Last active
March 29, 2025 14:42
-
-
Save fulv/3928d098e8c35af1cc5363a4d2d4fcd0 to your computer and use it in GitHub Desktop.
Ansible - Creating users and copying ssh keypair files to the remote server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Put this in your `local-configure.yml` file, add as many users as you need: | |
| users: | |
| - name: fulvio | |
| sudoer: yes | |
| auth_key: ssh-rsa blahblahblahsomekey this is actually the public key in cleartext | |
| - name: plone_buildout | |
| group: plone_group | |
| sudoer: no | |
| auth_key: ssh-rsa blahblahblah ansible-generated on default | |
| keyfiles: keyfiles/plone_buildout | |
| In your playbook root folder, create a folder `keyfiles`. In it, create a subfolder for | |
| each username for which you want to copy keyfiles to the server. Put the private and public key files, | |
| as well as any other files, such as `known_hosts` in the user subfolder. | |
| Add the follwing line in `playbook.yml` under `roles:` (e.g. right under `- role: ANXS.hostname`): | |
| - role: create_users | |
| Copy the gist file `main.yml` to `/roles/create_users/tasks`. | |
| Now run your playbook. | |
| That's it! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # vars: | |
| # users: | |
| # - name: steve | |
| # sudoer: yes | |
| # auth_key: ssh-rsa ... | |
| - name: Ensure plone_group | |
| group: name=plone_group | |
| # see http://docs.ansible.com/ansible/user_module.html | |
| - name: Add users | |
| user: | |
| name={{ item.name }} | |
| system={{ item.sudoer }} | |
| shell=/bin/bash | |
| append=yes | |
| groups={{ item.group }} | |
| # this is just a default password, I think it's SHA512 for "changeme" | |
| password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0 | |
| update_password=on_create | |
| when: item.group is defined | |
| with_items: users | |
| - name: Add users | |
| user: | |
| name={{ item.name }} | |
| system={{ item.sudoer }} | |
| shell=/bin/bash | |
| password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0 | |
| update_password=on_create | |
| when: item.group is not defined | |
| with_items: users | |
| - name: Add .ssh directories | |
| file: | |
| path=/home/{{ item.name }}/.ssh | |
| state=directory | |
| mode=0700 | |
| owner={{ item.name }} | |
| group={{ item.group|default(item.name) }} | |
| with_items: users | |
| - name: Add keys | |
| lineinfile: | |
| dest=/home/{{ item.name }}/.ssh/authorized_keys | |
| state=present | |
| create=yes | |
| line="{{ item.auth_key }}" | |
| owner={{ item.name }} | |
| group={{ item.group|default(item.name) }} | |
| mode=0644 | |
| when: item.auth_key is defined | |
| with_items: users | |
| - name: Add to sudoers | |
| copy: | |
| dest: /etc/sudoers.d/{{ item.name }} | |
| content: | | |
| {{ item.name }} ALL=(ALL) ALL | |
| {{ item.name }} ALL=(plone_daemon, plone_buildout) NOPASSWD:ALL | |
| {{ item.name }} ALL=(root) NOPASSWD:/usr/bin/supervisorctl | |
| # | |
| when: item.sudoer | |
| with_items: users | |
| - name: SSH keys | |
| copy: | |
| src={{ item.keyfiles }}/ | |
| dest=/home/{{ item.name }}/.ssh/ | |
| owner={{ item.name }} | |
| group={{ item.group|default(item.name) }} | |
| mode=0600 | |
| when: item.keyfiles is defined | |
| with_items: users |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
Could you please review below code and let me know what is missing?
Requirement: Add multiple users along with their home directories & ssh_keys, authorized_keys2 files to each, do let me know if you have any questions.
Add users & keys to destination servers
tasks:
user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
groups: "{{ item.groups }}"
comment: "{{ item.comment }}"
password: " {{ item.password }}"
state: present
with_items:
file:
path: /home/{{ item.name }}/.ssh
state: directory
owner: "{{ item.name }}"
group: "{{ item.group|default(item.name) }}"
mode: 0600
with_items: "{{ users }}"
Error that I have when I execute
TASK [Create .ssh dir & Insert keys] **************************************************************************************************************************************************************************
fatal: [lb1]: FAILED! => {"msg": "'users' is undefined"}
fatal: [app2]: FAILED! => {"msg": "'users' is undefined"}
PLAY RECAP ****************************************************************************************************************************************************************************************************
app2 : ok=2 changed=0 unreachable=0 failed=1
lb1 : ok=2 changed=0 unreachable=0 failed=1
root@rhel75-test16:/root/ansible/playbooks/>
Thank you!