ARTICLE

Classes: Post Installation on Ansible

26 February 2021 by Andi Wirawan

Managing a lot of servers is not an easy job, we need to plan and create a good and manageable Ansible Playbook to implement Ansible properly.

Since then, we are all agree that it is hard to manage a lot of server at once. For example, you have installed 50 VMs/Servers with fresh OS and need to add some users into it.

Thus, In this class we will learn how to add some users to the servers using Ansible Playbook.

How to Add users using Ansible Playbook

First, create a folder called ansible_try

Under folder ansible_try, create files for inventory and YML master playbook.

For inventory file, please fill with the lists of the IP address server.

     [allserver]
     192.168.20.183
     192.168.20.184

Then, create a YML file for master playbook

  • usergroup.yml
     hosts: allservers
     gather_facts: false
     roles:
            - usergroup
  • after that, create 3 folder called taks, files, vars.
  • Tasks folder, will be filled with the ansible automation code
  • Files folder will be filled with the SSH_Key_Pub and sudoers config file
  • Vars folder will be filled with variables file for ansible automation code

Then, go to Task folder and create file as below:

main.ym

          import_tasks: configureSudoers.yml
          import_tasks: configureUsers.yml
__________________________________________________

configureSudoers.yml

 name: Create Engineer Group
 group: name=engineer state=present
 ignore_errors: yes
 become: true
 tags:
         - sudoersgroup

name: Engineer Group As Sudoers
copy: src=sudoers.d/00-engineer.j2 dest=/etc/sudoers.d/00-engineer
    owner=root
    group=root
    mode=440
    backup=no
  ignore_errors: yes
  become: true
  tags:
        - sudoersgroup
_________________________________________________

configureUsers.yml


name: Manage Users SA
user:
name: "{{ item.key }}"
state: "{{ item.value.state }}"
groups: "{{ item.value.groups }}"
shell: "{{ item.value.shell }}"
with_dict: '{{users_sa}}'
become: true
tags:
- usergroup

name: Manage User Keys SA
authorized_key:
user: "{{ item.key }}"
state: present
key: "{{ lookup('file', item.value.authkey) }}"
with_dict: '{{users_sa}}'
become: true
tags:
- usergroup

name: Remove inactive User
user:
name: "{{ item.key }}"
state: "{{ item.value.state }}"
remove: "{{ item.value.remove }}"
with_dict: '{{ inactiveUsers }}'
become: true
tags:
- usergroup
- remove
  • After creating task code, then go to vars folder and create main.yml file
main.yml

users_sa:
user1:
name: user1
state: present
groups: engineer
shell: /bin/bash
authkey: authkeys/user1.pub

users_noc:
user2:
name: user2
state: present
groups: engineer
shell: /bin/bash
authkey: authkeys/user.pub


inactiveUsers:
alfian:
state: absent
remove: yes
  • Then, goes to the Files Folder and create two subfolder “authkeys” and “sudoers.d”
  • Under the folder “authkeys”, put the SSH_Key_Public according to it’s username, for example, user1.pub, user2.pub
  • Next, under the “sudoers.d”, put the jinja file about the sudoers file configuration that will be copied to the server as below
    • Create a file with name 00-engineer.j2
    • Fill with below sudoers configuration
      “%engineer ALL=NOPASSWD: ALL”
  • Back to the top of folder ansible_try and run this command
ansible-playbook -i inventory usergroup.yml -u ubuntu
  • ansible-playbook is a command for running a playbook
    • -i is for variable inventory
    • -u is for the username used for SSH
  • The Output will goes like this
PLAY [allserver] *************************************************************************************************************************************

TASK [usergroup : Create Engineer Group] *************************************************************************************************************
ok: [192.168.20.184]
ok: [192.168.20.183]

TASK [usergroup : Engineer Group As Sudoers] *********************************************************************************************************
changed: [192.168.20.183]
changed: [192.168.20.184]

TASK [usergroup : Manage Users SA] *******************************************************************************************************************
ok: [192.168.20.183] => (item={'key': 'user1', 'value': {'name': 'user1', 'state': 'present', 'groups': 'engineer', 'shell': '/bin/bash', 'authkey': 'authkeys/user1.pub'}})
ok: [192.168.20.184] => (item={'key': 'user1', 'value': {'name': 'user1', 'state': 'present', 'groups': 'engineer', 'shell': '/bin/bash', 'authkey': 'authkeys/user1.pub'}})
ok: [192.168.20.183] => (item={'key': 'user2', 'value': {'name': 'user2', 'state': 'present', 'groups': 'engineer', 'shell': '/bin/bash', 'authkey': 'authkeys/user2.pub'}})
ok: [192.168.20.184] => (item={'key': 'user2', 'value': {'name': 'user2', 'state': 'present', 'groups': 'engineer', 'shell': '/bin/bash', 'authkey': 'authkeys/user2.pub'}})

TASK [usergroup : Remove inactive User] **************************************************************************************************************
ok: [192.168.20.183] => (item={'key': 'alfian', 'value': {'name': 'alfian', 'state': 'absent', 'remove': True}})
ok: [192.168.20.184] => (item={'key': 'alfian', 'value': {'name': 'alfian', 'state': 'absent', 'remove': True}})

PLAY RECAP *******************************************************************************************************************************************
192.168.20.183             : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.20.184             : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
  • If you want to just send a command to get the output like checking the OS version, simply just execute this command

ansible allserver -m shell -a "lsb_release -a" -i inventory -u ubuntu
  • The output will goes like this
192.168.20.184 | CHANGED | rc=0 >>
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.5 LTS
Release:        16.04
Codename:       xenialNo LSB modules are available.
192.168.20.183 | CHANGED | rc=0 >>
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.5 LTS
Release:        16.04
Codename:       xenialNo LSB modules are available.
  • So with this ansible command, you don’t need to sign in to every single server to check the OS version and it will make your action faster especially if the server you manage is quite large scale.

Summary

To manage a lot of servers, you need to learn how to run ansible post the installation. Eager to know more? Visit our site.

4.3 4 votes
Article Rating

Ready to Make Something Big?

Deploy in Cloud Raya