47 lines
1.3 KiB
YAML
47 lines
1.3 KiB
YAML
|
---
|
||
|
- name: Create user {{ k8s_deployment_user }}
|
||
|
user:
|
||
|
name: "{{ k8s_deployment_user }}"
|
||
|
groups: adm
|
||
|
shell: /bin/bash
|
||
|
|
||
|
- name: Ensure that .ssh exists
|
||
|
file:
|
||
|
path: "/home/{{ k8s_deployment_user }}/.ssh"
|
||
|
state: directory
|
||
|
owner: "{{ k8s_deployment_user }}"
|
||
|
group: "{{ k8s_deployment_user }}"
|
||
|
|
||
|
- name: Configure sudo for deployment user
|
||
|
copy:
|
||
|
content: |
|
||
|
%{{ k8s_deployment_user }} ALL=(ALL) NOPASSWD: ALL
|
||
|
dest: "/etc/sudoers.d/55-k8s-deployment"
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: 0644
|
||
|
|
||
|
- name: Write private SSH key
|
||
|
copy:
|
||
|
src: "{{ k8s_deployment_user_pkey_path }}"
|
||
|
dest: "/home/{{ k8s_deployment_user }}/.ssh/id_rsa"
|
||
|
mode: 0400
|
||
|
owner: "{{ k8s_deployment_user }}"
|
||
|
group: "{{ k8s_deployment_user }}"
|
||
|
when: k8s_deployment_user_pkey_path is defined
|
||
|
|
||
|
- name: Write public SSH key
|
||
|
shell: "ssh-keygen -y -f /home/{{ k8s_deployment_user }}/.ssh/id_rsa \
|
||
|
> /home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
||
|
args:
|
||
|
creates: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
||
|
when: k8s_deployment_user_pkey_path is defined
|
||
|
|
||
|
- name: Fix ssh-pub-key permissions
|
||
|
file:
|
||
|
path: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
||
|
mode: 0600
|
||
|
owner: "{{ k8s_deployment_user }}"
|
||
|
group: "{{ k8s_deployment_user }}"
|
||
|
when: k8s_deployment_user_pkey_path is defined
|