support basic_users in compute-init

Author: sjpb

ansible/roles/compute_init/README.md

@@ -31,11 +31,14 @@ The check in 4b. above is what prevents the compute-init script from trying
 to configure the node before the services on the control node are available
 (which requires running the site.yml playbook).
 
-The following roles are currently fully functional:
+The following roles/groups are currently fully functional:
 - `resolv_conf`: all functionality
 - `etc_hosts`: all functionality
 - `nfs`: client functionality only
-- `stackhpc.openhpc`: all functionality
+- `manila`: all functionality
+- `openhpc`: all functionality
+- `basic_users`: all functionality, assumes home directory already exists on
+  shared storage
 
 # Development/debugging
 

ansible/roles/compute_init/files/compute-init.yml

@@ -11,6 +11,7 @@
     enable_etc_hosts: "{{ os_metadata.meta.enable_etc_hosts | default(false) | bool }}"
     enable_nfs: "{{ os_metadata.meta.enable_nfs | default(false) | bool }}"
     enable_manila: "{{ os_metadata.meta.enable_manila | default(false) | bool }}"
+    enable_basic_users: "{{ os_metadata.meta.enable_basic_users | default(false) | bool }}"
 
     # TODO: "= role defaults" - could be moved to a vars_file: on play with similar precedence effects
     resolv_conf_nameservers: []
@@ -34,6 +35,15 @@
       - _netdev # prevents mount blocking early boot before networking available
       - rw
 
+    basic_users_groups: []
+    basic_users_manage_homedir: false # homedir must already exist on shared filesystem
+    basic_users_userdefaults:
+      state: present
+      create_home: "{{ basic_users_manage_homedir }}"
+      generate_ssh_key:  "{{ basic_users_manage_homedir }}"
+      ssh_key_comment: "{{ item.name }}"
+    basic_users_users: []
+
   tasks:
     - block:
         - name: Report skipping initialization if not compute node
@@ -194,7 +204,29 @@
         - enable_manila
         - os_manila_mount_shares | length > 0
 
-    # TODO: - name: Basic users setup
+    - name: Basic users
+      block:
+        - name: Create groups
+          ansible.builtin.group: "{{ item }}"
+          loop:  "{{ basic_users_groups }}"
+
+        - name: Create users
+          user: "{{ basic_users_userdefaults | combine(item) | filter_user_params() }}"
+          loop: "{{ basic_users_users }}"
+          loop_control:
+            label: "{{ item.name }} [{{ item.state | default('present') }}]"
+          register: basic_users_info
+
+        - name: Write sudo rules
+          blockinfile:
+            path: /etc/sudoers.d/80-{{ item.name}}-user
+            block: "{{ item.sudo }}"
+            create: true
+          loop: "{{ basic_users_users }}"
+          loop_control:
+            label: "{{ item.name }}"
+          when: "'sudo' in item"
+      when: enable_basic_users
 
     # TODO: - name: Configure EESSI
 

ansible/roles/compute_init/tasks/install.yml

@@ -30,8 +30,8 @@
       dest: templates/ceph.keyring.j2
     - src: ../../resolv_conf/files/NetworkManager-dns-none.conf
       dest: files/NetworkManager-dns-none.conf
-    # - src: ../../basic_users/filter_plugins/filter_keys.py
-    #   dest: filter_plugins/filter_keys.py
+    - src: ../../basic_users/filter_plugins/filter_keys.py
+      dest: filter_plugins/filter_keys.py
     - src: ../../stackhpc.nfs/tasks/nfs-clients.yml
       dest: tasks/nfs-clients.yml