Using Ansible To Create And Manage Users (Linux / Raspberry Pi)

If you have multiple Linux devices (e.g. multiple Raspberry Pi computers) and multiple user accounts that need access to those devices (i.e. maybe a Code Club of pupils) and want their own user accounts on the devices it could be a lengthy process managing the accounts and devices. Which is where Ansible (https://www.ansible.com/) comes into play.

In previous posts (available here: https://geektechstuff.com/?s=ansible) I have looked at installing Ansible, the basics of Ansible commands and using Ansible to configure a firewall and hosts files.

In this blog post I am going to use Ansible to:

Create user accounts and home folders on multiple devices
Create a group on multiple devices
Remove user accounts from multiple devices
Copy SSH keys to user’s home folder

First up though, a brief overview of Ansible playbooks. Ansible playbooks are used to give Ansible a set of instructions (a play) to carry out. Ansible playbooks are written in YAML (YAML Ain’t Markup Language). The playbooks make use of the Jinja engine, which is why you may see this sort of thing: {{ “name” }}. The following lines are used in my playbooks:

hosts – this is the hosts that Ansible should carry the instructions out on. The hosts are read from the Ansible hosts file. “all” tells Ansible to carry the instructions out on all hosts in the hosts file.
become – tells Ansible to become root.
tasks – are the steps (instructions) that you want Ansible to carry out. Each task has a -name.
– name – is the name of the step of the playbook and displays whilst that step is being carried out.

Reading Variables From The Playbook

geektechstuff_ansible_user_management_1 — Including the variables in the Ansible Playbook

My first attempt at an Ansible playbook for this project saw me including the username variables within the playbook (lines 4 through 9 on the above image). This worked okay for a limited number of variables and whilst I was testing the basics but as I started to expand what I wanted to the playbook to do I decided to move the variables into their own YAML (.yml) file.

Playbook, variables in a YAML file and more!

After moving the variables to their own YAML file called “users.yml” I expanded the playbook to contain a few mores tasks.

Adding coders group

Creates a new group on the device. I wanted to do this so that all users created via the Ansible playbook also all belong to a new group.

Adding users

This creates the users. It reads the variable for the username from the users.yml file, specifically the “users:” section. The playbook also creates the users with a password of “password” on creation. I want to tidy this up on future versions of the playbook. The password is only set on creation of the user account, if the user account already exists then the password is not changed. This step also adds the user accounts to the group “Coders”

Create SSH folders

Creates the SSH within the users home folder. Needed to contain the SSH public key.

Create authorised key file

Creates the “Authorized_Keys” file within the SSH folder.

Copy SSH key to users home folder

Copies the Users public key file from the device running Ansible to the other devices and places the file into the users home folder.

Remove user account

Reads the “users_to_remove” section of users.yml and removes any of the user accounts that match. “Remove” tells Ansible to remove the user account and the user account home folder. If this line is remove then the user account is removed but the home folder remains, which may be a good thing if you want to save any work the user has done.