日拱一卒
0%

RHCE (EX294) - 创建用户帐户

Posted on

创建用户帐户

http://materials/user_list.yml 下载要创建的用户的列表,并将它保存到 /home/greg/ansible

在本次练习中使用在其他位置创建的密码库 /home/greg/ansible/locker.yml。创建名为 /home/greg/ansible/users.yml 的 playbook ,从而按以下所述创建用户帐户:

职位描述为 developer 的用户应当:

devtest 主机组中的受管节点上创建

pw_developer 变量分配密码

是补充组 devops 的成员

职位描述为 manager 的用户应当:

prod 主机组中的受管节点上创建

pw_manager 变量分配密码

是补充组 opsmgr 的成员

密码采用 SHA512 哈希格式。

您的 playbook 应能够在本次练习中使用在其他位置创建的库密码文件 /home/greg/ansible/secret.txt 正常运行。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
[greg@control ansible]$ wget http://materials/user_list.yml
[greg@control ansible]$ cat user_list.yml 
users:
  - name: bob
    job: developer
  - name: sally
    job: manager
  - name: fred
    job: developer
[greg@control ansible]$ vim /home/greg/ansible/users.yml
---
- name: 创建用户帐户_1
  hosts: dev,test
  vars_files:
  - locker.yml
  - user_list.yml
  tasks:
  - name: Ensure group "devops" exists
    group:
      name: devops
      state: present
  - name: Add the user
    user:
      name: "{{ item.name }}"
      password: "{{ pw_developer | password_hash('sha512') }}"
      groups: devops
      append: yes
    when: item.job == "developer"
    loop: "{{ users }}"

- name: 创建用户帐户_2
  hosts: prod
  vars_files:
  - locker.yml
  - user_list.yml
  tasks:
  - name: Ensure group "opsmgr" exists
    group:
      name: opsmgr
      state: present
  - name: Add the user
    user:
      name: "{{ item.name }}"
      password: "{{ pw_manager | password_hash('sha512') }}"
      groups: opsmgr
      append: yes
    when: item.job == "manager"
    loop: "{{ users }}"
[greg@control ansible]$ ansible-playbook users.yml 
[greg@control ansible]$ ansible dev,test -m shell -a 'id bob; id fred'
node2 | CHANGED | rc=0 >>
uid=1003(bob) gid=1003(bob) groups=1003(bob),1001(devops)
uid=1004(fred) gid=1004(fred) groups=1004(fred),1001(devops)
node1 | CHANGED | rc=0 >>
uid=1003(bob) gid=1004(bob) groups=1004(bob),1001(devops)
uid=1004(fred) gid=1005(fred) groups=1005(fred),1001(devops)
[greg@control ansible]$ ansible prod -m shell -a 'id sally'
node3 | CHANGED | rc=0 >>
uid=1003(sally) gid=1004(sally) groups=1004(sally),1003(opsmgr)
node4 | CHANGED | rc=0 >>
uid=1003(sally) gid=1004(sally) groups=1004(sally),1003(opsmgr)