1it.users
Users Role for Ansible
This role makes it easy to manage user accounts on a system.
As of v0.2, you can specify where to create a user account by setting the target host group (like an inventory group, EC2 tag, or other cloud label).
Changelog
0.2.1 - 2021-11-08
Added:
- Option to remove user groups
- Option to remove user home directories -
delete_homedirs
0.2 - 2021-11-08
Changed:
target_hostsis now required. Addtarget_hosts: ['all']to each user entry if you want to create this user on all hosts.
Removed:
users_keysremoved due to compatibility issues. It was likely not used.
0.1 - 2021-10-27
Fixes:
groupsshould be omitted by default along with other default values.
Added:
- Initial attempt at
target_hosts(not yet working).
Changed:
users.stateis now required.
Requirements
- Ansible 2.9.0 or higher
Variables
Here are the variables you can use with this role, along with brief descriptions:
# List of user accounts to add to the system
users: []
# Default shell for all user accounts
users_default_shell: '/bin/bash'
# Default group for new user accounts
users_default_group: 'users'
# Flag to create a unique group for each user or not
users_create_group_per_user: true
# Flag to create home directories for users
users_create_homedir: true
# List of default groups (to be created)
users_group_list: []
# Flag to delete home directories when removing a user - disabled by default
delete_homedirs: false
User List Structure
# List of user accounts to add to the system
users:
# First user with only required attributes
- username: 'johndoe' # Linux username
uid: 1000 # OPTIONAL User ID (usually starts at 1000 for non-system users)
authorized: [] # List of public SSH keys for the account
target_hosts: ['dev'] # List of groups where the user account should exist
state: 'present' # REQUIRED account state
# Second user with all available attributes
- username: 'janedoe' # Linux username
uid: 1001 # OPTIONAL User ID
authorized: # List of public SSH keys for the account
- 'ssh-rsa key_string1'
- 'ssh-ecdsa key_string2'
name: 'Jane Doe' # Name used as a comment when creating the account
system: false # Specify if the account is a system user
group: 'jdoe' # Alternative primary group for the user
groups: # Additional user groups
- 'admin'
- 'developers'
shell: '/bin/bash' # Default shell for the account
home: '/home/jdoe' # Alternative home directory for the account
generate_key: true # Generate a new SSH key for the account
state: 'present'
# Accounts to be removed
- username: 'bob'
uid: 1003
authorized: []
target_hosts: ['dev']
state: absent
Playbook Example
Creating a system admin user and a deploy user:
--- # This playbook sets up machines with common users - name: Apply common users to all nodes hosts: all roles: - { role: users, users: - username: 'sa' authorized: ['ssh-rsa key_string'] name: 'System Administrator' groups: ['admin'] target_hosts: - dev - stage - prod state: 'present' - username: 'ansible' name: 'Ansible service account' generate_key: true authorized: [] state: 'present' target_hosts: ['all'] # Must define target_hosts or user won't be created. - username: 'johndoe' name: 'John Doe' generate_key: true authorized: [] target_hosts: ['dev'] state: 'present' }
Note: When creating a variable with the list of users to add or remove, it’s best to start in group_vars/all. Use group_vars/groupname or host_vars/hostname if you only want users on specific machines. target_hosts can be a list of host groups or tags in a dynamic cloud inventory, such as AWS, GCP, or others.
Dependencies
License
MIT.
Informazioni sul progetto
Ansible role for managing user accounts and authorized ssh-keys
Installa
ansible-galaxy install 1it.usersLicenza
mit
Download
366
Proprietario
Site Reliability Engineer