Using Ansible Modules to Manage Users and Groups in Your Environment

45 minutes
  • 4 Learning Objectives

About this Hands-on Lab

While many environments have some sort of central authentication, there’s still use cases for managing users on servers outside of that. This lab will help drive home managing users and groups with Ansible.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Ensure the ‘backups’ group exists with the correct GID on all servers

This section of your playbook should look something like this:

 ---
- name: verify group exists
  hosts: all
  become: yes

  tasks:
   - group: 
      gid: 12310
      name: backups
      state: present
Remove the ‘old_backup’ user on all servers

You can add this section to the existing playbook:

    - user:
      name: old_backup
      state: absent
Create the ‘new_backup’ user on all servers with the required settings

You can add this section to your existing playbook:

    - user:
      name: new_backup
      uid: 12427
      shell: /bin/false
      password_lock: yes
      groups: backups
Create the new group and add the ‘new_backup’ user

Your complete playbook should look similar to the following:

 ---
- name: verify group exists
  hosts: all
  become: yes

  tasks:
   - group: 
      gid: 12310
      name: backups
      state: present
   - group:
      gid: 12311
      name: new_backups
      state: present
   - user:
      name: old_backup
      state: absent
   - user:
      name: new_backup
      uid: 12427
      shell: /bin/false
      password_lock: yes
      groups: backups, new_backups

Additional Resources

Notice: Ansible is installed as the root user, so please work on all tasks after elevating to the root user.

Your backup team has come to you with a problem. They've switched software vendors and the new software requires the use of a specific username. The scripts they've written to manage backups require a specific user id to perform correctly. They'd like you to use Ansible to remove the old user and create the new one using the same uid so that they don't have to change all of their scripts. Additionally, the old backup user didn't exist everywhere in the environment, but the new one must - and it needs that user id.

Write a playbook that removes the 'old_backup' user and creates the 'new_backup' user with the following:

uid is 12427 shell needs to be set to /bin/false The account should be password locked. Needs to also be a member of the 'backups' group. Some servers may not have this group created already. The group ID should be 12310.

After you push these changes out, the backup team comes to you and mentions that the new backup software also needs a new group created (named new_backups), that the 'new_backup' user must be a member of that group but keep all its old groups, and that the GID for that group must be 12311. Modify and execute your playbook with this new requirement.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!
Thanks for reaching out!

You’ll hear from us shortly. In the meantime, why not check out what our customers have to say about ACG?