ansible常用模块应用
1.shell 和command
- command和shell模块的区别
- command模块的命令不启动shell,是通过ssh执行命令的
- command不支持bash特性,如管道和重定向
- 需要shell完成的command都做不了
##用command模块不会开启bash解释器,所以管道之类的不能用
[root@centos7 ansible]# ansible test-yunwei -m command -a "ps >test.txt"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7-mini02 | FAILED | rc=1 >>
error: garbage option
Usage:
ps [options]
Try 'ps --help <simple|list|output|threads|misc|all>'
or 'ps --help <s|l|o|t|m|a>'
for additional help text.
For more details see ps(1).non-zero return code
centos7-mini01 | FAILED | rc=1 >>
error: garbage option
###用shell测试一下,调用shell模块
[root@centos7 ansible]# ansible test-yunwei -m shell -a 'ps > /root/test.txt'
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7-mini01 | CHANGED | rc=0 >>
centos7-mini02 | CHANGED | rc=0 >>
centos7 | CHANGED | rc=0 >>
[root@centos7 ansible]# ansible test-yunwei -m shell -a 'ls -l /root/test.txt'
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7-mini01 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 145 4月 15 03:28 /root/test.txt
centos7 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 145 4月 15 15:28 /root/test.txt
centos7-mini02 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 145 4月 15 03:28 /root/test.txt
2.shell模块
2.1 shell模块之chdir
###########################
#进入目录创建文件
[root@centos7 ansible]# ansible test-yunwei -m shell -a "chdir=/tmp touch 666.txt 777.txt 888.txt"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
[WARNING]: Consider using the file module with state=touch rather than running 'touch'.
If you need to use command because file is insufficient you can add 'warn: false' to
this command task or set 'command_warnings=False' in ansible.cfg to get rid of this
message.
centos7-mini02 | CHANGED | rc=0 >>
centos7-mini01 | CHANGED | rc=0 >>
centos7 | CHANGED | rc=0 >>
2.2 shell模块之create
- creates文件名:文件存在,不执行shell命令
- removes文件名:文件不存在,不执行命令
##########################################
#判断~/.ssh/id_rsa存在吗,存在的话不执行,不存在的话生成秘钥
[root@centos7 ansible]# ansible test-yunwei -m shell -a "ssh-keygen -f ~/.ssh/id_rsa -N '' creates=~/.ssh/id_rsa"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7 | SUCCESS | rc=0 >>
skipped, since /root/.ssh/id_rsa exists
centos7-mini01 | SUCCESS | rc=0 >>
skipped, since /root/.ssh/id_rsa exists
centos7-mini02 | CHANGED | rc=0 >>
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:A0SrvTwDjW57+0b1gIIsg/EzMXlyXUIQ+iM5uL/20Xc root@centos7-mini02
The key's randomart image is:
+---[RSA 2048]----+
| .o*=.. |
|. =.o..o |
| +.B .o . |
|..*oo=... o |
|. +=* o.S. o |
| . + = ... . |
|. + *.. E |
| ... o.+.. |
| .ooo..+. |
+----[SHA256]-----+
3. script模块
- script允许在本地写脚本,拷贝到被管理端并执行脚本
- 脚本不是shell脚本的话,可以没有执行权限(如python)
#script模块作用:把test.sh脚本拷贝到远程主机并执行
#把这个脚本拷贝到了远程主机的哪里了呢,拷贝到了远程主机的临时目录,执行完就删除了,ansible配置文件是这么说的"#remote_tmp = ~/.ansible/tmp"
[root@centos7 ansible]# ansible all -m script -a "./test.sh"
4. file模块
- 可以创建文件、目录、链接、修改权限、属性等
4.1 file模块创建文件
###创建文件
[root@centos7 ansible]# ansible all -m file -a "path=/tmp/file.txt state=touch"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/tmp/file.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
4.2 file模块创建目录
###创建目录
[root@centos7 ansible]# ansible all -m file -a "path=/tmp/mydir state=directory"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/mydir",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
4.3 file模块修改权限
###修改权限
[root@centos7 ansible]# ansible all -m file -a "path=/tmp/mydir owner=sshd group=adm mode=777"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 4,
"group": "adm",
"mode": "0777",
"owner": "sshd",
"path": "/tmp/mydir",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 74
}
4.4 file模块删除文件
###删除文件
[root@centos7 ansible]# ansible all -m file -a "path=/tmp/mydir state=absent"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/tmp/mydir",
"state": "absent"
}
4.5 file模块创建链接文件
###源文件是src,给谁创建快捷方式,给src=/etc/hosts创快捷方式
[root@centos7 ansible]# ansible all -m file -a "src=/etc/hosts path=/tmp/host.txt state=link"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/tmp/host.txt",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 10,
"src": "/etc/hosts",
"state": "link",
"uid": 0
}
5. copy模块
5.1 有源文件的copy
###src源文件,dest目标主机位置
###
###如果把源文件的内容修改过了,在执行一次命令才会拷贝,否则在执行命令的时候,虽然显示的是成功了,但是没有重新拷贝
[root@centos7 ansible]# ansible all -m copy -a "src=/root/test66.txt dest=/root"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"checksum": "e50cd9d03ee5f295d1e938ce5b086b355cba3bec",
"dest": "/root/test66.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/root/test66.txt",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 5,
"state": "file",
"uid": 0
}
5.2 无源文件的copy
[root@centos7 ansible]# ansible all -m copy -a "content='hello word\ntest' dest=/root/test.txt"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7-mini01 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "7300ec19dfa2f1256aaceccb1a0aa916c75e03b0",
"dest": "/root/test.txt",
"gid": 0,
"group": "root",
"md5sum": "148dea32b88706f1c1f31832bd1db60f",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 15,
"src": "/root/.ansible/tmp/ansible-tmp-1618482627.69-29153-236231197182196/source",
"state": "file",
"uid": 0
}
[root@centos7-mini01 ~]# cat test.txt
hello word
test
6.fetch模块
- 将远程50台机器的日志拷贝到控制主机上
- 与copy相似,但是作用相反
###远程主机的/etc/hostname拷贝到控制主机上,我们拷贝远程主机上的日志的时候,由于名字都是一样的,所以拷贝到控制机上默认会创建一个目录,目录名字是远程主机的主机名,将拷贝过来的东西就放在了这个目录下
[root@centos7 ansible]# ansible all -m fetch -a "src=/etc/hostname dest=/root"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7 | CHANGED => {
"changed": true,
"checksum": "628e3290ed8ba31033265bf22a6943e862edd225",
"dest": "/root/centos7/etc/hostname",
"md5sum": "8f98d30d9103ed428293d08d3c3a717c",
"remote_checksum": "628e3290ed8ba31033265bf22a6943e862edd225",
"remote_md5sum": null
}
[root@centos7 ~]# ls centos7-mini01/etc/hostname
centos7-mini01/etc/hostname
7. lineinfile和replace模块
- 修改单个文件的单行内容时可以使用lineinfile模块
[root@centos7 ~]# ansible all -m lineinfile -a "path=/etc/issue line='hello world'"
172.16.134.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@centos7 ~]# cat /etc/issue
\S
Kernel \r on an \m
hello world
###上述同样的命令,再次执行的话是不会成功的,就是没有做操作(幂等性)
- 替换
###将文件中所有的Kernel替换为Ocen
[root@centos7 ~]# cat /etc/issue.net
\S
Kernel \r on an \m
[root@centos7 ~]# ansible all -m replace -a "path=/etc/issue.net regexp=Kernel replace=Ocen"
172.16.134.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "1 replacements made"
}
[root@centos7 ~]# cat /etc/issue.net
\S
Ocen \r on an \m
8. user模块
- 实现linux系统账户管理
8.1 创建用户natasha
###创建用户娜塔莎
[root@centos7 ~]# ansible test -m user -a "name=natasha"
172.16.134.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1001,
"home": "/home/natasha",
"name": "natasha",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1001
}
8.2 创建tom用户并指定属性
[root@centos7 ansible]# ansible all -m user -a "name=tom uid=501 group=adm groups=daemon,root home=/home/tom"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7-mini01 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 4,
"groups": "daemon,root",
"home": "/home/tom",
"name": "tom",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 501
}
[root@centos7 ansible]# id tom
uid=501(tom) gid=4(adm) 组=4(adm),0(root),2(daemon)
8.3 修改用户密码
###特定的格式password={{'abc'|password_hash('sha512')}}
###如果没有使用加密的话,账号会登录失败
[root@centos7 ansible]# ansible all -m user -a "name=natasha password={{'abc'|password_hash('sha512')}}"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": true,
"comment": "",
"group": 1001,
"home": "/home/natasha",
"move_home": false,
"name": "natasha",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 1001
}
8.4 删除账户natasha
###仅仅把账户删除了
[root@centos7 ansible]# ansible all -m user -a "name=natasha state=absent"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7-mini02 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "natasha",
"remove": false,
"state": "absent"
}
8.5 删除账户tom连同家目录邮箱等
[root@centos7 ansible]# ansible all -m user -a "name=tom state=absent remove=true"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "tom",
"remove": true,
"state": "absent"
}
9. yum_repository模块
9.1 配置yum源文件
###写配置文件
[root@centos7 ansible]# ansible all -m yum_repository -a "name=myyum description='hello world' baseurl=file:///mnt gpgcheck=0 enabled=1"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"repo": "myyum",
"state": "present"
}
###生成的文件如下
[root@centos7 ansible]# cat /etc/yum.repos.d/myyum.repo
[myyum]
baseurl = file:///mnt
enabled = 1
gpgcheck = 0
name = hello world
9.2 修改yum源文件
###修改描述和签名检查
[root@centos7 ansible]# ansible all -m yum_repository -a "name=myyum description=test66 baseurl=file:///mnt gpgcheck=0 enabled=0"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7-mini01 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"repo": "myyum",
"state": "present"
}
###检查后文件如下
[root@centos7 ansible]# !cat
cat /etc/yum.repos.d/myyum.repo
[myyum]
baseurl = file:///mnt
enabled = 0
gpgcheck = 0
name = test66
9.3 删除yum源文件
###删除完之后,就没有myyum.repo这个文件了
[root@centos7 ansible]# ansible all -m yum_repository -a "name=myyum state=absent"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to
see details
centos7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"repo": "myyum",
"state": "absent"
}
10. yum模块
-
yum模块安装、卸载、升级
-
state状态有:
present(安装)、absent(卸载)、latest(升级)
10.1 安装软件包
###安装unzip软件包
[root@centos7 ansible]# ansible all -m yum -a "name=unzip state=present"
10.2 升级软件包
###升级软件包
[root@centos7 ansible]# ansible all -m yum -a "name=unzip state=latest"
[root@centos7 ansible]# ansible all -m yum -a "name=* state=latest"
10.3 卸载软件包
###卸载软件包
[root@centos7 ansible]# ansible all -m yum -a "name=unzip state=absent"
11. service模块
- service服务管理模块
- state:started|stopped|restarted
- enabled:yes设置开机启动
###安装
[root@centos7 ansible]# ansible all -m yum -a "name=httpd state=present"
###启动
[root@centos7 ansible]# ansible all -m service -a "name=httpd state=restarted"
###开机自启
[root@centos7 ansible]# ansible all -m service -a "name=httpd state=restarted enabled=yes"
588
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
