hosts
[centos-root]
192.168.174.129 ansible_ssh_port=22 
192.168.174.130 ansible_ssh_port=22  
192.168.174.131 ansible_ssh_port=22Ansible Vault 文件
创建 Ansible Vault 文件
# ansible-vault create passwords.ymlNew Vault password:                    # 12345678
Confirm New Vault password:编辑 Ansible Vault 文件
# ansible-vault edit passwords.ymlVault password:passwords.yml
root_accounts:
  192.168.174.129:
    old_password: host1
    new_password: 12345678
  192.168.174.130:
    old_password: host2
    new_password: 12345678
  192.168.174.131:
    old_password: host3
    new_password: 12345678
yunwei_accounts:
  192.168.174.129:
    init_password: yunwei_129
  192.168.174.130:
    init_password: yunwei_130
  192.168.174.131:
    init_password: yunwei_131playbook
create_user-playbook.yaml
- hosts: centos
  remote_user: root
  gather_facts: no  # 禁用 Ansible 在执行任务之前从目标主机中收集信息
  vars_files:
    - passwords.yaml
  vars:
    ansible_ssh_pass: "{{ root_accounts[inventory_hostname].old_password }}"
    new_username: yunwei
  tasks:
    - name: chattr -i /etc/gshadow /etc/shadow /etc/group /etc/passwd /etc/ssh/sshd_config /etc/profile
      ansible.builtin.shell:
        cmd: |
          chattr -i /etc/gshadow /etc/shadow /etc/group /etc/passwd /etc/ssh/sshd_config /etc/profile
    - name: Create yunwei user
      ansible.builtin.user:
        name: "{{ new_username }}"
        password: "{{ yunwei_accounts[inventory_hostname].init_password | password_hash('sha512')}}"
        shell: /bin/bash
        groups: wheel
    - name: Print temporary password
      debug:
        msg: "The password for {{ new_username }} is {{ yunwei_accounts[inventory_hostname].init_password }}"
  
    - name: chattr +i /etc/gshadow /etc/shadow /etc/group /etc/passwd /etc/ssh/sshd_config /etc/profile
      ansible.builtin.shell:
        cmd: |
          chattr +i /etc/gshadow /etc/shadow /etc/group /etc/passwd /etc/ssh/sshd_config /etc/profilecheck_user-playbook.yaml
- hosts: centos
  remote_user: yunwei
  gather_facts: no  # 禁用 Ansible 在执行任务之前从目标主机中收集信息
  #ansible_become_method: sudo
  #ansible_become_user: root
  vars_files:
    - passwords.yaml
  vars:
    ansible_ssh_pass: "{{ yunwei_accounts[inventory_hostname].init_password }}"
    ansible_become_pass: "{{ yunwei_accounts[inventory_hostname].init_password }}"
  tasks:
    - name: check password using yunwei
      ansible.builtin.shell:
        cmd: id
      register: command_result
    - name: Print yunwei info
      debug:
        msg: " user info is {{ command_result.stdout }}"
    - name: check password using root
      ansible.builtin.shell:
        cmd:  id
      become: yes
      register: command_result_1
    - name: Print root info
      debug:
        msg: " user info is {{ command_result_1.stdout }}"user-playbook.yaml
- import_playbook: create_user-playbook.yaml
- import_playbook: check_user-playbook.yaml测试 playbook
# ansible-playbook -i hosts user-playbook.yaml --ask-vault-passVault password: 
PLAY [centos] *****************************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************************
ok: [192.168.174.130]
ok: [192.168.174.129]
ok: [192.168.174.131]
TASK [chattr -i /etc/gshadow /etc/shadow /etc/group /etc/passwd /etc/ssh/sshd_config /etc/profile] ****************************************************************************
changed: [192.168.174.131]
changed: [192.168.174.130]
changed: [192.168.174.129]
TASK [Create yunwei user] *****************************************************************************************************************************************************
changed: [192.168.174.129]
changed: [192.168.174.131]
changed: [192.168.174.130]
TASK [Print temporary password] ***********************************************************************************************************************************************
ok: [192.168.174.129] => {
    "msg": "The password for yunwei is yunwei_129"
}
ok: [192.168.174.130] => {
    "msg": "The password for yunwei is yunwei_130"
}
ok: [192.168.174.131] => {
    "msg": "The password for yunwei is yunwei_131"
}
TASK [chattr +i /etc/gshadow /etc/shadow /etc/group /etc/passwd /etc/ssh/sshd_config /etc/profile] ****************************************************************************
changed: [192.168.174.129]
changed: [192.168.174.131]
changed: [192.168.174.130]
PLAY [centos] *****************************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************************
ok: [192.168.174.130]
ok: [192.168.174.129]
ok: [192.168.174.131]
TASK [check password using yunwei] ********************************************************************************************************************************************
changed: [192.168.174.130]
changed: [192.168.174.131]
changed: [192.168.174.129]
TASK [Print yunwei info] ******************************************************************************************************************************************************
ok: [192.168.174.129] => {
    "msg": " user info is uid=1002(yunwei) gid=1002(yunwei) groups=1002(yunwei),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
}
ok: [192.168.174.130] => {
    "msg": " user info is uid=1002(yunwei) gid=1002(yunwei) groups=1002(yunwei),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
}
ok: [192.168.174.131] => {
    "msg": " user info is uid=1000(yunwei) gid=1000(yunwei) groups=1000(yunwei),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
}
TASK [check password using root] **********************************************************************************************************************************************
changed: [192.168.174.129]
changed: [192.168.174.131]
changed: [192.168.174.130]
TASK [Print root info] ********************************************************************************************************************************************************
ok: [192.168.174.129] => {
    "msg": " user info is uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
}
ok: [192.168.174.130] => {
    "msg": " user info is uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
}
ok: [192.168.174.131] => {
    "msg": " user info is uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
}
PLAY RECAP ********************************************************************************************************************************************************************
192.168.174.129            : ok=10   changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.174.130            : ok=10   changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.174.131            : ok=10   changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0    
    










