Create user using vault
[ansible@ansiblemaster playbooks]$ cat inventory
[webserver]
web1.mylinuxfriends.blogspot.com
[dbserver]
db1.mylinuxfriends.blogspot.com
[production]
db1.mylinuxfriends.blogspot.com
web1.mylinuxfriends.blogspot.com
[ansible@ansiblemaster playbooks]$
ansible@ansiblemaster vars]$ pwd
/home/ansible/playbooks/vars
NOTE: Give password and remember this as we will use this to run playbook
[ansible@ansiblemaster vars]$ ansible-vault create ../vars/mysecret.yml
New Vault password:
Confirm New Vault password:
newusers: <========== put following content to mysecret.yml
- name: myuser1
pw: welcome@1
- name: myuser2
pw: welcome@2
[ansible@ansiblemaster vars]$ ansible-vault view mysecret.yml
Vault password:
newusers:
- name: myuser1
pw: welcome@1
- name: myuser2
pw: welcome@2
[ansible@ansiblemaster playbooks]$
=====================================================================================================
Now create main yml file useradd.yml, that will use mysecret.yml to create users on webserver group
=====================================================================================================
[ansible@ansiblemaster playbooks]$ vi useradd.yml
---
- name: creating user on webserver.
hosts: webserver
remote_user: ansible
become: yes
vars_files:
- vars/mysecret.yml
tasks:
- name: creating users using vars/mysecrete.yml
user:
name: "{{ item.name }}"
password: "{{ item.pw | password_hash('sha512') }}"
with_items: "{{ newusers }}"
[ansible@ansiblemaster playbooks]$
===============================================
Now let`s check syntax of our createuser.yml
===============================================
[ansible@ansiblemaster playbooks]$ ansible-playbook useradd.yml --syntax-check --playbookvault-password-file=playbookvault-pass <---------- give playbookvault-pass i.e welcome in our case
playbook: useradd.yml
[ansible@ansiblemaster playbooks]$
=========================================================================================
Now instead of giving password at command-line again and again we can define it in file
=========================================================================================
[ansible@ansiblemaster playbooks]$ pwd
/home/ansible/playbooks
[ansible@ansiblemaster playbooks]$ echo welcome > playbookvault-pass
[ansible@ansiblemaster playbooks]$ chmod 0400 playbookvault-pass
[ansible@ansiblemaster playbooks]$ ll playbookvault-pass
-r--------. 1 ansible wheel 8 May 10 19:39 playbookvault-pass
=============================================================================
For your reference following are the list of files created in this example
=============================================================================
[ansible@ansiblemaster playbooks]$ tree
.
├── ansible.cfg
├── useradd.yml
├── inventory
├── vars
│ └── mysecret.yml
└── playbookvault-pass
1 directory, 5 files
[ansible@ansiblemaster playbooks]$
===============================================================
Vault password in playbookvault-pass now lets run our playbook
===============================================================
[ansible@ansiblemaster playbooks]$ ansible-playbook useradd.yml -v --vault-password-file=playbookvault-pass
Using /home/ansible/playbooks/ansible.cfg as config file
PLAY [creating user on webserver.] ************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************************
ok: [web1.mylinuxfriends.blogspot.com]
TASK [creating users using vars/mysecrete.yml] ************************************************************************************************************************
changed: [web1.mylinuxfriends.blogspot.com] => (item={u'name': u'web1', u'pw': u'welcome@1'}) => {"changed": true, "comment": "", "createhome": true, "group": 3003, "home": "/home/web1", "item": {"name": "web1", "pw": "welcome@1"}, "name": "myuser1", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 3003}
changed: [web1.mylinuxfriends.blogspot.com] => (item={u'name': u'myuser2', u'pw': u'welcome@2'}) => {"changed": true, "comment": "", "createhome": true, "group": 3004, "home": "/home/myuser2", "item": {"name": "myuser2", "pw": "welcome@2"}, "name": "myuser2", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 3004}
PLAY RECAP ************************************************************************************************************************************************************
web1.mylinuxfriends.blogspot.com : ok=2 changed=1 unreachable=0 failed=0
=================================================================================================================================
Let`s try to login on web1.mylinuxfriends.blogspot.com with myuser2 user and give password as welcome@2, that we have defined in mysecret.yml
=================================================================================================================================
[ansible@ansiblemaster playbooks]$
[ansible@ansiblemaster playbooks]$ ssh myuser2@web1.mylinuxfriends.blogspot.com
myuser2@web1.mylinuxfriends.blogspot.com's password: welcome@2
This system is web1 server of mylinuxfriends.blogspot.com
Today date is : 2020-04-26
You can drop email to anuj@mylinuxfriends.blogspot.com in case any query.
Thanks......!
[myuser2@web1 ~]$
[ansible@ansiblemaster playbooks]$ cat inventory
[webserver]
web1.mylinuxfriends.blogspot.com
[dbserver]
db1.mylinuxfriends.blogspot.com
[production]
db1.mylinuxfriends.blogspot.com
web1.mylinuxfriends.blogspot.com
[ansible@ansiblemaster playbooks]$
ansible@ansiblemaster vars]$ pwd
/home/ansible/playbooks/vars
NOTE: Give password and remember this as we will use this to run playbook
[ansible@ansiblemaster vars]$ ansible-vault create ../vars/mysecret.yml
New Vault password:
Confirm New Vault password:
newusers: <========== put following content to mysecret.yml
- name: myuser1
pw: welcome@1
- name: myuser2
pw: welcome@2
[ansible@ansiblemaster vars]$ ansible-vault view mysecret.yml
Vault password:
newusers:
- name: myuser1
pw: welcome@1
- name: myuser2
pw: welcome@2
[ansible@ansiblemaster playbooks]$
=====================================================================================================
Now create main yml file useradd.yml, that will use mysecret.yml to create users on webserver group
=====================================================================================================
[ansible@ansiblemaster playbooks]$ vi useradd.yml
---
- name: creating user on webserver.
hosts: webserver
remote_user: ansible
become: yes
vars_files:
- vars/mysecret.yml
tasks:
- name: creating users using vars/mysecrete.yml
user:
name: "{{ item.name }}"
password: "{{ item.pw | password_hash('sha512') }}"
with_items: "{{ newusers }}"
[ansible@ansiblemaster playbooks]$
===============================================
Now let`s check syntax of our createuser.yml
===============================================
[ansible@ansiblemaster playbooks]$ ansible-playbook useradd.yml --syntax-check --playbookvault-password-file=playbookvault-pass <---------- give playbookvault-pass i.e welcome in our case
playbook: useradd.yml
[ansible@ansiblemaster playbooks]$
=========================================================================================
Now instead of giving password at command-line again and again we can define it in file
=========================================================================================
[ansible@ansiblemaster playbooks]$ pwd
/home/ansible/playbooks
[ansible@ansiblemaster playbooks]$ echo welcome > playbookvault-pass
[ansible@ansiblemaster playbooks]$ chmod 0400 playbookvault-pass
[ansible@ansiblemaster playbooks]$ ll playbookvault-pass
-r--------. 1 ansible wheel 8 May 10 19:39 playbookvault-pass
=============================================================================
For your reference following are the list of files created in this example
=============================================================================
[ansible@ansiblemaster playbooks]$ tree
.
├── ansible.cfg
├── useradd.yml
├── inventory
├── vars
│ └── mysecret.yml
└── playbookvault-pass
1 directory, 5 files
[ansible@ansiblemaster playbooks]$
===============================================================
Vault password in playbookvault-pass now lets run our playbook
===============================================================
[ansible@ansiblemaster playbooks]$ ansible-playbook useradd.yml -v --vault-password-file=playbookvault-pass
Using /home/ansible/playbooks/ansible.cfg as config file
PLAY [creating user on webserver.] ************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************************
ok: [web1.mylinuxfriends.blogspot.com]
TASK [creating users using vars/mysecrete.yml] ************************************************************************************************************************
changed: [web1.mylinuxfriends.blogspot.com] => (item={u'name': u'web1', u'pw': u'welcome@1'}) => {"changed": true, "comment": "", "createhome": true, "group": 3003, "home": "/home/web1", "item": {"name": "web1", "pw": "welcome@1"}, "name": "myuser1", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 3003}
changed: [web1.mylinuxfriends.blogspot.com] => (item={u'name': u'myuser2', u'pw': u'welcome@2'}) => {"changed": true, "comment": "", "createhome": true, "group": 3004, "home": "/home/myuser2", "item": {"name": "myuser2", "pw": "welcome@2"}, "name": "myuser2", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 3004}
PLAY RECAP ************************************************************************************************************************************************************
web1.mylinuxfriends.blogspot.com : ok=2 changed=1 unreachable=0 failed=0
=================================================================================================================================
Let`s try to login on web1.mylinuxfriends.blogspot.com with myuser2 user and give password as welcome@2, that we have defined in mysecret.yml
=================================================================================================================================
[ansible@ansiblemaster playbooks]$
[ansible@ansiblemaster playbooks]$ ssh myuser2@web1.mylinuxfriends.blogspot.com
myuser2@web1.mylinuxfriends.blogspot.com's password: welcome@2
This system is web1 server of mylinuxfriends.blogspot.com
Today date is : 2020-04-26
You can drop email to anuj@mylinuxfriends.blogspot.com in case any query.
Thanks......!
[myuser2@web1 ~]$
Ansible Interview Questions Answers
ReplyDelete