Create user account - Ansible module user

Name: Ansible Automation Platform By Example
Author: Luca Berton

How to create an example user with home directory, groups, password, and SSH key file with Ansible Playbook.

Create user account - Ansible module user

August 26, 2021
Posted by Luca Berton
ansible, create, linux, accounting, authorization, authentication, user management, RHEL, CentOS, Fedora, Ubuntu, Debian, SUSE

How to create a user account with Ansible?

I’m going to show you a live Playbook with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

Ansible create a user account

Today we’re talking about Ansible module user. The full name is ansible.builtin.user, which means that is part of the collection of modules “builtin” with ansible and shipped with it. It’s a module pretty stable and out for years. It manages user accounts. It supports a huge variety of Linux distributions, SunOS and macOS, and FreeBSD. This module uses Linux distributions useradd tool to create, on FreeBSD, this module uses pw useradd, On macOS, this module uses dscl create. For Windows, use the ansible.windows.win_user module instead.

Main Parameters

name string - username
state string - present/absent
password string – {{ 'password' | password_hash('sha512', 'salt') }}
uid string
comment string
shell string
expires string
password_expire_min string
password_expire_max string
group/groups string - primary/membership group(s)
create_home boolean - yes/no
generate_ssh_key string
ssh_key_bits string
ssh_key_file string
ssh_key_type string
ssh_key_passphrase string

This module has some parameters to perform some tasks. The only required is “name”, which is the username. The “state” parameter allows us to create or delete a user, in our use case the default it’s already set to “present” to create a user. “password” is very often used in conjunction with the passhword_hash filter to generate a password. Please note that you could specify the encryption algorithm as well as the salt to make your password more robust. We could specify all the usual Unix properties such as like uid, comment, shell, expires, password_expire_min, password_expire_max. Other important parameters are “group” and “groups”. The first (without the “s” ending) indicate the primary group of the user, the second (with the “s” ending) set the other group members. So be very careful with the “s” ending, it could end up in a very different setup. Usually, we would like to create a user home directory so the “create_home” parameter defaults to yes, but we could override if we don’t need a home directory. Let me also highlight that we could also generate an SSH key with a lot of options. The fingerprint and the public key are available in the long list of returned values.

Playbook

Let’s jump in a real-life Ansible Playbook to create a user.

user.yml

---
- name: user module Playbook
  hosts: all
  become: true
  tasks:
    - name: user example present
      ansible.builtin.user:
        name: example
        password: "{{ 'password' | password_hash('sha512', 'mysecretsalt') }}"
        groups:
          - wheel
          - adm
        state: "present"
        shell: "/bin/bash"
        system: false
        create_home: true
        home: "/home/example"
        comment: "Ansible example"
        generate_ssh_key: true

code with ❤️ in GitHub

Conclusion

Now you know how to create a user account with Ansible. Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my Udemy 300+ Lessons Video Course.

BUY the Complete Udemy 300+ Lessons Video Course

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Donate

Want to keep this project going? Please donate

Patreon Buy me a Pizza