Merge pull request #19 from ZLLentz/enh_pmpsdb_client

ENH: prepare PLC for pmpsdb_client
pcdshub · Mar 26, 2024 · 8496758 · 8496758
2 parents 24b4a11 + 6fdc0a1
commit 8496758
Show file tree

Hide file tree

Showing 6 changed files with 49 additions and 0 deletions.
diff --git a/group_vars/tcbsd_plcs/vars.yml b/group_vars/tcbsd_plcs/vars.yml
@@ -16,6 +16,10 @@ use_psntp: true
 dynamic_ams: true
 # tc_ams_net_id: 0.0.0.0.1.1
 
+# Extra user for non-admin activities
+create_user: true
+create_username: ecs-user
+
 # set static IP on x000 (mac id 2)
 x000_set_static_ip: true
 x000_static_ip: 192.168.1.10

diff --git a/group_vars/tcbsd_vms/vars.yml b/group_vars/tcbsd_vms/vars.yml
@@ -16,6 +16,10 @@ use_psntp: false
 # Static AMS net id = set AMS net id to the value of tc_ams_net_id
 dynamic_ams: false
 
+# Extra user for non-admin activities
+create_user: false
+# create_username:
+
 # set static IP on x000 (mac id 2)
 x000_set_static_ip: false
 x000_static_ip: 192.168.1.10

diff --git a/host_vars/plc-tmo-tmp-vac/vars.yml b/host_vars/plc-tmo-tmp-vac/vars.yml
@@ -19,6 +19,10 @@ ansible_host: plc-tmo-tmp-vac
 #dynamic_ams: true
 ## tc_ams_net_id: 0.0.0.0.1.1
 #
+## Extra user for non-admin activities
+#create_user: true
+#create_username: ecs-user
+#
 ## set static IP on x000 (mac id 2)
 #x000_set_static_ip: true
 #x000_static_ip: 192.168.1.10

diff --git a/host_vars/plc-tst-bsd1/vars.yml b/host_vars/plc-tst-bsd1/vars.yml
@@ -19,6 +19,10 @@ ansible_host: plc-tst-bsd1
 #dynamic_ams: true
 ## tc_ams_net_id: 0.0.0.0.1.1
 #
+## Extra user for non-admin activities
+#create_user: true
+#create_username: ecs-user
+#
 ## set static IP on x000 (mac id 2)
 #x000_set_static_ip: true
 #x000_static_ip: 192.168.1.10

diff --git a/host_vars/plc-tst-bsd2/vars.yml b/host_vars/plc-tst-bsd2/vars.yml
@@ -19,6 +19,10 @@ ansible_host: plc-tst-bsd2
 #dynamic_ams: true
 ## tc_ams_net_id: 0.0.0.0.1.1
 #
+## Extra user for non-admin activities
+#create_user: true
+#create_username: ecs-user
+#
 ## set static IP on x000 (mac id 2)
 #x000_set_static_ip: true
 #x000_static_ip: 192.168.1.10

diff --git a/tcbsd-provision-playbook.yaml b/tcbsd-provision-playbook.yaml
@@ -340,3 +340,32 @@
       when: static_ip_x001_set.changed or dhcp_x001_set.changed
       ansible.builtin.wait_for_connection:
         delay: 2
+
+    # Useful for apps that need PLC access but not Admin-level config change access
+    # We need to manually set the password ourselves later via "doas passwd username"
+    - name: Create or Remove non-admin User
+      ansible.builtin.user:
+        name: "{{ create_username }}"
+        state: "{{ create_user | ternary('present', 'absent') }}"
+        shell: /usr/local/bin/bash'
+
+    # By default, only pubkey and keyboard interactive are enabled
+    # Password access is useful for apps like pmpsdb_client
+    - name: Configure sshd for password access
+      register: sshd_configure
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        line: "PasswordAuthentication yes"
+        insertafter: "^#PasswordAuthentication"
+
+    - name: Reload sshd
+      when: sshd_configure.changed
+      ansible.builtin.service:
+        name: sshd
+        enabled: yes
+        state: reloaded
+
+    - name: Verify ssh still works
+      when: sshd_configure.changed
+      ansible.builtin.wait_for_connection:
+        delay: 2