Ansible is a configuration management and deployment tool for servers. In this blog, we will go over how to use the create user functionality in Linux so that you can create users on your system with ease.
The “ansible create linux user with password” is a function that allows users to create new Linux users. This can be done by using the “ansible-playbook” utility.
Ansible create user capability is worth investigating if you want to create and manage users in a Linux system without sacrificing security. With a single playbook and a single command, Ansible create users allows you to handle users and user characteristics efficiently.
In this article, you’ll learn how to utilize the Ansible create user module to quickly create and manage users.
Continue reading to create a plethora of people with various qualities!
Prerequisites
This tutorial includes detailed instructions. If you want to join in, make sure you have the following items:
Related: Ansible Setup Guide (Ubuntu, RHEL, CentOS, macOS)
- A Linux computer located somewhere – To demonstrate the create user feature, this article utilizes Ubuntu 20.04.3 LTS as the remote node.
- An inventory file has been created, and one or more hosts have been set up to perform Ansible commands and playbooks. Myserver is the name of the remote Linux machine, and web is the inventory group for this lesson.
- Both your Ansible controller host and the remote node workstation must have Python 3.6 or later installed. On an Ubuntu system, this course needs Python 3.8.10.
How Do You Install Python 3.6? Related:
Using Ansible Ad Hoc Commands to Create Linux Users
Do you intend to rapidly create a user? Ad hoc instructions will get the job done. Ad hoc commands allow you to quickly execute a single command on a remote computer and deploy the modifications you specify.
Open your terminal and log in to your Ansible controller host. Now, using the ansible.builtin.user module, execute the ansible command below to connect to the web server (-m).
The -a option instructs Ansible to establish a new user (adambertram) on the remote node with the uid (uid=1041) you gave in the command.
web -m ansible “name=adambertram uid=1041 group=admin” ansible.builtin.user -a
Following the completion of the command, you’ll receive a CHANGED message, as shown below, confirming that Ansible successfully created the new user on the remote host using the parameters listed below, as shown by the changed: true result, as well as further information.
Ad Hoc Command for Creating a New User on the Linux System
Creating and Managing Users with Ansible Playbook
An ad-hoc operation may suffice for establishing a single user or managing a single user’s characteristic, but generating or maintaining hundreds of users might be difficult. Instead of utilizing ad-hoc commands, use the ansible-playbook command to connect the Ansible create user capability with a playbook.
1. Log in to the Ansible controller host for the first time.
2. Create the /ansible create user directory and change to it using the following instructions. This directory will hold the playbook as well as all of the necessary configuration files for using the Ansible create user module.
mkdir /ansible create user /ansible create user cd /ansible create user
3. In the /ansible create user directory, use your preferred text editor and create a file named main.yml. The contents of the following YAML playbook should be copied and pasted into the main.yml file.
The script that follows establishes the user and controls user properties including name, group, state, shell type, and home directory.
Run the cat /etc/shells command on the Linux computer to see what valid login shells are available at the moment.
— – name: Ansible Create user functionlity module demo hosts: web # Defining the remote server inventory host group # Defining the remote server where the ansible create user module # will manage the objects remote_user: ubuntu # Using Remote user as ubuntu tasks: # name – Defines the username that is present or to create # groups – Adds users in secondary groups or use groups # state: present – Creates a user or works with a user # state: absent – Deletes a user # shell – Specifies shell-type a user can work on # home – Sets a user’s home directory # createhome: yes – Create a home directory for a user # createhome: no – Do not create a home directory for a user # Creating the user Adam Listek – name: Add the user ‘Adam Listek’ with a specific uid and a primary group of ‘sudo’ ansible.builtin.user: name: adamlis comment: AdamListek uid: 1077 group: sudo createhome: yes # Defaults to yes home: /home/adamlis # Defaults to /home/<username> # Adding the user qa_editor in the editor group – name: Add group “editor” to remote node group: name: qa_editor gid: 2212 state: present # Adding the user Rochela in the qa_editor group and bash shell – name: Add the user ‘Rochella’ with a bash shell, appending the group ‘editor’ to the user’s groups ansible.builtin.user: name: rochella shell: /bin/bash groups: qa_editor append: yes # Removing the user shanky from the system – name: Remove the user ‘Shanky’ if present in the linux system ansible.builtin.user: name: shanky3 state: absent remove: yes
4. Invoke the playbook (main.yml) that runs the actions to create users on the remote host by using the command below. The user ubuntu is specified via the -u argument, and the —become flag elevates ubuntu to superuser.
main.yml ansible-playbook -u ubuntu —become
Some tasks have changed status, indicating that the remote host was not in the right condition and had to be adjusted to perform the command. Other jobs with an OK status, on the other hand, do not need any adjustments.
Creating and managing users using the Ansible playbook
5. Finally, execute the cat command to see whether Ansible built all of the objects indicated in the main.yml playbook.
As you can see in the screenshot below, Ansible generated all of the users using the user IDs supplied in the main.yml file.
Using ansible-playbook to inspect the users
Using Ansible Playbook to Generate Secure User Passwords
You already know how to create a user without a password, which is acceptable if you just need it for testing. However, establishing a user password is a necessary in order to protect the user account.
You’ll create a safe encrypted password and use it to protect a user password in the playbook. But first, you’ll need to install the whois program, which includes the mkpasswd application for password generation.
1. Use the apt package manager to install the whois software package on your PC using the following command.
Installing the whois program, which includes the mkpasswd tool
2. Run the mkpasswd command (—method=sha-512) to produce an encrypted password.
—method=sha-512 mkpasswd
If you provide a user password in the prompt, you’ll see an encrypted password produced, as seen below.
Creating a password that is encrypted
Create a playbook called main secure.yaml and put the code below into it.
The script below creates the user matt with the uid 1053, sudo group, and the encrypted password produced in step two.
— – name: Ansible Create user functionlity module demo hosts: web # Defining the remote server where the ansible create user module will manage the objects remote_user: ubuntu # Using Remote user as ubuntu tasks: – name: Add the user ‘Matt’ with a specific uid and a primary group of ‘sudo’ ansible.builtin.user: name: matt comment: matt_ata uid: 1053 group: sudo password: ‘$6$kjPn3KClxO.Lujw$BjDr2y4vvJK3Q.C/nLET.A/FD9OxN6DNASmLetapq9LiXVVlTrYnvlEGuITZiVkV3JhX.vbsZ68/hnbdRsYnx1’ createhome: yes # Defaults to yes home: /home/matt # Defaults to /home/<username>
4. Finally, use the ansible-playbook command to run the main secure.yaml playbook, which will create a secure password user. The -u ubuntu command instructs the remote system to use the ubuntu user while also granting sudo capabilities through the —become command.
main secure.yaml -u ubuntu —become ansible-playbook
Using the Ansible playbook to set a safe password for the user
SSH Key Generation for Remote Node Authentication
If users need to connect in to distant nodes securely, they may use either a username and password or SSH keys. SSH keys are extremely secure sets of cryptographic keys that are used for authentication. In this example, you’ll use an Ansible playbook to create SSH keys for a user.
Copy/paste the following code into a playbook called ssh.yaml. The script below generates SSH keys for the user matt in his home directory, which you can use to authenticate.
—- – demo hosts: web Ansible SSH functionality module # The remote server on which the ansible create user module will handle the items remote user: ubuntu # Ubuntu tasks using a remote user: # Create a 2048-bit SSH key for user matt in matt/.ssh/id rsa in the.ssh directory – name: generate ssh key: yes ssh key bits: 2048 ssh key file: /.ssh/id rsa ansible.builtin.user: name: matt
Now run the command below to run the ssh.yaml playbook, which produces SSH keys for a user (matt).
—become ansible-playbook ssh.yaml -u ubuntu
Ansible playbook for generating the user’s SSH keys
Password Expiry Dates for Linux Users: Setting and Removing
Creating user accounts is just the beginning of managing them. In user account administration, setting and deleting password expiration dates is also critical. Users cannot execute any system functions if their credentials expire.
1. Assuming you’re still on the Ansible controller host node, create a new playbook called expiry.yaml and save the code below. The playbook below sets and removes password expiration dates for various users.
—- – demo hosts: web # Defining the remote server where the ansible create user module # will handle the items remote user: ubuntu # Using Ubuntu tasks as a remote user: – name: To define the time restriction for the QA Tester’s account to expire ansible.builtin.user: rochella groups: qa editor expires: 1422403388 shell: /bin/zsh – name: Removing the user shanky’s expiration time ansible.builtin.user: name: shanky expires: -1 – name: Set the maximum password expiry date for AdamListek user adamlis password expire max: 16 – name: Set the minimum password expiry date for AdamListek user adamlis password expire min: 6
2. Now use the command below to start the playbook (expiration.yaml), which sets and removes users’ password expiry dates automatically.
Using the Ansible playbook to handle password expiration for users
3. Finally, execute the command below to see whether Ansible changed the user’s (adamlis) properties, such as password expiry, correctly.
The maximum number of days between password changes for user adamlis is set to 16 and the minimum to 6.
Expiry Information for a User’s Password
Conclusion
You’ve learnt how to specify several Ansible create user functions in a playbook to create and manage Linux users during this lesson. You may use the Ansible create module to quickly interact with Linux users and user characteristics on remote systems.
Would you rather utilize Ansible as an automated tool to help you generate and manage Linux users?
The “ansible add user to sudoers” is a command-line tool that allows users to create functionality in Linux. This can be done by adding the user to the sudoers file, which gives them access to run commands as root.
Related Tags
- ansible playbook to create user and password
- ansible playbook for user management in linux
- ansible check if user exists in /etc/passwd
- ansible playbook create multiple user with password
- ansible create user with home directory