Management User

This is a role for managing a management user.

Requirements

• Hosts must be prepared for Ansible (must have Python and other dependencies)
• Root access is required (set become: yes)
• The commands useradd, userdel, and usermod must be available on the host
• Sudo must be enabled (note: this role will enable sudoers.d if it’s not already enabled)

Role Variables

The lists management_user_list, _list_host, and _list_group will be combined when managing the users. You can specify users for individual hosts or groups using these lists.

Details about management_user_settings

By default, a user with the following settings will be created:

management_user_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

management_user_settings:
  name: management
  comment: Ansible
  shell: '/bin/bash'
  authorized_keys:
    - key: "{{ management_user_key }}"
      exclusive: yes
  sudo:
    hosts: ALL
    as: ALL
    commands: ALL
    nopasswd: yes

If using the default settings, you can change the SSH key with the management_user_key variable.

However, it is recommended to use your own custom user settings. More information about available options can be found in the documentation for the GROG user, authorized-key, and sudo roles.

Dependencies

• GROG.user
• GROG.authorized-key
• GROG.sudo

Example Playbook

---
- hosts: all
  roles:
  - { role: GROG.management-user, become: yes }

Contributing

We welcome any help, changes, or ideas here!

Author

Created by G. Roggemans

License

MIT