Next: 測試帳號 Up: User 模組 Previous: Vault 密碼檔 Contents DYWANG_HOME
users_vault.yml 腳本為 user4host.yml,dev, test 產生的群組及帳號不同於 prod:
[deyu1@kvm19 ansible]$ vim user4hosts.yml
[deyu1@kvm19 ansible]$ cat user4hosts.yml
---
- name: Create users with Valut
hosts: dev test prod
vars_files: pwlist.yml
tasks:
- block:
- name: Ensure group "devgrp" exists
group:
name: devgrp
state: present
- name: Add users
user:
name: "{{ item }}"
groups: devgrp
password: "{{ devpw | password_hash('sha512') }}"
loop:
- peter
- linda
when: '"dev" in group_names or "test" in group_names'
- block:
- name: Ensure group "prodgrp" exists
group:
name: prodgrp
state: present
- name: Add user 'rita'
user:
name: rita
groups: prodgrp
password: "{{ prodpw | password_hash('sha512') }}"
when: '"prod" in group_names'
--ask-vault-pass 輸入密碼解密 pwlist.yml。
[deyu1@kvm19 ansible]$ ansible-playbook user4hosts.yml --ask-vault-pass Vault password: PLAY [Create users with Valut] ************************************************* TASK [Gathering Facts] ********************************************************* ok: [kvm11] ok: [kvm12] ok: [kvm13] ok: [kvm14] TASK [Ensure group "devgrp" exists] ******************************************** skipping: [kvm13] skipping: [kvm14] changed: [kvm11] changed: [kvm12] TASK [Add user 'peter'] ******************************************************** skipping: [kvm13] skipping: [kvm14] changed: [kvm11] changed: [kvm12] TASK [Ensure group "prodgrp" exists] ******************************************* skipping: [kvm11] skipping: [kvm12] changed: [kvm13] changed: [kvm14] TASK [Add user 'rita'] ********************************************************* skipping: [kvm11] skipping: [kvm12] changed: [kvm13] changed: [kvm14] PLAY RECAP ********************************************************************* kvm11 : ok=3 changed=2 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 kvm12 : ok=3 changed=2 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 kvm13 : ok=3 changed=2 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 kvm14 : ok=3 changed=2 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
--vault-password-file 指定金鑰檔解密 pwlist.yml。
[deyu1@kvm19 ansible]$ ansible-playbook user4hosts.yml --vault-password-file=password.txt PLAY [Create users with Valut] ************************************************* TASK [Gathering Facts] ********************************************************* ok: [kvm14] ok: [kvm13] ok: [kvm11] ok: [kvm12] TASK [Ensure group "devgrp" exists] ******************************************** skipping: [kvm13] skipping: [kvm14] ok: [kvm12] ok: [kvm11] TASK [Add user 'peter'] ******************************************************** skipping: [kvm13] skipping: [kvm14] changed: [kvm11] changed: [kvm12] TASK [Ensure group "prodgrp" exists] ******************************************* skipping: [kvm11] skipping: [kvm12] ok: [kvm13] ok: [kvm14] TASK [Add user 'rita'] ********************************************************* skipping: [kvm11] skipping: [kvm12] changed: [kvm13] changed: [kvm14] PLAY RECAP ********************************************************************* kvm11 : ok=3 changed=1 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 kvm12 : ok=3 changed=1 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 kvm13 : ok=3 changed=1 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 kvm14 : ok=3 changed=1 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0