You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fix basic_users not modifying default nfs-shared home correctly (#590)
* fix basic_users not modifying default nfs-shared home correctly
* fix generated public key not being injected into authorized_keys
* change default key type for in-cluster keys to ed25519
Copy file name to clipboardExpand all lines: ansible/roles/basic_users/README.md
+12-3Lines changed: 12 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,16 +2,19 @@
2
2
basic_users
3
3
===========
4
4
5
-
Setup users on cluster nodes using `/etc/passwd` and manipulating `$HOME`, i.e. without requiring LDAP etc. Features:
5
+
Setup users on cluster nodes using `/etc/passwd` and manipulating `$HOME`, i.e.
6
+
without requiring LDAP etc. Features:
6
7
- UID/GID is consistent across cluster (and explicitly defined).
7
8
- SSH key generated and propagated to all nodes to allow login between cluster nodes.
8
9
- An "external" SSH key can be added to allow login from elsewhere.
9
-
- Login to the control node is prevented.
10
+
- Login to the control node is prevented (by default)
10
11
- When deleting users, systemd user sessions are terminated first.
11
12
12
13
Requirements
13
14
------------
14
-
- $HOME (for normal users, i.e. not `centos`) is assumed to be on a shared filesystem.
15
+
-`$HOME` (for normal users, i.e. not `rocky`) is assumed to be on a shared
16
+
filesystem. Actions affecting that shared filesystem are run on a single host,
17
+
see `basic_users_manage_homedir` below.
15
18
16
19
Role Variables
17
20
--------------
@@ -22,9 +25,15 @@ Role Variables
22
25
-`shell` if *not* set will be `/sbin/nologin` on the `control` node and the default shell on other users. Explicitly setting this defines the shell for all nodes.
23
26
- An additional key `public_key` may optionally be specified to define a key to log into the cluster.
24
27
- An additional key `sudo` may optionally be specified giving a string (possibly multiline) defining sudo rules to be templated.
28
+
-`ssh_key_type` defaults to `ed25519` instead of the `ansible.builtin.user` default of `rsa`.
25
29
- Any other keys may present for other purposes (i.e. not used by this role).
26
30
-`basic_users_groups`: Optional, default empty list. A list of mappings defining information for each group. Mapping keys/values are passed through as parameters to [ansible.builtin.group](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/group_module.html) and default values are as given there.
27
31
-`basic_users_override_sssd`: Optional bool, default false. Whether to disable `sssd` when ensuring users/groups exist with this role. Permits creating local users/groups even if they clash with users provided via sssd (e.g. from LDAP). Ignored if host is not in group `sssd` as well. Note with this option active `sssd` will be stopped and restarted each time this role is run.
32
+
-`basic_users_manage_homedir`: Optional bool, must be true on a single host to
33
+
determine which host runs tasks affecting the shared filesystem. The default
34
+
is to use the first play host which is not the control node, because the
35
+
default NFS configuration does not have the shared `/home` directory mounted
0 commit comments