Classes: Post Installation on Ansible

26 February 2021 by Andi Wirawan

Managing a lot of servers is not an easy job, we need to plan and create a good and manageable Ansible Playbook to implement Ansible properly.

Since then, we are all agree that it is hard to manage a lot of server at once. For example, you have installed 50 VMs/Servers with fresh OS and need to add some users into it.

Thus, In this class we will learn how to add some users to the servers using Ansible Playbook.

How to Add users using Ansible Playbook

First, create a folder called ansible_try

Under folder ansible_try, create files for inventory and YML master playbook.

For inventory file, please fill with the lists of the IP address server.

     ^[allserver]
     ^{192.168.20.183}
     ^{192.168.20.184}

Then, create a YML file for master playbook

usergroup.yml

     hosts: allservers
     gather_facts: false
     roles:
            - usergroup

after that, create 3 folder called taks, files, vars.

Tasks folder, will be filled with the ansible automation code

Files folder will be filled with the SSH_Key_Pub and sudoers config file

Vars folder will be filled with variables file for ansible automation code

Then, go to Task folder and create file as below:

main.ym

          import_tasks: configureSudoers.yml
          import_tasks: configureUsers.yml
__________________________________________________

configureSudoers.yml

 name: Create Engineer Group
 group: name=engineer state=present
 ignore_errors: yes
 become: true
 tags:
         - sudoersgroup

name: Engineer Group As Sudoers
copy: src=sudoers.d/00-engineer.j2 dest=/etc/sudoers.d/00-engineer
    owner=root
    group=root
    mode=440
    backup=no
  ignore_errors: yes
  become: true
  tags:
        - sudoersgroup
_________________________________________________

configureUsers.yml


name: Manage Users SA
user:
name: "{{ item.key }}"
state: "{{ item.value.state }}"
groups: "{{ item.value.groups }}"
shell: "{{ item.value.shell }}"
with_dict: '{{users_sa}}'
become: true
tags:
- usergroup

name: Manage User Keys SA
authorized_key:
user: "{{ item.key }}"
state: present
key: "{{ lookup('file', item.value.authkey) }}"
with_dict: '{{users_sa}}'
become: true
tags:
- usergroup

name: Remove inactive User
user:
name: "{{ item.key }}"
state: "{{ item.value.state }}"
remove: "{{ item.value.remove }}"
with_dict: '{{ inactiveUsers }}'
become: true
tags:
- usergroup
- remove

After creating task code, then go to vars folder and create main.yml file

main.yml

users_sa:
user1:
name: user1
state: present
groups: engineer
shell: /bin/bash
authkey: authkeys/user1.pub

users_noc:
user2:
name: user2
state: present
groups: engineer
shell: /bin/bash
authkey: authkeys/user.pub

inactiveUsers:
alfian:
state: absent
remove: yes

Then, goes to the Files Folder and create two subfolder “authkeys” and “sudoers.d”
Under the folder “authkeys”, put the SSH_Key_Public according to it’s username, for example, user1.pub, user2.pub
Next, under the “sudoers.d”, put the jinja file about the sudoers file configuration that will be copied to the server as below
- Create a file with name 00-engineer.j2
- Fill with below sudoers configuration
  “%engineer ALL=NOPASSWD: ALL”

Back to the top of folder ansible_try and run this command

ansible-playbook -i inventory usergroup.yml -u ubuntu

ansible-playbook is a command for running a playbook
- -i is for variable inventory
- -u is for the username used for SSH

The Output will goes like this

PLAY [allserver] *************************************************************************************************************************************

TASK [usergroup : Create Engineer Group] *************************************************************************************************************
ok: [192.168.20.184]
ok: [192.168.20.183]

TASK [usergroup : Engineer Group As Sudoers] *********************************************************************************************************
changed: [192.168.20.183]
changed: [192.168.20.184]

TASK [usergroup : Manage Users SA] *******************************************************************************************************************
ok: [192.168.20.183] => (item={'key': 'user1', 'value': {'name': 'user1', 'state': 'present', 'groups': 'engineer', 'shell': '/bin/bash', 'authkey': 'authkeys/user1.pub'}})
ok: [192.168.20.184] => (item={'key': 'user1', 'value': {'name': 'user1', 'state': 'present', 'groups': 'engineer', 'shell': '/bin/bash', 'authkey': 'authkeys/user1.pub'}})
ok: [192.168.20.183] => (item={'key': 'user2', 'value': {'name': 'user2', 'state': 'present', 'groups': 'engineer', 'shell': '/bin/bash', 'authkey': 'authkeys/user2.pub'}})
ok: [192.168.20.184] => (item={'key': 'user2', 'value': {'name': 'user2', 'state': 'present', 'groups': 'engineer', 'shell': '/bin/bash', 'authkey': 'authkeys/user2.pub'}})

TASK [usergroup : Remove inactive User] **************************************************************************************************************
ok: [192.168.20.183] => (item={'key': 'alfian', 'value': {'name': 'alfian', 'state': 'absent', 'remove': True}})
ok: [192.168.20.184] => (item={'key': 'alfian', 'value': {'name': 'alfian', 'state': 'absent', 'remove': True}})

PLAY RECAP *******************************************************************************************************************************************
192.168.20.183             : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.20.184             : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

If you want to just send a command to get the output like checking the OS version, simply just execute this command


ansible allserver -m shell -a "lsb_release -a" -i inventory -u ubuntu

The output will goes like this

192.168.20.184 | CHANGED | rc=0 >>
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.5 LTS
Release:        16.04
Codename:       xenialNo LSB modules are available.
192.168.20.183 | CHANGED | rc=0 >>
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.5 LTS
Release:        16.04
Codename:       xenialNo LSB modules are available.

So with this ansible command, you don’t need to sign in to every single server to check the OS version and it will make your action faster especially if the server you manage is quite large scale.