Ansible如何创建用户?

2023年 7月 30日 75.9k 0

Ansilbe 提供了一个 user 模块,用于创建和管理用户;

但如何在创建用户的同时加秘设置用户密码呢?

图片[1]-Ansible如何创建用户?-不念博客Ansible如何创建用户

Ansible用户创建

  • 创建一个有登录shell 的用户,用户名是 bunian1:
  • name 指定创建的用户名
  • shell 指定用户登录时获得的shell
  • home 为用户创建 HOME 目录
  • state 指定是创建还是删除用户,当 state=absent 时,为删除用户
[root@localhost ansible]# ansible redis -m user -a 'name=bunian1 shell=/bin/bash  home=/home/bunian1/  state=present'
docker125 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1000, 
    "home": "/home/bunian1/", 
    "name": "bunian1", 
    "shell": "/bin/bash", 
    "state": "present", 
    "stderr": "useradd: warning: the home directory already exists.nNot copying any file from skel directory into it.n", 
    "stderr_lines": [
        "useradd: warning: the home directory already exists.", 
        "Not copying any file from skel directory into it."
    ], 
    "system": false, 
    "uid": 1000
}
docker123 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1000, 
    "home": "/home/bunian1/", 
    "name": "bunian1", 
    "shell": "/bin/bash", 
    "state": "present", 
    "stderr": "useradd: warning: the home directory already exists.nNot copying any file from skel directory into it.n", 
    "stderr_lines": [
        "useradd: warning: the home directory already exists.", 
        "Not copying any file from skel directory into it."
    ], 
    "system": false, 
    "uid": 1000
}
docker124 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1000, 
    "home": "/home/bunian1/", 
    "name": "bunian1", 
    "shell": "/bin/bash", 
    "state": "present", 
    "stderr": "useradd: warning: the home directory already exists.nNot copying any file from skel directory into it.n", 
    "stderr_lines": [
        "useradd: warning: the home directory already exists.", 
        "Not copying any file from skel directory into it."
    ], 
    "system": false, 
    "uid": 1000
}

如何设置用户密码

用 ansible 设置用户的密码时,由于需要对传输的密码进行加密,所以要在主机安装python 的passlib 库。

  • 利用 pip 安装 passlib:pip install passlib
  • 生成的经过加密的密码(sha512 加密算法)
  • 说明:在 Password 后输入我们的密码”xxxxx”,然后再按enter键

     python -c 'from passlib.hash import sha512_crypt; import getpass; print (sha512_crypt.encrypt(getpass.getpass()))'
    
    PS F:各组件相关说明ansible相关> pip  install  passlib
    Collecting passlib
      Downloading https://pypi.tuna.tsinghua.edu.cn/packages/3b/a4/ab6b7589382ca3df236e03faa71deac88cae040af60c071a78d254a62172/passlib-1.7.4-py2.py3-none-any.whl (525 kB)      
         |████████████████████████████████| 525 kB 1.3 MB/s 
    Installing collected packages: passlib
    Successfully installed passlib-1.7.4
    WARNING: You are using pip version 20.2.4; however, version 20.3.3 is available.
    You should consider upgrading via the 'c:usersadministratorappdatalocalprogramspythonpython37python.exe -m pip install --upgrade pip' command.
    PS F:各组件相关说明ansible相关> python -c 'from  passlib.hash  import sha512_crypt;  import  getpass;  print (sha512_crypt.encrypt(getpass.getpass()))'
    Password:
    -c:1: DeprecationWarning: the method passlib.handlers.sha2_crypt.sha512_crypt.encrypt() is deprecated as of Passlib 1.7, and will be removed in Passlib 2.0, use .hash() instead.
    $6$rounds=656000$fkskseDMlRAr7..8$./zCF2UbGiO7RrtyILeIckqK1ZU78wVwhWFeSrh2Qki604dG3apeF7BCwynu1HcnBp1g.LaFmZsjRCzJYjvzp/
    
  • 创建带加密码bunian用户
  • [root@localhost ansible]# ansible redis -m user -a 'name=bunian shell=/bin/bash password=$6$rounds=656000$fkskseDMlRAr7..8$./zCF2UbGiO7RrtyILeIckqK1ZU78wVwhWFeSrh2Qki604dG3apeF7BCwynu1HcnBp1g.LaFmZsjRCzJYjvzp/ update_password=always'
    docker125 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "comment": "", 
        "create_home": true, 
        "group": 1001, 
        "home": "/home/bunian", 
        "name": "bunian", 
        "password": "NOT_LOGGING_PASSWORD", 
        "shell": "/bin/bash", 
        "state": "present", 
        "system": false, 
        "uid": 1001
    }
    docker124 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "comment": "", 
        "create_home": true, 
        "group": 1001, 
        "home": "/home/bunian", 
        "name": "bunian", 
        "password": "NOT_LOGGING_PASSWORD", 
        "shell": "/bin/bash", 
        "state": "present", 
        "system": false, 
        "uid": 1001
    }
    docker123 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "comment": "", 
        "create_home": true, 
        "group": 1001, 
        "home": "/home/bunian", 
        "name": "bunian", 
        "password": "NOT_LOGGING_PASSWORD", 
        "shell": "/bin/bash", 
        "state": "present", 
        "system": false, 
        "uid": 1001
    }

    验证

    [root@33a870725069 home]# ll
    total 0
    drwx------ 2 bunian1 bunian1 62 Apr 11  2018 bunian1
    drwx------ 2 bunian      bunian      62 Dec 23 07:29 bunian
    [root@33a870725069 home]# su bunian1
    [bunian1@33a870725069 home]$ su bunian
    Password: 
    [bunian@33a870725069 home]$ 

    相关文章

    服务器端口转发,带你了解服务器端口转发
    服务器开放端口,服务器开放端口的步骤
    产品推荐:7月受欢迎AI容器镜像来了,有Qwen系列大模型镜像
    如何使用 WinGet 下载 Microsoft Store 应用
    百度搜索:蓝易云 – 熟悉ubuntu apt-get命令详解
    百度搜索:蓝易云 – 域名解析成功但ping不通解决方案

    发布评论