Saltstack user management

In centralized management, user management is important.

The following is my summary of Salt's document on user management.

1. Add a single user:

Generate Password

OpenSSL passwd-1-salt 'linwangyi'

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4B/BB/wKioL1QxLFmTKBXAAACFheOk6uo687.jpg "Title =" 1.jpg" alt = "wkiol1qxlfmtkbxaaacfheok6uo687.jpg"/>

User. Users File

[[Email protected] salt] # Cat user/useradd. SLS

Linwangyi:

User. Present:

-Fullname: linwangyi d

-Shell:/bin/bash

-Password: '$1 $ linwangy $ pmii. nl0igptfgbv0ptxi1'

-Home:/home/linwangyi

-UID: 501

-Gid: 501

-Groups:

-Linwangyi

-Require:

-Group: linwangyi

Group. Present:

-Gid: 501

Top. SLS file:

[[Email protected] # Cat top. SLS

Base:

'*':

-Soft_install.nginx

-Soft_install.mysql

-Soft_install.php

-Soft_install.tomcat

-User. useradd

-User. Users

-User. userpasswd

-User. userdel

-User. addsudo

-User. addgroup

-User. delgroup

Running result:

Because there are multiple. SLS files, if you want to run one file separately

Salt '*' state. SLS xxx

[[Email protected] salt] # Salt '192. 168.2.99 'state. SLS user. useradd

192.168.2.99:

----------

ID: linwangyi

Function: group. Present

Result: True

Comment: added group linwangyi

Changes:

----------

Omitted

UID:

501

Workphone:

Summary

------------

Succeeded: 2

Failed: 0

------------

Total: 2

Other parameters:

Please refer to other official parameters: http://www.saltstack.cn/projects/cssug-kb/wiki/Managing_user_with_salt

User. Present: Make sure the specified account name exists and specify its corresponding attributes. These attributes include the following:

Name: Specifies the name of the account to be managed.

UID: indicates the UID. If this parameter is not set, a valid uid is automatically assigned.

GID: Specify the default group ID)

Gid_from_name: if it is set to _ true _, the default group ID is automatically set to the group ID with the same name as the user.

Groups: a list of groups assigned to the user ). if the group does not exist on Minion, this state will report an error. if this parameter is set to null, the user will be deleted from other groups except the default group.

Optional_groups: list of groups assigned to users. If the group does not exist on Minion, State ignores it.

Home: home directory ).

Password: Set the user's password after hash.

Enforce_password: when it is set to _ false _, if the _ password _ is different from the user's original password, the original password will not be changed. if the _ password _ option is not set, this option is automatically ignored.

Shell: Specifies the user's login shell. The default shell is set as the system default shell.

Unique: The UID is unique. The default value is true.

System: select a random uid between _ first_system_uid _ and _ last_system_uid.

2. Add users in batches:

If you do not need to add a user to the same group, you can delete the group information. If you do not have this group, you can add the Group first:

Users. SLS file:

[[Email protected] salt] # Cat user/users. SLS

{% Set users = ['Jerry ', 'Tom', 'sunday'] %}

{% For user in users %}

{User }}:

User. Present:

-Shell:/bin/bash

-Home:/home/{user }}

-Password: '$1 $ linwangy $ pmii. nl0igptfgbv0ptxi1'

-Gid: 501

-Groups:

-Linwangyi

-Require:

-Group: linwangyi

{% Endfor %}

Running result:

[[Email protected] salt] # Salt '192. 168.2.99 'state. SLS user. Users

192.168.2.99:

----------

ID: Jerry

Function: User. Present

Result: True

Comment: New User Jerry created

Changes:

----------

Fullname:

Omitted

Summary

------------

Succeeded: 3

Failed: 0

------------

Total: 3

3. Modify users in batches:

Generate Password

[[Email protected] salt] # OpenSSL passwd-1

Password:

Verifying-password:

$1 $ h6niwjpg $2nanrib36qur2wnfyxc4u0

Userpasswd. SLS file:

[[Email protected] salt] # Cat user/userpasswd. SLS

{% Set users = ['Jerry ', 'Tom', 'sunday'] %}

{% For user in users %}

{User }}:

User. Present:

-Shell:/bin/bash

-Password: '$1 $ h6niwjpg $2nanrib36qur2wnfyxc4u0'

{% Endfor %}

Running result:

[[Email protected] salt] # Salt '192. 168.2.99 'state. SLS user. userpasswd

192.168.2.99:

----------

ID: Jerry

Function: User. Present

Result: True

Comment: Updated user Jerry

Changes:

----------

Passwd:

$1 $ h6niwjpg $2nanrib36qur2wnfyxc4u0

----------

Omitted

------------

Succeeded: 3

Failed: 0

------------

Total: 3

(Note: You can also modify other user parameters .)

4. Batch delete users:

Userdel. SLS file:

[[Email protected] salt] # Cat user/userdel. SLS

{% Set users = ['Jerry ', 'Tom', 'sunday'] %}

{% For user in users %}

{User }}:

User. Present:

-Purge: true # Set to clear User Files (Home Directory)

-Force: true # if the user is currently logged on, the absent state will fail. If the force option is set to true, the user will be deleted even if the user is currently logged on.

{% Endfor %}

Running result:

View User Logon: (there is a user logon to be deleted)

[[Email protected] salt] # Salt '192. 168.2.99 'status. W

192.168.2.99:

Omitted

----------

-Idle:

-Jcpu:

2: 20

-Login:

192.168.2.29

-Pcpu:

0.03 s

-TTY:

PTS/0

-User:

Sunday

-What:

0.03 s-Bash

[[Email protected] salt] # Salt '192. 168.2.99 'state. SLS user. userdel

192.168.2.99:

----------

Omitted

----------

ID: Sunday

Function: User. Absent

Result: True

Comment: removed user Sunday

Changes:

----------

Sunday:

Removed

Summary

------------

Succeeded: 3

Failed: 0

------------

Total: 3

[[Email protected] salt] # Salt '192. 168.2.99 'status. W

192.168.2.99:

----------

-Idle:

15:51

-Jcpu:

:13

-Login:

-

-Pcpu:

0.11 s

-TTY:

Tty1

-User:

Root

-What:

0.11 s-Bash

The Sunday user is logged out. However, you can log on to the system and perform operations on the system.

5. Add a sudo User:

Addsudo. SLS file:

[[Email protected] salt] # Cat user/addsudo. SLS

/Etc/sudoers:

File. append:

-Text:

-"Oper_super all = kill, Su, root"

-"User_alias oper_super = linwangyi"

-"Cmnd_alias root =/bin/su"

-"Oper_super all = nopasswd: Root"

Running result:

[[Email protected] salt] # Salt '192. 168.2.99 'state. SLS user. addsudo

192.168.2.99:

----------

ID:/etc/sudoers

Function: file. append

Result: True

Comment: Appended 4 lines

Changes:

----------

DIFF:

---

++

@-116,3 + 116,7 @@

# Read drop-in files from/etc/sudoers. D (the # here does not mean a comment)

# Includedir/etc/sudoers. d

+ Oper_super all = kill, Su, Root

+ User_alias oper_super = linwangyi

+ Cmnd_alias root =/bin/su

+ Oper_super all = nopasswd: Root

Summary

------------

Succeeded: 1

Failed: 0

------------

Total: 1

6. Add a user group:

Addgroup. SLS file:

[[Email protected] salt] # Cat user/addgroup. SLS

Devgroup:

Group. Present:

-Gid: 601

Yunwei:

Group. Present:

-Gid: 602

Running result:

[[Email protected] salt] # Salt '192. 168.2.99 'state. SLS user. addgroup

192.168.2.99:

----------

ID: devgroup

Function: group. Present

Omitted

----------

ID: yunwei

Function: group. Present

Omitted

Summary

------------

Succeeded: 2

Failed: 0

------------

Total: 2

[[Email protected] salt] # Salt '192. 168.2.99 'cmd. Run 'grep-e "(devgroup | yunwei)"/etc/group'

192.168.2.99:

Devgroup: X: 601:

Yunwei: X: 602:

7. delete a user group:

Delgroup. SLS file:

[[Email protected] salt] # Cat user/delgroup. SLS

{% Set groups = ['devgroup', 'yunwei'] %}

{% For group in groups %}

{Group }}:

Group. Absent

{% Endfor %}

Running result:

[[Email protected] salt] # Salt '192. 168.2.99 'state. SLS user. delgroup

192.168.2.99:

----------

ID: devgroup

Function: group. Absent

Result: True

Comment: removed group devgroup

Changes:

----------

Devgroup:

----------

ID: yunwei

Function: group. Absent

Result: True

Comment: removed group yunwei

Changes:

----------

Yunwei:

Summary

------------

Succeeded: 2

Failed: 0

------------

Total: 2

[[Email protected] salt] # Salt '192. 168.2.99 'cmd. Run 'grep-e "(devgroup | yunwei)"/etc/group'

192.168.2.99:

This article from the "City cloth" blog, please be sure to keep this source http://sunday208.blog.51cto.com/377871/1560720

Saltstack user management