An Ansible role, available via Ansible Galaxy, that creates user accounts on Ubuntu and sets them up for SSH access. The following options are configurable:
- Disallowing SSH password authentication
- Disallowing root SSH access
This role works with our repo to create a vagrant virtualbox vm, but is easily modifed to work with actual ubuntu boxes.
You'll probably want to amend / override:
defaults/main.yml
Preusming a requirements.yml
as follows:
# Install a role from GitHub
- name: ansible-role-users
src: https://github.com/jcdarwin/ansible-role-users
We can install the role locally, using a requirements.yml
file:
# Install a role from GitHub
- name: ansible-role-users
src: https://github.com/jcdarwin/ansible-role-users
path: roles/
Install the role:
ansible-galaxy install -r requirements.yml -p ./roles
You'll need to provide a public key for the public_key
variable that can be used to access the box as a given user.
Available variables are listed below, along with default values as found in defaults/main.yml
:
# the users to create
# each user gets a /home directory
users:
- deploy
- git
# the main group to use when creating the user
user_group: wheel
# the groups the user should belong to
user_groups: ssh,wheel,www-data,sudo
# users in the following groups get SSH access to the machine
# note that the value is space-separated
allow_groups: ssh vagrant
# the public key value to use to allow the user ssh access
public_key: '~/.ssh/id_rsa.pub'
# do we want to disallow root ssh access?
disallow_root_ssh: true
# do we want to disallow password ssh access?
disallow_password_ssh: true
None.
Our hosts
file, as generated by our repo to create a vagrant virtualbox vm:
[vagrant]
host1 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 ansible_user=vagrant ansible_ssh_private_key_file=../.vagrant/machines/default/virtualbox/private_key
We include a playbook at main.yml
.
Running the playbook:
# Note that we're presuming our hosts file has been generated by our vagrant repo
ansible all -m ping -i ../vagrant/ansible/hosts -l all
ansible-playbook -l all main.yml -i ../vagrant/ansible/hosts
# Check that we can access the server
ssh deploy@127.0.0.1 -p 2222
sudo -s
Note that after running this playbook you'll have improved security by updating the public key for the user vagrant
, but this means you'll no longer be able to vagrant ssh
. Instead you'll have to use the following (presuming you've kept the same key in the defaults/main.yml
):
ssh vagrant@127.0.0.1 -p 2222 -i ~/.ssh/id_rsa
MIT