Ansible User Module Generate_ssh_key
Posted : admin On 19.04.2020The ansible command module does not pass commands through a shell. This means you can't use shell operators such as the pipe, and that is why you are seeing the pipe symbol in the output. As far as ansible is concerned, it has executed the command echo with all of the rest of the line as arguments to echo. May 23, 2018 Ansible is a simple automation tool that automates software applications deployment, cloud provisioning, and configuration management. It's a server orchestration tool that helps you to manage and control a large number of server nodes from single places called 'Control Machines'. I'm trying to use ansible (version 2.1.2.0) to create named ssh access across our network of servers. Running ansible from a jump box I'm creating a set of users and creating a private/public key pair with the users module.
- Ansible User Module Generate_ssh_key Manual
- Ansible User Module Generate_ssh_key 3
- Ansible Push Ssh Public Key
Contents
- 2 Getting started
- 2.1 Create and run your first playbook
- 3 Creating User accounts
- 4 Automate adding ssh keys to user accounts
- 5 Use lineinfile to update /etc/sudoers for passwordless sudo
We are going to use Ansible to create user accounts and add users to groups, setup them up with access via ssh using by adding their public keys to authorized_key files. For the minimum version of this task we are just going to do four things:
- Create a list of user names
- Create a user account for each user name.
- Add each user’s ssh public key to the account
- Modify
/etc/sudoersso the users can usesudowithout entering a password
The guide has been tested using a new Digital Ocean Ubuntu 17.04 Droplet on the cheapest plan, and everything runs as root when connected to the server via ssh or console (Such as with Digital Ocean’s Console option on the control panel)
For this guide we are going to setup the playbook to run a server directly, using the “local” connection method so when run as root we don’t need to worry about additional authentication or setting up host inventories.
Install Ansible
To get Ansible installed you can just run apt-get install ansible which will install version 2.2. Or check out the Ansible documentation if you want to get the latest version.
Create and run your first playbook
To check everything is working as it should, it’s best to run a barebones playbook with just a ping task which will check your setup using the simplest version of a playbook possible.
Create a file called users.yml with the following snippet, and run it with ansible-playbook users.yml
Don’t worry about the [WARNING]: provided hosts list is empty, only localhost is available message, we are only working with localhost so this is to be expected.
users.yml
Watch it run
Adding a list of users to the playbook vars
At the top of the playbook, we add a simple list of usernames.
vars
Full users.yml
Now we have a list of usernames in a variable, we can use that to create user accounts.
In it’s simplest form the Ansible User Module just needs to be given a name, and we can use the with_items to apply our list to the module in a loop.
When using with_items the value becomes available as item, in it’s simplest form you '{{ item }}' will use the item value for a module property.
So our users are more useful, we are also going to add the groups admin and www-data to each user.
user task
Full file
Watch it run
The newly created user accounts on a server don’t have passwords set, so to be able to log in we need to add each users ssh key to their authorize_keys file. We can do this using Ansible’s Authorized Key Moduleauthorized_key that takes user and a file in key.
Farming simulator 2015 product key generator no survey download. Enjoy!After opening the link above click on generate and get your Farming simulator 2015 licence serial cd keygen. Press the “Generate” button and wait.The process should take a few seconds.3.Use the serial generated to activate the game.4.
key takes a file, which can be loaded using the lookup('file','path to file') function. In this code, we put the public SSH keys in files/username.key.pub. By having the file names match to the username we can use the same users var for the loop without needing to add additional parameters at this stage.
authorized_key task
Dir contents
Full users.yml
Watch it run
Now your users can login with their ssh keys, but won’t be able to do any server admin with sudo because without passwords set, they can’t enter their password when prompted when they use the command as per the default behaviour. To get around this limitation, we can update /etc/sudoers with Ansible’s lineinfile Module.
This simple implementation of the lineinfile looks for a line starting with – represented in a regexp as ^ – with the string %admin and then ensures it matches the line%admin ALL=(ALL) NOPASSWD: ALL
Once in place, any users in the admin group will no longer be prompted for a password when using sudo
lineinfile task
Full users.yml
Next Steps: Creating a Viable Version
Ansible User Module Generate_ssh_key Manual
The next part of this guide steps up to the Viable version, by defining expanding the vars to have multiple properties per item using complex vars to add groups per user, using user state for a method to disable users accounts. The improved playbook also introduces handlers and notify to restart services when the configuration changes. Improve the user management playbook in the next guide.
- Adds or removes SSH authorized keys for particular user accounts
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| exclusive | no | no |
| Whether to remove all other non-specified keys from the authorized_keys file. Multiple keys can be specified in a single key string value by separating them by newlines.This option is not loop aware, so if you use with_ , it will be exclusive per iteration of the loop, if you want multiple keys in the file you need to pass them all to key in a single batch as mentioned above. |
| key | yes | The SSH public key(s), as a string or (since 1.9) url (https://github.com/username.keys) | ||
| key_options | no | A string of ssh key options to be prepended to the key in the authorized_keys file | ||
| manage_dir | no | yes |
| Whether this module should manage the directory of the authorized key file. If set, the module will create the directory, as well as set the owner and permissions of an existing directory. Be sure to set manage_dir=no if you are using an alternate directory for authorized_keys, as set with path, since you could lock yourself out of SSH access. See the example below. |
| path | no | (homedir)+/.ssh/authorized_keys | Alternate path to the authorized_keys file | |
| state | no | present |
| Whether the given key (with the given key_options) should or should not be in the file |
| user | yes | The username on the remote host whose authorized_keys file will be modified | ||
| validate_certs | no | yes |
| This only applies if using a https url as the source of the keys. If set to no, the SSL certificates will not be validated.This should only set to no used on personally controlled sites using self-signed certificates as it avoids verifying the source site.Prior to 2.1 the code worked as if this was set to yes. |
Ansible User Module Generate_ssh_key 3
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| exclusive | If the key has been forced to be exclusive or not. | success | boolean | False |
| key_option | Key options related to the key. | success | string | |
| state | Whether the given key (with the given key_options) should or should not be in the file | success | string | |
| user | The username on the remote host whose authorized_keys file will be modified | success | string | |
| key | The key that the module was running against. | success | string | https://github.com/user.keys |
| path | Alternate path to the authorized_keys file | success | string | |
| unique | Whether the key is unique | success | boolean | |
| validate_certs | This only applies if using a https url as the source of the keys. If set to C(no), the SSL certificates will not be validated. | success | boolean | |
| keyfile | Path for authorized key file. | success | string | |
| manage_dir | Whether this module managed the directory of the authorized key file. | success | boolean |
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
This module is maintained by those with core commit privileges
Ansible Push Ssh Public Key
For more information on what this means please read Module Support
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.