create_rke_user.yml

---
- name: Create ubuntu user with passwordless sudo, 1st
  # following https://computingforgeeks.com/install-kubernetes-production-cluster-using-rancher-ubuntu/
  hosts: ubuntu-ubuntu
  remote_user: ubuntu
  tasks:
    - name: Add ubuntu admin user
      user:
        name: ubuntu
        shell: /bin/bash
     
    - name: Create sudo file
      file:
        path: /etc/sudoers.d/ubuntu
        state: touch

    - name: Generate SSH keys at the localhost (Ansible server) for current user (boburciu), so that /home/boburciu/.ssh/id_rsa.pub is created for later share with target machine
      user: 
        name: boburciu
        generate_ssh_key: yes
        ssh_key_type: rsa
        ssh_key_bits: 4096
        ssh_key_file: .ssh/id_rsa
        force: no      
      delegate_to: 127.0.0.1

    - name: Set authorized key taken from file, copying your ssh public key /home/boburciu/.ssh/id_rsa.pub to the ubuntu user’s ~/.ssh/authorized_keys file
      authorized_key:
        user: ubuntu
        state: present
        key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
    
    - name: Give ubuntu user passwordless sudo
      lineinfile:
        path: /etc/sudoers.d/ubuntu
        state: present
        line: 'ubuntu ALL=(ALL:ALL) NOPASSWD: ALL'

    - name: Disable Password Authentication only for user ubuntu to force SSH keys usage, then restart sshd
      blockinfile:
        path: /etc/ssh/sshd_config
        block: |           
          Match  User  ubuntu
                  PasswordAuthentication  no
        state: present
      notify:
        - restart ssh      

  handlers:
    - name: restart ssh
      service:
        name: sshd
        state: restarted