ansible-playbook 可以方便快速的批量执行部署和运维任务, 对于不同的场景和服务器, 需要使用不同的权限提升方式.
最佳实现: 为了提高 playbook 的兼容性, 跟功能没有直接关系的权限提升脚本, 不要出现在 palybook 正文中, 可以在 ansible-playbook 运行的时候, 通过 - e 传入
场景一: 我们有服务器的 root 密码, 而且允许 root 直接登陆.
- ansible-playbook -i 'aliyun.lihuanhuan.net,' ./ansible_playbook_test/site.YAML -e "ansible_ssh_user='root'ansible_ssh_pass='password'"
- # 切换到 app_user, 并执行 java 程序
- - name: run App by java_user
- shell: java -jar hello.jar
- become: yes
- become_method: su
- become_user: app_user
场景二: 我们有服务器的 root 密码, 但是只允许普通用户 user1 使用 su 切换到 root.
- ansible-playbook -i 'aliyun.lihuanhuan.net,' ./ansible_playbook_test/site.YAML -e "ansible_ssh_user='user1'ansible_ssh_pass='user1_password'ansible_become='yes'ansible_become_method='su'ansible_become_user='root'ansible_become_pass='root_password' " -vvv
- # 切换到 app_user, 并执行 java 程序
- - name: run App by java_user
- shell: java -jar hello.jar
- become: yes
- become_method: su
- become_user: app_user
场景三: 我们只有服务器的 app_user 密码, 而且只允许普通用户 user1 使用 su 切换到 app_user.
- ansible-playbook -i 'aliyun.lihuanhuan.net,' ./ansible_playbook_test/site.YAML -e "ansible_ssh_user='user1'ansible_ssh_pass='user1_password'ansible_become='yes'ansible_become_method='su'ansible_become_user='app_user'ansible_become_pass='app_user_password' " -vvv
- # 切换到 app_user, 并执行 java 程序
- - name: run App by java_user
- shell: java -jar hello.jar
- become: yes
- become_method: su
- become_user: app_user
场景四: 我们只有 user1 和 password, 但是允许使用特定的实用程序切换到 root, 例如: dzdo su -
- ansible-playbook -i 'aliyun.lihuanhuan.net,' ./ansible_playbook_test/site.YAML -e "ansible_ssh_user='user1'ansible_ssh_pass='user1_password'ansible_become_exe='dzdo su -'ansible_become='yes'ansible_become_method='su'ansible_become_user='root'ansible_become_pass='user1_password' " -vvv
- # 切换到 app_user, 并执行 java 程序
- - name: run App by java_user
- shell: java -jar hello.jar
- become: yes
- become_method: su
- become_user: app_user
- refer to
来源: http://www.bubuko.com/infodetail-3117893.html