GithubHelp home page GithubHelp logo

riotkit / ansible-advanced-user-role Goto Github PK

View Code? Open in Web Editor NEW
1.0 2.0 0.0 13 KB

Ansible: Multi-user management

Shell 27.67% HTML 72.33%
ansible ansible-role ssh user-management server-automation deployment anarchist anarchist-federation iwa-ait wolnosciowiec

ansible-advanced-user-role's Introduction

Multi-User project

Multi-user management with focus on a project to which everybody has access via sudo.

Features:

  • User creation
  • Jailing using docker (runs a one-time docker container for a ssh session) (optional)
  • Giving limited sudo access to one command for project management (optional)
  • ZSH configuration with oh-my-zsh extensions (optional)
  • Optional SSH configuration per user (eg. what is allowed, if user can forward ports, if can forward X11, etc.) (optional)

Example case #1:

  • There are multiple organizations managing their pages
  • We deploy a docker project that contains multiple websites
  • Each user can manage the docker project via sudo ./make.sh ... something ... instead of having access to global sudo

Role Variables

technical_entrypoint: "/project/make.sh"
enable_technical_entrypoint: true

use_technical_group: true
use_technical_user: true
technical_account: "tech.admin"
technical_account_id: 1800
technical_group: "technical"
technical_group_id: 1161

users:
    accounts:
        - login: iwa.somebody
          section: "ZSP" # account description / organization name / etc.
          password: 'some-password-hash-generated-by-mkpasswd'
          global_sudo: no
          sudo_without_password: yes
          ssh_pub_key: 'path-to-id.pub'
          ssh_priv_key: 'path-to-id'
          ssh_authorized_keys:
              - path_to_key.pub
          ssh_known_hosts:
              - "[localhost]:2222 ecdsa-sha2-nistp256 soooomeeekey-here"
          gid: 1161
          uid: 2050
          disabled: no
          shell: /bin/zsh

          # optional jail configuration (defaults: no jail usage)
          jailed: no
          containerize_image: "alpine:3.12"

          # optional SSH configuration per user (defaults: global ssh settings used, nothing overridden if key here is not defined)
          tcp_forwarding: yes
          x11_forwarding: yes
          allow_password_auth: yes
          gateway_ports: yes
          permit_tty: yes
          permit_tunnel: yes
          allow_agent_forwarding: yes
          permit_user_environment: yes
          client_alive_interval: 30
          client_alive_count_max: 2
          disable_sftp: yes
          #ssh_force_command: /bin/false # does not work when "jailed: yes"

Blocking access for the user account

  1. Edit users.accounts variable
  2. For specified user account please set disabled: yes
    • NOTICE: Deleting whole user section from file will not have an effect, as the deployment will ignore that user and will not change it so the user account deletion is not possible, only blocking is possible
  3. Run deployment

License

MIT

Made especially for: https://iwa-ait.org https://zsp.net.pl

ansible-advanced-user-role's People

Contributors

blackandred avatar

Stargazers

avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.