ansibel文件管理常用模块
ansible的文件管理模块有很多,下面简介常见的几个文件管理模块
blockinfile(修改文件自动加注释)
在文件中插入内容的时候,可以自动为修改处的前后加上注释
playbook示例:
---
- name:
hosts: all
remote_user: devops
tasks:
- name: 在插入行的前后添加注释
blockinfile:
path: /home/devops/users.txt
block: 这是blockinfile插入测试
state: present
运行效果
[root@servera devops]# cat users.txt
匹配行之前插入
lininfile模块测试
匹配行之后插入的内容
# BEGIN ANSIBLE MANAGED BLOCK
这是blockinfile插入测试
# END ANSIBLE MANAGED BLOCK
copy(推送文件)
从控制主机上推送文件到被控主机上
---
- name: 测试2
hosts: all
remote_user: root
tasks:
- name: copy模块测试
copy:
src: files/users.txt
dest: /home/devops/users.txt
owner: devops
group: devops
mode: u+w,g-wx,o-rwx
setype: samba_share_t # 设置SELinux安全上下文
示例1: 修改sudoers配置
- name: 修改sudoers以允许webadmin组免密sudo
copy:
content: "%wenadmin ALL=(ALL) NOPASSWD: ALL"
dest: /etc/sudoers.d/webadmin
mode: 0440
执行结果
fetch(拉取文件)
从被控制主机拉取文件到控制主机上
---
- name: 文件模块练习
hosts: all
remote_user: root
tasks:
- name: 拉取文件
fetch:
src: /var/log/secure
dest: secure-backups
flat: no # 以树状结构显示文件
以树状结构存储拉取到的文件
file(创建删除文件目录)
可以创建删除文件/目录
修改文件属性
可以检查文件/目录是否存在
file模块删除文件
- name: 删除文件
file:
dest: /path/to/file
state: absent
file模块设置文件的SELinux上下文
---
- name: file模块设置SELinux的缺省安全上下文
hosts: all
remote_user: root
tasks:
- name: 设置文件的SELinux
file:
path: /home/devops/users.txt
seuser: _default
serole: _default
setype: _default
selevel: _default
lineinfile(类似sed功能)
能针对文件的操作单位是行
在文本中当中的某一行插入文件
支持正则表达式
---
- name: lineinfile
hosts: all
remote_user: devops
tasks:
- name: liinfile_test
lineinfile:
path: /home/devops/users.txt
line: lininfile模块测试
state: present # 保证文件中有这一行内容
查看文件中是否有这一行内容
执行剧本后查看文件内容已经添加这一行内容
lineinfile永久修改SELinux的状态
---
- name: 文本替换演示
hosts: all
remote_user: root
tasks:
- name: 永久修改SELinux的状态
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=enforcing
修改sshd_cofnig禁止root登录
---
- name: 创建用户练习
hosts: all
vars_files:
- vars/users_vars.yml
tasks:
- name: 创建用户组
group:
name: webadmin
state: present
- name: 创建用户
user:
name: "{{ item.username }}"
groups: webadmin
loop: "{{ users }}"
- name: 复制公钥
authorized_key:
user: "{{ item.username }}"
state: present
key: "{{ lookup('file','files/'+ item.username + '.key.pub') }}"
loop: "{{ users }}"
- name: 修改sudoers以允许webadmin组免密sudo
copy:
content: "%webadmin ALL=(ALL) NOPASSWD: ALL"
dest: /etc/sudoers.d/webadmin
mode: 0440
- name: 关闭root的远程登录
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^PermitRootLogin"
line: "PermitRootLogin no"
notify: Restart sshd
handlers:
- name: Restart sshd
service:
name: sshd
state: restarted
lineinfile在内容前插入文本
---
- name: 在匹配到的行之前插入
hosts: all
remote_user: root
tasks:
- name: 在匹配行之前插入内容
lineinfile:
path: /home/devops/users.txt
insertbefore: '^lininfile'
line: 匹配行之前插入
运行效果
[root@servera devops]# cat users.txt
匹配行之前插入
lininfile模块测试
匹配行之后插入的内容
lineinfile在内容后插入文本
---
- name: 在匹配到的行之后插入
hosts: all
remote_user: root
tasks:
- name: 在匹配行之后插入内容
lineinfile:
path: /home/devops/users.txt
insertafter: 'lininfile模块测试'
line: 匹配行之后插入的内容
运行效果
[root@servera devops]# cat users.txt
lininfile模块测试
匹配行之后插入的内容
stat(显示文件状态信息)
和Linux的stat目录功能一样
查看文件的校验值
- name: 查看文件的校验值
stat:
pat: /path/fo/file
checksum_algorithm: md5 # 校验算法
register: result
- debug:
msg: " 文件的校验值是 {{ result.checksum }} "
synchronize(rsync文件同步/异步)
和Linux的rsync/scp功能一样
同步本地文件到远程主机
- name: 同步本地文件到远程主机
synchronize:
src: /localdir/file
dest: /path/to/file
第十题:修改文件内容
---
- name: edit file content
hosts: all
tasks:
- name: one
copy:
content: "Development"
dest: /etc/issue
# 如果主机在dev组中
when: "inventory_hostname in groups.dev"
- name: two
copy:
content: "Test"
dest: /etc/issue
when: "inventory_hostname in groups.test"
- name: three
copy:
content: "Production"
dest: /etc/issue
when: "inventory_hostname in groups.prod"
第十一题:创建web内容目录
---
- name: 创建web内容目录
hosts: dev
tasks:
- name: 创建目录
file:
path: /webdev
state: directory
group: webdev
mode: "2775"
setype: "httpd_sys_content_t"
- name: 创建软链接
file:
src: /webdev
dest: /var/www/html/webdev
state: link
- name: set web content
copy:
content: Development
dest: /webdev/index.html
setype: "httpd_sys_content_t"
- name: start httpd service
service:
name: httpd
state: started
enabled: yes
- name: 设置防火墙规则
firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
第十二题:生成硬件报告
playbook
---
- name: create hw report
hosts: all
vars:
hw:
- hw_name: HOST
hw_info: "{{ ansible_hostname }}"
- hw_name: MEM
hw_info: "{{ ansible_memtotal_mb }}"
- hw_name: BIOS_VERSION
hw_info: "{{ ansible_bios_version }}"
- hw_name: DISK_SIZE_VDA
hw_info: "{{ ansible_devices.vda.size | default('NONE',true) }}"
- hw_name: DISK_SIZE_VDB
hw_info: "{{ ansible_devices.vdb.size | default('NONE',true) }}"
tasks:
- name: get hw report
get_url:
url: http://rhgls.domainx.example.com/materials/hwreport.empty
dest: /root/hwreport.txt
- name: set hw report content
lineinfile:
path: /root/hwreport.txt
#regexp: "^{{ item.hw_name }}="
line: "{{ item['hw_name'] }}={{ item['hw_info'] }}"
loop: "{{ hw }}"