目录
ansible authorized_key模块
复制公钥,设置免密登录的作用
使用模版
- name: set authorized key
authorized_key:
user: user1
state: present
key: "{{ lookup('file','/home/user1/.ssh/id_rsa.pub') }}"
修改sudoers和禁止root用户登录
-
name: 创建用户练习
hosts: all
vars_files:-
vars/users_vars.yml
tasks: -
name: 创建用户组
group:
name: webadmin
state: present -
name: 创建用户
user:
name: "{{ item.username }}"
groups: webadmin
loop: "{{ users }}" -
name: 复制公钥
authorized_key:
user: "{{ item.username }}"
state: present
key: "{{ lookup('file','files/'+ item.username + '.key.pub') }}"
loop: "{{ users }}" -
name: 修改sudoers以允许webadmin组免密sudo
copy:
content: "%webadmin ALL=(ALL) NOPASSWD: ALL"
dest: /etc/sudoers.d/webadmin
mode: 0440 -
name: 关闭root的远程登录
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^PermitRootLogin"
line: "PermitRootLogin no"
notify: Restart sshd
handlers:
- name: Restart sshd
service:
name: sshd
state: restarted
-