[英]Change pass of ansible user in a playbook
I'm pretty new and trying to learn ansible by creating playbooks, so sorry if the question is dumb and I just missed something really evident.我很新,并试图通过创建剧本来学习 ansible,如果问题很愚蠢,我很抱歉,我只是错过了一些非常明显的东西。
What I am trying to do:我正在尝试做的事情:
I don't seem to be able to do it, I tried a lot of google and a lot of different approaches to no avail, any help is welcome.我似乎无法做到这一点,我尝试了很多谷歌和很多不同的方法都无济于事,欢迎任何帮助。 Meanwhile here's the latest try and the error I get:
同时这是最新的尝试和我得到的错误:
- name: "Configure SSH on newly provisioned Linux machine"
hosts: all
gather_facts: no
become: yes
vars:
sshd_config: "/etc/ssh/sshd_config"
vars_files:
- provision-ssh/vault.yml
tasks:
- name: Check SSH Connection
wait_for_connection:
timeout: 5
ignore_errors: true
register: _ssh_default_login
- name: If SSH Failed, set temporary password
set_fact:
ansible_password: "{{ tmp_pass }}"
ansible_ssh_password: "{{ tmp_pass }}"
ansible_become_password: "{{ tmp_pass }}"
ignore_errors: true
register: _ssh_user_provision
when:
- _ssh_default_login is failed
- name: Check SSH Connection with temp password
wait_for_connection:
timeout: 5
register: _ssh_temp_login
when:
- _ssh_user_provision is succeeded
- name: "Create user accounts and add to groups"
#no_log: yes
become: yes
user:
name: "{{ item.username }}"
password: "{{ item.password | password_hash('sha512', item.salt ) }}"
groups: "{{ item.groups }}"
state: present
append: yes
loop: "{{ users|flatten(levels=1) }}"
loop_control:
label: "{{item.username}}"
- name: "Add authorized keys"
authorized_key:
user: "{{ item.username }}"
key: "{{ lookup('file', 'provision-ssh/'+ item.username + '.key.pub') }}"
register: add_identity_key
loop: "{{ users|flatten(levels=1) }}"
loop_control:
label: "{{item.username}}"
- name: "Disable root login via SSH"
lineinfile:
dest: "{{ sshd_config }}"
regexp: "^PermitRootLogin"
line: "PermitRootLogin no"
notify: "Restart sshd"
- name: Disable empty password login
lineinfile:
dest: "{{ sshd_config }}"
regexp: '^#?PermitEmptyPasswords'
line: 'PermitEmptyPasswords no'
notify: "Restart sshd"
- name: Disable password login
lineinfile:
dest: "{{ sshd_config }}"
regexp: '^(#\s*)?PasswordAuthentication '
line: 'PasswordAuthentication no'
when:
- add_identity_key is succeeded
- not add_identity_key is skipped
notify: Restart sshd
handlers:
- name: "Restart sshd"
service:
name: "sshd"
state: "restarted"
And the error with some editing since I removed the no_log and spews passwords:由于我删除了 no_log 并喷出密码,因此进行了一些编辑错误:
PLAY [Configure SSH on newly provisioned Linux machine] ************************
TASK [Check SSH Connection] ****************************************************
fatal: [AnsibleTarget]: FAILED! => {"changed": false, "elapsed": 6, "msg": "timed out waiting for ping module test: Invalid/incorrect password: Permission denied, please try again."}
...ignoring
TASK [If SSH Failed, set temporary password] ***********************************
ok: [AnsibleTarget]
TASK [Check SSH Connection with temp password] *********************************
ok: [AnsibleTarget]
TASK [Create user accounts and add to groups] **********************************
failed: [AnsibleTarget] (item=login_user) => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"}, "ansible_loop_var": "item", "changed": false, "item": {"groups": "sudo", "password": "passwordHere", "salt": "andTheSalt", "username": "login_user"}, "msg": "useradd: Permission denied.\nuseradd: cannot lock /etc/passwd; try again later.\n", "name": "login_user", "rc": 1}
failed: [AnsibleTarget] (item=ansible_user) => {"ansible_loop_var": "item", "changed": false, "item": {"groups": "sudo", "password": "differentPass", "salt": "otherSalt", "username": "ansible_user"}, "msg": "usermod: Permission denied.\nusermod: cannot lock /etc/passwd; try again later.\n", "name": "ansible_user", "rc": 1}
PLAY RECAP *********************************************************************
AnsibleTarget : ok=3 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=1
It might because the user you are logging in does not have enough privileges.这可能是因为您正在登录的用户没有足够的权限。
Try adding become_user: root
in the Create user accounts and add to groups
task.尝试在
Create user accounts and add to groups
任务中添加become_user: root
。 Reference to become_user
is here .对
become_user
的引用在这里。
Also, use verbose mode to have more insights into your errors.此外,使用详细模式可以更深入地了解您的错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.