我正在构建一个剧本来转换新供应商提供的 AMI 并为其应用标准。我已经解决了大部分任务,但我面临的挑战是:
/home 在此过程中被挂载为专用分区,一旦挂载,
/home/ec2-useransible_useransible_ssh_private_key_filevars: 覆盖 remote_user中的这些设置设置。我无法确认/否认的是是否有一个附带的
ansible_ssh_private_key_file测试剧本:
---
- hosts: all
become: true
gather_facts: yes
vars:
tasks:
- name: Configure users
block:
- name: Configure Temporary Home
ansible.builtin.file:
vars:
remote_user: ec2-user
ansible_ssh_private_key_file: /home/me/.ssh/id_rsa_ec2-user
path: /home1
state: directory
owner: root
group: root
serole: object_r
setype: user_home_dir_t
seuser: system_u
- name: Configure service_account
ansible.builtin.user:
vars:
remote_user: ec2-user
ansible_ssh_private_key_file: /home/me/.ssh/id_rsa_ec2-user
name: service_account
password_lock: true
comment: Service Account
shell: /bin/bash
home: /home1/service_account
- name: Configure authorized keys
ansible.posix.authorized_key:
vars:
remote_user: ec2-user
ansible_ssh_private_key_file: /home/me/.ssh/id_rsa_ec2-user
user: service_account
state: present
key: https://www.example.com:9090/ssh/pubkey
- name: All other tasks here and below are executed as service_account
ansible.builtin.debug:
msg: "Oh hai!"
...
使用remote_user作为变量不会影响ssh连接插件
- name: Configure service_account
ansible.builtin.user:
vars:
remote_user: ec2-user
...
要么使用它作为关键字
- name: Configure service_account
remote_user: ec2-user
ansible.builtin.user:
vars:
...
,或将其重命名为 ansible_user
- name: Configure service_account
ansible.builtin.user:
vars:
ansible_user: ec2-user
...
选项是等效的。