Configure users, group, SSH keys and administrative sudo access. The role can:
- Add and remove groups
- Add and remove users
- Install SSH keys for users
- Configure sudo to allow root access for the administration group
Tested on:
- Ubuntu 14.04 LTS
Should work with:
- All Ubuntu
- All Debian
- All EL 6,7 based distros
- users
A list containing dictionaries of configuration. Each list item can have the following elements. Italic text indicates the default.
- name required
- state (present)
- uid
- group (item.name)
- groups
- shell ({{ users_default_shell }})
- comment (Unknown user)
- password ({{ users_default_password }})
- home (/home/{{item.name}})
- createhome ({{ users_create_homedirs }})
- system
- is_admin
users_default_password is set to watching the default password is for new accounts for the given OS, e.g. !!
All other variable defaults are given below.
is_admin is a boolean. If set, the user is added to the OSs admin group.
All other items correspond to the ansible users module parameters.
users:
- name: alice
comment: Alice
password: '$6$hE1TkH.X$F9flUhXGiL8zI4lOioqp1FxN8L8HrMbuP4ZFVbv5MnyeQFAhIAsbTmT6t7.p93FgyiJo3U/aJeiGHzCTUvA.s.'
is_admin: yes
groups:
- devs
- mgmt
- name: bob
state: absent- users_groups
A list of user groups to create. Each list item can have the following elements. Italic text indicates the default.
- name required
- state (present)
- system
- gid
users_groups:
- name: devs
gid: 1000
- name: mgmt
gid: 2000
- name: hr
state: absent- users_ssh_keys
A list of users, each containing a key with a list of public SSH keys as its value.
- name
- keys
name is the username.
keys is a list of public SSH keys.
users_ssh_keys:
- name: alice
keys:
- ssh-rsa AAAA..... alice@somewhere.com
- ssh-rsa AAAA..... alice@elsewhere.com
- name: bob
keys:
- ssh-rsa AAAA.... bob@somewhere.com- users_default_shell
The default shell for a user if none is specified. Defaults to /bin/bash
- users_create_homedirs
Create home dirs for new users? Set this to false if you manage home directories in some other way. Defaults to true.
- users_per_user_groups
Create groups for users with the same name as the users group. Defaults to true
- users_manage_admin_sudoers
If true, create sudo configuration to allow users in the admin group to become root via sudo. Defaults to true
- users_admin_uses_ansible
If true, assume the admin group is also used to run Ansible jobs. This disables requiretty for the admin group in the sudoers configuration. Defaults to true
- users_admin_sudo_password
If true require a password for sudo, false to not require a password. Defaults to true
None
---
- hosts: all
sudo: true
vars:
users_admin_sudo_password: false
roles:
- role: willshersystems.users
users:
- name: carl
uid: 1010
comment: 'Carl Crisp'
is_admin: yes
groups:
- beancounters
- name: ec_user
state: absent
users_groups:
- name: beancounters
users_ssh_keys:
- name: carl
keys:
- ssh-rsa AAAA....... carl@accounts.example.comLGPLv3
Matt Willsher, matt@willsher.systems
(c)2015 Willsher Systems