Ansible: Create new user and copy ssh-keys from local system - ansible

I'm new to Ansible and I'm struggeling with creating a new user on a remote machine and copying ssh-keys (for git) from the local machine to the remote machine's new user.
Basically, from localmachine/somepath/keys/ to remotemachine/newuser/home/.ssh/.
So far I tried:
- name: Create user
hosts: remote_host
remote_user: root
tasks:
- name: Create new user
user: name=newuser ssh_key_file=../keys/newuser
While this creates the newuser on the remote machine, it doesn't copy any keys (.ssh is still empty). I also tried authorized_key as a second task but only got an error message when trying to copy the private key.
Is it even possible that the keys are still added after I already ran it and newuseralready exists. Ie, can I just run it again or will I have to delete the newuser first?

The ssh_key_file is the path used by the option generate_ssh_key of user module. It's not the path of a local SSH key to upload to the remote user created.
If you want to upload the SSH key, you have to use the copy module
- name: Create user
hosts: remote_host
remote_user: root
tasks:
- name: Create new user
user:
name: newuser
- name: Create .ssh folder
file:
path: ~newuser/.ssh
state: directory
owner: newuser
group: newuser
mode: 0700
- name: Upload SSH key
copy:
src: ../keys/newuser
dest: ~newuser/.ssh/id_rsa
owner: newuser
group: newuser
mode: 0700
BTW, it's recommended to use the YAML syntax instead of the args syntax.

Related

Can Ansible Push SSH Pub key Even If the User's Home DIR Hasn't Been Created?

Servers are connected to the AD environment. I want to push the pub key to enable passwordless access.
However, I found my playbook failed if the user's home directory was not present. Do I have to create a separate task to create the user's home dir before kicking off the key-pushing job?
Here is my playbook:
---
- hosts: all
become: yes
tasks:
- name: Set authorized key from file
authorized_key:
user: user1
state: present
manage_dir: yes
key: "{{ lookup('file', item) }}"
with_fileglob:
- user1.pubkey

Delete user folder on windows using ansible

Unable to delete user directory using ansible win_file module, there is no error but it is not deleting
win_file:
path: C:\Users\myuser
state: absent
force: yes
Below one also I have tried where it tries to delete the current user folder and returns directory in use cos it is trying to delete the current user folder
- name: Remove directory structur
win_file:
path: C:\Users
name: myuser
state: absent
force: yes
It is best to delete the profile using a tool designed specifically for that purpose. This will help avoid cluttering the Windows registry and running into any number of other issues.
Check out this Ansible community module: https://docs.ansible.com/ansible/latest/collections/community/windows/win_user_profile_module.html
- name: Remove a profile for a still-existing account
community.windows.win_user_profile:
username: myuser
state: absent
If the account has already been deleted, you need to specify 'name' instead of 'username':
- name: Remove a profile for a deleted account
community.windows.win_user_profile:
name: myuser
state: absent

Permission denied trying to access file owned by root

I have 2 remote servers, and I need to transfer files from one server to another using synchronize directive.
In serverA I created an SSH key (id_rsa) using the sudo user, and copied the public key into serverB (into authorized_keys file of the same sudo user).
Hosts file
[servers]
prod_server ansible_host=IP_prod
new_server ansible_host=IP_new
[servers:vars]
ansible_user=sudo_user
ansible_sudo_pass=sudo_password
ansible_ssh_private_key_file=~/.ssh/id_rsa
Play
- name: Transfer files from prod to new server
hosts: new_server
gather_facts: false
roles:
- rsync
Task
- name: Copy files to new server
synchronize:
src: /etc/letsencrypt/live/domain/fullchain.pem
dest: /opt
delegate_to: prod_server
When running the playbook an error shows up:
change_dir \"/etc/letsencrypt/live/domain.tld\" failed: Permission denied
That means that the sudo_user don't have root privileges to access that file.
And if I set become: true it would be possible to access the fullchain.pem file, but the play will try then to transfer the file using the root user, and the SSH key id_rsa is owned by the sudo_user
What do I have to set to make this work?
If you can "sudo su - " on the remote box and are using -b (become)..
synchronize:
src: /your local directory path
dest: /path on remote host owned by root
rsync_path: "sudo rsync"
mode: push

Ansible authorized_key cant find key file

I am starting to use Ansible to automate the creation of users. The following code creates the user and the /home/test_user_003/.ssh/id_rsa.pub file.
But the authorized_key step gives error "could not find file in lookup". Its there, I can see it.
---
- hosts: test
become: true
tasks:
- name: create user
user:
name: test_user_003
generate_ssh_key: yes
group: sudo
ssh_key_passphrase: xyz
- name: Set authorized key
authorized_key:
user: test_user_003
state: present
key: "{{ lookup('file', '/home/test_user_003/.ssh/id_rsa.pub') }}"
(I would be interested to know why "key" uses lookup, but thats for education only)
You create user on remote host but try to lookup generated key on local host (all lookups in ansible are executed locally).
You may want to capture (register) result of user task and use it's fields:
- name: create user
user:
name: test_user_003
generate_ssh_key: yes
group: sudo
ssh_key_passphrase: xyz
register: new_user
- name: Set authorized key
authorized_key:
user: test_user_003
state: present
key: "{{ new_user.ssh_public_key }}"

ansible create user: no default .bashrc created?

I am creating users with these tasks:
- name: ensure home directory
sudo: yes
file: path={{item.home}} state=directory
with_items: users
- name: create user {{item.name}}
sudo: yes
user: name={{item.name}} home={{item.home}} shell=/bin/bash group={{item.group}} groups={{item.groups}} password={{item.password}} state=present
with_items: users
but it seems that a ~/.bashrc per user is not created in their home directory.
Is there a way to create a default basic .bashrc file?
Thanks
Starting from Ansible 2.0, you can pass along a skeleton option:
Optionally set a home skeleton directory. Requires createhome option!
This works for me:
- name: "Create deployment user"
user:
name: "foobar"
groups: "sudo"
append: yes
skeleton: "/etc/skel"
createhome: yes
I used a specific path for the home folders (different than the traditionnal /home/user1 folder): /specific/path/home/user1
Since I had an error that the path /specific/path/home/user1 could not be created when I was creating the user1, I then created the home folders before creating the users.
However if the home folder already exists when a user is created, the default .bashrc is not copied.
You have to add append=yes at the end of the user command
user:
- name: Add users
add_user:
name: '{{item.name}}'
home: '{{item.home}}'
shell: /bin/bash
group: '{{item.group}}'
groups: '{{item.groups}}'
password: '{{item.password}}'
state: present
append: yes
with_items: users

Resources