Role Detail

geerlingguy.github-users

Create users based on GitHub accounts.
Downloads
1
Type Ansible
Minimum Ansible Version 2.0
Installation $ ansible-galaxy install geerlingguy.github-users
Tags
accounts
github
pubkey
security
ssh
system
user
Last Commit 2017-11-17 22:03:10 PM UTC
Last Imported 2017-11-17 22:06:10 PM UTC
Version History
Version Release Date
1.2.0 2017-11-17 22:03:10 PM
1.1.0 2017-10-13 21:13:09 PM
1.0.0 2017-10-11 19:49:07 PM
Supported Platforms
Platform Version
Debian etch
Debian jessie
Debian lenny
Debian sid
Debian squeeze
Debian stretch
Debian wheezy
EL 5
EL 6
EL 7
Fedora 16
Fedora 17
Fedora 18
Fedora 19
Fedora 20
Fedora 21
Fedora 22
Fedora 23
Fedora 24
Fedora 25
Fedora 26
FreeBSD 10.0
FreeBSD 10.1
FreeBSD 10.2
FreeBSD 10.3
FreeBSD 11.0
FreeBSD 11.1
FreeBSD 8.0
FreeBSD 8.1
FreeBSD 8.2
FreeBSD 8.3
FreeBSD 8.4
FreeBSD 9.0
FreeBSD 9.1
FreeBSD 9.1
FreeBSD 9.2
FreeBSD 9.3
GenericBSD any
GenericLinux any
GenericUNIX any
opensuse 12.1
opensuse 12.2
opensuse 12.3
opensuse 13.1
opensuse 13.2
SLES 10SP3
SLES 10SP4
SLES 11
SLES 11SP1
SLES 11SP2
SLES 11SP3
SLES 11SP4
SLES 12
SLES 12SP1
Ubuntu artful
Ubuntu lucid
Ubuntu maverick
Ubuntu natty
Ubuntu oneiric
Ubuntu precise
Ubuntu quantal
Ubuntu raring
Ubuntu saucy
Ubuntu trusty
Ubuntu utopic
Ubuntu vivid
Ubuntu wily
Ubuntu xenial
Ubuntu yakkety
Ubuntu zesty
Last 10 Imports
Completed Status
2017-11-17 22:06:10 PM UTC SUCCESS
2017-11-17 22:05:10 PM UTC SUCCESS
2017-11-17 20:05:08 PM UTC SUCCESS
2017-11-15 20:04:08 PM UTC SUCCESS
2017-11-13 20:04:08 PM UTC SUCCESS
2017-11-11 20:03:08 PM UTC SUCCESS
2017-11-09 20:02:08 PM UTC SUCCESS
2017-11-07 20:01:08 PM UTC SUCCESS
2017-11-05 19:59:07 PM UTC SUCCESS
2017-11-03 19:59:07 PM UTC SUCCESS

Ansible Role: GitHub Users

Build Status

Create users based on GitHub accounts.

This role will take a GitHub username and create a system account with the same username, and will add all the pubkeys associated with the GitHub account to the user's authorized_keys.

It's kind of a cheap way to do public key management for users on your system... but it works!

Requirements

None.

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

github_users: []
  # You can specify an object with 'name' (required) and 'groups' (optional):
  # - name: geerlingguy
  #   groups: www-data,sudo

  # Or you can specify a GitHub username directly:
  # - geerlingguy

A list of users to add to the server; the username will be the name (or the bare list item, if it's a string instead of an object). You can add the user to one or more groups (in addition to the [username] group) by adding them as a comma-separated list in groups.

github_users_absent: []
  # You can specify an object with 'name' (required):
  # - name: geerlingguy

  # Or you can specify a GitHub username directly:
  # - geerlingguy

A list of users who should not be present on the server. The role will ensure these user accounts are removed.

github_users_authorized_keys_exclusive: yes

Whether the users' authorized_keys files should exclusively contain keys from their GitHub account. This should normally be set to yes if you are only allowing users to log in using keys available in their GitHub accounts.

github_url: https://github.com

By default, use public GitHub (i.e. https://github.com) as the source for users/keys. Override this to use a different GitHub instance/endpoint (e.g. GitHub Enterprise).

If you need to give the user the ability to self-manage their authorized_keys file, then you should set this to no, and it will only append new keys, but never remove any additional keys (e.g. old keys removed from their GitHub profile, or keys the end user added manually) from the file.

Dependencies

None.

Example Playbook

- hosts: servers

  vars:
    github_users:
      # You can specify the `name`:
      - name: geerlingguy
        groups: sudo,www-data
      - name: GrahamCampbell
      # Or if you don't need to override anything, you can specify the
      # GitHub username directly:
      - fabpot

    github_users_absent:
      - johndoe
      - name: josh

  roles:
    - geerlingguy.github-users

If you want to make sure users' public keys are in sync, it is best to run the playbook on a cron, e.g. every 5 min, 10 min, or some other interval. That way you don't have to manually add new keys for users.

License

MIT / BSD

Author Information

This role was created in 2017 by Jeff Geerling, author of Ansible for DevOps.

None