Classes: Post Installation on Ansible

Managing many servers is not an easy job; we need to plan and create a good and manageable Ansible Playbook to implement Ansible properly.

Since then, we all agree that it is hard to manage a lot of servers at once. For example, you have installed 50 VMs/Servers with fresh OS and need to add some users to it.

Thus, In this class, we will learn how to add some users to the servers using Ansible Playbook.

How to Add users using Ansible Playbook

First, create a folder called ansible_try

Under folder ansible_try, create files for inventory and YML master playbook.

For the inventory file, please fill in the lists of the IP address server.

[allserver] 192.168.20.183 192.168.20.184

Then, create a YML file for the master playbook

• usergroup.yml

   hosts: allservers gather_facts: false roles: - usergroup

import_tasks: configureSudoers.yml import_tasks: configureUsers.yml __________________________________________________

configureSudoers.yml

name: Create Engineer Group group: name=engineer state=present ignore_errors: yes become: true tags: - sudoersgroup name: Engineer Group As Sudoers copy: src=sudoers.d/00-engineer.j2 dest=/etc/sudoers.d/00-engineer owner=root group=root mode=440 backup=no ignore_errors: yes become: true tags: - sudoersgroup _________________________________________________

configureUsers.yml

name: Manage Users SA
user:
name: "{{ item.key }}"
state: "{{ item.value.state }}"
groups: "{{ item.value.groups }}"
shell: "{{ item.value.shell }}"
with_dict: '{{users_sa}}'
become: true
tags:
- usergroup

name: Manage User Keys SA
authorized_key:
user: "{{ item.key }}"
state: present
key: "{{ lookup('file', item.value.authkey) }}"
with_dict: '{{users_sa}}'
become: true
tags:
- usergroup

name: Remove inactive User
user:
name: "{{ item.key }}"
state: "{{ item.value.state }}"
remove: "{{ item.value.remove }}"
with_dict: '{{ inactiveUsers }}'
become: true
tags:
- usergroup
- remove

• After creating the task code, then go to the vars folder and create main.yml file

main.yml

users_sa:
user1:
name: user1
state: present
groups: engineer
shell: /bin/bash
authkey: authkeys/user1.pub

users_noc:
user2:
name: user2
state: present
groups: engineer
shell: /bin/bash
authkey: authkeys/user.pub

inactiveUsers:
alfian:
state: absent
remove: yes

• Then, goes to the Files Folder and create two subfolders “authkeys” and “sudoers.d”
• Under the folder “authkeys”, put the SSH_Key_Public according to it’s username, for example, user1.pub, user2.pub
• Next, under the “sudoers.d”, put the jinja file about the sudoers file configuration that will be copied to the server as below
  • Create a file with name 00-engineer.j2
  • Fill with below sudoers configuration
    “%engineer ALL=NOPASSWD: ALL”

• Back to the top of folder ansible_try and run this command

ansible-playbook -i inventory usergroup.yml -u ubuntu

• ansible-playbook is a command for running a playbook
  • -i is for variable inventory
  • -u is for the username used for SSH

• The Output will go like this

PLAY [allserver] *************************************************************************************************************************************

TASK [usergroup : Create Engineer Group] *************************************************************************************************************
ok: [192.168.20.184]
ok: [192.168.20.183]

TASK [usergroup : Engineer Group As Sudoers] *********************************************************************************************************
changed: [192.168.20.183]
changed: [192.168.20.184]

TASK [usergroup : Manage Users SA] *******************************************************************************************************************
ok: [192.168.20.183] => (item={'key': 'user1', 'value': {'name': 'user1', 'state': 'present', 'groups': 'engineer', 'shell': '/bin/bash', 'authkey': 'authkeys/user1.pub'}})
ok: [192.168.20.184] => (item={'key': 'user1', 'value': {'name': 'user1', 'state': 'present', 'groups': 'engineer', 'shell': '/bin/bash', 'authkey': 'authkeys/user1.pub'}})
ok: [192.168.20.183] => (item={'key': 'user2', 'value': {'name': 'user2', 'state': 'present', 'groups': 'engineer', 'shell': '/bin/bash', 'authkey': 'authkeys/user2.pub'}})
ok: [192.168.20.184] => (item={'key': 'user2', 'value': {'name': 'user2', 'state': 'present', 'groups': 'engineer', 'shell': '/bin/bash', 'authkey': 'authkeys/user2.pub'}})

TASK [usergroup : Remove inactive User] **************************************************************************************************************
ok: [192.168.20.183] => (item={'key': 'alfian', 'value': {'name': 'alfian', 'state': 'absent', 'remove': True}})
ok: [192.168.20.184] => (item={'key': 'alfian', 'value': {'name': 'alfian', 'state': 'absent', 'remove': True}})

PLAY RECAP *******************************************************************************************************************************************
192.168.20.183             : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.20.184             : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

• If you want just to send a command to get the output, like checking the OS version, just execute this command

ansible allserver -m shell -a "lsb_release -a" -i inventory -u ubuntu

• The output will go like this

192.168.20.184 | CHANGED | rc=0 >>
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.5 LTS
Release:        16.04
Codename:       xenialNo LSB modules are available.
192.168.20.183 | CHANGED | rc=0 >>
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.5 LTS
Release:        16.04
Codename:       xenialNo LSB modules are available.

• So with this Ansible command, you don’t need to sign in to every single server to check the OS version, and it will make your action faster, especially if the server you manage is quite a large scale.

Summary

To manage many servers, you need to learn how to run Ansible post the installation. Eager to know more? Visit our site.