tools/compute-images/ansible/roles/compute_user/tasks/main.yml

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: Apache-2.0
   4
   5 - name: Create compute user account
   6   ansible.builtin.user:
   7     name: "{{ compute_user_account }}"
   8     comment: Crunch user,,,,
   9     home: "{{ compute_user_home }}"
  10     password_lock: true
  11
  12 - name: Give compute user sudo access
  13   ansible.builtin.lineinfile:
  14     line: "{{ compute_user_account }} ALL=(ALL) NOPASSWD:ALL"
  15     path: /etc/sudoers.d/91-crunch
  16     create: true
  17     owner: root
  18     group: root
  19     mode: 0644
  20
  21 - name: Create compute user .ssh directory
  22   ansible.builtin.file:
  23     state: directory
  24     path: "{{ compute_user_home }}/.ssh"
  25     owner: "{{ compute_user_account }}"
  26     mode: 0700
  27
  28 - name: Initialize compute user authorized keys
  29   ansible.builtin.copy:
  30     src: "{{ compute_authorized_keys }}"
  31     dest: "{{ compute_user_home }}/.ssh/authorized_keys"
  32     owner: "{{ compute_user_account }}"
  33     mode: 0600
  34
  35 - name: Install dispatch public key
  36   ansible.builtin.lineinfile:
  37     path: "{{ compute_user_home }}/.ssh/authorized_keys"
  38     regexp: "^{{ item.0 | regex_escape }}\\s+{{ item.1 | regex_escape }}(\\s|$)"
  39     line: "{{ item | join(' ') }}"
  40   loop: "{{ compute_dispatch_ssh_keygen.stdout.splitlines()|map('split') }}"