new zero touch rhel user role - very simple and clean (#7298)

* new zero touch rhel user role - very simple and clean

* Tidy up mode ordering to be logical for file permissions

ansible/roles/zero_touch_rhel_user/.vimrc

@@ -0,0 +1 @@
+autocmd FileType yaml setlocal ts=2 sw=2 ai et

ansible/roles/zero_touch_rhel_user/.yamllint

@@ -0,0 +1,13 @@
+---
+extends: ../../../tests/static/.yamllint
+
+rules:
+  comments:
+    require-starting-space: false
+    min-spaces-from-content: 1
+  comments-indentation: disable
+  indentation:
+    indent-sequences: consistent
+  line-length:
+    max: 120
+    allow-non-breakable-inline-mappings: true

ansible/roles/zero_touch_rhel_user/README.adoc

@@ -0,0 +1,97 @@
+:role: zero_touch_rhel_user (draws from role rhel_zero_touch_user)
+:author1: Tony Kay <[email protected]>
+:team: Portfolio Technology Engineering
+:date: 2023-11-01
+
+
+Role: {role}
+============
+
+The role {role} is a highly simplified user creation `role` specfically for use with Project Zero Touch
+
+* creates a user
+** enable sudoers 
+
+Requirements
+------------
+
+* Ansible `>=2.9`
+* To run the role it needs `become: true`
+
+Role tree structure
+-------------------
+
+[source=textinfo]
+----
+zero_touch_rhel_user/
+├── README.adoc
+├── defaults
+│   └── main.yml
+├── meta
+│   └── main.yml
+└── tasks
+    └── main.yml
+----
+
+Role Variables
+--------------
+
+. List of variables used in {role} role-
++
+[cols="5",options="header"]
+|===
+| Variable | Type | Required | Example | Description
+
+|`zero_touch_rhel_user_user_name` | String | Required | "rhel" | User name, Click link:tasks/main.yml#L5[task] to read
+|`zero_touch_rhel_user_user_password`| String | Required | "3edfUJ8k" | User's password, Click link:tasks/main.yml#L6[task] to read
+|`zero_touch_rhel_user_user_group` | String |  Required | "rhel" | User's private group name, Click link:tasks/main.yml#L7[task] to read
+|`zero_touch_rhel_user_enable_sudoers` | Boolean | - | true | Enable sudoers, Click link:tasks/main.yml#L21[task] to read
+|===
+
+Example of Sample Variables and Playbook
+----------------------------------------
+
+[source=text]
+----
+[user@desktop ~]$ cat playbook.yml
+
+- hosts: all
+  roles:
+   - control-user
+
+[user@desktop ~]$ ansible-playbook playbook.yml -e sample_variables.yml
+
+----
+
+. Example-
++
+
+[source=yaml]
+----
+[user@desktop ~]$ cat playbook.yml
+
+- hosts: all
+  become: true
+  vars:
+    zero_touch_rhel_user_user_name: guest
+    zero_touch_rhel_user_user_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters,digits') }}"
+    zero_touch_rhel_user_user_group: guest
+    zero_touch_rhel_user_enable_sudoers: false
+
+  tasks:
+
+   - ansible.builtin.include_role: 
+        name: zero_touch_rhel_user
+----
+
+Author Information
+------------------
+
+* Author/owner:
+** {author1}
+
+* Alternative Contacts:
+
+* Team:
+** {team}
+---

ansible/roles/zero_touch_rhel_user/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+zero_touch_rhel_user_user_name: rhel
+zero_touch_rhel_user_user_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters,digits') }}"
+zero_touch_rhel_user_user_group: "{{ zero_touch_rhel_user_user_name }}"
+
+zero_touch_rhel_user_enable_sudoers: false

ansible/roles/zero_touch_rhel_user/meta/main.yml

@@ -0,0 +1,18 @@
+---
+galaxy_info:
+  author: Tony Kay
+  description: Creates RHEL User for Project Zero Touch
+  # role_name: zero_touch_rhel_user
+  # namespace: foo.bar
+  company: Red Hat
+  license: license (GPL-3.0)
+  min_ansible_version: 2.9
+  platforms:
+    - name: EL
+      versions:
+        - 8
+        - 9
+  galaxy_tags:
+    - sudo
+    - control
+    - user

ansible/roles/zero_touch_rhel_user/tasks/main.yml

@@ -0,0 +1,22 @@
+---
+
+- name: Create group {{ zero_touch_rhel_user_user_group }}
+  ansible.builtin.group:
+    name: "{{ zero_touch_rhel_user_user_group }}"
+    state: present
+
+- name: Create user {{ zero_touch_rhel_user_user_name }}
+  ansible.builtin.user:
+    name: "{{ zero_touch_rhel_user_user_name }}"
+    group: "{{ zero_touch_rhel_user_user_group }}"
+    password: "{{ zero_touch_rhel_user_user_password | password_hash('sha512') }}"
+    state: present
+
+- name: Enable sudoers
+  when: zero_touch_rhel_user_enable_sudoers | default(false) | bool
+  ansible.builtin.copy:
+    content: >-
+      {{ zero_touch_rhel_user_user_name }}
+      ALL=(ALL) {{ zero_touch_rhel_user_sudo_commands | default('NOPASSWD: ALL') }}
+    dest: '/etc/sudoers.d/{{ zero_touch_rhel_user_user_name }}'
+    mode: u=rw,g=r,o=r