建立不同帳號

  1. 修改 users_vault.yml 腳本為 user4host.yml,dev, test 產生的群組及帳號不同於 prod:
    [deyu1@kvm19 ansible]$ vim user4hosts.yml 
    [deyu1@kvm19 ansible]$ cat user4hosts.yml 
    ---
    - name: Create users with Valut
      hosts: dev test prod
      vars_files: pwlist.yml 
      tasks:
      - block:
        - name: Ensure group "devgrp" exists
          ansible.builtin.group:
            name: devgrp
            state: present
        - name: Add users
          ansible.builtin.user:
            name: "{{ item }}"
            groups: devgrp
            password: "{{ devpw | password_hash('sha512') }}"
          loop:
            - peter
            - linda
        when: '"dev" in group_names or "test" in group_names'
     
      - block:
        - name: Ensure group "prodgrp" exists
          ansible.builtin.group:
            name: prodgrp
            state: present
        - name: Add user 'rita'
          ansible.builtin.user:
            name: rita
            groups: prodgrp
            password: "{{ prodpw | password_hash('sha512') }}"
        when: '"prod" in group_names'
    
  2. ansible-playbook 執行腳本 user4host.yml,加選項 --ask-vault-pass 輸入密碼解密 pwlist.yml。
    [deyu1@kvm19 ansible]$ ansible-playbook user4hosts.yml --ask-vault-pass
    Vault password: 
    
    PLAY [Create users with Valut] *************************************************
    
    TASK [Gathering Facts] *********************************************************
    ok: [kvm11]
    ok: [kvm12]
    ok: [kvm13]
    ok: [kvm14]
    
    TASK [Ensure group "devgrp" exists] ********************************************
    skipping: [kvm13]
    skipping: [kvm14]
    changed: [kvm11]
    changed: [kvm12]
    
    TASK [Add user 'peter'] ********************************************************
    skipping: [kvm13]
    skipping: [kvm14]
    changed: [kvm11]
    changed: [kvm12]
    
    TASK [Ensure group "prodgrp" exists] *******************************************
    skipping: [kvm11]
    skipping: [kvm12]
    changed: [kvm13]
    changed: [kvm14]
    
    TASK [Add user 'rita'] *********************************************************
    skipping: [kvm11]
    skipping: [kvm12]
    changed: [kvm13]
    changed: [kvm14]
    
    PLAY RECAP *********************************************************************
    kvm11: ok=3  changed=2  unreachable=0  failed=0  skipped=2  rescued=0  ignored=0
    kvm12: ok=3  changed=2  unreachable=0  failed=0  skipped=2  rescued=0  ignored=0
    kvm13: ok=3  changed=2  unreachable=0  failed=0  skipped=2  rescued=0  ignored=0
    kvm14: ok=3  changed=2  unreachable=0  failed=0  skipped=2  rescued=0  ignored=0
    
  3. ansible-playbook 執行腳本 user4host.yml,加選項 --vault-password-file 指定金鑰檔解密 pwlist.yml。
    [deyu1@kvm19 ansible]$ ansible-playbook user4hosts.yml --vault-password-file=password.txt
    
    PLAY [Create users with Valut] *************************************************
    
    TASK [Gathering Facts] *********************************************************
    ok: [kvm14]
    ok: [kvm13]
    ok: [kvm11]
    ok: [kvm12]
    
    TASK [Ensure group "devgrp" exists] ********************************************
    skipping: [kvm13]
    skipping: [kvm14]
    ok: [kvm12]
    ok: [kvm11]
    
    TASK [Add user 'peter'] ********************************************************
    skipping: [kvm13]
    skipping: [kvm14]
    changed: [kvm11]
    changed: [kvm12]
    
    TASK [Ensure group "prodgrp" exists] *******************************************
    skipping: [kvm11]
    skipping: [kvm12]
    ok: [kvm13]
    ok: [kvm14]
    
    TASK [Add user 'rita'] *********************************************************
    skipping: [kvm11]
    skipping: [kvm12]
    changed: [kvm13]
    changed: [kvm14]
    
    PLAY RECAP *********************************************************************
    kvm11: ok=3  changed=1  unreachable=0  failed=0  skipped=2  rescued=0  ignored=0
    kvm12: ok=3  changed=1  unreachable=0  failed=0  skipped=2  rescued=0  ignored=0
    kvm13: ok=3  changed=1  unreachable=0  failed=0  skipped=2  rescued=0  ignored=0
    kvm14: ok=3  changed=1  unreachable=0  failed=0  skipped=2  rescued=0  ignored=0