When you create a machine (or rent one from any hosting company) it arrives only with the root user. Let's start creating a playbook that ensures that an Ansible user is created, it's accessible with an SSH key, and is able to perform actions on behalf of other users (sudo) with no password asked. I often call this playbook, firstrun.yaml since I execute it as soon as a new machine is created, but after that, I don't use it since it uses the root user that I disable for security reasons. Our script will look something like the following:

--- - hosts: all user: root tasks: - name: Ensure ansible user exists user: name: ansible state: present comment: Ansible - name: Ensure ansible user accepts the SSH key authorized_key: ...