Ansible User 模块添加单用户并ssh-key复制

Posted 2020-11-27 zhenxing06

Ansible User 模块添加单用户并ssh-key复制

1 Ansible 版本:

ansible 2.9.6
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u‘/root/.ansible/plugins/modules‘, u‘/usr/share/ansible/plugins/modules‘]
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

 

2 Ansible 主机列表:

[web]
h1 ansible_ssh_host=10.10.xxx.xxx ansible_ssh_port=22 ansible_ssh_user=root ansible_python_interpreter=/usr/bin/python
t1 ansible_ssh_host=10.10.xx.xxx ansible_ssh_port=22 ansible_ssh_user=root ansible_python_interpreter=/usr/bin/python

#[web-group:children]
#web-1
#web-2

 

3 Ansible-player roles:

cat /etc/ansible/ansible_work/user-auth.yaml 
###############

- hosts: all
  remote_user: root
  gather_facts: False
  vars:
    username: fmw
    usergid: ‘502‘
    useruid: ‘502‘
  tasks:
    - name: System Add group {{ username }}
      group:
        gid: ‘{{ usergid }}‘
        name: ‘{{ username }}‘
        state: present
        system: yes

    - name: System Add user {{ username }}
      user:
        name: ‘{{ username }}‘
        password: "$6$vfci7x2o$mteutRBiEVwj7vM.CsadfsdSDFSDFR7VZte84u5Hv7fnnrypjzpjxZQE4IrhmJLl7EH9/LZ77X2M7BZjRTBsdfsdfPKfDsD1"
        shell: /bin/bash
        group: ‘{{ usergid }}‘
        uid: ‘{{ useruid }}‘
        create_home: True
        state: present

    #- name: Create  {{ username }} directory 
    #  file: path=‘/home/{{ username }}/.ssh‘ state=directory owner={{ username }} group={{ username }} mode=0700 

    - name: set {{ usrename }} authorized key files
      authorized_key:
        user: ‘{{ username }}‘
        state: present
        manage_dir: true   # authorized_key 模块管理.ssh目录，如果不存在自动创建，可以去掉上面的目录处理.
        key: "{{ lookup(‘file‘, ‘/home/fmw/.ssh/id_rsa.pub‘) }}"

 

4 运行剧本：

# 语法测试：
ansible-playbook user-auth.yaml --syntax-check

# 运行剧本：
1 ansible-playbook user-auth.yaml --check      # 测试运行剧本，但不真正执行.
2 ansible-playbook user-auth.yaml -vvv         # 运行并显示详细执行过程.
3 ansible-playbook user-auth.yaml              # 运行脚本会显示执行结果(默认此模式).

# 例：
[root@redis-2 ansible]# ansible-playbook user-auth.yaml

PLAY [all] **********************************************************************************************************************************************************************************

TASK [System Add group fmw] *****************************************************************************************************************************************************************
changed: [t1]
changed: [h1]

TASK [System Add user fmw] ******************************************************************************************************************************************************************
changed: [t1]
changed: [h1]

TASK [set {{ usrename }} authorized key files] **********************************************************************************************************************************************
changed: [t1]
changed: [h1]

PLAY RECAP **********************************************************************************************************************************************************************************
h1                         : ok=3    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
t1                         : ok=3    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0