我是ansible的新手,我在digitalocean中设置我的新实例来配置新用户。基本上,我有设置它的剧本,当我运行剧本时,每个人都可以,但是当我试图检查我的密码是否正常工作时它没有用。
我做了
sudo apt-get update
如果密码正常工作。它没有。
---
- name: Configure Server
hosts: sample_server
gather_facts: no
remote_user: root
vars:
username: sample_user
password: sample_password
tasks:
- name: Update apt cache
apt: update_cache=yes
- name: Safe aptitude upgrade
apt: upgrade=safe
async: 600
poll: 5
- name: Add my user
user:
name: "{{ username }}"
password: "{{ password }}"
update_password: always
shell: /bin/bash
groups: sudo
append: yes
generate_ssh_key: yes
ssh_key_bits: 2048
state: present
- name: Add my workstation user's public key to the new user
authorized_key:
user: "{{ username }}"
key: "{{ lookup('file', 'certificates/id_rsa.pub') }}"
state: present
- name: Change SSH port
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^Port"
line: "Port 30000"
state: present
# notify:
# - Restart SSH
- name: Remove root SSH access
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^PermitRootLogin"
line: "PermitRootLogin no"
state: present
# notify:
# - Restart SSH
- name: Remove password SSH access
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^PasswordAuthentication"
line: "PasswordAuthentication no"
state: present
# notify:
# - Restart SSH
- name: Reboot the server
service: name=ssh state=restarted
handlers:
- name: Restart SSH
service: name=ssh state=restarted
对此有任何想法。感谢
答案 0 :(得分:2)
Ansible用户模块将密码作为加密值,jinja2过滤器可以处理加密密码的生成。您可以像这样修改用户创建任务:
password: "{{ password | password_hash('sha512') }}"
希望能帮到你