Tag Archives: ansible

ansible add user sudo and upload SSH public key

---
- hosts: 127.0.0.1
user: root

tasks:
- group: name=mygroup state=present

- name: Add user to mygroup
user: name=myuser groups=mygroup append=yes

- name: Setup authorized key
authorized_key:
user: myuser
state: present
key: "{{ lookup('file', 'myuser_key.pub') }}"

- name: Allow mygroup group to have passwordless sudo
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%mygroup'
line: '%mygroup ALL=(ALL) NOPASSWD: ALL

ansible create user and upload ssh key

---
- hosts: all_servers
vars:
ansible_python_interpreter: auto_legacy_silent
users:
- "user1"
- "user2"
- "user2"
tasks:
- name: "Ensure group admin exists"
group:
name: admin
state: present
- name: "Create user accounts"
user:
name: "{{ item }}"
groups: "admin"
shell: /bin/bash
with_items: "{{ users }}"
- name: "Add authorized keys"
authorized_key:
user: "{{ item }}"
key: "{{ lookup('file', 'files/'+ item + '.pub') }}"
with_items: "{{ users }}"
- name: "Allow admin users to sudo without a password"
lineinfile:
dest: "/etc/sudoers" # path: in version 2.3
state: "present"
regexp: "^%admin"
line: "%admin ALL=(ALL) NOPASSWD: ALL"

Create SSH user keys in files directory:

ssh-keygen -t rsa -f ~/files/user1.pub -C user1
ssh-keygen -t rsa -f ~/files/user2.pub -C user2
ssh-keygen -t rsa -f ~/files/user3.pub -C user3

Run ansible yaml:
ansible-playbook users_create.yaml

That will create 3 users in all_servers group with sudo privileges.

ansible change root password


ansible change root password command line

pwgen -n 15 -c 1
soo2Echu7SooLao

using new python3:
python3 -c "import crypt; print(crypt.crypt('soo2Echu7SooLao', '\$6\$eyoo3seivengu3cei'))"
$6$eyoo3seivengu3ce$U30IkaHvd9Zmf4PPl1ZVR0G4coP6JZFwW/uxMkiVZV8vL2WjZaYrmsalfJ9snLjGR8rGKhCEyZpX5cRhAIf.R0

using old python2:
python -c 'import crypt; print crypt.crypt("soo2Echu7SooLao", "$6$saltsalt$")'

If you are getting error File "", line 1
import crypt; print crypt.crypt
SyntaxError: invalid syntax
use python3

using Perl:
perl -e 'print crypt("soo2Echu7SooLao","\$6\$saltsalt\$") . "\n"'

ansible -i inv xx.xx.xx.xx -m user -a ' name=root password=$6$eyoo3seivengu3ce$U30IkaHvd9Zmf4PPl1ZVR0G4coP6JZFwW/uxMkiVZV8vL2WjZaYrmsalfJ9snLjGR8rGKhCEyZpX5cRhAIf.R0' -k

SSH password:
xx.xx.xx.xx | success >> {
"append": false,
"changed": true,
"comment": "root",
"group": 0,
"home": "/root",
"move_home": false,
"name": "root",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 0
}