---
- hosts: serverf
vars:
- password:
key1: redhat
key2: rhceforserver
key3: demonzwl
tasks:
- name: Useradd rhce for remote host
user:
name: rhce
shell: /bin/bash
groups: wheel
append: yes
register: newuser
- name: debug some message
debug:
var: newuser['name']
- name: password to newuser
shell:
cmd: echo "{{ password['key1'] }}" | passwd --stdin "{{ newuser['name'] }}"
# 以下是实现 SSH免密登录 的Task
- block:
- name: Use module-authorized_key public key to remote host
authorized_key:
user: rhce
state: present
key: "{{ lookup('file', '/home/student/.ssh/id_rsa.pub') }}"
rescue:
- name: mkdir ssh dir
file:
path: /home/rhce/.ssh
owner: "{{ newuser['name'] }}"
group: "{{ newuser['group'] }}"
mode: 0644
state: directory
- name: touch file authorized
file:
path: /home/rhce/.ssh/authorized_keys
owner: "{{ newuser['name'] }}"
group: "{{ newuser['group'] }}"
mode: 0600
state: touch
- name: copy public key to remote host
copy:
src: ~/.ssh/id_rsa.pub
dest: /home/rhce/.ssh/authorized_keys
mode: 0600
# rescue 部分有些许繁琐
# 若是想直接调用 authorized_key 模块
# 可以参考 https://www.cnblogs.com/Anzi-0524/p/16538242.html
always:
- name: debug some message
debug:
var: newuser
# 修改受控主机上的 sudoers 文件
- name: change file permissionins
file:
path: /etc/sudoers
owner: root
group: root
mode: 0600
- name: add message to /etc/sudoers
lineinfile:
path: /etc/sudoers
insertafter: '^# %wheel'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
- name: change file permissionins
file:
path: /etc/sudoers
owner: root
group: root
mode: 0400