问题背景
- 因为服务器用户密码定期90天必须修改密码,因此需要进行批量化操作
- 使用有sudo权限的普通用户进行操作
环境
| 系统 |
IP |
软件 |
备注 |
| centos7 |
192.168.11.140 |
ansible2.9.7 |
安装需要epel源 |
| centos7 |
192.168.153.130 |
null |
null |
操作步骤
- 取消key验证
]$ sudo sed -i 's/^#host_key_checking = False/host_key_checking = False/g' /etc/ansible/ansible.cfg
- 定义hosts文件
]$ sudo vim /etc/ansible/hosts
[backsrvs]
192.168.153.130 ansible_ssh_user=admin ansible_ssh_pass=admin1234 ansible_become_pass=admin1234
- 定义playbooks
]# sudo vim /etc/ansible/update_users_pd.yml
- hosts: backsrvs
remote_user: admin
gather_facts: false
tasks:
- name: update users's password
become: yes
become_user: root
become_method: sudo
user: name={{ item.name }} password={{ item.chagepd | password_hash('sha512') }} update_password=always
with_items:
- { name: 'test01',chagepd: 'test1234' }
- { name: 'test02',chagepd: 'test1234' }
- { name: 'test03',chagepd: 'test1234' }
- 执行
]$ sudo ansible-playbook update_users_pd.yml --list-hosts #查看执行脚本中的hosts
]$ sudo ansible-playbook update_users_pd.yml -C #只检查,不真正执行
]$ sudo ansible-playbook update_users_pd.yml
修改单一用户
]# sudo vim /etc/ansible/update_user_pd.yml
- hosts: backsrvs
remote_user: admin
gather_facts: false
tasks:
- name: update users's password
become: yes
become_user: root
become_method: sudo
user: name={{ name }} password={{ chagepd | password_hash('sha512') }} update_password=always
]$ sudo ansible-playbook update_user_pd.yml -e "name=test01 chagepd=test4321"