From 1fe0c3b4f6c5e516da53d41d55c25580a67bde4e Mon Sep 17 00:00:00 2001
From: Nathan Lasseter <Nathan Lasseter nathan@bytemark.co.uk>
Date: Thu, 12 Mar 2015 17:24:44 +0000
Subject: Fixed user key and added password option

---
 Makefile     |  8 ++++----
 README       |  2 +-
 playbook.yml | 22 ++++++++++++++--------
 3 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/Makefile b/Makefile
index fefafa3..0c6d10e 100644
--- a/Makefile
+++ b/Makefile
@@ -3,10 +3,10 @@ ifdef LIMIT
 endif
 
 ifndef INVENTORY
-	ARGS += -i inventory
-else
-	ARGS += -i $(INVENTORY)
+	INVENTORY = inventory
 endif
 
-all: inventory playbook.yml
+ARGS += -i $(INVENTORY)
+
+all: $(INVENTORY) playbook.yml
 	ansible-playbook playbook.yml $(ARGS)
diff --git a/README b/README
index 8f66c73..51c312b 100644
--- a/README
+++ b/README
@@ -3,7 +3,7 @@ Okay, so this is simple.
 1. populate the inventory file with hosts and the username to add like this:
 
 myhost username=myname
-theirhost username=theirname
+theirhost username=theirname password=somethingsecure
 theirhost username=myname
 
 2. Add any ssh keys required to the keys directory, one key per file, as myname.pub.
diff --git a/playbook.yml b/playbook.yml
index 298db81..ada182f 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -2,22 +2,28 @@
 - hosts: all
   sudo: yes
   tasks:
-    - name: Create user
+    - name: Create user without password
       user: name={{ username }}
+      when: password is not defined
 
-    - name: Check for user key
-      stat: path=keys/{{ username }}.pub
-      register: user_key
+    - name: Hash password if extant
+      local_action: command mkpasswd --method=SHA-512 {{ password }}
+      register: crypted_password
+      when: password is defined
+
+    - name: Create user with password
+      user: name={{ username }}
+            password={{ crypted_password.stdout }}
+      when: crypted_password is defined
 
     - name: Upload user key
       authorized_key: user={{ username }}
-                      key="{{ item }}"
-      when: user_key.stat.exists
-      with_file:
+                      key={{ lookup('file', item) }}
+      with_fileglob:
         - keys/{{ username }}.pub
 
     - name: Upload global keys
       authorized_key: user={{ username }}
-                      key="{{ lookup('file', item) }}"
+                      key={{ lookup('file', item) }}
       with_fileglob:
         - keys/global/*.pub
-- 
cgit v1.2.1