RH294 - ch09s03

The Ansible user module lets you manage user accounts on a remote host. You can manage a number of parameters including remove user, set home directory, set the UID for system accounts, manage passwords and associated groupings. To create a user that can log into the machine, you need to provide a hashed password for the password parameter. See the reference section for a link to "How do I generate encrypted passwords for the user module?"

Example of the User Module

- name: Add new user to the development machine and assign the appropriate groups.
  user:
    name: devops_user 
    shell: /bin/bash 
    groups: sys_admins, developers 
    append: yes

	The `name` parameter is the only requirement in the user module and is usually the service account or user account.
	The `shell` parameter optionally sets the user's shell. On other operating systems, the default shell is decided by the tool being used.
	The `groups` parameter along with the `append` parameter tells the machine that we want to append the groups sys_asmins and developers with this user. If you do not use the append parameter then the groups will overwrite in place.

When creating a user you can specify it to generate_ssh_key. This will not overwrite an existing SSH key.

Example of User Module Generating an ssh key

- name: Create a SSH key for user1
  user:
    name: user1
    generate_ssh_key: yes
    ssh_key_bits: 2048
    ssh_key_file: .ssh/id_my_rsa

Note

The user module also offers some return values. Ansible modules can take a return value and register them into a variable. Find out more with ansible-doc and on the main doc site.

Table 9.1. Some commonly used parameters

Parameter	Comments
comment	Optionally sets the description of a user account.
group	Optionally sets the user's primary group.
groups	List of multiple groups. When set to a null value, all groups except the primary group is removed.
home	Optionally sets the user's home directory.
create_home	Takes a boolean value of yes or no. A home directory will be created for the user if the value is set to yes.
system	When creating an account state=present, setting this to yes makes the user a system account. This setting cannot be changed on existing users.
uid	Sets the UID od user.

The Group Module

The group module allows you to manage (add, delete, modify) groups on the managed hosts. You need to have groupadd, groupdel or groupmod. For windows targets, use the win_group module.

Example of the group module

- name: Verify that auditors group exists
  group:
    name: auditors
    state: present

Table 9.2. Parameters for the group module

Parameter	Comments
gid	Optional GID to set for the group.
local	Forces the use of "local" command alternatives on platforms that implement it.
name	Name of the group to manage.
state	Whether the group should be present or not on the remote host.
system	If set to yes, indicates that the group created is a system group.

The Known Hosts Module

If you have a large number of host keys to manage you will want to use the known_hosts module. The known_hosts module lets you add or remove host keys from the known_hosts file on managed host.

Example of known_host Tasks

- name: copy host keys to remote servers
  known_hosts:
    path: /etc/ssh/ssh_known_hosts
    name: host1
    key: "{{ lookup('file', 'pubkeys/host1') }}"

A lookup plugin allows Ansible to access data from outside sources.

The Authorized Key Module

The authorized_key module allows you to add or remove SSH authorized keys per user accounts. When adding and subtracting users to a large bank of servers, you need to be able to manage ssh keys.

Example of authorized_key Tasks

- name: Set authorized key
  authorized_key:
    user: user1
    state: present
    key: "{{ lookup('file', '/home/user1/.ssh/id_rsa.pub') }}

A key can also be taken from a url: https://github.com/user1.keys.

References

Users Module Ansible Documentation

How do I generate encrypted passwords for the user module

Group Module Ansible Documentation

SSH Known Hosts Module Ansible Documentation

Authorized_key module Ansible Documentation

The Lookup Plugin Ansible Documentation

Discuss Red Hat Enterprise Linux Automation with Ansible

Go to community

Red Hat Linux Automation with Ansible (RH294)

Haley_Ruccio

24 lip 2023

Learn how to automate Linux system administration tasks with Red Hat Ansible Automation PlatformRed Hat Enterprise Linux Automation with Ansible (RH294) is designed for Linux administrators and developers who need to automate repeatable and error-prone steps for system provisioning, configuration, application deployment, and orchestration. This course is based on Red Hat® Enterprise Linux® 9 and Red Hat Ansible Automation Platform 2.2.Course content summaryInstall Red Hat Ansible Automation Platform on control nodes.Create and update inventories of managed hosts and manage connections to them.Automate administration tasks with Ansible Playbooks and ad hoc commands.Write effective playbooks at scale.Protect sensitive data used by Ansible Automation Platform with Ansible Vault.Reuse code and simplify playbook development with Ansible Roles and Ansible Content Collections.Audience for this courseThis course is geared toward Linux system administrators, DevOps engineers, infrastructure automation engineers, and systems design engineers who are responsible for these tasks:Automating configuration managementEnsuring consistent and repeatable application deploymentProvisioning and deployment of development, testing, and production serversIntegrating with DevOps continuous integration/continuous delivery workflowsPrerequisites for this coursePass the Red Hat Certified System Administrator (RHCSA) exam (EX200), or demonstrate equivalent Red Hat Enterprise Linux knowledge and experience.Take our free assessment to gauge whether this offering is the best fit for your skills.

980

curl finds no route to host?

TPeters

23 lip 2023

I am doing the self-paced course RH294 . With two exercises (Ch.3 final Lab and Ch.4 lab exercise 2) I ran into this problem:after installing and starting a web service, from the classroom web termicaI I cannot reach servera.lab.example.com with curl: "No route to host". This despite the fact that I can ping it, open a shell to it, and install the package on it with Ansible.Anyone else have the same problem?What might be the cause?

1702

Welcome to the Red Hat Linux Automation with Ansible (RH294) group in the Red Hat Learning Community

cschunke

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Linux Automation with Ansible! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH294.Read more about Red Hat Linux Automation with Ansible here.

351

Revision: rh294-8.4-9cb53f0