/ansible-user

Create and configure a user for SSH key based logins and passwordless sudo.

MIT LicenseMIT

What is ansible-user? Build Status

It is an Ansible role to:

  • Create user groups
  • Create a single user, add it to any groups you created and configure its shell
  • Set your public SSH key as an authorized key so you can login without a password
  • Enable passwordless sudo

Why would you want to use this role?

When you spin up a new server, you'll often want to set up a non-root user that you can login as and run your applications under. That's because running your applications as root is a questionable idea from a security point of view.

This role sets you up to do that, but it also includes a few other user related tasks, such as what's listed in the above bullets. Having all of these things together in 1 role means less work for you to do!

Supported platforms

  • Ubuntu 16.04 LTS (Xenial)
  • Ubuntu 18.04 LTS (Bionic)
  • Debian 8 (Jessie)
  • Debian 9 (Stretch)

Role variables

# Optionally create additional user groupss. If empty, the user you create will
# automatically be a part of their user's group, ie. deploy:deploy.
user_groups: []

# The user you want to create.
user_name: "deploy"

# Which shell should you default to? Typically "bash" or "sh".
user_shell: "/bin/bash"

# Do you want to create an SSH keypair for this user? You probably don't for a
# regular user that you plan to login as which is why it's disabled by default.
user_generate_ssh_key: False

# When set, this will copy your local SSH public key from this path to your
# user's authorized keys on your server.
#
# If you don't want this behavior then use an empty string as the value but keep
# in mind this role does not set a default password for the user you create, so
# you will be locked out if you don't supply your public SSH key.
user_local_ssh_key_path: "~/.ssh/id_rsa.pub"

# Do you want to enable running root commands without needing a password?
user_enable_passwordless_sudo: True

Example usage

For the sake of this example let's assume you have a group called app and you have a typical site.yml playbook.

To use this role edit your site.yml file to look something like this:

---

- name: "Configure app server(s)"
  hosts: "app"
  become: True

  roles:
    - { role: "nickjj.user", tags: "user" }

Let's say you want to edit the user name, you can do this by opening or creating group_vars/app.yml which is located relative to your inventory directory and then make it look something like this:

---

user_name: "thor"

Now you would run ansible-playbook -i inventory/hosts site.yml -t user.

Installation

$ ansible-galaxy install nickjj.user

Ansible Galaxy

You can find it on the official Ansible Galaxy if you want to rate it.

License

MIT