注:-a参数后的命令用单引号,单引号,单引号;双引号有可能会出问题,特别是在user模块;
1、配置文件
vim /etc/ansible/hosts
vim /.ssh/authorized_keys
2、语法格式
ansible 匹配模式 -m 模块 -a ‘需要执行的内容’
释:匹配模式:那些机器生效 (可以是某一台,或某一组,或all)默认模块为command 执行常规的shell命令
1)测试目标主机是否在线:ping模块
主机如果在线,则回复pong
测试主机是否在线
[root@zhaixiaona ~]# ansible zhaixiaona -m ping
10.18.42.32 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.18.42.31 | SUCCESS => {
"changed": false,
"ping": "pong"
}作用:用于在各被管理节点运行指定的命令
2)command模块和shell
shell和command的区别:shell模块可以特殊字符,而command是不支持
显示各节点的日期
[root@zhaixiaona ~]# ansible zhaixiaona -m command -a 'date'
10.18.42.31 | SUCCESS | rc=0 >>
2018年 04月 11日 星期三 16:17:01 CST
10.18.42.32 | SUCCESS | rc=0 >>
2018年 04月 11日 星期三 16:17:02 CST
#删除各节点的/tmp/test目录
[root@zhaixiaona tmp]# ansible zhaixiaona -m command -a 'mkdir -p /date/test'
[WARNING]: Consider using the file module with state=directory rather than running mkdir. If you
need to use command because file is insufficient you can add warn=False to this command task or
set command_warnings=False in ansible.cfg to get rid of this message.
10.18.42.31 | SUCCESS | rc=0 >>
10.18.42.32 | SUCCESS | rc=0 >>
[root@zhaixiaona ~]# ansible zhaixiaona -m command -a 'ls /date/'
10.18.42.32 | SUCCESS | rc=0 >>
test
10.18.42.31 | SUCCESS | rc=0 >>
home
test
ansible zhaixiaona -m command -a 'rm -rf /date/test'
[WARNING]: Consider using the file module with state=absent rather than running rm. If you need
to use command because file is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
10.18.42.31 | SUCCESS | rc=0 >>
10.18.42.32 | SUCCESS | rc=0 >>
[root@zhaixiaona ~]# ansible zhaixiaona -m command -a 'ls /date/'
10.18.42.32 | SUCCESS | rc=0 >>
10.18.42.31 | SUCCESS | rc=0 >>
home3)user模块:管理用户的模块
参数详解:
name:指定用户名
password:设定用户密码,password参数需要接受md5加密后的值
state:用户状态,默认为present
present:表示添加用户
absent:表示删除用户
update_password:修改用户密码
always:新密码和旧密码不同时进行修改
on_create:为新创建的用户指定密码
createhome:创建家目录
yes:默认项,即创建用户默认是有家目录的
no:创建用户时不创建家目录
remove
yes:删除用户家目录,需要指定此参数
no:默认项,删除用户时默认不删除用户的家目录
system:
yes:默认创建为普通用户,而非系统用户
如果不指定默认生成的选项有:
home:创建家目录
shell:创建默认的shell为/bin/bash
system:默认创建为普通用户,而非系统用户,指定是用yes
# 查看帮助
[root@zhaixiaona ~]# ansible-doc -s user
# user模块中的password是需要经过md5加密的
[root@zhaixiaona ~]# echo 123456 | openssl passwd -1 -stdin
$1$AQ224QR7$4oDArOWZbeBZ250wtNw57.
# 增加一个用户
[root@zhaixiaona ~]# ansible zhaixiaona -m user -a 'name=xiaoxiao system=yes password=$1$AQ224QR7$4oDArOWZbeBZ250wtNw57.state=present'
10.18.42.31 | SUCCESS => {
"changed": true,
"comment": "",
"create_home": true,
"group": 993,
"home": "/home/xiaoxiao",
"name": "xiaoxiao",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": true,
"uid": 995
}
10.18.42.32 | SUCCESS => {
"changed": true,
"comment": "",
"create_home": true,
"group": 993,
"home": "/home/xiaoxiao",
"name": "xiaoxiao",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": true,
"uid": 995
}
# 删除一个用户
[root@zhaixiaona ~]# ansible zhaixiaona -m user -a 'name=xiaoxiao remove=yes state=absent'
10.18.42.31 | SUCCESS => {
"changed": true,
"force": false,
"name": "xiaoxiao",
"remove": true,
"state": "absent",
}
10.18.42.32 | SUCCESS => {
"changed": true,
"force": false,
"name": "xiaoxiao",
"remove": true,
"state": "absent",
}
# 更新用户的密码
[root@zhaixiaona ~]# echo 654321 | openssl passwd -1 -stdin
$1$/6uKHyyy$bqxg3.gRZuixBQPDQe2ce0
[root@zhaixiaona ~]# ansible zhaixiaona -m user -a 'name=xiaoxiao update_password=always password=$1$/6uKHyyy$bqxg3.gRZuixBQPDQe2ce0'
10.18.42.31 | SUCCESS => {
"changed": true,
"comment": "",
"create_home": true,
"group": 1002,
"home": "/home/xiaoxiao",
"name": "xiaoxiao",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1002
}
10.18.42.32 | SUCCESS => {
"changed": true,
"comment": "",
"create_home": true,
"group": 1002,
"home": "/home/xiaoxiao",
"name": "xiaoxiao",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1002
}4)任务计划模块:cron
获取帮助:ansibe-doc -s cron
参数详解:
state:
present:创建任务
absent:删除任务
backup:对远程主机上的原任务计划内容修改之前做备份
job:要执行的任务
name:该任务的描述(必须项)
user:以哪个用户的身份运行
minute:分钟(0-59,*,*/2,……),不写默认为*
hour:小时(0-23,*,*/2,……),不写默认为*
day:日(1-31,*,*/2,……),不写默认为*
month:月(1-12,*,*/2,……),不写默认为*
weekday:周(0-7,*,……),不写默认为*
# 每隔10分钟同步一下时间
[root@zhaixiaona ~]# ansible zhaixiaona -m cron -a 'name="sync time from ntpserver" minute=*/10 job="/usr/sbin/ntpdate 3.cn.pool.ntp.org"'
10.18.42.31 | SUCCESS => {
"changed": false,
"envs": [],
"jobs": [
"sync time from ",
"sync time from ntpserver"
]
}
10.18.42.32 | SUCCESS => {
"changed": false,
"envs": [],
"jobs": [
"diyici",
"sync time from ",
"sync time from ntpserver"
]
}5)远程复制备份模块:copy
数详解: 获取帮助:ansible-doc -s copy
src:指定源文件路径,可以是相对路径,也可以是绝对路径,可以是目录(并非是必须的,可以使用content,直接生成文件内容)
dest=:指定目标文件路径,只能是绝对路径,如果src是目录,此项必须是目录
owner:指定属主
group:指定属组
mode:指定权限,可以以数字指定比如0644
content:代替src,直接往dest文件中写内容,可以引用变量,也可以直接使用inventory中的主机变量
backup:在覆盖之前将原文件备份,备份文件包含时间信息。有两个选项:yes|no
force:
yes:默认项,如果目标主机包含该文件,但内容不同,则强制覆盖
no:则只有当目标主机的目标位置不存在该文件时,才复制
directory_mode:递归的设定目录的权限,默认为系统默认权限
# 复制本地文件到远程主机并对原文件进行备份
[root@zhaixiaona ~]# ansible zhaixiaona -m copy -a 'src=/date/xiaoxiao.txt dest=/date/ backup=yes'
10.18.42.31 | SUCCESS => {
"changed": false,
"dest": "/date/",
"src": "/date/xiaoxiao.txt"
}
10.18.42.32 | SUCCESS => {
"changed": false,
"dest": "/date/",
"src": "/date/xiaoxiao.txt"
}
# 向远程主机的文件中写内容,会把原内容覆盖掉
[root@zhaixiaona ~]# ansible zhaixiaona -m copy -a 'content="\nMy age is 26" dest=/date/xiaoxiao.txt'
10.18.42.31 | SUCCESS => {
"changed": true,
"checksum": "e1cbbec8927a295a767fa44e91dea6eeafa5a4f4",
"dest": "/date/xiaoxiao.txt",
"gid": 0,
"group": "root",
"md5sum": "55ec30ce5102aa8716b75ab5e98163a7",
"mode": "0644",
"owner": "root",
"size": 13,
"src": "/root/.ansible/tmp/ansible-tmp-1523440289.04-148584715881982/source",
"state": "file",
"uid": 0
}
10.18.42.32 | SUCCESS => {
"changed": false,
"checksum": "e1cbbec8927a295a767fa44e91dea6eeafa5a4f4",
"dest": "/date/xiaoxiao.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/date/xiaoxiao.txt",
"secontext": "system_u:object_r:default_t:s0",
"size": 13,
"state": "file",
"uid": 0
}6)对远程文件管理的模块:file
获取帮助:ansible-doc -s file
参数详解:
owner:修改属主
group:修改属组
mode:修改权限
path=:要修改文件的路径
recurse:递归的设置文件的属性,只对目录有效
yes:表示使用递归设置
state:
touch:创建一个新的空文件
directory:创建一个新的目录,当目录存在时不会进行修改
link:创建软连接,结果src一起使用此选项才生效
hard:创建硬连接
absent:删除文件,目录,软连接
src:当state=link时,要被连接文件的源路径
# 新建一个文件
[root@zhaixiaona ~]# ansible zhaixiaona -m file -a 'path=/date/xiaoxiao.txt state=touch'
10.18.42.31 | SUCCESS => {
"changed": true,
"dest": "/date/xiaoxiao.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
10.18.42.32 | SUCCESS => {
"changed": true,
"dest": "/date/xiaoxiao.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
# 新建一个目录
[root@zhaixiaona ~]# ansible zhaixiaona -m file -a 'path=/date/xiaoxiao state=directory'
10.18.42.31 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/date/xiaoxiao",
"size": 6,
"state": "directory",
"uid": 0
}
10.18.42.32 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/date/xiaoxiao",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
# 删除文件或者目录
[root@zhaixiaona ~]# ansible zhaixiaona -m file -a 'path=/date/xiaoxiao.txt state=absent'
10.18.42.31 | SUCCESS => {
"changed": true,
"path": "/date/xiaoxiao.txt",
"state": "absent"
}
10.18.42.32 | SUCCESS => {
"changed": true,
"path": "/date/xiaoxiao.txt",
"state": "absent"
}
# 递归设置文件的属主或者属组
[root@zhaixiaona ~]# ansible zhaixiaona -m file -a 'path=/date/xiaoxiao owner=root group=root recurse=yes'
10.18.42.31 | SUCCESS => {
"changed": false,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/date/xiaoxiao",
"size": 6,
"state": "directory",
"uid": 0
}
10.18.42.32 | SUCCESS => {
"changed": false,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/date/xiaoxiao",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
# 为文件设置软连接
[root@zhaixiaona ~]# ansible zhaixiaona -m file -a 'src=/date/xiaoxiao state=link path=/date/zhaixiaoxiao'
10.18.42.31 | SUCCESS => {
"changed": true,
"dest": "/date/zhaixiaoxiao",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 14,
"src": "/date/xiaoxiao",
"state": "link",
"uid": 0
}
10.18.42.32 | SUCCESS => {
"changed": true,
"dest": "/date/zhaixiaoxiao",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 14,
"src": "/date/xiaoxiao",
"state": "link",
"uid": 0
} 
7)在远程主机执行本地脚本:script
[root@zhaixiaona date]# ansible zhaixiaona -m script -a '/date/a.sh'
10.18.42.31 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.18.42.31 closed.\r\n",
"stdout": "HALLO!\r\n",
"stdout_lines": [
"HALLO!"
]
}
10.18.42.32 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.18.42.32 closed.\r\n",
"stdout": "HALLO!\r\n",
"stdout_lines": [
"HALLO!"
]
}8)收集远程主机的信息:setup
收集可用的facts,收集每个节点的相关信息:架构信息,IP,时间,域名,网卡,MAC,主机名,CPU等信息。
这些收集的信息,可以作为变量。
[root@zhaixiaona ~]# ansible zhaixiaona -m setup9)安装模块:yum
模块参数详解:
name:表示要安装软件包的名字,默认最新的程序包,指明要安装的程序包,可以带上版本号
state:表示是安装还卸载
present:默认的,表示为安装
lastest:安装为最新的版本
absent:表示删除
10)服务模块:service
模块参数详解:
enabled:表示设置服务开机是否启动,取值为true或者false;enabled=yes
name=:表示要控制哪一个服务
state:
started:表示现在就启动此服务
stopped:表示现在关闭此服务
restarted:表示重启此服务
sleep:如果执行了restarted,在stop和start之间沉睡几秒
runlevel:定义在哪些级别可以自启动
arguments:表示向命令行传递的参数
[root@zhaixiaona ~]# ansible zhaixiaona -m service -a 'enabled=on name=httpd state=started'
11)文件编辑模块:lineinfile
模块参数详解:
path:指定要修改的配置文件
regexp:匹配要修改的内容
line:要增加或者修改的内容
state:
absent:表示删除,当匹配到时进行删除
present:表示增加,当匹配到时进行修改,当没有匹配到时在最后增加一行,默认为此项
backrefs:
no:表示如果没有匹配到,则增加line;如果匹配成功,则替换line;
yes:表示如果没有匹配到,则不变line;如果匹配成功,则替换line;
backup:
no:表示如果没有匹配到,则增加line;如果匹配成功,则替换line;不备份原文件
yes:表示如果没有匹配到,则增加line;如果匹配成功,则替换line;备份原文件
insertafter(匹配的是此行):
在匹配到的行之后添加一行
insertbefore(匹配的是此行):
在匹配到的行之前添加一行
vim web.yaml
修改nginx.conf测试:
[root@zhaixiaona ~]# cat web.yaml
---
- hosts: teacher
remote_user: root
tasks:
- name: install nginx package
yum: name=nginx state=latest
- name: create nginx log directory
file: path=/data/nginx_log state=directory recurse=yes
- name: rm /var/log/nginx
file: path=/var/log/nginx state=absent
- name: create soft link
file: path=/var/log/nginx state=link src=/data/nginx_log
- name: copy nginx configure file
copy: src=/etc/nginx/nginx.conf dest=/etc/nginx/nginx.conf backup=yes
notify:
- restart nginx
- name: start nginx service
service: name=nginx state=started enabled=1
handlers:
- name: restart nginx
service: name=nginx state=restarted注:经测试,当不添加backerfs: yes参数时,匹配到后也会进行替换,但当匹配到的内容不存在时,会在最后增加一行;所以当不增加backerfs参数时,要确定匹配到的内容存在
替换存在的行:
#ansible oms -m lineinfile -a 'path=/etc/sudoers regexp="SYSTEM,SOFTWARE" line="STAPLES_ADMIN ALL=(ROOT) NOPASSWD:NETWORKING,LOCATE,STORAGE,DELEGATING,DRIVERS,SYSTEM,SOFTWARE,SERVICES,PROCESSES,FILE" backrefs=no'匹配到的行后增加一行:
#ansible oms -m lineinfile -a 'dest=/etc/sudoers insertafter="Cmnd_Alias SYSTEM = /usr/sbin/reboot, /usr/sbin/halt, /usr/bin/ansible, /usr/bin/ssh" line="Cmnd_Alias FILE = /bin/mkdir,/bin/touch,/usr/bin/vim"'
删除匹配到的行:
#ansible oms -m lineinfile -a 'path=/etc/sudoers state=absent regexp="PROCESSES,FILE"'
扫一扫
1075
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
