playbook을 사용하여 사용자 추가 제거

 

계정생성

  • ansibleuser 계정 생성 및 패스워드 설정
    • password_hash('sha512') 필터를 사용하여 평문 패스워드를 SHA-512 해시로 암호화
  • sudoers 파일에 ansibleuser 계정 추가
$ cat playbooks/adduser.yml
---
- hosts: all
  become: yes
  vars:
    ansible_user_password: "{{ '사용할 패스워드' | password_hash('sha512') }}"
  tasks:
    - name: Create ansibleuser with password
      user:
        name: ansibleuser
        groups: sudo
        shell: /bin/bash
        password: "{{ ansible_user_password }}"

    - name: Add ansibleuser to sudoers
      lineinfile:
        path: /etc/sudoers
        state: present
        regexp: '^ansibleuser'
        line: 'ansibleuser ALL=(ALL) NOPASSWD: ALL'
        validate: 'visudo -cf %s

 

실행

$ ansible-playbook -i /home/azuser/ansible/inventory/servers /home/azuser/ansible/playbooks/adduser.yml
SSH password:
BECOME password[defaults to SSH password]:

PLAY [all] *********************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************
ok: [zdb]
ok: [zserver]
ok: [ansible]
ok: [docker2]
ok: [docker1]
ok: [u22dev]

TASK [Create ansibleuser with password] ****************************************************************************************************************************
changed: [docker1]
changed: [ansible]
changed: [docker2]
changed: [zdb]
changed: [zserver]
changed: [u22dev]

TASK [Add ansibleuser to sudoers] **********************************************************************************************************************************
changed: [ansible]
changed: [docker1]
changed: [zserver]
changed: [docker2]
changed: [zdb]
changed: [u22dev]

PLAY RECAP *********************************************************************************************************************************************************
ansible                    : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
docker1                    : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
docker2                    : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
u22dev                     : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
zdb                        : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
zserver                    : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

 

 

 

계정 삭제

  • ansibleuser 계정 삭제
  • sudoers 파일에서 ansibleuser 계정 제거
$ cat playbooks/deluser.yml
---
- hosts: all
  become: yes
  tasks:
    - name: sudoers 파일에서 ansibleuser 제거
      ansible.builtin.lineinfile:
        path: /etc/sudoers
        state: absent
        regexp: '^ansibleuser'
        validate: 'visudo -cf %s'

    - name: ansibleuser 계정 삭제
      ansible.builtin.user:
        name: ansibleuser
        state: absent
        remove: yes

 

 

실행

$ ansible-playbook -i /home/azuser/ansible/inventory/servers /home/azuser/ansible/playbooks/deluser.yml
SSH password:
BECOME password[defaults to SSH password]:

PLAY [all] *********************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************
ok: [ansible]
ok: [zserver]
ok: [zdb]
ok: [docker1]
ok: [docker2]
ok: [u22dev]

TASK [sudoers 파일에서 ansibleuser 제거] *********************************************************************************************************************************
changed: [ansible]
changed: [docker2]
changed: [zserver]
changed: [zdb]
changed: [docker1]
changed: [u22dev]

TASK [ansibleuser 계정 삭제] *******************************************************************************************************************************************
ok: [zserver]
ok: [docker1]
ok: [ansible]
ok: [docker2]
ok: [zdb]
ok: [u22dev]

PLAY RECAP *********************************************************************************************************************************************************
ansible                    : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
docker1                    : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
docker2                    : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
u22dev                     : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
zdb                        : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
zserver                    : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

 

저작자표시 비영리 변경금지 (새창열림)

티스토리툴바