[debops.root_account] Install shell used by 'root'

The 'debops.root_account' role will check what shell has been set for the 'root' account (if any) and will ensure that the specified shell package is installed on the host.
debops · May 27, 2019 · 176bd93 · 176bd93
1 parent e14b1f5
commit 176bd93
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 0 deletions.
diff --git a/ansible/roles/debops.root_account/defaults/main.yml b/ansible/roles/debops.root_account/defaults/main.yml
@@ -18,12 +18,31 @@
 # Whether to manage the root account.
 root_account__enabled: True
 
+                                                                   # ]]]
+# .. envvar:: root_account__shell_package_map [[[
+#
+# YAML dictionary that maps known shells used in the :file:`/etc/passwd`
+# database to the APT packages with these shells. The role will install missing
+# shell packages if the ``root`` account uses them as their login shell.
+root_account__shell_package_map:
+  '/bin/bash':     'bash'
+  '/bin/csh':      'csh'
+  '/usr/bin/fish': 'fish'
+  '/bin/ksh':      'ksh'
+  '/bin/zsh':      'zsh'
+
                                                                    # ]]]
 # .. envvar:: root_account__base_packages [[[
 #
 # List of APT packages required by the role.
 root_account__base_packages: [ 'openssh-client' ]
 
+                                                                   # ]]]
+# .. envvar:: root_account__shell_packages [[[
+#
+# List of login shell APT packages expected on the host.
+root_account__shell_packages: '{{ lookup("template", "lookup/root_account__shell_packages.j2") }}'
+
                                                                    # ]]]
 # .. envvar:: root_account__packages [[[
 #

diff --git a/ansible/roles/debops.root_account/tasks/main.yml b/ansible/roles/debops.root_account/tasks/main.yml
@@ -6,6 +6,7 @@
     state: 'present'
   with_flattened:
     - '{{ root_account__base_packages }}'
+    - '{{ root_account__shell_packages }}'
     - '{{ root_account__packages }}'
   register: root_account__register_packages
   until: root_account__register_packages is succeeded

diff --git a/ansible/roles/debops.root_account/templates/lookup/root_account__shell_packages.j2 b/ansible/roles/debops.root_account/templates/lookup/root_account__shell_packages.j2
@@ -0,0 +1,7 @@
+{% set root_account__tpl_shells = [] %}
+{% if root_account__shell|d() %}
+{%   if root_account__shell in root_account__shell_package_map.keys() %}
+{%     set _ = root_account__tpl_shells.append(root_account__shell_package_map[root_account__shell]) %}
+{%   endif %}
+{% endif %}
+{{ root_account__tpl_shells | to_json }}