pve_auth: create role
This commit is contained in:
parent
32ed73735f
commit
8f51a2fb80
4 changed files with 46 additions and 0 deletions
4
roles/pve_auth/defaults/main.yml
Normal file
4
roles/pve_auth/defaults/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
pve_auth__groups: {}
|
||||
pve_auth__users: {}
|
||||
...
|
17
roles/pve_auth/tasks/main.yml
Normal file
17
roles/pve_auth/tasks/main.yml
Normal file
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
- name: Configure PVE users
|
||||
template:
|
||||
src: user.cfg.j2
|
||||
dest: /etc/pve/user.cfg
|
||||
owner: root
|
||||
group: www-data
|
||||
mode: u=rw,g=r,o=
|
||||
|
||||
- name: Configure PVE passwords
|
||||
template:
|
||||
src: shadow.cfg.j2
|
||||
dest: /etc/pve/priv/shadow.cfg
|
||||
owner: root
|
||||
group: www-data
|
||||
mode: u=rw,g=,o=
|
||||
...
|
7
roles/pve_auth/templates/shadow.cfg.j2
Normal file
7
roles/pve_auth/templates/shadow.cfg.j2
Normal file
|
@ -0,0 +1,7 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
{% for name, user in pve_auth__users.items() %}
|
||||
{% if user.enabled | default(True) %}
|
||||
{{ name }}:{{ user.password }}:
|
||||
{% endif %}
|
||||
{% endfor %}
|
18
roles/pve_auth/templates/user.cfg.j2
Normal file
18
roles/pve_auth/templates/user.cfg.j2
Normal file
|
@ -0,0 +1,18 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
{% for name, user in pve_auth__users.items() %}
|
||||
{% if user.enabled | default(True) %}
|
||||
user:{{ name }}@pve:1:0::::::
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
{% for group in pve_auth__groups.keys() %}
|
||||
{% set users = pve_auth__users
|
||||
| selectattr("groups", "defined")
|
||||
| selectattr("groups", "contains", group) %}
|
||||
group:{{ group }}:{{ users | join(",") }}::
|
||||
{% endfor %}
|
||||
|
||||
{% for group, roles in pve_auth__groups.items() %}
|
||||
acl:1:/:@{{ group }}:{{ roles | join(",") }}:
|
||||
{% endfor %}
|
Loading…
Reference in a new issue