Ansible实现管理的方式
Ad-Hoc ##使用ansible命令直接进行管理,主要用于临时操作环境
playbook ##ansible脚本,主要用于大型项目场景,需要提前设置
Ad-Hoc执行方式中如何获取帮助
ansible-doc ##显示模块帮助的命令
##格式
ansible-doc [参数] [模块...]
-l ##列出可用模块
-s ##显示指定模块的playbook片段
Ansible命令运行方式及常用参数
##格式
ansible 清单 -m 模块 -a 模块参数
常用参数
--version ##显示版本
-m module ##指定模块,默认为command
-v ##显示详细过程, -vv/-vvv可以更详细
--list ##显示主机列表
-k ##提示输入ssh连接密码
-C ##预执行检测
-T ##设置命令的超时时间,默认为10s
-u ##指定远程执行的用户
-b ##执行sudo切换身份操作
-become-user=USERNAME ##指定sudo的用户
-K ##提示输入sudo密码
Ansible的基本颜色代表信息
绿色 ##执行成功但对远程主机并没有进行修改
黄色 ##执行成功并对远程主机进行了修改
红色 ##执行失败
Ansible中的常用模块
- Command
##command
##功能
在远程主机执行命令,此模块为默认模块
##常用参数
chdir ##执行命令前先进入到指定目录
cmd ##运行命令指定
creates ##如果文件存在将不运行
removes ##如果文件存在将运行
free_form ##在远程主机中至性的命令,此参数不需要加
##举例
ansible all -m command -a "useradd Test" -u root -k
ansible all -m command -a "userdel -r Test" -u root -k
ansible all -m command -a "chdir=/etc cat passwd " -u root -k
ansible all -m command -a "chdir=/etc creates=/etc/passwd cat passwd " -u root -
k
ansible all -m command -a "chdir /etc removes=/etc/passwd cat passwd " -u root -
k
##注意事项
Linux中的很多通配符在command模块中不支持
- Shell
##shell
##功能
与Command功能类似
##常用参数
chdir ##执行命令前进入到指定用户
cmd ##运行命令指定
creates ##如果文件存在将不运行
removes ##如果文件存在将运行
free_form ##在远程主机至性的命令,此参数通常不需要加
executable ##指定执行环境,默认为sh
##实例
ansible all -m shell -a "executable=sh ps ax | grep $$" -k
- Script
##功能
在Ansible主机中写好的脚本在受控主机中执行
##实例
vim /mnt/Test.sh
#!/bin/bash
echo $HOSTNAME
ansible all -m script -a "/mnt/Test.sh"
- Copy
##功能
从ansible主机复制文件到受控主机
##常用参数
src ##源文件
desc ##目的地文件
owner ##指定目的地文件所有人
group ##指定目的地文件所有组
mode ##指定目的地文件权限
backup=yes ##当受控主机中存在文件时,备份原文件
content ##指定文本内容直接在受控主机中生成文件
##示例
ansible all -m copy -a "src=/root/Test dest=/mnt/Test owner=Test mode=777 backup=yes"
ansible all -m copy -a "content='Hello World\nHello Linux\n' dest=/mnt/File owner=root mode=600"
- Fetch
##功能
从受控主机把文件复制到Ansible主机,但不支持目录
##常用参数
src ##受控主机的源文件
dest ##本机目录
flat ##基本名称功能
##实例
ansible all -m fetch "src=/etc/hostname dest=/mnt/"
ansible all -m fetch "src=etc/hostname dest=/mnt/ flat=yes"
##实例过程
[root@Node1 .ansible]# ansible all -m fetch -a "src=/etc/hostname dest=/mnt/"
172.25.254.237 | CHANGED => {
"changed": true,
"checksum": "ec83c296550407766f210bd093f5f20f4bc3705b",
"dest": "/mnt/172.25.254.237/etc/hostname",
"md5sum": "d72e5cb6e85354489cdd58411a4b4459",
"remote_checksum": "ec83c296550407766f210bd093f5f20f4bc3705b",
"remote_md5sum": null
}
172.25.254.137 | CHANGED => {
"changed": true,
"checksum": "2ee6b4155d449849a8aaee74a42ba4bd5b707744",
"dest": "/mnt/172.25.254.137/etc/hostname",
"md5sum": "06878442dd9b3eb634b7676e091e968f",
"remote_checksum": "2ee6b4155d449849a8aaee74a42ba4bd5b707744",
"remote_md5sum": null
}
[root@Node1 .ansible]# ls -l /mnt/
total 0
drwxr-xr-x 3 root root 17 Mar 16 16:56 172.25.254.137
drwxr-xr-x 3 root root 17 Mar 16 16:56 172.25.254.237
[root@Node1 .ansible]# ansible all -m fetch -a "src=/etc/hostname dest=/mnt/ flat=yes"
172.25.254.237 | CHANGED => {
"changed": true,
"checksum": "ec83c296550407766f210bd093f5f20f4bc3705b",
"dest": "/mnt/hostname",
"md5sum": "d72e5cb6e85354489cdd58411a4b4459",
"remote_checksum": "ec83c296550407766f210bd093f5f20f4bc3705b",
"remote_md5sum": null
}
172.25.254.137 | CHANGED => {
"changed": true,
"checksum": "2ee6b4155d449849a8aaee74a42ba4bd5b707744",
"dest": "/mnt/hostname",
"md5sum": "06878442dd9b3eb634b7676e091e968f",
"remote_checksum": "2ee6b4155d449849a8aaee74a42ba4bd5b707744",
"remote_md5sum": null
}
[root@Node1 .ansible]# ls -l /mnt/
total 4
drwxr-xr-x 3 root root 17 Mar 16 16:56 172.25.254.137
drwxr-xr-x 3 root root 17 Mar 16 16:56 172.25.254.237
-rw-r--r-- 1 root root 17 Mar 16 16:56 hostname
[root@Node1 .ansible]# cat /mnt/hostname
Node2.westos.org
##可以看到hostname中只有一行内容,并不是只进行了一次操作,而是后续操作覆盖了之前文件中的内容,最终只剩下一个结果.
6. File
##功能
设置文件的属性
##常用参数
path ##指定目标名称
state ##指定操作状态
##touch 建立
##absent 删除
##directory 递归/创建目录
##link 建立链接
##hard 建立硬链接
mode ##设定权限
owner ##设定文件用户
group ##设定文件组
src ##源文件
dest ##目标文件
recurse=yes ##递归更改
##实例
ansible all -m file -a 'path=/mnt/Test state=touch'
在所有受控主机的mnt目录下创建Test文件
ansible all -m file -a 'path=/mnt/Test state=absent'
删除所有受控主机mnt目录下的Test文件
ansible all -m file -a 'path=/mnt/TestDir state=directory'
在所有受控主机的mnt目录下创建TestDir目录
ansible all -m file -a 'path=/mnt/TestDir state=directory mode=777 owner=root group=root recurse=yes'
在所有受控主机的mnt目录下执行权限修改ia,将TestDir目录及其内部文件的权限均更改为777,所有者和所有组为root
ansible all -m file -a 'src=/mnt/Test dest=/mnt/TestFile state=hard'
在所有受控主机的mnt目录下建立TestFile硬链接文件,内容为Test
ansible all -m file -a 'src=/mnt/Test dest=/mnt/TestFile2 state=link'
在所有受控主机的mnt目录下建立指向Test文件的软链接文件TestFile2
[root@Node1 ~]# cd .ansible/
##尝试创建文件
[root@Node1 .ansible]# ansible all -m file -a 'path=/mnt/Test state=touch owner=root group=root mode=777'
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/mnt/Test",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/mnt/Test",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
##检查创建结果
[root@Node1 .ansible]# ansible all -m shell -a 'ls -lR /mnt'
172.25.254.237 | CHANGED | rc=0 >>
/mnt:
total 0
-rwxrwxrwx 1 root root 0 Mar 17 09:33 Test
172.25.254.137 | CHANGED | rc=0 >>
/mnt:
total 0
-rwxrwxrwx 1 root root 0 Mar 17 09:33 Test
##创建软链接
[root@Node1 .ansible]# ansible all -m file -a 'src=/mnt/Test dest=/mnt/TestFile state=link'
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/mnt/TestFile",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 9,
"src": "/mnt/Test",
"state": "link",
"uid": 0
}
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/mnt/TestFile",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 9,
"src": "/mnt/Test",
"state": "link",
"uid": 0
}
[root@Node1 .ansible]# ansible all -m shell -a 'ls -lR /mnt'
172.25.254.237 | CHANGED | rc=0 >>
/mnt:
total 0
-rwxrwxrwx 1 root root 0 Mar 17 09:33 Test
lrwxrwxrwx 1 root root 9 Mar 17 09:36 TestFile -> /mnt/Test
172.25.254.137 | CHANGED | rc=0 >>
/mnt:
total 0
-rwxrwxrwx 1 root root 0 Mar 17 09:33 Test
lrwxrwxrwx 1 root root 9 Mar 17 09:36 TestFile -> /mnt/Test
##创建硬链接
[root@Node1 .ansible]# ansible all -m file -a 'src=/mnt/Test dest=/mnt/TestFile2 state=hard'
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/mnt/TestFile2",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 0,
"src": "/mnt/Test",
"state": "hard",
"uid": 0
}
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/mnt/TestFile2",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 0,
"src": "/mnt/Test",
"state": "hard",
"uid": 0
}
##查看ID号,可以看到软链接和硬链接的区别
[root@Node1 .ansible]# ansible all -m shell -a 'ls -li /mnt'
172.25.254.137 | CHANGED | rc=0 >>
total 0
3205406 -rwxrwxrwx 2 root root 0 Mar 17 09:33 Test
3205407 lrwxrwxrwx 1 root root 9 Mar 17 09:36 TestFile -> /mnt/Test
3205406 -rwxrwxrwx 2 root root 0 Mar 17 09:33 TestFile2
172.25.254.237 | CHANGED | rc=0 >>
total 0
3205394 -rwxrwxrwx 2 root root 0 Mar 17 09:33 Test
3205407 lrwxrwxrwx 1 root root 9 Mar 17 09:36 TestFile -> /mnt/Test
3205394 -rwxrwxrwx 2 root root 0 Mar 17 09:33 TestFile2
- Unarchive
##作用
解压缩
##常用参数
copy ##默认为yes 从Ansible主机复制文件到受控主机
##设定为No时,从受控主机中寻找src文件
remote_src ##功能同copy相反
##设定为yes时表示包在受控主机
##设定为no时表示包在Ansible主机
src ##包路径
dest ##受控主机目录
mode ##解压后文件权限,只有当copy=yes时才生效
##实例
ansible all -m unarchive -a 'src=/mnt/etc.tar.gz dest=/mnt owner=root'
讲本机mnt目录下的etc.tar.gz解压并将其中的内容复制到受控主机的mnt目录,设定所有者为root
- Archive
##作用
压缩
##常用参数
path ##打包目录名称
dest ##声明打包文件名称
format ##打包格式
owner ##指定文件所有人
mode ##指定文件所有组
##实例
ansible all -m archive -a 'path=/etc dest=/mnt/etc.tar.gz format=gz'
- Cron
##作用
计划任务
##常用参数
minute ##分钟设置
hour ##小时设置
month ##月设置
weekday ##周设置
name ##任务名称
job ##任务脚本或命令
disabled ##yes 禁用计划任务
##no 启动计划任务
state ##absent 删除计划任务
##实例
ansible all -m cron -a "job='echo Hello' name=Test disabled=no"
为受控主机设定名为Test的系统定时任务,默认时间顺序 内容为输出Hello,并启动计划任务
ansible all -m cron -a "job='echo Hello' name= Test state=absent"
删除受控主机上指定的计划任务
- yum_repository
##作用
配置系统软件仓库源文件
##常用参数
name ##指定仓库名称
baseurl ##指定源路径
description ##指定仓库描述
file ##指定仓库文件名称
enabled ##仓库是否启用
gpgcheck ##长裤是否检测gpgkey
state ##默认值为present
##present 建立
##absent 删除
##实例
ansible all -m yum_repository -a "name=AppStream description=AppStream baseurl=http://172.25.254.36/Test/AppStream gpgcheck=no enabled=1 file=NeuWings"
在NeuWings.repo中建立名为AppStream 描述也为AppStream 源路径如上所示 不检测gpgcheck的软件仓库并启用
ansible all -m yum_repository -a "name=AppStream description=AppStream baseurl=http://172.25.254.36/Test/AppStream enabled=0 file=NeuWings"
关闭刚刚建立的AppStream仓库
ansible all -m yum_repository -a "name=AppStream description=AppStream baseurl=http://172.25.254.36/Test/AppStream enabled=1 file=NeuWings state=absent"
删除刚刚建立的AppStream仓库
[root@Node1 .ansible]# ansible all -m yum_repository -a "name=AppStream description=AppStream baseurl=http://172.25.254.36/Test/AppStream gpgcheck=no enabled=1 file=NeuWings"
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "AppStream",
"state": "present"
}
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "AppStream",
"state": "present"
}
[root@Node1 .ansible]# ansible all -m shell -a "cat /etc/yum.repos.d/NeuWings.repo"
172.25.254.237 | CHANGED | rc=0 >>
[AppStream]
baseurl = http://172.25.254.36/Test/AppStream
enabled = 1
gpgcheck = 0
name = AppStream
172.25.254.137 | CHANGED | rc=0 >>
[AppStream]
baseurl = http://172.25.254.36/Test/AppStream
enabled = 1
gpgcheck = 0
name = AppStream
[root@Node1 .ansible]# ansible all -m yum_repository -a "name=BaseOS description=BaseOS baseurl=http://172.25.254.36/Test/BaseOS gpgcheck=no enabled=1 file=NeuWings"
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "BaseOS",
"state": "present"
}
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "BaseOS",
"state": "present"
}
[root@Node1 .ansible]# ansible all -m shell -a "cat /etc/yum.repos.d/NeuWings.repo"
172.25.254.237 | CHANGED | rc=0 >>
[AppStream]
baseurl = http://172.25.254.36/Test/Appstream
enabled = 1
gpgcheck = 0
name = AppStream
[BaseOS]
baseurl = http://172.25.254.36/Test/BaseOS
enabled = 1
gpgcheck = 0
name = BaseOS
172.25.254.137 | CHANGED | rc=0 >>
[AppStream]
baseurl = http://172.25.254.36/Test/Appstream
enabled = 1
gpgcheck = 0
name = AppStream
[BaseOS]
baseurl = http://172.25.254.36/Test/BaseOS
enabled = 1
gpgcheck = 0
name = BaseOS
[root@Node1 .ansible]# ansible all -m yum_repository -a "name=AppStream description=AppStream basrurl=http://172.25.254.36/Test/Appstream enabled=1 file=NeuWings state=absent"
172.25.254.237 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "Unsupported parameters for (yum_repository) module: basrurl Supported parameters include: async, attributes, backup, bandwidth, baseurl, content, cost, delimiter, deltarpm_metadata_percentage, deltarpm_percentage, description, directory_mode, enabled, enablegroups, exclude, failovermethod, file, follow, force, gpgcakey, gpgcheck, gpgkey, group, http_caching, include, includepkgs, ip_resolve, keepalive, keepcache, metadata_expire, metadata_expire_filter, metalink, mirrorlist, mirrorlist_expire, mode, name, owner, params, password, priority, protect, proxy, proxy_password, proxy_username, regexp, remote_src, repo_gpgcheck, reposdir, retries, s3_enabled, selevel, serole, setype, seuser, skip_if_unavailable, src, ssl_check_cert_permissions, sslcacert, sslclientcert, sslclientkey, sslverify, state, throttle, timeout, ui_repoid_vars, unsafe_writes, username"
}
172.25.254.137 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "Unsupported parameters for (yum_repository) module: basrurl Supported parameters include: async, attributes, backup, bandwidth, baseurl, content, cost, delimiter, deltarpm_metadata_percentage, deltarpm_percentage, description, directory_mode, enabled, enablegroups, exclude, failovermethod, file, follow, force, gpgcakey, gpgcheck, gpgkey, group, http_caching, include, includepkgs, ip_resolve, keepalive, keepcache, metadata_expire, metadata_expire_filter, metalink, mirrorlist, mirrorlist_expire, mode, name, owner, params, password, priority, protect, proxy, proxy_password, proxy_username, regexp, remote_src, repo_gpgcheck, reposdir, retries, s3_enabled, selevel, serole, setype, seuser, skip_if_unavailable, src, ssl_check_cert_permissions, sslcacert, sslclientcert, sslclientkey, sslverify, state, throttle, timeout, ui_repoid_vars, unsafe_writes, username"
}
[root@Node1 .ansible]# ansible all -m yum_repository -a "name=AppStream description=AppStream baseurl=http://172.25.254.36/Test/Appstream enabled=1 file=NeuWings state=absent"
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "AppStream",
"state": "absent"
}
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "AppStream",
"state": "absent"
}
[root@Node1 .ansible]# ansible all -m shell -a "cat /etc/yum.repos.d/NeuWings.repo"
172.25.254.137 | CHANGED | rc=0 >>
[BaseOS]
baseurl = http://172.25.254.36/Test/BaseOS
enabled = 1
gpgcheck = 0
name = BaseOS
172.25.254.237 | CHANGED | rc=0 >>
[BaseOS]
baseurl = http://172.25.254.36/Test/BaseOS
enabled = 1
gpgcheck = 0
name = BaseOS
[root@Node1 .ansible]# ansible all -m yum_repository -a "name=AppStream description=AppStream baseurl=http://172.25.254.36/Test/AppStream gpgcheck=no enabled=1 file=NeuWings"
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "AppStream",
"state": "present"
}
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "AppStream",
"state": "present"
}
- DNF
##作用
管理系统中的dnf仓库及管理软件
##常用参数
name ##指定软件包
state ##指定动作
##present 安装
##latest 更新
##absent 删除
list ##列出指定信息
##httpd
##installed
##all
##available
disable_gpg_check ##手动禁用gpgkey检测
enablerepo ##指定安装包来源
disablerepo ##禁用安装包来源
autoremove ##是否卸载依赖性
##默认为no
##no 不卸载依赖性,只卸载软件本身
##yes 同时卸载其依赖性
##实例
ansible all -m dnf -a 'name=httpd state=latest'
ansible all -m dnf -a 'name="dhcp-server,mariadb-server" state=present'
ansible all -m dnf -a 'name=httpd state=absent autoremove=yes'
ansible all -m dnf -a 'name=httpd state=present enablerepo=AppStream'
ansible all -m dnf -a 'name="*" state=latest'
ansible all -m dnf -a 'name="http://172.25.254.36/Softwares/QQ.rpm" state=present'
ansible all -m dnf -a 'name="@Virtualization Tools" state=present'
ansible all -m dnf -a 'name="@Virtualization Tools" state=absent autoremove=yes'
[root@Node1 .ansible]# ansible all -m dnf -a 'name=httpd state=latest'
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: apr-util-bdb-1.6.1-6.el8.x86_64",
"Installed: httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64",
"Installed: httpd-filesystem-2.4.37-21.module+el8.2.0+5008+cca404a3.noarch",
"Installed: httpd-tools-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64",
"Installed: mod_http2-1.11.3-3.module+el8.2.0+4377+dc421495.x86_64",
"Installed: apr-util-openssl-1.6.1-6.el8.x86_64",
"Installed: apr-1.6.3-9.el8.x86_64",
"Installed: apr-util-1.6.1-6.el8.x86_64",
"Installed: redhat-logos-httpd-81.1-1.el8.noarch"
]
}
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: apr-util-bdb-1.6.1-6.el8.x86_64",
"Installed: httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64",
"Installed: httpd-filesystem-2.4.37-21.module+el8.2.0+5008+cca404a3.noarch",
"Installed: httpd-tools-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64",
"Installed: mod_http2-1.11.3-3.module+el8.2.0+4377+dc421495.x86_64",
"Installed: apr-util-openssl-1.6.1-6.el8.x86_64",
"Installed: apr-1.6.3-9.el8.x86_64",
"Installed: apr-util-1.6.1-6.el8.x86_64",
"Installed: redhat-logos-httpd-81.1-1.el8.noarch"
]
}
[root@Node1 .ansible]# ansible all -m dnf -a 'name="httpd mariadb-server" state=present'
172.25.254.237 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "It appears that a space separated string of packages was passed in as an argument. To operate on several packages, pass a comma separated string of packages or a list of packages."
}
172.25.254.137 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "It appears that a space separated string of packages was passed in as an argument. To operate on several packages, pass a comma separated string of packages or a list of packages."
}
[root@Node1 .ansible]# ansible all -m dnf -a 'name="dhcp-server,mariadb-server" state=present'
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: perl-DBD-MySQL-4.046-3.module+el8.1.0+2938+301254e2.x86_64",
"Installed: dhcp-server-12:4.3.6-40.el8.x86_64",
"Installed: mariadb-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Installed: mariadb-backup-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Installed: mariadb-common-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Installed: mariadb-connector-c-3.0.7-1.el8.x86_64",
"Installed: mariadb-connector-c-config-3.0.7-1.el8.noarch",
"Installed: mariadb-errmsg-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Installed: mariadb-gssapi-server-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Installed: mariadb-server-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Installed: mariadb-server-utils-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64"
]
}
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: perl-DBD-MySQL-4.046-3.module+el8.1.0+2938+301254e2.x86_64",
"Installed: dhcp-server-12:4.3.6-40.el8.x86_64",
"Installed: mariadb-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Installed: mariadb-backup-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Installed: mariadb-common-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Installed: mariadb-connector-c-3.0.7-1.el8.x86_64",
"Installed: mariadb-connector-c-config-3.0.7-1.el8.noarch",
"Installed: mariadb-errmsg-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Installed: mariadb-gssapi-server-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Installed: mariadb-server-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Installed: mariadb-server-utils-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64"
]
}
[root@Node1 .ansible]# ansible all -m dnf -a 'name=httpd state=absent autoremove=yes'
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Removed: redhat-logos-httpd-81.1-1.el8.noarch",
"Removed: mod_http2-1.11.3-3.module+el8.2.0+4377+dc421495.x86_64",
"Removed: apr-1.6.3-9.el8.x86_64",
"Removed: apr-util-1.6.1-6.el8.x86_64",
"Removed: apr-util-bdb-1.6.1-6.el8.x86_64",
"Removed: apr-util-openssl-1.6.1-6.el8.x86_64",
"Removed: httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64",
"Removed: httpd-filesystem-2.4.37-21.module+el8.2.0+5008+cca404a3.noarch",
"Removed: httpd-tools-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64"
]
}
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Removed: redhat-logos-httpd-81.1-1.el8.noarch",
"Removed: mod_http2-1.11.3-3.module+el8.2.0+4377+dc421495.x86_64",
"Removed: apr-1.6.3-9.el8.x86_64",
"Removed: apr-util-1.6.1-6.el8.x86_64",
"Removed: apr-util-bdb-1.6.1-6.el8.x86_64",
"Removed: apr-util-openssl-1.6.1-6.el8.x86_64",
"Removed: httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64",
"Removed: httpd-filesystem-2.4.37-21.module+el8.2.0+5008+cca404a3.noarch",
"Removed: httpd-tools-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64"
]
}
[root@Node1 .ansible]# ansible all -m dnf -a 'name="*" state=latest'
172.25.254.137 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "Nothing to do",
"rc": 0,
"results": []
}
172.25.254.237 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "Nothing to do",
"rc": 0,
"results": []
}
[root@Node1 .ansible]# ansible all -m dnf -a 'name="httpd,mariadb-server,dhcp-server" state=absent autoremove=yes'
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Removed: mariadb-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-backup-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-common-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-connector-c-3.0.7-1.el8.x86_64",
"Removed: mariadb-connector-c-config-3.0.7-1.el8.noarch",
"Removed: mariadb-errmsg-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-gssapi-server-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-server-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-server-utils-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: dhcp-server-12:4.3.6-40.el8.x86_64",
"Removed: perl-DBD-MySQL-4.046-3.module+el8.1.0+2938+301254e2.x86_64"
]
}
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Removed: mariadb-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-backup-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-common-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-connector-c-3.0.7-1.el8.x86_64",
"Removed: mariadb-connector-c-config-3.0.7-1.el8.noarch",
"Removed: mariadb-errmsg-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-gssapi-server-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-server-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-server-utils-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: dhcp-server-12:4.3.6-40.el8.x86_64",
"Removed: perl-DBD-MySQL-4.046-3.module+el8.1.0+2938+301254e2.x86_64"
]
}
[root@Node1 .ansible]# ansible all -m dnf -a 'name="@Virtualization Tools" state=present'
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Group virtualization-tools installed.",
"Installed: libguestfs-1:1.38.4-15.module+el8.2.0+5297+222a20af.x86_64",
"Installed: virtio-win-1.9.11-1.el8.noarch",
"Installed: hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab.x86_64",
"Installed: syslinux-6.04-4.el8.x86_64",
"Installed: syslinux-extlinux-nonlinux-6.04-4.el8.noarch",
"Installed: syslinux-nonlinux-6.04-4.el8.noarch",
"Installed: syslinux-extlinux-6.04-4.el8.x86_64",
"Installed: supermin-5.1.19-9.module+el8.1.0+4066+0f1aadab.x86_64",
"Installed: scrub-2.5.2-14.el8.x86_64"
]
}
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Group virtualization-tools installed.",
"Installed: libguestfs-1:1.38.4-15.module+el8.2.0+5297+222a20af.x86_64",
"Installed: virtio-win-1.9.11-1.el8.noarch",
"Installed: hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab.x86_64",
"Installed: syslinux-6.04-4.el8.x86_64",
"Installed: syslinux-extlinux-nonlinux-6.04-4.el8.noarch",
"Installed: syslinux-nonlinux-6.04-4.el8.noarch",
"Installed: syslinux-extlinux-6.04-4.el8.x86_64",
"Installed: supermin-5.1.19-9.module+el8.1.0+4066+0f1aadab.x86_64",
"Installed: scrub-2.5.2-14.el8.x86_64"
]
}
[root@Node1 .ansible]# ansible all -m dnf -a 'name="@Virtualization Tools" state=absent autoremove=yes'
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Removed: libguestfs-1:1.38.4-15.module+el8.2.0+5297+222a20af.x86_64",
"Removed: hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab.x86_64",
"Removed: supermin-5.1.19-9.module+el8.1.0+4066+0f1aadab.x86_64",
"Removed: syslinux-6.04-4.el8.x86_64",
"Removed: syslinux-extlinux-6.04-4.el8.x86_64",
"Removed: scrub-2.5.2-14.el8.x86_64",
"Removed: syslinux-extlinux-nonlinux-6.04-4.el8.noarch",
"Removed: syslinux-nonlinux-6.04-4.el8.noarch",
"Removed: virtio-win-1.9.11-1.el8.noarch"
]
}
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Removed: libguestfs-1:1.38.4-15.module+el8.2.0+5297+222a20af.x86_64",
"Removed: hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab.x86_64",
"Removed: supermin-5.1.19-9.module+el8.1.0+4066+0f1aadab.x86_64",
"Removed: syslinux-6.04-4.el8.x86_64",
"Removed: syslinux-extlinux-6.04-4.el8.x86_64",
"Removed: scrub-2.5.2-14.el8.x86_64",
"Removed: syslinux-extlinux-nonlinux-6.04-4.el8.noarch",
"Removed: syslinux-nonlinux-6.04-4.el8.noarch",
"Removed: virtio-win-1.9.11-1.el8.noarch"
]
}
- Service
##作用
管理系统服务状态
##常用参数
name ##指定服务名称
state ##指定对服务的动作
##started
##stoped
##restarted
##reloaded
##需要注意的是,并非所有服务都支持reloaded
enabled ##设置服务开机是否启动
##yes 开机启动
##no 开机不启动
##实例
ansible all -m service -a "name=httpd state=started enabled=yes"
ansible all -m service -a "name=httpd state=reloaded enabled=yes"
ansible all -m service -a "name=httpd state=restarted enabled=yes"
- Firewalld
##作用
对于火墙服务规则进行管理
##常用参数
zone ##指定火墙的域
service ##服务名称
permanent ##是否永久生效
state ##操作状态
##enabled 允许
##disabled 拒绝
immediate ##立即生效
##实例
ansible all -m firewalld -a "zone=public service=http permanent=yes state=enabled immediate=yes"
##实验操作
##为所有受控主机安装Apache服务
[root@Node1 .ansible]# ansible all -m dnf -a "name=httpd state=latest"
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: apr-util-bdb-1.6.1-6.el8.x86_64",
"Installed: httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64",
"Installed: httpd-filesystem-2.4.37-21.module+el8.2.0+5008+cca404a3.noarch",
"Installed: httpd-tools-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64",
"Installed: mod_http2-1.11.3-3.module+el8.2.0+4377+dc421495.x86_64",
"Installed: apr-util-openssl-1.6.1-6.el8.x86_64",
"Installed: apr-1.6.3-9.el8.x86_64",
"Installed: apr-util-1.6.1-6.el8.x86_64",
"Installed: redhat-logos-httpd-81.1-1.el8.noarch"
]
}
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: apr-util-bdb-1.6.1-6.el8.x86_64",
"Installed: httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64",
"Installed: httpd-filesystem-2.4.37-21.module+el8.2.0+5008+cca404a3.noarch",
"Installed: httpd-tools-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64",
"Installed: mod_http2-1.11.3-3.module+el8.2.0+4377+dc421495.x86_64",
"Installed: apr-util-openssl-1.6.1-6.el8.x86_64",
"Installed: apr-1.6.3-9.el8.x86_64",
"Installed: apr-util-1.6.1-6.el8.x86_64",
"Installed: redhat-logos-httpd-81.1-1.el8.noarch"
]
}
##在所有受控主机上临时开启Apache服务
[root@Node1 .ansible]# ansible all -m service -a "name=httpd state=started enabled=no"
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": false,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "basic.target -.mount tmp.mount network.target systemd-tmpfiles-setup.service httpd-init.service system.slice remote-fs.target systemd-journald.socket sysinit.target nss-lookup.target",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Before": "shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"CacheDirectoryMode": "0755",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend",
"CollectMode": "inactive",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"ConfigurationDirectoryMode": "0755",
"Conflicts": "shutdown.target",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The Apache HTTP Server",
"DevicePolicy": "auto",
"Documentation": "man:httpd.service(8)",
"DynamicUser": "no",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"Environment": "LANG=C",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/httpd.service",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
"IPIngressBytes": "18446744073709551615",
"IPIngressPackets": "18446744073709551615",
"Id": "httpd.service",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestampMonotonic": "0",
"JobRunningTimeoutUSec": "infinity",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KeyringMode": "private",
"KillMode": "mixed",
"KillSignal": "28",
"LimitAS": "infinity",
"LimitASSoft": "infinity",
"LimitCORE": "infinity",
"LimitCORESoft": "infinity",
"LimitCPU": "infinity",
"LimitCPUSoft": "infinity",
"LimitDATA": "infinity",
"LimitDATASoft": "infinity",
"LimitFSIZE": "infinity",
"LimitFSIZESoft": "infinity",
"LimitLOCKS": "infinity",
"LimitLOCKSSoft": "infinity",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "262144",
"LimitNOFILESoft": "1024",
"LimitNPROC": "2690",
"LimitNPROCSoft": "2690",
"LimitRSS": "infinity",
"LimitRSSSoft": "infinity",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "infinity",
"LimitRTTIMESoft": "infinity",
"LimitSIGPENDING": "2690",
"LimitSIGPENDINGSoft": "2690",
"LimitSTACK": "infinity",
"LimitSTACKSoft": "8388608",
"LoadState": "loaded",
"LockPersonality": "no",
"LogLevelMax": "-1",
"LogRateLimitBurst": "0",
"LogRateLimitIntervalUSec": "0",
"LogsDirectoryMode": "0755",
"MainPID": "0",
"MemoryAccounting": "yes",
"MemoryCurrent": "[not set]",
"MemoryDenyWriteExecute": "no",
"MemoryHigh": "infinity",
"MemoryLimit": "infinity",
"MemoryLow": "0",
"MemoryMax": "infinity",
"MemorySwapMax": "infinity",
"MountAPIVFS": "no",
"MountFlags": "",
"NFileDescriptorStore": "0",
"NRestarts": "0",
"NUMAMask": "",
"NUMAPolicy": "n/a",
"Names": "httpd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "main",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PermissionsStartOnly": "no",
"Perpetual": "no",
"PrivateDevices": "no",
"PrivateMounts": "no",
"PrivateNetwork": "no",
"PrivateTmp": "yes",
"PrivateUsers": "no",
"ProtectControlGroups": "no",
"ProtectHome": "no",
"ProtectKernelModules": "no",
"ProtectKernelTunables": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"RemoveIPC": "no",
"Requires": "-.mount system.slice sysinit.target",
"RequiresMountsFor": "/var/tmp",
"Restart": "no",
"RestartUSec": "100ms",
"RestrictNamespaces": "no",
"RestrictRealtime": "no",
"RestrictSUIDSGID": "no",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeDirectoryPreserve": "no",
"RuntimeMaxUSec": "infinity",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardInputData": "",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitIntervalUSec": "10s",
"StartupBlockIOWeight": "[not set]",
"StartupCPUShares": "[not set]",
"StartupCPUWeight": "[not set]",
"StartupIOWeight": "[not set]",
"StateChangeTimestampMonotonic": "0",
"StateDirectoryMode": "0755",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SuccessAction": "none",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "yes",
"TasksCurrent": "[not set]",
"TasksMax": "4304",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "notify",
"UID": "[not set]",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"UtmpMode": "init",
"Wants": "httpd-init.service",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": false,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "sysinit.target systemd-journald.socket httpd-init.service tmp.mount network.target basic.target -.mount remote-fs.target nss-lookup.target system.slice systemd-tmpfiles-setup.service",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Before": "shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"CacheDirectoryMode": "0755",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend",
"CollectMode": "inactive",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"ConfigurationDirectoryMode": "0755",
"Conflicts": "shutdown.target",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The Apache HTTP Server",
"DevicePolicy": "auto",
"Documentation": "man:httpd.service(8)",
"DynamicUser": "no",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"Environment": "LANG=C",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/httpd.service",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
"IPIngressBytes": "18446744073709551615",
"IPIngressPackets": "18446744073709551615",
"Id": "httpd.service",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestampMonotonic": "0",
"JobRunningTimeoutUSec": "infinity",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KeyringMode": "private",
"KillMode": "mixed",
"KillSignal": "28",
"LimitAS": "infinity",
"LimitASSoft": "infinity",
"LimitCORE": "infinity",
"LimitCORESoft": "infinity",
"LimitCPU": "infinity",
"LimitCPUSoft": "infinity",
"LimitDATA": "infinity",
"LimitDATASoft": "infinity",
"LimitFSIZE": "infinity",
"LimitFSIZESoft": "infinity",
"LimitLOCKS": "infinity",
"LimitLOCKSSoft": "infinity",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "262144",
"LimitNOFILESoft": "1024",
"LimitNPROC": "2690",
"LimitNPROCSoft": "2690",
"LimitRSS": "infinity",
"LimitRSSSoft": "infinity",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "infinity",
"LimitRTTIMESoft": "infinity",
"LimitSIGPENDING": "2690",
"LimitSIGPENDINGSoft": "2690",
"LimitSTACK": "infinity",
"LimitSTACKSoft": "8388608",
"LoadState": "loaded",
"LockPersonality": "no",
"LogLevelMax": "-1",
"LogRateLimitBurst": "0",
"LogRateLimitIntervalUSec": "0",
"LogsDirectoryMode": "0755",
"MainPID": "0",
"MemoryAccounting": "yes",
"MemoryCurrent": "[not set]",
"MemoryDenyWriteExecute": "no",
"MemoryHigh": "infinity",
"MemoryLimit": "infinity",
"MemoryLow": "0",
"MemoryMax": "infinity",
"MemorySwapMax": "infinity",
"MountAPIVFS": "no",
"MountFlags": "",
"NFileDescriptorStore": "0",
"NRestarts": "0",
"NUMAMask": "",
"NUMAPolicy": "n/a",
"Names": "httpd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "main",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PermissionsStartOnly": "no",
"Perpetual": "no",
"PrivateDevices": "no",
"PrivateMounts": "no",
"PrivateNetwork": "no",
"PrivateTmp": "yes",
"PrivateUsers": "no",
"ProtectControlGroups": "no",
"ProtectHome": "no",
"ProtectKernelModules": "no",
"ProtectKernelTunables": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"RemoveIPC": "no",
"Requires": "system.slice -.mount sysinit.target",
"RequiresMountsFor": "/var/tmp",
"Restart": "no",
"RestartUSec": "100ms",
"RestrictNamespaces": "no",
"RestrictRealtime": "no",
"RestrictSUIDSGID": "no",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeDirectoryPreserve": "no",
"RuntimeMaxUSec": "infinity",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardInputData": "",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitIntervalUSec": "10s",
"StartupBlockIOWeight": "[not set]",
"StartupCPUShares": "[not set]",
"StartupCPUWeight": "[not set]",
"StartupIOWeight": "[not set]",
"StateChangeTimestampMonotonic": "0",
"StateDirectoryMode": "0755",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SuccessAction": "none",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "yes",
"TasksCurrent": "[not set]",
"TasksMax": "4304",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "notify",
"UID": "[not set]",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"UtmpMode": "init",
"Wants": "httpd-init.service",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
[root@Node1 .ansible]# ansible all -m shell -a "systemctl status httpd"
172.25.254.137 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2021-03-17 13:55:04 CST; 30s ago
Docs: man:httpd.service(8)
Main PID: 47975 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 4304)
Memory: 19.1M
CGroup: /system.slice/httpd.service
├─47975 /usr/sbin/httpd -DFOREGROUND
├─47976 /usr/sbin/httpd -DFOREGROUND
├─47977 /usr/sbin/httpd -DFOREGROUND
├─47978 /usr/sbin/httpd -DFOREGROUND
└─47979 /usr/sbin/httpd -DFOREGROUND
Mar 17 13:55:04 Node2.westos.org systemd[1]: Starting The Apache HTTP Server...
Mar 17 13:55:04 Node2.westos.org systemd[1]: Started The Apache HTTP Server.
Mar 17 13:55:04 Node2.westos.org httpd[47975]: Server configured, listening on: port 80
172.25.254.237 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2021-03-17 13:55:04 CST; 30s ago
Docs: man:httpd.service(8)
Main PID: 47813 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 4304)
Memory: 21.1M
CGroup: /system.slice/httpd.service
├─47813 /usr/sbin/httpd -DFOREGROUND
├─47814 /usr/sbin/httpd -DFOREGROUND
├─47815 /usr/sbin/httpd -DFOREGROUND
├─47816 /usr/sbin/httpd -DFOREGROUND
└─47817 /usr/sbin/httpd -DFOREGROUND
Mar 17 13:55:04 Node3.westos.org systemd[1]: Starting The Apache HTTP Server...
Mar 17 13:55:04 Node3.westos.org systemd[1]: Started The Apache HTTP Server.
Mar 17 13:55:04 Node3.westos.org httpd[47813]: Server configured, listening on: port 80
[root@Node1 .ansible]# ansible all -m firewalld -a "zone=public service=httpd permanent=yes immediate=yes state=enabled"
172.25.254.237 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: INVALID_SERVICE: 'httpd' not among existing services Permanent and Non-Permanent(immediate) operation, Services are defined by port/tcp relationship and named as they are in /etc/services (on most systems)"
}
172.25.254.137 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: INVALID_SERVICE: 'httpd' not among existing services Permanent and Non-Permanent(immediate) operation, Services are defined by port/tcp relationship and named as they are in /etc/services (on most systems)"
}
[root@Node1 .ansible]# ansible all -m firewalld -a "zone=public service=http permanent=yes immediate=yes state=enabled"
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed service http to enabled"
}
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed service http to enabled"
}
[root@Node1 .ansible]# ansible all -m shell -a "firewall-cmd --list-all"
172.25.254.137 | CHANGED | rc=0 >>
public (active)
target: default
icmp-block-inversion: no
interfaces: ens3
sources:
services: cockpit dhcpv6-client http ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
172.25.254.237 | CHANGED | rc=0 >>
public (active)
target: default
icmp-block-inversion: no
interfaces: ens3
sources:
services: cockpit dhcpv6-client http ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
- User
##作用
管理远程主机上的账户,如创建/修改/删除/为用户创建密钥
##常用参数
name ##必须参数,指定操作对象的用户名称
group ##指定用户所在的基本组
groups ##指定用户所在的附加组
append ##指定附加组的添加情况,默认情况下为no,意思为替换附加组而不是追加
shell ##指定用户的默认shell
uid ##指定用户的UID号
comment ##指定用户的注释信息
state ##用于指定用户是否存在于远程主机
##persent 建立
##absent 删除
remove ##删除用户时是否删除用户家目录,默认值为no
password ##用于指定用户密码,但密码为明文
##为了安全加密
##可以用openssl password -6 '密码'生成加密字符
generate_ssh_key ##为用户生成sshkey
##实例
ansible all -m user -a 'name=TestBench state=present uid=9961 group=9961 comment="TestBench User" generate_ssh_key=yes'
ansible all -m user -a 'name=TestBench remove=yes state=absent'
- Group
##作用
用于管理远程主机上的组
##常用参数
name ##必须参数,用于指定操作组的名称
state ##用于指定组的状态
##present 建立
##absent 删除
gid ##用于指定组的GID
##实例
ansible all -m group -a "name=Test state=present gid=9961"
absible all -m group -a "name=Test state=absent"
##实验操作
##建立下文需要使用的用户组
[root@Node1 .ansible]# ansible all -m group -a 'name=TestBench state=present gid=9961'
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 9961,
"name": "TestBench",
"state": "present",
"system": false
}
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 9961,
"name": "TestBench",
"state": "present",
"system": false
}
##建立TestBench用户并设定具体信息,同时为其分配SSHKey
[root@Node1 .ansible]# ansible all -m user -a 'name=TestBench state=present uid=9961 group=9961 comment="TestBench User" generate_ssh_key=yes'
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "TestBench User",
"create_home": true,
"group": 9961,
"home": "/home/TestBench",
"name": "TestBench",
"shell": "/bin/bash",
"ssh_fingerprint": "3072 SHA256:jWdVvrzIKekLTl0qSi5AGewuMC5RyZ7D+4pDcaZK0WI ansible-generated on Node3.westos.org (RSA)",
"ssh_key_file": "/home/TestBench/.ssh/id_rsa",
"ssh_public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDb4zD5CAwVL1oKmE8fjdzkmCUG52qBGjyy09eyo4qXs4FaqTb1wEem8lcUmM7CdQjqC7AGhhkFGuLQ6DtUA26aEx983HK2azbhYkFLYc3MmdR5Q25H8EOtNtpOgRXjyIi4zuLd9IN9DPxUg0G7S/fRJnuePA/R7/w1ReGgl241Nr3NYlVndsWbOwxhzjk8Iont1hZH4TZYUD7NdhrB+BiNp5+6LKu3+6QPo5SGjlMeOXoug6Ni5e2m1vadHRrJDrdbkUE7sVaRJT17puZTWsVRLh28d/LNqj2YkEWKS5crqfhJMcdm/CMCxEncW7ApML6Xhewd2TYssJdJf6q3911r82eyKl9I7KAfdd88YZbO35fFBJZ4Uep41mj0m9RDmprfiEyQK6pVhSCyEF3JmQ4zwdl5SYQAmq7NIXjn7kuEI7Yy/ILfHQTe5XdsyDrJf2Qa7URowH8TxWJFRpRQ7f7zoIqRxzOxjIVD2s8ColBpKvr9Ozag3DuCWfmBUucw/S8= ansible-generated on Node3.westos.org",
"state": "present",
"system": false,
"uid": 9961
}
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "TestBench User",
"create_home": true,
"group": 9961,
"home": "/home/TestBench",
"name": "TestBench",
"shell": "/bin/bash",
"ssh_fingerprint": "3072 SHA256:xxN1ZP9rYJxN1RVlm4dQkqwonOdThnCJvHF/Q3BRbbY ansible-generated on Node2.westos.org (RSA)",
"ssh_key_file": "/home/TestBench/.ssh/id_rsa",
"ssh_public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvslbIRt7OJy+4vmhETBDmsWpaSh946Ra22RtqnF+v/R18RGpjGhFU59rDaKo/blY81daSKtvGZ/syHOzfkUQwVrhXQ4ogEiBJSklyLw8d6s+633muz9NH/ZVVIOuZHgbPpTTwQkIB8NU0qrypq/GODBt7VJpKjbfvUFiltClrr7r2eusVCCYNUdkT83NjzZ1xrXLgbO+PD7kfwQO/ewIlsAQtg8Lpjv+Hub1UwB7cfMKUY5V8F4dtBHz+JxuLMCH3HoInk0mKW+5s5Lk7DzbpBmwuev9Xvclzpb9X0FNUyFayoreaPPlbLIxShhdegI6ksway6eAQh9JuVyKVjvcNvjc4SZBe/OImzJ5Pybmdl0e1NhNlowYvkdXxiEzN+xoJV49FbBug5y2C0LuQOEQaWANabdOI6k0AkCmWdpjoioKoEtDTZmSFvfj8N1uKiZWRlP4bZmz5/q4fAW+5quDfn//mKdoXd26cjq+G8QFKMD36n5NhuHDuKoZPlU0AmVk= ansible-generated on Node2.westos.org",
"state": "present",
"system": false,
"uid": 9961
}
##查看受控主机的私钥和公钥,可以看到各不相同
[root@Node1 .ansible]# ansible all -m shell -a "cat /home/TestBench/.ssh/id_rsa"
172.25.254.137 | CHANGED | rc=0 >>
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAr7JWyEbezicvuL5oREwQ5rFqWkofeOkWttkbapxfr/0dfERqYxoR
VOfaw2iqP25WPNXWkirbxmf7Mhzs35FEMFa4V0OKIBIgSUpJci8PHerPut95rs/TR/2VVS
DrmR4Gz6U08EJCAfDVNKq8qavxjgwbe1SaSo2371BYpbQpa6+69nrrFQgmDVHZE/NzY82d
ca1y4Gzvjw+5H8EDv3sCJbAELYPC6Y7/h7m9VMAe3HzClGOVfBeHbQR8/icbizAh9x6CJ5
NJilvubOS5Ow826QZsLnr/V73Jc6W/V9BTVMhWsqK3mjz5WyyMUoYXXoCOpLMGsungEIfS
blcilY73Db43OEmQXvziJsyeT8m5nZdHtTYTZaMGL5HV8YhMzfsaCVePRWwboOctgtC7kD
hEGlgDWm3TiOpNAJAplnaY6IqCqBLQ02Zkhb34/DdbiomVkZT+G2Zs+f6uHwFvuarg35//
5inaF3dunI6vhvEBSjA9+p+TYbhw7iqGT5VNAJlZAAAFoJZTPaSWUz2kAAAAB3NzaC1yc2
EAAAGBAK+yVshG3s4nL7i+aERMEOaxalpKH3jpFrbZG2qcX6/9HXxEamMaEVTn2sNoqj9u
VjzV1pIq28Zn+zIc7N+RRDBWuFdDiiASIElKSXIvDx3qz7rfea7P00f9lVUg65keBs+lNP
BCQgHw1TSqvKmr8Y4MG3tUmkqNt+9QWKW0KWuvuvZ66xUIJg1R2RPzc2PNnXGtcuBs748P
uR/BA797AiWwBC2DwumO/4e5vVTAHtx8wpRjlXwXh20EfP4nG4swIfcegieTSYpb7mzkuT
sPNukGbC56/1e9yXOlv1fQU1TIVrKit5o8+VssjFKGF16AjqSzBrLp4BCH0m5XIpWO9w2+
NzhJkF784ibMnk/JuZ2XR7U2E2WjBi+R1fGITM37GglXj0VsG6DnLYLQu5A4RBpYA1pt04
jqTQCQKZZ2mOiKgqgS0NNmZIW9+Pw3W4qJlZGU/htmbPn+rh8Bb7mq4N+f/+Yp2hd3bpyO
r4bxAUowPfqfk2G4cO4qhk+VTQCZWQAAAAMBAAEAAAGAIKBTcTmH4mxwdjQVlKkzckN75m
xhT8ipCSdj6fZD5qBwO0VRJDoRAd1USHlFNCY/KWjkQZxn134zrWilrBaDvR49eSb3nWEA
UdvTq7qFah7SmHcrV4UMTRAQDRDh7zseNK0PGZaUP1wDm5YhFrjxUFl7OPnK9RFAGNaov4
ynLHIjm+XThcJPnqWWVBgfU2c5V4TIEljoW36l9/mVwpcLHQiEnhcbuNdvKDsbp4NNt9AL
KhccCUEtStdMhr2oZb54IWHxhYW9DwkQAKSJ9jM4TM13SSQjrO02UZHl7iJfS4do2SlOgp
hfgHxk5a1XJB1A68RoNXRpJ0zuUbB3O7uhdQ834HFyA49uyE8EpdafHXy/PAezMFsbA8fN
e+EFabM9tDYfkl4HUSWO8TSTZ3SYaQbfL7vTaVZVtSDY4X3osRt03pJzLzzSzQaI45rDkB
fjaK0drGk2+PbeGGGv3x5h2RTOaBNVJcPA0HKcL0lZ8pHvwbXM+1nZMtX8JPBQyFIJAAAA
wHXuZ2froUU79KAJovNmdB++T955pTy34w+XZgf8ZShxOm286QMonLq/GXgp1Slk66q/Gd
VEaDP7UQryUr/1uSHFEHvAmeCzCw5VGbGUy4/PGcX7Q8c14Wuarem+MbU61h1nJhQPopRV
FpRr0ShpdvRvYiCQSMuGm7EYp3IvkKBdW5jC6G11FMzSitdxj8AjXCYH1QttTcOXSIZHLG
Am5JMEGvo5DimuhudwRI+z2NDFkkTCFREfNY/xGeat91OtJgAAAMEA3I4jNP2YtQ4l6igh
oR39M6n4LditanwrlixKLUoUi3e2aFg/fD5dasNz+9ZSWDO1q/YtvHk9wriwkdcNYkitAW
gKJZRFlwOgX4fHPqCr7WlmjnWx45+pSk5C5UrKwSWmCmQ4SdFlYtCBVHEwm0lP97Xt8b1N
KsquJvkUdKTL9Stg927W+fbCxwg28Vaxjoa5R2rqrD8ES+6rnubSPlkZ/nTV5ZsLo30x9K
cGDbuqlaXRO+Oyr4nz9e7iUPRnhPwPAAAAwQDL7qyfDEaWqHc8gmVPtGw8HlAaekBnKI70
ppwqOTnS+fPfYtXEvn3MZnUlH1Ll+0r2L32WjEL6VtFzhHsXXREHJdEyp3D1zN18xBVwl4
2UqvuDadujSOs+eoi/SEsBq9uV3JWIFjIociHg+SwLcPRwDup778ZqtT5vbyhEYo/XumIk
Q9mA61GagEm3q0s5JsHbgel/6+RSZNgRIEoUqWPFuYq/BGkKJpv72Red3JXwaOM5Nf6Kvn
FCdnoSpPuuzBcAAAAlYW5zaWJsZS1nZW5lcmF0ZWQgb24gTm9kZTIud2VzdG9zLm9yZwEC
AwQFBg==
-----END OPENSSH PRIVATE KEY-----
172.25.254.237 | CHANGED | rc=0 >>
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEA2+Mw+QgMFS9aCphPH43c5JglBudqgRo8stPXsqOKl7OBWqk29cBH
pvJXFJjOwnUI6guwBoYZBRri0Og7VANumhMffNxytms24WJBS2HNzJnUeUNuR/BDrTbaTo
EV48iIuM7i3fSDfQz8VINBu0v30SZ7njwP0e/8NUXhoJduNTa9zWJVZ3bFmzsMYc45PCKJ
7dYWR+E2WFA+zXYawfgYjaefuiyrt/ukD6OUho5THjl6LoOjYuXtptb2nR0ayQ63W5FBO7
FWkSU9e6bmU1rFUS4dvHfyzao9mJBFikuXK6n4STHHZvwjAsRJ3FuwKTC+l4XsHdk2LLCX
SX+qt/dda/NnsipfSOygH3XfPGGWzt+XxQSWeFHqeNZo9JvUQ5qa34hMkCuqVYUgshBdyZ
kOM8HZeUmEAJquzSF45+5LhCO2MvyC3x0E3uV3bMg6yX9kGu1EaMB/E8ViRUaUUO3+86CK
kcczsYyFQ9rPAqJQaSr6/Ts2oNw7gln5gVLnMP0vAAAFoOh3+GXod/hlAAAAB3NzaC1yc2
EAAAGBANvjMPkIDBUvWgqYTx+N3OSYJQbnaoEaPLLT17KjipezgVqpNvXAR6byVxSYzsJ1
COoLsAaGGQUa4tDoO1QDbpoTH3zccrZrNuFiQUthzcyZ1HlDbkfwQ6022k6BFePIiLjO4t
30g30M/FSDQbtL99Eme548D9Hv/DVF4aCXbjU2vc1iVWd2xZs7DGHOOTwiie3WFkfhNlhQ
Ps12GsH4GI2nn7osq7f7pA+jlIaOUx45ei6Do2Ll7abW9p0dGskOt1uRQTuxVpElPXum5l
NaxVEuHbx38s2qPZiQRYpLlyup+Ekxx2b8IwLESdxbsCkwvpeF7B3ZNiywl0l/qrf3XWvz
Z7IqX0jsoB913zxhls7fl8UElnhR6njWaPSb1EOamt+ITJArqlWFILIQXcmZDjPB2XlJhA
Cars0heOfuS4QjtjL8gt8dBN7ld2zIOsl/ZBrtRGjAfxPFYkVGlFDt/vOgipHHM7GMhUPa
zwKiUGkq+v07NqDcO4JZ+YFS5zD9LwAAAAMBAAEAAAGASzIqsT87QpNq62yiwlu1SsdtAi
tplLTwRQeFICYlYzOT7PkpPml/F2yQsw5+xqlXXxKYI+L/82r6Xg7NGzIBRNd9USniYNfR
cMo1Ih5UTr/clYulzxwvSLEVfvtODROrDehSVS0lOkKSmCQ6+l5EZVYPuFE558V2LpGzU0
P2AGS0C+Sw6C0J7sgGt/vaPuJg4ODxxasS9qiakZDuHZ9GZksIqJZWMxjvRhne1RUe/5sQ
WY/S9CNFXmTs+VXWryNElrjABlq8+NdiPpG3ArPC4oURkkMyFfUfgi6C/8EfOkkpoW0pXd
SZKX5vnmMlTnD+xkiUvqQneKH32jHAcD6Hydn74RckwB88MSUnBHm0MiIE402wVHl8EVIF
Jg4S8zXFM54frcHSQekza2ejCIOEMb20LTkYr1ZwSjObZgVfVTEDKvu+NDamQLBzFU4fgd
H6CYw63iyk01dMgzEQc3ak6KzAGcASgkDb1ZqKfcFK/gfmZQVeZURWUd5NnMLA0NOBAAAA
wQCwgIYtWiIqmeo5ix421znPfmx/Q3c7F6tqr3YQq35DebKfEpn8ncOB9YdnxvHiK/4zUB
9on5KUWankgW6BeHHt5NSJTN4xCImAFiX+DCqPHx65k3d6kjJ6fDwN37dAIlOPhnMF8DIU
wzQBxiopPYxk1OR/+h4mloo0YiCmWFur1VeHenRtH12xemJYKbi8HTesyrS6D83KnCkQ/q
XDLWAdGuNrTwASLPN5JEQo3k0gyUD1LdAdDkRXYw6fb+JnXM4AAADBAPbe12EkZRcqENjF
rRn94532xj3hpQEr1f3cqzNgg/WaWAbHRE6XQLj1BkopIkmgaZCsgs7rwRz7A0+I4ZtKCI
z2B1u0KulZ4vIVDyPxM2MDpRJE4UB+1AL1RnPAFXdEgzoIq8aT/yZ/q/0kJWeWhUsaltz3
trEuYSGaBpkWiK8rwflIluPVXaUuaXwonI3CRBcbo1Ji5g7+0Nsde9SbmFAmLNuOy3jEcB
KVqYQ+qxKzvtRXWzpeSezxbQ0fRr+1XwAAAMEA5ATl3begD+KmPX6bXGvCJeXr5xIqPSyD
BrBv0nZNs23uRJ96+VknNdkHY2EpSrnN+dXEbDRX/mBcam8aO/yC97u++M8M3Ctike0UJ5
mMFk1z5NdVbXGUWXtyXkey53fC1JEW8VNRCm4SAoPKivbr531LiEr48GX07uCF+1AjZBCr
B8a7gVL0xMOTeKDXqoUFBIYlGnu3/xvTrqGs1Zwvi2FpGw5HNQrPzqT0975sR2aZWz4xRG
BLtFVRtR9p8HoxAAAAJWFuc2libGUtZ2VuZXJhdGVkIG9uIE5vZGUzLndlc3Rvcy5vcmcB
AgMEBQ==
-----END OPENSSH PRIVATE KEY-----
[root@Node1 .ansible]# ansible all -m shell -a "cat /home/TestBench/.ssh/id_rsa.pub"
172.25.254.237 | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDb4zD5CAwVL1oKmE8fjdzkmCUG52qBGjyy09eyo4qXs4FaqTb1wEem8lcUmM7CdQjqC7AGhhkFGuLQ6DtUA26aEx983HK2azbhYkFLYc3MmdR5Q25H8EOtNtpOgRXjyIi4zuLd9IN9DPxUg0G7S/fRJnuePA/R7/w1ReGgl241Nr3NYlVndsWbOwxhzjk8Iont1hZH4TZYUD7NdhrB+BiNp5+6LKu3+6QPo5SGjlMeOXoug6Ni5e2m1vadHRrJDrdbkUE7sVaRJT17puZTWsVRLh28d/LNqj2YkEWKS5crqfhJMcdm/CMCxEncW7ApML6Xhewd2TYssJdJf6q3911r82eyKl9I7KAfdd88YZbO35fFBJZ4Uep41mj0m9RDmprfiEyQK6pVhSCyEF3JmQ4zwdl5SYQAmq7NIXjn7kuEI7Yy/ILfHQTe5XdsyDrJf2Qa7URowH8TxWJFRpRQ7f7zoIqRxzOxjIVD2s8ColBpKvr9Ozag3DuCWfmBUucw/S8= ansible-generated on Node3.westos.org
172.25.254.137 | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvslbIRt7OJy+4vmhETBDmsWpaSh946Ra22RtqnF+v/R18RGpjGhFU59rDaKo/blY81daSKtvGZ/syHOzfkUQwVrhXQ4ogEiBJSklyLw8d6s+633muz9NH/ZVVIOuZHgbPpTTwQkIB8NU0qrypq/GODBt7VJpKjbfvUFiltClrr7r2eusVCCYNUdkT83NjzZ1xrXLgbO+PD7kfwQO/ewIlsAQtg8Lpjv+Hub1UwB7cfMKUY5V8F4dtBHz+JxuLMCH3HoInk0mKW+5s5Lk7DzbpBmwuev9Xvclzpb9X0FNUyFayoreaPPlbLIxShhdegI6ksway6eAQh9JuVyKVjvcNvjc4SZBe/OImzJ5Pybmdl0e1NhNlowYvkdXxiEzN+xoJV49FbBug5y2C0LuQOEQaWANabdOI6k0AkCmWdpjoioKoEtDTZmSFvfj8N1uKiZWRlP4bZmz5/q4fAW+5quDfn//mKdoXd26cjq+G8QFKMD36n5NhuHDuKoZPlU0AmVk= ansible-generated on Node2.westos.org
##删除测试用账户,同时删除其家目录
[root@Node1 .ansible]# ansible all -m user -a "name=TestBench remove=yes state=absent"
172.25.254.237 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"force": false,
"name": "TestBench",
"remove": true,
"state": "absent"
}
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"force": false,
"name": "TestBench",
"remove": true,
"state": "absent"
}
[root@Node1 .ansible]# ansible all -m group -a "name=TestBench state=absent"
172.25.254.237 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"name": "TestBench",
"state": "absent"
}
172.25.254.137 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"name": "TestBench",
"state": "absent"
}
- Lineinfile
path ##指定要操作的文件
line ##指定文本内容
regexp ##使用正则表达式匹配相应的行
##当替换文本时
##如果有多行文本符合条件,只有最后一行会被替换
##但当删除文本时
##如果有多行文本都能被匹配,均会被删除
state ##当想要删除对应的文本时需要将state参数设置为absent
##默认为present
##present 添加
##absent 删除
backrefs ##当内容无匹配规则时不对文件做任何更改
##默认值为no
##用于向后引用regexp变量信息
insertafter ##将文本插入到指定的行之后
##insertafter参数的值可以使用EOF或正则表达式
##EOF表示文件末尾
insertbefore ##将文本插入到指定的行之前
##insertbefore参数的值可以使用BOF或正则表达式
backup ##是否在修改文件之前对文件进行备份
create ##当要操作的文件不存在时,是否创建对应的文件
##实例
vim /mnt/Test
Hello World
Hello Test
Hello Linux
ansible all -m lineinfile -a 'path=/mnt/Test line="Hello World"'
ansible all -m lineinfile -a 'path=/mnt/Test regexp="^Test" line="Test Word"'
ansible all -m lineinfile -a 'path=/mnt/Test regexp="(H.{4}).*(T.{3})" line="\1" backrefs=yes'
ansible all -m lineinfile -a 'path=/mnt/Test line="########END########" insertafter=EOF'
ansible all -m lineinfile -a 'path=/mnt/Test line="########BEGIN########" insertbefore=BOF'
[root@Node1 .ansible]# ansible 172.25.254.137 -m shell -a "touch /mnt/Test"
[WARNING]: Consider using the file module with state=touch rather than running
'touch'. If you need to use command because file is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
172.25.254.137 | CHANGED | rc=0 >>
[root@Node1 .ansible]# ansible 172.25.254.137 -m lineinfile -a 'path=/mnt/Test line="########END########" insertafter=EOF'
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@Node1 .ansible]# ansible 172.25.254.137 -m lineinfile -a 'path=/mnt/Test line="########BEGIN########" insertbefore=BOF'
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@Node1 .ansible]# ansible all -m lineinfile -a 'path=/mnt/Test regexp="(H.{4}).*(T.{3})" line="\1" backrefs=yes'
172.25.254.237 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "Destination /mnt/Test does not exist !",
"rc": 257
}
172.25.254.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
- Replace
##作用
根据指定的正则表达式替换文件中的字符串,所有被匹配的字符串都会被替换
与lineinfile不同的是只替换匹配部分而不是处理整行
##常用参数
path ##指定要操作的文件
regexp ##指定一个正则表达式
##文件中与正则匹配的字符串都会被替换
replace ##指定最终要替换成的字符串
backup ##是否在修改文件之前对文件进行备份,最好设置为yes
##实例
ansible all -m replace -a 'path=/mnt/Test regexp="World" replace="Word" backup=yes'
- Setup
##作用
用于收集远程主机的一些基本信息
##常用参数
filter ##用于进行条件过滤.
##如果设置,仅返回匹配过滤条件的信息
##实例
ansible all -m setup
ansible all -m setup -a "filter='ansible_all_ipv4_addresses'"
- Debug
##作用
用于在调试中输出信息
##常用参数
msg: ##调试输出的信息
var: ##将某个任务至性的输出作为变量传递给debug模块
##debug会直接将其打印输出
verbosity: ##debug的级别
##默认为0级,全部显示
##等级越高,显示的越少
##实例
ansible all -m debug -a 'msg="Hello World" verbosity=0'