In this blog, let us go through step by step instructions provided to create multiple users, set password for individual users, create SSH keys and user must change password during the next logon. I’m writing this blog as I could not find example for end to end automation for this simple use case as on the day of writing this blog 🙂

Below are the list of required files and its content.
ansible.cfg
[defaults] inventory=inventory remote_user=admin ask_pass=False ansible_python_interpreter=/usr/bin/python3.6 [privilege_escalation] become=True become_method=sudo become_user=root become_ask_pass=False
inventory
[worker_nodes] localbox1 localbox2 localbox3
add_users.yml
--- - name: Create New Users hosts: all become: true gather_facts: false vars_files: - users_pass.yml - usernames.yml tasks: - name: Create Users, Home Directory and add to groups user: name: "{{ item }}" password: "{{ user_pass | password_hash('sha512', user_salt) }}" shell: /bin/bash system: no state: present createhome: yes groups: append: yes home: "/home/{{ item }}" generate_ssh_key: yes ssh_key_bits: 2048 ssh_key_file: .ssh/id_rsa update_password: on_create with_items: - "{{ names }}" register: user_status - name: shell: chage -d 0 "{{ item }}" with_items: - "{{ names }}" when: user_status.changed
usernames.yml
names: - "alpha" - "beta" - "cuda"
users_pass.yml {Ansible Vault Encrypted}
$ANSIBLE_VAULT;1.1;AES256 61343830346137346265383361303764343134386663353637633131326336623331633533383166 6232363536343564323435623664343233653464346334370a656330346330316535373231326137 65626233666539646237303663663862633037383835646434386434653831306334313135633764 3865383365373133310a326530343039303762343161383835306539303833653937366339356239 36333839646666626537613134313662336535316466393261633236653136303436616532383231 6666323833316161343963353436343865643433636235646431
Follow the below steps to create users, passwords, home directory and SSH keys.
- Install Ansible and add managed nodes
- Create a directory called “playbooks”
- Create all above files and place it in playbooks except user_pass.yml
- Create encrypted user_pass.yml to store user password
- Enter a password common for all users in one line and save as user_pass.yml
- Run ansible-vault create user_pass.yml command and enter vault password
- To edit the file in future use ansible-vault edit user_pass.yml and provide the vault password
- To view the file use ansible-vault viewwuser_pass.yml and provide the vault password
- Run ansible-playbook add_users.yml –syntax-check –ask-vault-pass and enter vault password to check the playbook syntax(If any errors let me know in comments section)
- Run ansible-playbook add_users.yml –ask-vault-pass and enter vault password to execute the playbook on managed nodes
- Save vault password to a hidden file and replace –ask-vault-pass with –vault-password-file .vault_pass.key. Make sure proper access rights set to secure the vault password file
- Test by logging in to the managed nodes using the new user accounts. It will prompt to change the password after the logon.
Hope you’ve followed all the steps and able to create multiple users using ansible automation.
If you enjoyed this post, I’d be very grateful if you’d help it spread by emailing it to a friend, or sharing it on Twitter or Facebook. Thank you!
What am I missing here? Let me know in the comments and I’ll add it in!