如何在特定主机上创建特定用户

时间:2019-05-25 05:05:26

标签: ansible

网络上有几台计算机,您需要在每台计算机上创建一个具有特定登录名和密码的用户。

我这样创建用户:

vars_prompt:
 - name: "user_name"
   prompt: "User name"    
   private: no   
 - name: "user_password"    
   prompt: "Enter a password for the user"    
   private: yes    
   encrypt: "md5_crypt"    
   confirm: yes    
   salt_size: 7
tasks:
 - name: "add new user" 
   user: 
     name: "{{user_name}}" 
     password: "{{user_password}}" 
     shell: /bin/bash

由于有很多计算机,因此我不想大量运行一本剧本。理想情况下,我想实现主机(计算机)列表和用户列表的输入。密码,原则上,您可以在任何地方进行相同的操作。

2 个答案:

答案 0 :(得分:0)

循环任务

tasks:
  - name: "add new user" 
    user: 
      name: "{{ item.user_name }}" 
      password: "{{ item.user_password }}" 
      shell: /bin/bash
    loop: "{{ my_users }}"

并将变量 my_users 放入host_vars 

my_users:
  - user_name: user1
    user_password: password1
  - user_name: user2
    user_password: password2

将普通用户设置为group_vars

请参见Variable precedence: Where should I put a variable?

使用Ansible Vault加密密码。

答案 1 :(得分:0)

这里是您可以尝试的示例。适应您的需求。

注意:如果每个主机的用户列表不同,则只需多次执行该剧本。将其实现为可在ansible中快速播放的游戏将是完全的痛苦,而且根本无法使用。

在下面的示例中,test1test2指向我在demo_inventory.yml中添加的2个Docker容器。

all:
  hosts:
    test1:
      ansible_connection: docker
    test2:
      ansible_connection: docker

您必须正确识别输入的主机,才能正常工作。

这是演示剧本test.yml 

---
- name: Gather needed information
  hosts: localhost

  vars_prompt:

    - name: hosts_entry
      prompt: Enter comma separated list of hosts to target
      private: false

    - name: users_entry
      prompt: Enter comma separated list of users to create
      private: false

    - name: user_password
      prompt: Enter initial password applied to all users
      encrypt: md5_crypt
      confirm: true
      salt_size: 7


  tasks:
    - name: Create a dynamic whatever_group with entered hosts
      add_host:
        name: "{{ item | trim }}"
        groups:
          - whatever_group
      loop: "{{ hosts_entry.split(',') }}"

    - name: Create a list of host for later reuse. Will be scoped to localhost
      set_fact:
        users_list: "{{ users_entry.split(',') }}"

    - name: Store password for later reuse as vars_prompt are limited to play
      set_fact:
        user_password: "{{ user_password }}"

 - name: Do the actual work
   hosts: whatever_group

   tasks:
     - name: Make sure users are present
       user:
         name: "{{ item | trim }}"
         password: "{{ hostvars['localhost'].user_password }}"
         shell: /bin/bash
       loop: "{{ hostvars['localhost'].users_list }}"

我在localhost上创建了一个戏剧,以从vars_prompt收集信息。在本剧中,我使用add_host动态创建了whatever_group。请注意,使用split从输入中包含逗号分隔元素的字符串创建列表,并使用trim删除前导/后缀空格(如果用户输入的话)。由于vars_prompt的范围仅限于当前播放,因此我也使用set_fact来获取用户列表和密码以备将来使用。

在接下来的播放中,我以whatever_group为目标并运行user任务。请注意,由于set_fact以前使用的变量范围为localhost,因此我们必须使用hostvars魔术变量来获取用户loop和密码的相关信息。 / p>

这是示例运行

$ ansible-playbook -i demo_inventory.yml test.yml 
Enter comma separated list of hosts to target: test1, test2
Enter comma separated list of users to create: user1, user2, user3
Enter initial password applied to all users: 
confirm Enter initial password applied to all users: 

PLAY [Gather needed information] ***************************************************************

TASK [Gathering Facts] *************************************************************************
ok: [localhost]

TASK [Create a dynamic whatever_group with entered hosts] **************************************
changed: [localhost] => (item=test1)
changed: [localhost] => (item= test2)

TASK [Create a list of host for later reuse. Will be scoped to localhost] **********************
ok: [localhost]

TASK [Store password for later reuse as vars_prompt are limited to play] ***********************
ok: [localhost]

PLAY [Do the actual work] **********************************************************************

TASK [Gathering Facts] *************************************************************************
ok: [test1]
ok: [test2]

TASK [Make sure users are present] *************************************************************
changed: [test2] => (item=user1)
changed: [test1] => (item=user1)
changed: [test2] => (item= user2)
changed: [test1] => (item= user2)
changed: [test2] => (item= user3)
changed: [test1] => (item= user3)

PLAY RECAP *************************************************************************************
localhost                  : ok=4    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
test1                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
test2                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
相关问题
最新问题