Ansible – Manage Users
Ansible uses ansible.builtin.user
module to manage users. This module is part of the ansible-core
included in all Ansible installations. To make it easier, we dont need to specify the collection:
keyword when using the module – we you can use the short module name user
.
Ansible uses
ansible.builtin.user
module to manage users.
We can use the below ansible script in yaml format to extract and format the output for all local and AD users in Linux.
Ansible Script
--- - name: Run audit script hosts: all become: yes become_method: sudo remote_user: <username> gather_facts: true tasks: - name: Filter out users with nologin shell: | grep -vE "nologin$" /etc/passwd register: filtered_output changed_when: false - name: Extract usernames shell: | echo "{{ filtered_output.stdout }}" | awk -F ':' '{print $1}' register: usernames changed_when: false - name: Exclude default users set_fact: filtered_usernames: "{{ usernames.stdout_lines | difference(['root', 'sync', 'shutdown', 'halt']) }}" - name: Display Granted Users debug: var: usernames.stdout_lines - name: Extract AD usernames from sssd.conf shell: | grep 'simple_allow_users = ' /etc/sssd/sssd.conf | awk -F '=' '{print $2}' | tr -d ' ' register: ad_usernames changed_when: false - name: Display AD Usernames debug: var: ad_usernames.stdout_lines - name: Save output to remote file copy: content: | {% for username in filtered_usernames %} {{ username }} {% endfor %} {% for ad_username in ad_usernames.stdout_lines %} {{ ad_username }} {% endfor %} dest: "/var/tmp/output_{{ ansible_hostname }}.txt" register: file_copy_result - name: Fetch remote file to local fetch: src: "/var/tmp/output_{{ ansible_hostname }}.txt" dest: "/var/tmp/output_{{ ansible_hostname }}.txt" flat: yes register: file_fetch_result - name: Display saved file path and name debug: msg: "Saved file: {{ file_fetch_result.dest }}"
Expected output
This is a sample output from the script
ansible-playbook user_list.yaml -i host --ask-pass --ask-become-pass SSH password: BECOME password[defaults to SSH password]: PLAY [Run audit script] ******************************************************************************************************************************************************************************************************************************************************** TASK [Gathering Facts] ********************************************************************************************************************************************************************************************************************************************************* ok: [host1.technnix.com] ok: [host2.technnix.com TASK [Filter out users with nologin] ******************************************************************************************************************************************************************************************************************************************* ok: [host1.technnix.com] ok: [host2.technnix.com] TASK [Extract usernames] ******************************************************************************************************************************************************************************************************************************************************* ok: [host1.technnix.com] ok: [host2.technnix.com] TASK [Exclude default users] *************************************************************************************************************************************************************************************************************************************************** ok: [host1.technnix.com] ok: [host2.technnix.com] TASK [Display Granted Users] *************************************************************************************************************************************************************************************************************************************************** ok: [host1.technnix.com] => { "usernames.stdout_lines": [ "root", "sync", "shutdown", "halt", "technnix_admin", "mmon_user", "audit", "dtuser", "awx" ] } ok: [host2.technnix.com] => { "usernames.stdout_lines": [ "root", "sync", "shutdown", "halt", "technnix_admin", "audit_user", "splunk", "rke_user", "rke", "mmon_user" ] } TASK [Extract AD usernames from sssd.conf] ************************************************************************************************************************************************************************************************************************************* ok: [host1.technnix.com] ok: [host1.technnix.com] TASK [Display AD Usernames] **************************************************************************************************************************************************************************************************************************************************** ok: [host1.technnix.com] => { "ad_usernames.stdout_lines": [ "dnhare" ] } ok: [host2.technnix.com] => { "ad_usernames.stdout_lines": [] } TASK [Save output to remote file] ********************************************************************************************************************************************************************************************************************************************** ok: [host1.technnix.com] ok: [host2.technnix.com] TASK [Fetch remote file to local] ********************************************************************************************************************************************************************************************************************************************** ok: [host1.technnix.com] ok: [host2.technnix.com] TASK [Display saved file path and name] **************************************************************************************************************************************************************************************************************************************** ok: [host1.technnix.com] => { "msg": "Saved file: /var/tmp/output_ansibletw.txt" } ok: [host2.technnix.com] => { "msg": "Saved file: /var/tmp/output_ansiblecli.txt" } PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************************* host1.technnix.com : ok=10 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 host2.technnix.com : ok=10 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Read more