Grooup
- name 组名称
- system 是否为系统组yes | no(默认值)
# 添加用户组
ansible dbservers -m group -a "name=db_admin"
ansible dbservers -m shell -a "cat /etc/group | grep db_admin"
[root@ceph1 ~]# ansible dbservers -m shell -a "cat /etc/group | grep db_admin"
ceph2 | CHANGED | rc=0 >>
db_admin:x:1000:
# 删除组
ansible dbservers -m group -a "name=db_admin state=absent"
User
- name 用户名
- password 密码
- update_password 更新密码
- home 指定家目录
- shell 设置用户的shell
- comment 用户描述信息
- create_home 创建时是否创建家目录,默认创建,不创建no
- group 主组
- groups 多个组用,隔开 默认会把用户从其他已经加入的组中删除
- system 系统账户
- expires 设置用户时间
- state absent 删除
- remove 配合 state=absent 删除一个用户关联的目录
# 创建用户并设置密码
pass=$(echo "123456" | openssl passwd -1 -stdin)
[root@ceph1 ~]# echo $pass
$1$HOQstTwC$1.zVXDM3NMaPt1EXjK4Hf.
ansible dbservers -m user -a "name=foo password=${pass}"
[root@ceph1 ~]# ansible dbservers -m shell -a "cat /etc/passwd | grep foo"
ceph2 | CHANGED | rc=0 >>
foo:x:1000:1001::/home/foo:/bin/bash
# 创建用户并创建秘钥对
ansible dbservers -m user -a "name=db_user generate_ssh_key=yes ssh_key_type=ecdsa"
[root@ceph2 ~]# ls /home/db_user/.ssh/
id_ecdsa id_ecdsa.pub
# 创建用户过期时间20210101 追加组
ansible dbservers -m user -a "name=tom expires=$(date +%s -d 20210101) groups=db_admin append=yes"
[root@ceph2 ~]# id tom
uid=1002(tom) gid=1003(tom) 组=1003(tom),1000(db_admin)
[root@ceph2 ~]# tail /etc/shadow
dbus:!!:18516::::::
polkitd:!!:18516::::::
sshd:!!:18516::::::
postfix:!!:18516::::::
chrony:!!:18516::::::
libstoragemgmt:!!:18516::::::
ceph:!!:18516::::::
foo:$1$HOQstTwC$1.zVXDM3NMaPt1EXjK4Hf.:18519:0:99999:7:::
db_user:!!:18519:0:99999:7:::
tom:!!:18519:0:99999:7::18627:
END