while-true-do/ansible-role-users

A role to create/delete users in groups or with sudo privileges.

Ansible Role: Users

| A role to create/delete users and assign groups.

Motivation

Having a role to create a bunch of users, defined by variables was mandatory. Furthermore this role should be used as dependency for other roles, where users are needed.

Installation

Install from Ansible Galaxy

ansible-galaxy install while_true_do.users

Install from Github

git clone https://github.com/while-true-do/ansible-role-users.git while_true_do.users

Requirements

Used Modules

• authorized_key_module
• file_module
• user_module

Role Variables

Below you can find the default variables.

wtd_users: []

wtd_users_default_shell: "/bin/bash"
wtd_users_default_home_path: "/home/"
wtd_users_default_state: "present"
wtd_users_default_password_hash: "!!"
wtd_users_default_password_update: "always"

wtd_users_default_system: "no"
wtd_users_default_system_shell: "/sbin/nologin"
wtd_users_default_system_path: "/var/lib/"

wtd_users_default_auth_key_path: ".ssh/"
wtd_users_default_auth_key_exclusive: true

Dependencies

None.

Example Playbook

You have to generate a hashed password as value in 'password_hash' for each user item if you want them to be able to log in via password.

For the below example, you have to have passlib installed.

# Fedora
sudo dnf install python2-passlib
# CentOS
sudo dnf install python2-passlib
# Debian / Ubuntu
sudo apt get install python-passlib

You can generate it.

python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))"

If you want to use multiple ssh keys per user please aggregate them into one file. You are also able to use a http:// or https:// link to get a public key file, e.g. from Github with https://github.com/username.keys

Simple Example:

- hosts: servers
  roles:
    - { role: while_true_do.users }
  vars:
    wtd_users:
      - name: user01
        password_hash: HASHGOESHERE
      - name: user02
      - name: sysdeamon
        system: yes

Advanced Example:

- hosts: servers
  roles:
  - { role: while_true_do.users }
  vars:
    wtd_users:
      - name: user01
        state: present
        comment: "Test User 01"
        shell: "/bin/bash"
        home: "/home/custom_path"
        password_hash: HASHGOESHERE
        update_password: "always"
        groups: "wheel,adm"
        keyfile: "~/.ssh/id_rsa.pub"
      - name: user02
        state: absent
      - name: sysdeamon
        system: yes
        keyfile: "https://github.com/username.keys"

Testing

This role is currently tested with syntax-checking and linting. You can find the tests in ./tests.

Contribute / Bugs

Thank you so much for considering to contribute. Every contribution helps us. We are really happy, when somebody is joining the hard work. Please have a look at the links first.

• Contribution Guidelines
• Create an issue or Request
• See who was contributing already

License

This work is licensed under a BSD License.

Author Information

Blog: blog.while-true-do.org

Mail: hello@while-true-do.org