Updated April 4, 2023
Introduction to Ansible Add User to Group
The following article provides an outline for Ansible Add User to Group. In Ansible, you have multiple default modules which comes with its package and you can also create customized modules using a supported scripting language like Python. The use of these module depends upon the requirements and available parameters as well as options. Some of the modules are basic and needed for day to day tasks such as user module, which is used to create, remove, update a user on remotes hosts. This is for Linux based OS on remotes hosts. For Microsoft Windows based remote hosts, there is another similar module named win_user. Here we will see user module and its alternatives to add user to group on remote hosts.
Ansible Add User to Group
In a operating system, user and groups are created to organize the privileges hierarchy. Also, to manage the user as per their roles, groups are created and assigned to those users. This is a general practice which takes place across all those operating systems which supports multiuser environment and login support. Using a configuration management automation tool like Ansible, makes such operational tasks, easy and smooth to execute when you have tens of target hosts.
Few parameters, while adding user to group.
Given below are the few parameters:
1. append: This parameter is useful when you want to append a user to a group or a list of groups.
This accepts two values:
- yes: To append all the listed groups in groups field, to the user’s mapped group list or you can say, add the user to the groups specified in groups.
- no: To overwrite the assigned group list of the user with only groups mentioned under groups field, meaning removing the user from all groups except mentioned in groups. This is the default option if nothing is mentioned.
2. group: To set the user’s primary group. Acceptable option is a valid group name.
3. groups: To give the list of secondary groups, to which the user will be added to. When an empty string (‘ ’) is given, user will be removed from all the groups except its primary group.
How to Add User to Group?
To add a user to a group, we can have two scenarios related to user’s existence:
- User is new and need to be added to existing groups.
- User is existing and need to be added to existing groups.
In both the cases, we can use command module or user module in Ansible, to add user to group. For command module, we can directly pass Linux command as plain text to run on remote hosts. For using user module, we can use either ansible to do this by passing all parameters and options on command line or ansible-playbook by mentioning all parameters and options in a playbook and execute it.
How to Remove User from Group?
- To remove a user from a group or list of groups we can either use command module and pass Linux command in plain text or use user module via ansible or in a playbook and execute by ansible-playbook.
- One point to note that while using user module, there is no direct way to remote a user from a group or list of groups.
- We should use append field and provide the list of groups to groups section in playbook.
Examples of Ansible Add User to Group
Given below are the examples mentioned:
Here we have an Ansible control server named ansible-controller and two remotes hosts named host-one and host-two. We will create playbooks and run ansible commands on ansible-controller node and manage the users on remote hosts.
Example #1
Add a new user to a list of secondary groups while creating it.
This can be done by below different ways:
a. Use command module and pass Linux command to add as user and assign a list of groups as secondary group to it.
Code:
ansible all -m command -a "useradd testuser -G testgroup1,testgroup2,testgroup3"
Output:
You can check the user is created in remoted hosts and assigned groups like below:
Code:
id testuser
Output:
Code:
id testuser
Output:
b. Use ansible and pass all the parameters on command line like below:
Code:
ansible all -m user -a "name=testuser groups=testgroup1,testgroup2,testgroup3 append=yes"
Output:
Upon checking on target systems, you will find that user is created and assigned to the listed groups as secondary groups.
Code:
id testuser
Output:
Code:
id testuser
Output:
c. Use ansible-playbook and write all your requirements in a YAML file called Playbook which have all the values in key-pair form.
The playbook content will be like below:
Code:
hosts:
all
tasks:
user:
name: testuser
groups:
testgroup1,testgroup2,testgroup3
append: yes
When executes it like below:
Code:
ansible-playbook useradd_assign_secondary_group.yaml
Output:
On remote hosts, you can check like below:
Code:
id testuser
Output:
Code:
id testuser
Output:
Example #2
For adding an existing user to a group. You can use either command module or user like above. But better we practice writing playbooks, as this is more organized. Also, the output is easily readable.
We can write a playbook like below:
Code:
hosts:
all
tasks:
user:
name: testuser
groups:
testgroup4
append: yes
Then execute it like below:
Code:
ansible-playbook adding_user_to_group.yaml
Output:
Also, on checking remote hosts, we can see that a new group have been added to the list of secondary groups.
Code:
id testuser
Output:
Code:
id testuser
Output:
Example #3
For removing a user from group, we have use append with value.
To do this, we can create playbook like below:
Code:
hosts:
all
tasks:
user:
name: testuser
groups:
testgroup4
append: no
Then executes it like below:
Code:
ansible-playbook removing_user_from_groups.yaml
Output:
On remote hosts, if you check you will find that, the user testuser have only testuser4 as secondary group and it has been removed from rest of all secondary groups,
Code:
id testuser
Output:
Code:
id testuser
Output:
Conclusion
Adding and removing users from a group or a list of groups is a repetitive task. Which is important but confusing sometimes when doing it manually on command line. So, better practice is to maintain a playbook for such tasks and pass the actual values on real time during execution.
Recommended Article
This is a guide to Ansible Add User to Group. Here we discuss the introduction to Ansible Add User to Group with how to add user to group? how to remove user from group? and examples. You may also have a look at the following articles to learn more –