ansibleplaybook权限提升多种方式

25次阅读

共计 1728 个字符,预计需要花费 5 分钟才能阅读完成。

ansible-playbook 可以方便快速的批量执行部署和运维任务,对于不同的场景和服务器,需要使用不同的权限提升方式。

最佳实现:为了提高 playbook 的兼容性,跟功能没有直接关系的权限提升脚本,不要出现在 palybook 正文中,可以在 ansible-playbook 运行的时候,通过 - e 传入

场景一:我们有服务器的 root 密码,而且允许 root 直接登陆。

ansible-playbook -i 'aliyun.lihuanhuan.net,' ./ansible_playbook_test/site.yml -e "ansible_ssh_user='root'ansible_ssh_pass='password'"
# 切换到 app_user,并执行 java 程序
- name: run app by java_user
  shell: java -jar hello.jar
  become: yes
  become_method: su
  become_user: app_user

场景二:我们有服务器的 root 密码,但是只允许普通用户 user1 使用 su 切换到 root。

ansible-playbook -i 'aliyun.lihuanhuan.net,' ./ansible_playbook_test/site.yml -e "ansible_ssh_user='user1'ansible_ssh_pass='user1_password'ansible_become='yes'ansible_become_method='su'ansible_become_user='root'ansible_become_pass='root_password' " -vvv
# 切换到 app_user,并执行 java 程序
- name: run app by java_user
  shell: java -jar hello.jar
  become: yes
  become_method: su
  become_user: app_user

场景三:我们只有服务器的 app_user 密码,而且只允许普通用户 user1 使用 su 切换到 app_user。

ansible-playbook -i 'aliyun.lihuanhuan.net,' ./ansible_playbook_test/site.yml -e "ansible_ssh_user='user1'ansible_ssh_pass='user1_password'ansible_become='yes'ansible_become_method='su'ansible_become_user='app_user'ansible_become_pass='app_user_password' " -vvv
# 切换到 app_user,并执行 java 程序
- name: run app by java_user
  shell: java -jar hello.jar
  become: yes
  become_method: su
  become_user: app_user

场景四:我们只有 user1 和 password,但是允许使用特定的实用程序切换到 root,例如:dzdo su –

ansible-playbook -i 'aliyun.lihuanhuan.net,' ./ansible_playbook_test/site.yml -e "ansible_ssh_user='user1'ansible_ssh_pass='user1_password'ansible_become_exe='dzdo su -'ansible_become='yes'ansible_become_method='su'ansible_become_user='root'ansible_become_pass='user1_password' " -vvv
# 切换到 app_user,并执行 java 程序
- name: run app by java_user
  shell: java -jar hello.jar
  become: yes
  become_method: su
  become_user: app_user

refer to https://docs.ansible.com/ansi…

正文完
 0