Brian,
I know it took me a long while, but I finally got to working on this and
your suggestion was extremely helpful.
I implemented a variation that works really well for me.
In this example, user "original" is the one the OS ships with and that we
want to disable.
User "newuser" is the one we want to enable.
## Secure the server and disable user original if this is a new instance
- hosts: all:!localhost
gather_facts: false
user: original
sudo: yes
tasks:
- name: Attempt basic command as user original to determine setup
status.
Failure means the machine has been secured
raw: hostname
ignore_errors: yes
register: setup_status
- include: roles/common/tasks/user-newuser.yml
when: not "Account disabled." in setup_status.stdout
handlers:
- include: roles/common/handlers/main.yml
# Continue with standard setup when user newuser is enabled and original
disabled
- hosts: all:!localhost
user: newuser
sudo: yes
roles:
- common
handlers:
- include: roles/common/handlers/main.yml
On Thursday, November 7, 2013 3:09:13 PM UTC-5, Brian Coca wrote:
>
> you might want your first play to be something like this:
>
> - hosts: all
> gather_facts: False
> remote_user: normal_one
> tasks:
> - setup:
> ignore_errors: true
> register: normalworks
>
> - include: bootstrap.yml remote_user: bootsrap_user
> when: normalworks is not defined
> # bootstrap should call setup again to make sure you have host
> facts
>
> .... continue as normal
>
>
> --
> Brian Coca
> Stultorum infinitus est numerus
>
> 0110000101110010011001010110111000100111011101000010000001111001011011110111010100100000011100110110110101100001011100100111010000100001
> Pedo mellon a minno
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
