创建一个 Ansible 角色,该角色将 add/remove 具有元文件模式的用户
Create an Ansible role that will add/remove a user with a pattern from meta file
ashwani:present:super
yashvinder:present:normal
rajat:absent:super
注:
present/absent 是用户的状态,它是否在系统上可用。super 表示用户将能够使用 sudo 权限normal 将无法使用 sudo 权限
给定文件
shell> cat users.conf
ashwani:present:super yashvinder:present:normal rajat:absent:super
先解析数据。例如
- set_fact:
my_users: "{{ my_users|default([]) +
[{'user': params.0,
'state': params.1,
'super': (params.2 == 'super')}] }}"
loop: "{{ lookup('file', 'users.conf').split(' ') }}"
vars:
params: "{{ item.split(':') }}"
给予
my_users:
- state: present
super: true
user: ashwani
- state: present
super: false
user: yashvinder
- state: absent
super: true
user: rajat
然后使用模块user创建用户。例如
- user:
name: "{{ item.user }}"
state: "{{ item.state }}"
loop: "{{ my_users }}"
使用lineinfile启用sudo。例如
- lineinfile:
path: /etc/sudoers
line: "{{ item.user }} ALL=(ALL) NOPASSWD: ALL"
loop: "{{ my_users }}"
when: item.super
(未测试)
更新
Ansible 2.12 及更高版本不需要迭代。在管道中创建列表
my_users: "{{ lookup('file', 'users.conf')|
split('\n')|join(' ')|
split(' ')|
map('split', ':')|
map('zip', ['user', 'state', 'group'])|
map('map', 'reverse')|
map('dict')|list }}"
给予
my_users:
- group: super
state: present
user: ashwani
- group: normal
state: present
user: yashvinder
- group: super
state: absent
user: rajat
创建 Ansible 角色
$ ansible-galaxy init usermanagement
在角色任务文件中创建任务
$ vi usermanagement/tasks/main.yml
添加以下内容
---
# tasks file for createusers
- name: Create User
user:
name: "{{item.split(':').0}}"
state: "{{item.split(':').1}}"
loop: "{{ lookup('file', 'users.conf').splitlines() }}"
- name: Setup Sudo Access for Ansible User
copy:
dest: "/etc/sudoers.d/{{item.split(':').0}}"
content: "{{item.split(':').0}} ALL=(ALL) NOPASSWD: ALL"
validate: /usr/sbin/visudo -cf %s
loop: "{{ lookup('file', 'users.conf').splitlines() }}"
when: item.split(':').2 == "super" and item.split(':').1 == "present"
在角色文件夹中创建 users.conf(Meta) 文件,内容如下
ashwani:present:super
yashvinder:present:normal
rajat:absent:super
$ vi usermanagement/files/users.conf
创建一个主要剧本并使用以上角色。
$ vi main.yml
- hosts: all
become: true
roles:
- usersmanagement
执行主剧本(有主机库存)
$ ansible-playbook main.yml
ashwani:present:super
yashvinder:present:normal
rajat:absent:super
注:
present/absent是用户的状态,它是否在系统上可用。super表示用户将能够使用sudo权限normal将无法使用sudo权限
给定文件
shell> cat users.conf
ashwani:present:super yashvinder:present:normal rajat:absent:super
先解析数据。例如
- set_fact:
my_users: "{{ my_users|default([]) +
[{'user': params.0,
'state': params.1,
'super': (params.2 == 'super')}] }}"
loop: "{{ lookup('file', 'users.conf').split(' ') }}"
vars:
params: "{{ item.split(':') }}"
给予
my_users:
- state: present
super: true
user: ashwani
- state: present
super: false
user: yashvinder
- state: absent
super: true
user: rajat
然后使用模块user创建用户。例如
- user:
name: "{{ item.user }}"
state: "{{ item.state }}"
loop: "{{ my_users }}"
使用lineinfile启用sudo。例如
- lineinfile:
path: /etc/sudoers
line: "{{ item.user }} ALL=(ALL) NOPASSWD: ALL"
loop: "{{ my_users }}"
when: item.super
(未测试)
更新
Ansible 2.12 及更高版本不需要迭代。在管道中创建列表
my_users: "{{ lookup('file', 'users.conf')|
split('\n')|join(' ')|
split(' ')|
map('split', ':')|
map('zip', ['user', 'state', 'group'])|
map('map', 'reverse')|
map('dict')|list }}"
给予
my_users:
- group: super
state: present
user: ashwani
- group: normal
state: present
user: yashvinder
- group: super
state: absent
user: rajat
创建 Ansible 角色
$ ansible-galaxy init usermanagement
$ vi usermanagement/tasks/main.yml
---
# tasks file for createusers
- name: Create User
user:
name: "{{item.split(':').0}}"
state: "{{item.split(':').1}}"
loop: "{{ lookup('file', 'users.conf').splitlines() }}"
- name: Setup Sudo Access for Ansible User
copy:
dest: "/etc/sudoers.d/{{item.split(':').0}}"
content: "{{item.split(':').0}} ALL=(ALL) NOPASSWD: ALL"
validate: /usr/sbin/visudo -cf %s
loop: "{{ lookup('file', 'users.conf').splitlines() }}"
when: item.split(':').2 == "super" and item.split(':').1 == "present"
在角色文件夹中创建 users.conf(Meta) 文件,内容如下
ashwani:present:super
yashvinder:present:normal
rajat:absent:super
$ vi usermanagement/files/users.conf
创建一个主要剧本并使用以上角色。
$ vi main.yml
- hosts: all
become: true
roles:
- usersmanagement
执行主剧本(有主机库存)
$ ansible-playbook main.yml