Saltstack and Python for system user Automation management

Background requirements:

Random business development, server data is also more and more, developers, operators are more and more. At this time if a large number of people need to log on to the server, then it is necessary for us to manage the user. The traditional way is to log on to each server to create a user, the work is too repetitive, if there are 1000 units to do? Even some company users do not create directly for everyone to log in as root, so that more dangerous!!!, then the smarter operators will write a script to create users to achieve semi-automatic creation of users. None of these methods are suitable for managing large volumes of machines, and the next step is to introduce automated user management for Saltstack and Python scripting.

Achieve the goal:

1. You cannot telnet directly to the server using root

2. You cannot log on to the server with a password (key only)

3. Create users automatically with simple commands, and send user keys to user directories, allowing users to log in and have sudo permissions

   
   

The use of salt can be viewed in my previous published articles, "Salt installation, basic command use", "Salt Remote execution simulation use", "Target Introduction", "Salt Configuration management system." Learn about the use of Python on your own

At present, how to implement the bulk disable root telnet and disable password login is not researched, so we need to modify it yourself. In addition, you need to create one or more sudo user groups with different permissions

Complete the above operation and learn to continue to see the following implementation method:

/srv/salt/test: It's our salt's test environment root directory

The directory structure is as follows:

The User_managent/├──files│└──user-authorized_keys└──useradd.sls#files directory holds the public key files for all users and the naming convention is Username-authorized_keys

The status configuration file is as follows: Useradd.sls

#下面两行是定义用户名和密码, the password is generated by the user name through the encryption algorithm,  so the user password and user name {% set username =  ' user '  %}{%  set password =  ' $6$i6qujzcmwysxgdj0$mxo50ggqcnmi3akrenxkz3ggxhflzrzsqrxufchw9jx/ qridiijqqkm52a7tekob61ouxmv7irvtnwbzvgt000 '  %} #以下为创建用户的模块, it is important to note that groups, the specified user's additional group, requires Sudo permissions create  user:  user.present:    - name: {{username}}    -  password: {{password}}    - groups:      -  aek# create the. SSH directory create dir:  file.directory:    - name: /home/{ {USERNAME}} /.ssh    - user: {{username}}    - group: {{ username}}    - mode: 700    - template: jinja# Copy key file pub key:  file.managed:    - name: /home/{{username}}/.ssh/ authorized_keys    - source: salt://user_managent/files/{{username}}-authorized_keys     - user: {{username}}    - group: {{username}}    -  mode: 600

Python script:

#!/usr/bin/python#coding:utf:8import sysimport fileinputimport cryptimport reclass  useradd:     #此脚本会自动修改salt状态配置文件里面的用户和密码     def __init__ (self,  USERNAME=SYS.ARGV[1]):         self.username = username      #根据用户名生成加密码后的密码     def password (self):         self.password = crypt.crypt (Self.username)              return self.password    # Modify the user name and password variable     def modifystatefile (self) Inside the state configuration file:         password = self.password ()         for  i in fileinput.input ("/srv/salt/test/user_managent/useradd.sls",  inplace=True):             if  "username = "  in i:                 print (Re.sub (r "username = ". *? ' ", " username =  ' "+self.username+" ' ",  i). Rstrip ())              elif  "password = "  in i:                 print (Re.sub (r "password = ". *? ' ", " password =  ' "+password+" ' ",  i). Rstrip ())              else:                 print (i). Rstrip () if __name__ ==  "__main__":    a =  USERADD ()     a.modifystatefile ()

How to use Python scripts:

#如果你的状态文件存放位置与我不一样, or the name is different, please modify chmod +x useradd.py./useradd.py USERNAME

After executing the Python script, we can then execute the SALT command to create the user with the following command:

Salt-g "Os:centos" State.sls user_managent.useradd saltenv=test

The last thing you need is to wait for it to finish.

This article is from the "Blue _ Storm" blog, make sure to keep this source http://270142877.blog.51cto.com/12869137/1953645

Saltstack and Python for system user Automation management