当前位置:Gxlcms > 数据库问题 > Ansible 从MySQL数据库添加或删除用户

Ansible 从MySQL数据库添加或删除用户

时间:2021-07-01 10:21:17 帮助过:79人阅读

  • 概要
  • 要求(在执行模块的主机上)
  • 选项
  • 例子
  • 笔记
    • 状态
    • 支持

概要

  • 从MySQL数据库添加或删除用户。

要求(在执行模块的主机上)

  • MySQLdb的

选项

参数需要默认选择注释
append_privs
(1.4 加入) 		no no
  • yes
  • no
 将priv定义的权限附加到此用户的现有权限,而不是覆盖现有的权限。
check_implicit_admin
(1.3 加入) 		no no
  • yes
  • yes
 检查mysql是否允许以root / nopassword身份登录,然后再尝试提供的凭据。
CONFIG_FILE
(2.0 加入) 		no ?/ .my.cnf   指定要从中读取用户和密码的配置文件。
connect_timeout
(2.1 加入) 		no 30   连接到MySQL服务器时的连接超时。
encrypted(加密)
(2.0 加入) 		no no
  • yes
  • no
 表示‘密码‘字段是一个`mysql_native_password`哈希值
host
  		no localhost   the ‘host‘ part of the MySQL username
host_all
(2.1加入) 		no no
  • yes
  • no
 覆盖host选项,使给定用户对所有主机名进行ansible应用更改。创建用户时不能使用此选项
login_host
  		no localhost   运行数据库的主机。
login_password
  		no     用于验证的密码。
login_port
  		no 3306   MySQL服务器端口。如果使用login_port,则需要将login_host定义为其他本地主机。
login_unix_socket
  		no     到本地连接的Unix域套接字的路径。
login_user
  		no     用于验证的用户名。
name
  		yes     添加或删除的用户名称(角色)
password
  		no     设置用户密码。
priv
  		no     MySQL特权字符串格式为:db.table:priv1,priv2 可以通过使用正斜杠分隔每个特权来指定多个权限:db.table:priv/db.table:priv 该格式基于MySQL GRANT语句。 数据库和表名可以引用,MySQL风格。 如果使用列权限,则该priv1,priv2部分必须与SHOW GRANT语句完全相同如果不遵循,模块将始终报告更改。它包括通过permission(SELECT(col1,col2)而不是SELECT(col1SELECT(col2))分组列)。
SQL_LOG_BIN
(2.1加入) 		no yes
  • yes
  • no
 是否应该为连接启用或禁用二进制日志记录。
ssl_ca
(2.0加入) 		no     证书颁发机构(CA)证书的路径。此选项(如果使用)必须指定与服务器使用的相同的证书。
ssl_cert
(2.0加入) 		no     客户端公钥证书的路径。
ssl_key
(2.0加入) 		no     客户端私钥的路径。
state no present
  • present
  • absent
 用户是否应该存在 absent时删除用户。
update_password
(2.0加入) 		no always
  • always
  • on_create
 如果不同,always将更新密码。 on_create只会为新创建的用户设置密码。

例子

  1. <span class="c1"># Removes anonymous user account for localhost
  2. <span class="p p-Indicator">- <span class="l l-Scalar l-Scalar-Plain">mysql_user<span class="p p-Indicator">:
  3.     <span class="l l-Scalar l-Scalar-Plain">name<span class="p p-Indicator">: <span class="s">‘‘
  4.     <span class="l l-Scalar l-Scalar-Plain">host<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">localhost
  5.     <span class="l l-Scalar l-Scalar-Plain">state<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">absent
  6. <span class="c1"># Removes all anonymous user accounts
  7. <span class="p p-Indicator">- <span class="l l-Scalar l-Scalar-Plain">mysql_user<span class="p p-Indicator">:
  8.     <span class="l l-Scalar l-Scalar-Plain">name<span class="p p-Indicator">: <span class="s">‘‘
  9.     <span class="l l-Scalar l-Scalar-Plain">host_all<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">yes
  10.     <span class="l l-Scalar l-Scalar-Plain">state<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">absent
  11. <span class="c1"># Create database user with name ‘bob‘ and password ‘12345‘ with all database privileges
  12. <span class="p p-Indicator">- <span class="l l-Scalar l-Scalar-Plain">mysql_user<span class="p p-Indicator">:
  13.     <span class="l l-Scalar l-Scalar-Plain">name<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">bob
  14.     <span class="l l-Scalar l-Scalar-Plain">password<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">12345
  15.     <span class="l l-Scalar l-Scalar-Plain">priv<span class="p p-Indicator">: <span class="s">‘*.*:ALL‘
  16.     <span class="l l-Scalar l-Scalar-Plain">state<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">present
  17. <span class="c1"># Create database user with name ‘bob‘ and previously hashed mysql native password ‘*EE0D72C1085C46C5278932678FBE2C6A782821B4‘ with all database privileges
  18. <span class="p p-Indicator">- <span class="l l-Scalar l-Scalar-Plain">mysql_user<span class="p p-Indicator">:
  19.     <span class="l l-Scalar l-Scalar-Plain">name<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">bob
  20.     <span class="l l-Scalar l-Scalar-Plain">password<span class="p p-Indicator">: <span class="s">‘*EE0D72C1085C46C5278932678FBE2C6A782821B4‘
  21.     <span class="l l-Scalar l-Scalar-Plain">encrypted<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">yes
  22.     <span class="l l-Scalar l-Scalar-Plain">priv<span class="p p-Indicator">: <span class="s">‘*.*:ALL‘
  23.     <span class="l l-Scalar l-Scalar-Plain">state<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">present
  24. <span class="c1"># Creates database user ‘bob‘ and password ‘12345‘ with all database privileges and ‘WITH GRANT OPTION‘
  25. <span class="p p-Indicator">- <span class="l l-Scalar l-Scalar-Plain">mysql_user<span class="p p-Indicator">:
  26.     <span class="l l-Scalar l-Scalar-Plain">name<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">bob
  27.     <span class="l l-Scalar l-Scalar-Plain">password<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">12345
  28.     <span class="l l-Scalar l-Scalar-Plain">priv<span class="p p-Indicator">: <span class="s">‘*.*:ALL,GRANT‘
  29.     <span class="l l-Scalar l-Scalar-Plain">state<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">present
  30. <span class="c1"># Modify user Bob to require SSL connections. Note that REQUIRESSL is a special privilege that should only apply to *.* by itself.
  31. <span class="p p-Indicator">- <span class="l l-Scalar l-Scalar-Plain">mysql_user<span class="p p-Indicator">:
  32.     <span class="l l-Scalar l-Scalar-Plain">name<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">bob
  33.     <span class="l l-Scalar l-Scalar-Plain">append_privs<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">true
  34.     <span class="l l-Scalar l-Scalar-Plain">priv<span class="p p-Indicator">: <span class="s">‘*.*:REQUIRESSL‘
  35.     <span class="l l-Scalar l-Scalar-Plain">state<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">present
  36. <span class="c1"># Ensure no user named ‘sally‘@‘localhost‘ exists, also passing in the auth credentials.
  37. <span class="p p-Indicator">- <span class="l l-Scalar l-Scalar-Plain">mysql_user<span class="p p-Indicator">:
  38.     <span class="l l-Scalar l-Scalar-Plain">login_user<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">root
  39.     <span class="l l-Scalar l-Scalar-Plain">login_password<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">123456
  40.     <span class="l l-Scalar l-Scalar-Plain">name<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">sally
  41.     <span class="l l-Scalar l-Scalar-Plain">state<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">absent
  42. <span class="c1"># Ensure no user named ‘sally‘ exists at all
  43. <span class="p p-Indicator">- <span class="l l-Scalar l-Scalar-Plain">mysql_user<span class="p p-Indicator">:
  44.     <span class="l l-Scalar l-Scalar-Plain">name<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">sally
  45.     <span class="l l-Scalar l-Scalar-Plain">host_all<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">yes
  46.     <span class="l l-Scalar l-Scalar-Plain">state<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">absent
  47. <span class="c1"># Specify grants composed of more than one word
  48. <span class="p p-Indicator">- <span class="l l-Scalar l-Scalar-Plain">mysql_user<span class="p p-Indicator">:
  49.     <span class="l l-Scalar l-Scalar-Plain">name<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">replication
  50.     <span class="l l-Scalar l-Scalar-Plain">password<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">12345
  51.     <span class="l l-Scalar l-Scalar-Plain">priv<span class="p p-Indicator">: <span class="s">"*.*:REPLICATION<span class="nv"> <span class="s">CLIENT"
  52.     <span class="l l-Scalar l-Scalar-Plain">state<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">present
  53. <span class="c1"># Revoke all privileges for user ‘bob‘ and password ‘12345‘
  54. <span class="p p-Indicator">- <span class="l l-Scalar l-Scalar-Plain">mysql_user<span class="p p-Indicator">:
  55.     <span class="l l-Scalar l-Scalar-Plain">name<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">bob
  56.     <span class="l l-Scalar l-Scalar-Plain">password<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">12345
  57.     <span class="l l-Scalar l-Scalar-Plain">priv<span class="p p-Indicator">: <span class="s">"*.*:USAGE"
  58.     <span class="l l-Scalar l-Scalar-Plain">state<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">present
  59. <span class="c1"># Example privileges string format
  60. <span class="c1"># mydb.*:INSERT,UPDATE/anotherdb.*:SELECT/yetanotherdb.*:ALL
  61. <span class="c1"># Example using login_unix_socket to connect to server
  62. <span class="p p-Indicator">- <span class="l l-Scalar l-Scalar-Plain">mysql_user<span class="p p-Indicator">:
  63.     <span class="l l-Scalar l-Scalar-Plain">name<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">root
  64.     <span class="l l-Scalar l-Scalar-Plain">password<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">abc123
  65.     <span class="l l-Scalar l-Scalar-Plain">login_unix_socket<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">/var/run/mysqld/mysqld.sock
  66. <span class="c1"># Example of skipping binary logging while adding user ‘bob‘
  67. <span class="p p-Indicator">- <span class="l l-Scalar l-Scalar-Plain">mysql_user<span class="p p-Indicator">:
  68.     <span class="l l-Scalar l-Scalar-Plain">name<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">bob
  69.     <span class="l l-Scalar l-Scalar-Plain">password<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">12345
  70.     <span class="l l-Scalar l-Scalar-Plain">priv<span class="p p-Indicator">: <span class="s">"*.*:USAGE"
  71.     <span class="l l-Scalar l-Scalar-Plain">state<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">present
  72.     <span class="l l-Scalar l-Scalar-Plain">sql_log_bin<span class="p p-Indicator">: <span class="l l-Scalar l-Scalar-Plain">no
  73. <span class="c1"># Example .my.cnf file for setting the root password
  74. <span class="c1"># [client]
  75. <span class="c1"># user=root
  76. <span class="c1"># password=n<_665{vS43y</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span>

注意

  • MySQL服务器的默认login_user为“root”,无密码。为了将此用户作为幂等playboot的一部分,您必须至少创建两个任务:首先必须更改root用户的密码,而不提供任何login_user / login_password详细信息。第二个必须删除包含新的根凭证的?/ .my.cnf文件。然后,通过从文件读取新的凭据,随后的游戏将成功。
  • 目前,只支持mysql_native_password加密密码散列模块。
  • 需要远程主机上的MySQLdb Python包。对于Ubuntu,这和apt-get install python-mysqldb一样简单。(请参阅apt。)对于CentOS / Fedora,这与yum安装MySQL-python一样简单。(见yum。)
  • 无论login_passwordlogin_user你逝去的凭据是必需的。如果不存在,则模块将尝试从中读取凭据~/.my.cnf,最后回到使用MySQL默认登录的“root”,没有密码。

状态

该模块被标记为预览,这意味着它不能保证具有向后兼容的界面。

支持

这个模块是没有核心提交者监督的社区维护的。

有关这是什么意思的更多信息,请阅读模块支持

为了帮助开发模块,如果您有这样的倾向,请阅读社区信息和贡献测试可编程开发模块

Ansible 从MySQL数据库添加或删除用户

标签:format   setting   mmu   cat   creates   tab   安装   表名   simple   

人气教程排行

本站所有资源全部来源于网络,若本站发布的内容侵害到您的隐私或者利益,请联系我们删除!