X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=roles%2Fbootstrap-host%2Ftasks%2Fcreate_sudo_user.yml;h=fe8fc33576d870caab7421e730d4cfaa6ae677f5;hb=refs%2Fheads%2Fmaster;hp=bfab595ec88602bf624c63be4fc087faa7bb8310;hpb=74a49ba6ef2ea715fa492db0bcd85c30398688e8;p=ta%2Finfra-ansible.git

diff --git a/roles/bootstrap-host/tasks/create_sudo_user.yml b/roles/bootstrap-host/tasks/create_sudo_user.yml
index bfab595..fe8fc33 100644
--- a/roles/bootstrap-host/tasks/create_sudo_user.yml
+++ b/roles/bootstrap-host/tasks/create_sudo_user.yml
@@ -38,14 +38,23 @@
   tags:
     - ssh-key-authorized
 
-- name: Ensure root's new public ssh key is in authorized_keys
+- name: Ensure sudo user's new public ssh key is in authorized_keys
   authorized_key:
     user: "{{ sudo_user }}"
     key: "{{ lookup('file','/tmp/id_rsa.pub') }}"
     manage_dir: no
+    exclusive: yes
   tags:
     - ssh-key-authorized
 
+- name: Populate authorized keys from config to sudo user
+  authorized_key:
+    user: "{{ sudo_user }}"
+    key: "{{ sudo_user_authorized_keys | join('\n') }}"
+    manage_dir: no
+  tags:
+    - configured-authorized-keys
+
 - name: Ensure there is a private key /etc/userconfig/id_rsa in virtual env. Provide read permissions to all users
   file:
     path: "/etc/userconfig/id_rsa"