Ansible:检查我的用户是否存在于远程主机上,否则使用root用户连接ssh

时间:2016-09-26 08:33:11

标签: ssh ansible

我目前正在编写Ansible脚本,该脚本应该在运行Debian或CentOS的每台主机上更新openssl。在主机上,我们的SSH密钥是为我自己的用户 root存放的。我想检查我的用户是否存在于主机上,如果不是,我想要与root用户进行身份验证。有可能这样做吗?我尝试使用bash命令,但我想检查我的用户是否存在之前我正在运行任务。也许我的问题有其他解决方案,但我不了解它们。运行此playbook会引发语法错误。我的脚本现在看起来像这样:

---
- hosts: "{{ host_group }}" 
  remote_user: "{{ username }}"
  tasks:

# Check whether there's a existinig user or whether you have to use root
    - name: Check whether there's your user on the machine
      action: shell /usr/bin/getent passwd $username | /usr/bin/wc -l | tr -d ''
      register: user_exist
      remote_user: root
      when: user_exist.stdout == 0
      tags:
         - users

# Install openssl on Ubuntu or Debian
    - name: Install openssl on Ubuntu or Debian
      become: True
      become_user: root
      apt: name=openssl state=latest
      when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

# Install openssl on CentOS or RHEL
    - name: Install openssl on CentOS or RHEL
      become: True
      become_user: root
      yum: name=openssl state=latest
      when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'

2 个答案:

答案 0 :(得分:5)

您可以先使用local_action测试连接 Ansible需要知道如何连接到主机,否则会触发host unreachable错误并跳过该主机的剩余任务。
像这样:

- hosts: myservers
  gather_facts: no  # or it will fail on the setup step
  tasks:
    - name: Test user
      local_action: "command ssh -q -o BatchMode=yes -o ConnectTimeout=3 {{ inventory_hostname }} 'echo ok'"
      register: test_user
      ignore_errors: true
      changed_when: false

    - name: Do useful stuff
      remote_user: "{{ test_user | success | ternary(omit, 'root') }}"
      command: echo ok

答案 1 :(得分:4)

使用ansible ping模块(用于验证端对端SSH连接, not ICMP)来测试SSH连接的一种更原生,更优雅的方法,并且可以使用在Ansible 2.7中添加的剧本关键字ignore_unreachable

下面的技术将SSH测试置于未收集事实的状态中。随后的播放将正常收集事实:

---
###
## First play: Dynamically configure SSH user
##
- hosts: "{{ host_group }}"
  gather_facts: false  # don't try to ssh yet!!
  vars:
    ansible_ssh_user: "{{ username }}"

  tasks:
    - name: "Test SSH connection"
      ping:  # <-- no args needed
      ignore_unreachable: true
      ignore_errors: true
      changed_when: false
      register: ssh_test

    - name: "Fall back to root user?"
      when: ssh_test.unreachable is defined
      connection: local
      set_fact:
        ansible_ssh_user: root


###
## Next play: Install Stuff
###
- hosts: "{{ host_group }}"
  tasks:
    - name: Install openssl on Ubuntu or Debian
      # ...
相关问题
最新问题