ansible的常用模块学习

最新推荐文章于 2023-05-01 14:41:51 发布

忍冬行者

最新推荐文章于 2023-05-01 14:41:51 发布

阅读量451

点赞数 1

分类专栏： ansible 文章标签： ansible linux

本文链接：https://blog.csdn.net/rendongxingzhe/article/details/126633438

版权

ansible 专栏收录该内容

2 篇文章 0 订阅

订阅专栏

一,ansible的学习笔记

ansible inventory文件格式
172.17.42.101 ansible_ssh_pass='123456'
172.17.42.102 ansible_ssh_pass='123456'
[docker]
172.17.42.10[1:3]
[docker:vars]
ansible_ssh_pass='123456'
[ansible:children]
docker

ansible inventory内置参数
ansible_ssh_host
ansible_ssh_port
ansible_ssh_user
ansible_ssh_pass
ansible_sudo
ansible_sudo_pass
ansible_sudo_exe
ansible_connection
ansible_ssh_private_key_file
ansible_shell_type
ansible_python_interpreter
ansible_*_interpreter

2.ansibie学习
ansible-doc -l | wc 统计ansible的模块数量
ansible-doc command 模块的帮助信息
ansible-doc -s 模块,查看模块的参数信息
command 模块
ansible test -m command -a 'ip a show dev eth0' 或者 ansible test -a 'ip a show dev eth0'
- name: return motd to registered var
command: cat /etc/motd
register: mymotd
script模块
ansible test -m script -a '/home/test.sh 12 34'
- script: /some/local/create_file.sh --some-arguments 1234
args:
creates: /the/created/file.txt
shell模块
ansilbe test -m shell -a "df -h"
- name: 临时关闭 selinux
shell: "setenforce 0"
failed_when: false
- name: 禁用系统 swap
shell: "swapoff -a && sysctl -w vm.swappiness=0"
ignore_errors: true
- name: Execute the command in remote shell; stdout goes to the specified file on the remote.
shell: somescript.sh >> somelog.txt
args:
chdir: somedir/
creates: somelog.txt
copy模块
ansible test -m copy -a "src=/etc/fstab dest=/etc/fstab owner=root group=root mode=0755"
- name: 下载证书工具 CFSSL和 kubectl
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- cfssl
- cfssl-certinfo
- cfssljson
- kubectl
tags: upgrade_k8s
- name: copy test
copy:
src: /mine/ntp.conf
dest: /etc/ntp.conf
owner: root
group: root
mode: 0644
backup: yes
stat模块
ansible test -m stat -a "path=/etc/sysctl.conf"
- name: 读取ca证书stat信息
stat: path="{{ ca_dir }}/ca.pem"
register: p
- stat:
path: /etc/foo.conf
register: st
- fail:
msg: "Whoops! file ownership has changed"
when: st.stat.pw_name != 'root'
yum模块
ansible test -m yum -a "name=httpd state=present disble_gpg_check=yes enablerepo=epel"
备注：#state (Choices: present, installed, latest, absent, removed)[Default: present]
- name: install the nginx rpm from a remote repo
yum:
name: http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
state: present
- name: 安装keepalived
yum: name={{item}} state=present
with_items:
- keepalived
- name: 安装基础软件包
yum: name={{ item }} state=latest
with_items:
- psmisc # 安装psmisc 才能使用命令killall，它在keepalive的监测脚本中使用到
- nfs-utils # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
- net-tools
cron模块
ansible test -m cron -a "name='test' hour='2-5' minute='*/5' day='1' mouth='3,4' weekday='1' job='ls -a' user=tom"
- cron:
name: yum autoupdate
weekday: 2
minute: 0
hour: 12
user: root
job: "YUMINTERACTIVE: 0 /usr/sbin/yum-autoupdate"
cron_file: ansible_yum-autoupdate
mount模块
ansible test -m mount -a "path=/mnt/data src=/dev/sd0 fstype=xfs state=present ots=ro"
ansible -i /etc/ansible/.hosts-root jr-root -c paramiko -m mount -a "name=/mnt src=/dev/sda5 fstype=ext4 opts=ro state=present"
- name: Mount up device by UUID
mount:
path: /home
src: UUID=b3e48f45-f933-4c8e-a700-22a159ec9077
fstype: xfs
opts: noatime
state: present
service模块
ansible test -m service -a "name=httpd state=running"
state的选项可以是stopped restarted started reloaded等
# Example action to stop service httpd, if running
- service:
name: httpd
state: stopped
- name: 设置keepalived自启动
service: name=keepalived state=started enabled=yes daemon_reload=yes
- name: 设置kubelet自启动
service: name=kubelet state=restarted enabled=yes daemon_reload=yes
synchronize模块
aisible test -m synchronize -a "src=some/relative/path dest=/some/absolute/path"
- name: 安装kubeconfig配置文件
synchronize: src=/root/.kube/config dest=/root/.kube/config
delegate_to: "{{ groups.deploy[0] }}"
- synchronize:
src: some/relative/path
dest: /some/absolute/path
template模块
ansible test -m template -a "src=/mytemplate/foo.j2 dest=/etc/file.conf owner=root group=root mode=0644"
- name: 准备CA配置文件
template: src=ca-config.json.j2 dest={{ ca_dir }}/ca-config.json
when: p.stat.isreg is not defined
- template:
src: /mytemplates/foo.j2
dest: /etc/file.conf
owner: bin
group: wheel
mode: 0644
get_url
ansible test -m get_url -a " url='http://www.baidu.com' dest=/root/test.html mode=0777"
file模块
file模块主要用于远程主机上的文件操作，file模块包含如下选项：
– force：需要在两种情况下强制创建软链接，一种是源文件不存在但之后会建立的情况下；另一种是目标软链接已存在,需要先取消之前的软链，然后创建新的软链，有两个选项：yes|no
– group：定义文件/目录的属组
– mode：定义文件/目录的权限
– owner：定义文件/目录的属主
– path：必选项，定义文件/目录的路径
– recurse：递归的设置文件的属性，只对目录有效
– src：要被链接的源文件的路径，只应用于state=link的情况
– dest：被链接到的路径，只应用于state=link的情况
– state：
directory：如果目录不存在，创建目录
file：即使文件不存在，也不会被创建
link：创建软链接
hard：创建硬链接
touch：如果文件不存在，则会创建一个新的文件，如果文件或目录已存在，则更新其最后修改时间
absent：删除目录、文件或者取消链接文件
ansible test -m file -a "name=test path=/root/test.js state=touch mode=0777"
- name: prepare some dirs
file: name={{ item }} state=directory
with_items:
- "{{ bin_dir }}"
- "{{ ca_dir }}"
- /root/.kube
- /etc/docker
- file:
path: /etc/foo.conf
owner: foo
group: foo
mode: 0644
user模块
ansible test -m user -a "name=jerry state=present"
ansible -i /etc/ansible/.hosts-root jr-root -c paramiko -m user -a "name=foo password=123456 home=/home/foo shell=/sbin/nologin"
- name: add user
user: name: jams shell=/bin/bash
groups: admins,develops'
append: yes
- user:
name: james
shell: /bin/bash
groups: admins,developers
append: yes
group
ansible test -m group -a "name=testadmin state=present"
- name: add group
group: name=somegroup state=present
# Example group command from Ansible Playbooks
- group:
name: somegroup
state: present
lineinfile
ansible test -m lineinfile -a " dest=/etc/sysconfig/selinux regexp='^SELINUX=' line='SELINUX=disabled'"
- lineinfile:
path: /etc/hosts
regexp: '^127\.0\.0\.1'
line: '127.0.0.1 localhost'
owner: root
group: root
mode: 0644
- name: 写入环境变量$PATH
lineinfile:
dest: ~/.bashrc
state: present
regexp: 'kubeasz'
line: 'export PATH={{ bin_dir }}:$PATH # generated by kubeasz'
- name: 修改 /etc/sysconfig/kubelet
lineinfile:
dest: /etc/sysconfig/kubelet
regexp: 'KUBELET_EXTRA_ARGS'
backrefs: yes
line: 'Environment="KUBELET_EXTRA_ARGS= --fail-swap-on=false --cgroup-driver=cgroupfs --pod-infra-container-image={{local_images}}/pause-amd64:3.1"'
replace
ansible test -m replace -a 'path=/testdir/test regexp="ABC" replace=abc'
- replace:
path: /home/jdoe/.ssh/known_hosts
regexp: '^old\.host\.name[^\n]*\n'
owner: jdoe
group: jdoe
mode: 0644
- replace:
path: /etc/hosts
regexp: '(\s+)old\.host\.name(\s+.*)?$'
replace: '\1new.host.name\2'
backup: yes
package模块
- name: 安装系统通用软件
package: name={{ item }} state=latest
with_items:
- jq # 轻量JSON处理程序，安装docker查询镜像需要
- socat # 用于port forwarding
- bash-completion # bash命令补全工具，需要重新登录服务器生效
- rsync
modprobe模块
- name: 加载内核模块
modprobe: name={{ item }} state=present
with_items:
- br_netfilter
- ip_vs
- ip_vs_rr
- ip_vs_wrr
- ip_vs_sh
- nf_conntrack_ipv4
ignore_errors: true
ansible -i hosttest test -m copy -a 'src=/root/host.py dest=/root/hostpy owner=root group=root mode=0644 backup=yes' -o

实践

1.根据操作系统版本安装软件

- hosts: all
  remote_user: root
  tasks:
  - name: install nginx package
    yum: name=nginx state=latest
  - name: start nginx service on CentOS6
    shell: service nginx start
    when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "6"
  - name: start nginx service
    shell: systemctl start nginx.service
    when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"

2.交互式创建用户并设置密码

--- 
- hosts: test70
  remote_user: root
  vars_prompt:
   - name: "user_name"
     prompt: "Enter user name"
     private: no
   - name: "user_password"
     prompt: "Enter user password"
     encrypt: "sha512_crypt"
     confirm: yes
  tasks:
   - name: create user
     user:
       name: "{{user_name}}"
       password: "{{user_password}}"

3.根据字典创建用户组及用户

- hosts: all
  remote_user: root
  tasks:
  - name: create groups
    group: name={{ item }} state=present
    with_items:
      - groupx1
      - groupx2
      - groupx3
  - name: create users
    user: name={{ item.name }} group={{ item.group }} state=present
    with_items:
      - {name: 'userx1', group: 'groupx1'}
      - {name: 'userx2', group: 'groupx2'}
      - {name: 'userx3', group: 'groupx3'}

4.根据字符串列表安装软件

- hosts: websrvs
  remote_user: root
  tasks:
  - name: install packages
    yum: name={{ item }} state=latest
    with_items:
      - httpd
      - php
      - php-mysql
      - php-mbstring
      - php-gd

5.安装http软件并检查服务状态

---
- hosts: all
  remote_user: root
  tasks:
   - name: 安装httpd
     yum: name={{ item }} state=present
     with_items:
     - httpd
     - httpd-devel
   - name: 复制配置文件
     copy: 
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     owner: root
     group: root
     mode: 0775
     with_items:
     - {  
       src: "/tmp/httpd.conf",
       dest: "/etc/httpd/conf/httpd.conf"
       }
     - {  
       src: "/tmp/httpd.conf",
       dest: "/etc/httpd/conf/httpd-vhosts.conf"
       }
   - name: 检查服务状态
      service：name=httpd state=started enabled=yes

6.安装http软件，并触发启动服务

- hosts: websrvs
  remote_user: root
  tasks:
  - name: install httpd package
    yum: name=httpd state=latest
  - name: install conf file
    copy: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf
    notify: restart httpd service
  - name: start httpd service
    service: name=httpd state=started
  handlers:
  - name: restart httpd service
    service: name=httpd state=restarted