ansible常用模块
ansible常用模块的使用
1. 万能模块之command模块、shell模块、raw模块
除了需要交互的命令以外,几乎所有命令都可以执行,但不具备幂等性
1.1 command模块
command模块用于在远程主机上执行命令,ansible默认就是使用command模块。
不支持管道符和重定向
//查看受控主机的/tmp目录内容
[root@node ~]# ls /tmp/
[root@node ~]# rm -rf /tmp/*
//在受控主机的/tmp目录下新建一个文件wjj,command模块不支持管道符,不支持重定向
[root@wjj ansible]# ansible all -a 'echo "hello world" > /tmp/wjj'
192.168.47.223 | CHANGED | rc=0 >>
hello world > /tmp/wjj
[root@node ~]# ls /tmp/
[root@wjj ansible]# ansible all -a "df -h|awk '{print $4}'"
192.168.47.223 | FAILED | rc=1 >>
df:无效选项 -- |
Try 'df --help' for more information.non-zero return code
//查看主机名
[root@wjj ansible]# ansible all -m command -a 'hostname'
192.168.47.223 | CHANGED | rc=0 >>
node
[root@wjj ansible]# ansible all -a 'hostname'
192.168.47.223 | CHANGED | rc=0 >>
node
// -o执行出来的命令在一行显示
[root@wjj ansible]# ansible all -m command -a 'hostname' -o
192.168.47.223 | CHANGED | rc=0 | (stdout) node
1.2 shell模块
shell模块用于在受控机上执行受控机上的脚本,亦可直接在受控机上执行命令。
支持管道与重定向
注意:
尽量少用shell,只有当command不能够实现你的功能,或者说你要完成的事情里面必须需要用到管道符或重定向的时候才用到shell模块
[root@node tmp]# vi wjj.sh
#!/bin/bash
echo "hello world"
[root@node tmp]# chmod +x wjj.sh
[root@node tmp]# ll
-rwxr-xr-x. 1 root root 32 7月 18 16:26 wjj.sh
[root@wjj ansible]# ansible all -m shell -a '/tmp/wjj.sh'
192.168.47.223 | CHANGED | rc=0 >>
hello world
[root@wjj ansible]# ansible all -m shell -a 'echo "wangjingjing" > /tmp/wjj'
192.168.47.223 | CHANGED | rc=0 >>
[root@node tmp]# cat wjj
wangjingjing
[root@wjj ansible]# ansible all -m shell -a 'ls /root|grep core.2580'
192.168.47.223 | CHANGED | rc=0 >>
core.2580
1.3 raw模块
raw模块用于在远程主机上执行命令
支持管道符与重定向
注意:
只有shell和command模块都不能用的时候才用raw模块
但是如果是使用老版本python,需要用到raw,又或者是客户端是路由器,因为没有安装python模块,那就需要使用raw模块了
//支持重定向和管道符
[root@wjj ansible]# ansible all -m raw -a 'echo "hello world" > /tmp/wjj'
192.168.47.223 | CHANGED | rc=0 >>
Shared connection to 192.168.47.223 closed.
[root@node tmp]# cat wjj
hello world
[root@wjj ansible]# ansible all -m raw -a 'df -h|awk "{print $4}"'
192.168.47.223 | CHANGED | rc=0 >>
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/centos-root 50G 4.7G 46G 10% /
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 21M 1.9G 2% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/sda1 1014M 170M 845M 17% /boot
/dev/mapper/centos-home 945G 33M 945G 1% /home
tmpfs 378M 4.0K 378M 1% /run/user/42
tmpfs 378M 40K 378M 1% /run/user/0
/dev/sr0 4.2G 4.2G 0 100% /run/media/root/CentOS 7 x86_64
Shared connection to 192.168.47.223 closed.
2. ping模块
ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong
步骤一:ping之前需要在安装了ansible的主机上修改配置
[root@wjj ~]# visudo //权限委派,wjj这个用户权限,而且不要密码
##Allow root to run any commands anywhere
root ALL=(ALL) ALL
wjj ALL=(ALL) NOPASSWD: ALL
[root@wjj ansible]# vim ansible.cfg
[privilege_escalation]
become=True //去掉注释
become_method=sudo
become_user=root
become_ask_pass=False
[root@wjj ansible]# vim inventory
[webservers]
192.168.47.223 ansible_user=root ansible_password=1 //受控节点
步骤二:在2台主机都需要做免密登录
[root@wjj ~]# ssh-keygen //一直回车
[root@wjj ~]# ssh-copy-id 192.168.47.222
[root@wjj ~]# ssh-copy-id 192.168.47.223
受控节点:
[root@node ~]# ssh-keygen //一直回车
[root@node ~]# ssh-copy-id 192.168.47.223
[root@node ~]# ssh-copy-id 192.168.47.222
步骤三:ping192.168.47.223或localhost
[root@wjj ansible]# ansible all -m ping
192.168.47.223 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@wjj ansible]# ansible localhost -m ping
localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}
3. script模块
script模块用于在受控机上执行主控机上的脚本
[root@wjj ansible]# mkdir /scripts
[root@wjj ansible]# cd /scripts/
[root@wjj scripts]# ls
[root@wjj scripts]# vim wjj.sh
#!/bin/bash //脚本第一行必须是#!/bin/bash
df -h
[root@wjj scripts]# chmod +x /scripts/wjj.sh //给脚本执行权限
[root@wjj scripts]# ll /scripts/wjj.sh
-rwxr-xr-x. 1 root root 19 7月 18 02:25 /scripts/wjj.sh
[root@wjj scripts]# ansible all -m script -a '/scripts/wjj.sh' //直接写脚本的绝对路径
192.168.47.223 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.47.223 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.47.223 closed."
],
4. template模块
template模块用于生成一个模板,并可将其传输至远程主机上
[root@wjj ansible]# ansible all -m template -a 'src=/etc/ansible/inventory dest=/tmp/inventory'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "36aee6dff6646a57be590dec1aaaeb4437db66ad",
"dest": "/tmp/inventory",
"gid": 0,
"group": "root",
"md5sum": "7f1cfb9fc4347b8f71566bcd48174577",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 67,
"src": "/root/.ansible/tmp/ansible-tmp-1626546953.33-47785-122603767253301/source",
"state": "file",
"uid": 0
}
[root@node tmp]# ls
abc inventory wjj wjj.sh
5. copy模块
用于复制文件至远程受控机
[root@wjj ansible]# ansible all -m copy -a 'src=/etc/ansible/ansible.cfg dest=/tmp/'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "4c640fceb0d031b5529c8417d97edc09e56d80e0",
"dest": "/tmp/ansible.cfg",
"gid": 0,
"group": "root",
"md5sum": "2fd0ce5c9e00d16dc17aa8d12a4abd3c",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 20021,
"src": "/root/.ansible/tmp/ansible-tmp-1626547206.1-52705-160926284258454/source",
"state": "file",
"uid": 0
}
[root@node tmp]# ls
abc ansible.cfg inventory wjj wjj.sh
6. group模块&user模块
group模块用于在受控机上添加或删除组。
//创建组
[root@wjj ~]# ansible all -m group -a 'name=wjj110 state=present gid=960 system=yes'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 960,
"name": "wjj110",
"state": "present",
"system": true
}
//删除组
[root@wjj ~]# ansible all -m group -a 'name=wjj110 state=absent'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "wjj110",
"state": "absent"
}
//创建用户并指定组
[root@wjj ansible]# ansible all -m user -a 'name=wjj110 state=present uid=960 group=wjj110 system=yes create_home=no'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 960,
"home": "/home/wjj110",
"name": "wjj110",
"shell": "/bin/bash",
"state": "present",
"system": true,
"uid": 960
}
[root@node tmp]# id wjj110
uid=960(wjj110) gid=960(wjj110) 组=960(wjj110)
[root@node tmp]# grep wjj110 /etc/passwd
wjj110:x:960:960::/home/wjj110:/bin/bash
//设置登录shell
[root@wjj ansible]# ansible all -m user -a 'name=wjj110 state=present uid=960 group=wjj110 system=yes create_home=no shell=/sbin/nologin'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": true,
"comment": "",
"group": 960,
"home": "/home/wjj110",
"move_home": false,
"name": "wjj110",
"shell": "/sbin/nologin",
"state": "present",
"uid": 960
}
//删除用户,在删除用户的同时把它的家目录也删除
[root@node tmp]# ll /home/
总用量 0
drwx------. 5 wjj wjj 106 7月 18 14:59 wjj
[root@wjj ansible]# ansible all -m user -a 'name=wjj state=absent remove=yes'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "wjj",
"remove": true,
"state": "absent"
}
[root@node tmp]# id wjj
id: wjj: no such user
[root@node tmp]# ll /home/
总用量 0
7.file模块
设置文件的权限和其他属性
可以用来设置文件的权限、改文件的属主、设置所有者和所有主、创建空文件、创建空目录等,只要是跟文件有关的功能,它都可以使用
touch //创建空文件
//创建一个wjj文件
[root@wjj ansible]# ansible all -m file -a 'path=/tmp/wjj state=touch'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/tmp/wjj",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
[root@node tmp]# ll /tmp/
总用量 0
-rw-r--r--. 1 root root 0 7月 18 18:55 wjj
[root@wjj ansible]# ansible all -m file -a 'path=/tmp/wjj state=touch'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/tmp/wjj",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
[root@node tmp]# ll /tmp/
总用量 0
-rw-r--r--. 1 root root 0 7月 18 18:58 wjj
directory //创建目录
[root@wjj ansible]# ansible all -m file -a 'path=/tmp/jj state=directory'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/jj",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
link //软链接
[root@wjj ansible]# ansible all -m file -a 'path=/tmp/wj src=/tmp/jj state=link'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/tmp/wj",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 7,
"src": "/tmp/jj",
"state": "link",
"uid": 0
}
hard //硬链接(只有文件才能做硬链接,目录不可以)
[root@wjj ansible]# ansible all -m file -a 'path=/tmp/jj src=/tmp/wjj state=hard'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/tmp/jj/wjj",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 0,
"src": "/tmp/wjj",
"state": "hard",
"uid": 0
}
absent //删除
[root@wjj ansible]# ansible all -m file -a 'path=/tmp/wjj state=absent'192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/tmp/wjj",
"state": "absent"
}
file //修改文件(文件必须存在)
[root@wjj ansible]# ansible all -m file -a 'path=/tmp/jj state=file mode=0755'
8. lineinfile模块
确保特定行是否在文件中
//把selinux状态修改成disabled状态
[root@wjj ansible]# ansible all -m lineinfile -a 'path=/etc/selinux/config regexp="^SELINUX=" line="SELINUX=disabled"'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
//把文件里面的某一行删除
[root@node ~]# cat /tmp/wjj
hello world
jj
wjj
[root@wjj ansible]# ansible all -m lineinfile -a 'path=/tmp/wjj regexp="^jj" state=absent'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"found": 1,
"msg": "1 line(s) removed"
}
[root@node ~]# cat /tmp/wjj
hello world
wjj
//把以wj开头的删了
```bash
[root@node ~]# cat /tmp/wjj
hello world
wj
wj
wj
[root@wjj ansible]# ansible all -m lineinfile -a 'path=/tmp/wjj regexp="^wj" state=absent'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"found": 1,
"msg": "1 line(s) removed"
}
[root@node ~]# cat /tmp/wjj
hello world
wj
wj
//把所有匹配到的关键字删除
[root@wjj ansible]# ansible all -m lineinfile -a 'path=/tmp/wjj regexp="wj" state=absent'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"found": 2,
"msg": "2 line(s) removed"
}
[root@node ~]# cat /tmp/wjj
hello world
//在关键字那行的后面加内容
[root@wjj ansible]# ansible all -m lineinfile -a 'path=/tmp/wjj insertafter="^bu" line="80"'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@node ~]# cat /tmp/wjj
hello world
wo
bu
80
xiang
xie
//修改关键字
[root@node ~]# cat /tmp/wjj
hello world
wjj
80
wj
wjj
[root@wjj ansible]# ansible all -m lineinfile -a 'path=/tmp/wjj insertafter="wjj" regexp="wjj" line="80"'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
[root@node ~]# cat /tmp/wjj
hello world
wjj
80
wj
80
//替换指定的内容
[root@wjj ansible]# ansible all -m lineinfile -a 'path=/tmp/wjj insertafter="^wj" regexp="wj" line="wjjj"'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
[root@node ~]# cat /tmp/wjj
hello world
80
80
wjjj
80
8080
//创建一个有内容的文件
[root@wjj ansible]# ansible all -m lineinfile -a 'path=/tmp/abc line="hello world\nwjj\nwjjj" create=yes'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@node tmp]# cat /tmp/abc
hello world
wjj
wjjj
9. yum模块
yum模块用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个:
- name:要安装的包名
- state(状态):要进行的操作
state常用的值: - latest(安装最新):安装软件
- installed(既成事实):安装软件
- present:安装软件
- removed:卸载软件
- absent:卸载软件
若想使用yum来管理软件,请确保受控机上的yum源无异常。
//查询vsftpd包
[root@node tmp]# rpm -qa | grep vsftpd
//安装 用yum和dnf都行
[root@wjj ansible]# ansible all -m dnf -a "name=vsftpd state=present"
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-31.el8.x86_64"
]
}
//查询
[root@node tmp]# rpm -qa | grep vsftpd
vsftpd-3.0.3-31.el8.x86_64
//卸载
[root@wjj ansible]# ansible all -m dnf -a "name=vsftpd state=absent"
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": ""
10. service模块
service模块用于管理受控机上的服务。
//开启服务
[rootwjj ansible]# ansible all -m service -a 'name=vsftpd state=started'
192.168.47.223 | CHANGED => {
"ansible_facts": {
//设置开机自启
[root@wjj ansible]# ansible all -m service -a 'name=vsftpd state=started enabled=yes'
192.168.47.223 | CHANGED => {
"ansible_facts": {
//设置开机不自启
[root@wjj ansible]# ansible all -m service -a 'name=vsftpd state=started enabled=yes'
192.168.47.223 | CHANGED => {
"ansible_facts": {
11. blockinfile模块
blockinfile 模块可以帮助我们在指定的文件中插入”一段文本”,这段文本是被标记过的,也就是,我们在这段文本上做了记号,以便在以后的操作中可以通过”标记”找到这段文本,然后修改或者删除它。
用来在文件中添加、更新、或者删除被标记的文本块
[root@wjj ansible]# ansible all -m blockinfile -a 'path=/tmp/abc block="systemctl start php\nsystemctl start httpd" create=yes'
192.168.47.223 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "Block inserted"
}
扫一扫
184
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
