Skip to content

Ansible role for managing Linux users, their SSH authorized_keys and sudoers files

License

Notifications You must be signed in to change notification settings

Xenion1987/ansible-role-user-management

Folders and files

NameName
Last commit message
Last commit date

Latest commit

382c46a · Feb 16, 2025

History

64 Commits
Jan 29, 2025
Feb 16, 2025
Feb 16, 2025
Feb 16, 2025
Feb 13, 2025
Feb 16, 2025
Oct 12, 2024
Feb 16, 2025
Jan 15, 2025
Feb 13, 2025
Sep 24, 2024
Jan 29, 2025
Sep 16, 2024
Feb 16, 2025
Feb 16, 2025
Nov 12, 2024

Repository files navigation

Ansible role: user_management

CI Ansible Galaxy downloads

Manage users and their SSH public key enrollment via Ansible on Linux systems.

Requirements

  • Collections:
    • community.general
  • Min. Ansible version: 2.11

Role Variables

main

Variable Type Required Choices Default Description
user_management_default_home_root str false None Custom default $HOME root path. Omitted if null.
user_management_default_home_move bool false false, true false If set to true when used with home, attempt to move the user's old home directory to the specified directory if it isn't there already and the old home exists.
user_management_default_primary_group str false Custom default primary user group. Omitted if null.
user_management_default_secondary_groups list false [] Custom default secondary user groups. Omitted if empty.
user_management_default_secondary_groups_append bool false false, true false If true, add the user to the groups specified in groups.
If false, user will only be added to the groups specified
in groups, removing them from all other groups.
user_management_default_shell str false None Default user's shell. Omitted if null.
user_management_default_ssh_from list false [] Default, global from="" value added to authorized_keys for each user having user_management_users.ssh_public_keys defined
user_management_group_ssh_from list false [] group_vars specific from="" value added to authorized_keys for each user having user_management_users.ssh_public_keys defined
user_management_host_ssh_from list false [] host_vars specific from="" value added to authorized_keys for each user having user_management_users.ssh_public_keys defined
user_management_users list false [] List of users to be managed.
user_management_users.absolute_home_path str false Custom $HOME root path. Must be specified as absolute path.
user_management_users.custom_ssh_from list false [] from="" value added to authorized_keys if user has user_management_users.ssh_public_keys defined.
If user_management_default_ssh_from or custom_ssh_from is defined and not set to '*', all values will be concatenated.
user_management_users.gecos str false None Optionally sets the description (aka GECOS) of user account:
Full Name, Room Number, Work Phone, Home Phone, Other
user_management_users.groups_append bool false false, true false If true, add the user to the groups specified in groups.
If false, user will only be added to the groups specified in secondary_groups, removing them from all other groups.
user_management_users.home_create bool false false, true true Unless set to false, a home directory will be created for the user when the account is created or if the home directory does not exist.
user_management_users.home_move bool false false, true false If set to true when used with home:, attempt to move the user's old home directory to the specified directory if it isn't already there and the old home exists.
user_management_users.name str true user_management_john.doe User's Linux login name.
user_management_users.password str false None If provided, set the user's password to the provided encrypted hash password. To create an account with a locked/disabled password, set this to ! or *.
How to generate encrypted passwords:
Ansible Documentation
user_management_users.primary_group str false user_management_users.name Optionally sets the user's primary group (takes a group name).
user_management_users.secondary_groups list false [] List of groups user will be added to.
By default, the user is removed from all other groups.
Configure groups_append to modify this.
When set to an empty string '', the user is removed from all groups except the primary group.
user_management_users.shell str false user_management_default_shell Overwrites 'user_management_default_shell'.
user_management_users.ssh_public_keys list false [] The SSH public key(s), as a list or (since Ansible 1.9) url.
user_management_users.state str true absent, present present Whether the account should exist or not, taking action if the state is different from what is stated.
user_management_users.userdel_force bool false false, true false This only affects state=absent.
It forces removal of the user and associated directories on supported platforms.
user_management_users.userdel_remove bool false false, true false This only affects state=absent.
It attempts to remove directories associated with the user.

manage_authorized_keys

Variable Type Required Choices Default Description
item list false [] List of users to be managed.
item.custom_ssh_from list false [] from="" value added to authorized_keys if user has user_management_users.ssh_public_keys defined.
All values from user_management_default_ssh_from, user_management_group_ssh_from and user_management_host_ssh_from will be concatenated.
item.name str true user_management_john.doe User's Linux login name.
item.ssh_public_keys list false A list of the SSH public key(s), as a string or (since Ansible 1.9) url.
item.state str true absent, present present Whether the account should exist or not, taking action if the state is different from what is stated.

Dependencies

None

Example Playbook

- name: "Play | user_management"
  hosts: all
  roles:
    - role: user_management

License

BSD, MIT

Author Information

Xenion1987 @ Access-InTech

About

Ansible role for managing Linux users, their SSH authorized_keys and sudoers files

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages