Ansible – Manage Users

Ansible uses ansible.builtin.user module to manage users. This module is part of the ansible-core included in all Ansible installations. To make it easier, we dont need to specify the collection: keyword when using the module – we you can use the short module name user.

Ansible uses ansible.builtin.user module to manage users.

We can use the below ansible script in yaml format to extract and format the output for all local and AD users in Linux.

Ansible Script

---
- name: Run audit script
  hosts: all
  become: yes
  become_method: sudo
  remote_user: <username>
  gather_facts: true
  tasks:
    - name: Filter out users with nologin
      shell: |
        grep -vE "nologin$" /etc/passwd
      register: filtered_output
      changed_when: false

    - name: Extract usernames
      shell: |
        echo "{{ filtered_output.stdout }}" | awk -F ':' '{print $1}'
      register: usernames
      changed_when: false
    - name: Exclude default users
      set_fact:
        filtered_usernames: "{{ usernames.stdout_lines | difference(['root', 'sync', 'shutdown', 'halt']) }}"

    - name: Display Granted Users
      debug:
        var: usernames.stdout_lines

    - name: Extract AD usernames from sssd.conf
      shell: |
        grep 'simple_allow_users = ' /etc/sssd/sssd.conf | awk -F '=' '{print $2}' | tr -d ' '

      register: ad_usernames
      changed_when: false

    - name: Display AD Usernames
      debug:
        var: ad_usernames.stdout_lines

    - name: Save output to remote file
      copy:
        content: |
          {% for username in filtered_usernames %}
          {{ username }}
          {% endfor %}
          {% for ad_username in ad_usernames.stdout_lines %}
          {{ ad_username }}
          {% endfor %}
        dest: "/var/tmp/output_{{ ansible_hostname }}.txt"
      register: file_copy_result

    - name: Fetch remote file to local
      fetch:
        src: "/var/tmp/output_{{ ansible_hostname }}.txt"
        dest: "/var/tmp/output_{{ ansible_hostname }}.txt"
        flat: yes
      register: file_fetch_result
    - name: Display saved file path and name
      debug:
        msg: "Saved file: {{ file_fetch_result.dest }}"

Expected output

This is a sample output from the script

ansible-playbook user_list.yaml -i host --ask-pass --ask-become-pass
SSH password: 
BECOME password[defaults to SSH password]: 

PLAY [Run audit script] ********************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************************************************************************************************************************
ok: [host1.technnix.com]
ok: [host2.technnix.com

TASK [Filter out users with nologin] *******************************************************************************************************************************************************************************************************************************************
ok: [host1.technnix.com]
ok: [host2.technnix.com]

TASK [Extract usernames] *******************************************************************************************************************************************************************************************************************************************************
ok: [host1.technnix.com]
ok: [host2.technnix.com]

TASK [Exclude default users] ***************************************************************************************************************************************************************************************************************************************************
ok: [host1.technnix.com]
ok: [host2.technnix.com]

TASK [Display Granted Users] ***************************************************************************************************************************************************************************************************************************************************
ok: [host1.technnix.com] => {
    "usernames.stdout_lines": [
        "root",
        "sync",
        "shutdown",
        "halt",
        "technnix_admin",
        "mmon_user",
        "audit",
        "dtuser",
        "awx"
    ]
}
ok: [host2.technnix.com] => {
    "usernames.stdout_lines": [
        "root",
        "sync",
        "shutdown",
        "halt",
        "technnix_admin",
        "audit_user",
        "splunk",
        "rke_user",
        "rke",
        "mmon_user"
    ]
}

TASK [Extract AD usernames from sssd.conf] *************************************************************************************************************************************************************************************************************************************
ok: [host1.technnix.com]
ok: [host1.technnix.com]

TASK [Display AD Usernames] ****************************************************************************************************************************************************************************************************************************************************
ok: [host1.technnix.com] => {
    "ad_usernames.stdout_lines": [
        "dnhare"
    ]
}
ok: [host2.technnix.com] => {
    "ad_usernames.stdout_lines": []
}

TASK [Save output to remote file] **********************************************************************************************************************************************************************************************************************************************
ok: [host1.technnix.com]
ok: [host2.technnix.com]

TASK [Fetch remote file to local] **********************************************************************************************************************************************************************************************************************************************
ok: [host1.technnix.com]
ok: [host2.technnix.com]

TASK [Display saved file path and name] ****************************************************************************************************************************************************************************************************************************************
ok: [host1.technnix.com] => {
    "msg": "Saved file: /var/tmp/output_ansibletw.txt"
}
ok: [host2.technnix.com] => {
    "msg": "Saved file: /var/tmp/output_ansiblecli.txt"
}

PLAY RECAP *********************************************************************************************************************************************************************************************************************************************************************
host1.technnix.com             : ok=10   changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
host2.technnix.com             : ok=10   changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Creating Ansible AWX/Ansible Automation Platform Execution environment

Post Views: 218

Ansible Playbook to collect local and LDAP users on Linux

Ansible – Manage Users

Ansible Script

Expected output

Related

Recent Articles

How to Set Proxy Settings on Linux Terminal and Command Line

Demystifying the OSI Model

Understanding Interfaces in Go

AWX on Kubernetes/OpenShift

Upgrade from RHEL 7 to RHEL 8

Related Articles

Leave A Reply Cancel reply

Editor's Picks

How to Set Proxy Settings on Linux Terminal and Command Line

Demystifying the OSI Model

Understanding Interfaces in Go

Popular Posts

Upgrade from RHEL 7 to RHEL 8

Install Foreman 3.7 on RHEL 8

How to Install MongoDB 6.0 on Rocky Linux, Red Hat Enterprise Linux, CentOS Stream, Alma Linux or Oracle Linux

Popolar Category

About Us

Follow Us

How to Forcefully stop hanging Foreman tasks