删除用户
- name: add gitlab user
user: name={{user}} state=absent remove=yes
become: yes
添加用户
- name: add gitlab user
user: name={{user}} password={{passwd}}
become: yes
在新建用户时可以指定对应的用户密码,但是该处密码只允许加密传送,使用如下命令先进行密码的加密操作:
[ansible@compile ansible]$ python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt('gitlab')"
$6$rounds=40000$Th.dzFk2UGJmVCFr$KAlCDj7N7EsoBZ.zIAzLvX5S25BNafauwWeRsvAa7fBQTGRgjkuHSaYrdpQaayOUL9TZKq2sht4Qz0w4q/JwK1
以上字符串即为生成的密钥,将他座位参数passwd给user模块password属性赋值
权限验证
- name: authorize remote {{user}} user
remote_user: "{{user}}"
authorized_key:
user: gitlab
key: "{{ lookup('file', '/home/ansible/.ssh/id_rsa.pub') }}"
path: /home/{{user}}/.ssh/authorized_keys
key是指ansible主机的公钥字符串,path指远程机上的authorized_keys。
注意:在进行权限验证期间可能需要密码,可以设置全局变量:
ansible_ssh_pass: xxxx
即可以安全进行密钥验证