Ansible users role

Basic user management on a linux system

The users role manages basic account creation on a linux system.

Root password

By default the role removes the root password.

To enforce a specific password for the root user, configure a crypt hash:

users_root_password: "$6$xyz$VKswtvLoVpOLcpjDMIFXhxa8ukqqKSKHjcPB"

The crypt hash can be generated using openssl:

openssl passwd -6 your_password

Creating users

The role manages users defined in the users hash:

users:
  foo:
    id: 1001
	 group: foo
	 shell: /bin/bash
	 password: "$6$xyz$VKswtvLoVpOLcpjDMIFXhxa8ukqqKSKHjcPB"
	 sudo: true
  bar:
    id: 1002
	 group: admins
	 shell: /bin/bash
	 limit_nofile: 1000
	 limit_maxlogins: 10
	 limit_nproc: 8

Every setting is optional, specifying a username is enough to create a user with sane defaults.

Limits

If no limits are given for a specific user, the default settings are used:

users_default_limit_nproc: 50
users_default_limit_maxlogins: 10
users_default_limit_nofile: 800

SSH keypairs

For every user created by the role a SSH keypair is generated, with these default settings:

users_key_bits: 4096
users_key_type: rsa

Sudo

Users with the sudo option set to true can use sudo to become root.

Managing the sudoers file can be fully disabled by setting users_manage_sudo to false.