ansible用普通用户执行root权限的命令 + script模块

0.禁止root登陆
1.用sudo的用户登陆
2.执行root的权限

3.cat  /etc/ansible/hosts

# Ex 2: A collection of hosts belonging to the 'webservers' group
[test]
10.0.0.3 ansible_ssh_user="dev" ansible_ssh_pass="do2admin" ansible_become_pass="ccsds@AA2123"
10.0.0.7 ansible_ssh_user="dev" ansible_ssh_pass="do2admin" ansible_become_pass="ccsds@AA2123"

-------------------------------------------------

[frame]
10.0.0.4
[frame:vars]
ansible_ssh_user="dev"
ansible_ssh_pass="do2admin"

-------------------------------------------------

[root@frontend-1 yum_with_items]# ansible frame -m shell -a 'whoami'
10.0.0.4 | CHANGED | rc=0 >>
dev

-------------------------------------------------

 

4.用普通用户执行root的任务

ansible playbook远程切换用户执行

[root@frontend-1 deploy]# cat root_cannot_login.yaml
---
- name : root can not login and other user login and sudo as root
  hosts: all
  gather_facts: False
  become: yes
  become_user: root
  become_method: sudo
  tasks:
  - name: create test file as normal user
    shell: echo 'hahahahahhahah  how to show command run results'  > /tmp/fuckdevsudotoroot1.txt

  - name: create new user
    shell: sudo useradd aftergege

  - name: test use special charactor
    shell: sudo echo 'do2admin'|passwd --stdin aftergege

  - name: Show debug info
    debug: var=result.stdout verbosity=3

参考：https://blog.csdn.net/change_can/article/details/105559227

# 在使用verbosity: 3的时候输出debug结果

ansible-playbook ./debug.yaml -i /root/ansible-code/inventory/inventory.ini --private-key=/root/.ssh/ansible -vvv

 

3.远程执行脚本

[root@frontend-1 deploy]# cat to_adduser_script.yaml
---
- name: login to adduser at remote host as normal user
  gather_facts: FALSE
  hosts: all
  become: yes
  become_user: root
  become_method: sudo
  tasks:
#  - name: copy script to remote host
#    copy: src=/opt/deploy/adduser.sh dest=/tmp/adduser.sh
  - name: execute scripts at remote hosts
    script: /tmp/adduser.sh