ansible模块

ansible模块

---

一、 查看系统上安装的所有模块

---

ansible-doc -l

文件模块：
copy：将本地文件复制到受控主机
file：设置文件的权限和其他属性
lineinfile：确保特定行是否在文件中，也就是说修改文件内容
synchronize：使用rsync同步内容

软件包模块
package：使用操作系统本机的自动检测软件包管理器管理软件包
yum：使用yum软件包管理器管理软件包
apt：使用apt软件包管理器管理软件包
dnf：使用dnf软件包管理器管理软件包
pip：从PyPI管理Python软件包

系统模块
firewalld：使用firewalld管理任意端口和服务
reboot：重新启动计算机
service：管理服务
user：添加、删除和管理用户账户

Net Tools模块
get_url：通过http、https或者ftp下载文件
nmcli：管理网络
uri：与WEB服务交互

绿色：执行成功并且不需要做改变的动作
黄色：执行成功并且对目标主机做变更
红色：执行失败

二、常用模块

---

1、user

临时命令使用user模块来确保newbie用户存在于node1.example.com上，并且其UID为4000
[student@ansible ~]$ ansible server1 -m user -a ‘name=axi uid=4000 state=present’

创建用户并指定密码，如果该用户存在，仍然修改密码
[student@ansible ~]$ openssl passwd -1 abc $1$bChlQ4jX$97x50MlATs0PA6UsObqN1.

[student@ansible ~]$ ansible all -m user -a ‘name=aa state=present password=“$1$bChlQ4jX$97x50MlATs0PA6UsObqN1.” update_password=always’

创建用户并指定密码，但是如果改用户存在，则不修改密码
[student@ansible ~]$ openssl passwd -1 123
$1$zcVeWQiB$dIsAdkcv91mTjrCaayN3F/

[student@ansible ~]$ ansible all -m user -a ‘name=bb state=present password=“$1$zcVeWQiB$dIsAdkcv91mTjrCaayN3F/” update_password=on_create’

2、shell

临时命令使用shell模块来删除node1.example.com节点中的用户axi
[student@ansible ~]$ ansible node1 -m shell -a ‘userdel -r axi’

3、copy

[student@ansible ~]$ ansible node1 -m copy -a ‘src=/etc/fstab dest=/var/tmp/fstab’
[student@ansible ~]$ ansible node1 -m copy -a ‘src=/etc/fstab dest=/var/tmp/fstab group=axi owner=axi’

4、template

template模块—template模块用法和copy模块用法基本一致，它主要用于复制配置文件

[student@ansible ~]$ ansible all -m template -a ‘src=/usr/share/doc/httpd/httpd-vhosts.conf dest=/etc/httpd/conf.d/httpd-vhosts.conf group=root owner=root mode=0644’

5、file

修改文件的权限属性和context值

[student@ansible ~]$ ansible node1 -m file -a ‘path=/var/tmp/fstab mode=g+w mode=o+w group=student owner=galaxy setype=samba_share_t’

mode：设置权限可以是mode=g+w 也可以是mode=666
group：设置文件的所属组
owner：设置文件的所有者
setype：修改文件的context值

新建文件
[student@ansible ~]$ ansible node1 -m file -a ‘path=/var/tmp/bbb state=touch’

新建目录
[student@ansible ~]$ ansible node1 -m file -a ‘path=/var/tmp/cc state=directory’

删除文件或者目录
[student@ansible ~]$ ansible node1 -m file -a ‘path=/var/tmp/cc state=absent’

创建软链接
[student@ansible ~]$ ansible node1 -m file -a ‘dest=/var/tmp/chenyu src=/var/tmp/bbb state=link’

创建硬链接
[student@ansible ~]$ ansible node1 -m file -a ‘dest=/var/tmp/abc src=/var/tmp/aaa state=hard’

6、lineinfile

把abc开头的一行换成 bbbbb
[student@ansible ~]$ ansible node1 -m lineinfile -a ‘dest=/tmp/xyz regexp=abc line=bbbbb’

在某一行前面插入一行新数据—insertbefore
[student@ansible ~]$ ansible node1 -m lineinfile -a ‘dest=/tmp/xyz insertbefore=“aa(.*)” line=xyz’

在某一行后面插入一行新数据—insertafter
[student@ansible ~]$ ansible node1 -m lineinfile -a ‘dest=/tmp/xyz insertafter=“aaaa(.*)” line=bbbb’

删除某一行
[student@ansible ~]$ ansible node1 -m lineinfile -a ‘dest=/tmp/xyz regexp=“aaa(.*)” state=absent’

7、yum_repository模块-----配置yum仓库

[student@ansible ~]$ ansible node1 -m yum_repository -a ‘file=ck name=BaseOS description=rhel8 baseurl=file:///mnt/BaseOS enabled=yes gpgcheck=no’

[student@ansible ~]$ ansible node1 -m yum_repository -a ‘file=ck name=AppStream description=rhel8 baseurl=file:///mnt/AppStream enabled=yes gpgcheck=no’

8、yum模块----yum安装与卸载

state：present、installed、latest安装
absent、removed卸载

[student@ansible ~]$ ansible all -m yum -a ‘name=httpd state=installed’ ----------------安装

[student@ansible ~]$ ansible all -m yum -a ‘name=httpd state=removed’ ----------------卸载

9、service

重启httpd服务并设置下次启动生效
[student@ansible ~]$ ansible all -m service -a ‘name=httpd state=started enabled=yes’

10、fetch—拉取文件

和copy工作方式类似，只不过是从远程主机将文件拉取到本地端，存储时使用主机名作为目录树，且只能拉取文件，不能拉取目录

将远程主机的/etc/fstab文件拉取到本地来，存储的名字为/tmp/node1(node2)/etc/fstab
[student@ansible ~]$ ansible all -m fetch -a ‘src=/etc/fstab dest=/tmp’

将某台远程主机的/etc/fstab文件拉取到本地来，存储的名字为/tmp/fstab
[student@ansible ~]$ ansible node1 -m fetch -a ‘src=/etc/fstab dest=/tmp/ flat=yes’

将远程主机的/etc/fstab文件拉取到本地来，存储的名字为/tmp/fstab-node1(node2)
[student@ansible ~]$ ansible all -m fetch -a ‘src=/etc/fstab dest=/tmp/fstab-{{inventory_hostname}} flat=yes’

11、firewalld

允许http流量的传入
[student@ansible ~]$ ansible all -m firewalld -a ‘service=http permanent=yes state=enabled immediate=yes’

富规则 允许192.168.89.0/24主机http流量的传入
[student@ansible ~]$ ansible all -m firewalld -a ‘zone=public rich_rule=“rule family=ipv4 source address=192.168.89.0/24 service name=http accept” permanent=yes state=enabled immediate=yes’

12、replace

replace模块可以根据我们指定的正则表达式替换文件中的字符串，文件中所有被匹配的字符串都会被替换
参数：
path参数：2.3版本之前只能用dest、destfile、name指定操作文件，2.4版本中仍然可以用这些参数名，也可以用path
regexp参数：必须参数，指定一个python正则表达式，文件中与正则匹配的字符串将会被替换
replace参数：指定最终要替换成的字符串
backup参数：是否在修改文件之前对文件进行备份，最好设置为yes。

将/tmp/lc文件中的“abc”替换成“yyy”
[student@ansible ~]$ ansible all -m replace -a ‘path=/tmp/lc regexp=“abc” replace=“yyy”’

将/tmp/lc文件中的“yyy”替换成“iii”，且把替换前的/tmp/lc文件备份
[student@ansible ~]$ ansible all -m replace -a ‘path=/tmp/lc regexp=“yyy” replace=“iii” backup=yes’

13、parted

新建扩展分区
[student@ansible ~]$ ansible node1 -m parted -a ‘device=/dev/sda number=4 part_type=extended part_start=46GiB part_end=48GiB state=present’

新建逻辑分区
[student@ansible ~]$ ansible node1 -m parted -a ‘device=/dev/sda number=5 part_type=logical part_start=46GiB part_end=48GiB state=present’

14、filesystem—文件系统

[student@ansible ~]$ ansible node1 -m filesystem -a ‘fstype=xfs dev=/dev/sda5’

15、mount—挂载

新建挂载点/common
[student@ansible ~]$ ansible node1 -m file -a ‘path=/common state=directory’

查看/dev/sda5的UUID
[student@ansible ~]$ ansible node1 -m shell -a ‘blkid /dev/sda5’

将分区/dev/sda5挂载到/common目录
[student@ansible ~]$ ansible node1 -m mount -a ‘path=/common src=“UUID=d162b8b9-2326-4ee4-a559-80861461c4f0” fstype=xfs state=mounted’

卸载
[student@ansible ~]$ ansible node1 -m mount -a ‘path=/common src=“UUID=d162b8b9-2326-4ee4-a559-80861461c4f0” fstype=xfs state=absent’

16、lvg—新建卷组

[student@ansible ~]$ ansible node1 -m lvg -a ‘vg=vg0 pesize=16M pvs=/dev/sda5’

17、lvol—新建逻辑卷

[student@ansible ~]$ ansible node1 -m lvol -a ‘lv=lv0 size=1000M vg=vg0’

在线扩容逻辑卷
[student@ansible ~]$ ansible node1 -m lvol -a ‘lv=lv0 size=1600M vg=vg0 resizefs=yes’

18、sefcontext—修改context值

[student@ansible ~]$ ansible node1 -m file -a ‘path=/share state=directory’

修改context值
[student@ansible ~]$ ansible node1 -m sefcontext -a ‘target=“/share(/.*)?” setype=samba_share_t state=present’

应用新的selinux 文件的context值
[student@ansible ~]$ ansible node1 -m command -a ‘restorecon -irv /share’

19、debug

用户输出自定义的信息，类似于echo、print等输出命令。ansible中的debug主要用于输出变量值、表达式值，以及用于when条件判断时。使用方式非常简单

20、cron—计划任务

[student@ansible ~]$ ansible node1 -m cron -a ‘name=“shuchu” job=“/bin/echo I AM RHCE” user=root minute=0 hour=14 state=present’

21、get_url

语法：ansible node1 -m get_url -a ‘url=需要下载的文件 dest=存放的位置’

三、拓展

---

1、部署yum仓库

//挂载镜像
[student@ansible ~]$ cd ansible/
[student@ansible  ansible~]$ mount /dev/sr0 /media/
mount: /media: WARNING: device write-protected, mounted read-only.
[student@ansible ansible]$ ansible dev -m mount -a 'path=/media  src=/dev/sr0  fstype=iso9660 state=mounted'
[student@ansible ~]$ df -h
/dev/sr0              11G   11G     0 100% /media


//配置本地yum仓库
[student@ansible ansible]$ ansible dev -m yum_repository  -a 'file=axi name=AppStream  description=axi1 baseurl=file:///media/AppStream enabled=yes gpgcheck=no'
node1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "repo": "AppStream",
    "state": "present"
}
[student@ansible ansible]$ ansible dev -m yum_repository  -a 'file=axi name=BaseOS  description=axi1 baseurl=file:///media/BaseOS enabled=yes gpgcheck=no'
node1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "repo": "BaseOS",
    "state": "present"
}
[student@ansible ansible]$

//在node1里查看
[root@node1 yum.repos.d]# ls
axi.repo
[root@node1 yum.repos.d]# cat axi.repo
[AppStream]
baseurl = file:///media/AppStream
enabled = 1
gpgcheck = 0
name = axi1

[BaseOS]
baseurl = file:///media/BaseOS
enabled = 1
gpgcheck = 0
name = axi1

2、安装httpd

//安装httpd
[student@ansible ansible]$ ansible dev -m yum -a 'name=httpd state=present'
node1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "msg": "",
    "rc": 0,
    "results": [
        "Installed: mailcap-2.1.48-3.el8.noarch",
        "Installed: httpd-2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64",
        "Installed: apr-1.6.3-12.el8.x86_64",
        "Installed: httpd-filesystem-2.4.37-43.module_el8.5.0+1022+b541f3b1.noarch",
        "Installed: apr-util-1.6.1-6.el8.x86_64",
        "Installed: apr-util-bdb-1.6.1-6.el8.x86_64",
        "Installed: httpd-tools-2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64",
        "Installed: centos-logos-httpd-85.8-2.el8.noarch",
        "Installed: mod_http2-1.15.7-3.module_el8.4.0+778+c970deab.x86_64",
        "Installed: apr-util-openssl-1.6.1-6.el8.x86_64"
    ]
}



//在node1上查看
[root@node1 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:httpd.service(8)
[root@node1 ~]#

3、讲/var/www/html目录做一个软链接，到/www

//创建软链接
[student@ansible ansible]$ ansible dev -m file -a 'src=/var/www/html/  dest=/www  state=link'
node1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "dest": "/www",
    "gid": 0,
    "group": "root",
    "mode": "0777",
    "owner": "root",
    "secontext": "unconfined_u:object_r:root_t:s0",
    "size": 14,
    "src": "/var/www/html/",
    "state": "link",
    "uid": 0
}
[student@ansible ansible]$

4、在/www中新建index.html，内容为my name is lc

[student@ansible ansible]$ ansible node1 -m copy -a 'content="my name is liucong\n" dest=/www/index.html'
node1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "250eb536a9ff98b6e0a7d35ff9d515832993c330",
    "dest": "/www/index.html",
    "gid": 0,
    "group": "root",
    "md5sum": "913d37b299235a033d876be0faedf3f5",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:default_t:s0",
    "size": 19,
    "src": "/home/student/.ansible/tmp/ansible-tmp-1666601314.4946268-5797-24778811209063/source",
    "state": "file",
    "uid": 0
}

5、实现在ansible中能够使用http://node1访问到该网页内容

//开启防火墙规则
[student@ansible ansible]$ ansible dev -m firewalld -a 'service=http   permanent=yes state=enabled immediate=yes'
node1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "msg": "Permanent and Non-Permanent(immediate) operation, Changed service http to enabled"
}


//开启httpd服务并设置下次开机自启
[student@ansible ansible]$ ansible dev -m service -a 'name=httpd state=started enabled=yes'

[student@ansible ansible]$ ansible node1 -m sefcontext -a 'target="/www(/.*)?" setype=httpd_sys_content_t state=present'
[student@ansible ansible]$ curl http://node1
my name is liucong

//加载服务
[student@ansible ansible]$ ansible dev -m service -a 'name=httpd state=reloaded'

[student@ansible ansible]$ curl http://node1
my name is liucong