I am creating users with these tasks:
- name: ensure home directory
sudo: yes
file: path={{item.home}} state=directory
with_items: users
- name: create user {{item.name}}
sudo: yes
user: name={{item.name}} home={{item.home}} shell=/bin/bash group={{item.group}} groups={{item.groups}} password={{item.password}} state=present
with_items: users
but it seems that a ~/.bashrc per user is not created in their home directory.
Is there a way to create a default basic .bashrc file?
Thanks
Starting from Ansible 2.0, you can pass along a skeleton option:
Optionally set a home skeleton directory. Requires createhome option!
This works for me:
- name: "Create deployment user"
user:
name: "foobar"
groups: "sudo"
append: yes
skeleton: "/etc/skel"
createhome: yes
I used a specific path for the home folders (different than the traditionnal /home/user1 folder): /specific/path/home/user1
Since I had an error that the path /specific/path/home/user1 could not be created when I was creating the user1, I then created the home folders before creating the users.
However if the home folder already exists when a user is created, the default .bashrc is not copied.
You have to add append=yes at the end of the user command
user:
- name: Add users
add_user:
name: '{{item.name}}'
home: '{{item.home}}'
shell: /bin/bash
group: '{{item.group}}'
groups: '{{item.groups}}'
password: '{{item.password}}'
state: present
append: yes
with_items: users
Related
Unable to delete user directory using ansible win_file module, there is no error but it is not deleting
win_file:
path: C:\Users\myuser
state: absent
force: yes
Below one also I have tried where it tries to delete the current user folder and returns directory in use cos it is trying to delete the current user folder
- name: Remove directory structur
win_file:
path: C:\Users
name: myuser
state: absent
force: yes
It is best to delete the profile using a tool designed specifically for that purpose. This will help avoid cluttering the Windows registry and running into any number of other issues.
Check out this Ansible community module: https://docs.ansible.com/ansible/latest/collections/community/windows/win_user_profile_module.html
- name: Remove a profile for a still-existing account
community.windows.win_user_profile:
username: myuser
state: absent
If the account has already been deleted, you need to specify 'name' instead of 'username':
- name: Remove a profile for a deleted account
community.windows.win_user_profile:
name: myuser
state: absent
I am trying to create the user account using ansible on Ubuntu20.04. But getting error:
msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
But same playbook is working fine for Ubuntu 18.04.
Below is my playbook:
- hosts: abc
remote_user: root
become: true
tasks:
- name: create user account admin with password xyz
user:
name: admin
group: admin
shell: /bin/bash
password: $6$pLkiHBvZOf9/zctp1SlLXC2PsTFfwwcwmE73wuwwXb2g8.
append: yes
- name: ceating .ssh directory for account admin
file:
path: /home/admin/.ssh
state: directory
group: admin
owner: admin
mode: 0755
- name: copy authorized_keys file from root
copy:
src: /root/.ssh/authorized_keys
dest: /home/admin/.ssh
remote_src: yes
group: admin
owner: admin
- name: change the ssh port
lineinfile:
path: /etc/ssh/sshd_config
state: present
insertafter: '#Port 22'
line: "Port 811"
backup: yes
- name: disable the root login
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin yes'
line: 'PermitRootLogin no'
- name: Restart ssh
service: name=ssh state=restarted
Can you please help me what is the error cause?
Thank you
You can usually get more information from ansible by capturing the error and emitting it:
- name: create user account admin with password xyz
user:
name: admin
group: admin
shell: /bin/bash
password: $6$pLkiHBvZOf9/zctp1SlLXC2PsTFfwwcwmE73wuwwXb2g8.
append: yes
ignore_errors: yes
register: kaboom
- debug: var=kaboom
- fail: msg=yup
and you will get the most information by also running ansible with env ANSIBLE_DEBUG=1 ansible-playbook -vvvv although often times the extra verbosity still isn't enough to get it to surface the actual exception text, so try that register: trick first
A recurring theme that's in my ansible playbooks is that I often must execute a command with sudo privileges (sudo: yes) because I'd like to do it for a certain user. Ideally I'd much rather use sudo to switch to that user and execute the commands normally. Because then I won't have to do my usual post commands clean up such as chowning directories. Here's a snippet from one of my playbooks:
- name: checkout repo
git: repo=https://github.com/some/repo.git version=master dest={{ dst }}
sudo: yes
- name: change perms
file: dest={{ dst }} state=directory mode=0755 owner=some_user
sudo: yes
Ideally I could run commands or sets of commands as a different user even if it requires sudo to su to that user.
With Ansible 1.9 or later
Ansible uses the become, become_user, and become_method directives to achieve privilege escalation. You can apply them to an entire play or playbook, set them in an included playbook, or set them for a particular task.
- name: checkout repo
git: repo=https://github.com/some/repo.git version=master dest={{ dst }}
become: yes
become_user: some_user
You can use become_with to specify how the privilege escalation is achieved, the default being sudo.
The directive is in effect for the scope of the block in which it is used (examples).
See Hosts and Users for some additional examples and Become (Privilege Escalation) for more detailed documentation.
In addition to the task-scoped become and become_user directives, Ansible 1.9 added some new variables and command line options to set these values for the duration of a play in the absence of explicit directives:
Command line options for the equivalent become/become_user directives.
Connection specific variables which can be set per host or group.
As of Ansible 2.0.2.0, the older sudo/sudo_user syntax described below still works, but the deprecation notice states, "This feature will be removed in a future release."
Previous syntax, deprecated as of Ansible 1.9 and scheduled for removal:
- name: checkout repo
git: repo=https://github.com/some/repo.git version=master dest={{ dst }}
sudo: yes
sudo_user: some_user
In Ansible 2.x, you can use the block for group of tasks:
- block:
- name: checkout repo
git:
repo: https://github.com/some/repo.git
version: master
dest: "{{ dst }}"
- name: change perms
file:
dest: "{{ dst }}"
state: directory
mode: 0755
owner: some_user
become: yes
become_user: some user
In Ansible >1.4 you can actually specify a remote user at the task level which should allow you to login as that user and execute that command without resorting to sudo. If you can't login as that user then the sudo_user solution will work too.
---
- hosts: webservers
remote_user: root
tasks:
- name: test connection
ping:
remote_user: yourname
See http://docs.ansible.com/playbooks_intro.html#hosts-and-users
A solution is to use the include statement with remote_user var (describe there : http://docs.ansible.com/playbooks_roles.html) but it has to be done at playbook instead of task level.
You can specify become_method to override the default method set in ansible.cfg (if any), and which can be set to one of sudo, su, pbrun, pfexec, doas, dzdo, ksu.
- name: I am confused
command: 'whoami'
become: true
become_method: su
become_user: some_user
register: myidentity
- name: my secret identity
debug:
msg: '{{ myidentity.stdout }}'
Should display
TASK [my-task : my secret identity] ************************************************************
ok: [my_ansible_server] => {
"msg": "some_user"
}
I'm new to Ansible and I'm struggeling with creating a new user on a remote machine and copying ssh-keys (for git) from the local machine to the remote machine's new user.
Basically, from localmachine/somepath/keys/ to remotemachine/newuser/home/.ssh/.
So far I tried:
- name: Create user
hosts: remote_host
remote_user: root
tasks:
- name: Create new user
user: name=newuser ssh_key_file=../keys/newuser
While this creates the newuser on the remote machine, it doesn't copy any keys (.ssh is still empty). I also tried authorized_key as a second task but only got an error message when trying to copy the private key.
Is it even possible that the keys are still added after I already ran it and newuseralready exists. Ie, can I just run it again or will I have to delete the newuser first?
The ssh_key_file is the path used by the option generate_ssh_key of user module. It's not the path of a local SSH key to upload to the remote user created.
If you want to upload the SSH key, you have to use the copy module
- name: Create user
hosts: remote_host
remote_user: root
tasks:
- name: Create new user
user:
name: newuser
- name: Create .ssh folder
file:
path: ~newuser/.ssh
state: directory
owner: newuser
group: newuser
mode: 0700
- name: Upload SSH key
copy:
src: ../keys/newuser
dest: ~newuser/.ssh/id_rsa
owner: newuser
group: newuser
mode: 0700
BTW, it's recommended to use the YAML syntax instead of the args syntax.
my loginuser is user1 and i want to execute the playbook with root. how can i do this. if i use in cmdline it does not work like this
ansible-playbook main.yaml -i hosts --user=git -k --become-user=root --ask-become-pass --become-method=su
Please tell me how to implement this.
name: Install and Configure IEM
hosts: rhel
ansible_become: yes
ansible_become_method: su
ansible_become_user: root
ansible_become_pass: passw0rd
tasks:
- name: Creating masthead file path
file: path=/etc/opt/BESClient state=directory
- name: Creating install directory
I use :
deploy.yml
- name: Todo something
hosts: all
become: yes
become_user: root
become_method: su
When you execute the playbook pass the password as an extra var.
--extra-vars='ansible_become_pass=password'
From Ansible docs:
you can set those in the playbook as #Raul-Hugo, with become_user and become_user;
alternatively, it can also be done in the inventory, which allows setting per host or group. But then the variables get "ansible_" prefix: ansible_become_user, ansible_become_user, etc. That's why the playbook you gave in your question did not work: it used variable names that are used in the inventory.
You can become root like below and install the packages
tasks:
- name: install apache package
become: yes
become_user: root
yum:
name: httpd
state: present
- name: ensure apache is running
become: yes
become_user: root
service:
name: httpd
state: started
All the above answers caused Ansible to try to login as root from the beginning. but in this case, the user you request is git so the below example worked for me:
- name: Install and Configure IEM
hosts: rhel
tasks:
- name: Creating masthead file path
file: path=/etc/opt/BESClient state=directory
remote_user: git
become: yes # when not specifying `become_user` it's "root"
This will cause it to login as git and after the login - switch to root