From 0285ebcda1cf28d94fa4fd55cf9c5a44428d8618 Mon Sep 17 00:00:00 2001 From: Vincent Lafeychine Date: Sun, 22 Oct 2023 17:01:36 +0200 Subject: [PATCH 1/7] chore(account): Allow unset UID --- roles/accounts/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/accounts/tasks/main.yml b/roles/accounts/tasks/main.yml index 1d3db70..235509d 100644 --- a/roles/accounts/tasks/main.yml +++ b/roles/accounts/tasks/main.yml @@ -2,8 +2,9 @@ - name: Set accounts include_tasks: account.yml vars: + home_prefix: "{{ '/data/project' if item.value.service | default(false) else '/home' }}" + uid: "{{ item.value.uid | default(omit) }}" user: "{{ item.user }}" - uid: "{{ item.value.uid }}" loop: "{{ accounts__users | dict2items(key_name = 'user') }}" when: "item.user in group_names or (item.value.admin | default(false))" ... From 749cf02b32f797d403f819de662f4e9f5ba2be8f Mon Sep 17 00:00:00 2001 From: Vincent Lafeychine Date: Sun, 22 Oct 2023 17:04:16 +0200 Subject: [PATCH 2/7] feat(account): Add service users --- roles/accounts/tasks/account.yml | 11 ++++++++--- roles/accounts/tasks/main.yml | 2 +- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/accounts/tasks/account.yml b/roles/accounts/tasks/account.yml index a921ee8..942faf2 100644 --- a/roles/accounts/tasks/account.yml +++ b/roles/accounts/tasks/account.yml @@ -6,16 +6,21 @@ - name: Set {{ user }} account user: group: "{{ user }}" - home: "/home/{{ user }}/" + home: "{{ workspace }}/{{ user }}" name: "{{ user }}" uid: "{{ uid }}" -- name: Initialise /data/work/ folder for {{ user }} +- name: Initialise folders for {{ user }} file: path: /data/work/{{ user }} state: directory group: "{{ user }}" owner: "{{ user }}" + loop: + - "/data/work/{{ user }}" + - "{{ workspace }}/{{ user }}" + loop_control: + loop_var: file - name: Copy SSH key of user {{ user }} authorized_key: @@ -30,7 +35,7 @@ copy: force: false src: "default{{ file }}" - dest: "/home/{{ user }}/{{ file }}" + dest: "{{ workspace }}/{{ user }}/{{ file }}" group: "{{ user }}" owner: "{{ user }}" loop: diff --git a/roles/accounts/tasks/main.yml b/roles/accounts/tasks/main.yml index 235509d..16fd9fc 100644 --- a/roles/accounts/tasks/main.yml +++ b/roles/accounts/tasks/main.yml @@ -2,9 +2,9 @@ - name: Set accounts include_tasks: account.yml vars: - home_prefix: "{{ '/data/project' if item.value.service | default(false) else '/home' }}" uid: "{{ item.value.uid | default(omit) }}" user: "{{ item.user }}" + workspace: "{{ '/data/project' if item.value.service | default(false) else '/home' }}" loop: "{{ accounts__users | dict2items(key_name = 'user') }}" when: "item.user in group_names or (item.value.admin | default(false))" ... From f3ddf80e4255bc5311a6430b786c0655669e2cf1 Mon Sep 17 00:00:00 2001 From: Vincent Lafeychine Date: Sun, 22 Oct 2023 17:22:05 +0200 Subject: [PATCH 3/7] feat(account): Add SSD folder if defined --- roles/accounts/tasks/account.yml | 8 ++++++++ roles/accounts/tasks/main.yml | 1 + 2 files changed, 9 insertions(+) diff --git a/roles/accounts/tasks/account.yml b/roles/accounts/tasks/account.yml index 942faf2..2ae3e6f 100644 --- a/roles/accounts/tasks/account.yml +++ b/roles/accounts/tasks/account.yml @@ -22,6 +22,14 @@ loop_control: loop_var: file +- name: Initialise {{ ssd }}/{{ user }} folder + file: + path: "{{ ssd }}/{{ user }}" + state: directory + group: "{{ user }}" + owner: "{{ user }}" + when: "service and ssd is defined" + - name: Copy SSH key of user {{ user }} authorized_key: user: "{{ user }}" diff --git a/roles/accounts/tasks/main.yml b/roles/accounts/tasks/main.yml index 16fd9fc..7f2e74e 100644 --- a/roles/accounts/tasks/main.yml +++ b/roles/accounts/tasks/main.yml @@ -2,6 +2,7 @@ - name: Set accounts include_tasks: account.yml vars: + service: "{{ item.value.service | default(false) }}" uid: "{{ item.value.uid | default(omit) }}" user: "{{ item.user }}" workspace: "{{ '/data/project' if item.value.service | default(false) else '/home' }}" From 3868e623097f92739c31b43e23c06901e620495d Mon Sep 17 00:00:00 2001 From: Vincent Lafeychine Date: Sun, 22 Oct 2023 17:25:23 +0200 Subject: [PATCH 4/7] chore(osm2pgsql): Do not use shared project-account anymore --- osm2pgsql.yml | 5 +++++ roles/osm2pgsql/tasks/main.yml | 2 -- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/osm2pgsql.yml b/osm2pgsql.yml index b3823af..ad31b8c 100644 --- a/osm2pgsql.yml +++ b/osm2pgsql.yml @@ -3,4 +3,9 @@ gather_facts: no become: yes roles: + - accounts - osm2pgsql + vars: + accounts__users: + osm2pgsql: + service: true diff --git a/roles/osm2pgsql/tasks/main.yml b/roles/osm2pgsql/tasks/main.yml index 543e230..ac705a3 100644 --- a/roles/osm2pgsql/tasks/main.yml +++ b/roles/osm2pgsql/tasks/main.yml @@ -15,8 +15,6 @@ - name: ensure postgresql server is running service: name=postgresql state=started -- include: ../../../shared/project-account.yml user=osm2pgsql - - name: add sudoers to access osm2pgsql user copy: src=sudoers dest=/etc/sudoers.d/osm2pgsql-backend mode=0440 owner=root group=root validate='visudo -cf %s' From 02530339a8c95070ea6273fe354f6465ba1ba18b Mon Sep 17 00:00:00 2001 From: Vincent Lafeychine Date: Sun, 22 Oct 2023 17:36:32 +0200 Subject: [PATCH 5/7] chore(README): Update instructions when adding an user --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4d284bc..0db1b51 100644 --- a/README.md +++ b/README.md @@ -43,10 +43,10 @@ installed with: ### Adding a new user to a specific machine 1. add the machine to file `hosts`, in the relevant section `[user]` -1. if necessary, add the user to `roles/common/tasks/main.yml`, with the public ssh key in `public\_keys/` +1. if necessary, add the user to `group_vars/all/accounts.yml`, with the public ssh key in `public\_keys/` 1. launch following command: ```shell - ansible-playbook -l common.yml --tags user_creation + ansible-playbook -l accounts.yml ``` ### Adding a service to a specific machine From ee050620726d17194952d6d5b669b9dba064c05c Mon Sep 17 00:00:00 2001 From: Vincent Lafeychine Date: Sun, 22 Oct 2023 22:14:12 +0200 Subject: [PATCH 6/7] chore: Remove ssd unused variable --- hosts | 6 +++--- roles/accounts/tasks/account.yml | 8 -------- shared/project-account.yml | 13 ------------- 3 files changed, 3 insertions(+), 24 deletions(-) diff --git a/hosts b/hosts index 5437e1f..e7e2139 100644 --- a/hosts +++ b/hosts @@ -262,8 +262,8 @@ proxy.osmose.vm.openstreetmap.fr cluster-free [overpass-api] -osm147.openstreetmap.fr overpass_version="v0.7.54" ssd="/ssd" -osm148.openstreetmap.fr overpass_version="v0.7.54" ssd="/ssd" +osm147.openstreetmap.fr overpass_version="v0.7.54" +osm148.openstreetmap.fr overpass_version="v0.7.54" [proxmox-backup] osm26.openstreetmap.fr proxmox_backup_exclude="118 144 186 999" proxmox_backup_target="osm32.openstreetmap.fr:rpool/backups" @@ -275,7 +275,7 @@ osm32.openstreetmap.fr proxmox_backup_host=true osm13.openstreetmap.fr renderd_layers=true osm166.openstreetmap.fr renderd_cyclosm=true renderd.th3.vm.openstreetmap.fr renderd_layers=true -bzh202.vm.openstreetmap.fr renderd_bzh=true +bzh202.vm.openstreetmap.fr renderd_bzh=true [wireguard] proxy.ovh.vm.openstreetmap.fr wireguard_config=server diff --git a/roles/accounts/tasks/account.yml b/roles/accounts/tasks/account.yml index 2ae3e6f..942faf2 100644 --- a/roles/accounts/tasks/account.yml +++ b/roles/accounts/tasks/account.yml @@ -22,14 +22,6 @@ loop_control: loop_var: file -- name: Initialise {{ ssd }}/{{ user }} folder - file: - path: "{{ ssd }}/{{ user }}" - state: directory - group: "{{ user }}" - owner: "{{ user }}" - when: "service and ssd is defined" - - name: Copy SSH key of user {{ user }} authorized_key: user: "{{ user }}" diff --git a/shared/project-account.yml b/shared/project-account.yml index 8deb3dd..801fe02 100644 --- a/shared/project-account.yml +++ b/shared/project-account.yml @@ -11,11 +11,6 @@ project_dir: "/data/project/{{ user }}" work_dir: "/data/work/{{ user }}" -- name: set ssd_dir if there is ssd disk - set_fact: - ssd_dir: "{{ ssd }}/{{ user }}" - when: "ssd is defined" - - name: Check if user exists action: shell /usr/bin/getent passwd {{ user }} register: user_exist @@ -48,14 +43,6 @@ - name: init /data/work/ path for ${user} file: path={{ work_dir }} state=directory owner={{ user }} group={{ user }} -- name: create {{ ssd_dir }} dir - file: - path: "{{ ssd_dir }}" - state: directory - owner: "{{ user }}" - group: "{{ user }}" - when: "ssd_dir is defined" - - name: copy default config files copy: force=no src="shared/files/default{{ item }}" dest="{{ project_dir }}/{{ item }}" owner={{ user }} group={{ user }} with_items: From cda43d802622efcd57451beb01a26fd1fecfd244 Mon Sep 17 00:00:00 2001 From: Vincent Lafeychine Date: Tue, 24 Oct 2023 09:28:41 +0200 Subject: [PATCH 7/7] fix(accounts): Use the loop variable for initialising folder task --- roles/accounts/tasks/account.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/accounts/tasks/account.yml b/roles/accounts/tasks/account.yml index 942faf2..cbb8daa 100644 --- a/roles/accounts/tasks/account.yml +++ b/roles/accounts/tasks/account.yml @@ -12,7 +12,7 @@ - name: Initialise folders for {{ user }} file: - path: /data/work/{{ user }} + path: "{{ file }}" state: directory group: "{{ user }}" owner: "{{ user }}"