問題背景
- 因為服務器用戶密碼定期90天必須修改密碼,因此需要進行批量化操作
- 使用有sudo權限的普通用戶進行操作
環境
| 系統 |
IP |
軟件 |
備注 |
| centos7 |
192.168.11.140 |
ansible2.9.7 |
安裝需要epel源 |
| centos7 |
192.168.153.130 |
null |
null |
操作步驟
- 取消key驗證
]$ sudo sed -i 's/^#host_key_checking = False/host_key_checking = False/g' /etc/ansible/ansible.cfg
- 定義hosts文件
]$ sudo vim /etc/ansible/hosts
[backsrvs]
192.168.153.130 ansible_ssh_user=admin ansible_ssh_pass=admin1234 ansible_become_pass=admin1234
- 定義playbooks
]# sudo vim /etc/ansible/update_users_pd.yml
- hosts: backsrvs
remote_user: admin
gather_facts: false
tasks:
- name: update users's password
become: yes
become_user: root
become_method: sudo
user: name={{ item.name }} password={{ item.chagepd | password_hash('sha512') }} update_password=always
with_items:
- { name: 'test01',chagepd: 'test1234' }
- { name: 'test02',chagepd: 'test1234' }
- { name: 'test03',chagepd: 'test1234' }
- 執行
]$ sudo ansible-playbook update_users_pd.yml --list-hosts #查看執行腳本中的hosts
]$ sudo ansible-playbook update_users_pd.yml -C #只檢查,不真正執行
]$ sudo ansible-playbook update_users_pd.yml
修改單一用戶
]# sudo vim /etc/ansible/update_user_pd.yml
- hosts: backsrvs
remote_user: admin
gather_facts: false
tasks:
- name: update users's password
become: yes
become_user: root
become_method: sudo
user: name={{ name }} password={{ chagepd | password_hash('sha512') }} update_password=always
]$ sudo ansible-playbook update_user_pd.yml -e "name=test01 chagepd=test4321"
