-management/tasks/mysql-add-user.yml index 30f705a..4e314ce 100644 --- a/ansible/user-management/tasks/mysql-add-user.yml +++ b/ansible/user-management/tasks/mysql-add-user.yml @@ -10,33 +10,38 @@ - name: Checking if MySQL user already exists mysql_query: - login_host: "{{ users.mysql.mysql_host }}" # Replace with the correct host name + login_host: "{{ item.mysql_host }}" # Replace with the correct host name login_user: root # Assuming default MySQL superuser - login_password: "{{ users.mysql.mysql_root_password }}" # Specify the password for the MySQL superuser + login_password: "{{ item.mysql_root_password }}" # Specify the password for the MySQL superuser login_db: mysql # Replace with the correct database name - query: "SELECT User FROM mysql.user WHERE User='{{ users.mysql.mysql_new_user }}';" + query: "SELECT User FROM mysql.user WHERE User='{{ item.mysql_new_user }}';" register: mysql_user_check + with_items: "{{ users.mysql }}" - debug: var: mysql_user_check + with_items: "{{ users.mysql }}" - name: Checking if user exists debug: msg: "User already exists" when: mysql_user_check.rowcount[0] > 0 + with_items: "{{ users.mysql }}" - name: Creating MySQL User mysql_user: - name: "{{ users.mysql.mysql_new_user }}" # specify the new user - password: "{{ users.mysql.mysql_new_password }}" # specify the new user password + name: "{{ item.mysql_new_user }}" # specify the new user + password: "{{ item.mysql_new_password }}" # specify the new user password priv: "*.*:ALL" # Example privilege; adjust as needed state: present login_user: root # Assuming default MySQL superuser - login_password: "{{ users.mysql.mysql_root_password }}" # Specify the password for the MySQL superuser - login_host: "{{ users.mysql.mysql_host }}" # Replace with the correct host name + login_password: "{{ item.mysql_root_password }}" # Specify the password for the MySQL superuser + login_host: "{{ item.mysql_host }}" # Replace with the correct host name when: mysql_user_check.rowcount[0] == 0 register: user_creation_result + with_items: "{{ users.mysql }}" - name: Printing Creation Result debug: - var: user_creation_result \ No newline at end of file + var: user_creation_result + with_items: "{{ users.mysql }}" \ No newline at end of file diff --git a/ansible/user-management/tasks/postgres-add-user.yml b/ansible/user-management/tasks/postgres-add-user.yml index eb25f17..b2cb13f 100644 --- a/ansible/user-management/tasks/postgres-add-user.yml +++ b/ansible/user-management/tasks/postgres-add-user.yml @@ -1,25 +1,27 @@ - name: Querying PostgreSQL for user existence community.general.postgresql_query: - db: "{{ users.postgres.postgres_db }}" # Replace with the correct database name - login_host: "{{ users.postgres.postgres_host }}" # Replace with the correct host name - login_user: "{{ users.postgres.postgres_root_user }}" # Assuming default PostgreSQL superuser - login_password: "{{ users.postgres.postgres_root_password }}" # Specify the password for the PostgreSQL superuser - query: "SELECT 1 FROM pg_roles WHERE rolname='{{ users.postgres.postgres_new_user }}'" + db: "{{ item.postgres_db }}" # Replace with the correct database name + login_host: "{{ item.postgres_host }}" # Replace with the correct host name + login_user: "{{ item.postgres_root_user }}" # Assuming default PostgreSQL superuser + login_password: "{{ item.postgres_root_password }}" # Specify the password for the PostgreSQL superuser + query: "SELECT 1 FROM pg_roles WHERE rolname='{{ item.postgres_new_user }}'" register: user_exists ignore_errors: true + with_items: "{{ users.postgres }}" - name: Checking if the user already exist debug: msg: "User already exists" - when: user_exists.rowcount > 0 + when: user_exists.results[0].rowcount > 0 - name: Creating PostgreSQL user community.postgresql.postgresql_user: - db: "{{ users.postgres.postgres_db }}" # Replace with the correct database name - login_host: "{{ users.postgres.postgres_host }}" # Replace with the correct host name - login_user: "{{ users.postgres.postgres_root_user }}" # Assuming default PostgreSQL superuser - login_password: "{{ users.postgres.postgres_root_password }}" # Specify the password for the PostgreSQL superuser - name: "{{ users.postgres.postgres_new_user }}" # specify the new user - password: "{{ users.postgres.postgres_new_password }}" # specify the new user password + db: "{{ item.postgres_db }}" # Replace with the correct database name + login_host: "{{ item.postgres_host }}" # Replace with the correct host name + login_user: "{{ item.postgres_root_user }}" # Assuming default PostgreSQL superuser + login_password: "{{ item.postgres_root_password }}" # Specify the password for the PostgreSQL superuser + name: "{{ item.postgres_new_user }}" # specify the new user + password: "{{ item.postgres_new_password }}" # specify the new user password priv: "ALL" # Example privilege; adjust as needed - when: user_exists.rowcount == 0 \ No newline at end of file + when: user_exists.results[0].rowcount == 0 + with_items: "{{ users.postgres }}" \ No newline at end of file diff --git a/ansible/user-management/vars/main.yml b/ansible/user-management/vars/main.yml index b7dabde..e355f59 100644 --- a/ansible/user-management/vars/main.yml +++ b/ansible/user-management/vars/main.yml @@ -1,28 +1,39 @@ --- users: linux: - username: linux - password: linux@12# - groups: sudo + - username: linux + groups: + - docker + - qburst + - sudo + ssh_key: ssh-rsa xyzxyzxyz + uid: 4015 + home_directory: /home/test + - username: testuser + groups: + - docker + - sudo + ssh_key: ssh-rsa xyzxyzxyz + uid: 5015 jenkins: - new_username: jenkins - new_password: jenkins@12# - jenkins_host: http://localhost:8080 - admin_username: admin - admin_password: admin@12# + - new_username: jenkins + new_password: jenkins@12# + jenkins_host: http://localhost:8080 + admin_username: admin + admin_password: admin@12# aws: - username: aws_user - password: aws_user@12# - policy: AmazonS3FullAccess + - username: aws_user + password: aws_user@12# + policy: AmazonS3FullAccess mysql: - mysql_root_password: root@12# - mysql_new_user: mysql - mysql_new_password: mysql@12# - mysql_host: localhost + - mysql_root_password: root@12# + mysql_new_user: mysql + mysql_new_password: mysql@12# + mysql_host: localhost postgres: - postgres_root_password: root@12# - postgres_root_user: root - postgres_new_user: postgres_user - postgres_new_password: postgres_user@12# - postgres_host: localhost - postgres_db: root \ No newline at end of file + - postgres_root_password: root@12# + postgres_root_user: root + postgres_new_user: postgres_user + postgres_new_password: postgres_user@12# + postgres_host: localhost + postgres_db: root \ No newline at end of file From c0a6d76bdd2463bfaadef50617cf9429dd2999e7 Mon Sep 17 00:00:00 2001 From: qburst-arjunm Date: Mon, 20 May 2024 23:43:20 +0530 Subject: [PATCH 4/4] README update --- ansible/user-management/README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/ansible/user-management/README.md b/ansible/user-management/README.md index 82b289b..47e7d7b 100644 --- a/ansible/user-management/README.md +++ b/ansible/user-management/README.md @@ -68,8 +68,6 @@ You can use --skip-tags to exclude any particular role ### Ex: ansible-playbook main.yml --skip-tags linux -BSD - # Author Information ------------------