RHCE8 练习题:创建用户账户

  1. http://materials.example.com/cd/exam_rhce8/user_list.yml 下载要创建的用户的列表,并将它保存到/home/student/ansible 目录
  2. 在本次考试中使用在其他位置创建的密码库 /home/student/ansible/locker.yml 创建名为 /home/student/ansible/users.yml 的playbook ,从而按以下所述创建用户账户
  3. 职位描述为 developer 的用户应当:
    • devtest主机组中的受管节点上创建
    • pw_developer变量分配密码
    • 是补充组student的成员
  4. 职位描述为manager的用户应当:
    • prod主机组中的受管节点上创建
    • pw_manager变量分配密码
    • 是补充组opsmgr的成员
  5. 密码采用 SHA512 hash 格式
  6. 您的 playbook 应能够在本次考试中使用在其他位置创建的库密码文件 /home/student/ansible/secret.txt 正常运行

Answer

wget http://materials.example.com/cd/exam_rhce8/user_list.yml
vim /home/student/ansible/users.yml
---
- name: create users
  hosts: dev,test,prod
  vars_files:
    - /home/student/ansible/locker.yml
    - /home/student/ansible/user_list.yml
  tasks:
    - name: create user and student group
      group:
        name: student
      loop: "{{ users }}"
      when: item.job == "developer" and (inventory_hostname in groups.dev or inventory_hostname in groups.test)
    - name: create user and pass
      user:
        name: "{{ item.name }}"
        password: "{{ pw_developer | password_hash('sha512') }}"
        groups: student
      loop: "{{ users }}"
      when: item.job == "developer" and (inventory_hostname in groups.dev or inventory_hostname in groups.test)

    - name: create opsmgr group
      group:
        name: opsmgr
      loop: "{{ users }}"
      when: item.job == "manager" and inventory_hostname in groups.prod
    - name: create user and password
      user:
        name: "{{ item.name }}"
        password: "{{ pw_manager | password_hash('sha512') }}"
        groups: opsmgr
      loop: "{{ users }}"
      when: item.job == "manager" and inventory_hostname in groups.prod
ansible-playbook users.yml --vault-password-file=secret.txt

验证

ansible  all -a 'tail -3 /etc/passwd'

Ansible-create-user-0