[switchboard] Add create_chrome_bot_user Ansible role.
Bug: skia:12063
Change-Id: I16cd7cfd9f3313af2f48e6a848a93eae170a74b9
Reviewed-on: https://skia-review.googlesource.com/c/buildbot/+/434696
Reviewed-by: Ravi Mistry <rmistry@google.com>
diff --git a/skolo/ansible/switchboard/roles/create_chrome_bot_user/README.md b/skolo/ansible/switchboard/roles/create_chrome_bot_user/README.md
new file mode 100644
index 0000000..eba5511
--- /dev/null
+++ b/skolo/ansible/switchboard/roles/create_chrome_bot_user/README.md
@@ -0,0 +1,26 @@
+# Role Name
+
+`create_chrome_bot_user`
+
+## Description
+
+Creates the 'chrome-bot' user.
+
+## Variables Required
+
+This role requires the `secrets.skolo_password`, which is loaded via the
+required role `load_secret_vars`.
+
+Also requires `gather_facts` to detect the target operating system.
+
+## Example Playbook
+
+```
+# Create the chrome-bit user on all the RPis.
+- hosts: "{{ variable_hosts | default('rpis') }}"
+ user: chrome-bot
+ gather_facts: yes
+
+ roles:
+ - create_chrome_bot_user
+```
diff --git a/skolo/ansible/switchboard/roles/create_chrome_bot_user/meta/main.yml b/skolo/ansible/switchboard/roles/create_chrome_bot_user/meta/main.yml
new file mode 100644
index 0000000..adbb6e4
--- /dev/null
+++ b/skolo/ansible/switchboard/roles/create_chrome_bot_user/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - role: load_secret_vars
diff --git a/skolo/ansible/switchboard/roles/create_chrome_bot_user/tasks/linux.yml b/skolo/ansible/switchboard/roles/create_chrome_bot_user/tasks/linux.yml
new file mode 100644
index 0000000..3b071fc
--- /dev/null
+++ b/skolo/ansible/switchboard/roles/create_chrome_bot_user/tasks/linux.yml
@@ -0,0 +1,33 @@
+- name: Make sure we have a 'sudo' group
+ group:
+ name: sudo
+ state: present
+
+- name: Allow 'sudo' group to have passwordless sudo
+ become: yes
+ lineinfile:
+ dest: /etc/sudoers
+ state: present
+ regexp: '^%sudo'
+ line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+ validate: visudo -cf %s
+
+- name: Add sudo users to sudo group
+ become: yes
+ user:
+ name: chrome-bot
+ groups: sudo
+ append: yes
+
+- name: Create chrome-bot user.
+ become: yes
+ user:
+ name: chrome-bot
+ groups: plugdev,sudo
+ generate_ssh_key: yes
+ shell: /bin/bash
+ password: "{{ secrets.skolo_password | password_hash('sha256') }}"
+
+- name:
+ Reset ssh connection to allow user changes to affect 'current login user'
+ meta: reset_connection
diff --git a/skolo/ansible/switchboard/roles/create_chrome_bot_user/tasks/main.yml b/skolo/ansible/switchboard/roles/create_chrome_bot_user/tasks/main.yml
new file mode 100644
index 0000000..49f4f20
--- /dev/null
+++ b/skolo/ansible/switchboard/roles/create_chrome_bot_user/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Create chrome-bot user for linux
+ import_tasks: linux.yml
+ when: ansible_facts['system']|lower == "linux"
+
+- name: Other platforms
+ fail:
+ msg: This system isn't supported, please add support.
+ when: ansible_facts['system']|lower != "linux"
