Ansible User Module-Ansible Add User To Group

Ansible User Module-Ansible Add User To Group:

Ansible user module is used to create a user’s accounts in any Linux machine. With Ansible user module we can create users, we can delete users, we can add passwords to those users and with ansible user module we can add users to groups. In the following example, I will show how to create the user with ansible user module And I will show you how to add the user to the group with ansible user module.

Ansible Add User To Group:

Playbook:

[root@localhost ~]# cat user.yml 
---
- hosts: localhost
  gather_facts: no
  tasks:

  - name: Create devops group
    group:
      name: devops

  - name: create devops user and assign primary group
    user:
      name: devops
      group: devops

The correct way to create user with  primary group in ansible is create the group before creating user. After creating the group, In next step you can create new user and  assign primary group. In the above playbook i have created devops group in the first task and In the second task i created devops user and assigned primary group as devops.

Note: If you mention only second task in the playbook ansible will through you error. Since ansible user module with group argument can not create new groups. So to add any users to any group in ansible first you should have group. So first create groups then add groups to users.

Log Output:

[root@localhost ~]# ansible-playbook user.yml 

PLAY [localhost] ***************************************************************

TASK [Ensure devops group exists] **********************************************
changed: [localhost]

TASK [create devops user and assign primary group] *****************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=2    changed=2    unreachable=0    failed=0   

[root@localhost ~]# groups devops 
devops : devops
[root@localhost ~]# ls /home/
devops 

You can see the 'groups <username>' Linux command will show the groups of the user. The first group is the primary group of user. In the above you can see the only devops after DevOps:  So devops user has only one primary group. No other groups are added to devops.

Change Primary Group of User: or Change The Group of User

To change the primary group of any user, use the below task. It will change devops user primary group from devops to Hadoop.

[root@localhost ~]# cat change_group.yml 
---
- hosts: localhost
  gather_facts: no
  tasks:

  - name: Change the group of user
    user:
      name: devops
      group: hadoop

Log Output:

[root@localhost ~]# ansible-playbook change_group.yml 

PLAY [localhost] ***********************************************************************************************

TASK [Change the group of user] ********************************************************************************
changed: [localhost]

PLAY RECAP *****************************************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0   

But before running this task you should have Hadoop group in the target machine. We already discussed in the above section that ansible user module with group argument cannot create a new group. Just it will attach this Hadoop group to devops user as a primary group. So this task is used for change the primary group of user.

Verify The Group Of User:

[root@localhost ~]# groups devops 
devops : hadoop

Here you can see the group of devops user is Hadoop. So we have changed the group of devops user from DevOps group to Hadoop group.

Create User and Primary Group with Groups argument:

[root@localhost ~]# cat jenkins.yml 
---
- hosts: localhost
  gather_facts: no
  tasks:

  - name: create jenkins user and primary group
    user:
      name: jenkins
      groups: 

This will create user Jenkins and it will create primary group, Jenkins. You can see here we are using argument groups not the group. And we have not mentioned anything in the group's argument.

[root@localhost ~]# ansible-playbook jenkins.yml 

PLAY [localhost] ***************************************************************

TASK [create jenkins user and primary group] **********************************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0   

[root@localhost ~]# groups jenkins
jenkins : jenkins

Groups:

Groups argument will create a primary group and groups argument will overwrite previous groups with new groups. And groups argument can create the only primary group. It can not create any other groups. in the above example, we have not mentioned anything in the groups argument. That is why we have only Jenkins group for Jenkins user. If you add any groups in the groups argument the user will be added to those groups and whatever the groups he had previously will be overwritten with this new groups. So every time groups argument will overwrite the groups of the user with new groups and there is one exception is that it will not remove the primary group.

 

  • ansible user module
  • add user to group  ansible
  • ansible add user to multiple groups
  • ansible add user to another group

Leave a Reply

Your email address will not be published. Required fields are marked *