purpleraft/semaphore
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: purpleraft:95d24b2306be8659230dff1f9d0f7972dca87d17
Branches Tags
purpleraft:main
..
compare: purpleraft:main
Branches Tags
purpleraft:main

4 Commits
95d24b2306 ... main

Author SHA1 Message Date
Ryan Hamilton
36876ec282 Refactor delete user playbook to use prefixed variable names for clarity and consistency 2025-09-30 08:03:20 -05:00
Ryan Hamilton
d7051f392a Enhance user deletion playbook to handle undefined user facts and check mode 2025-09-30 07:59:30 -05:00
Ryan Hamilton
1014fe48b5 Merge branch 'main' of ssh://gitea.purpleraft.com:2001/PurpleRaft/semaphore 2025-09-30 07:53:13 -05:00
Ryan Hamilton
4905156d3a Add playbook to delete a user and remove all associated data 2025-09-30 07:53:04 -05:00
1 changed files with 191 additions and 0 deletions
Expand all files Collapse all files

191
playbooks/delete-user.yml Normal file
View File

@@ -0,0 +1,191 @@
---
- name: Delete a user and remove all associated data
hosts: all
become: true
gather_facts: true
vars:
# Variables will be passed in from the job template or command line
# Set defaults for optional parameters only
_force_removal: "{{ force_removal | default(false) | bool }}"
_backup_home: "{{ backup_home | default(false) | bool }}"
_backup_location: "{{ backup_location | default('/tmp/user_backups') }}"
tasks:
- name: Validate username is provided
ansible.builtin.fail:
msg: "Username must be provided"
when: username is not defined or username == ""
- name: Check if user exists
ansible.builtin.getent:
database: passwd
key: "{{ username }}"
register: user_info
failed_when: false
- name: Display user not found message
ansible.builtin.debug:
msg: "User '{{ username }}' does not exist on this system"
when: user_info.failed
- name: Block for user deletion when user exists
block:
- name: Get user home directory
ansible.builtin.set_fact:
user_home: "{{ user_info.ansible_facts.getent_passwd[username][4] if user_info.ansible_facts is defined and user_info.ansible_facts.getent_passwd is defined and username in user_info.ansible_facts.getent_passwd else '/home/' + username }}"
when:
- not user_info.failed
- user_info.ansible_facts is defined
- name: Check for running processes owned by user
ansible.builtin.shell: "ps -u {{ username }} -o pid= | wc -l"
register: user_processes
changed_when: false
failed_when: false
- name: Display warning about running processes
ansible.builtin.debug:
msg: "Warning: User '{{ username }}' has {{ user_processes.stdout.strip() }} running processes"
when:
- user_processes.stdout is defined
- user_processes.stdout.strip() | int > 0
- name: Terminate user processes (if force_removal is true)
ansible.builtin.shell: "pkill -u {{ username }}"
register: kill_result
failed_when: false
when:
- _force_removal
- user_processes.stdout is defined
- user_processes.stdout.strip() | int > 0
- name: Wait for processes to terminate
ansible.builtin.pause:
seconds: 3
when:
- _force_removal
- kill_result is changed
- name: Force kill remaining processes (if force_removal is true)
ansible.builtin.shell: "pkill -9 -u {{ username }}"
register: force_kill_result
failed_when: false
when:
- _force_removal
- user_processes.stdout is defined
- user_processes.stdout.strip() | int > 0
- name: Create backup directory
ansible.builtin.file:
path: "{{ _backup_location }}"
state: directory
mode: '0755'
when: _backup_home
- name: Backup user home directory
ansible.builtin.archive:
path: "{{ user_home }}"
dest: "{{ _backup_location }}/{{ username }}_home_{{ ansible_date_time.epoch }}.tar.gz"
format: gz
when:
- _backup_home
- user_home is defined
- user_home != ""
- not ansible_check_mode
- name: Remove user from additional groups (if any)
ansible.builtin.user:
name: "{{ username }}"
groups: ""
append: false
failed_when: false
- name: Remove user account and home directory
ansible.builtin.user:
name: "{{ username }}"
state: absent
remove: true
force: "{{ _force_removal }}"
- name: Verify home directory removal
ansible.builtin.stat:
path: "{{ user_home }}"
register: home_check
when:
- user_home is defined
- not ansible_check_mode
- name: Force remove home directory if it still exists
ansible.builtin.file:
path: "{{ user_home }}"
state: absent
when:
- user_home is defined
- home_check.stat.exists is defined
- home_check.stat.exists
- name: Remove user's mail spool
ansible.builtin.file:
path: "/var/mail/{{ username }}"
state: absent
failed_when: false
- name: Remove user's cron jobs
ansible.builtin.file:
path: "/var/spool/cron/crontabs/{{ username }}"
state: absent
failed_when: false
- name: Remove user's at jobs
ansible.builtin.shell: "find /var/spool/at -name '{{ username }}*' -delete"
failed_when: false
changed_when: false
- name: Check for user-specific log files
ansible.builtin.find:
paths: /var/log
patterns: "*{{ username }}*"
file_type: file
register: user_logs
when: not ansible_check_mode
- name: Remove user-specific log files
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
loop: "{{ user_logs.files | default([]) }}"
when:
- not ansible_check_mode
- user_logs.files is defined
- user_logs.files | length > 0
- name: Remove user from sudoers if present
ansible.builtin.file:
path: "/etc/sudoers.d/{{ username }}"
state: absent
failed_when: false
- name: Display deletion summary
ansible.builtin.debug:
msg: |
User deletion completed:
- Username: {{ username }}
- Home directory: {{ user_home }} (removed)
- Mail spool: removed
- Cron jobs: removed
- At jobs: removed
- Log files: removed
{% if _backup_home %}
- Home backup: {{ _backup_location }}/{{ username }}_home_{{ ansible_date_time.epoch }}.tar.gz
{% endif %}
when: not user_info.failed
handlers:
- name: Update nscd cache
ansible.builtin.service:
name: nscd
state: restarted
failed_when: false
listen: "refresh user cache"