CentOS6/7系统修复polkit—Ansible 普通用户拷贝多个文件远程执行脚本

远端的服务器上的普通用户必须要用sudo的权限
hosts文件：测试主机：10.4.7.13



yaml文件编写：
vim /etc/ansible/var-polkit7.yaml

- hosts: '{{ polhosts }}'
  become: yes
  become_user: root
  become_method: sudo
  tasks:
    - name: Copy polkit package and script file
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
      with_items:
        - { src: "/opt/polkit-0.112-26.el7_9.1.x86_64.rpm", dest: "/tmp/" }
        - { src: "/root/polkit_xf.sh", dest: "/tmp/" }
    - name: Add script permissions
      file: path=/tmp/polkit_xf.sh mode=0755
    - name: Run script
      shell: /tmp/polkit_xf.sh
    - name: Delete script
      file: path=/tmp/polkit_xf.sh state=absent



编写脚本，调用yaml文件，并传参到yaml文件中

vim /root/pol.sh
#提示信息
print_help(){
    echo "------------------------------------"
    echo " Usage: $0 xxx "
    echo "------------------------------------"
    exit 1
}

if [ $# -ne 1 ];then
clear
echo "输入的参数不对，参数有且只有一个。"
print_help
fi
OSVER7=`ansible $1 -m shell -a "cat /etc/redhat-release"|grep "release 7"`
OSVER6=`ansible $1 -m shell -a "cat /etc/redhat-release"|grep "release 6"`
if [[ ! -z $OSVER7 ]];then
ansible-playbook /etc/ansible/var-polkit7.yaml --extra-vars "polhosts=$1"

fi

if [[ ! -z $OSVER6 ]];then
ansible-playbook /etc/ansible/var-polkit6.yaml --extra-vars "polhosts=$1"

fi
#########+++++++=
vim /root/polkit_xf.sh

#!/bin/bash
##polkit 漏洞修复
#2022-02-18
POL=`rpm -qa polkit`
C7POLKIT="/tmp/polkit-0.112-26.el7_9.1.x86_64.rpm"
C6POLKIT="/tmp/polkit-0.96-11.el6_10.1.x86_64.rpm"
OSVER7=`cat /etc/redhat-release |awk '{print $4}'| awk -F [.] '{print $1}'`
OSVER6=`cat /etc/redhat-release |awk '{print $3}'| awk -F [.] '{print $1}'`

function polkit_check(){
clear
date
if [[ $POL == "polkit-0.112-26.el7_9.1.x86_64" ]]; then
   echo "此系统的polkit漏洞已修复好，不用重复执行脚本。"
exit
fi

if [[ $POL == "polkit-0.96-11.el6_10.1.x86_64" ]]; then
echo "此系统的polkit漏洞已修复好，不用重复执行脚本。"
exit
fi

}

function polkit_xf(){
polkit_check
if [[ ! -z $POL ]]; then
    if [ $OSVER7 -eq 7 ];then
      rpm -Uvh $C7POLKIT --nodeps --force >/tmp/polkitxf.txt 2>&1
      if [ $? -eq 0 ]; then
         echo "polkit 漏洞修复完成。"
     rm -f $C7POLKIT
     exit 
  else

echo -e "\033[31m polkit 漏洞修复失败，日志文件/tmp/polkitxf.txt 。\033[0m"
exit

  fi

fi

else
echo "此系统未安装polkit，不用修复。"

exit
fi

####CentOS6

if [[ ! -z $POL ]]; then
  if [ $OSVER6 -eq 6 ];then
    rpm -Uvh $C6POLKIT --nodeps --force >/tmp/polkitxf.txt 2>&1
    if [ $? -eq 0 ]; then
      echo "polkit 漏洞修复完成。"
      rm -f $C6POLKIT
      exit
    else
echo -e "\033[31m polkit 漏洞修复失败，日志文件/tmp/polkitxf.txt 。\033[0m"
    exit
    fi
fi
else
    echo "此系统未安装polkit，不用修复。"
    exit
fi
}

polkit_xf

#####++#
在ansible服务器上执行脚本 /root/pol.sh s31


10.4.7.13查看polkit