ansible user module

Features and options to view the module using ansible-doc command

DOC-ansible   
Options: 
　　the -l to see all available modules # 
　　-m # View module path 
　　-v # View version 
　　-t TYPE # View plug-in, plug-in: 'Become', 'Cache', 'callback', 'cliconf', 'Connection', 'HTTP API', 'for Inventory,', 'the Lookup', 'shell', 'Module', 'at Strategy', 'VARS' 
　　-s # display usage in a brief format 
EG: 
# ansible-DOC -s the User 
name: # (required) Name of the user to create, remove or modify # this representation with the required word is necessary options

 

user module

options：

 

Example:

Scene 1, the new user.

Description of Requirement: new users dba, using BASH Shell, additional group admins, dbagroup, home directory is / home / dba, note: additional group must be a group that already exists.

Master the skill points:

(1) groups is set, groups = group1, group2 .. . .

(2) is a group added in increments, append = yes

(3) state, state = present

(4) home directory: home = / home / dba

（5）shell：shell=/bash/shell

//创建用户
#ansible hadoop -m user -a "name=dba groups=admins,dbagroup append=yes home=/home/dba shell=/bash/shell state=present"
192.168.4.50 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1014, 
    "groups": "admins,dbagroup", 
    "home": "/home/dba", 
    "name": "dba", 
    "shell": "/bash/shell", 
    "state": "present", 
    "system": false, 
    "uid": 1012
}
//查看信息

#ansible hadoop -m shell -a "id dba"
192.168.4.50 | CHANGED | rc=0 >>
uid=1012(dba) gid=1014(dba) groups=1014(dba),1012(admins),1013(dbagroup)

场景2、修改用户属组。

需求描述：修改dba用户附加组为dbagroups（既删除admins组）

掌握技能：

　　全量变更组属性：append=no（默认就是no）

//执行命令
#ansible hadoop -m user -a "name=dba groups=dbagroup"
192.168.4.50 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "append": false, 
    "changed": true, 
    "comment": "", 
    "group": 1014, 
    "groups": "dbagroup", 
    "home": "/home/dba", 
    "move_home": false, 
    "name": "dba", 
    "shell": "/bash/shell", 
    "state": "present", 
    "uid": 1012
}

//查看信息
#ansible hadoop -m shell -a "id dba"
192.168.4.50 | CHANGED | rc=0 >>
uid=1012(dba) gid=1014(dba) groups=1014(dba),1013(dbagroup)

场景3、设置dba用户过期时间

ansible hadoop -m user -a "name=dba expire=1591113600"  #过期时间设置为2020-06-03

场景4、删除用户

ansible hadoop -m user -a "name=dba remove=yes state=absent"   #remove相当于Linux下删除命令时带的remove参数，表示同时删除家目录和邮件。

场景5、更新用户密码。

ansible hadoop -m user -a "name=dba password=$6$GD8Q update_password=always"   #password 后面接的是加密以后的密码。

对密码加密可以使用python的crypt和passlib，passlib需要安装 pip install passlib

进入到python的交互式里面
第一种：
import crypt
crypt.crypt("密码")
第二种：
from passlib.hash import sha512_crypt
sha512_crypt.hash("密码")

使用playboox创建用户

---
- hosts: hadoop
  remote_user: root
  vars_prompt:
    - name: user_name
      prompt: Enter Username
      private: no
    - name: user_passwd
      prompt: Enter Password
      encrypt: "sha512_crypt"
      confirm: yes
  tasks:
    - name: create user
      user:
        name: "{{user_name}}"
        password: "{{user_passwd}}"