千家信息网

saltstack之用户管理

发表于:2024-11-18 作者:千家信息网编辑
千家信息网最后更新 2024年11月18日,在集中化管理中,用户管理是重要的。下面是我自己总结salt对用户管理的文档。一、添加单个用户:生成密码openssl passwd -1 -salt 'linwangyi'user.users文件[r
千家信息网最后更新 2024年11月18日saltstack之用户管理

在集中化管理中,用户管理是重要的。

下面是我自己总结salt对用户管理的文档。

一、添加单个用户:

生成密码

openssl passwd -1 -salt 'linwangyi'

user.users文件

[root@salt51 salt]# cat user/useradd.sls

linwangyi:

user.present:

-fullname: linwangyi D

- shell:/bin/bash

-password: '$1$linwangy$PMII.NL0igptfGBV0PtxI1'

- home:/home/linwangyi

- uid: 501

- gid: 501

- groups:

-linwangyi

- require:

- group:linwangyi

group.present:

- gid: 501

top.sls文件:

[root@salt51salt]# cat top.sls

base:

'*':

- soft_install.nginx

- soft_install.mysql

- soft_install.php

- soft_install.tomcat

- user.useradd

- user.users

- user.userpasswd

- user.userdel

- user.addsudo

- user.addgroup

- user.delgroup


运行结果:

因为有多个.sls文件,如果想单独运行某个的话

salt '*'state.sls xxx

[root@salt51 salt]# salt '192.168.2.99' state.sls user.useradd

192.168.2.99:

----------

ID: linwangyi

Function: group.present

Result: True

Comment: Added group linwangyi

Changes:

----------

省略

uid:

501

workphone:


Summary

------------

Succeeded: 2

Failed: 0

------------

Total: 2


其它参数:

请参考官方其它参数:http://www.saltstack.cn/projects/cssug-kb/wiki/Managing_user_with_salt

user.present: 确保指定的账户名存在,并指定其对应的属性. 这些属性包括如下内容:

name: 指定需要管理的账户名.

uid: 指定uid, 如果不设置将配自动分配下一个有效的uid.

gid: 指定默认的组id(group id)

gid_from_name: 如果设置为_True_,默认的组id将自动设置为和本用户同名的组id

groups: 分配给该用户的组列表(a list of groups). 如果组在minion上不存在,则本state会报错. 如果设置会空,将会删除本用户所属的除了默认组之外的其他组

optional_groups: 分配给用户的组列表。 如果组在minion上不存在,则state会忽略它.

home: 关于用户的家目录(home directory).

password: 设置用户hash之后的密码.

enforce_password: 当设置为_False_时,如果设置的_password_与用户原密码不同,将保持原密码不做更改.如果没有设置_password_选项,该选项将自动忽略掉.

shell: 指定用户的login shell。 默认将设置为系统默认shell。

unique: UID唯一,默认为True.

system: 从_FIRST_SYSTEM_UID_和_LAST_SYSTEM_UID_间选择一个随机的UID.


二、批量添加用户:

如果不需要将用户添加到同一组中,可以删除组相关的信息,如果没有该组,可以先添加组:

users.sls文件:

[root@salt51 salt]# cat user/users.sls

{% set users = ['jerry','tom','sunday'] %}

{% for user in users %}

` user `:

user.present:

- shell: /bin/bash

- home: /home/` user `

- password: '$1$linwangy$PMII.NL0igptfGBV0PtxI1'

- gid: 501

- groups:

- linwangyi

- require:

- group: linwangyi

{% endfor %}


运行结果:

[root@salt51 salt]# salt '192.168.2.99' state.sls user.users

192.168.2.99:

----------

ID: jerry

Function: user.present

Result: True

Comment: New user jerry created

Changes:

----------

fullname:

省略


Summary

------------

Succeeded: 3

Failed: 0

------------

Total: 3


三、批量修改用户:

生成密码

[root@salt51 salt]# openssl passwd -1

Password:

Verifying - Password:

$1$h7niwjpG$2nAnRib36QUr2wnfYXC4u0


userpasswd.sls文件:

[root@salt51 salt]# cat user/userpasswd.sls

{% set users = ['jerry','tom','sunday'] %}

{% for user in users %}

` user `:

user.present:

- shell: /bin/bash

- password: '$1$h7niwjpG$2nAnRib36QUr2wnfYXC4u0'

{% endfor %}

运行结果:

[root@salt51 salt]# salt '192.168.2.99' state.sls user.userpasswd

192.168.2.99:

----------

ID: jerry

Function: user.present

Result: True

Comment: Updated user jerry

Changes:

----------

passwd:

$1$h7niwjpG$2nAnRib36QUr2wnfYXC4u0

----------

省略

------------

Succeeded: 3

Failed: 0

------------

Total: 3

(注明:还可以修改用户其它参数。)

四、批量删除用户:

userdel.sls文件:

[root@salt51 salt]# cat user/userdel.sls

{% set users = ['jerry','tom','sunday'] %}

{% for user in users %}

` user `:

user.present:

- purge: True #设置清除用户的文件(家目录)

- force: True #如果用户当前已登录,则absent state会失败. 设置force选项为True时,就算用户当前处于登录状态也会删除本用户.

{% endfor %}


运行结果:

查看用户登录:(有一个将删除的用户登录)

[root@salt51 salt]# salt '192.168.2.99' status.w

192.168.2.99:

省略

----------

- idle:

18:57

- jcpu:

2:20

- login:

192.168.2.29

- pcpu:

0.03s

- tty:

pts/0

- user:

sunday

- what:

0.03s -bash

[root@salt51 salt]# salt '192.168.2.99' state.sls user.userdel

192.168.2.99:

----------

省略

----------

ID: sunday

Function: user.absent

Result: True

Comment: Removed user sunday

Changes:

----------

sunday:

removed


Summary

------------

Succeeded: 3

Failed: 0

------------

Total: 3

[root@salt51 salt]# salt '192.168.2.99' status.w

192.168.2.99:

----------

- idle:

15:51

- jcpu:

1:13

- login:

-

- pcpu:

0.11s

- tty:

tty1

- user:

root

- what:

0.11s -bash


查看时Sunday用户已经退出,不过登录用户登录在系统中,还可以对系统操作。


五、添加sudo用户:

addsudo.sls文件:

[root@salt51 salt]# cat user/addsudo.sls

/etc/sudoers:

file.append:

- text:

- "OPER_SUPER ALL = KILL,SU,ROOT"

- "User_Alias OPER_SUPER=linwangyi"

- "Cmnd_Alias ROOT=/bin/su"

- "OPER_SUPER ALL =NOPASSWD:ROOT"

运行结果:

[root@salt51 salt]# salt '192.168.2.99' state.sls user.addsudo

192.168.2.99:

----------

ID: /etc/sudoers

Function: file.append

Result: True

Comment: Appended 4 lines

Changes:

----------

diff:

---

+++

@@ -116,3 +116,7 @@

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)

#includedir /etc/sudoers.d

+OPER_SUPER ALL = KILL,SU,ROOT

+User_Alias OPER_SUPER=linwangyi

+Cmnd_Alias ROOT=/bin/su

+OPER_SUPER ALL =NOPASSWD:ROOT


Summary

------------

Succeeded: 1

Failed: 0

------------

Total: 1


六、添加用户组:

addgroup.sls文件:

[root@salt51 salt]# cat user/addgroup.sls

devgroup:

group.present:

- gid: 601


yunwei:

group.present:

- gid: 602

运行结果:

[root@salt51 salt]# salt '192.168.2.99' state.sls user.addgroup

192.168.2.99:

----------

ID: devgroup

Function: group.present

省略

----------

ID: yunwei

Function: group.present

省略

Summary

------------

Succeeded: 2

Failed: 0

------------

Total: 2


[root@salt51 salt]# salt '192.168.2.99' cmd.run 'grep -E "(devgroup|yunwei)" /etc/group'

192.168.2.99:

devgroup:x:601:

yunwei:x:602:

七、删除用户组:

delgroup.sls文件:

[root@salt51 salt]# cat user/delgroup.sls

{% set groups = ['devgroup','yunwei'] %}

{% for group in groups %}

` group `:

group.absent

{% endfor %}


运行结果:

[root@salt51 salt]# salt '192.168.2.99' state.sls user.delgroup

192.168.2.99:

----------

ID: devgroup

Function: group.absent

Result: True

Comment: Removed group devgroup

Changes:

----------

devgroup:

----------

ID: yunwei

Function: group.absent

Result: True

Comment: Removed group yunwei

Changes:

----------

yunwei:


Summary

------------

Succeeded: 2

Failed: 0

------------

Total: 2


[root@salt51 salt]# salt '192.168.2.99' cmd.run 'grep -E "(devgroup|yunwei)" /etc/group'

192.168.2.99:


0