1、创建一个名为 locker.yml 的 ansible vault 文件存储用户密码:
-
Vault 文件中包含两个变量:
pw_developer: imadev
pw_manager: imamgr
-
加密此文件的密码为redhat
-
此密码存放在:~/ansible/secret.txt
2、创建用户账户
-
需要创建的用户账户清单来自于files/14/user_list.yml,请拷贝到~/ansible中
-
配合上一题的locler.yml,创建名为users.yml的playbook,要求如下:
■ 用户的 job description 为 developer 的用户, 创建到 dev和test 主机组中,用户密码来自pw_developer变用量,用户的附加组是devops
■ 用户的 job description 为 manager 的用户,创建到 prod 主机组中,用户密码来自pw_manager变量,用户附加组是opsmgr
■ 用户密码使用 SHA512 hash
3、为 Ansiblev ault 文件修改密码
请为 expense.yml 文件修改 vault 密码, 要求如下:
-
请将 files/15/expense.yml 文 件 保 存 到 ~/anstble/expense.yml
-
此文件当前的 vault 密码是: veryimpgrtant
-
新的 vault 密码是: notveryimportant
第一题:
-
方法一: [root@servera ansible]# vim secret redhat [root@servera ansible]# ansible-vault create locker.yml //创建加密文件 New Vault password: Confirm New Vault password: [root@servera ansible]# ansible-vault encrypt locker.yml //加密已存在的加密文件 New Vault password: Confirm New Vault password: [root@servera ansible]# ansible-vault view locker.yml //查看加密文件 Vault password: pw_developer: imadev pw_manager: imamgr 方法二: [root@servera ansible]# vim secret redhat [root@servera ansible]# ansible-vault view locker.yml --vault-password-file=secret pw_developer: imadev pw_manager: imamgr [root@servera ansible]#
第二题:
-
[root@servera ansible]# cd files [root@servera files]# ll total 0 drwxr-xr-x. 2 root root 28 Nov 8 2019 12 drwxr-xr-x. 2 root root 27 Nov 8 2019 14 drwxr-xr-x. 2 root root 25 Nov 8 2019 15 drwxr-xr-x. 2 root root 44 Nov 8 2019 5 drwxr-xr-x. 2 root root 22 Nov 8 2019 9 [root@servera files]# vim user_list.yml users: - name: bob job: developer - name: sally job: manager - name: fred job: developer [root@servera ansible]# vim users.yml --- - name: create user hosts: all vars_files: - locker.yml - user_list.yml tasks: - name: Create group devops group: name: devops state: present when: ansible_hostname in groups['dev'] or ansible_hostname in groups['test'] - name: create group opsmgr group: name: opsmgr state: present when: ansible_hostname in groups['prod'] - name: create user for dev and test user: name: "{{ item.name }}" groups: devops password: "{{ pw_developer | password_hash('sha512') }}" loop: "{{ users }}" when: ( ansible_hostname in groups['dev'] or ansible_hostname in groups['test'] ) and item.job == 'developer' - name: create user for prod user: name: "{{ item.name }}" groups: opsmgr password: "{{ pw_manager | password_hash('sha512') }}" loop: "{{ users }}" when: ansible_hostname in groups['prod'] and item.job == 'manager'
第三题:
-
[root@servera ansible]# cp ~/ansible/files/15/expense.yml . //复制到当前路径 [root@servera ansible]# ansible-vault rekey expense.yml //rekey 修改密码 Vault password: veryimportant New Vault password: notveryimportant Confirm New Vault password: notveryimportant Rekey successful