Using Ansible To Create And Manage Users (Linux / Raspberry Pi)

If you have multiple Linux devices (e.g. multiple Raspberry Pi computers) and multiple user accounts that need access to those devices (i.e. maybe a Code Club of pupils) and want their own user accounts on the devices it could be a lengthy process managing the accounts and devices. Which is where Ansible (https://www.ansible.com/) comes into play.

In previous posts (available here: https://geektechstuff.com/?s=ansible) I have looked at installing Ansible, the basics of Ansible commands and using Ansible to configure a firewall and hosts files.

In this blog post I am going to use Ansible to:

  • Create user accounts and home folders on multiple devices
  • Create a group on multiple devices
  • Remove user accounts from multiple devices
  • Copy SSH keys to user’s home folder

First up though, a brief overview of Ansible playbooks. Ansible playbooks are used to give Ansible a set of instructions (a play) to carry out. Ansible playbooks are written in YAML (YAML Ain’t Markup Language). The playbooks make use of the Jinja engine, which is why you may see this sort of thing: {{ “name” }}.  The following lines are used in my playbooks:

  • hosts – this is the hosts that Ansible should carry the instructions out on. The hosts are read from the Ansible hosts file. “all” tells Ansible to carry the instructions out on all hosts in the hosts file.
  • become – tells Ansible to become root.
  • tasks – are the steps (instructions) that you want Ansible to carry out. Each task has a -name.
  • – name – is the name of the step of the playbook and displays whilst that step is being carried out.

Reading Variables From The Playbook

geektechstuff_ansible_user_management_1
Including the variables in the Ansible Playbook

My first attempt at an Ansible playbook for this project saw me including the username variables within the playbook (lines 4 through 9 on the above image). This worked okay for a limited number of variables and whilst I was testing the basics but as I started to expand what I wanted to the playbook to do I decided to move the variables into their own YAML (.yml) file.

Playbook, variables in a YAML file and more!

Contents of users.yml
Contents of users.yml

After moving the variables to their own YAML file called “users.yml” I expanded the playbook to contain a few mores tasks.

  • Adding coders group

Creates a new group on the device. I wanted to do this so that all users created via the Ansible playbook also all belong to a new group.

  • Adding users

This creates the users. It reads the variable for the username from the users.yml file, specifically the “users:” section. The playbook also creates the users with a password of “password” on creation. I want to tidy this up on future versions of the playbook. The password is only set on creation of the user account, if the user account already exists then the password is not changed. This step also adds the user accounts to the group “Coders”

  • Create SSH folders

Creates the SSH within the users home folder. Needed to contain the SSH public key.

  • Create authorised key file

Creates the “Authorized_Keys” file within the SSH folder.

  • Copy SSH key to users home folder

Copies the Users public key file from the device running Ansible to the other devices and places the file into the users home folder.

  • Remove user account

Reads the “users_to_remove” section of users.yml and removes any of the user accounts that match. “Remove” tells Ansible to remove the user account and the user account home folder. If this line is remove then the user account is removed but the home folder remains, which may be a good thing if you want to save any work the user has done.

geektechstuff_ansible_user_management_2
Variables in their own YAML file (imo) makes managing the playbook easier

 

geektechstuff_ansible_user_management_3

I have uploaded my Ansible playbooks for this project to my GitHub:

https://github.com/geektechdude/AnsiblePlaybook_User_Management_Debian

geektechstuff_ansible_user_management_5
Contents of the folder containing the playbook

Note: I’ve not finished with the SSH settings yet – more to come in a future blog post.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.