1.1 Ansible模块说明-2
1.1.1 用户模块
用户模块可以帮助用户管理远程客户机中的用户,例如创建、删除、修改用户属性等。其常用的参数如表1.5所示。
表1.1 user模块常用参数在具体使用中,读者可根据需要合理选择所需的参数。下面通过一些示例来做相关演示,具体如下所示。
l 创建用户
给webserver组管控的客户机上添加一个名为“qianfeng”的新用户,代码如下所示。
[root@ansible ~]# ansible webserver -m user -a 'name=qianfeng state=present'
host2 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/qianfeng",
"name": "qianfeng",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
host1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/qianfeng",
"name": "qianfeng",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
host3 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1002,
"home": "/home/qianfeng",
"name": "qianfeng",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1002
}
添加完成后,在客户机上查看“qianfeng”用户,结果如下所示。
[root@host1 ~]# id qianfeng
uid=1000(qianfeng) gid=1000(qianfeng) 组=1000(qianfeng)
[root@host2 ~]# id qianfeng
uid=1000(qianfeng) gid=1000(qianfeng) 组=1000(qianfeng)
[root@host3 ~]# id qianfeng
uid=1002(qianfeng) gid=1002(qianfeng) 组=1002(qianfeng)
通过代码的反馈结果可以看到,webserver组中的每个客户机都已完成新用户的创建,Ansible操作成功。
l 删除用户
当客户机中有一些闲置用户不再使用时,可以进行删除。使用Ansible删除刚刚添加至webserver组中的“qianfeng”新用户,代码如下所示。
[root@ansible ~]# ansible webserver -m user -a 'name=qianfeng state=absent'
host2 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "qianfeng",
"remove": false,
"state": "absent"
}
host1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "qianfeng",
"remove": false,
"state": "absent"
}
host3 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "qianfeng",
"remove": false,
"state": "absent"
}
l 设置加密密码
出于安全起见,在设置用户时可以先通过opsenssl对密码进行加密,再使用加密后的信息定义用户,操作如下所示。
#对密码进行加密
[root@ansible ~]# echo '777777' | openssl passwd -1 -stdin
$1$3863DuGb$RKOLEcxxoz4A.ecSQzysN/
#设置“qianfeng”用户的密码为加密后的密码
[root@ansible ~]# ansible webserver -m user -a 'name=qianfeng password="$1$3863DuGb$RKOLEcxxoz4A.ecSQzysN/"'
host2 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": true,
"comment": "",
"group": 1000,
"home": "/home/qianfeng",
"move_home": false,
"name": "qianfeng",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 1000
}
host3 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": true,
"comment": "",
"group": 1002,
"home": "/home/qianfeng",
"move_home": false,
"name": "qianfeng",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 1002
}
host1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": true,
"comment": "",
"group": 1000,
"home": "/home/qianfeng",
"move_home": false,
"name": "qianfeng",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 1000
}
通过代码的反馈结果可以看到,用户密码为密文信息。
l 修改shell
修改webserver组中客户机的shell为“sbin/nologin”,操作如下所示。
[root@ansible ~]# ansible webserver -m user -a 'name=qianfeng shell=/sbin/nologin append=yes'
host1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": true,
"changed": true,
"comment": "",
"group": 1000,
"home": "/home/qianfeng",
"move_home": false,
"name": "qianfeng",
"shell": "/sbin/nologin",
"state": "present",
"uid": 1000
}
host2 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": true,
"changed": true,
"comment": "",
"group": 1000,
"home": "/home/qianfeng",
"move_home": false,
"name": "qianfeng",
"shell": "/sbin/nologin",
"state": "present",
"uid": 1000
}
host3 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": true,
"changed": true,
"comment": "",
"group": 1002,
"home": "/home/qianfeng",
"move_home": false,
"name": "qianfeng",
"shell": "/sbin/nologin",
"state": "present",
"uid": 1002
}
通过代码的反馈结果可以看到,客户机的shell从“/bin/bash”更改为“sbin/nologin”,操作成功。
参数 | 备注 |
|---|---|
name | 用于指定要操作的组名称 |
group | 定用户所在的基本组 |
gourps | 指定用户所在的附加组,如果用户已经存在并且已经拥有多个附加组,那么如果想要继续添加新的附加组,需要结合append参数使用,否则在默认情况下,当再次使用groups参数设置附加组时,用户原来的附加组会被覆盖 |
append | 如果用户原本就存在多个附加组,那么当使用groups参数设置附加组时,当前设置会覆盖原来的附加组设置,如果不想覆盖原来的附加组设置,需要结合append参数,将append设置为yes,表示追加附加组到现有的附加组设置,append默认值为no。 |
shell | 指定用户的默认shell |
uid | 指定用户的uid号 |
expires | 用于指定用户的过期时间 |
comment | 指定用户的注释信息 |
state | 用于指定用户是否存在于远程主机中,可选值有present、absent,默认值为present,表示用户需要存在,当设置为absent时表示删除用户 |
remove | 当state的值设置为absent时,表示要删除远程主机中的用户。但是在删除用户时,不会删除用户的家目录等信息,这是因为remove参数的默认值为no,如果设置为yes,在删除用户的同时,会删除用户的家目录 |
