Recommended approach for adding/managing multiple system level users?

Archives Ansible Project
1

Assuming:

  • I have X servers,
  • With Y users requiring access under their own unique accounts,
  • And not all Y users are required on every X server (although this isn’t a hard requirement),
  • And Z of the Y users need to be in a different group (for more access or sudo rights based on group),
  • And each user having their own authorized key file for SSH…

What would be the recommended approach in the structuring of the playbooks/tasks? I’ve thought through a few different solutions (using --extra-vars for example to pass in on a per-user basis the variables needed, or using with_items) but it felt “kludge-y” when attempting to implement…

2

Assuming:

  • I have X servers,
  • With Y users requiring access under their own unique accounts,
  • And not all Y users are required on every X server (although this isn’t a hard requirement),
  • And Z of the Y users need to be in a different group (for more access or sudo rights based on group),

I’d split out the Z and Y users in two different groups to begin with. and put those users in a vars_file or in a group_vars (http://ansible.cc/docs/playbooks2.html#variable-file-separation and http://ansible.cc/docs/patterns.html#groups-of-groups-and-group-variables and http://ansible.cc/docs/patterns.html#splitting-out-host-and-group-specific-data)

  • And each user having their own authorized key file for SSH…

What would be the recommended approach in the structuring of the playbooks/tasks? I’ve thought through a few different solutions (using --extra-vars for example to pass in on a per-user basis the variables needed, or using with_items) but it felt “kludge-y” when attempting to implement…

You can then combine those things with this users setup: https://groups.google.com/forum/?fromgroups=#!topic/ansible-project/3nRKU5AemYA, look at nigelm’s setup. It’s all you need/want.