diff --git a/inventory/base/group_vars/all.yaml b/inventory/base/group_vars/all.yaml index 9e34a9480c..ff177a5dd7 100644 --- a/inventory/base/group_vars/all.yaml +++ b/inventory/base/group_vars/all.yaml @@ -184,6 +184,8 @@ disabled_users: - shrews - dmsimard - pabelanger +# Default distro cloud image names to remove +disabled_distro_cloud_users: - ubuntu - centos - admin diff --git a/playbooks/roles/base/users/README.rst b/playbooks/roles/base/users/README.rst index 3089a06e09..f08eccd9e9 100644 --- a/playbooks/roles/base/users/README.rst +++ b/playbooks/roles/base/users/README.rst @@ -19,6 +19,12 @@ Configure users on a server. Users are given sudo access Extra users to install on a specific host or group +.. zuul:rolevar:: disabled_distro_cloud_users + :default: [] + + Distro cloud image default users to remove from hosts. This removal is + slightly more forceful than the removal of normal users. + .. zuul:rolevar:: disabled_users :default: [] diff --git a/playbooks/roles/base/users/defaults/main.yaml b/playbooks/roles/base/users/defaults/main.yaml index 1256d6b56a..4ea1c0cabd 100644 --- a/playbooks/roles/base/users/defaults/main.yaml +++ b/playbooks/roles/base/users/defaults/main.yaml @@ -1,3 +1,4 @@ all_users: {} +disabled_distro_cloud_users: [] disabled_users: [] extra_users: [] diff --git a/playbooks/roles/base/users/tasks/main.yaml b/playbooks/roles/base/users/tasks/main.yaml index fa0b11cf02..063f38f218 100644 --- a/playbooks/roles/base/users/tasks/main.yaml +++ b/playbooks/roles/base/users/tasks/main.yaml @@ -31,6 +31,17 @@ group: root mode: 0644 +- name: Delete default distro cloud image users + # Do this in a separate task so that we can use force: yes which is + # probably too destructive for normal users, but should be fine for + # these built in cloud image names. + loop: "{{ disabled_distro_cloud_users }}" + user: + name: "{{ item }}" + state: absent + remove: yes + force: yes + - name: Delete old users loop: "{{ disabled_users }}" user: