+ Docker user
This commit is contained in:
parent
92733f6613
commit
1ab3137444
39
playbooks/alpha/docker-user.yml
Normal file
39
playbooks/alpha/docker-user.yml
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
# This playbook creates an ssh accessed user that is part of the docker group
|
||||||
|
# The reason for this is to create a user that can access docker services but
|
||||||
|
# not have root permissions to the host machine itself.
|
||||||
|
|
||||||
|
---
|
||||||
|
- hosts: alpha
|
||||||
|
remote_user: ubuntu
|
||||||
|
become: yes
|
||||||
|
vars:
|
||||||
|
NAME: dockerlass
|
||||||
|
tasks:
|
||||||
|
- name: Ensure Docker Group exists
|
||||||
|
group:
|
||||||
|
name: docker
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure Docker-Only User exists and is part of the Docker group
|
||||||
|
user:
|
||||||
|
state: present
|
||||||
|
name: "{{ NAME }}"
|
||||||
|
create_home: true
|
||||||
|
groups: docker
|
||||||
|
|
||||||
|
- name: Ensure safe ~/.ssh directory
|
||||||
|
file:
|
||||||
|
path: "/home/{{NAME}}/.ssh"
|
||||||
|
state: directory
|
||||||
|
mode: 0700
|
||||||
|
owner: "{{ NAME }}"
|
||||||
|
|
||||||
|
- name: Ensure safe Authorized keys file
|
||||||
|
copy:
|
||||||
|
src: "{{ DOCKERLASS_PUB_KEY_PATH }}"
|
||||||
|
dest: "/home/{{NAME}}/.ssh/authorized_keys"
|
||||||
|
mode: 0600
|
||||||
|
owner: "{{ NAME }}"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Loading…
Reference in New Issue
Block a user