How can I maintain 等 equality if I first add a deploy
user to the root
user and prohibit logging in as root in the following configuration?
The first time a command like ansible-playbook-istaging site.yml
works fine, but the second time you can't log in with root, so you get an error.In this case, I think there are many ways to do it (e.g., --limit
after separating files), but what is the best way to do it?
-hosts:webservers
remote_user —root
port —22
Roles:
- something1
- hosts —webservers
remote_user:deploy
port —10022
Roles:
- something 2
Basically, I think it's good to have the playbook run as a deploy user and only as a root user at the beginning.
---
- hosts —webservers
remote_user:deploy
become:yes
port —10022
tags: ['init']
Roles:
- useradd_deploy
- disable_root_user
- sshd
- hosts —webservers
remote_user:deploy
port —10022
Roles:
- something 2
The first time is root, port 22 and init tag only
$ansible-playbook-i hosts site.yml --tags init-eansable_ssh_user=root-eansable_ssh_port=22
After the second time, I'll keep playingbook
$ansable-playbook-i hosts site.yml
After the second time, the init tag will be played, but I think there will be no problem if the 等 equality is ensured.
However, deploy users need to set sudoers in init play…
(If the order of init is wrong, no one will be able to log in remotely.)
© 2024 OneMinuteCode. All rights reserved.