system-config/playbooks/roles/vos-release/tasks/main.yaml

- name: Install vos release script
  copy:
    src: vos_release.sh
    dest: '/usr/local/bin/'
    owner: root
    group: root
    mode: 0755

- name: Install sudo permissions
  copy:
    src: vos_release.sudo
    dest: '/etc/sudoers.d/vos_release'
    owner: root
    group: root
    mode: 0440

- name: Create the vos_release user
  user:
    name: vos_release
    comment: Remote user for "vos release"
    shell: /bin/bash

- name: Ensure update key exists
  assert:
    that:
      - hostvars[item]['vos_release_keypair'] is defined
  with_inventory_hostnames: mirror-update

- name: Install vos_release remote key
  authorized_key:
    user: vos_release
    state: present
    key: '{{ hostvars[item]["vos_release_keypair"]["public_key"] }}'
    key_options: 'command="/usr/local/bin/vos_release.sh",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty'
  with_inventory_hostnames: mirror-update