我有一个有趣的剧本,可以为Packer AMI版本添加50个以上的SSH用户。
这是我的/playbooks/roles/users/tasks/create_user.yml:的样子。
---
- name: "User {{ item.name }}"
user:
comment: "Add {{ item.name }} account"
name: "{{ item.name }}"
home: "/data/companies/project/{{ item.name }}"
state: present
uid: "{{ item.uid }}"
group: company
groups: company
shell: /sbin/nologin
state: present
generate_ssh_key: no
password: "{{ item.password }}"
- name: "Create home directory for {{ item.name }}"
file:
path: "/data/companies/project/{{ item.name }}"
state: directory
owner: "{{ item.name }}"
group: company
mode: 0700
这是/playbooks/roles/users/vars/main.yml文件的外观
---
location: UK
users:
- name: user1
password: $6$8T8lH2vS$JKIdqkQmHUHR/s75RYMguPyHTisnNrXIPOjJ9IWxMHB4LY9PJX.3rgkmfLCWAHDi5VYZno2ntlYm7Kkdy0iAZ.
uid: 601
location: UK
- name: user2
password: $6$8T8lH2vS$JKIdqkQmHUHR/s75RYMguPyHTisnNrXIPOjJ9IWxMHB4LY9PJX.3rgkmfLCWAHDi5VYZno2ntlYm7Kkdy0iAZ
uid: 602
location: USA
这是我的“ / playbooks /角色/用户/任务/main.yml”的样子
---
- name: Create users based on location
include: create_users.yml
loop: "{{ users | selectattr('location', 'equalto', location) | list }}"
运行了相应的打包程序版本后,没有错误,但没有创建user1,user2及其属性。
amazon-ebs: TASK [: Create users based on location] ***********************************
amazon-ebs:
amazon-ebs: PLAY RECAP *********************************************************************
amazon-ebs: default : ok=10 changed=7 unreachable=0 failed=0
amazon-ebs:
请有人帮我了解为什么没有创建用户?谢谢
答案 0 :(得分:3)
通常通过使用变量和循环来实现。将所有变量填充到包含参数字典的list变量中,然后使用循环读取并应用。因此,根据您的角色方法:
创建一个包含要运行的两个任务的任务文件-/playbooks/roles/users/tasks/create_user.yml:
---
- name: User "{{ item.name }}"
user:
comment "{{ item.name }} company account"
name: "{{ item.name }}"
home: "/data/company/{{ item.name }}"
state: present
uid: 666
group: company
groups: company
shell: /bin/bash
state: present
generate_ssh_key: no
password: "{{ item.password }}"
- name: "Create home directory for {{ item.name }}"
file:
path: "/data/company/{{ item.name }}"
state: directory
owner: "{{ item.name }}"
group: company
mode: 0700
创建一个包含您的用户的vars文件-/playbooks/roles/users/vars/main.yml:
---
location: UK # This will be your default. It can be overridden in a variety of places
users:
- name: user1
password: <some password>
location: US
- name: user2
password: <some password>
location: UK
- name: user3
password: <some password>
location: UK
然后在/playbooks/roles/users/tasks/main.yml中:
---
- name: Create users based on location
include: create_user.yml
loop: "{{ users | selectattr('location', 'equalto', location) | list }}"
希望其中大部分是自我解释。因为您使用的是角色,所以通过将users变量放在/playbooks/roles/users/vars/main.yml中,该变量将自动变为可用。 users | selectattr('location', 'equalto', location)表达式使用user变量并对列表进行过滤,以仅包括“位置”元素等于“位置”变量中指定值的对象。
答案 1 :(得分:0)
一些其他提示,您也可以使用默认值。 另外,如果要保护加密的密码,可以将其存储在Ansible Vault中:
users.yml示例:
users:
- name: user1
uid: 666
group: group1
groups: [allusers]
comment: User One
home: /home/user1
shell: /bin/bash
passwords: "{{ vault_passwords }}"
您使用“ ansible-vault”命令加密的保管库文件看起来像(已解密):
passwords:
- name: user1
password: $6$509875346RH.RAaVNW2iWtf/QJ4zUGaJiEyh.
剧本随附的任务文件示例:
- name: Set up user accounts
user:
name: "{{ item.name }}"
create_home: '{{ item.createhome | default("no") }}'
uid: "{{ item.uid }}"
group: "{{ item.group }}"
state: '{{ item.state | default("present") }}'
comment: '{{ item.comment | default("Ansible created comment") }}'
home: "{{ item.home }}"
shell: '{{ item.shell | default("/bin/bash") }}'
with_items: "{{ users }}"
- name: Set up user account passwords
user:
name: "{{ item.name }}"
password: '{{ item.password | default("*") }}'
with_items: "{{ passwords }}"