X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=fdio.infra.ansible%2Froles%2Fuser_add%2Ftasks%2Fmain.yaml;h=329c6abd07087fc8d98ced818d21ec6c76967d4b;hb=HEAD;hp=f980aff84d8a10732ecb2d0587b15b689b203fca;hpb=df5672b3d9c29b51397f4770eb992c9f3f3955ce;p=csit.git

diff --git a/fdio.infra.ansible/roles/user_add/tasks/main.yaml b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
index f980aff84d..329c6abd07 100644
--- a/fdio.infra.ansible/roles/user_add/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
@@ -2,7 +2,7 @@
 # file: roles/user_add/tasks/main.yaml
 
 - name: Conf - Add User
-  user:
+  ansible.builtin.user:
     append: "{{ item.append | default(omit) }}"
     createhome: "{{ 'yes' if users_create_homedirs else 'no' }}"
     generate_ssh_key: "{{ item.generate_ssh_key | default(omit) }}"
@@ -16,33 +16,24 @@
     - user-add-conf
 
 - name: Conf - SSH keys
-  authorized_key:
+  ansible.builtin.authorized_key:
     user: "{{ item.0.username }}"
     key: "{{ item.1 }}"
   with_subelements:
     - "{{ users }}"
     - ssh_key
-    - skip_missing: yes
+    - skip_missing: true
   tags:
     - user-add-conf
 
-- name: Conf - Allow Password Login
-  lineinfile:
+- name: Conf - Disable Password Login
+  ansible.builtin.lineinfile:
     dest: "/etc/ssh/sshd_config"
-    regexp: "^PasswordAuthentication no"
-    line: "PasswordAuthentication yes"
+    regexp: "^PasswordAuthentication yes"
+    line: "PasswordAuthentication no"
   notify:
     - "Restart SSHd"
+  when:
+    - sshd_disable_password_login
   tags:
     - user-add-conf
-
-- name: Conf - Add Visudo Entry
-  lineinfile:
-    dest: "/etc/sudoers"
-    state: present
-    line: "{{ item.username }} ALL=(ALL) NOPASSWD: ALL"
-    validate: "visudo -cf %s"
-  with_items: "{{ users }}"
-  tags:
-    - user-add-conf
-