Ansible Playbook -- Add a User

This playbook allows you to add a user to a remove system (or bunch of systems) and email the user about their new account. See below it, for a shell wrapper to execute the playbook.

Ansible Playbook

# add user (idempotent actions)
- hosts: '{{host}}'
  remote_user: root
  become: yes
  become_method: sudo
  force_handlers: True

  # tasks to run

    # only new users will get new passwords
    - name: Add user
         password='{{ "pleasechangethispassword" | password_hash("sha512")}}'
      register: newuser

    - debug:
        var: newuser

    # new users need to change the default password
    - name: Set change password for new users
      command: chage -d 0 '{{username}}'
      register: changed
      when: newuser.changed == True

    - debug:
        var: changed

    - name: Email notification
         host: localhost
         port: 25
         to: '{{email_address}}'
         from: ''
         subject: 'User created on {{host}}'
         body: >
             A user account ({{username}}) has been created for you on {{host}}.
             Your password is pleasechangethispassword. SSH key will be added if possible.
             You should use the appropriate Bastion host to reach {{host}}. You can
             do this with SSH proxying.
      delegate_to: localhost
      register: mailsent
      when: newuser.changed == True

    - debug:
        var: mailsent

I have a bunch of target hosts defined in a hosts.ini file. More on that later.

Bash Script Wrapper


function usage(){
    echo "Usage: $0 <host> <username> <emailaddress>"
    exit 1

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd ${DIR}
cd ..

host=$1 || usage
user=$2 || usage
email=$3 || usage

ansible-playbook playbooks/add_admin_user_single.yml \
        -e "host=${host}" \
        -e "username=${user}" \
        -e "email_address=${email}" \
        -i hosts.rt.ini