fix group and user handling

2019-08-21 09:54:57 +02:00 · 2019-08-21 09:54:57 +02:00 · 2059c109d0
commit 2059c109d0
parent 7399845dbb
4 changed files with 23 additions and 10 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -13,8 +13,9 @@ cups_selinux_fcontext: []
 #   - -R /opt/brother
 cups_selinux_restorecon: []

-cups_admin_username: cupsadm
-cups_admin_password: secure
+cups_admin_group: printadmin
+cups_admin_users:
+  - { name: 'cupsadm', password: 'secure' }

 cups_bind_url:
  - localhost:631
@ -25,8 +26,8 @@ cups_log_level: warn
 cups_server_admin: admin@example.com
 cups_remote_admin_enabled: False
 cups_system_groups:
-  - sys
  - root
+  - "{{ cups_admin_group }}"

 cups_iptables_enabled: False
 cups_open_ports:
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -22,13 +22,6 @@
        - etc/cups/cups-files.conf
      notify: __cupsd_restart

-    - name: Create user '{{ cups_admin_username }}'
-      user:
-        comment: Cups Admin
-        name: "{{ cups_admin_username }}"
-        password: "{{ cups_admin_password | password_hash('sha512', inventory_hostname) }}"
-        groups: printadmin
-
    - name: Update pamd rule's control in /etc/pam.d/cups
      pamd:
        name: cups
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,4 +1,5 @@
 ---
+- include_tasks: prepare.yml
 - include_tasks: install.yml
 - include_tasks: selinux.yml
  when: ansible_selinux.status == "enabled"
--- a/tasks/prepare.yml
+++ b/tasks/prepare.yml
@ -0,0 +1,18 @@
+---
+- block:
+    - name: Create system groups
+      group:
+        name: "{{ item }}"
+        state: present
+      loop: "{{ cups_system_groups }}"
+
+    - name: Create cups admin users
+      user:
+        comment: Cups Admin
+        name: "{{ item.name }}"
+        password: "{{ item.password | password_hash('sha512', inventory_hostname) }}"
+        groups: "{{ cups_admin_group }}"
+        state: present
+      loop: "{{ cups_admin_users }}"
+  become: True
+  become_user: root