Create user account - Ansible module user

How to create an example user with home directory, groups, password, and SSH key file with Ansible Playbook.

August 26, 2021

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons

#ansible #create #linux #accounting #authorization #authentication #user-management #rhel #centos #fedora #ubuntu #debian #suse

How to create a user account with Ansible?

I’m going to show you a live demo with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

Ansible create a user account

Today we’re talking about Ansible module user. The full name is ansible.builtin.user, which means that is part of the collection of modules “builtin” with ansible and shipped with it. It’s a module pretty stable and out for years. It manages user accounts. It supports a huge variety of Linux distributions, SunOS and macOS, and FreeBSD. This module uses Linux distributions useradd tool to create, on FreeBSD, this module uses pw useradd, On macOS, this module uses dscl create. For Windows, use the ansible.windows.win_user module instead.

Main Parameters

name string - username
state string - present/absent
password string – {{ 'password' | password_hash('sha512', 'salt') }}
uid string
comment string
shell string
expires string
password_expire_min string
password_expire_max string
group/groups string - primary/membership group(s)
create_home boolean - yes/no
generate_ssh_key string
ssh_key_bits string
ssh_key_file string
ssh_key_type string
ssh_key_passphrase string

This module has some parameters to perform some tasks. The only required is “name”, which is the username. The “state” parameter allows us to create or delete a user, in our use case the default it’s already set to “present” to create a user. “password” is very often used in conjunction with the passhword_hash filter to generate a password. Please note that you could specify the encryption algorithm as well as the salt to make your password more robust. We could specify all the usual Unix properties such as like uid, comment, shell, expires, password_expire_min, password_expire_max. Other important parameters are “group” and “groups”. The first (without the “s” ending) indicate the primary group of the user, the second (with the “s” ending) set the other group members. So be very careful with the “s” ending, it could end up in a very different setup. Usually, we would like to create a user home directory so the “create_home” parameter defaults to yes, but we could override if we don’t need a home directory. Let me also highlight that we could also generate an SSH key with a lot of options. The fingerprint and the public key are available in the long list of returned values.

The Best Resources For Ansible

Certifications

The Linux Foundation Linux Performance Tuning - Build a broad toolkit to optimize Linux performance from the kernel up

Coursera Pro - Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs—all included in your subscription

Video Course

Udemy: Learn Ansible Automation in 250+examples & practical lessons: Learn Ansible with some real-life examples of how to use the most common modules and Ansible Playbook

Printed Book

eBooks

demo

Let’s jump in a real-life Ansible Playbook to create a user.

user.yml

---
- name: user module demo
  hosts: all
  become: true
  tasks:
    - name: user example present
      ansible.builtin.user:
        name: example
        password: "{{ 'password' | password_hash('sha512', 'mysecretsalt') }}"
        groups:
          - wheel
          - adm
        state: "present"
        shell: "/bin/bash"
        system: false
        create_home: true
        home: "/home/example"
        comment: "Ansible example"
        generate_ssh_key: true

code with ❤️ in GitHub

Recap

Now you know how to create a user account with Ansible. Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.