Skip to content

Instantly share code, notes, and snippets.

@zeitounator

zeitounator/session.txt

Last active January 12, 2024 16:09
Show Gist options
  • Save zeitounator/869eabdf10b69abd5f10c3cf671b985d to your computer and use it in GitHub Desktop.
Save zeitounator/869eabdf10b69abd5f10c3cf671b985d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
session.txt
$ # Test project structure
$ tree
.
├── test.yml
├── users_initial.yml
└── users_modify.yml
0 directories, 3 files
$ # User data for initial creation
$ cat users_initial.yml
---
users:
- username: user1
password: secret1
public_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDau24KkhJiZ6OfuhZrkoxv/YxWKJRdefI0lULdI+Lhw user1@machine
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGWtkBHm2bLuT40EJMC2d5gFVYl3N6qZcGLdf2BhA9F user1@machine
- username: user2
password: secret2
public_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbQwAiS7z6ea+5cZq3eNU5SZ+XwmYF52Z2ZUGEtS9C2 user2@machine
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8PnDXPKAWBK6G29tjli796Pyj2Y55RiwGWh2JT1oRu user2@machine
$ # User data for subsequent alter of user. Note a key changes for user1 and a key is deleted for user2
$ cat users_modify.yml
---
users:
- username: user1
password: secret1
public_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGHndjn7XPC59Z9KyrJHjX9/ntoIlHMqqTHRC04U+T0 user1@machine
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGWtkBHm2bLuT40EJMC2d5gFVYl3N6qZcGLdf2BhA9F user1@machine
- username: user2
password: secret2
public_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8PnDXPKAWBK6G29tjli796Pyj2Y55RiwGWh2JT1oRu user2@machine
$ # Playbook to test all this
$ cat test.yml
---
- hosts: all
gather_facts: false
vars_files:
- "users_{{ 'modify' if alter_users | d(false) | bool else 'initial' }}.yml"
vars:
my_hash_salt: totopipobingo
tasks:
- name: Create users in my test docker container
ansible.builtin.user:
name: "{{ item.username }}"
password: "{{ item.password | password_hash('sha512', my_hash_salt) }}"
loop: "{{ users }}"
loop_control:
label: "{{ item.username }}"
- name: Add keys for each user
ansible.posix.authorized_key:
user: "{{ item.username }}"
key: "{{ item.public_keys | join('\n') }}"
exclusive: true
loop: "{{ users }}"
loop_control:
label: "{{ item.username }}"
- name: "[verify]: getauthorized key files contents"
ansible.builtin.slurp:
src: /home/{{ item.username }}/.ssh/authorized_keys
register: key_files
loop: "{{ users }}"
loop_control:
label: "{{ item.username }}"
- name: "[verify]: show that each user has both keys"
ansible.builtin.debug:
msg: "{{ (item.content | b64decode).splitlines() }}"
loop: "{{ key_files.results }}"
loop_control:
label: "{{ item.item.username }}"
$ # span a docker container for testing
$ docker run -d --rm --name testkey python:latest tail -f /dev/null
13d1c4ac20412803364fdea5cecc71bedbbc79a12c5e692b21ddcb878c44f61c
$ # First run with initial data
$ ansible-playbook -i testkey, --connection docker test.yml
PLAY [all] ************************************************************************************************************************************************************************************************
TASK [Create users in my test docker container] ***********************************************************************************************************************************************************
changed: [testkey] => (item=user1)
changed: [testkey] => (item=user2)
TASK [Add keys for each user] *****************************************************************************************************************************************************************************
changed: [testkey] => (item=user1)
changed: [testkey] => (item=user2)
TASK [[verify]: getauthorized key files contents] *********************************************************************************************************************************************************
ok: [testkey] => (item=user1)
ok: [testkey] => (item=user2)
TASK [[verify]: show that each user has both keys] ********************************************************************************************************************************************************
ok: [testkey] => (item=user1) => {
"msg": [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDau24KkhJiZ6OfuhZrkoxv/YxWKJRdefI0lULdI+Lhw user1@machine",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGWtkBHm2bLuT40EJMC2d5gFVYl3N6qZcGLdf2BhA9F user1@machine"
]
}
ok: [testkey] => (item=user2) => {
"msg": [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbQwAiS7z6ea+5cZq3eNU5SZ+XwmYF52Z2ZUGEtS9C2 user2@machine",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8PnDXPKAWBK6G29tjli796Pyj2Y55RiwGWh2JT1oRu user2@machine"
]
}
PLAY RECAP ************************************************************************************************************************************************************************************************
testkey : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
$ # Make sure we are idempotent: run with same data, nothing should change
$ ansible-playbook -i testkey, --connection docker test.yml
PLAY [all] ************************************************************************************************************************************************************************************************
TASK [Create users in my test docker container] ***********************************************************************************************************************************************************
ok: [testkey] => (item=user1)
ok: [testkey] => (item=user2)
TASK [Add keys for each user] *****************************************************************************************************************************************************************************
ok: [testkey] => (item=user1)
ok: [testkey] => (item=user2)
TASK [[verify]: getauthorized key files contents] *********************************************************************************************************************************************************
ok: [testkey] => (item=user1)
ok: [testkey] => (item=user2)
TASK [[verify]: show that each user has both keys] ********************************************************************************************************************************************************
ok: [testkey] => (item=user1) => {
"msg": [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDau24KkhJiZ6OfuhZrkoxv/YxWKJRdefI0lULdI+Lhw user1@machine",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGWtkBHm2bLuT40EJMC2d5gFVYl3N6qZcGLdf2BhA9F user1@machine"
]
}
ok: [testkey] => (item=user2) => {
"msg": [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbQwAiS7z6ea+5cZq3eNU5SZ+XwmYF52Z2ZUGEtS9C2 user2@machine",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8PnDXPKAWBK6G29tjli796Pyj2Y55RiwGWh2JT1oRu user2@machine"
]
}
PLAY RECAP ************************************************************************************************************************************************************************************************
testkey : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
$ # Now run with altered data and make sure we only get the wanted keys for each user
$ ansible-playbook -i testkey, --connection docker test.yml -e alter_users=true
PLAY [all] ************************************************************************************************************************************************************************************************
TASK [Create users in my test docker container] ***********************************************************************************************************************************************************
ok: [testkey] => (item=user1)
ok: [testkey] => (item=user2)
TASK [Add keys for each user] *****************************************************************************************************************************************************************************
changed: [testkey] => (item=user1)
changed: [testkey] => (item=user2)
TASK [[verify]: getauthorized key files contents] *********************************************************************************************************************************************************
ok: [testkey] => (item=user1)
ok: [testkey] => (item=user2)
TASK [[verify]: show that each user has both keys] ********************************************************************************************************************************************************
ok: [testkey] => (item=user1) => {
"msg": [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGWtkBHm2bLuT40EJMC2d5gFVYl3N6qZcGLdf2BhA9F user1@machine",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGHndjn7XPC59Z9KyrJHjX9/ntoIlHMqqTHRC04U+T0 user1@machine"
]
}
ok: [testkey] => (item=user2) => {
"msg": [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8PnDXPKAWBK6G29tjli796Pyj2Y55RiwGWh2JT1oRu user2@machine"
]
}
PLAY RECAP ************************************************************************************************************************************************************************************************
testkey : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment