Skip to content

Instantly share code, notes, and snippets.

@fulv

fulv/main.yml

Last active August 31, 2023 09:06
Show Gist options
  • Star 29 You must be signed in to star a gist
  • Fork 14 You must be signed in to fork a gist
  • Save fulv/3928d098e8c35af1cc5363a4d2d4fcd0 to your computer and use it in GitHub Desktop.
Save fulv/3928d098e8c35af1cc5363a4d2d4fcd0 to your computer and use it in GitHub Desktop.
Download ZIP
Ansible - Creating users and copying ssh keypair files to the remote server
Raw
gistfile1.txt
Put this in your `local-configure.yml` file, add as many users as you need:
users:
- name: fulvio
sudoer: yes
auth_key: ssh-rsa blahblahblahsomekey this is actually the public key in cleartext
- name: plone_buildout
group: plone_group
sudoer: no
auth_key: ssh-rsa blahblahblah ansible-generated on default
keyfiles: keyfiles/plone_buildout
In your playbook root folder, create a folder `keyfiles`. In it, create a subfolder for
each username for which you want to copy keyfiles to the server. Put the private and public key files,
as well as any other files, such as `known_hosts` in the user subfolder.
Add the follwing line in `playbook.yml` under `roles:` (e.g. right under `- role: ANXS.hostname`):
- role: create_users
Copy the gist file `main.yml` to `/roles/create_users/tasks`.
Now run your playbook.
That's it!
Raw
main.yml
---
# vars:
# users:
# - name: steve
# sudoer: yes
# auth_key: ssh-rsa ...
- name: Ensure plone_group
group: name=plone_group
# see http://docs.ansible.com/ansible/user_module.html
- name: Add users
user:
name={{ item.name }}
system={{ item.sudoer }}
shell=/bin/bash
append=yes
groups={{ item.group }}
# this is just a default password, I think it's SHA512 for "changeme"
password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0
update_password=on_create
when: item.group is defined
with_items: users
- name: Add users
user:
name={{ item.name }}
system={{ item.sudoer }}
shell=/bin/bash
password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0
update_password=on_create
when: item.group is not defined
with_items: users
- name: Add .ssh directories
file:
path=/home/{{ item.name }}/.ssh
state=directory
mode=0700
owner={{ item.name }}
group={{ item.group|default(item.name) }}
with_items: users
- name: Add keys
lineinfile:
dest=/home/{{ item.name }}/.ssh/authorized_keys
state=present
create=yes
line="{{ item.auth_key }}"
owner={{ item.name }}
group={{ item.group|default(item.name) }}
mode=0644
when: item.auth_key is defined
with_items: users
- name: Add to sudoers
copy:
dest: /etc/sudoers.d/{{ item.name }}
content: |
{{ item.name }} ALL=(ALL) ALL
{{ item.name }} ALL=(plone_daemon, plone_buildout) NOPASSWD:ALL
{{ item.name }} ALL=(root) NOPASSWD:/usr/bin/supervisorctl
#
when: item.sudoer
with_items: users
- name: SSH keys
copy:
src={{ item.keyfiles }}/
dest=/home/{{ item.name }}/.ssh/
owner={{ item.name }}
group={{ item.group|default(item.name) }}
mode=0600
when: item.keyfiles is defined
with_items: users
@tumainimosha
Copy link

When trying to follow through the instructions here I faced error message

"The task includes an option with an undefined variable. 
The error was: 'ansible.utils.unsafe_proxy.AnsibleUnsafeText object' has no attribute 'name'
\n\nThe error appears to have been in '/path/to/current_dir/roles/create_users/tasks/main.yml': 
line 25, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.
\n\nThe offending line appears to be:\n\n\n- name: Add users\n  ^ here\n"}

After googling the issue I found a solution here ansible/ansible#23496 (comment)

Seems from ansible v2.2 with_items requires explicit wrapping.

So i changed in main.yml

with_items: users

to

with_items: "{{ users }}"

and it worked for me

@lovesaikrishna
Copy link

Hello,

Could you please review below code and let me know what is missing?

Requirement: Add multiple users along with their home directories & ssh_keys, authorized_keys2 files to each, do let me know if you have any questions.

Add users & keys to destination servers

  • hosts: lb:app2
    tasks:
    • name: Add list of users
      user:
      name: "{{ item.name }}"
      uid: "{{ item.uid }}"
      groups: "{{ item.groups }}"
      comment: "{{ item.comment }}"
      password: " {{ item.password }}"
      state: present
      with_items:
      • { name: testuser1, uid: 1002, groups: "wheel, automate", comment: "{{ 'AM Admin ID' }}", password: "{{ '$6$wsix5/A0$Qs46M8HtJXzcpA/ZnvagCPmiXsxl4ifzn.' }}" }
      • { name: testuser2, uid: 1003, groups: "automate", comment: "{{ 'HM Admin ID' }}", password: "{{ '$6$gs3YJV06SUyD89ZNioh2IfVmC14bbqFWWpfC9E/' }}" }
    • name: Create .ssh dir & Insert keys
      file:
      path: /home/{{ item.name }}/.ssh
      state: directory
      owner: "{{ item.name }}"
      group: "{{ item.group|default(item.name) }}"
      mode: 0600
      with_items: "{{ users }}"

Error that I have when I execute

TASK [Create .ssh dir & Insert keys] **************************************************************************************************************************************************************************
fatal: [lb1]: FAILED! => {"msg": "'users' is undefined"}
fatal: [app2]: FAILED! => {"msg": "'users' is undefined"}

PLAY RECAP ****************************************************************************************************************************************************************************************************
app2 : ok=2 changed=0 unreachable=0 failed=1
lb1 : ok=2 changed=0 unreachable=0 failed=1

root@rhel75-test16:/root/ansible/playbooks/>

Thank you!

@qubeio
Copy link

qubeio commented Dec 4, 2020

Thanks for sharing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment