系统模块
user模块
管理主机上的用户
[root@self1-centos7-2 19:24:40 ~]#ansible-doc -s user
- name: Manage user accounts
user:
append: # yes,追加附加组
authorization: # Sets the authorization of the user. Does nothing when used with other platforms. Can set multiple authorizations using
comma separation. To delete all authorizations, use `authorization='''. Currently
supported on Illumos/Solaris.
comment: # 指定用户注释信息.
create_home: # Unless set to `no', a home directory will be made for the user when the account is created or if the home directory does
not exist. Changed from `createhome' to `create_home' in Ansible 2.5.
expires: # 指定用户过期时间
force: # This only affects `state=absent', it forces removal of the user and associated directories on supported platforms. The
behavior is the same as `userdel --force', check the man page for `userdel' on your system
for details and support. When used with `generate_ssh_key=yes' this forces an existing key
to be overwritten.
generate_ssh_key: # 为用户生成ssh密钥对,如果已经有相同密钥对,将什么也不做
group: # 指定用户所在的基本组.
groups: # 指定附加组。如果添加更多的附加组,需要结合append实现,否则会覆盖。
input format allowed was a comma separated string.
hidden: # macOS only, optionally hide the user from the login window and system preferences. The default will be `yes' if the
`system' option is used.
home: # Optionally set the user's home directory.
local: # Forces the use of "local" command alternatives on platforms that implement it. This is useful in environments that use
centralized authentification when you want to manipulate the local users (i.e. it uses
`luseradd' instead of `useradd'). This will check `/etc/passwd' for an existing account
before invoking commands. If the local account database exists somewhere other than
`/etc/passwd', this setting will not work properly. This requires that the above commands
as well as `/etc/passwd' must exist on the target host, otherwise it will be a fatal
error.
login_class: # Optionally sets the user's login class, a feature of most BSD OSs.
move_home: # If set to `yes' when used with `home: ', attempt to move the user's old home directory to the specified directory if it
isn't there already and the old home exists.
name: # (required) 要操作的用户名称.
non_unique: # Optionally when used with the -u option, this option allows to change the user ID to a non-unique value.
password: # 指定用户密码,只能是加密过的。加密密码用import crypt;crypt.crygpt('666666')
password_lock: # Lock the password (usermod -L, pw lock, usermod -C). BUT implementation differs on different platforms, this option does
not always mean the user cannot login via other methods. This option does not disable the
user, only lock the password. Do not change the password in the same task. Currently
supported on Linux, FreeBSD, DragonFlyBSD, NetBSD, OpenBSD.
profile: # Sets the profile of the user. Does nothing when used with other platforms. Can set multiple profiles using comma
separation. To delete all the profiles, use `profile='''. Currently supported on
Illumos/Solaris.
remove: # This only affects `state=absent', 删除用户时,此值设为yes,用户的家目录信息一并删除
`userdel --remove', check the man page for details and support.
role: # Sets the role of the user. Does nothing when used with other platforms. Can set multiple roles using comma separation. To
delete all roles, use `role='''. Currently supported on Illumos/Solaris.
seuser: # Optionally sets the seuser type (user_u) on selinux enabled systems.
shell: # 指定用户的默认shell
skeleton: # Optionally set a home skeleton directory. Requires `create_home' option!
ssh_key_bits: # Optionally specify number of bits in SSH key to create.
ssh_key_comment: # 设置公钥的注释信息.
ssh_key_file: # 自定义生成密钥对的位置
ssh_key_passphrase: # 设置私钥密码
ssh_key_type: # 设置密钥对的类型,默认为rsa.
state: # 指定用户是否存在于远程主机,默认present,如果设为absent表示删除用户.
system: # When creating an account `state=present', setting this to `yes' makes the user a system account. This setting cannot be
changed on existing users.
uid: # 给用户设定uid.
update_password: # `always' 将更新密码,默认值. `on_create' 不更新密码,如果新建用户密码会建立.
示例:创建两个用户,并创建了两个组,把young_agg加入到两个组中。删除young_agg2
创建密码
[root@self1-centos7-2 20:12:40 ~]#python;
Python 2.7.5 (default, Oct 30 2018, 23:45:53)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt;crypt.crypt('666666')
'$6$aiO0uCGPNkKMfxLb$8AzJcgPXrf4JeuioQnrGc7IWs/.QqDTIHYkJAlsC.b/4duDLL3Z4bwo3X/azjT4ShpUwtoyqGbeoYYxxMXPzG0'
>>> exit()
创建用户
[root@self1-centos7-2 20:18:14 ~]#ansible self1-1 -m user -a 'name=young_agg password="$6$aiO0uCGPNkKMfxLb$8AzJcgPXrf4JeuioQnrGc7IWs/.QqDTIHYkJAlsC.b/4duDLL3Z4bwo3X/azjT4ShpUwtoyqGbeoYYxxMXPzG0" uid=2019'
self1-1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 2019,
"home": "/home/young_agg",
"name": "young_agg",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 2019
}
[root@self1-centos7-2 20:19:34 ~]#ansible self1-1 -m user -a 'name=young_agg2 password="$6$aiO0uCGPNkKMfxLb$8AzJcgPXrf4JeuioQnrGc7IWs/.QqDTIHYkJAlsC.b/4duDLL3Z4bwo3X/azjT4ShpUwtoyqGbeoYYxxMXPzG0" uid=2020'
self1-1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 2020,
"home": "/home/young_agg2",
"name": "young_agg2",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 2020
}
[root@self1-centos7-2 20:21:41 ~]#ansible self1-1 -m user -a 'name=young_agg password="$6$aiO0uCGPNkKMfxLb$8AzJcgPXrf4JeuioQnrGc7IWs/.QqDTIHYkJAlsC.b/4duDLL3Z4bwo3X/azjT4ShpUwtoyqGbeoYYxxMXPzG0" uid=2019 groups=young_agg2 append=yes'
self1-1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": true,
"changed": true,
"comment": "",
"group": 2019,
"groups": "young_agg2",
"home": "/home/young_agg",
"move_home": false,
"name": "young_agg",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 2019
}
[root@self1-centos7-2 20:22:00 ~]#ansible self1-1 -m user -a 'name=young_agg2 state=absent remove=yes' self1-1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "young_agg2",
"remove": true,
"state": "absent",
"stderr": "userdel: group young_agg2 not removed because it has other members.\n",
"stderr_lines": [
"userdel: group young_agg2 not removed because it has other members."
]
}
group模块
管理远程主机上的组
[root@self1-centos7-2 20:25:13 ~]#ansible-doc -s group
- name: Add or remove groups
group:
gid: # Optional `GID' to set for the group.
local: # Forces the use of "local" command alternatives on platforms that implement it. This is useful in environments that use
centralized authentication when you want to manipulate the local groups. (e.g. it uses
`lgroupadd' instead of `useradd'). This requires that these commands exist on the targeted
host, otherwise it will be a fatal error.
name: # (required) Name of the group to manage.
non_unique: # This option allows to change the group ID to a non-unique value. Requires `gid'. Not supported on macOS or BusyBox
distributions.
state: # Whether the group should be present or not on the remote host.
system: # If `yes', indicates that the group created is a system group.
示例:
确保远程主机上存在组,已存在不做什么,不存在创建之
[root@self1-centos7-2 20:26:04 ~]#ansible self1-1 -m group -a 'name=young_agg2'
self1-1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false, //这个组已经存在
"gid": 2020,
"name": "young_agg2",
"state": "present",
"system": false
}
删除组
[root@self1-centos7-2 20:31:35 ~]#ansible self1-1 -m group -a 'name=young_agg2 state=absent'
self1-1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "young_agg2",
"state": "absent"
}
重新创建,设置gid
[root@self1-centos7-2 20:33:14 ~]#ansible self1-1 -m group -a 'name=young_agg2 gid=1008'
self1-1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 1008,
"name": "young_agg2",
"state": "present",
"system": false
}