ansible 修改firewalld_ansible常用模块（copy模块,file模块,yum模块,service模块,firewalld模块,）...

前言：本篇博客内容承接上一篇博客

添加链接描述

常用模块

1.ping模块

[devops@server1 ansible]$ ansible all -m ping

server3 | SUCCESS => {

"changed": false,

"ping": "pong"

}

server2 | SUCCESS => {

"changed": false,

"ping": "pong"

}

2.copy模块

src：源文件路径位置

dest：目的地路径位置

[devops@server1 ansible]$ ansible test -m copy -a 'src=/etc/passwd dest=/tmp/passwd'

server2 | CHANGED => {

"changed": true,

"checksum": "3cc081d3b176d007c783e59c954eec74f6df7d64",

"dest": "/tmp/passwd",

"gid": 1001,

"group": "devops",

"md5sum": "c43e79d19ca578c7f892829679495a01",

"mode": "0664",

"owner": "devops",

"size": 1055,

"src": "/home/devops/.ansible/tmp/ansible-tmp-1560418590.1-259605285233838/source",

"state": "file",

"uid": 1001

}

[devops@server1 ansible]$ ansible test -a 'ls /tmp/passwd'

server2 | CHANGED | rc=0 >>

/tmp/passwd

3.file模块

修改文件的权限

[devops@server1 ansible]$ ansible test -m file -a 'dest=/tmp/passwd mode=600'

server2 | CHANGED => {

"changed": true,

"gid": 1001,

"group": "devops",

"mode": "0600",

"owner": "devops",

"path": "/tmp/passwd",

"size": 1055,

"state": "file",

"uid": 1001

}

[devops@server1 ansible]$ ansible test -a 'ls -l /tmp/passwd'

server2 | CHANGED | rc=0 >>

-rw------- 1 devops devops 1055 Jun 13 17:36 /tmp/passwd

4.yum模块

[devops@server1 ansible]$ ansible test -m \

> yum -a 'name=httpd state=present' -b

执行yum需要root权限，所以要做sudo

[root@server2 ~]# vim /etc/sudoers

[root@server3 ~]# vim /etc/sudoers

[devops@server1 ansible]$ ansible test -a ‘rpm -q httpd’

查看安装的的版本

server2 | CHANGED | rc=0 >>

httpd-2.4.6-45.el7.x86_64

上一条命令中-b这个选项如果不想加，可以修改文件

[devops@server1 ansible]$ vim ansible.cfg

[defaults]

inventory= inventory

[privilege_escalation]

become=True

become_method=sudo

become_user=root

become_ask_pass=False

[devops@server1 ansible]$ ansible test -m \

> yum -a 'name=httpd state=present'

5.service模块

常见service有以下指令

reloaded, restarted, started, stopped

[devops@server1 ansible]$ ansible db -m yum -a ‘name=httpd state=present’

[devops@server1 ansible]$ ansible db -m service -a ‘name=httpd state=started’

6.firewalld模块

[devops@server1 ansible]$ ansible test -m copy -a 'content="www.server2.com\n" dest=/var/www/html/index.html'

[devops@server1 ansible]$ curl server2

www.server2.com

正常访问没问题

配置火墙开启并且开机自启动

[devops@server1 ansible]$ ansible db -m service -a 'name=firewalld state=started enabled=true'

[devops@server1 ansible]$ curl server6

curl: (7) Failed connect to server6:80; No route to host

再次访问被拦截

[devops@server1 ansible]$ ansible-doc firewalld ##查看帮助

添加火墙策略

[devops@server1 ansible]$ ansible db -m firewalld -a 'service=http state=enabled permanent=yes immediate=yes'

server3 | CHANGED => {

"changed": true,

"msg": "Permanent and Non-Permanent(immediate) operation, Changed service http to enabled"

}

[devops@server1 ansible]$ curl server3

www.server3.com

访问成功