Playbook_自编-添加用户-设置用户密码-编辑sudo文件

---
  - hosts: serverf
    vars:
      - password:
          key1: redhat
          key2: rhceforserver
          key3: demonzwl
    tasks:
      - name: Useradd rhce for remote host
        user:
          name: rhce
          shell: /bin/bash
          groups: wheel
          append: yes
        register: newuser
      - name: debug some message
        debug:
          var: newuser['name']

      - name: password to newuser
        shell:
          cmd: echo "{{ password['key1'] }}" | passwd --stdin "{{ newuser['name'] }}"

# 以下是实现 SSH免密登录 的Task
      - block:
        - name: Use module-authorized_key public key to remote host
          authorized_key: 
            user: rhce
            state: present
            key: "{{ lookup('file', '/home/student/.ssh/id_rsa.pub') }}"
        rescue: 
          - name: mkdir ssh dir
            file:
              path: /home/rhce/.ssh
              owner: "{{ newuser['name'] }}"
              group: "{{ newuser['group'] }}"
              mode: 0644
              state: directory
          - name: touch file authorized 
            file: 
              path: /home/rhce/.ssh/authorized_keys
              owner: "{{ newuser['name'] }}"
              group: "{{ newuser['group'] }}"
              mode: 0600
              state: touch
          - name: copy public key to remote host
            copy:
              src: ~/.ssh/id_rsa.pub
              dest: /home/rhce/.ssh/authorized_keys
              mode: 0600
# rescue 部分有些许繁琐
# 若是想直接调用 authorized_key 模块
# 可以参考 https://www.cnblogs.com/Anzi-0524/p/16538242.html
        always:
          - name: debug some message
            debug:
              var: newuser

# 修改受控主机上的 sudoers 文件
      - name: change file permissionins
        file:
          path: /etc/sudoers
          owner: root
          group: root
          mode: 0600
      - name: add message to /etc/sudoers
        lineinfile:
          path: /etc/sudoers
          insertafter: '^# %wheel'
          line: '%wheel   ALL=(ALL)   NOPASSWD: ALL'
      - name: change file permissionins
        file:
          path: /etc/sudoers
          owner: root
          group: root
          mode: 0400
posted @ 2022-07-31 22:24  Demon丶安梓  阅读(146)  评论(0编辑  收藏  举报