infra-role-beacon-node-windows/tasks/user.yml

---
- name: Create service user
  win_user:
    name: '{{ beacon_node_service_user_name }}'
    profile: '{{ beacon_node_service_home }}'
    home_directory: '{{ beacon_node_service_home }}'
    password: '{{ beacon_node_service_user_pass }}'
    password_expired: false
    password_never_expires: true

- name: Create user profile
  win_user_profile:
    username: '{{ beacon_node_service_user_name }}'

- name: Create folder for SSH authorized keys
  win_file:
    path: '{{ beacon_node_service_home }}\.ssh'
    state: 'directory'

# Otherwise Set-Content fails because Get-Content read from the same file.
- name: Remove old SSH authorized keys for nimbus
  win_file:
    path: '{{ beacon_node_service_home }}\.ssh\authorized_keys'
    state: 'absent'

- name: Copy SSH authorized keys from all users
  win_shell: |
    Get-Content C:\Users\*\.ssh\authorized_keys \
      | Set-Content -Force {{ beacon_node_service_home }}\.ssh\authorized_keys

- name: Fix permissions on the SSH folder
  win_owner:
    path: '{{ beacon_node_service_home }}\.ssh'
    user: '{{ beacon_node_service_user_name }}'
    recurse: true
add tasks/user.yml to create nimbus user Signed-off-by: Jakub Sokołowski <jakub@status.im> 2021-06-10 15:54:12 +00:00			`---`
			`- name: Create service user`
			`win_user:`
			`name: '{{ beacon_node_service_user_name }}'`
			`profile: '{{ beacon_node_service_home }}'`
			`home_directory: '{{ beacon_node_service_home }}'`
			`password: '{{ beacon_node_service_user_pass }}'`
user: don't allow nimbus user password to expire Otherwise we'll get startup failures due to: ``` Error 1069: The service did not start due to logon failure. The password for this account has expired. ``` https://github.com/status-im/infra-nimbus/issues/116 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-07-12 13:53:22 +00:00			`password_expired: false`
			`password_never_expires: true`
add tasks/user.yml to create nimbus user Signed-off-by: Jakub Sokołowski <jakub@status.im> 2021-06-10 15:54:12 +00:00
			`- name: Create user profile`
			`win_user_profile:`
			`username: '{{ beacon_node_service_user_name }}'`

			`- name: Create folder for SSH authorized keys`
			`win_file:`
use backslashes for windows paths https://docs.ansible.com/ansible/latest/user_guide/windows_usage.html#path-formatting-for-windows Signed-off-by: Jakub Sokołowski <jakub@status.im> 2021-07-19 07:33:35 +00:00			`path: '{{ beacon_node_service_home }}\.ssh'`
add tasks/user.yml to create nimbus user Signed-off-by: Jakub Sokołowski <jakub@status.im> 2021-06-10 15:54:12 +00:00			`state: 'directory'`

user: add ssh keys of all users for nimbus user Helps with debugging some issues due to restrictive permissions of beacon node data directory. Signed-off-by: Jakub Sokołowski <jakub@status.im> 2021-09-23 14:54:03 +00:00			`# Otherwise Set-Content fails because Get-Content read from the same file.`
			`- name: Remove old SSH authorized keys for nimbus`
			`win_file:`
			`path: '{{ beacon_node_service_home }}\.ssh\authorized_keys'`
			`state: 'absent'`

			`- name: Copy SSH authorized keys from all users`
			`win_shell: \|`
			`Get-Content C:\Users\*\.ssh\authorized_keys \`
			`\| Set-Content -Force {{ beacon_node_service_home }}\.ssh\authorized_keys`
add tasks/user.yml to create nimbus user Signed-off-by: Jakub Sokołowski <jakub@status.im> 2021-06-10 15:54:12 +00:00
			`- name: Fix permissions on the SSH folder`
			`win_owner:`
use backslashes for windows paths https://docs.ansible.com/ansible/latest/user_guide/windows_usage.html#path-formatting-for-windows Signed-off-by: Jakub Sokołowski <jakub@status.im> 2021-07-19 07:33:35 +00:00			`path: '{{ beacon_node_service_home }}\.ssh'`
add tasks/user.yml to create nimbus user Signed-off-by: Jakub Sokołowski <jakub@status.im> 2021-06-10 15:54:12 +00:00			`user: '{{ beacon_node_service_user_name }}'`
			`recurse: true`