rembik.users
Ansible Role: Users
This role helps you manage users and their groups on your system.
Requirements
- You need access to a package repository, usually online.
- Make sure to use a recent version of Ansible (the last two stable major versions have been tested).
You can install required roles using ansible-galaxy install -r requirements.yml:
---
- rembik.bootstrap
Role Variables
Default settings are found in defaults/main.yml:
---
# Default settings for users
# Create a group for each user
users_group_per_user: yes
# The default primary group for all users if no group is created for them
users_group: users
# Create a home directory for new users
users_create_home: yes
# Default sudo privileges for users
users_sudo_options: "ALL=(ALL) NOPASSWD: ALL"
# Default shell for users
users_shell: /bin/bash
# Directory for storing SSH keys
users_ssh_key_dir: ssh_keys
# List of users to manage
users: []
# List of user groups to manage
users_groups: []
You can overwrite these variables in group_vars/all or group_vars/group_name.
Users Variable
The users variable includes users you want to create, modify, or delete. Each user is listed as a dictionary with the following options:
| Parameter | Defaults | Description |
|---|---|---|
name |
required | Name of the user. |
state |
present / absent | Should the user exist or not? |
comment |
Optional description for the user. | |
uid |
Optional user ID. | |
group |
user.name | Primary group for the user. |
gid |
Group ID if the primary group is different. | |
groups |
List of additional groups for the user. | |
append |
no / yes | Should the user be added to groups? |
password |
! | Set the user's password if needed. |
update_password |
always / on_create | When to update the password. |
create_home |
yes / no | Create a home directory for the user. |
home |
/home/user.name | Custom home directory for the user. |
shell |
/bin/bash | Custom shell for the user. |
profile |
Custom profile block. | |
cron |
no / yes | Permissions for crontab files. |
sudo |
no / yes | Sudo permissions for the user. |
sudo_options |
ALL=(ALL) NOPASSWD: ALL | Custom sudo options for the user. |
ssh_key |
Authorized SSH keys for the user. | |
generate_ssh_key |
no / yes | Generate SSH key for the user if not present. |
remove |
no / yes | Remove associated directories when deleting user. |
force |
no / yes | Force removal of user and directories. |
Groups Variable
The users_groups variable includes groups you want to manage. Each group is listed in a dictionary:
| Parameter | Defaults | Description |
|---|---|---|
name |
required | Name of the group. |
state |
present / absent | Should the group exist or not? |
gid |
Optional group ID. |
Dependencies
Generally, there are no dependencies for this role. If you use it with rembik.bootstrap, it will connect to the remote host using the defined bootstrap_user.
Example Playbook
Here's a simple example of how to use this role:
---
- name: User Management
hosts: all
gather_facts: no
become: yes
roles:
- role: rembik.bootstrap
- role: rembik.users
vars:
users_ssh_key_dir: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
users_groups:
- name: users
- name: bin
users:
- name: nouser
comment: No User
create_home: no
- name: molecule
comment: Ansible Test User
uid: 2001
home: /home/test
cron: yes
sudo: yes
generate_ssh_key: yes
- name: administrator
comment: Administrator
uid: 2002
groups: [users]
cron: yes
sudo: yes
profile: |
alias ll='ls -lah'
alias cp='cp -iv'
ssh_key:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABWBILQeRSYYmGea/WIf6kd... [email protected]"
- name: user
comment: User
uid: 2003
groups: [users]
shell: /bin/sh
generate_ssh_key: yes
Role Tests
This role is tested with various Linux distributions and versions.
Contributing
If you encounter any issues, please report them on the GitHub issue page. You can also contribute code by following this guideline.
License
Apache-2.0
Author Information
- Robert de Bock robert@meinit.nl
- Brian Rimek https://github.com/rembik
This role manages users and their groups on your system.
ansible-galaxy install rembik.users