Welcome to the third edition of Task Automation Tuesday! This week, we’re diving into the world of user management with Ansible. Whether you’re a seasoned sysadmin or just getting started, this guide will help you automate repetitive user management tasks, making your workflow more efficient and enjoyable. Let’s get started!

Why Automate User Management?

User management is a critical task for any sysadmin, but it can be repetitive and time-consuming. Automating these tasks not only saves time but also reduces the risk of human error. Ansible, a powerful automation tool, can help you manage users across multiple servers effortlessly.

What is Ansible?

Ansible is an open-source automation tool that simplifies IT tasks such as configuration management, application deployment, and task automation. Its simple YAML-based language makes it easy to write playbooks that describe your automation tasks.

Setting Up Ansible

First, let’s get Ansible installed and configured on your system.

Step 1: Install Ansible

If you don’t already have Ansible installed, you can easily install it using pip:

pip install ansible

Step 2: Create an Inventory File

Ansible uses an inventory file to define the servers it will manage. Create a file named hosts and add your server details:

[servers]
server1 ansible_host=192.168.1.1
server2 ansible_host=192.168.1.2

Step 3: Verify Ansible Installation

Run the following command to ensure Ansible is set up correctly and can connect to your servers:

ansible all -m ping -i hosts

You should see a success message for each server, indicating that Ansible can communicate with them.

Automating User Management

Now that Ansible is set up, let’s automate some common user management tasks.

Task 1: Adding a New User

Create a playbook named add_user.yml to add a new user to all your servers:

---
- name: Add a new user
  hosts: servers
  become: yes
  tasks:
    - name: Add user 'johndoe'
      user:
        name: johndoe
        state: present
        groups: sudo

Run the playbook with the following command:

ansible-playbook -i hosts add_user.yml

This playbook will create a user named johndoe and add them to the sudo group on all servers listed in the inventory file.

Task 2: Removing a User

To remove a user, create a playbook named remove_user.yml:

---
- name: Remove a user
  hosts: servers
  become: yes
  tasks:
    - name: Remove user 'johndoe'
      user:
        name: johndoe
        state: absent

Run the playbook:

ansible-playbook -i hosts remove_user.yml

This playbook will remove the user johndoe from all servers.

Task 3: Changing User Passwords

You can also automate password changes. Create a playbook named change_password.yml:

---
- name: Change user password
  hosts: servers
  become: yes
  tasks:
    - name: Change password for user 'johndoe'
      user:
        name: johndoe
        password: "{{ 'new_password' | password_hash('sha512') }}"

Run the playbook:

ansible-playbook -i hosts change_password.yml

This playbook will change the password for the user johndoe on all servers.

Advanced User Management

Let’s take it a step further and manage user SSH keys with Ansible.

Task 4: Managing SSH Keys

Create a playbook named manage_ssh_keys.yml:

---
- name: Manage SSH keys
  hosts: servers
  become: yes
  tasks:
    - name: Add SSH key for 'johndoe'
      authorized_key:
        user: johndoe
        state: present
        key: "ssh-rsa AAAAB3... user@domain.com"

Run the playbook:

ansible-playbook -i hosts manage_ssh_keys.yml

This playbook will add the specified SSH key to the johndoe user on all servers.

Conclusion

Congratulations! You’ve just automated several user management tasks with Ansible. By incorporating these playbooks into your workflow, you can save time and reduce errors, making your sysadmin duties more efficient and enjoyable. Keep experimenting with Ansible to discover even more ways to automate your daily tasks.

Stay tuned for next week’s Task Automation Tuesday, where we’ll explore another exciting automation topic. Happy automating! 🎉