Open in app

Sign in

Write

Sign in

Creating, Adding, Authorizing Users And Groups With Ansible

Clarusway
Clarusway
Published in
7 min readMar 7, 2022

--

I will explain how to create users and groups, add users to the groups, and finally how to ssh to a server with an Ansible playbook that is all in a playbook file. Let’s get dirty our hands.

Step-1: Install Ansible to Controller Machine

First of all, we need to install Ansible on our controller machine. Let us check the operating system of the machine. We need this information because we have to use the correct commands for the operating system. For instance, you cannot use Amazon Linux commands for Ubuntu operating system. You can use the commands below to see which operating system you’re using.

cat /etc/os-release
hostnamectl

By the way, please mind if you work on the cloud, you need to connect to the controller server via ssh as below:

ssh -i <~/.ssh/your_pem_file> <username>@<public-ip>

Now, we can go back to work. As you see, the machine has Ubuntu operating system, and we have to use apt-get commands. You can find detailed information on Ansible documents as well.

suda apt-get update suda apt-get upgrade suda apt-get install ansible -y ansible --version
config file = /etc/ansible/ansible.cfg

As you see, we finished setting up Ansible on the machine successfully.

Step-2: Arrange The Other Machines

Now, we need to go to the host file in Ansible to arrange the other machines. So, you need to enter the codes as below:

cd /etc/ansible/

When you enter the “ls” command, you will see the “hosts” file. Please edit this file with any text editor like vim or nano with “sudo” as below:

sudo nano hosts

After you enter that code, the host file will be opened. At the bottom, you can add the machines which you want to manage as below:

ubuntuservers] 
ubuntu-1 ansible_host= ansible_user=ubuntu 
ubuntu-2 ansible_host= ansible_user=ubuntu [linuxservers] 
linux ansible_host= ansible_user=ec2-user [all:vars] 
ansible_ssh_private_key_file=/home/ubuntu/xxx.pem #enter the path of your pem file correctly

Please be careful about the user names. You have to enter ‘ubuntu’ for Ubuntu machines and ‘ec2-user’ for amazon-linux machines. And finally, you have to enter your key-pem file name into the last line. Also, be careful about the correct path.

Now, you need to copy our key-pem file to the controller machine. While doing this step, do not forget to use the secure copy command for that.

scp -i xxx.pem xxx.pem ubuntu@<Public IP of controller>:/home/ubuntu

Please mind entering xxx.pem twice there. And also, watch the machine type again.

There is a second option if you are using VSCode. You can drop your key-pem into your working directory.

Now, you have to change the mod of the pem file with the code below:

chmod 400 xxx.pem

And now, you can check the connections between the controller and the other nodes.

There are two ways to do that. The first one is doing by ad-hoc commands. (By the way, the ad-hoc commands are generally used for one time. If you need to use some scripts repeatedly, you must use playbooks.)

ansible -m ping all

And the second option to do the same process is using a ping playbook. You can create a playbook file as below:

#ansible ping to the servers with play-book 
create ping.yml file as below with a text editor(vim, nano etc) 
--- - name: ping all servers 
 hosts: all 
 tasks: 
 - name: ping test 
  ping:

Then, enter the code as below.

ansible-playbook ping.yml

That is a great job! You can see the green lines and “ping” and “pong” and “success”. This means you have successfully set the connections between the controller and the nodes. So, you can manage the nodes from the controller now.

openssl req 
  -newkey rsa:4096 -nodes -sha256 -keyout ./certs/domain.key 
  -x509 -days 3650 -out ./certs/domain.crt

Step-3: Create Users and Groups

Now, we can start to create users and groups.

First, let’s create a playbook that makes users one by one.

#manual creating users as users.yml 
nano users.yml 
--- 
- name: creating users 
  hosts: "*" #all is possible 
  tasks: 
  - user: 
    name: name1 
    state: present 
    name: name2 
    state: present

Please run the command as below.

ansible-playbook -b users.yml #mind -b for sudo

(we will see the sudo privileges in playbook later)

After we run the playbook, we must check and see the users in the nodes.

You need to connect to a server and enter that command as below:

cat /etc/passwd

Please look at the bottom and see name1 and name2 users over there!

If you want to remove a user, you need to change “state: present” to “absent” and run the playbook again.

Second, let’s create another playbook that creates users with a loop.

#with items creating users as users.yml 
--- 
- name: creating users with loop 
  hosts: all 
  become: true 
  tasks: 
   - user: 
    name: "{{ item }}" 
    state: present 
  loop: 
   - name1 
   - name2 
   - name3 
   - name4

Now, you are ready to create users in a loop. So if you need to add another user, just add the name to the loop block. Please mind the “become: true” command. It provides Sudo privileges. So, you do not have to use -b in the command line. Just run the playbook and see the users on the server.

ansible-playbook users.ymlcat /etc/passwd

Now, Let’s create the groups in a loop.

--- 
- name: creating groups with loop 
hosts: all 
become: true 
tasks: 
- group: 
 name: "{{ item }}" 
 state: present 
loop: 
 - group1 
 - group2

And then run the code below.

ansible-playbook groups.yml

and see the group1 and group2 in the server with code below.

cat /etc/group

Step-4: Create ssh-keygen

Now, this is the part of the task where you create ssh-keygen by a remote user and add that key to the server, thanks to the Ansible playbook. And then you will make an ssh-connection from a remote user to the server.

First, you need to create ssh-keygen on the remote user. You can get it by using the "ssh-keygen" command. After you enter the command, you will be asked to enter a password, just leave it as empty. Then click enter and enter again.

Now, you need to go to the “. ssh " directory with codes below:

$ cd .ssh~/.ssh

After you come to the “.ssh” directory, type “ls” and see “id_rsa” and “id_rsa.pub”. Since you did not enter any names for these files, these names are generic names. No worries, it is not a big deal.

Now, you need to copy your public key, which is “id_rsa.pub” to the controller machine. You have do it manually. In this step, the place where you copied the public key is very important. So, type that path to the “key” line in the playbook as below. Thanks to the “authorized_key” module in Ansible, you can easily send the public key to the nodes.

--- 
- name: ssh-connection 
hosts: all 
tasks: 
- authorized_key: 
  user: name1 
  state: present 
  key: "{{ lookup('file', '/./user_pub_key') }}"

After you run that playbook, you must check if the public key is in authorized_keys or not. Please take a look at the picture below and check if your screen is the same:

If everything is okay. Now, you need to go to the name1 directory which you created before and try to go “.ssh”. You might not do it due to root privileges. So, you have to use the "sudo su" command to go to the ".ssh" directory. Once you get there, finally you can see the public key with the "cat" command. After you saw the public key, there will be one last job to connect to the server.

ssh -i id_rsa name1@public-ip-of-the-server #name1 is important. Because we are coming from name1 user

That’s fantastic. You are in.
Now, Let’s add users to the groups. You need to use a module to do this process as below:

- ansible.builtin.user: 
  name: name1 
  shell: /bin/bash 
  groups: group1,group2 
  append: yes 
- ansible.builtin.user: 
  name: name2 
  shell: /bin/bash 
  groups: group2

Finally, let us create a “hello.txt” file on the user side and see it on the server-side as below. You can also see the users and groups there.

At the end of the job, let me share the whole playbook as one block:

- name: creating users and groups and ssh connection 
hosts: "*" #all is possible 
become: yes 
tasks: 
- user: 
  name: "{{ item }}" 
  state: present 
 loop: 
  - name1 
  - name2 
  - name3 
  - name4 
- group: 
   name: "{{ item }}" 
  state: present 
   loop: 
   - group1
   - group2  - ansible.builtin.user: 
  name: name1 
  shell: /bin/bash 
  groups: group1,group2 
  append: yes - ansible.builtin.user: 
  name: name2 
  shell: /bin/bash 
  groups: group2 
  append: yes 
- authorized_key: 
  user: name1 
  state: present 
  key: "{{ lookup('file', './user_id_rsa.pub') }}" 
- authorized_key: 
  user: name2 
  state: present 
  key: "{{ lookup('file', './user_id_rsa.pub') }}" // if you need the same process for other users, you can add this script to the main block 
# - authorized_key: 
# user: name3 
# state: present 
# key: "{{ lookup('file', './user_id_rsa.pub') }}"

Nicely done, you have completed the whole task here. Hope you enjoy it.

Originally published at https://clarusway.com on March 7, 2022.

Ansible
Ansible Playbook

--

--

Clarusway
Clarusway

Written by Clarusway

189 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams