sansible.users_and_groups
用户与角色
主分支: 
开发分支: 
此角色用于管理操作系统的用户和组。
安装和依赖
此角色没有依赖。
安装方法是运行 ansible-galaxy install sansible.users_and_groups 或将以下内容添加到 roles.yml 文件中:
- name: sansible.users_and_groups
version: v2.0
然后运行 ansible-galaxy install -p ./roles -r roles.yml。
标签
此角色使用两个标签:build(构建) 和 maintain(维护)。
build- 确保指定的组和用户存在。maintain- 确保在已经构建和配置的实例上用户的存在。
示例
创建两个用户和两个组的简单示例。
- name: 配置用户访问
hosts: sandbox
roles:
- name: sansible.users_and_groups
sansible_users_and_groups_groups:
- name: lorem
system: yes
- name: ipsum
sansible_users_and_groups_users:
- name: lorem.ipsum
groups:
- ipsum
- lorem
ssh_key: ./lorem.ipsum.pub
- name: dolor.ament
groups:
- ipsum
创建一个监禁的 SFTP 用户(请参考 这里 获取详细指导):
- name: 配置用户访问
hosts: sandbox
roles:
- name: sansible.users_and_groups
sansible_users_and_groups_authorized_keys_dir: /etc/ssh/authorized_keys
sansible_users_and_groups_groups:
- name: sftp_only
sansible_users_and_groups_users:
- name: sftp
group: sftp_only
home: /mnt/sftp_vol
在大多数情况下,你可以将用户列表保存在外部的变量文件或组|主机变量文件中。
- name: 配置用户访问
hosts: sandbox
vars_files:
- "vars/sandbox/users.yml"
roles:
- name: sansible.users_and_groups
sansible_users_and_groups_groups: "{{ base_image.os_groups }}"
sansible_users_and_groups_users: "{{ base_image.admins }}"
- name: sansible.users_and_groups
sansible_users_and_groups_users: "{{ developers }}"
将选定的组添加到 sudoers 文件中:
- name: 配置用户访问
hosts: sandbox
vars_files:
- "vars/sandbox/users.yml"
roles:
- name: sansible.users_and_groups
sansible_users_and_groups_groups: "{{ base_image.os_groups }}"
sansible_users_and_groups_users: "{{ base_image.admins }}"
- name: sansible.users_and_groups
sansible_users_and_groups_users: "{{ developers }}"
- name: sansible.users_and_groups
sansible_users_and_groups_sudoers:
- name: wheel
user: "%wheel"
runas: "ALL=(ALL)"
commands: "NOPASSWD: ALL"
使用白名单组选项按需允许用户。
用户的变量文件:
---
# vars/users.yml
sansible_users_and_groups_groups:
- name: admins
- name: developer_group_alpha
- name: developer_group_beta
sansible_users_and_groups_users:
- name: admin.user
group: admins
- name: alpha.user
group: alpha_develops
- name: beta.user
group: developer_group_beta
在基础镜像中:
---
# playbooks/base_image.yml
- name: 基础镜像
hosts: "{{ hosts }}"
vars_files:
- vars/users.yml
roles:
- role: sansible.users_and_groups
sansible_users_and_groups_whitelist_groups:
- admins
- role: base_image
在服务角色中:
---
# playbooks/alpha_service.yml
- name: 阿尔法服务
hosts: "{{ hosts }}"
vars_files:
- vars/users.yml
roles:
- role: sansible.users_and_groups
sansible_users_and_groups_whitelist_groups:
- admins
- developer_group_alpha
- role: alpha_service