Tag Archives: ansible

ansible create user and upload ssh key

---
- hosts: all_servers
vars:
ansible_python_interpreter: auto_legacy_silent
users:
- "user1"
- "user2"
- "user2"
tasks:
- name: "Ensure group admin exists"
group:
name: admin
state: present
- name: "Create user accounts"
user:
name: "{{ item }}"
groups: "admin"
shell: /bin/bash
with_items: "{{ users }}"
- name: "Add authorized keys"
authorized_key:
user: "{{ item }}"
key: "{{ lookup('file', 'files/'+ item + '.pub') }}"
with_items: "{{ users }}"
- name: "Allow admin users to sudo without a password"
lineinfile:
dest: "/etc/sudoers" # path: in version 2.3
state: "present"
regexp: "^%admin"
line: "%admin ALL=(ALL) NOPASSWD: ALL"

Create SSH user keys in files directory:

ssh-keygen -t rsa -f ~/files/user1.pub -C user1
ssh-keygen -t rsa -f ~/files/user2.pub -C user2
ssh-keygen -t rsa -f ~/files/user3.pub -C user3

Run ansible yaml:
ansible-playbook users_create.yaml

That will create 3 users in all_servers group with sudo privileges.

ansible change root password


ansible change root password command line

pwgen -n 15 -c 1
soo2Echu7SooLao

using new python3:
python3 -c "import crypt; print(crypt.crypt('soo2Echu7SooLao', '\$6\$eyoo3seivengu3cei'))"
$6$eyoo3seivengu3ce$U30IkaHvd9Zmf4PPl1ZVR0G4coP6JZFwW/uxMkiVZV8vL2WjZaYrmsalfJ9snLjGR8rGKhCEyZpX5cRhAIf.R0

using old python2:
python -c 'import crypt; print crypt.crypt("soo2Echu7SooLao", "$6$saltsalt$")'

If you are getting error File "", line 1
import crypt; print crypt.crypt
SyntaxError: invalid syntax
use python3

using Perl:
perl -e 'print crypt("soo2Echu7SooLao","\$6\$saltsalt\$") . "\n"'

ansible -i inv xx.xx.xx.xx -m user -a ' name=root password=$6$eyoo3seivengu3ce$U30IkaHvd9Zmf4PPl1ZVR0G4coP6JZFwW/uxMkiVZV8vL2WjZaYrmsalfJ9snLjGR8rGKhCEyZpX5cRhAIf.R0' -k

SSH password:
xx.xx.xx.xx | success >> {
"append": false,
"changed": true,
"comment": "root",
"group": 0,
"home": "/root",
"move_home": false,
"name": "root",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 0
}

about Ansible

Ansible is an open source IT configuration management, deployment, and
orchestration tool. It is unique from other management tools in many respects,
aiming to provide large productivity gains to a wide variety of automation
challenges. While Ansible provides more productive drop-in replacements
for many core capabilities in other automation solutions, it also seeks to solve
other major unsolved IT challenges by unifying configuration, deployment, and
complex IT process orchestration.
One of the most important challenges in this environment is to do all of the
above while providing a robust, easy to manage architecture–a problem that is
frequently not well solved in this application space. A management tool should
not impose additional demands on one’s environment–in fact, one should have
to think about it as little as possible. It should be transparent and maximize
productivity gains. Let’s see how Ansible achieves these gains using a unique
agentless architecture.

Ansible Secure and Agentless

Ansible relies on the most secure remote management system available as its default transport layer: OpenSSH. OpenSSH is available for a wide variety of platforms, is very lightweight, and as security issues in OpenSSH are discovered, they are patched quickly.

Further, Ansible does not require any remote agents. It delivers Ansible modules to remote systems and executes tasks, as needed, to enact the desired configuration. These modules run with user-supplied credentials, including support for sudo and even Kerberos, and clean up after themselves when complete. Ansible does not require root privileges, specific SSH keys, or dedicated users and respects the security model of the system under management.

As a result, Ansible has a very low attack surface area and is quite easy to bootstrap.