Ansible is a powerful automation tool that simplifies IT infrastructure management. This project guides you through creating an Ansible playbook to automate user account creation on Linux servers, enabling you to manage user accounts efficiently across multiple systems.
In this hands-on project, you'll learn to:
- Install and configure Ansible for server management
- Set up secure SSH key-based authentication
- Create and execute Ansible playbooks for user automation
- Configure user groups, home directories, and SSH access
- Verify automated user creation and test access
- Understand the fundamentals of infrastructure automation
This project builds on your Ansible foundation and demonstrates practical user management automation that can be extended for various administrative tasks.
- Control Node: A Linux server or virtual machine (Ubuntu/Debian preferred)
- Target Node(s): At least one Linux server/VM to manage user accounts on
- SSH Access: Ability to connect to target nodes via SSH
- User Privileges: Sudo access on the control node
- Network Connectivity: Both nodes must be able to communicate
- Ansible Installed: Ansible installed on the control node
- Basic Linux command line skills
- Understanding of SSH connections and user management
- Text editor familiarity (nano, vim, etc.)
- Previous completion of Ansible setup project (Mini Project 6)
- Screenshots of each major step and command outputs
- Ansible playbook files (inventory and user creation playbook)
- Command outputs showing successful user creation
- Verification evidence of created users and SSH access
- Troubleshooting evidence (if issues occurred)
Objective: Ensure your system is ready for Ansible automation.
- Check Linux Distribution:
cat /etc/os-releaseExpected Output: Should show Ubuntu, Debian, or similar Linux distribution.
- Verify Sudo Access:
sudo whoamiExpected Output: Should return root (confirming sudo privileges).
- Check Network Connectivity:
ping -c 3 google.comExpected Output: Successful ping responses.
- Verify Ansible Installation:
ansible --versionExpected Output: Ansible version information (if not installed, refer to Mini Project 6).
Objective: Create SSH keys for passwordless authentication to target servers.
ssh-keygen -t rsaWhat to expect:
- System will prompt:
Enter file in which to save the key (/home/username/.ssh/id_rsa): - Press Enter to accept the default location
- System will prompt:
Enter passphrase (empty for no passphrase): - Press Enter twice (for no passphrase - easier for automation)
Expected Output:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa
Your public key has been saved in /home/username/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:ABC123...xyz789 username@hostname
Objective: Enable passwordless SSH access to target machines.
ssh-copy-id username@target-server-ipCommand explanation:
ssh-copy-id: Securely copies your public key to the target serverusername: Your username on the target servertarget-server-ip: IP address or hostname of target server
What happens:
- You'll be prompted for the target server's password
- The public key gets added to
~/.ssh/authorized_keyson target - Future connections won't require passwords
Expected Output:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/username/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
username@target-server-ip's password:
Number of key(s) added: 1
Objective: Verify passwordless SSH works.
ssh username@target-server-ipWhat to expect:
- Should connect without prompting for password
- You'll see a welcome message or shell prompt
- Type
exitto return to control node
Expected Output: Direct login to target server without password prompt.
Objective: Organize your Ansible configuration files.
mkdir ~/ansible-user-management
cd ~/ansible-user-managementWhat this does:
- Creates a dedicated directory for your user management project
- Changes to that directory for easier file management
Objective: Define which servers Ansible should manage.
nano inventory.iniAdd the following content:
[linux_servers]
target1 ansible_host=TARGET_SERVER_IP ansible_user=YOUR_USERNAME
[webservers]
target1
[databases]
target1File explanation:
[linux_servers]: Group name for all managed serversansible_host: IP address of the target serveransible_user: Username for SSH connections (should match your SSH user)- Additional groups (
[webservers],[databases]) for organization
Save the file: Press Ctrl+O, Enter, then Ctrl+X
Objective: Create an Ansible playbook to automate user account creation.
nano create_users.ymlAdd the following playbook content:
- name: Automate user creation on Linux servers
hosts: linux_servers
become: yes
tasks:
- name: Create new users with home directories
user:
name: "{{ item.username }}"
state: present
shell: /bin/bash
create_home: yes
groups: "{{ item.groups | default('users') }}"
with_items:
- { username: "user1", groups: "sudo" }
- { username: "user2", groups: "docker" }
- name: Set up SSH authorized keys for users
authorized_key:
user: "{{ item.username }}"
state: present
key: "{{ lookup('file', item.ssh_key) }}"
with_items:
- { username: "user1", ssh_key: "/home/ansible/.ssh/user1.pub" }
- { username: "user2", ssh_key: "/home/ansible/.ssh/user2.pub" }Playbook explanation:
become: yes: Run tasks with sudo privilegesusermodule: Creates users with specified parametersauthorized_keymodule: Sets up SSH keys for userswith_items: Loop through list of users to create- Important: Replace SSH key paths with actual paths to your public keys
Save the file: Press Ctrl+O, Enter, then Ctrl+X
Objective: Create SSH keys for the users that will be created.
Before running the playbook, you need to:
- Generate SSH keys for each user (on the control node):
# Generate key for user1
ssh-keygen -t rsa -f ~/.ssh/user1 -N ""
# Generate key for user2
ssh-keygen -t rsa -f ~/.ssh/user2 -N ""- Set proper permissions:
chmod 600 ~/.ssh/user1
chmod 600 ~/.ssh/user2
chmod 644 ~/.ssh/user1.pub
chmod 644 ~/.ssh/user2.pub- Update playbook paths if needed to match your key locations.
Objective: Execute the playbook to create users on target servers.
ansible-playbook -i inventory.ini create_users.ymlCommand breakdown:
-i inventory.ini: Specify inventory file locationcreate_users.yml: Your playbook file
Expected Output:
PLAY [Automate user creation on Linux servers] ****************
TASK [Gathering Facts] ****************
ok: [target1]
TASK [Create new users with home directories] ****************
changed: [target1] => (item={u'username': u'user1', u'groups': u'sudo'})
changed: [target1] => (item={u'username': u'user2', u'groups': u'docker'})
TASK [Set up SSH authorized keys for users] ****************
changed: [target1] => (item={u'username': u'user1', u'ssh_key': u'/home/ansible/.ssh/user1.pub'})
changed: [target1] => (item={u'username': u'user2', u'ssh_key': u'/home/ansible/.ssh/user2.pub'})
PLAY RECAP ****************
target1: ok=3 changed=2 unreachable=0 failed=0
What this means:
ok=3: All tasks completed successfullychanged=2: Users were created/modifiedunreachable=0/failed=0: No connection or execution failures
Objective: Confirm that users were created successfully on the target server.
SSH into the target server and verify:
# Check user accounts
cat /etc/passwd | grep -E "user1|user2"
# Verify home directories exist
ls -la /home/user1
ls -la /home/user2
# Check user groups
id user1
id user2
# Verify SSH keys are installed
cat /home/user1/.ssh/authorized_keys
cat /home/user2/.ssh/authorized_keysExpected Output:
/etc/passwd entries showing user1 and user2
Home directories with proper permissions
Group memberships (sudo for user1, docker for user2)
SSH public keys in authorized_keys files
Objective: Verify that the created users can log in successfully.
Test SSH access for each user:
# Test user1 access (from control node)
ssh user1@target-server-ip
# Test user2 access (from control node)
ssh user2@target-server-ip
# Verify sudo access for user1 (if applicable)
sudo whoamiWhat to expect:
- Should connect without password prompts
- Users should have access to their home directories
- user1 should have sudo privileges (if in sudo group)
| Problem | Symptoms | Solution |
|---|---|---|
| Permission Denied | Permission denied (publickey) |
Check SSH key permissions (chmod 600 ~/.ssh/*), verify keys in authorized_keys |
| User Creation Failed | FAILED in playbook output |
Check sudo privileges on target, verify playbook syntax, ensure SSH connectivity |
| SSH Key Not Found | file not found error |
Verify SSH key paths in playbook, ensure keys exist and are readable |
| Connection Refused | unreachable in playbook |
Check SSH service on target (sudo systemctl status ssh), verify IP/username |
| Group Doesn't Exist | group 'docker' does not exist |
Create groups first or use existing groups (sudo, users, etc.) |
| Home Directory Issues | Users can't access home dirs | Check filesystem permissions, ensure /home has correct permissions |
# Test basic SSH connection with verbose output
ssh -v username@target-server-ip
# Check SSH service status on target
ssh username@target-server-ip "sudo systemctl status ssh"
# Verify user exists on target
ssh username@target-server-ip "id user1"
# Test Ansible connectivity with verbose output
ansible -i inventory.ini linux_servers -m ping -vvv
# Check playbook syntax
ansible-playbook -i inventory.ini create_users.yml --syntax-check
# Run playbook in check mode (dry run)
ansible-playbook -i inventory.ini create_users.yml --checkFAILED! => {"changed": false, "msg": "User ... already exists"}
- Cause: User account already exists on the target system
- Solution: Use
state: absentfirst to remove existing users, or use different usernames
file not found
- Cause: SSH key file path in playbook doesn't exist
- Solution: Verify key file paths, generate keys if missing
Permission denied
- Cause: SSH keys not properly configured or insufficient permissions
- Solution: Check key permissions, verify authorized_keys file
-
Prerequisites Verification
evidence-01-prereq-verification.png- OS, sudo, and Ansible checksevidence-02-network-connectivity.png- Network connectivity test
-
SSH Configuration
evidence-03-ssh-keygen.png- SSH key generation outputevidence-04-ssh-copy-id.png- Public key distributionevidence-05-ssh-connection.png- Passwordless connection test
-
Ansible Configuration
evidence-06-inventory-file.png- Inventory file contentsevidence-07-playbook-file.png- User creation playbookevidence-08-directory-structure.png- Project directory structure
-
Execution and Results
evidence-09-playbook-execution.png- Ansible playbook executionevidence-10-user-verification.png- User account verificationevidence-11-home-directories.png- Home directory verificationevidence-12-ssh-access-test.png- SSH access testingevidence-13-group-membership.png- User group verification
All screenshots should be saved in the img/ directory with descriptive names:
evidence-XX-description.png- Include terminal prompts and outputs
- Ensure text is readable and commands are visible
- Capture both successful and failed attempts (for troubleshooting evidence)
- Play: Defines the automation scenario (hosts, tasks, variables)
- Tasks: Individual actions to perform (modules with parameters)
- Modules: Pre-built functions for specific operations
- Variables: Dynamic values using
{{ }}syntax - Loops: Using
with_itemsto process multiple items
- User Accounts: System user creation with home directories
- Groups: User group membership for permissions
- SSH Keys: Public key authentication for secure access
- Privileges: Sudo access and permission management
- Idempotency: Playbooks can run multiple times safely
- Error Handling: Proper error checking and validation
- Documentation: Clear naming and comments in playbooks
- Organization: Structured file and directory layout
- name: Advanced user creation with password policies
hosts: linux_servers
become: yes
tasks:
- name: Create users with password expiration
user:
name: "{{ item.username }}"
state: present
shell: /bin/bash
create_home: yes
groups: "{{ item.groups }}"
password_expire_max: 90
password_expire_warning: 7
with_items:
- { username: "user1", groups: "sudo" }
- { username: "user2", groups: "docker" }- name: Remove users from system
hosts: linux_servers
become: yes
tasks:
- name: Delete users and home directories
user:
name: "{{ item }}"
state: absent
remove: yes
with_items:
- "user1"
- "user2"- name: Create users from CSV file
hosts: linux_servers
become: yes
vars:
users_file: "users.csv"
tasks:
- name: Read users from CSV
read_csv:
path: "{{ users_file }}"
register: users_data
- name: Create users from CSV data
user:
name: "{{ item.username }}"
groups: "{{ item.groups }}"
loop: "{{ users_data.list }}"- Prerequisites verified (OS, sudo, network, Ansible)
- SSH keys generated and distributed to target servers
- Inventory file created with correct target server details
- User creation playbook written with proper YAML syntax
- SSH keys prepared for new users
- Playbook executed successfully
- User creation verified on target server
- SSH access tested for created users
- All screenshots captured for evidence
- Troubleshooting documented (if applicable)
With user management automation mastered, you can now:
- Advanced User Management: Create playbooks for user deletion, password management, and bulk operations
- Service Configuration: Automate service installation and configuration
- File Management: Distribute configuration files and manage permissions
- System Monitoring: Set up automated system health checks
- Backup Automation: Create backup strategies for user data and configurations
By completing this project, you have:
✅ Created an Ansible playbook for automated user account management ✅ Configured SSH key authentication for secure access ✅ Successfully executed user creation across Linux servers ✅ Verified automated processes with proper testing ✅ Gained practical experience with Ansible automation ✅ Documented the entire process for submission and review
Congratulations on mastering Ansible user management automation! 🎉
This project demonstrates your ability to automate critical system administration tasks, making you ready for more complex infrastructure automation scenarios.
For questions or issues, refer to the troubleshooting section or consult the official Ansible documentation at docs.ansible.com.
- Ansible User Module Documentation: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html
- Ansible Authorized Key Module: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/authorized_key_module.html
- SSH Key Management Guide: https://www.ssh.com/academy/ssh-keys
- Linux User Management: https://linuxize.com/post/how-to-create-users-in-linux-using-the-useradd-command/