:.: Add users on OpenBSD with Ansible

Using Ansible to manage users or services on OpenBSD is a great way to automate tasks. I got some new people at work and I needed to create a bunch of users on our 10 OpenBSD servers, so I decided to use Ansible.

:. Prerequisites

To start, make sure you have: 
1. a OpenBSD server.
2. Ansible installed on your machine ($ doas pkg_add ansible).
3. Python installed on the end server (at this time the Python version is 3.11, $ doas pkg_add python).

:. Setting Up the Inventory File

The inventory file, typically named hosts, lists the servers that Ansible will manage:

$ cat hosts

[ports:vars]
ansible_python_interpreter=/usr/local/bin/python3.11

[ports]
172.23.169.185

In this file:

[ports:vars] This section sets variables for the ports group.
ansible_python_interpreter=/usr/local/bin/python3.11 This specifies where Python is located on the OpenBSD server.
[ports] This section lists the IP addresses of the servers in the ports group.
172.23.169.185 This is the IP address of the OpenBSD server, here you can set others or hostnames.

:. Writing the ansible playbook

Now, let’s write the Ansible playbook that will create the user:

$ cat usr.yml
---
- name: Add user test
  hosts: ports
  become: yes
  become_method: doas
  tasks:
    - name: Create user
      ansible.builtin.user:
        name: test
        comment: test
        group: wheel
        create_home: yes
        generate_ssh_key: yes
        ssh_key_file: .ssh/id_ed25519
        shell: /bin/ksh
        state: present

In details:

- name : Add user test This is the name of the playbook.
hosts: ports This specifies that the playbook will run on the servers listed under the ports group in the inventory file.
become: yes This allows Ansible to run commands with elevated privileges. It’s necessary for tasks that require root access.
become_method: doas On OpenBSD, doas is used to execute commands as another user. To run this playbook, you need to have doas configured properly on your OpenBSD server. Usually, this means you should be a user who is allowed to use doas to run commands as the root user.
tasks This section lists the tasks that Ansible will perform.
name: Create user This is the name of the task.
ansible.builtin.user This is the Ansible module used to manage user accounts.
name: test This specifies the name of the user to be created.
comment: test This adds a comment for the user.
group: wheel This sets the primary group for the user.
create_home: yes This creates a home directory for the user.
generate_ssh_key: yes This generates an SSH key for the user.
ssh_key_file: .ssh/id_ed25519 This specifies the path to the SSH key file.
shell: /bin/ksh This sets the user's login shell.
state: present This ensures the user account is present, if you change this to absent and add bellow remove: yes it will delete the account.

:. Running the Playbook

To run the playbook, we use the following:

$ ansible-playbook -i hosts usr.yml
PLAY [Add user test] ************************************************************************************

TASK [Gathering Facts] **********************************************************************************
ok: [172.23.169.185]

TASK [Create user] **************************************************************************************
changed: [172.23.169.185]

PLAY RECAP **********************************************************************************************
172.23.169.185             : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

:. Conclusion

Using Ansible to manage users or any other task is really healpful specially when you need to do something repeatedly. It ensures consistency and reduces the chances of manual errors. For more details on the user module, check out the official documentation.

find me at: activitypub | twitter | rss

page generated: 06062024103624