sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(users): update cloud-init template and input validation for dict users

Browse Source
This commit is contained in:
MORAWSKI Norbert
2026-03-20 15:10:31 +01:00
parent 3e85a44d8e
commit 704ff21f0e
2 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/global_defaults/tasks/_validate_input.yml
View File

@@ -8,11 +8,11 @@
that: that:
- system is mapping - system is mapping
- system.network is not defined or system.network is mapping - system.network is not defined or system.network is mapping
- system.users is not defined or (system.users is iterable and system.users is not string and system.users is not mapping) - system.users is not defined or system.users is mapping
- system.root is not defined or system.root is mapping - system.root is not defined or system.root is mapping
- system.luks is not defined or system.luks is mapping - system.luks is not defined or system.luks is mapping
- system.features is not defined or system.features is mapping - system.features is not defined or system.features is mapping
fail_msg: "system and its nested keys (network, root, luks, features) must be dictionaries; system.users must be a list." fail_msg: "system and its nested keys (network, root, luks, features, users) must be dictionaries."
quiet: true quiet: true
- name: Validate DNS lists (not strings) - name: Validate DNS lists (not strings)

18
roles/virtualization/templates/cloud-user-data.yml.j2
View File

@@ -4,18 +4,22 @@ ssh_pwauth: true
package_update: false package_update: false
package_upgrade: false package_upgrade: false
users: users:
{% for user in system_cfg.users %} {% for username, attrs in system_cfg.users.items() %}
- name: "{{ user.name }}" - name: "{{ username }}"
primary_group: "{{ user.name }}" primary_group: "{{ username }}"
groups: users groups: users
{% if user.sudo | default(false) | bool %} {% if attrs.sudo | default(false) | bool %}
sudo: "ALL=(ALL) NOPASSWD:ALL" sudo: "ALL=(ALL) NOPASSWD:ALL"
{% endif %} {% endif %}
passwd: "{{ user.password | password_hash('sha512') }}" {% if attrs.password | default('') | length > 0 %}
passwd: "{{ attrs.password | password_hash('sha512') }}"
lock_passwd: false lock_passwd: false
{% if 'keys' in user and user['keys'] is iterable and user['keys'] is not string and user['keys'] | length > 0 %} {% else %}
lock_passwd: true
{% endif %}
{% if 'keys' in attrs and attrs['keys'] is iterable and attrs['keys'] is not string and attrs['keys'] | length > 0 %}
ssh_authorized_keys: ssh_authorized_keys:
{% for key in user['keys'] %} {% for key in attrs['keys'] %}
- "{{ key }}" - "{{ key }}"
{% endfor %} {% endfor %}
{% endif %} {% endif %}