Created
May 19, 2016 10:40
-
-
Save matthew-d-jones/f25cdc61964716fdeda4d34a767b4166 to your computer and use it in GitHub Desktop.
Setup a sudo-enabled user with ssh access on all Ansible hosts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- | |
| - hosts: all | |
| user: root | |
| vars: | |
| createuser: 'username' | |
| createpassword: 'myamazingpassword' | |
| publickey_path: '/home/username/.ssh/id_rsa.pub' | |
| tasks: | |
| - name: Setup | create user | |
| command: useradd -m {{ createuser }} creates=/home/{{ createuser }} | |
| sudo: true | |
| - name: Setup | set user password | |
| shell: usermod -p $(echo '{{ createpassword }}' | openssl passwd -1 -stdin) {{ createuser }} | |
| sudo: true | |
| - name: Setup | authorized key upload | |
| authorized_key: user={{ createuser }} | |
| key="{{ lookup('file', {{publickey_path}}) }}" | |
| path='/home/{{ createuser }}/.ssh/authorized_keys' | |
| manage_dir=no | |
| sudo: true | |
| - name: Sudoers | update sudoers file and validate | |
| lineinfile: "dest=/etc/sudoers | |
| insertafter=EOF | |
| line='{{ createuser }} ALL=(ALL) NOPASSWD: ALL' | |
| regexp='{{ createuser }} ALL=(ALL) NOPASSWD: ALL' | |
| state=present" | |
| sudo: true | |
| # Run this playbook with: | |
| # ansible-playbook --inventory-file=hosts.ini ansible_setup_users_ssh.yml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment