user 模块添加用户
python -c 'from passlib.hash import sha512_crypt; import getpass; print (sha512_crypt.encrypt(getpass.getpass()))' #python3 生成密码
ansible all -m user -a "name=admin password=$Mf6OK/7vjBDxZbjo$6Nj10h0Oa1fEoULbObgVcVWMT1XwCBR home=/app/admin createhome=yes" #使用user模块创建用户
cat /etc/shadow | grep admin #查看用户的密码
cat /etc/passwd |cut -f 1 -d :|grep admin #查看某个用户是否存在
批量修改用户密码
##### playbook###
---
- hosts: k8s
gather_facts: false
tasks:
- name: change user passwd
user: name={{ item.name }} password={{ item.chpass | password_hash('sha512') }} update_password=always
with_items:
- { name: 'admin', chpass: '123456' }
- { name: 'test', chpass: '123456' }
- { name: 'nginx', chpass: '123456' }
####然后执行
ansible-playbook -i /etc/xxxx all playbook
添加sudo 权限
ansible -i xxxxxxx all -m shell -a '
echo "
admin ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers'
playbook 添加具有sudo 权限的用户
---
- hosts: all
vars:
user: admin
password: "$6$rounds=100000$O2BHfT2XIF6oDb9w$8Hhv4vOrLN6JF/nRVYDd8zZdnn9TNkQutyYYywIcPF2kRiHgkwAjqHIN7sDUkd1DcjLRABWT9ULHZPBOF2bZS/"
remote_user: root
tasks:
- name: Add user {{ user }}
user: name={{user}} comment="ceph user" password={{ password }}
- name: Config /etc/sudoers
lineinfile: dest=/etc/sudoers state=present line='{{item}}' validate='visudo -cf %s'
with_items:
- "{{ user}} ALL=(ALL) NOPASSWD: ALL"
- "Defaults: {{user}} !requiretty"