-
-
Save fulv/3928d098e8c35af1cc5363a4d2d4fcd0 to your computer and use it in GitHub Desktop.
Put this in your `local-configure.yml` file, add as many users as you need: | |
users: | |
- name: fulvio | |
sudoer: yes | |
auth_key: ssh-rsa blahblahblahsomekey this is actually the public key in cleartext | |
- name: plone_buildout | |
group: plone_group | |
sudoer: no | |
auth_key: ssh-rsa blahblahblah ansible-generated on default | |
keyfiles: keyfiles/plone_buildout | |
In your playbook root folder, create a folder `keyfiles`. In it, create a subfolder for | |
each username for which you want to copy keyfiles to the server. Put the private and public key files, | |
as well as any other files, such as `known_hosts` in the user subfolder. | |
Add the follwing line in `playbook.yml` under `roles:` (e.g. right under `- role: ANXS.hostname`): | |
- role: create_users | |
Copy the gist file `main.yml` to `/roles/create_users/tasks`. | |
Now run your playbook. | |
That's it! |
--- | |
# vars: | |
# users: | |
# - name: steve | |
# sudoer: yes | |
# auth_key: ssh-rsa ... | |
- name: Ensure plone_group | |
group: name=plone_group | |
# see http://docs.ansible.com/ansible/user_module.html | |
- name: Add users | |
user: | |
name={{ item.name }} | |
system={{ item.sudoer }} | |
shell=/bin/bash | |
append=yes | |
groups={{ item.group }} | |
# this is just a default password, I think it's SHA512 for "changeme" | |
password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0 | |
update_password=on_create | |
when: item.group is defined | |
with_items: users | |
- name: Add users | |
user: | |
name={{ item.name }} | |
system={{ item.sudoer }} | |
shell=/bin/bash | |
password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0 | |
update_password=on_create | |
when: item.group is not defined | |
with_items: users | |
- name: Add .ssh directories | |
file: | |
path=/home/{{ item.name }}/.ssh | |
state=directory | |
mode=0700 | |
owner={{ item.name }} | |
group={{ item.group|default(item.name) }} | |
with_items: users | |
- name: Add keys | |
lineinfile: | |
dest=/home/{{ item.name }}/.ssh/authorized_keys | |
state=present | |
create=yes | |
line="{{ item.auth_key }}" | |
owner={{ item.name }} | |
group={{ item.group|default(item.name) }} | |
mode=0644 | |
when: item.auth_key is defined | |
with_items: users | |
- name: Add to sudoers | |
copy: | |
dest: /etc/sudoers.d/{{ item.name }} | |
content: | | |
{{ item.name }} ALL=(ALL) ALL | |
{{ item.name }} ALL=(plone_daemon, plone_buildout) NOPASSWD:ALL | |
{{ item.name }} ALL=(root) NOPASSWD:/usr/bin/supervisorctl | |
# | |
when: item.sudoer | |
with_items: users | |
- name: SSH keys | |
copy: | |
src={{ item.keyfiles }}/ | |
dest=/home/{{ item.name }}/.ssh/ | |
owner={{ item.name }} | |
group={{ item.group|default(item.name) }} | |
mode=0600 | |
when: item.keyfiles is defined | |
with_items: users |
Hello,
Could you please review below code and let me know what is missing?
Requirement: Add multiple users along with their home directories & ssh_keys, authorized_keys2 files to each, do let me know if you have any questions.
Add users & keys to destination servers
- hosts: lb:app2
tasks:- name: Add list of users
user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
groups: "{{ item.groups }}"
comment: "{{ item.comment }}"
password: " {{ item.password }}"
state: present
with_items:- { name: testuser1, uid: 1002, groups: "wheel, automate", comment: "{{ 'AM Admin ID' }}", password: "{{ '$6$wsix5/A0$Qs46M8HtJXzcpA/ZnvagCPmiXsxl4ifzn.' }}" }
- { name: testuser2, uid: 1003, groups: "automate", comment: "{{ 'HM Admin ID' }}", password: "{{ '$6$gs3YJV06SUyD89ZNioh2IfVmC14bbqFWWpfC9E/' }}" }
- name: Create .ssh dir & Insert keys
file:
path: /home/{{ item.name }}/.ssh
state: directory
owner: "{{ item.name }}"
group: "{{ item.group|default(item.name) }}"
mode: 0600
with_items: "{{ users }}"
- name: Add list of users
Error that I have when I execute
TASK [Create .ssh dir & Insert keys] **************************************************************************************************************************************************************************
fatal: [lb1]: FAILED! => {"msg": "'users' is undefined"}
fatal: [app2]: FAILED! => {"msg": "'users' is undefined"}
PLAY RECAP ****************************************************************************************************************************************************************************************************
app2 : ok=2 changed=0 unreachable=0 failed=1
lb1 : ok=2 changed=0 unreachable=0 failed=1
root@rhel75-test16:/root/ansible/playbooks/>
Thank you!
Thanks for sharing
When trying to follow through the instructions here I faced error message
After googling the issue I found a solution here ansible/ansible#23496 (comment)
Seems from ansible v2.2 with_items requires explicit wrapping.
So i changed in
main.yml
to
and it worked for me