ansible远程创建用户和加密文件

批量添加用户

[devlops@server1 ansible]$ ansible-playbook useradd.yml 
[devlops@server1 ansible]$ cat useradd.yml 
---
- hosts: test
  tasks: 
    - name: create user
      user:
        name: "{{ item.user }}"
        password: "{{ 'item.pass' | password_hash('sha512') }}"
        state: present
      loop:
        - { user: user1, pass: 123 }
        - { user: user2, pass: 456 }
        - { user: user3, pass: 789 }

设置加密文件

[devlops@server1 ansible]$ ansible-vault
Usage: ansible-vault [create|decrypt|edit|encrypt|encrypt_string|rekey|view] [options] [vaultfile.yml]

[devlops@server1 ansible]$ ansible-vault encrypt userlist.yml 		##加密文件
[devlops@server1 ansible]$ ansible-vault edit userlist.yml			##编辑加密文件 
[devlops@server1 ansible]$ cat userlist.yml 
[devlops@server1 ansible]$ ansible-vault decrypt userlist.yml 		##取消加密
[devlops@server1 ansible]$ cat userlist.yml 

[devlops@server1 ansible]$ ansible-playbook useradd.yml --ask-vault-pass

目标主机创建的用户密码是加密过的