port puppet user configs to ansible

Description

We already have several oVirt systems managed by Ansible instead of Puppet yet the authentication system is different. Opening this ticket to port individual users to Ansible playbooks so that everyone can keep logging into machines just as they did before.

Activity

Show:
Evgheni Dereveanchin
November 2, 2018, 4:14 PM

I'll create a draft and submit it for review. I'm quite OK with multiple SSH keys as we've had complaints due to this not being possible using the existing puppet module.

As I'll be out once you come back from your voyage we'll have to finalize it once I'm back.

Marc Dequènes (Duck)
September 17, 2019, 4:46 AM

To add sudo I would create a file into /etc/sudoers.d/ and two UNIX groups, one with password requested and tty and the other without (see noninterractive suggestion above); the way to manage such file is template + validate option, there is no specific module.

authorized_keys is managed by lininfile, there is no specific module. I think you were wondering about it so wanted to reply. This is not a problem in practice though.

Evgheni Dereveanchin
March 4, 2020, 1:06 PM

We’re starting to deploy CentOS 8 system in PHX so it’s about time to port users to ansible and merge the relevant playbook ASAP. We should also figure out a way to regularly re-run the playbook to ensure new users are added to old systems and old users are removed. Can we just run ansible-pull from cron daily? Any other ideas to make it work?

 

Evgheni Dereveanchin
May 7, 2020, 2:43 PM

FYI here’s the current way we’re doing this:

https://gerrit.ovirt.org/gitweb?p=infra-ansible.git;a=tree;f=roles/admin_ssh_keys;h=28b5f3a3bac0adca39e33ba5d68e629c214b7d9b;hb=refs/heads/master

 

We can just add our keys here for emergency login possibility while FreeIPA will provide a full solution.

Shlomi Zidmi
May 19, 2020, 10:51 AM

Dropping that as I've added missing infra members keys to the playbook we currently have

Fixed

Assignee

Shlomi Zidmi

Reporter

Evgheni Dereveanchin

Blocked By

None

Priority

High