We have hundreds of Linux servers and requirement came in our email stating” Babin create below users in all Linux servers by referring attachment with approved given privileges” Oh no it takes time.
In fact, it takes time for manual intervention to create user accounts across number or servers. So we have decided to create an ansible playbook to automate the task in remote servers with specific UID, GID, “Gecos” information, Shell and user passwords. This is how we have managed to create the groups and users in remote servers using Ansible. Let see how can achieve this.
Requirement:
- Create three groups “nixadmins” with GID (2010), “office” with GID (2011), “warehouse” with GID (2012). Each group should have there specific GID.
- Create five users. User “sysadmin” should be the privileged account with UID “2001” and he allowed to participate in all the groups with “nixadmins” as his primary group. He should have a bash shell and his ssh key should be in place.
- User “bobin” should be the unprivileged account with UID “2002” and he allowed to participate in only “office” group. All other settings are applied for him same as “sysadmin” user.
- User “lonston” should have UID “2003” remaining all other settings refer to user “bobin”.
- Create a user “rajesh” with GID “2004” He is a Unix admin should have all the privileges. And he will participate in “office” and “warehouse” groups. His primary group should be “nixadmins”. Remaining settings applied same as user “sysadmin”.
- Create a user Temporary account “guest001” with UID “2004” without privilege and he will be a collaborator under “warehouse” group. His home directory should not be created and his account should expire on 1st May 2018.
- At last, remove the unwanted system account “games” from all the servers.
Here we are using an empty password for the user “guest001” and force him to create his own password at first login.
If we need to create and use the password in Ansible playbook better we need to stick with encrypted hash passwords using python or using the mkpasswd command.
[ansible@ansible ~]$ python -c 'import crypt; print crypt.crypt("redhat@1234567", "$1$SomeSalt$")' $1$SomeSalt$ZpW3Lbd6PK5Sj1rF279et0
Above all tasks can be done using ansible playbook. I’m running this playbook using the command.
[ansible@ansible ~]$ ansible-playbook add_user_in_remote_servers.yml -i hosts
Find the full playbook as follow.
---
- hosts: oel7_prod
gather_facts: no
connection: ssh
tasks:
- name: Add group "nixadmins" to remote server
remote_user: ansible
become: yes
become_method: sudo
group:
name: nixadmins
gid: 2010
state: present
- name: Add group "Office" to the remote server
remote_user: ansible
become: yes
become_method: sudo
group:
name: office
gid: 2011
state: present
- name: Add group "Warehouse" to the remote server
remote_user: ansible
become: yes
become_method: sudo
group:
name: warehouse
gid: 2012
state: present
- name: Add user "sysadmin" to the remote server
remote_user: ansible
become: yes
become_method: sudo
user:
name: sysadmin
comment: "Privileged User"
uid: 2001
group: nixadmins
groups: office,warehouse
append: yes
shell: /bin/bash
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: .ssh/id_rsa
- name: Add user "Bobin" to the remote server
remote_user: ansible
become: yes
become_method: sudo
user:
name: bobin
comment: "Accountant UnPrivileged User"
uid: 2002
group: office
shell: /bin/bash
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: .ssh/id_rsa
- name: Add user "Lonston" to the remote server
remote_user: ansible
become: yes
become_method: sudo
user:
name: lonston
comment: "Content creator UnPrivileged User"
uid: 2003
group: office
shell: /bin/bash
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: .ssh/id_rsa
- name: Add user "Rajesh" to the remote server
remote_user: ansible
become: yes
become_method: sudo
user:
name: rajesh
comment: "Unix Admin Privileged User"
uid: 2004
group: nixadmins
groups: office,warehouse
append: yes
shell: /bin/sh
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: .ssh/id_rsa
- name: Add user "Guest001" to the remote server
remote_user: ansible
become: yes
become_method: sudo
user:
name: guest001
comment: "Temp account"
uid: 2005
group: warehouse
shell: /bin/bash
createhome: no
password: ''
expires: 1525198731
- name: Force user "Guest001" to change the password
remote_user: ansible
become: yes
become_method: sudo
command:
chage -d 0 guest001
- name: Remove user "Games" from remote server
remote_user: ansible
become: yes
become_method: sudo
user:
name: games
state: absent
remove: yes
That’s it we are now good to go for any number of servers by replacing host group name “oel7_prod” in few seconds we can achieve our user creation requirements.
Conclusion:
We have managed to create the number of users and groups across remote servers, it’s pretty easier to create with a playbook for our daily tasks, Hope this helps you. Provide your feedback and improvement plans by commenting in below comment section.
