Benutzer-Werkzeuge

Webseiten-Werkzeuge


de:sysadmin:tools:ansible-playbook-create-user

Ansible Playbook: Benutzer Anlegen (Ubuntu)

getestet mit Ansible 2.4 und Ansible 2.9

Playbook

Die gehashten Passwörter kann man mit dem Befehl mkpasswd1) erstellen.

Oder man nimmt python:

$ python3 -c 'import crypt,getpass; print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512)))'
# create_users.yml    
---
- name: create unix users | example_org/base_ubuntu_1804/create_users.yml
  hosts: all
  vars:
    HOMEBASEDIR: /home
  user: root
 
  # create hashed passwords with:
  # mkpasswd --method=SHA-512

  tasks:

  - name: remove user ubuntu
    action: user name=ubuntu state=absent

  - name: create group admin
    action: group name=admin state=present

  - import_tasks: ../../global/tasks/create_user_with_password.yml
    vars:
      NEWUSER: anna
      GECOS: 'Anna Beispiel'
      GROUP: anna
      GROUPS: sudo,users,admin
      UID: 2001
      GID: 2001
      SH: /bin/bash
      HOMEDIR: "{{ HOMEBASEDIR }}/{{ NEWUSER }}"
      PW: "$6$ETscEAa6yKI8MxFi$RKLDaBucb1T8u6GJi7bpAUItiqoYPC0fiBvdhfm1zvR9MEGrxBTl3XbtYzmh4aUiihqQb867yfbuHBTJ08uxP1"
      AUTHKEY: "{{ lookup('file', '../../global/files/ssh_keys/user_anna_authorized_keys' ) }}"

  - import_tasks: ../../global/tasks/create_user_with_password.yml
    vars:
      NEWUSER: marido
      GECOS: 'Marido Ejemplo'
      GROUP: marido
      GROUPS: users
      UID: 2002
      GID: 2002
      SH: /bin/bash
      HOMEDIR: "{{ HOMEBASEDIR }}/{{ NEWUSER }}"
      PW: "$6$JblRfDK5FYJrlOeJ$/mCLaksiKDT4KbkZBavLLKEA9ziATLImbOJGnr79wqptvM961eUZSYgSY12TVY81vJdazaxrk6zxq.hjhNmiq."
      AUTHKEY: "{{ lookup('file', '../../global/files/ssh_keys/user_marido_authorized_keys') }}"

Tasks

---
# global/tasks/create_user_with_password.yml 
# create unix user
 
  # create group
    - name: create group for user
      action: group name="{{ GROUP }}" gid="{{ GID }}" state=present
 
  # create user
    - name: create user "{{ NEWUSER }}" / change Password of "{{ NEWUSER }}" to default
      action: user name="{{ NEWUSER }}" group="{{ GROUP }}" groups="{{ GROUPS }}" uid="{{ UID }}"
              shell="{{ SH }}" comment="{{ GECOS }}"
              password="{{ PW }}" home="{{ HOMEDIR }}"
 
  # create .ssh directory
    - name: create .ssh directory if not there yet
      file: path="{{ HOMEDIR }}/.ssh" state=directory mode=0700 owner="{{ NEWUSER }}" group="{{ GROUP }}"
 
  # create / append to authorized_keys file
    - name: authorized_keys for "{{ NEWUSER }}"
      authorized_key: user="{{ NEWUSER }}" key="{{ AUTHKEY }}"
1)
mkpasswd ist bei OpenSuse im Paket whois zu finden
de/sysadmin/tools/ansible-playbook-create-user.txt · Zuletzt geändert: 2019-10-09 00:08 von hella

Seiten-Werkzeuge