From 66fe36652292a6e9fd857f6da4145bbe107a5ecb Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Tue, 8 Sep 2015 17:27:07 +0200
Subject: [PATCH] New playbook to lock a user completely

---
 userlock.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 userlock.yml

diff --git a/userlock.yml b/userlock.yml
new file mode 100644
index 00000000..060cb2ea
--- /dev/null
+++ b/userlock.yml
@@ -0,0 +1,21 @@
+##
+# Ansible playbook to lock a user on all hosts
+#
+# NOTE: the user needs to be removed from the admin list as well, otherwise
+#     it gets created again during system maintenance.
+
+---
+# file: userlock.yml
+
+- name: "Lock user on all hosts"
+  hosts: "all"
+  sudo: yes
+  tasks:
+    - name: "Reset Passwd"
+      shell: usermod -L {{ lockuser_username }}
+    - name: "Remove Key"
+      authorized_key:
+        user={{ lockuser_username }}
+        key="{{ lookup('file', inventory_dir + '/files/keys/' + lockuser_username + '.d2s.pub') }}"
+        state=absent
+        exclusive=yes
-- 
GitLab