Practitioner Level

Using Ansible Modules to Manage Users and Groups in Your Environment

Pricing
45 minutes
  • 4 Learning Objectives

About this Hands-on Lab

While many environments have some sort of central authentication, there’s still use cases for managing users on servers outside of that. This lab will help drive home managing users and groups with Ansible.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Ensure the ‘backups’ Group Exists with the Correct GID on All Servers

This section of your playbook should look something like this:

 ---
- name: verify group exists
  hosts: all
  become: yes

  tasks:
   - group: 
      gid: 12310
      name: backups
      state: present
Remove the ‘old_backup’ User on All Servers

You can add this section to the existing playbook:

    - user:
      name: old_backup
      state: absent
Create the ‘new_backup’ User on All Servers with the Required Settings

You can add this section to your existing playbook:

    - user:
      name: new_backup
      uid: 12427
      shell: /bin/false
      password_lock: yes
      groups: backups
Create the New Group and Add the ‘new_backup’ User

Your complete playbook should look similar to the following:

 ---
- name: verify group exists
  hosts: all
  become: yes

  tasks:
   - group: 
      gid: 12310
      name: backups
      state: present
   - group:
      gid: 12311
      name: new_backups
      state: present
   - user:
      name: old_backup
      state: absent
   - user:
      name: new_backup
      uid: 12427
      shell: /bin/false
      password_lock: yes
      groups: backups, new_backups
Contact SalesSee Pricing

Additional Resources

Your backup team has come to you with a problem. They've switched software vendors and the new software requires the use of a specific username. The scripts they've written to manage backups require a specific user id to perform correctly. They'd like you to use Ansible to remove the old user and create the new one using the same uid, so that they don't have to change all of their scripts. Additionally, the old backup user didn't exist everywhere in the environment, but the new one must - and it needs that user id.

Write a playbook that removes the old_backup user and creates the new_backup user with the following:

  • The uid is 1242.
  • The shell needs to be set to /bin/false.
  • The account should be password locked.
  • Needs to be a member of the backups group. Some servers may not have this group created already.
  • The group ID should be 12310.

After you push these changes out, the backup team comes to you and mentions the new backup software also needs a new group created, named new_backups. The new_backup user must be a member of that group, but also keep all of its old groups. The GID for this group must be 12311. Modify and execute your playbook with this new requirement.

(Note: Ansible is installed as the root user, so please work on all tasks after elevating to the root user.)

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization