users: creates users with sudo access and users without.

Introduces a new list of users, managed_admin_users, which are given
sudo access.  The existing list, managed_users, are not not given sudo
access.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>

diff --git a/roles/users/defaults/main.yml b/roles/users/defaults/main.yml
index 09aa806f1ca9ba29bfa44e04627f25463c4277d0..545fd5ab921db918d1f668a3c4ebf52cf13752f5 100644 (file)
--- a/roles/users/defaults/main.yml
+++ b/roles/users/defaults/main.yml
@@ -8,4 +8,7 @@
 #     - name: user2
 #       key: <url to an ssh key>
 
+# not given sudo access
 managed_users: []
+# are given sudo access
+managed_admin_users: []

diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml
index 2c02f2bcedec19bf099352506c7c2b06e3784037..c1aa85b4951a7862d552486363be4ef3966c1655 100644 (file)
--- a/roles/users/tasks/main.yml
+++ b/roles/users/tasks/main.yml
@@ -1,9 +1,17 @@
 ---
-- name: Create all users.
+- name: Create all admin users with sudo access.
   user:
     name: "{{ item.name }}"
     group: sudo
     state: present
+  with_items: managed_admin_users
+  tags:
+    - users
+
+- name: Create all users without sudo access.
+  user:
+    name: "{{ item.name }}"
+    state: present
   with_items: managed_users
   tags:
     - users
@@ -12,6 +20,6 @@
   authorized_key:
     user: "{{ item.name }}"
     key: "{{ item.key }}"
-  with_items: managed_users
+  with_items: managed_users|list + managed_admin_users|list
   tags:
     - pubkeys