建立不同帳號

  1. 修改 users_vault.yml 腳本為 user4host.yml,dev, test 產生的群組及帳號不同於 prod:
    [deyu1@kvm19 ansible]$ vim user4hosts.yml 
    [deyu1@kvm19 ansible]$ cat user4hosts.yml 
    ---
    - name: Create users with Valut
      hosts: dev test prod
      vars_files: pwlist.yml 
      tasks:
      - block:
        - name: Ensure group "devgrp" exists
          group:
            name: devgrp
            state: present
        - name: Add users
          user:
            name: "{{ item }}"
            groups: devgrp
            password: "{{ devpw | password_hash('sha512') }}"
          loop:
            - peter
            - linda
        when: '"dev" in group_names or "test" in group_names'
     
      - block:
        - name: Ensure group "prodgrp" exists
          group:
            name: prodgrp
            state: present
        - name: Add user 'rita'
          user:
            name: rita
            groups: prodgrp
            password: "{{ prodpw | password_hash('sha512') }}"
        when: '"prod" in group_names'
    
  2. ansible-playbook 執行腳本 user4host.yml,加選項 --ask-vault-pass 輸入密碼解密 pwlist.yml。
    [deyu1@kvm19 ansible]$ ansible-playbook user4hosts.yml --ask-vault-pass
    Vault password: 
    
    PLAY [Create users with Valut] *************************************************
    
    TASK [Gathering Facts] *********************************************************
    ok: [kvm11]
    ok: [kvm12]
    ok: [kvm13]
    ok: [kvm14]
    
    TASK [Ensure group "devgrp" exists] ********************************************
    skipping: [kvm13]
    skipping: [kvm14]
    changed: [kvm11]
    changed: [kvm12]
    
    TASK [Add user 'peter'] ********************************************************
    skipping: [kvm13]
    skipping: [kvm14]
    changed: [kvm11]
    changed: [kvm12]
    
    TASK [Ensure group "prodgrp" exists] *******************************************
    skipping: [kvm11]
    skipping: [kvm12]
    changed: [kvm13]
    changed: [kvm14]
    
    TASK [Add user 'rita'] *********************************************************
    skipping: [kvm11]
    skipping: [kvm12]
    changed: [kvm13]
    changed: [kvm14]
    
    PLAY RECAP *********************************************************************
    kvm11 : ok=3 changed=2 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
    kvm12 : ok=3 changed=2 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
    kvm13 : ok=3 changed=2 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
    kvm14 : ok=3 changed=2 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
    
  3. ansible-playbook 執行腳本 user4host.yml,加選項 --vault-password-file 指定金鑰檔解密 pwlist.yml。
    [deyu1@kvm19 ansible]$ ansible-playbook user4hosts.yml --vault-password-file=password.txt
    
    PLAY [Create users with Valut] *************************************************
    
    TASK [Gathering Facts] *********************************************************
    ok: [kvm14]
    ok: [kvm13]
    ok: [kvm11]
    ok: [kvm12]
    
    TASK [Ensure group "devgrp" exists] ********************************************
    skipping: [kvm13]
    skipping: [kvm14]
    ok: [kvm12]
    ok: [kvm11]
    
    TASK [Add user 'peter'] ********************************************************
    skipping: [kvm13]
    skipping: [kvm14]
    changed: [kvm11]
    changed: [kvm12]
    
    TASK [Ensure group "prodgrp" exists] *******************************************
    skipping: [kvm11]
    skipping: [kvm12]
    ok: [kvm13]
    ok: [kvm14]
    
    TASK [Add user 'rita'] *********************************************************
    skipping: [kvm11]
    skipping: [kvm12]
    changed: [kvm13]
    changed: [kvm14]
    
    PLAY RECAP *********************************************************************
    kvm11 : ok=3 changed=1 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
    kvm12 : ok=3 changed=1 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
    kvm13 : ok=3 changed=1 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
    kvm14 : ok=3 changed=1 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0