Commit c30b7a15 authored by Maciej Delmanowski's avatar Maciej Delmanowski

[debops.root_account] Implement dotfile management

The 'debops.root_account' role will now manage the 'root' account
dotfiles directly, this functionality has been removed from the
'debops.users' role.
parent 59110c91
......@@ -251,6 +251,13 @@ Changed
:ref:`debops.roundcube` and :ref:`debops.librenms` roles, since
:ref:`debops.php` will take care of the installation.
- [debops.users][debops.root_account] Management of the ``root`` dotfiles has
been removed from the :ref:`debops.users` role and is now done in the
:ref:`debops.root_account` role, using the :command:`yadm` script. Users
might need to clean out the existing dotfiles if they were managed as
symlinks, otherwise :command:`yadm` script will not be able to correctly
deploy the new dotfiles.
Removed
~~~~~~~
......
......@@ -108,6 +108,32 @@ root_account__shell: ''
root_account__fix_no_tty: True
# ]]]
# ]]]
# The root dotfiles [[[
# ---------------------
# The dotfiles of the ``root`` account are managed using the :command:`yadm`
# script, installed by the :ref:`debops.yadm` role.
# .. envvar:: root_account__dotfiles_enabled [[[
#
# Enable or disable dotfiles management, depending on the availablility of the
# dotfiles repository installed by the :ref:`debops.yadm` role.
root_account__dotfiles_enabled: '{{ True
if (ansible_local|d() and ansible_local.yadm|d() and
ansible_local.yadm.dotfiles|d())
else False }}'
# ]]]
# .. envvar:: root_account__dotfiles_repo [[[
#
# An URL or an absolute directory to the :command:`git` repository that
# contains dotfiles for the ``root`` account.
root_account__dotfiles_repo: '{{ ansible_local.yadm.dotfiles
if (ansible_local|d() and ansible_local.yadm|d() and
ansible_local.yadm.dotfiles|d())
else "" }}'
# ]]]
# ]]]
# Authorized SSH keys [[[
# -----------------------
......
......@@ -105,6 +105,18 @@
state: 'present'
when: root_account__enabled|bool and root_account__fix_no_tty|bool
- name: Manage root dotfiles
shell: |
if ! [ -e "$HOME/.yadm/repo.git" ] ; then
yadm clone --bootstrap "{{ root_account__dotfiles_repo }}"
else
yadm pull
fi
register: root_account__register_dotfiles
changed_when: ('Already up-to-date.' not in root_account__register_dotfiles.stdout_lines)
when: root_account__dotfiles_enabled|bool
check_mode: False
- name: Make sure Ansible fact directory exists
file:
path: '/etc/ansible/facts.d'
......
......@@ -129,14 +129,6 @@ users__group_accounts: []
# List of UNIX user accounts to manage on specific hosts in Ansible inventory.
users__host_accounts: []
# ]]]
# .. envvar:: users__root_accounts [[[
#
# This is only used for configuration files and SSH keys management on the
# UNIX ``root`` account.
users__root_accounts:
- name: 'root'
# ]]]
# .. envvar:: users__default_accounts [[[
#
......
......@@ -11,7 +11,6 @@
update: '{{ (item.dotfiles_update | d(users__dotfiles_combined_map[item.dotfiles_name
| d(users__dotfiles_name)].update | d(users__dotfiles_update))) | bool }}'
with_flattened:
- '{{ users__root_accounts }}'
- '{{ users__default_accounts }}'
- '{{ users__admin_accounts }}'
- '{{ users__accounts }}'
......@@ -38,7 +37,6 @@
changed_when: users__register_dotfiles_command.stdout|d() and
not users__register_dotfiles_command.stdout.startswith('skipped, since ')
with_flattened:
- '{{ users__root_accounts }}'
- '{{ users__default_accounts }}'
- '{{ users__admin_accounts }}'
- '{{ users__accounts }}'
......@@ -59,7 +57,6 @@
users__dotfiles_combined_map[item.dotfiles_name | d(users__dotfiles_name)].shell|d())
else (users__default_shell if users__default_shell else omit)) }}'
with_flattened:
- '{{ users__root_accounts }}'
- '{{ users__default_accounts }}'
- '{{ users__admin_accounts }}'
- '{{ users__accounts }}'
......
......@@ -7,7 +7,6 @@
user: '{{ item.name }}'
exclusive: '{{ item.sshkeys_exclusive | d(omit) }}'
with_flattened:
- '{{ users__root_accounts }}'
- '{{ users__default_accounts }}'
- '{{ users__admin_accounts }}'
- '{{ users__accounts }}'
......@@ -23,7 +22,6 @@
path: '~{{ item.name }}/.ssh/authorized_keys'
state: 'absent'
with_flattened:
- '{{ users__root_accounts }}'
- '{{ users__default_accounts }}'
- '{{ users__admin_accounts }}'
- '{{ users__accounts }}'
......
......@@ -27,7 +27,7 @@
- name: Check if defined shells exist
stat:
path: "{{ item }}"
loop: '{{ ((users__default_accounts + users__admin_accounts + users__root_accounts
loop: '{{ ((users__default_accounts + users__admin_accounts
+ users__accounts + users__group_accounts + users__host_accounts
+ users__dependent_accounts) | selectattr("shell", "defined")
| map(attribute="shell") | unique | list)
......
......@@ -140,6 +140,12 @@ Inventory variable changes
| ``sshd__ldap_password_length`` | Removed | No |
+---------------------------------------------+--------------------------------+--------------------------------------------------+
- The management of the ``root`` account dotfiles has been removed from the
:ref:`debops.users` role and is now included in the
:ref:`debops.root_account` role. The dotfiles are managed using
:command:`yadm` script, installed by the :ref:`debops.yadm` role. The
``users__root_accounts`` list has been removed.
v0.8.1 (2019-02-02)
-------------------
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment