ansible常用模块
ansible常用模块
1.ping
测试连接可通性,没有参数。通的话返回pong
[root@master ~]# ansible all -m ping
192.168.72.132 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@master ~]#
2.command
官方文档: https://docs.ansible.com/ansible/latest/modules/command_module.html#command-module.
命令模块 适合使用简单的命令 无法支持重定向和管道符
参数 | 释义 |
---|---|
chdir | 在执行命令前,进入到指定目录中 |
creates | 判断指定文件是否存在,如果存在,不执行后面的操作 |
removes | 判断指定文件是否存在,如果存在,执行后面的操作 |
free_from | 必须要输入一个合理的命令 |
[root@master xm]# ansible all -m command -a 'touch xk'
[WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is
insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.72.132 | CHANGED | rc=0 >>
3.raw
raw模块用于在远程主机上执行命令,其支持管道符与重定向
[root@master ansible]# ansible all -m raw -a "echo 'hello world' > /tmp/test"
192.168.72.132 | CHANGED | rc=0 >>
Shared connection to 192.168.72.132 closed.
4.shell
官方文档: https://docs.ansible.com/ansible/latest/modules/shell_module.html#shell-module.
shell 模块用于在控制机上执行管理机上的脚本,自行在控制机上执行命令
//运行脚本把脚本的内容放到etc/abc
[root@master ansible]# ansible all -m shell -a '/bin/bash /root/xk.sh &> /etc/abc'
192.168.72.132 | CHANGED | rc=0 >>
[root@master ansible]#
//查看被控主机
[root@master ansible]# ansible all -m shell -a 'cat /etc/abc'
192.168.72.132 | CHANGED | rc=0 >>
woshishenlongfeitadie
[root@master ansible]#
5.script
script模块用于在受控机上执行主控机上的脚本
[root@master ansible]# ansible all -m script -a '/root/xk.sh &> /opt/abc'
192.168.72.132 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.72.132 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.72.132 closed."
],
"stdout": "",
"stdout_lines": []
}
[root@master ansible]# ansible all -m shell -a 'cat /opt/abc'
192.168.72.132 | CHANGED | rc=0 >>
文件系统 容量 已用 可用 已用% 挂载点
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 9.0M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/rhel-root 46G 1.9G 44G 5% /
/dev/nvme0n1p1 1014M 179M 836M 18% /boot
tmpfs 376M 0 376M 0% /run/user/0
6.template
template模块用于生成一个模板,并可将其传输至远程主机上
//将163.repo传到受控主机
[root@master ansible]# ansible all -m template -a 'src=/etc/yum.repos.d/CentOS-Base.repo dest=/etc/yum.repos.d/163.repo'
192.168.72.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "6becbe5b13718901f66d5885a8a8bd1b8c0ebcb1",
"dest": "/etc/yum.repos.d/163.repo",
"gid": 0,
"group": "root",
"md5sum": "4d6712371ece506540c256da9366ccf9",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:system_conf_t:s0",
"size": 576,
"src": "/root/.ansible/tmp/ansible-tmp-1626594157.460392-94110-171687230263454/source",
"state": "file",
"uid": 0
}
//查看受控主机
[root@node1 yum.repos.d]# ls
163.repo CentOS-Base.repo epel-playground.repo epel-testing-modular.repo redhat.repo
Centos-8.repo epel-modular.repo epel.repo epel-testing.repo
[root@node1 yum.repos.d]#
7.yum
官方文档:https://docs.ansible.com/ansible/latest/modules/yum_repository_module.html#yum-repository-module.
使用yum软件包管理器安装,升级,降级,删除和列出软件包和组
常用参数:
- name:要管理的包名
- state:要进行的操作
- latest:安装软件
- installed:安装软件
- present:安装软件
- removed:卸载软件
- absent:卸载软件
- started:启动服务
- stopped:停止服务
- enabled=yes/no:开机自启
//在受管主机上安装vsftpd
[root@master ~]# ansible all -m yum -a "name=vsftpd state=present"
192.168.72.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-33.el8.x86_64"
]
}
//在受管主机上查看
[root@node1 ~]# rpm -qa | grep vsftpd
vsftpd-3.0.3-33.el8.x86_64
[root@node1 ~]#
8.copy
官方文档:https://docs.ansible.com/ansible/latest/modules/copy_module.html#copy-module
复制文件到受控主机
//创建一个文件
[root@master ~]# touch xk
[root@master ~]# cd /etc/ansible/
[root@master ansible]# ansible all -m copy -a "src=/root/xk dest=root" #传输到受控主机
192.168.72.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "./root",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1626592917.3358724-60029-70072125648791/source",
"state": "file",
"uid": 0
}
//在受控主机上查看
[root@node1 ~]# ls
anaconda-ks.cfg root xk
9.group
组的管理
//在受控主机上创建组
[root@master ansible]# ansible all -m group -a 'name=slf state=absent'
192.168.72.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "slf",
"state": "absent"
}
//删除组
[root@master ansible]# ansible all -m group -a 'name=xx gid=1234 state=present'
192.168.72.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 1234,
"name": "xx",
"state": "present",
"system": false
}
10.user
远程批量创建用户信息
官方文档: https://docs.ansible.com/ansible/latest/modules/user_module.html#user-module
参数 | 选项/默认值 | 释义 |
---|---|---|
passwd | 请输入密码信息 | |
name | 指定用户名信息 | |
uid | 指定用户uid信息 | |
group | 指定用户主要属于哪个组 | |
groups | 指定用户属于哪个附加组信息 | |
shell | /bin/bash或/sbin/nologin | 指定是否能够登录 |
create_home | yes/no | 是否创建家目录信息 |
home | 指定家目录创建在什么路径 默认/home |
//创建一个用户名为xk,uid为1002的用户
[root@master xm]# ansible all -m user -a 'name=xk uid=1002'
192.168.72.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1002,
"home": "/home/xk",
"name": "xk",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1002
}
//被控节点
[root@node1 ~]# id xk
uid=1002(xk) gid=1002(xk) 组=1002(xk)
11.service
service模块用于管理受控机上的服务
service状态:
- started:启动服务
- stopped:停止服务
- restarted:重启
- enabled=yes/no:开机自启
//启动受控主机的vsftpd
[root@master ansible]# ansible all -m service -a 'name=vsftpd state=started'
192.168.72.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "vsftpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
......
//查看受控主机vsftp状态
[root@master ansible]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.72.132 | CHANGED | rc=0 >>
active
//设置vsftp服务开机自启
[root@master ansible]# ansible all -m service -a 'name=vsftpd enabled=yes'
192.168.72.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "vsftpd",
"status": {
"ActiveEnterTimestamp": "Sun 2021-07-18 04:12:35 EDT",
......
//关闭vsftp服务
[root@master ansible]# ansible all -m service -a 'name=vsftpd state=stopped'
192.168.72.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "vsftpd",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "Sun 2021-07-18 04:12:35 EDT",
"ActiveEnterTimestampMonotonic": "5521495274",
......
//查看受控主机vsftpd服务状态
[root@master ansible]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.72.132 | FAILED | rc=3 >>
inactivenon-zero return code
[root@master ansible]#
12.lineinfle
替换文件中的内容,添加内容到指定文件位置
参数 | 释义 |
---|---|
regexp=’^ $’ | 正则匹配,匹配数字 |
line=’…’ | 将匹配的内容替换成什么,直接是line时候 是在文件的最后添加内容 |
insertbefore=’’ | 在文件匹配到的内容前面添加 |
insertafter=’’ | 在文件匹配到的内容后面添加 |
//查看被控主机的/opt/xk文件的内容
[root@master ansible]# ansible all -m shell -a 'cat /opt/xk'
192.168.72.132 | CHANGED | rc=0 >>
python 111
java 222
css 333
Go 444
handlebars 555
Kotlin 666
//使用lineinfile模块替换 把python开头为的字符串替换为py
[root@master ansible]# ansible all -m lineinfile -a 'path=/opt/xk regexp="^python" line="py"'
192.168.72.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
//查看
[root@master ansible]# ansible all -m shell -a 'cat /opt/xk'
192.168.72.132 | CHANGED | rc=0 >>
py
java 222
css 333
Go 444
handlebars 555
Kotlin 666
13.firewalld
//防火墙放行
[root@master ansible]# ansible all -m firewalld -a 'rich_rule="rule family=ipv4 source address=192.168.200.0/24 service name=http accept" permanent=yes state=enabled immediate=yes'
192.168.72.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed rich_rule rule family=ipv4 source address=192.168.200.0/24 service name=http accept to enabled"
}
[root@master ansible]#
//在受控主机上查看
[root@node1 opt]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="192.168.200.0/24" service name="http" accept
[root@node1 opt]#