When you create a machine (or rent one from any hosting company) it arrives only with the
root user. Let's start creating a playbook that ensures that an Ansible user is created, it's accessible with an SSH key, and is able to perform actions on behalf of other users (
sudo) with no password asked. I often call this playbook,
firstrun.yaml since I execute it as soon as a new machine is created, but after that, I don't use it since it uses the root user that I disable for security reasons. Our script will look something like the following:
--- - hosts: all user: root tasks: - name: Ensure ansible user exists user: name: ansible state: present comment: Ansible - name: Ensure ansible user accepts the SSH key authorized_key: ...