Ansible Enable User Account: Unlock & Activate Users Guide — Video Tutorial

How to Enable a user account with Ansible? I'm going to show you a live Playbook with some simple Ansible code. I'm Luca Berton and welcome to today's episode of Ansible Pilot. Ansible enable user account Today we're talking about the Ansible module `user`. The full name is ansible.builtin.user, which means that is part of the collection of modules "builtin" with ansible and shipped with it. It's a module pretty stable and out for years, it manages user accounts. It supports a huge variety of Linux distributions, SunOS and macOS, and FreeBSD. For Windows, use the `ansible.windows.win_user` module instead. Parameters - name string - username - state string - present/absent - password_lock boolean - no/yes - shell string - "/bin/bash" This module has many parameters to perform any task. The only required is "name", which is the username. The parameter "state" allows us to create or delete a user. The "password_lock" parameter specifies to unlock the user password if locked. This parameter uses the `passwd` tool to change a password by changing it to a value that matches no possible encrypted value (it adds a ´!´ at the beginning of the password). To enable our user obviously we need to disable this parameter. The "shell" parameter specifies the user shell. Two very special are the `nologin` and `false` shell. Apply the value of "/bin/bash" is going to restore user access. ## Playbook Let's jump into a real-life Ansible Playbook to enable a user without password lock and with the appropriate shell. code - enable.yml ```yaml --- - name: user module Playbook hosts: all become: true vars: myuser: "example" tasks: - name: enable user ansible.builtin.user: name: "{{ myuser }}" state: present password_lock: false shell: "/bin/bash" ``` output ```bash $ ansible-playbook -i Playbook/inventory enable\ user\ account/user.yml PLAY [user module Playbook] *************************************************************************** TASK [Gathering Facts] **************************************************************************** ok: [demo.example.com] TASK [enable user] ******************************************************************************** changed: [demo.example.com] PLAY RECAP **************************************************************************************** demo.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ``` verification ```bash getent passwd | grep example example:x:1002:1002:Ansible example:/home/example:/bin/bash passwd -S example example PS 2021-10-04 0 99999 7 -1 (Password set, SHA512 crypt.) grep example /etc/shadow example:$6$mysecretsalt$MIJffjeQyfrKKrGkprGrDL/g2mCJa53koLmYQuuLmY9y37pDvGKPXU1Ov3RbMi.tpQ9cWvxAzUVtBLe7KrZoU.:18904:0:99999:7::: ``` [code with ❤️ in GitHub](https://github.com/lucab85/ansible-pilot/) Conclusion Now you know how to enable a user without a password lock and with the a