Ansible create a user with sudo privileges

Question

I have taken over a Ubuntu 14 04 server  It has a user called  deployer   used with capistrano   and as such  it needs sudo privileges  With this setup  I can log into the server and do stuff like   workstation gt  ssh deployer myserver myserver gt   sudo apt-get install git myserver gt  exit workstation gt    I am trying to figure out how to use Ansible  version 2 0 2 0 and python 2 7 3  to create a user called  deployer  and be able to log into the server with that id and then so sudo-ish things like  apt-get install   My playbook looks like this   --- - hosts  example   become  yes   tasks    - name  Update apt cache     apt        update cache  yes       cache valid time  3600    - group  name sudo state present    - name  Add deployer user and add it to sudo     user  name deployer           state present           createhome yes     become  yes     become method   sudo     - name  Set up authorized keys for the deployer user     authorized key  user deployer key    item        with file        -  home jaygodse  ssh id rsa pub   After running this playbook  I am able to ssh into the machine as  deployer    e g  ssh deployer myserver  but if I run a sudo command  it always asks me for my sudo password    I understand that the  deployer  user ultimately has to find its way into the visudo users file  but I cannot figure out which magical Ansible incantations to invoke so that I can ssh into the machine as  deployer and then run a sudo command  e g  sudo apt-get install git   without being prompted for a sudo  password    I have searched high and low  and I can t seem to find an Ansible playbook fragment which puts the user  deployer  into the sudo group without requiring a password   How is this done

User · Answer

Sometimes it s knowing what to ask  I didn t know as I am a developer who has taken on some DevOps work  Apparently  passwordless  or NOPASSWD login is a thing which you need to put in the  etc sudoers file  The answer to my question is at Ansible  best practice for maintaining list of sudoers  The Ansible playbook code fragment looks like this from my problem  - name  Make sure we have a  wheel  group   group      name  wheel     state  present  - name  Allow  wheel  group to have passwordless sudo   lineinfile      dest   etc sudoers     state  present     regexp     wheel      line    wheel ALL  ALL  NOPASSWD  ALL      validate   visudo -cf  s   - name  Add sudoers users to wheel group   user      name deployer     groups wheel     append yes     state present     createhome yes  - name  Set up authorized keys for the deployer user   authorized key  user deployer key  quot   item   quot    with file      -  home railsdev  ssh id rsa pub  And the best part is that the solution is idempotent  It doesn t add the line  wheel ALL  ALL  NOPASSWD  ALL  to  etc sudoers when the playbook is run a subsequent time  And yes   I was able to ssh into the server as  quot deployer quot  and run sudo commands without having to give a password

User · Answer

To create a user with sudo privileges is to put the user into  etc sudoers  or make the user a member of a group specified in  etc sudoers  And to make it password-less is to additionally specify NOPASSWD in  etc sudoers   Example of  etc sudoers      Allow root to run any commands anywhere root    ALL  ALL        ALL     Allows people in group wheel to run all commands  wheel  ALL  ALL        ALL     Same thing without a password  wheel  ALL  ALL        NOPASSWD  ALL   And instead of fiddling with  etc sudoers file  we can create a new file in  etc sudoers d  directory since this directory is included by  etc sudoers by default  which avoids the possibility of breaking existing sudoers file  and also eliminates the dependency on the content inside of  etc sudoers   To achieve above in Ansible  refer to the following   - name  sudo without password for wheel group   copy      content    wheel ALL  ALL ALL  NOPASSWD ALL      dest   etc sudoers d wheel nopasswd     mode  0440   You may replace  wheel with other group names like  sudoers or other user names like deployer

[ansible-playbook] Ansible: create a user with sudo privileges

Examples related to ansible-playbook

Examples related to sudoers