创建用户账户
---
- hosts: dev
vars_files:
- users.yml
tasks:
- name: dis firstname
debug:
msg: "{{ users['zhaogang']['firstname'] }}" 两种表示方法
##msg: "{{ users.zhaogang.firstname }}"
---
- hosts: dev
tasks:
- name: test user
shell : id w5
register: info
- name: dis info
debug:
msg: "{{ info }}"
rc:0—>用户存在 rc非0—>用户不存在
---
- hosts: dev
tasks:
- name: test user
shell : id w5
register: info
ignore_errors: yes ##忽略错误(必须加!!)
- name: dis info
debug:
msg: user not exits
when: info.rc !=0
#when: info is failed
##如果用户不存在打印出 user not exits
执行成功,用户不存在打印出 user not exits
- name: firewalld
firewalld:
service: https
permanent: yes ##永久生效
immediate: yes ##立即生效
state: enabled
加密
创建加密文件
[student@workstation ansible]$ ansible-vault create user.yml
user:tom
passward:redhat
New Vault password:
Confirm New Vault password:
查看加密文件
[student@workstation ansible]$ ansible-vault view user.yml
users:tom
passwd:redhat
或者
[student@workstation ansible]$ cat user.yml
users:tom
passwd:redhat
编辑现有文件
[student@workstation ansible]$ ansible-vault edit user.yml
Vault password:
users:tom
passwd:redhat
解密现有文件
[student@workstation ansible]$ ansible-va
ult decrypt user.yml
Vault password:
Decryption successful
加密现有文件
[student@workstation ansible]$ ansible-vault encrypt user.yml
New Vault password:
Confirm New Vault password:
Encryption successful
更改加密文件密码
[student@workstation ansible]$ ansible-vault rekey user.yml
Vault password: #需要先输入原始密码
New Vault password:
Confirm New Vault password:
Rekey successful
密码文件
方法一:
ansible-vault create文件名–vault-password-file=存放密码的文件名
[student@workstation ansible]$ echo redhat > secret.txt ##重定向将redhat写入secret.txt中
[student@workstation ansible]$ chmod 600 secret.txt
##一定要修改权限
[student@workstation ansible]$ ansible-vault create locker.yml --vault-password-file=secret.txt
[student@workstation ansible]$ ansible-vault view locker.yml
Vault password:
pw_develop: imadev
pw_manager: imamgr
方法二:
在配置文件中修改密码文件存放路径
同样也可以实现