In this blog, let us go through step by step instructions provided to create multiple users, set password for individual users, create SSH keys and user must change password during the next logon. I’m writing this blog as I could not find example for end to end automation for this simple use case as on the day of writing this blog 🙂
Below are the list of required files and its content.
ansible.cfg
[defaults]
inventory=inventory
remote_user=admin
ask_pass=False
ansible_python_interpreter=/usr/bin/python3.6
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
inventory
[worker_nodes]
localbox1
localbox2
localbox3
add_users.yml
---
- name: Create New Users
hosts: all
become: true
gather_facts: false
vars_files:
- users_pass.yml
- usernames.yml
tasks:
- name: Create Users, Home Directory and add to groups
user:
name: "{{ item }}"
password: "{{ user_pass | password_hash('sha512', user_salt) }}"
shell: /bin/bash
system: no
state: present
createhome: yes
groups:
append: yes
home: "/home/{{ item }}"
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: .ssh/id_rsa
update_password: on_create
with_items:
- "{{ names }}"
register: user_status
- name:
shell: chage -d 0 "{{ item }}"
with_items:
- "{{ names }}"
when: user_status.changed
usernames.yml
names:
- "alpha"
- "beta"
- "cuda"
users_pass.yml {Ansible Vault Encrypted}
$ANSIBLE_VAULT;1.1;AES256
61343830346137346265383361303764343134386663353637633131326336623331633533383166
6232363536343564323435623664343233653464346334370a656330346330316535373231326137
65626233666539646237303663663862633037383835646434386434653831306334313135633764
3865383365373133310a326530343039303762343161383835306539303833653937366339356239
36333839646666626537613134313662336535316466393261633236653136303436616532383231
6666323833316161343963353436343865643433636235646431
Follow the below steps to create users, passwords, home directory and SSH keys.
- Install Ansible and add managed nodes
- Create a directory called “playbooks”
- Create all above files and place it in playbooks except user_pass.yml
- Create encrypted user_pass.yml to store user password
- Enter a password common for all users in one line and save as user_pass.yml
- Run ansible-vault create user_pass.yml command and enter vault password
- To edit the file in future use ansible-vault edit user_pass.yml and provide the vault password
- To view the file use ansible-vault viewwuser_pass.yml and provide the vault password
- Run ansible-playbook add_users.yml –syntax-check –ask-vault-pass and enter vault password to check the playbook syntax(If any errors let me know in comments section)
- Run ansible-playbook add_users.yml –ask-vault-pass and enter vault password to execute the playbook on managed nodes
- Save vault password to a hidden file and replace –ask-vault-pass with –vault-password-file .vault_pass.key. Make sure proper access rights set to secure the vault password file
- Test by logging in to the managed nodes using the new user accounts. It will prompt to change the password after the logon.
Hope you’ve followed all the steps and able to create multiple users using ansible automation.
If you enjoyed this post, I’d be very grateful if you’d help it spread by emailing it to a friend, or sharing it on Twitter or Facebook. Thank you!
What am I missing here? Let me know in the comments and I’ll add it in!
This is a great post and it has really helped me in my own lab.