Bulk Create Linux Users using Salt
Recently I ran into a situation where hundreds of VMs recently built via OpenShift/Ansible automation were missing an important local user account used for security audits. While our automation guys were working on tracking down and fixing the build configuration, I needed to add the account manually.
Luckily for me, we also use SaltStack for ad-hoc tasks: a sort of SSH on steroids, if you will. Automation is great when it works right. When it doesn’t, things get screwed up on a massive scale and may require manual intervention.
So, step one was to generate the hash for the default password used by the missing account:
read -s p # type your password here and hit enter h="$(perl -MPOSIX -le 'chomp($p=$ARGV); @i = ("a".."z", "A".."Z", 0..9, ".", "/"); $s .= $i[rand @i] for 1..16; print crypt($p, "\$$s");' -- "$p")" unset p
Now we can use Salt to create the user:
# What the account should look like in /etc/passwd svcaudit:x:33333:103:System Audit:/home/svcaudit:/bin/bash # How to add it with Salt salt --output=txt -L "$(cat server_list.txt)" user.add svcaudit uid=33333 gid=103 groups=sysadmins home=/home/svcaudit shell=/bin/bash fullname="System Audit"
And set the user’s password:
# Use Salt to propagate the hash to the servers on your list' salt --output=txt -L "$(cat server_list.txt)" shadow.set_password svcaudit "$h"