Ansible uses ordinary users to manage the controlled end

The scene that ：ansible Use oldxu Common users uniformly manage all controlled nodes

1： First control end , Charged end , All need to have oldxu user , I won't make a demonstration at the accused end

[[email protected] ~]# echo "123" | passwd --stdin oldxu
Changing password for user oldxu.
passwd: all authentication tokens updated successfully.

2： Connect the control end oldxu The user's public key is pushed to the controlled end oldxu Below the user , So that ordinary users can log in without secret

[rootemanager ~]# su- oldxu
[oldxuemanager ~]ssh-keygen-t rsa -N "" -f ~/.ssh/id_rsa
[oldxuamanager ~]ssh-copy-id -i ~/.ssh/id.pub [email protected]

3. All hosts have oldxu Users must add sudo jurisdiction .

[[email protected]~]# visudo
root    ALL=(ALL)       ALL
oldxu   ALL=(ALL)       NOPASSWD:ALL


 Check if the grammar is correct 
[[email protected] ~]# visudo -c
/etc/sudoers: parsed OK

4. Modify control end /etc/ansible/ansible.cfg Master profile , Configure user authorization

[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False

All the above steps can rely on ansible To do ,root No secret , have access to ansible To add users to all controlled terminals , Set a password for it , Then put the public key of the user at the control end under the specific user at the controlled end , That's it .

Finally, use this ordinary user to test

[[email protected] ~]$ ansible --version
ansible 2.9.27
  config file = /etc/ansible/ansible.cfg

[[email protected] ~]$ ansible all -m ping -i /etc/ansible/hosts