Skip to content

Latest commit

 

History

History
125 lines (95 loc) · 4.94 KB

README.md

File metadata and controls

125 lines (95 loc) · 4.94 KB

JumpCloud Role for Ansible


This role installs the JumpCloud agent and restarts the JumpCloud agent service as required. It also make use of JumpCloud API to set JumpCloud System attributes.

Requirements


cURL and NTP should be installed as prerequisites.

Role Variables


[jumpcloud_api_key][jumpcloud-api-key]

Default: none Used to modify the attribute of a System on JC portal.

The API key as shown in the JumpCloud's API Settings. To be retrieved from JumpCloud portal by a JC Admin account

To be stored in an Ansible Vault. It's very high-sensitivity Information.

Default: none

The X_Connect key as displayed on the Servers > Add screen. Mandatory.

Default: /opt/jc

Path to check if JumpCloud has been previously installed.

Default: 'https://kickstart.jumpcloud.com/Kickstart'

URL for the install script.

Default: no

Used to determine whether or not to force installation of the client if it has been previously installed.

Default: jcagent

Name of the service to restart.

Default: no

Whether or not to use sudo during installation.

[jumpcloud_tags]

The list of JC tags you want a host or a group of hosts to be part of

  • 'tag_one'
  • 'tag_two'

Default: `{{ inventory_hostname }}``

Default: 'true' This value must be contained in single quotes "'"

Default: 'true' This value must be contained in single quotes "'"

Default: 'true' This value must be contained in single quotes "'"

Default: 'false' This value must be contained in single quotes "'"

Example Playbook


---
- hosts: production
  roles:
     - { role: inviqa.jumpcloud, jumpcloud_x_connect_key: 'abcdef012234343' }
  vars:
    jumpcloud_tags:
      - 'tag_one'
      - 'tag_two'
    jumpcloud_displayName: "a new displayName"
    jumpcloud_allowPublicKeyAuthentication: 'true'
    jumpcloud_allowSshPasswordAuthentication: 'false'
    jumpcloud_allowSshRootLogin: 'true'
    jumpcloud_allowMultiFactorAuthentication: 'false'
...

TODO

  • create a conditional check to update tags only if they are defined as Variables
  • add the automation of the tag creation if the tag doesn't exists in JC role
  • add the possibility to define which users need to be tagged for that host's tag

License


MIT

Author Information


Author Marco Massari Calderone at Inviq UK Ltd

Inspired by Barney Hanlon's Galaxy role ansible-jumpcloud