共计 1728 个字符,预计需要花费 5 分钟才能阅读完成。
ansible-playbook 可以方便快速的批量执行部署和运维任务,对于不同的场景和服务器,需要使用不同的权限提升方式。
最佳实现:为了提高 playbook 的兼容性,跟功能没有直接关系的权限提升脚本,不要出现在 palybook 正文中,可以在 ansible-playbook 运行的时候,通过 - e 传入
场景一:我们有服务器的 root 密码,而且允许 root 直接登陆。
ansible-playbook -i 'aliyun.lihuanhuan.net,' ./ansible_playbook_test/site.yml -e "ansible_ssh_user='root'ansible_ssh_pass='password'"# 切换到 app_user,并执行 java 程序
- name: run app by java_user
shell: java -jar hello.jar
become: yes
become_method: su
become_user: app_user场景二:我们有服务器的 root 密码,但是只允许普通用户 user1 使用 su 切换到 root。
ansible-playbook -i 'aliyun.lihuanhuan.net,' ./ansible_playbook_test/site.yml -e "ansible_ssh_user='user1'ansible_ssh_pass='user1_password'ansible_become='yes'ansible_become_method='su'ansible_become_user='root'ansible_become_pass='root_password' " -vvv# 切换到 app_user,并执行 java 程序
- name: run app by java_user
shell: java -jar hello.jar
become: yes
become_method: su
become_user: app_user场景三:我们只有服务器的 app_user 密码,而且只允许普通用户 user1 使用 su 切换到 app_user。
ansible-playbook -i 'aliyun.lihuanhuan.net,' ./ansible_playbook_test/site.yml -e "ansible_ssh_user='user1'ansible_ssh_pass='user1_password'ansible_become='yes'ansible_become_method='su'ansible_become_user='app_user'ansible_become_pass='app_user_password' " -vvv# 切换到 app_user,并执行 java 程序
- name: run app by java_user
shell: java -jar hello.jar
become: yes
become_method: su
become_user: app_user场景四:我们只有 user1 和 password,但是允许使用特定的实用程序切换到 root,例如:dzdo su –
ansible-playbook -i 'aliyun.lihuanhuan.net,' ./ansible_playbook_test/site.yml -e "ansible_ssh_user='user1'ansible_ssh_pass='user1_password'ansible_become_exe='dzdo su -'ansible_become='yes'ansible_become_method='su'ansible_become_user='root'ansible_become_pass='user1_password' " -vvv# 切换到 app_user,并执行 java 程序
- name: run app by java_user
shell: java -jar hello.jar
become: yes
become_method: su
become_user: app_userrefer to https://docs.ansible.com/ansi…
正文完
