pve_auth: create role
This commit is contained in:
parent
32ed73735f
commit
8f51a2fb80
4 changed files with 46 additions and 0 deletions
4
roles/pve_auth/defaults/main.yml
Normal file
4
roles/pve_auth/defaults/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
pve_auth__groups: {}
|
||||||
|
pve_auth__users: {}
|
||||||
|
...
|
17
roles/pve_auth/tasks/main.yml
Normal file
17
roles/pve_auth/tasks/main.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
- name: Configure PVE users
|
||||||
|
template:
|
||||||
|
src: user.cfg.j2
|
||||||
|
dest: /etc/pve/user.cfg
|
||||||
|
owner: root
|
||||||
|
group: www-data
|
||||||
|
mode: u=rw,g=r,o=
|
||||||
|
|
||||||
|
- name: Configure PVE passwords
|
||||||
|
template:
|
||||||
|
src: shadow.cfg.j2
|
||||||
|
dest: /etc/pve/priv/shadow.cfg
|
||||||
|
owner: root
|
||||||
|
group: www-data
|
||||||
|
mode: u=rw,g=,o=
|
||||||
|
...
|
7
roles/pve_auth/templates/shadow.cfg.j2
Normal file
7
roles/pve_auth/templates/shadow.cfg.j2
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{% for name, user in pve_auth__users.items() %}
|
||||||
|
{% if user.enabled | default(True) %}
|
||||||
|
{{ name }}:{{ user.password }}:
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
18
roles/pve_auth/templates/user.cfg.j2
Normal file
18
roles/pve_auth/templates/user.cfg.j2
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{% for name, user in pve_auth__users.items() %}
|
||||||
|
{% if user.enabled | default(True) %}
|
||||||
|
user:{{ name }}@pve:1:0::::::
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
{% for group in pve_auth__groups.keys() %}
|
||||||
|
{% set users = pve_auth__users
|
||||||
|
| selectattr("groups", "defined")
|
||||||
|
| selectattr("groups", "contains", group) %}
|
||||||
|
group:{{ group }}:{{ users | join(",") }}::
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
{% for group, roles in pve_auth__groups.items() %}
|
||||||
|
acl:1:/:@{{ group }}:{{ roles | join(",") }}:
|
||||||
|
{% endfor %}
|
Loading…
Reference in a new issue