socketwench.users-and-groups

Ansible Role: Users and Groups

This role creates users and groups on Debian/Ubuntu Linux.

Requirements

No special requirements.

Role Variables

Here are the variables you can use, along with their default values (found in defaults/main.yml).

To create a user with default settings, where their main group is the same as their username:

server_users:
  - name: "ash"
    password: "imnotarobot"

Groups

You don't need a separate variable for groups; they are included in the server_users variable.

To set a primary group name and additional groups:

server_users:
  - name: "ash"
    password: "imnotarobot"
    group: "primarygroupname"
    groups:
      - "anothergroup"
      - "more-groups-here"

SSH Keys

By default, this role creates a new SSH key for each user:

server_users_ssh_key_generate: yes
server_users_ssh_key_bits: "4096"

You can change this setting for specific users too:

server_users:
  - name: "ash"
    password: "imnotarobot"
    ssh_key_generate: yes
    ssh_key_bits: "4096"

SSH Authorized Keys

If you want users to log in using public keys instead of passwords, you can set up authorized keys for them:

server_users_auth_keys: "{{ contents_of_ssh_authorized_keys }}"

This variable should contain the same values as the ~/.ssh/authorized_keys file.

You can also set this for individual users:

server_users:
  - name: "ash"
    password: "imnotarobot"
    auth_keys: "{{ contents_of_ssh_authorized_keys }}"

Default Shell

The default shell is bash. You can change this for all users:

server_users_shell: "/bin/bash"

For a specific user, you can set a different shell:

server_users:
  - name: "ash"
    password: "imnotarobot"
    shell: "/bin/zsh"

By default, task actions are not logged for security reasons. To enable logging:

server_users_no_log: true

Ansible Configurations

This role also adds an .ansible.cfg file to each user’s home directory, allowing you to change the default settings:

server_users_ansible_role_path:  "~/.ansible/roles"
server_users_ansible_nocows: 1
server_users_ansible_log: false
server_users_ansible_log_path: '~/ansible.log'

You can specify these settings for individual users:

server_users:
  - name: "ash"
    password: "imnotarobot"
    ansible_role_path: "/etc/ansible/roles"
    ansible_nocows: 0
    ansible_log: true
    ansible_log_path: "/home/ash/logs/ansible.log"

Removing and Deleting Users

To remove a user, you can set the state variable:

server_users:
  - name: "ash"
    state: absent

If you want to delete their home directory as well, use remove:

server_users:
  - name: "ash"
    state: absent
    remove: yes

Dependencies

No dependencies.

Example Playbook

Here’s an example of how to use this role:

server_users:
  - name: "ash"
    password: "imnotarobot"
    group: "wy"
    groups:
      - "scidiv"
  - name: "kane"
    password: "ihateeggs"
    shell: "/bin/ksh"
    ssh_key_generate: no

License

This role is licensed under GPL 3.0.

Author Information

This role was created in 2017 by socketwench.

Informazioni sul progetto

Creates users and groups for Linux

role debian server system ubuntu users

Installa

ansible-galaxy install socketwench.users-and-groups

GitHub repository

0 stelle

0 fork

1 problemi aperti

Licenza

gpl-3.0

Download

334

Proprietario

socketwench