查看模块的功能和选项,使用ansible-doc命令
ansible-doc
options:
-l #查看所有可用的模块
-m #查看模块的路径
-v #查看版本
-t TYPE #查看插件,插件:'become', 'cache','callback', 'cliconf', 'connection', 'httpapi','inventory', 'lookup', 'shell', 'module', 'strategy','vars'
-s #以简短格式显示用法
eg:
#ansible-doc user -s
name: # (required) Name of the user to create, remove or modify #这种带有required字样的表示为必须选项
user模块
options:
示例:
场景1、新增用户。
需求描述:新增用户dba,使用BASH Shell,附加组为admins,dbagroup,家目录为/home/dba,注意:附加组必须为已经存在的组。
掌握技能点:
(1)groups设定,groups=group1,group2.。。。
(2)增量添加属组,append=yes
(3)状态,state=present
(4)家目录:home=/home/dba
(5)shell:shell=/bash/shell
//创建用户
#ansible hadoop -m user -a "name=dba groups=admins,dbagroup append=yes home=/home/dba shell=/bash/shell state=present" 192.168.4.50 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1014, "groups": "admins,dbagroup", "home": "/home/dba", "name": "dba", "shell": "/bash/shell", "state": "present", "system": false, "uid": 1012 }
//查看信息
#ansible hadoop -m shell -a "id dba"
192.168.4.50 | CHANGED | rc=0 >>
uid=1012(dba) gid=1014(dba) groups=1014(dba),1012(admins),1013(dbagroup)
场景2、修改用户属组。
需求描述:修改dba用户附加组为dbagroups(既删除admins组)
掌握技能:
全量变更组属性:append=no(默认就是no)
//执行命令
#ansible hadoop -m user -a "name=dba groups=dbagroup" 192.168.4.50 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "append": false, "changed": true, "comment": "", "group": 1014, "groups": "dbagroup", "home": "/home/dba", "move_home": false, "name": "dba", "shell": "/bash/shell", "state": "present", "uid": 1012 }
//查看信息
#ansible hadoop -m shell -a "id dba" 192.168.4.50 | CHANGED | rc=0 >> uid=1012(dba) gid=1014(dba) groups=1014(dba),1013(dbagroup)
场景3、设置dba用户过期时间
ansible hadoop -m user -a "name=dba expire=1591113600" #过期时间设置为2020-06-03
场景4、删除用户
ansible hadoop -m user -a "name=dba remove=yes state=absent" #remove相当于Linux下删除命令时带的remove参数,表示同时删除家目录和邮件。
场景5、更新用户密码。
ansible hadoop -m user -a "name=dba password=$6$GD8Q update_password=always" #password 后面接的是加密以后的密码。
对密码加密可以使用python的crypt和passlib,passlib需要安装 pip install passlib
进入到python的交互式里面
第一种: import crypt crypt.crypt("密码")
第二种:
from passlib.hash import sha512_crypt
sha512_crypt.hash("密码")
使用playboox创建用户
--- - hosts: hadoop remote_user: root vars_prompt: - name: user_name prompt: Enter Username private: no - name: user_passwd prompt: Enter Password encrypt: "sha512_crypt" confirm: yes tasks: - name: create user user: name: "{{user_name}}" password: "{{user_passwd}}"