40 lines
967 B
YAML
40 lines
967 B
YAML
|
# This playbook creates an ssh accessed user that is part of the docker group
|
||
|
|
# The reason for this is to create a user that can access docker services but
|
||
|
|
# not have root permissions to the host machine itself.
|
||
|
|
|
||
|
|
---
|
||
|
|
- hosts: alpha
|
||
|
|
remote_user: ubuntu
|
||
|
|
become: yes
|
||
|
|
vars:
|
||
|
|
NAME: dockerlass
|
||
|
|
tasks:
|
||
|
|
- name: Ensure Docker Group exists
|
||
|
|
group:
|
||
|
|
name: docker
|
||
|
|
state: present
|
||
|
|
|
||
|
|
- name: Ensure Docker-Only User exists and is part of the Docker group
|
||
|
|
user:
|
||
|
|
state: present
|
||
|
|
name: "{{ NAME }}"
|
||
|
|
create_home: true
|
||
|
|
groups: docker
|
||
|
|
|
||
|
|
- name: Ensure safe ~/.ssh directory
|
||
|
|
file:
|
||
|
|
path: "/home/{{NAME}}/.ssh"
|
||
|
|
state: directory
|
||
|
|
mode: 0700
|
||
|
|
owner: "{{ NAME }}"
|
||
|
|
|
||
|
|
- name: Ensure safe Authorized keys file
|
||
|
|
copy:
|
||
|
|
src: "{{ DOCKERLASS_PUB_KEY_PATH }}"
|
||
|
|
dest: "/home/{{NAME}}/.ssh/authorized_keys"
|
||
|
|
mode: 0600
|
||
|
|
owner: "{{ NAME }}"
|
||
|
|
|
||
|
|
|
||
|
|
|