Skip to content

socketwench/ansible-role-users-and-groups

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
tests
tests
 
 
vars
vars
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Ansible Role: Users and Groups

Creates users and groups for Debian/Ubuntu Linux.

Requirements

None.

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml).

To create a user with all defaults, and who's primary group is the same as their username:

server_users:
  - name: "ash"
    password: "imnotarobot"

Groups

There is no separate groups variable. They are instead part of the server_users variable.

To specify the primary group name and alternate groups:

server_users:
  - name: "ash"
    password: "imnotarobot"
    group: "primarygroupname"
    groups:
      - "anothergroup"
      - "more-groups-here"

SSH Keys

By default, all users created by this role are generated a new SSH key:

server_users_ssh_key_generate: yes
server_users_ssh_key_bits: "4096"

You can override this per user too:

server_users:
  - name: "ash"
    password: "imnotarobot"
    ssh_key_generate: yes
    ssh_key_bits: "4096"

SSH Authorized keys

Sometimes you want to also set the authorized keys so people can log in using public keys instead of passwords. To set that for all users:

server_users_auth_keys: "{{ contents_of_ssh_authorized_keys }}"

Where the contents of the variable is the same as the ~/.ssh/authorized_keys files.

You can also override this per user:

server_users:
  - name: "ash"
    password: "imnotarobot"
    auth_keys: "{{ contents_of_ssh_authorized_keys }}"

Default shell

The default shell is bash. To can override this for all users:

server_users_shell: "/bin/bash"

You can also specify a shell for a particular user. This overrides the above default:

server_users:
  - name: "ash"
    password: "imnotarobot"
    shell: "/bin/zsh"

By default, the role does not log task actions for security reasons. To enable logging:

server_users_no_log: true

Ansible configurations

This role also distributes an .ansible.cfg file to each user's home directory. This allows you to override the default role_path and no_cows settings:

server_users_ansible_role_path:  "~/.ansible/roles"
server_users_ansible_nocows: 1
server_users_ansible_log: false
server_users_ansible_log_path: '~/ansible.log'

Again, you can do this per user:

server_users:
  - name: "ash"
    password: "imnotarobot"
    ansible_role_path: "/etc/ansible/roles"
    ansible_nocows: 0
    ansible_log: true
    ansible_log_path: "/home/ash/logs/ansible.log"

Removing and deleting users

You can also remove users by using the state variable:

server_users:
  - name: "ash"
    state: absent

If you wish to also delete their home directory, use remove:

server_users:
  - name: "ash"
    state: absent
    remove: yes

Dependencies

None.

Example Playbook

server_users:
  - name: "ash"
    password: "imnotarobot"
    group: "wy"
    groups:
      - "scidiv"
  - name: "kane"
    password: "ihateeggs"
    shell: "/bin/ksh"
    ssh_key_generate: no

License

GPL 3.0.

Author Information

This role was created in 2017 by socketwench.

About

An Ansible role that sets up users and groups

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published