我在 yaml 文件中有一个用户列表,带有一个标志:state。
如果标志未定义或者它是 != "absent",我创建用户:
- name: "create account for {{item.name}}"
user:
name: "{{item.name}}"
create_home: no
shell: "/bin/bash"
loop: "{{users}}"
when:
- item.state is undefined or item.state != "absent"
相反,我不允许“缺席”用户连接:
- name: "disable user {{item.name}}"
user:
name: "{{item.name}}"
shell: "/sbin/nologin"
loop: "{{users}}"
when:
- item.state is defined and item.state == "absent"
但是我怎样才能做到只有现有用户才能被禁用?(而不是创建用户将其外壳设置为/sbin/nologin)
问:“只能禁用现有用户。”
A: 只修改当前用户,使用getent读取 /etc/passwd 并创建一个当前用户列表。然后在条件下使用它。例如
- getent:
database: passwd
- set_fact:
users_present: "{{ getent_passwd.keys()|list }}"
- name: "disable user {{ item.name }}"
user:
name: "{{ item.name }}"
shell: /sbin/nologin
loop: "{{ users }}"
when:
- item.name in users_present
- item.state|default('present') == 'absent'
注意1:默认状态为“present”而不是测试属性的存在更健壮
- name: "create account for {{ item.name }}"
user:
name: "{{ item.name }}"
create_home: no
shell: /bin/bash
loop: "{{ users }}"
when: item.state|default('present') != 'absent'
注2:模块用户不会抱怨'state=absent' 时不存在'name'。因此,在这种情况下没有必要测试用户的存在。只需禁用用户。例如
- name: "disable user {{ item.name }}"
user:
name: "{{ item.name }}"
state: absent
loop: "{{ users }}"
when: item.state|default('present') == 'absent'