-
Notifications
You must be signed in to change notification settings - Fork 0
/
users_adhoc.txt
50 lines (14 loc) · 2.5 KB
/
users_adhoc.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
There are times when you might want to manage users on multiple nodes manually. This may be to fit in with a user creation process that already exists, or to remove a user in a hurry if you find out that they need to have their access revoked. Either way, you can use Ansible ad-hoc commands to add, amend, and delete users across a large number of nodes.
You can use the following command to add a user named gduffy to a group called users on every node within your Ansible inventory:
#ansible all -m user -a "name=gduffy" comment="Griff Duffy" group=users password="amadeuppassword"
We can also use Ansible to remove users. Issue the following command from your control node to remove the user gduffy from every database node defined in your Ansible inventory:
#ansible db -m user -a "name=gduffy" state=absent remove=yes"
We can also easily amend users. Issue the following command from your control node to change the user Beth to use the Korn shell and to change her home directory to /mnt/externalhome on all nodes:
#ansible all -m user -a "name=beth shell=/bin/ksh home=/mnt/externalhome"
All you need to use for this recipe is a configured Ansible control node and an Ansible inventory describing your target nodes. You should also have a SSH key, both public and private that you wish to manage.
The first thing we might want to do is create a user and simultaneously create a key for them. This is especially useful if you use a network jump box, as it means that you have no dependency on the user supplying a key; it's an integral part of the process. Run the following command to create a user called Meg with an associated key:
#ansible all -m user -a "name=meg generate_ssh_key=yes"
Often, a user either has an existing key they wish to use, or needs to change an installed key. The following command will allow you to attach a key to a specified account. This assumes that your key is located in a directory called keys within the working directory from which you run the following command:
#ansible all -m copy -a "src=keys/id_rsa dest=/home/beth/.ssh/id_rsa mode=0600"
Once a user has their Private key setup, you need to push their public key out to each and every server that they wish to access. The following command adds my public key to all web servers defined within the Ansible inventory. This uses the lookup Ansible function to read the local key and send it to the remote nodes:
#ansible web_servers -m authorized_key -a "user=michael key="{{ lookup('file', '/home/michael/.ssh/id_rsa.pub') }}""