This role allows to manage users and user groups on a system.
The collection ansible.posix
is required to use this role.
ansible-galaxy collection install ansible.posix
Variable | Type | Default | Comments |
---|---|---|---|
users | list of objects | [] |
List of users to create/delete (see users). |
users_authorized_keys_exclusive | boolean | true |
Default user's setting for authorized keys exclusive. |
users_authorized_keys_file | string | .ssh/authorized_keys |
Path to the authorized_keys file inside the user's home directory. |
users_create_homedirs | boolean | true |
Create home directories for new users. |
users_create_per_user_group | boolean | true |
Create a group for every user and make that their primary group if set to true . |
users_default_shell | string | /bin/bash |
The default shell for a user if none is specified. |
users_group | string | users |
The default group name all users belong to. Only required if users_create_per_user_group is set to false . |
users_groups | list of objects | [] |
List of user groups to create/delete (see users_groups). |
users_home | string | /home |
The directory which will contain all user home directories. |
users_home_chroot | boolean | false |
The default user's home directory chroot setting. |
users_home_mode | string | 0750 |
The default user's home directory permissions. |
users_kill_process | boolean | false |
Kill user process if user is in use. |
users_kill_process_allowed_users | list of strings | List of user names which processes should be killed. Only used if users_kill_processes is set to true . |
|
users_kill_process_forbidden_users | list of strings | [] |
List of user names which processes should never be killed.root is always prohibited!Only used if users_kill_processes is set to true . |
users_kill_process_timeout | integer | 30 |
Time to wait before force kill a process. Only used if users_kill_processes is set to true . |
users_ssh_key_type | string | rsa |
Default user's ssh key type. |
Variable | Type | Default | Comments |
---|---|---|---|
append | boolean | false |
Existing group relations will not be removed if set to true . |
authorized_keys | list of strings | List of public keys for ssh authorization. | |
authorized_keys_exclusive | list of strings | Existing public keys for authorization will not be removed if set to true . |
|
comment | string | '' |
Regular name of the user stored as comment. |
expires | integer | An expiry time for the user in epoch. | |
force | boolean | false |
This only affects state=absent , it forces removal of the user and associated directories on supported platforms. |
group | string | The of the user's primary group. | |
groups | list of strings | A list of all groups the user belongs to. | |
home | string | Absolute path to the user's home directory. | |
home_chroot | boolean | Set home ownership to root to allow chroot feature for user home directories. |
|
home_create | boolean | Create the user's home directory. | |
home_files | list of objects | List of files which should be managed within the users home directory. | |
home_mode | string | The user's home directory permissions. | |
local | boolean | false |
Forces the use of “local” command alternatives on platforms that implement it. |
move_home | boolean | false |
If set to true when used with home: , attempt to move the user’s old home directory to the specified directory if it isn’t there already and the old home exists. |
non_unique | boolean | false |
Optionally when used with the -u option, this option allows to change the user ID to a non-unique value. |
password | string | ! |
The user's password hash (should be created with mkpasswd ). |
password_expire_max | integer | Maximum number of days between password change. | |
password_expire_min | integer | Minimum number of days between password change. | |
password_lock | boolean | Lock the password. | |
remove | boolean | false |
This only affects state=absent , it attempts to remove directories associated with the user. |
seuser | string | Optionally sets the seuser type (user_u) on selinux enabled systems.. | |
shell | string | The user's logon shell. | |
ssh_key_bits | integer | Size of the generated ssh key. | |
ssh_key_comment | string | Optionally define the comment for the SSH key. | |
ssh_key_file | string | Optionally specify the SSH key filename. | |
ssh_key_generate | boolean | Generate a ssh key pair if set to true . |
|
ssh_key_password | string | Passphrase for the generated ssh key. | |
ssh_key_type | string | Type of the generated ssh key (rsa , ed25519 , etc.). |
|
ssh_keys | list of objects | List of private ssh keys to provide for the user (see ssh_keys). | |
state | string | present |
present will create or update the user.absent will remove an existing user. |
system | boolean | Weather the user is a system user (true ) or not (false ). |
|
uid | integer | The user's UID. If not defined, the create process will use the nex available UID. | |
update_password | boolean | always will update passwords if they differ.on_create will only set the password for newly created users. |
|
username | string required |
Login name of the user. |
Variable | Type | Default | Comments |
---|---|---|---|
content | string | Content of the managed file (only used when template is not defined). |
|
dir_mode | string | 0750 |
Directory permissions (only used if directories have to be created). |
file_mode | string | 0640 |
File permissions. |
path | string | File path, relative to the users home directory. | |
state | string | present |
present will create or update the file.absent will remove an existing file. |
template | string | Weather the group is a system group (true ) or not (false ). |
Variable | Type | Default | Comments |
---|---|---|---|
name | string required |
Name of the key file. | |
key | string | SSH private key file content. | |
state | string | present |
present will store the key file in the user's home directory.absent will remove an existing key file. |
Variable | Type | Default | Comments |
---|---|---|---|
gid | integer | The groups GID. If not defined, the create process will use the nex available GID. | |
local | boolean | false |
Forces the use of “local” command alternatives on platforms that implement it. |
name | string required |
Name of the group. | |
state | string | present |
present will create or update the group.absent will remove an existing group. |
system | boolean | Weather the group is a system group (true ) or not (false ). |
users:
- username: foo
comment: Foo Barrington
groups:
- wheel
- -systemd-journal
uid: 1001
home: /local/home/foo
authorized_keys:
- "ssh-rsa AAAAA.... foo@machine"
- "ssh-rsa AAAAB.... foo2@machine"
- username: bar
uid: 1002
state: absent
remove: yes
force: yes
users_groups:
- name: developers
gid: 10000