Ansible Generate Ssh Key For User
- Ansible - SSH Key Distribution For Password-less SSH 3 minute read Ansible - SSH Key Distribution For Password-less SSH. When setting up massive scale environments you will likely run into this scenario. How can I distribute a specific user account’s SSH keys for all of my hosts to allow password-less SSH logins between them?
- Jun 28, 2018 What is ansible-user? It is an Ansible role to. Create user groups; Create a single user, add it to any groups you created and configure its shell; Set your public SSH key as an authorized key so you can login without a password.
Generate the key pair beforehand on the host machine, inject private key to Ansible VM, public key to Oracle's authorizedkeys. Generate the key pair on Ansible VM, copy the public key to Oracle VM using shell provisioner and inject vagrant as password for ssh-copy-id. And the list does not end here, it depends on required security. Aug 14, 2015 Install Ansible on the host that you’ll use to target each of the Linux host you want the new users on. Sudo yum install ansible Generate or obtain the public SSH key(s) that you’ll be deploying to the remote Linux host. In my case i will generate the keys myself but you may obtain them (ideally you would) from the users themselves. So Ansible is attempting to find your users' keys on 'Ansible Server'. Personally I wouldn't use the generatesshkey parameter in your user task. Each user will have a different key for each server. You will have to distribute the keys to each user since they won't be able to get on the server in the first place.
| Put this in your `local-configure.yml` file, add as many users as you need: |
| users: |
| - name: fulvio |
| sudoer: yes |
| auth_key: ssh-rsa blahblahblahsomekey this is actually the public key in cleartext |
| - name: plone_buildout |
| group: plone_group |
| sudoer: no |
| auth_key: ssh-rsa blahblahblah ansible-generated on default |
| keyfiles: keyfiles/plone_buildout |
| In your playbook root folder, create a folder `keyfiles`. In it, create a subfolder for |
| each username for which you want to copy keyfiles to the server. Put the private and public key files, |
| as well as any other files, such as `known_hosts` in the user subfolder. |
| Add the follwing line in `playbook.yml` under `roles:` (e.g. right under `- role: ANXS.hostname`): |
| - role: create_users |
| Copy the gist file `main.yml` to `/roles/create_users/tasks`. |
| Now run your playbook. |
| That's it! |
Ansible Generate Ssh Key For User Manual
| --- |
| # vars: |
| # users: |
| # - name: steve |
| # sudoer: yes |
| # auth_key: ssh-rsa .. |
| - name: Ensure plone_group |
| group: name=plone_group |
| # see http://docs.ansible.com/ansible/user_module.html |
| - name: Add users |
| user: |
| name={{ item.name }} |
| system={{ item.sudoer }} |
| shell=/bin/bash |
| append=yes |
| groups={{ item.group }} |
| # this is just a default password, I think it's SHA512 for 'changeme' |
| password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0 |
| update_password=on_create |
| when: item.group is defined |
| with_items: users |
| - name: Add users |
| user: |
| name={{ item.name }} |
| system={{ item.sudoer }} |
| shell=/bin/bash |
| password=$6$rounds=656000$iO7Q9L6/w8dUUQVf$rmtnxrQ15TGAfG5ODxQ/WGyEpTwk.vD1W.UtedmOlo9YNkrIwapYMjmKmteEnUJmRYucgUVxXUQy7gtenpLmw0 |
| update_password=on_create |
| when: item.group is not defined |
| with_items: users |
| - name: Add .ssh directories |
| file: |
| path=/home/{{ item.name }}/.ssh |
| state=directory |
| mode=0700 |
| owner={{ item.name }} |
| group={{ item.group default(item.name) }} |
| with_items: users |
| - name: Add keys |
| lineinfile: |
| dest=/home/{{ item.name }}/.ssh/authorized_keys |
| state=present |
| create=yes |
| line='{{ item.auth_key }}' |
| owner={{ item.name }} |
| group={{ item.group default(item.name) }} |
| mode=0644 |
| when: item.auth_key is defined |
| with_items: users |
| - name: Add to sudoers |
| copy: |
| dest: /etc/sudoers.d/{{ item.name }} |
| content: |
| {{ item.name }} ALL=(ALL) ALL |
| {{ item.name }} ALL=(plone_daemon, plone_buildout) NOPASSWD:ALL |
| {{ item.name }} ALL=(root) NOPASSWD:/usr/bin/supervisorctl |
| # |
| when: item.sudoer |
| with_items: users |
| - name: SSH keys |
| copy: |
| src={{ item.keyfiles }}/ |
| dest=/home/{{ item.name }}/.ssh/ |
| owner={{ item.name }} |
| group={{ item.group default(item.name) }} |
| mode=0600 |
| when: item.keyfiles is defined |
| with_items: users |
commented Oct 3, 2018
Ansible Generate Ssh Key
When trying to follow through the instructions here I faced error message /why-do-you-do-crypto-key-generate.html. After googling the issue I found a solution here ansible/ansible#23496 (comment) Seems from ansible v2.2 with_items requires explicit wrapping. So i changed in to and it worked for me |
Ansible Generate Ssh Keys
commented Oct 9, 2019
Ansible Add Ssh Key For User
Hello, Could you please review below code and let me know what is missing? Requirement: Add multiple users along with their home directories & ssh_keys, authorized_keys2 files to each, do let me know if you have any questions.
Error that I have when I execute TASK [Create .ssh dir & Insert keys] ************************************************************************************************************************************************************************** PLAY RECAP **************************************************************************************************************************************************************************************************** root@rhel75-test16:/root/ansible/playbooks/> Thank you! |