Soumya Biswas's blog
Ansible to create multiple groups, users, create password and assign different password to them

Ansible to create multiple groups, users, create password and assign different password to them

Soumya Biswas's photo
Soumya Biswas
·

3 min read

Introduction:

In this module, I am going to demonstrate the power of the ansible to create multiple users, store the password securely in ansible vault and assign them to the users with specific role.

Requirements:

  1. Basic knowledge of Linux

  2. Ansible installed in a Linux machine

Tasks:

  1. At first, I have created a vault file to store the passwords of the group users.

  2. Vault file can be created with below command:

ansible-vault create filename.yml

It will ask to enter a “new password” and confirm the password. This will be used to encrypt the vault file.

3. The content of the vault file can’t be seen with “cat” command.

4. To view the content of the vault file, the below command is used:

ansible-vault view vaultfile.yml
#Next it will ask the vault password which was used at the time of encryption

5. Next, I have started building the playbook and declared the variables. In grp_name, I have mentioned the groups to be created and in users, I have mentioned the user names and their associated posts/roles. In “vars_files”, I have declared the vault file name.

6. Next, I wrote my 1st task to create groups.

item” is the variable which will pull the values from “grp_name” variable.

7. Next, I wrote the tasks to create users according to their positions.

In above playbook, item.name will pull the values of name parameter defined under user variable and when condition is set to filter the names with their relevant posts.

8. If we try to execute the below command, it will not work because the ansible-vault file is included in the playbook and I need to provide its password to run the playbook.

This can be done in two ways. Either “ — ask-vault-pass” parameter can be passed while executing the playbook or the vault password can be saved in a file and can be mentioned at the time of execution of playbook like “ — vault-password-file file-path”.

In below, I have saved the vault password in vaultpass.yml file and provided the maximum level of secure permission to it i.e., only the owner has the read access.

9. Since the syntax is ok, I have executed playbook.

10. I have verified that the users are created and assigned to proper group.

We have also verified the same from /etc/passwd file that the users are created and /etc/group file that the groups are created.

Users are also able to access their home directory.

Thank you!!!!

To know about me, check my profile in Linkedin.

Devopsansibleansible-playbookAWSLinux