Skip to content

Instantly share code, notes, and snippets.

@fulv fulv/main.yml
Last active Apr 23, 2019

Embed
What would you like to do?
Ansible - Creating users and copying ssh keypair files to the remote server
Put this in your `local-configure.yml` file, add as many users as you need:
users:
- name: fulvio
sudoer: yes
auth_key: ssh-rsa blahblahblahsomekey this is actually the public key in cleartext
- name: plone_buildout
group: plone_group
sudoer: no
auth_key: ssh-rsa blahblahblah ansible-generated on default
keyfiles: keyfiles/plone_buildout
In your playbook root folder, create a folder `keyfiles`. In it, create a subfolder for
each username for which you want to copy keyfiles to the server. Put the private and public key files,
as well as any other files, such as `known_hosts` in the user subfolder.
Add the follwing line in `playbook.yml` under `roles:` (e.g. right under `- role: ANXS.hostname`):
- role: create_users
Copy the gist file `main.yml` to `/roles/create_users/tasks`.
Now run your playbook.
That's it!
---
# vars:
# users:
# - name: steve
# sudoer: yes
# auth_key: ssh-rsa ...
- name: Ensure plone_group
group: name=plone_group
# see http://docs.ansible.com/ansible/user_module.html
- name: Add users
user:
name={{ item.name }}
system={{ item.sudoer }}
shell=/bin/bash
append=yes
groups={{ item.group }}
# this is just a default password, I think it's SHA512 for "changeme"
password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0
update_password=on_create
when: item.group is defined
with_items: users
- name: Add users
user:
name={{ item.name }}
system={{ item.sudoer }}
shell=/bin/bash
password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0
update_password=on_create
when: item.group is not defined
with_items: users
- name: Add .ssh directories
file:
path=/home/{{ item.name }}/.ssh
state=directory
mode=0700
owner={{ item.name }}
group={{ item.group|default(item.name) }}
with_items: users
- name: Add keys
lineinfile:
dest=/home/{{ item.name }}/.ssh/authorized_keys
state=present
create=yes
line="{{ item.auth_key }}"
owner={{ item.name }}
group={{ item.group|default(item.name) }}
mode=0644
when: item.auth_key is defined
with_items: users
- name: Add to sudoers
copy:
dest: /etc/sudoers.d/{{ item.name }}
content: |
{{ item.name }} ALL=(ALL) ALL
{{ item.name }} ALL=(plone_daemon, plone_buildout) NOPASSWD:ALL
{{ item.name }} ALL=(root) NOPASSWD:/usr/bin/supervisorctl
#
when: item.sudoer
with_items: users
- name: SSH keys
copy:
src={{ item.keyfiles }}/
dest=/home/{{ item.name }}/.ssh/
owner={{ item.name }}
group={{ item.group|default(item.name) }}
mode=0600
when: item.keyfiles is defined
with_items: users
@tumainimosha

This comment has been minimized.

Copy link

commented Oct 3, 2018

When trying to follow through the instructions here I faced error message

"The task includes an option with an undefined variable. 
The error was: 'ansible.utils.unsafe_proxy.AnsibleUnsafeText object' has no attribute 'name'
\n\nThe error appears to have been in '/path/to/current_dir/roles/create_users/tasks/main.yml': 
line 25, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.
\n\nThe offending line appears to be:\n\n\n- name: Add users\n  ^ here\n"}

After googling the issue I found a solution here ansible/ansible#23496 (comment)

Seems from ansible v2.2 with_items requires explicit wrapping.

So i changed in main.yml

with_items: users

to

with_items: "{{ users }}"

and it worked for me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.