Features and options to view the module using ansible-doc command
DOC-ansible
Options:
the -l to see all available modules #
-m # View module path
-v # View version
-t TYPE # View plug-in, plug-in: 'Become', 'Cache', 'callback', 'cliconf', 'Connection', 'HTTP API', 'for Inventory,', 'the Lookup', 'shell', 'Module', 'at Strategy', 'VARS'
-s # display usage in a brief format
EG:
# ansible-DOC -s the User
name: # (required) Name of the user to create, remove or modify # this representation with the required word is necessary options
user module
options:
Example:
Scene 1, the new user.
Description of Requirement: new users dba, using BASH Shell, additional group admins, dbagroup, home directory is / home / dba, note: additional group must be a group that already exists.
Master the skill points:
(1) groups is set, groups = group1, group2 .. . .
(2) is a group added in increments, append = yes
(3) state, state = present
(4) home directory: home = / home / dba
(5)shell:shell=/bash/shell
//创建用户
#ansible hadoop -m user -a "name=dba groups=admins,dbagroup append=yes home=/home/dba shell=/bash/shell state=present" 192.168.4.50 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1014, "groups": "admins,dbagroup", "home": "/home/dba", "name": "dba", "shell": "/bash/shell", "state": "present", "system": false, "uid": 1012 }
//查看信息
#ansible hadoop -m shell -a "id dba"
192.168.4.50 | CHANGED | rc=0 >>
uid=1012(dba) gid=1014(dba) groups=1014(dba),1012(admins),1013(dbagroup)
场景2、修改用户属组。
需求描述:修改dba用户附加组为dbagroups(既删除admins组)
掌握技能:
全量变更组属性:append=no(默认就是no)
//执行命令
#ansible hadoop -m user -a "name=dba groups=dbagroup" 192.168.4.50 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "append": false, "changed": true, "comment": "", "group": 1014, "groups": "dbagroup", "home": "/home/dba", "move_home": false, "name": "dba", "shell": "/bash/shell", "state": "present", "uid": 1012 }
//查看信息
#ansible hadoop -m shell -a "id dba" 192.168.4.50 | CHANGED | rc=0 >> uid=1012(dba) gid=1014(dba) groups=1014(dba),1013(dbagroup)
场景3、设置dba用户过期时间
ansible hadoop -m user -a "name=dba expire=1591113600" #过期时间设置为2020-06-03
场景4、删除用户
ansible hadoop -m user -a "name=dba remove=yes state=absent" #remove相当于Linux下删除命令时带的remove参数,表示同时删除家目录和邮件。
场景5、更新用户密码。
ansible hadoop -m user -a "name=dba password=$6$GD8Q update_password=always" #password 后面接的是加密以后的密码。
对密码加密可以使用python的crypt和passlib,passlib需要安装 pip install passlib
进入到python的交互式里面
第一种: import crypt crypt.crypt("密码")
第二种:
from passlib.hash import sha512_crypt
sha512_crypt.hash("密码")
使用playboox创建用户
--- - hosts: hadoop remote_user: root vars_prompt: - name: user_name prompt: Enter Username private: no - name: user_passwd prompt: Enter Password encrypt: "sha512_crypt" confirm: yes tasks: - name: create user user: name: "{{user_name}}" password: "{{user_passwd}}"