hosts
[centos-root]
192.168.174.129 ansible_ssh_port=22
192.168.174.130 ansible_ssh_port=22
192.168.174.131 ansible_ssh_port=22
Ansible Vault 文件
创建 Ansible Vault 文件
# ansible-vault create passwords.yml
New Vault password: # 12345678
Confirm New Vault password:
编辑 Ansible Vault 文件
# ansible-vault edit passwords.yml
Vault password:
passwords.yml
root_accounts:
192.168.174.129:
old_password: host1
new_password: 12345678
192.168.174.130:
old_password: host2
new_password: 12345678
192.168.174.131:
old_password: host3
new_password: 12345678
yunwei_accounts:
192.168.174.129:
init_password: yunwei_129
192.168.174.130:
init_password: yunwei_130
192.168.174.131:
init_password: yunwei_131
playbook
create_user-playbook.yaml
- hosts: centos
remote_user: root
vars_files:
- passwords.yaml
vars:
ansible_ssh_pass: "{{ root_accounts[inventory_hostname].old_password }}"
new_username: yunwei
tasks:
- name: chattr -i /etc/gshadow /etc/shadow /etc/group /etc/passwd /etc/ssh/sshd_config /etc/profile
ansible.builtin.shell:
cmd: |
chattr -i /etc/gshadow /etc/shadow /etc/group /etc/passwd /etc/ssh/sshd_config /etc/profile
- name: Create yunwei user
ansible.builtin.user:
name: "{{ new_username }}"
password: "{{ yunwei_accounts[inventory_hostname].init_password | password_hash('sha512')}}"
shell: /bin/bash
groups: wheel
- name: Print temporary password
debug:
msg: "The password for {{ new_username }} is {{ yunwei_accounts[inventory_hostname].init_password }}"
- name: chattr +i /etc/gshadow /etc/shadow /etc/group /etc/passwd /etc/ssh/sshd_config /etc/profile
ansible.builtin.shell:
cmd: |
chattr +i /etc/gshadow /etc/shadow /etc/group /etc/passwd /etc/ssh/sshd_config /etc/profile
check_user-playbook.yaml
- hosts: centos
remote_user: yunwei
vars_files:
- passwords.yaml
vars:
ansible_ssh_pass: "{{ yunwei_accounts[inventory_hostname].init_password }}"
#ansible_become_method: sudo # 指定了要使用的特权升级方法
#ansible_become_user: root # 可以指定要切换到的用户
ansible_become_pass: "{{ yunwei_accounts[inventory_hostname].init_password }}" # sudo 密码
tasks:
- name: check password using yunwei
ansible.builtin.shell:
cmd: id
register: command_result
- name: Print yunwei info
debug:
msg: " user info is {{ command_result.stdout }}"
- name: Run commands with password input
vars:
ansible_become: yes # 启用了特权升级(become)功能
ansible.builtin.shell:
cmd: sudo -u root sh -c "id"
register: command_result_1
- name: Print root info
debug:
msg: " user info is {{ command_result_1.stdout }}"
user-playbook.yaml
- import_playbook: create_user-playbook.yaml
- import_playbook: check_user-playbook.yaml
测试 playbook
# ansible-playbook -i hosts user-playbook.yaml --ask-vault-pass
Vault password:
PLAY [centos] *****************************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************************
ok: [192.168.174.130]
ok: [192.168.174.131]
ok: [192.168.174.129]
TASK [chattr -i /etc/gshadow /etc/shadow /etc/group /etc/passwd /etc/ssh/sshd_config /etc/profile] ****************************************************************************
changed: [192.168.174.129]
changed: [192.168.174.131]
changed: [192.168.174.130]
TASK [Create yunwei user] *****************************************************************************************************************************************************
changed: [192.168.174.129]
changed: [192.168.174.131]
changed: [192.168.174.130]
TASK [Print temporary password] ***********************************************************************************************************************************************
ok: [192.168.174.129] => {
"msg": "The password for yunwei is yunwei_129"
}
ok: [192.168.174.131] => {
"msg": "The password for yunwei is yunwei_131"
}
ok: [192.168.174.130] => {
"msg": "The password for yunwei is yunwei_130"
}
TASK [chattr +i /etc/gshadow /etc/shadow /etc/group /etc/passwd /etc/ssh/sshd_config /etc/profile] ****************************************************************************
changed: [192.168.174.129]
changed: [192.168.174.130]
changed: [192.168.174.131]
PLAY [centos] *****************************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************************
ok: [192.168.174.129]
ok: [192.168.174.131]
ok: [192.168.174.130]
TASK [check password using yunwei] ********************************************************************************************************************************************
changed: [192.168.174.129]
changed: [192.168.174.131]
changed: [192.168.174.130]
TASK [Print yunwei info] ******************************************************************************************************************************************************
ok: [192.168.174.129] => {
"msg": " user info is uid=1000(yunwei) gid=1000(yunwei) groups=1000(yunwei),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
}
ok: [192.168.174.130] => {
"msg": " user info is uid=1002(yunwei) gid=1002(yunwei) groups=1002(yunwei),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
}
ok: [192.168.174.131] => {
"msg": " user info is uid=1000(yunwei) gid=1000(yunwei) groups=1000(yunwei),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
}
TASK [Run commands with password input] ***************************************************************************************************************************************
[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running sudo
changed: [192.168.174.129]
changed: [192.168.174.131]
changed: [192.168.174.130]
TASK [Print root info] ********************************************************************************************************************************************************
ok: [192.168.174.129] => {
"msg": " user info is uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
}
ok: [192.168.174.130] => {
"msg": " user info is uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
}
ok: [192.168.174.131] => {
"msg": " user info is uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
}
PLAY RECAP ********************************************************************************************************************************************************************
192.168.174.129 : ok=10 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.174.130 : ok=10 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.174.131 : ok=10 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
标签:yunwei,用户,192.168,etc,ansible,user,password,添加
From: https://www.cnblogs.com/wangguishe/p/18129816