X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Finfra-ansible.git;a=blobdiff_plain;f=roles%2Fbootstrap-host%2Ftasks%2Fcreate_sudo_user.yml;h=fe8fc33576d870caab7421e730d4cfaa6ae677f5;hp=bfab595ec88602bf624c63be4fc087faa7bb8310;hb=8cf64b3023ecb121ee710a272393defe3995b8ea;hpb=29deaa815697e720dbb6cd4a0b3ea0dd22c728f5

diff --git a/roles/bootstrap-host/tasks/create_sudo_user.yml b/roles/bootstrap-host/tasks/create_sudo_user.yml
index bfab595..fe8fc33 100644
--- a/roles/bootstrap-host/tasks/create_sudo_user.yml
+++ b/roles/bootstrap-host/tasks/create_sudo_user.yml
@@ -38,14 +38,23 @@
   tags:
     - ssh-key-authorized
 
-- name: Ensure root's new public ssh key is in authorized_keys
+- name: Ensure sudo user's new public ssh key is in authorized_keys
   authorized_key:
     user: "{{ sudo_user }}"
     key: "{{ lookup('file','/tmp/id_rsa.pub') }}"
     manage_dir: no
+    exclusive: yes
   tags:
     - ssh-key-authorized
 
+- name: Populate authorized keys from config to sudo user
+  authorized_key:
+    user: "{{ sudo_user }}"
+    key: "{{ sudo_user_authorized_keys | join('\n') }}"
+    manage_dir: no
+  tags:
+    - configured-authorized-keys
+
 - name: Ensure there is a private key /etc/userconfig/id_rsa in virtual env. Provide read permissions to all users
   file:
     path: "/etc/userconfig/id_rsa"