Automation through ansible is gaining a lot of popularity among System Administratros because managing multiple server machines manually has become a very hectic task.Ansible comes with many handy modules out of which today we will look at ansible user module and try to learn about how to manage i.e. create or delete user, change password and lock or unlock user in IBM AIX 7.1 operating system
machines using ansible playbook. Ansible playbook contains one or more tasks/plays each of which define the work to be done.
All the task in ansible playbook are written in YAML (a strict typed language).
We’ve used RedHat Enterprise Linux 8 (RHEL 8) VM’s (virtual machine) as our ansible control server and IBM AIX 7.1 machines for our target machines.
Ansible playbook document starts with 3 dashes(hyphens) at the most top of the document.
name specifies the name of the playbook. You can give any name to the playbook.
hosts specify the lists of hosts or host group against which plays or task will run. We can run tasks on multiple servers that’s why host group entry will come into play. hosts or host group are palced in /etc/ansible/hosts file
become specify that playbook will run as root user on target machines.
vars section let you define the variables which you can use later in your playbook.
tasks tasks/plays are list of actions that needs to be perform on target servers. Playbook contains one or multiple plays/tasks.
name specifies the name of the playbook. You can give any name to the playbook.
hosts specify the lists of hosts or host group against which plays or task will run. We can run tasks on multiple servers that’s why host group entry will come into play. hosts or host group are palced in /etc/ansible/hosts file
become specify that playbook will run as root user on target machines.
vars section let you define the variables which you can use later in your playbook.
tasks tasks/plays are list of actions that needs to be perform on target servers. Playbook contains one or multiple plays/tasks.
---
# ansible document starts with 3 dashes at the top
-
hosts: all
become: true
# declaration of variables
vars:
user_name: maxsteel
user_pass: tevY2YxMOJk8U
# password is Ptml@123
tasks:
-
name: "Delete User"
tags: delete_user
user:
name: "{{user_name}}"
state: absent
remove: yes
force: yes
-
name: "Create New User"
tags: create_new_user
user:
name: "{{user_name}}"
password: "{{user_pass}}"
update_password: on_create
-
name: "Force Password Change on First Login"
tags: force_change_password_first_login
command: "pwdadm -f ADMCHG {{user_name}}"
-
name: "Password Change"
tags: password_update
user:
name: "{{user_name}}"
password: "{{user_pass}}"
update_password: always
-
name: "Lock User"
tags: lock_user
command: "chuser account_locked=true {{user_name}}"
-
name: "Unlock User"
tags: unlock_user
command: "chuser account_locked=false {{user_name}}"
How to run Ansible playbook :-
- Open your shell terminal on ansible control server and go to /etc/ansible/ path.
- Check your playbook is syntactically correct or not. ansible-playbook manageuseraix.yaml -l webserver --check
- Check the list of possible tags in specific playbook. ansible-playbook manageuseraix.yaml --list-tags
- Below is the command to run ansible playbook on specific host or group of host. ansible-playbook manageuseraix.yaml -l webserver -t create_new_user -e “user_name=amir”
How did you create that hashed password?
ReplyDeleteTwo ways you can create password
Delete1. password: "{{user_pass | password_hash('sha512')}}"
If above method not working then first you need to create a user without ansible get the hashed password and then use it.
Nice Post.Valuable and interesting information.
ReplyDeleteDevOps Training
DevOps Online Training
It's really Good Blog.Thanks for sharing!
ReplyDeleteDevOps Training
DevOps Online Training