Merge pull request #21 from danpilch/feature/refactor_users

Feature/refactor users
New-Edge-Engineering · Sep 12, 2016 · 0864fe1 · 0864fe1
2 parents 713e57a + 04641d1
commit 0864fe1
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 22 deletions.
diff --git a/tasks/users.yml b/tasks/users.yml
@@ -6,33 +6,15 @@
   when: rundeck_users|length > 0
   with_items: "{{ rundeck_users }}"
 
-- name: Rundeck | users passswords
-  debug: var=rundeck_encoded_users
-  when: rundeck_users|length > 0
-
 - name: Rundeck | update basic security to have users
-  lineinfile:
+  template:
+    src: realm.properties.j2
     dest: /etc/rundeck/realm.properties
-    regexp: "^{{ item.item.name }}:{{ item.stdout }},{{ item.item.roles|join(',')}}"
-    line: "{{ item.item.name }}:{{ item.stdout }},{{ item.item.roles|join(',')}}"
-    state: present
+    owner: rundeck
+    group: rundeck 
   when: rundeck_users|length > 0 and rundeck_encoded_users|success
-  with_items: "{{ rundeck_encoded_users.results }}"
   notify:
     - restart rundeck
   tags:
     - rundeck
     - users
-
-- name: Rundeck | remove admin user
-  lineinfile:
-    backup: yes
-    dest: /etc/rundeck/realm.properties
-    regexp: "^admin:admin,user,admin,architect,deploy,build"
-    state: absent
-  when: rundeck_users|length > 0
-  notify:
-    - restart rundeck
-  tags:
-    - rundeck
-    - users
diff --git a/templates/realm.properties.j2 b/templates/realm.properties.j2
@@ -0,0 +1,29 @@
+#
+# This file defines users passwords and roles for a HashUserRealm
+#
+# The format is
+#  <username>: <password>[,<rolename> ...]
+#
+# Passwords may be clear text, obfuscated or checksummed.  The class
+# org.mortbay.util.Password should be used to generate obfuscated
+# passwords or password checksums
+#
+# If DIGEST Authentication is used, the password must be in a recoverable
+# format, either plain text or OBF:.
+#
+#jetty: MD5:164c88b302622e17050af52c89945d44,user
+#admin: CRYPT:ad1ks..kc.1Ug,server-administrator,content-administrator,admin
+#other: OBF:1xmk1w261u9r1w1c1xmq
+#plain: plain
+#user: password
+# This entry is for digest auth.  The credential is a MD5 hash of username:realmname:password
+#digest: MD5:6e120743ad67abfbc385bc2bb754e297
+
+#
+# This sets the default user accounts for the Rundeck app
+#
+#@jetty.user.deploy.name@:@jetty.user.deploy.password@,user,deploy
+#@jetty.user.build.name@:@jetty.user.build.password@,user,build
+{% for user in rundeck_encoded_users.results %}
+{{ user.item.name }}:{{ user.stdout }},user,{{ user.item.roles|join(',') }}
+{% endfor %}