Introduction to Ansible Transcripts
Chapter: Running Playbooks
Lecture: New Users with the group, user and authorized_key Modules
0:00 Our playbook isn't doing much at this point
0:01 so let's enhance it so it's executing useful commands
0:04 on the remote server. We have a fresh server
0:06 where we're logging in via a root user.
0:08 Typically, that's not a good safety practice.
0:10 Let's create a new user vr_playbook
0:13 and we'll log in to our server using that new user.
0:15 Go into the roles Directory, common/tasks
0:18 and we're going to modify our main.yml file.
0:21 We'll include a second file named new_user, and save that.
0:26 Now we'll create the new_user.yml file
0:29 and we're going to write three tasks.
0:31 But first, we'll create a new group, the non-root group
0:33 then we'll create a user
0:35 and we'll add it to that group that we just created.
0:37 And then third, we'll add a public key for this new user
0:40 so that we can log in.
0:46 For our first task, let's create a non-root user
0:51 and do that with the group module
0:54 and the name of this will just be deployers.
0:56 In our next task, we'll add the deployer user
0:58 to the deployers group.
1:00 And we want this to exist so the state will be present.
1:03 Now if we write re-run our playbook multiple times
1:06 Ansible will check to see if deployers
1:08 has already been created.
1:09 If so, it will simply skip over the step.
1:11 Or if later, we change the state from present to absent
1:14 it will remove the Deployers group.
1:16 In our case, we want it to be present.
1:19 The second task is to create a non-root user.
1:23 We will use User Module for this task.
1:26 We need to call the new user deployer
1:30 place into the deployers group that we just created
1:34 and we can set things like the default shell
1:38 otherwise it's just going to default to sh
1:41 the old school shell rather than Bash.
1:43 And we want the state of this user to be present.
1:46 Okay, one more task and then we can try to run this.
1:53 We're going to use our public key
1:54 and when someone is trying to log into this deployer user
1:57 that they need the private key that matches this public key.
2:00 And we'll use the authorized key module
2:04 to add to the deployer user
2:07 and at present, we want an authorized key to exist.
2:11 And this will be slightly trickier.
2:12 What we want is, we want the contents of the public key
2:15 to be saved in the authorized key file.
2:18 So we're going to use some more advanced Jinja
2:21 which is the templating engine, Jinja syntax
2:24 to look up the contents of a file
2:28 and that file in my case is stored
2:30 under /home/matt/first_playbook/first_playbook.pub
2:35 In your case, that's going to be
2:37 wherever you saved the public key for your first_playbook
2:41 wherever your working project directory is.
2:44 So this value instructs Ansible
2:46 to go look up the contents of the file
2:48 for first_playbook.pub
2:49 and we want to save that in the authorized key
2:51 on the remote server.
2:53 All right, I'm going to save this file.
2:55 Now let's give our playbook a try.
2:57 Move back up to the top level directory.
3:05 Looks like everything looks good
3:07 with these three new tasks.
3:08 And now we should be able to log in
3:09 on that remote server with our new Deployer user.
3:12 Let's test this out.
3:13 With SSH, first_playbook, we'll use our private key
3:18 to deployer@, and then you're going type in the IP address
3:22 of your remote server.
3:24 And now everything looks good.
3:25 We didn't need a password because we had our private key.
3:28 And now we're logged on to our remote server
3:30 using the new user we just created with our playbook.