添加sudo权限的处理方法:要在远程主机的 visudo 文件中添加 ‘test ALL=(ALL) NOPASSWD: ALL’ 以允许用户 test 无密码执行 sudo 命令,你可以使用 Ansible 的 lineinfile 模块。但是,请注意,直接编辑 sudoers 文件(即 visudo 所编辑的文件)可能存在风险,因为如果语法错误,可能会导致 sudo 无法正常工作。因此,强烈建议首先备份 sudoers 文件,并使用 visudo 命令来验证更改。
远程免密钥处理方法:使用Ansible的shell模块来执行命令,authorized_key模块来管理authorized_keys文件,以及file模块来设置文件的权限
1.因一开始使用root账户远程登录,需要在/etc/ansible/hosts中写明登录的账号密码,如下:
[remote_hosts]
192.100.0.1 ansible_ssh_user=root ansible_ssh_pass='admin'
192.100.0.2 ansible_ssh_user=root ansible_ssh_pass='admin'
2.下面是Ansible playbook内容
---
- name: Add test user to sudoers with NOPASSWD
hosts: remote_hosts
become: yes
become_user: root
tasks:
- name: Backup sudoers file
copy:
src: /etc/sudoers
dest: /etc/sudoers.bak
remote_src: yes
backup: yes
- name: Add test user to sudoers
lineinfile:
path: /etc/sudoers
line: 'test ALL=(ALL) NOPASSWD:ALL'
validate: 'visudo -cf %s'
state: present
- name: Ensure test user exists
user:
name: test
state: present
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: .ssh/id_rsa
- name: Set permissions on test user's .ssh directory
file:
path: /home/test/.ssh
owner: test
group: test
mode: '0700'
state: directory
- name: Add test user's public key to authorized_keys
authorized_key:
user: test
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYcqivA34f62tR58CEzWb3vWdLQQGHwqIrrRnyLQVrMFvUS9H7M3tp0yIZQ+NrE+GWNnAL+BR3C2/kdisC+w/UK+oQ0k+BWVez2Zllq1wZfO68FY6OIkF88GpinHcdzFAgUXdvTnCePPsb+1RBsRo6bqQw7z086o1vAaaOt7dgL97zQSxU8uKHe8otdwHCNeGZxxeHwKuNRYsUU5O4TAwaei65zRImhUQkz9+DIZAvAsYIzDYL7Wnzkd0fCdJ3X0H+URB5j2XwSQxWdCAJfawCELL1Ap0rie9/EREWanovfe8SqJE9m5pBRklyUFZmtRD8Z0mJ1/TAYc+GKN3R39nJ weuhu@weuhu_1"
- name: Set permissions on authorized_keys file
file:
path: /home/test/.ssh/authorized_keys
owner: test
group: test
mode: '0644'