ansible 创建修改用户属性,选项来自官网,如果有出入,已官网为主
参数 | 是否必需 | 默认 | 选项 | 说明 |
append | no | no | yes no | 如果设置yes,只添加groups,不添加在组列表里 |
comment | no | 注释 | ||
createhome | no | yes | yes no | 除非设置为no,否则家目录在创建的时候将被创建。 |
expires | no | None | 设置用户的过期时间 | |
force | no | yes no | 此选项在使用state=absent时有效,如userder --force | |
generate_ssh_key | no | no | 为用户生成秘钥 | |
group | no | no | 设置用户组 | |
groups | no | 设置公共组 | ||
home | no | 设置用户家目录 | ||
move_home | no | no | yes no | 移动用户的家目录,如果目标路径目录不存在的话 |
name | yes | 用户名 | ||
non_unique | no | no | 有选择地使用- u选项时,该选项允许改变非唯一的用户ID值。 | |
password | no | 设置用户密码 | ||
remove | no | yes no | 当使用state=absent时,与userderl --remove一样 | |
shell | no | 设置用户shell环境 | ||
ssh_key_bits | no | default set by ssh-keygen | 设置key大小 | |
ssh_key_comment | no | ansible-generated on $HOSTNAME | key注释 | |
ssh_key_file | no | .ssh/id_rsa | 指定key文件 | |
ssh_key_passphrase | no | 设置一个SSH密钥的密码。如果没有提供密码,SSH密钥将默认没有密码。 | ||
ssh_key_type | no | rsa | 选择指定SSH密钥生成的类型。可用的SSH密钥类型将取决于实现目标主机上。 | |
state | no | present | present absent | 删除与创建 |
system | no | no | yes no | 是否创建为系统用户 |
uid | no | 指定用户uid | ||
update_password | no | always | always on_create | always更新密码,如果密码不一致的话。on_create将只在创建时为用户设置密码。 |
添加用户指定uid,指定密码
密码必须使用加密的密码,使用加密密码如下:
#yum install python-passlib-1.6.2-2.el7.noarch
生成密码:
#python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())"Password: $6$rounds=100000$yAREAXRZhsaV0m9R$BhkAGxurVuF/Lkn0lOUI6S9yvhelugRYtwfUUWwYQL7SdQiQgeVdjHspcrvr2CNK.9CjTGxx1FHPXOB0k/dyR0
使用生成的密码:
# ansible dbserver -m user -a "name=ckl password=$6$rounds=100000$yAREAXRZhsaV0m9R$BhkAGxurVuF/Lkn0lOUI6S9yvhelugRYtwfUUWwYQL7SdQiQgeVdjHspcrvr2CNK.9CjTGxx1FHPXOB0k/dyR0 uid=1003"172.16.110.49 | SUCCESS => { "changed": true, "comment": "", "createhome": true, "group": 1003, "home": "/home/ckl", "name": "ckl", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1003}
但是密码没生效。
2.添加用户,并未用户生成密码,为秘钥设置密码及类型
# ansible dbserver -m user -a "name=zld uid=1004 generate_ssh_key=yes ssh_key_passphrase='147258' ssh_key_type=rsa state=present" 172.16.110.49 | SUCCESS => { "changed": true, "comment": "", "createhome": true, "group": 1004, "home": "/home/zld", "name": "zld", "shell": "/bin/bash", "ssh_fingerprint": "2048 cf:1c:d6:f9:c8:98:c6:bf:3c:57:61:2e:df:eb:04:66 ansible-generated on localhost.localdomain (RSA)", "ssh_key_file": "/home/zld/.ssh/id_rsa", "ssh_public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAOeOi5iJNVQZJ6Wdx9lb2DD2ZEq2wVejqfd68ptP1i0Hg4Dvj3qAzZs5ovwqldDpSumNqeN6huZ4dioXm/ZepQ7amXsgYd8rdCxdAo/fkeS5aaTICO3W1TdOSAmrmIGKv+7C15hsplkua9xIJC/E24gLRntEEDWdsy9HXLBehfDMrgQJv8VMCsE/glvLtwqBzzUMaNpBDy7Fpu5y1lPQ88byxQBkgdNSS3R71WrWhh+UNguU0Sv2FHSCh1/xxOMW07JCbre3W4PPIBFDqMxt5Gm2ZFtZLs+jknYAZh5cvRGKBum7KGZTWNGUvT7B/BzE3CpFuQ78bEboLZT+vKwCj ansible-generated on localhost.localdomain", "state": "present", "system": false, "uid": 1004}
3.强制删除用户
# ansible dbserver -m user -a "name=ckl force=yes state=absent" 172.16.110.49 | SUCCESS => { "changed": true, "force": true, "name": "ckl", "remove": false, "state": "absent"}