add groups support to basic_users (#406)

sjpb · web-flow · commit 4ef845b47499 · 2024-07-05T15:01:44.000+01:00
diff --git a/ansible/roles/basic_users/README.md b/ansible/roles/basic_users/README.md
@@ -16,13 +16,14 @@ Requirements
 Role Variables
 --------------
 
-`basic_users_users`: Required. A list of mappings defining information for each user. In general, mapping keys/values are passed through as parameters to [ansible.builtin.user](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html) and default values are as given there. However:
-- `create_home`, `generate_ssh_key` and `ssh_key_comment` are set automatically and should not be overriden.
-- `uid` should be set, so that the UID/GID is consistent across the cluster (which Slurm requires).
-- `shell` if *not* set will be `/sbin/nologin` on the `control` node and the default shell on other users. Explicitly setting this defines the shell for all nodes.
-- An additional key `public_key` may optionally be specified to define a key to log into the cluster.
-- An additional key `sudo` may optionally be specified giving a string (possibly multiline) defining sudo rules to be templated.
-- Any other keys may present for other purposes (i.e. not used by this role).
+- `basic_users_users`: Optional, default empty list. A list of mappings defining information for each user. In general, mapping keys/values are passed through as parameters to [ansible.builtin.user](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html) and default values are as given there. However:
+  - `create_home`, `generate_ssh_key` and `ssh_key_comment` are set automatically; this assumes home directories are on a cluster-shared filesystem.
+  - `uid` should be set, so that the UID/GID is consistent across the cluster (which Slurm requires).
+  - `shell` if *not* set will be `/sbin/nologin` on the `control` node and the default shell on other users. Explicitly setting this defines the shell for all nodes.
+  - An additional key `public_key` may optionally be specified to define a key to log into the cluster.
+  - An additional key `sudo` may optionally be specified giving a string (possibly multiline) defining sudo rules to be templated.
+  - Any other keys may present for other purposes (i.e. not used by this role).
+- `basic_users_groups`: Optional, default empty list. A list of mappings defining information for each group. Mapping keys/values are passed through as parameters to [ansible.builtin.group](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/group_module.html) and default values are as given there.
 
 Dependencies
 ------------
diff --git a/ansible/roles/basic_users/defaults/main.yml b/ansible/roles/basic_users/defaults/main.yml
@@ -5,3 +5,5 @@ basic_users_userdefaults:
   generate_ssh_key:  "{{ basic_users_manage_homedir }}"
   ssh_key_comment: "{{ item.name }}"
   shell: "{{'/sbin/nologin' if 'control' in group_names else omit }}"
+basic_users_users: []
+basic_users_groups: []
diff --git a/ansible/roles/basic_users/tasks/main.yml b/ansible/roles/basic_users/tasks/main.yml
@@ -8,6 +8,10 @@
   when:
     - "item.state | default('present') == 'absent'"
   
+- name: Create groups
+  ansible.builtin.group: "{{ item }}"
+  loop:  "{{ basic_users_groups }}"
+
 - name: Create users and generate public keys
   user: "{{ basic_users_userdefaults | combine(item) | filter_user_params() }}"
   loop: "{{ basic_users_users }}"
