如果使用Ad-hoc命令,Ansible的一些插件功能就无法使用,比如loop、facts功能等
执行命令
shell模块
用法基本上和command一样,不过是通过/bin/sh进行执行,所以shell模块可以执行任何命令,就像在本机执行一样,
Ansible命令都是并发执行的,我们可以针对目标主机执行任何命令
示例:
[root@master ~]# ansible webservers -m shell -a hostname -o
node2 | CHANGED | rc=0 | (stdout) node2
node1 | CHANGED | rc=0 | (stdout) node1
[root@master ~]# ansible webservers -m shell -a 'uname -r' -f 5 -o
node1 | CHANGED | rc=0 | (stdout) 3.10.0-1062.el7.x86_64
node2 | CHANGED | rc=0 | (stdout) 3.10.0-1062.el7.x86_64
command模块
该模块通过-a跟上要执行的命令可以直接执行,不过命令里如果带有如下字符部分则执行不成功:
creates:一个文件名,当该文件存在时,则该命令不执行
free_form:要执行的linux指令
removes:一个文件名,当该文件不存在时,则该选项不执行
chdir:在执行命令前,先切换到该指定的目录
executable:切换shell来执行指令,该执行路径必须是一个绝对路径
注解:command模块不是调用的shell的指令,所以没有bash的环境变量,也不能使用shell的一些操作方式,其他和shell没有区别
raw模块
用法和shell模块一样,其也可以执行任意命令,就像在本机执行一样
包管理
yum_repository模块
yum_repository模块可以帮助我们管理远程主机上的yum仓库
常用选项:
name参数:必须参数,用于指定要操作的唯一的仓库ID,也就是“.repo"配置文件中每个仓库对应的”中括号“内的仓库ID
baseurl参数:此参数用于设置yum仓库的baseurl
description参数:此参数用于设置仓库的注释信息。也就是”.repo“配置文件中的每个仓库对应的”name字段“对应的内容
file参数:此参数用于设置仓库的配置文件名称,即设置”.repo“配置文件的文件名前缀,在不使用.此参数的情况下,默认以name参数的仓库ID作为".repo"配置文件的文件名前缀,同一个”.repo“配置文件中可以存在多个yum源
enable参数:此参数用于设置是否激活对应的yum源,此参数默认值为yes,表示启用对应的yum源,设置为no,表示不启用对应的yum源
gpgcheck参数:此参数用于设置是否开启rpm包验证功能,默认值为no,表示不启用包验证,设置为yes表示开启包验证功能
gpgcakey参数:当gpgcheck参数设置为yes时,需要使用此参数指定验证包所需的公钥
state参数:默认值为present,当前设置为sbsent时,表示删除对应的yum源
yum模块
使用yum包管理器来管理软件包,其选项有:
示例:dnf模块和yum用法类似
安装软件包:
[root@master ~]# ansible webservers -m yum -a 'name=httpd state=latest'
验证安装包情况:
[root@master ~]# ansible webservers -m shell -a "rpm -q httpd" -o
node1 | CHANGED | rc=0 | (stdout) httpd-2.4.6-97.el7.centos.x86_64
node2 | CHANGED | rc=0 | (stdout) httpd-2.4.6-97.el7.centos.x86_64
卸载安装包
[root@master ~]# ansible webservers -m yum -a "name=httpd state=absent"
升级所有的软件包
[root@master ~]# ansible webservers -m yum -a 'name="*" state=latest'
服务管理
service模块
用于管理服务,该模块包含如下选项
arguments:给命令行提供一些选项
enabled:是否开机启动yes/no
name:必选项,服务名称
pattern:定义一个模式,如果通过status指令来查看服务的状态时,没有响应,就会通过ps指令在进程中根据该模式进行查找,如果匹配到,则认为该服务依然在运行
runlevel:运行级别
sleep:如果执行了restarted,则在stop和start之间沉睡几秒钟
state:对当前服务执行启动,停止,重启,重新加载等操作(started,stopped,restarted,reloaded)
示例:
[root@master ~]# ansible webservers -m dnf -a "name=httpd state=present"
[root@master ~]# ansible webservers -m service -a 'name=httpd state=started enabled=yes'
#验证服务启动
[root@master ~]# ansible webservers -m shell -a 'systemctl is-active httpd;systemctl is-enabled httpd'
node1 | CHANGED | rc=0 >>
active
enabled
node2 | CHANGED | rc=0 >>
active
enabled
用户管理
group模块
帮助我i们管理远程主机上的组
常用选项有:
[root@master ~]# ansible webservers -m group -a "name=abc"
user模块
实现用户账户管理
常用选项:
[root@master ~]# python3
Python 3.6.8 (default, Nov 16 2020, 16:55:22)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt
>>> crypt.crypt('123')
'$6$zGV5rFjOc/tjzctm$WS2xlMa69Cnlq4bsU/SygO3CyuYzLKL1Mf58u4vkBVdOKJPMSv5tFpo2iuwlWmROU6rc8Ib.njJERLSYkJ5EA0'
>>> exit()
创建用户
[root@master ~]# ansible webservers -m user -a 'name=tom password="$6$zGV5rFjOc/tjzctm$WS2xlMa69Cnlq4bsU/SygO3CyuYzLKL1Mf58u4vkBVdOKJPMSv5tFpo2iuwlWmROU6rc8Ib.njJERLSYkJ5EA0" '
验证登录
[root@master ~]# ssh 192.168.242.11 -l tom
tom@192.168.242.11's password:
[tom@node1 ~]$ ssh 192.168.242.12 -l tom
The authenticity of host '192.168.242.12 (192.168.242.12)' can't be established.
ECDSA key fingerprint is SHA256:j2RtNH5115L2tipbU+rGHs0unTooWUMODaz+ALhrago.
ECDSA key fingerprint is MD5:7e:cd:68:d9:05:79:30:26:1d:aa:3a:f2:9f:ad:cc:82.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.242.12' (ECDSA) to the list of known hosts.
tom@192.168.242.12's password:
[tom@node2 ~]$ logout
Connection to 192.168.242.12 closed.
2、删除用户,连同家目录一起删除
[root@master ~]# ansible webservers -m user -a "name=tom state=absent remove=yes"
3、创建用户bob,指定附加组为abc
[root@master ~]# ansible webservers -m user -a 'name=bob groups=abc'
4、为bob用户生成密钥对
[root@master ~]# ansible webservers -m user -a 'name=bob generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa'
[root@master ~]# ansible webservers -m shell -a "ls -la ~bob/.ssh"
node1 | CHANGED | rc=0 >>
total 8
drwx------. 2 bob bob 38 Aug 12 21:55 .
drwx------. 3 bob bob 74 Aug 12 21:55 ..
-rw-------. 1 bob bob 1675 Aug 12 21:55 id_rsa
-rw-r--r--. 1 bob bob 408 Aug 12 21:55 id_rsa.pub
node2 | CHANGED | rc=0 >>
total 8
drwx------. 2 bob bob 38 Aug 12 21:55 .
drwx------. 3 bob bob 74 Aug 12 21:55 ..
-rw-------. 1 bob bob 1679 Aug 12 21:55 id_rsa
-rw-r--r--. 1 bob bob 408 Aug 12 21:55 id_rsa.pub
文件操作
file模块
用于远程主机上的文件操作,file模块包括以下选项
[root@master ~]# ansible webservers -m file -a 'path=/tmp/testfile1 state=touch'
示例二:创建一个名为/tmp/testdir的目录,如果/tmp/testdir目录已经存在,则不进行任何操作
[root@master ~]# ansible webservers -m file -a 'path=/tmp/testdir state=directory'
示例三:testfile1文件创建软连接文件,软连接名为linkfile1
[root@master ~]# ansible webservers -m file -a 'path=/tmp/linkfile1 state=link src=/tmp/testfile1'
示例四:删除远程主机上的指定文件或目录
[root@master ~]# ansible webservers -m file -a "path=/tmp/linkfile1 state=absent"
[root@master ~]# ansible webservers -m file -a "path=/tmp/testfile1 state=absent"
[root@master ~]# ansible webservers -m file -a "path=/tmp/testdir state=absent"
copy模块
复制文件使用copy模块,文件的变化是通过MD5值来判断的
copy包括以下选项
[root@master ~]# ansible webservers -m copy -a "src=/etc/hosts dest=/etc/hosts owner=root group=root mode=644 backup=yes"
file模块
可以设定文件属性,还可以创建文件的符号链接
常用选项
[root@master ~]# ansible webservers -m file -a "name=test.txt state=touch"
[root@master ~]# ansible webservers -m file -a "src=test.txt dest=link_test state=link"
2、修改文件属主,属组及权限
[root@master ~]# ansible webservers -a "mkdir /share"
[root@master ~]# ansible webservers -m file -a "path=/share owner=root group=root mode=1777"
3、修改selinux的安全上下文
[root@master ~]# ansible webservers -m file -a 'path=/mnt/rhce state=directory
mode=666 owner=root group=root setype=samba_share_t'
fetch模块
拉取远程主机的文件,并以主机IP地址或者主机名为目录,并保留了原来的目录结构
常用选项:
dest:目标地址 src:源地址
示例:从被管理节点上拷贝文件到控制节点
[root@master ~]# ansible webservers -m fetch -a "src=/etc/hosts dest=/opt"
[root@master ~]# ll /opt
total 0
drwxr-xr-x. 3 root root 17 Aug 12 22:40 node1
drwxr-xr-x. 3 root root 17 Aug 12 22:40 node2
flat=yes 不采用默认的文件级结构
[root@master ~]# ansible node2 -m fetch -a 'src=/etc/hosts dest=/opt/hosts flat=yes'
lineinfile模块
lineinfile文件内容修改,在某行前面添加一行,在某行后面添加一行,删除某一行,末尾加入某一行,替换或添加某一行
示例一:设置selinux为enforcing模式
[root@master ~]# ansible webservers -m lineinfile -a 'path=/etc/selinux/config regexp="^SELINUX=" line="SELINUX=enforcing" '
示例二:在某一行前面插入一行
[root@master ~]# vi test.txt
[root@master ~]# cat test.txt
test
[root@master ~]# ansible localhost -m lineinfile -a 'dest=test.txt insertbefore="test(.*)" line="one"'
localhost | CHANGED => {
"backup": "",
"changed": true,
"msg": "line added"
}
[root@master ~]# ansible localhost -a 'cat test.txt'
localhost | CHANGED | rc=0 >>
one
test
示例三:某一行后面插入一行
[root@master ~]# ansible localhost -m lineinfile -a 'dest=test.txt insertafter="test(.*)" line="end"'
localhost | CHANGED => {
"backup": "",
"changed": true,
"msg": "line added"
}
[root@master ~]# ansible localhost -a 'cat test.txt'
localhost | CHANGED | rc=0 >>
one
test
end
示例四:删除匹配的行
[root@master ~]# ansible localhost -m lineinfile -a 'path=test.txt regexp="test(.*)" state=absent'
localhost | CHANGED => {
"backup": "",
"changed": true,
"found": 1,
"msg": "1 line(s) removed"
}
[root@master ~]# ansible localhost -a 'cat test.txt'
localhost | CHANGED | rc=0 >>
one
end
synchronize模块
synchronize基于rsync命令批量同步文件,做这个模块时,必须保证远程服务器上有rsync这个命令
常用选项:
src:源文件 dest:目标文件 archive:是否采用归档模式同步,保证源文件和目标文件属性一致
rsync_opts:使用rsync参数
--exclude=*.log:此处为省略.log结尾的文件,必须和rsync_opts使用例(rsync_opts=--exclude=.txt)
示例一:将node1节点的/etc/hosts目录拉取到主控制节点的/tmp目录下
[root@master ~]# ansible node1 -m synchronize -a 'src=/etc/hosts dest=/tmp mode=pull'
计划任务
cron模块
用于管理计划任务;包括以下选项:
[root@master ~]# ansible webservers -m cron -a "name='crontab test' minute=5 hour=1 job='echo test'"
node2 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"crontab test"
]
}
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"crontab test"
]
}
[root@master ~]# ansible webservers -m shell -a "crontab -l"
node2 | CHANGED | rc=0 >>
#Ansible: crontab test
5 1 * * * echo test
node1 | CHANGED | rc=0 >>
#Ansible: crontab test
5 1 * * * echo test
示例二:删除计划任务
[root@master ~]# ansible webservers -m cron -a "name='crontab test' state=absent"
node2 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
[root@master ~]# ansible webservers -m shell -a "crontab -l"
node2 | CHANGED | rc=0 >>
node1 | CHANGED | rc=0 >>
防火墙管理
示例:
开启防火墙:
[root@master ~]# ansible webservers -m service -a "name=firewalld state=started enabled=true"
1、允许http服务
[root@master ~]# ansible webservers -m firewalld -a "service=http permanent=true immediate=true state=enabled"
2、允许端口
[root@master ~]# ansible webservers -m firewalld -a "port=80/tcp permanent=true immediate=true state=enabled"
3、富规则
[root@master ~]# ansible webservers -m firewalld -a 'rich_rule="rule family=ipv4 source address=192.168.242.0/24 service name=http accept " permanent=true immediate=true state=enabled'
4、端口转发
[root@master ~]# ansible webservers -m firewalld -a 'rich_rule="rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443" permanent=true immediate=true state=enabled'
5、masquerade
[root@master ~]# ansible webservers -m firewalld -a 'masquerade=yes state=enabled permanent=yes immediate=yes'
网络工具
用途:用于将文件或软件从http。https或ftp下载到本地节点上
常用选项:
1、parted
[root@master ~]# ansible localhost -m parted -a 'device=/dev/sdb number=1 part_end=1GiB state=present'
localhost | CHANGED => {
"changed": true,
"disk": {
"dev": "/dev/sdb",
"logical_block": 512,
"model": "VMware, VMware Virtual S",
"physical_block": 512,
"size": 10485760.0,
"table": "msdos",
"unit": "kib"
},
"partitions": [
{
"begin": 1024.0,
"end": 1048576.0,
"flags": [],
"fstype": "",
"name": "",
"num": 1,
"size": 1047552.0,
"unit": "kib"
}
],
"script": "unit KiB mklabel msdos mkpart primary 0% 1GiB"
}
[root@master ~]# lsblk | grep sdb
sdb 8:16 0 10G 0 disk
└─sdb1 8:17 0 1023M 0 part
2、创建LVM
[root@master ~]# ansible localhost -m parted -a 'device=/dev/sdb number=2 flags=lvm part_start=1GiB part_end=2GiB state=present'
[root@master ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): p
Disk /dev/sdb: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x0004c33f
Device Boot Start End Blocks Id System
/dev/sdb1 2048 2097151 1047552 83 Linux
/dev/sdb2 2097152 4194303 1048576 8e Linux LVM
3、删除分区
[root@master ~]# ansible localhost -m parted -a 'device=/dev/sdb number=2 state=absent'
2、lvg
示例:
1、创建lvg
[root@master ~]# ansible localhost -m lvg -a "pvs=/dev/sdb1 vg=vg1"
localhost | CHANGED => {
"changed": true
}
2、在/dev/nvme0n2p1上创建一个物理扩展数据块大小为16M的卷组
[root@master ~]# ansible localhost -m parted -a 'device=/dev/sdb number=2 flags=lvm part_start=1GiB part_end=2GiB state=present'
[root@master ~]# ansible localhost -m lvg -a 'pvs=/dev/sdb2 vg=vg2 pesize=16'
localhost | CHANGED => {
"changed": true
}
3、在sdb3或sdb4上创建或调整卷组的大小
先创建两个分区
[root@master ~]# ansible localhost -m parted -a 'device=/dev/sdb number=3 flags=lvm part_start=2GiB part_end=3GiB state=present'
[root@master ~]# ansible localhost -m parted -a 'device=/dev/sdb number=4 flags=lvm part_start=3GiB part_end=4GiB state=present'
重新创建VG
[root@master ~]# ansible localhost -m lvg -a 'pvs=/dev/sdb3,/dev/sdb4 vg=vg1'
localhost | CHANGED => {
"changed": true
}
[root@master ~]# vgs vg1
VG #PV #LV #SN Attr VSize VFree
vg1 2 0 0 wz--n- 1.99g 1.99g
3、lvol
示例
1、创建一个LV
[root@master ~]# ansible localhost -m lvol -a 'vg=vg1 lv=lv1 size=512'
localhost | CHANGED => {
"changed": true,
"msg": ""
}
[root@master ~]# lvs /dev/vg1/lv1
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
lv1 vg1 -wi-a----- 512.00m
2、使用磁盘/dev/sdb3创建一个258m的逻辑卷
[root@master ~]# ansible localhost -m lvol -a 'vg=vg1 lv=lv2 size=258 pvs=/dev/sdb3'
localhost | CHANGED => {
"changed": true,
"msg": ""
}
3、创建一个逻辑卷,其大小等于卷组中所有剩余空间的大小
[root@master ~]# ansible localhost -m lvol -a "vg=vg2 lv=lv3 size=100%FREE"
localhost | CHANGED => {
"changed": true,
"msg": ""
}
[root@master ~]# lvs /dev/vg2/lv3
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
lv3 vg2 -wi-a----- 1008.00m
4、将逻辑卷扩展到1024m
[root@master ~]# ansible localhost -m lvol -a 'vg=vg1 lv=lv1 size=1024'
localhost | CHANGED => {
"changed": true,
"lv": "lv1",
"size": 512.0,
"vg": "vg1"
}
[root@master ~]# lvs /dev/vg1/lv1
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
lv1 vg1 -wi-a----- 1.00g
5、将逻辑卷缩容到1024m
[root@master ~]# ansible localhost -m lvol -a 'vg=vg1 lv=lv1 size=512 force=yes'
localhost | CHANGED => {
"changed": true,
"lv": "lv1",
"size": 1024.0,
"vg": "vg1"
}
[root@master ~]# lvs /dev/vg1/lv1
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
lv1 vg1 -wi-a----- 512.00m
6、删除LV
[root@master ~]# ansible localhost -m lvol -a 'vg=vg2 lv=lv3 state=absent force=yes'
localhost | CHANGED => {
"changed": true
}
4、filesystem
选项:
dev:目标块设备
force:在一个已有文件系统的设备上强制创建
fstype:文件系统的类型
opts:传递给mkfs命令的选项
示例一:创建一个ext4文件系统在/dev/sdb1上
#删除vg2
[root@master ~]# ansible localhost -m lvg -a 'vg=vg2 state=absent'
localhost | CHANGED => {
"changed": true
}
[root@master ~]# ansible localhost -m filesystem -a 'dev=/dev/sdb2 fstype=ext4 force=yes'
localhost | CHANGED => {
"changed": true
}
示例二:创建xfs的文件系统在lv上
[root@master ~]# ansible localhost -m filesystem -a 'dev=/dev/vg1/lv1 fstype=xfs force=yes'
localhost | CHANGED => {
"changed": true
}
5、mount
选项:
[root@master ~]# ansible localhost -m file -a 'path=/mnt/dvd state=directory'
localhost | CHANGED => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/mnt/dvd",
"secontext": "unconfined_u:object_r:mnt_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
[root@master ~]# ansible localhost -m mount -a 'src=/dev/sr0 path=/mnt/dev fstype=iso9660 state=present'
localhost | CHANGED => {
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "iso9660",
"name": "/mnt/dev",
"opts": "defaults",
"passno": "0",
"src": "/dev/sr0"
}
[root@master ~]# tail -1 /etc/fstab
/dev/sr0 /mnt/dev iso9660 defaults 0 0
2、挂载/dev/vg1/lv1到/tools下
[root@master ~]# ansible localhost -m file -a 'path=/tools state=directory'
localhost | CHANGED => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tools",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
[root@master ~]# ansible localhost -m mount -a 'src=/dev/vg1/lv1 path=/tools fstype=xfs state=mounted'
localhost | CHANGED => {
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "xfs",
"name": "/tools",
"opts": "defaults",
"passno": "0",
"src": "/dev/vg1/lv1"
}
[root@master ~]# df -h | grep /tools
/dev/mapper/vg1-lv1 509M 26M 483M 6% /tools
[root@master ~]# tail -1 /etc/fstab
/dev/vg1/lv1 /tools xfs defaults 0 0
3、使用UUID挂载
[root@master ~]# ansible localhost -m file -a 'path=/data state=directory'
localhost | CHANGED => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/data",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
[root@master ~]# ansible localhost -m shell -a 'blkid /dev/sdb2'
localhost | CHANGED | rc=0 >>
/dev/sdb2: UUID="3ff32f48-03df-4c01-b85d-e4830e47206d" TYPE="ext4"
[root@master ~]# ansible localhost -m mount -a 'src=UUID=3ff32f48-03df-4c01-b85d-e4830e47206d path=/data fstype=ext4 state=mounted'
localhost | CHANGED => {
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "ext4",
"name": "/data",
"opts": "defaults",
"passno": "0",
"src": "UUID=3ff32f48-03df-4c01-b85d-e4830e47206d"
}
[root@master ~]# tail -1 /etc/fstab
UUID=3ff32f48-03df-4c01-b85d-e4830e47206d /data ext4 defaults 0 0
[root@master ~]# df -h | grep /data
/dev/sdb2 976M 2.6M 907M 1% /data