Introduction to Ansible Transcripts
Chapter: Running Playbooks
Lecture: New Users with the group, user and authorized_key Modules

Login or purchase this course to watch this video and the rest of the course contents.
0:00 Our playbook isn't doing much at this point so let's enhance it so it's executing useful commands on the remote server. We have a fresh server
0:07 where we're logging in via a root user. Typically, that's not a good safety practice. Let's create a new user vr_playbook
0:14 and we'll log in to our server using that new user. Go into the roles Directory, common/tasks and we're going to modify our main.yml file.
0:22 We'll include a second file named new_user, and save that. Now we'll create the new_user.yml file and we're going to write three tasks.
0:32 But first, we'll create a new group, the non-root group then we'll create a user and we'll add it to that group that we just created.
0:38 And then third, we'll add a public key for this new user so that we can log in. For our first task, let's create a non-root user
0:52 and do that with the group module and the name of this will just be deployers. In our next task, we'll add the deployer user to the deployers group.
1:01 And we want this to exist so the state will be present. Now if we write re-run our playbook multiple times Ansible will check to see if deployers
1:09 has already been created. If so, it will simply skip over the step. Or if later, we change the state from present to absent
1:15 it will remove the Deployers group. In our case, we want it to be present. The second task is to create a non-root user.
1:24 We will use User Module for this task. We need to call the new user deployer place into the deployers group that we just created
1:35 and we can set things like the default shell otherwise it's just going to default to sh the old school shell rather than Bash.
1:44 And we want the state of this user to be present. Okay, one more task and then we can try to run this. We're going to use our public key
1:55 and when someone is trying to log into this deployer user that they need the private key that matches this public key.
2:01 And we'll use the authorized key module to add to the deployer user and at present, we want an authorized key to exist.
2:12 And this will be slightly trickier. What we want is, we want the contents of the public key to be saved in the authorized key file.
2:19 So we're going to use some more advanced Jinja which is the templating engine, Jinja syntax to look up the contents of a file
2:29 and that file in my case is stored under /home/matt/first_playbook/ In your case, that's going to be
2:38 wherever you saved the public key for your first_playbook wherever your working project directory is. So this value instructs Ansible
2:47 to go look up the contents of the file for and we want to save that in the authorized key on the remote server.
2:54 All right, I'm going to save this file. Now let's give our playbook a try. Move back up to the top level directory. Looks like everything looks good
3:08 with these three new tasks. And now we should be able to log in on that remote server with our new Deployer user. Let's test this out.
3:14 With SSH, first_playbook, we'll use our private key to deployer@, and then you're going type in the IP address of your remote server.
3:25 And now everything looks good. We didn't need a password because we had our private key. And now we're logged on to our remote server
3:31 using the new user we just created with our playbook.

Talk Python's Mastodon Michael Kennedy's Mastodon