feature: cleaner user management (yml) and password generation

starkers commented 9 years ago

I tried your role several ways but ended up just basically writing it again.. (better for me to understand rundeck this way)

I hacked up some stuff to allow me to maintain users via ansible.. Its not elegant but it works.. so thought it might be of use to you too:

Example vars.yml

rundeck_user:
  - name: sysadmin
    pass: "duff beer gets tastier daily"
    roles:
      - user
      - admin
      - architect
      - deploy
      - build

  - name: deploy
    pass: "cloudy cloudy cloud cloud"
    roles:
     - user
     - deploy

Then a whole horrid bunch of hacks like this:

- name: remove default user
  lineinfile:
    dest: /etc/rundeck/realm.properties
    regexp: "^admin:admin,"
#user,admin,architect,deploy,build"
    state: absent
  notify: restart rundeck

- name: register a tmpfile name
  shell: mktemp
  register: mktemp
  changed_when: false

#Its a hack but it works[tm]
- name: generate the realm into a tmp file
  shell: HASH="$(java -cp {{ rundeck_jetty_jar }} org.eclipse.jetty.util.security.Password "{{ item.pass }}" 2>&1 | grep OBF )" ; printf "{{ item.name }}:$HASH,{{ item.roles|join(',')}}\n" >> {{ mktemp.stdout }}
  with_items: rundeck_user
  changed_when: false
  failed_when: false

- name: Checking for realm changes
  shell: diff {{ mktemp.stdout }} /etc/rundeck/realm.properties
  register: diff
  changed_when: false
  failed_when: false

- name: updating realm
  command: cp -pf {{ mktemp.stdout }} /etc/rundeck/realm.properties
  when: diff.rc != 0
  notify: restart rundeck

- name: cleanup
  changed_when: false
  file: name={{ mktemp.stdout }} state=absent

Regards -D

mat-green commented 9 years ago

Thank you for this and I will incorporate these ideas into the role when I get time.

xiaods commented 9 years ago

any update?

xiaods commented 9 years ago

rundeck_jetty_jar need defined first.

xiaods commented 9 years ago

- name: Upadte file owner to rundeck                                           
    file: /etc/rundeck/realm.properties owner=rundeck group=rundeck              
    changed_when: false                                                          
    failed_when: false

need update file owner.

starkers commented 9 years ago

I'm working on a different role to to deploying jobs+nodes for users (in the next few weeks) but yes that seems sensible.

mat-green commented 8 years ago

Should be resolved within release v0.0.8

New-Edge-Engineering / ansible-rundeck

feature: cleaner user management (yml) and password generation #8