安装passlib模块

  1. pip install passlib

生成密码

  1. from passlib.hash import sha512_crypt
  3. print(sha512_crypt.using(rounds=5000).hash("MyPassWord"))

image.png

记下输出的字符串$6$jBbNgHw4kiSOPjmQ$Py3pOVYj2FzLNFsKRfw8fNXzz6kIsdvgRn4ABAvFExQhtnCZaX/kiV.CigQXxnroguBavY8P9K3kMdy.2D1hv.

编写playbook

替换YOUR-HASHED-PASSWORD为你刚获得的密码加密串

  1. ---
  2. - hosts: "all"
  3.   gather_facts: no
  4.   vars:
  5.     sre_user_name: sre
  6.     sre_hashed_pwd: YOUR-HASHED-PASSWORD
  7.   tasks:
  8.   - name: add {{sre_user_name}} user
  9.     user:
  10.       name: "{{sre_user_name}}"
  11.       groups: sudo,{{sre_user_name}}
  12.       password: "{{sre_hashed_pwd}}"
  13.   - name: set authorized_key for {{sre_user_name}}
  14.     authorized_key:
  15.       user: "{{sre_user_name}}"
  16.       comment: "{{ item }}@github"
  17.       key: https://github.com/{{ item }}.keys
  18.     with_items:
  19.     - github_userid_of_sre1
  20.     - github_userid_of_sre2
  21.     - github_userid_of_sre3

以上playbook先创建一个用户并设置密码,把用户加入到sudo组(默认ubuntu下sudo组可以使用sudo执行命令),然后从github接口获取sre们的公钥,前提是这些人在github正确配置了他们的公钥