Ansible常见模块的使用

最新推荐文章于 2023-10-21 22:10:03 发布

逐流·

最新推荐文章于 2023-10-21 22:10:03 发布

阅读量359

点赞数

文章标签： linux

本文链接：https://blog.csdn.net/weixin_46115601/article/details/118880911

版权

Ansible常见模块的使用

ansible常见模块

ansible常见模块

ping
yum
template
copy
user
group
service
raw
command
shell
script

shell，raw，command的区别(除了需要交互的命令以外几乎都可以执行)

shell模块调用的/bin/sh指令执行-可执行受控主机上的脚本
command模块不是调用的shell的指令，所以没有bash的环境变量(不支持管道符，重定向)
raw很多地方和shell类似，更多的地方建议使用shell和command模块。但是如果是使用老版本python，需要用到raw，又或者是客户端是路由器，因为没有安装python模块，那就需要使用raw模块了

3种都不具备幂等性所以一般只用来进行查看性的命令

ping模块用于检查指定节点机器是否连通

[root@localhost ~]# ansible all -m ping
192.168.216.131 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": false, 
    "ping": "pong"

script-在受控主机上执行控制主机的脚本

控制主机上编辑脚本

[root@localhost /]# cat test.sh 
!#/bin/bash

df -h

返回结果

[root@localhost /]# ansible all -m script -a '/test.sh'
192.168.216.131 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.216.131 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to 192.168.216.131 closed."
    ], 
    "stdout": "/root/.ansible/tmp/ansible-tmp-1626604440.52-7368-87853866289385/test.sh: line 1: !#/bin/bash: No such file or directory\r\nFilesystem             Size  Used Avail Use% Mounted on\r\ndevtmpfs               872M     0  872M   0% /dev\r\ntmpfs                  901M     0  901M   0% /dev/shm\r\ntmpfs                  901M   18M  883M   2% /run\r\ntmpfs                  901M     0  901M   0% /sys/fs/cgroup\r\n/dev/mapper/rhel-root   22G  4.7G   18G  21% /\r\n/d

template template与copy类似-模块用于生成一个模板，并可将其传输至远程主机上。

[root@localhost ~]# ansible all -m template -a 'src=/etc/ansible/hosts  dest=/tmp/'
	192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
将hosts复制到对方/tmp目录下

yum- 管理软件

name：要管理的包名
state：要进行的操作

state常用的值：

latest：安装软件(最新的)
installed：安装软件
present：安装软件
removed：卸载软件
absent：卸载软件

 不加参数默认安装加参数   		disabled_gpg_check=yes表示忽略

ansible all -m yum -a 'list=installed'
查询安装好的包

[root@ansible ~]# ansible all -m shell -a 'rpm -q httpd'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'.  If you need to use command because yum, dnf
or zypper is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get
rid of this message.
192.168.216.131 | CHANGED | rc=0 >>
httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64
查询指定包是否存在

[root@localhost ~]# ansible all -m yum -a 'name=httpd state=present'
	192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [

group 组管理

添加组

[root@localhost ~]# ansible all -m group -a 'name=mysql gid=520 state=present'
	192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },

删除组

[root@localhost ~]# ansible all -m group -a 'name=mysql gid=520 state=absent'
	192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true,

[root@localhost ~]# ansible all -m shell -a 'cat /etc/group | grep mysql'
	192.168.216.131 | FAILED | rc=1 >>
	non-zero return code

user 用户管理

创建用户

[root@localhost ~]# ansible all -m user -a 'name=xfx uid=1005 '
	192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true,

[root@ansible ~]# ansible all -m user -a 'name=nginx shell=/sbin/nologin system=yes home=/var/mginx'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 973, 
    "home": "/var/mginx", 
    "name": "nginx", 
    "shell": "/sbin/nologin", 
    "state": "present", 
    "system": true, 
    "uid": 975
}
创建一个系统服务账号，不允许登录，家目录在/var/nginx

查询

[root@ansible ~]# ansible all -a 'getent passwd nginx'
192.168.216.131 | CHANGED | rc=0 >>
nginx:x:975:973::/var/mginx:/sbin/nologin

删除用户

[root@localhost ~]# ansible all -m user -a 'name=xfx uid=1005 state=absent'
	192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    删除家目录加参数remove=yes

service-查询控制服务

查看httpd服务是否启动

[root@localhost ~]# ansible all -m shell -a 'systemctl status httpd'
192.168.216.131 | FAILED | rc=3 >>
* httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:httpd.service(8)non-zero return code
未启动

启动模块

[root@localhost ~]# ansible all -m service -a 'name=httpd state=started'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "name": "httpd", 
    "state": "started", 
    "status": {

[root@localhost ~]# ansible all -m shell -a 'ss -anltp'
192.168.216.131 | CHANGED | rc=0 >>
State     Recv-Q    Send-Q       Local Address:Port        Peer Address:Port                                                                                    
LISTEN    0         128                0.0.0.0:111              0.0.0.0:*        users:(("rpcbind",pid=1040,fd=4),("systemd",pid=1,fd=30))                      
LISTEN    0         32           192.168.122.1:53               0.0.0.0:*        users:(("dnsmasq",pid=1745,fd=6))                                              
LISTEN    0         128                0.0.0.0:22               0.0.0.0:*        users:(("sshd",pid=1331,fd=5))                                                 
LISTEN    0         5                127.0.0.1:631              0.0.0.0:*        users:(("cupsd",pid=1332,fd=10))                                               
LISTEN    0         128                   [::]:111                 [::]:*        users:(("rpcbind",pid=1040,fd=6),("systemd",pid=1,fd=33))                      
LISTEN    0         128                      *:80                     *:*        users:(("httpd",pid=31300,fd=4),("httpd",pid=312
有80端口说明已启动

设置开机自启动

[root@localhost ~]# ansible all -m service -a 'name=httpd enabled=yes'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "enabled": true, 
    "name": "httpd",

copy模块从服务器复制文件到目标主机

可以改变名字，组，属主，但目标目录必须存在

[root@localhost ansible]# ll hosts 
-rw-r--r--. 1 root root 1006 7月  15 23:44 hosts
[root@localhost ansible]# ansible all -m copy  -a 'src=/etc/ansible/hosts dest=/temp/ mode=0750 owner=tom'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "checksum": "f4efa214cdc7b62e90f4b625e45493e7a47f6b02", 
    "dest": "/temp/hosts", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "6a36b6fcb5097162cadf27e9cf2a27b8", 
    "mode": "0750", 
    "owner": "tom", 
    "size": 1006, 
    "src": "/root/.ansible/tmp/ansible-tmp-1626607165.66-60457-65789293650640/source", 
    "state": "file", 
    "uid": 1001
}

查看结果

[root@localhost temp]# ll hosts 
-rwxr-x--- 1 tom root 1006 Jul 18 19:19 hosts

也可以直接写入数据到对方主机

[root@localhost ansible]# ansible all -m copy  -a 'content=hello\n111 dest=/tmp/11123 mode=750 owner=tom group=tom'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "checksum": "74a9ada5b7e646ebaa0ca626391c29ef0f9742de", 
    "dest": "/tmp/11123", 
    "gid": 1001, 
    "group": "tom", 
    "md5sum": "a6cd917b1c09b94db137a24a1969dcb0", 
    "mode": "0750", 
    "owner": "tom", 
    "size": 9, 
    "src": "/root/.ansible/tmp/ansible-tmp-1626608832.33-93242-167051994148452/source", 
    "state": "file", 
    "uid": 1001
}

[root@localhost tmp]# cat 11123
hello
111

加入参数backup=yes，如果复制的版本与原始版本不一样则备份原始版本

fetch 从对方主机文件复制到本主机

[root@localhost ~]# ansible all -m fetch -a 'src=/var/log/messages dest=date/'
192.168.216.131 | CHANGED => {
    "changed": true, 
    "checksum": "f0df19d66c75a8f1d865b851d5a36ca94b4d3905", 
    "dest": "/root/date/192.168.216.131/var/log/messages", 
    "md5sum": "12b7cdaa125d23a83a838cb7528f94c6", 
    "remote_checksum": "f0df19d66c75a8f1d865b851d5a36ca94b4d3905", 
    "remote_md5sum": null
}
抓取受控主机日志

查看

[root@localhost log]# cat messages 
Jul 18 19:27:01 localhost rsyslogd[1560]: [origin software="rsyslogd" swVersion="8.1911.0-3.el8" x-pid="1560" x-info="https://www.rsyslog.com"] rsyslogd was HUPed
Jul 18 19:27:02 localhost rhsmd[123913]: In order for Subscription Manager to provide your system with updates, your system must be registered with the Customer Portal. Please enter your Red Hat login to ensure your system is up-to-date.
Jul 18 19:27:30 localhost systemd-logind[1192]: Session 66 logged out. Waiting for processes to exit.
Jul 18 19:27:30 localhost systemd-logind[1192]: Removed session 66.
Jul 18 19:28:01 localhost systemd[1]: Started Session 70 of user root.
Jul 18 19:29:01 localhost NetworkManager[1321]: <info>  [1626607741.0709] dhcp4 (ens160): option dhcp_lease_time      => '1800'
Jul 18 19:29:01 localhost NetworkManager[1321]: <info>  [1626607741.0710] dhcp4 (ens160): option domain_name          => 'localdomain'
Jul 18 19:29:01 localhost NetworkManager[1321]: <info>  [1626607741.0711] dhcp4 (ens160): option domain_name_servers  => '192.168.216.2'
Jul 18 19:29:01 localhost NetworkManager[1321]: <info>  [1626607741.0711] dhcp4 (ens160): option expiry               => '1626609541'

抓取多个文件需要tar打包后抓取

file 设置文件的属性

path-dest=name

[root@ansible ~]# ansible all -m file -a 'path=/date/f3 state=touch'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "dest": "/date/f3", 
    "gid": 0, 
    "group": "root", 
    "mode": "0644", 
    "owner": "root", 
    "size": 0, 
    "state": "file", 
    "uid": 0
}

创建空文件

[root@localhost date]# ls
f3

删除文件

[root@ansible ~]# ansible all -m file -a 'path=/date/f3 state=absent'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "path": "/date/f3", 
    "state": "absent"
}

[root@ansible ~]# ansible all -m file -a 'path=/date/f2 state=directory'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0755", 
    "owner": "root", 
    "path": "/date/f3", 
    "size": 6, 
    "state": "directory", 
    "uid": 0
}
建立文件夹

[root@localhost date]# ls
f2

创建软连接

[root@ansible ~]# ansible all -m file -a 'src=/etc/fstab path=/date/fstab.link state=link'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "dest": "/date/fstab.link", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "size": 10, 
    "src": "/etc/fstab", 
    "state": "link", 
    "uid": 0
}

[root@localhost date]# ls
f2  fstab.link

删除软连接

[root@ansible ~]# ansible all -m file -a ' path=/date/fstab.link state=absent'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "path": "/date/fstab.link", 
    "state": "absent"
}

hostname

修改主机名字且永久生效

[root@ansible ~]# ansible all -m hostname -a 'name=test'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "ansible_domain": "", 
        "ansible_fqdn": "test", 
        "ansible_hostname": "test", 
        "ansible_nodename": "test", 
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "name": "test"
}

lineinfile

[root@ansible ~]# ansible all -m lineinfile -a 'path=/temp/123 line="1111"'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "backup": "", 
    "changed": true, 
    "msg": "line added"
}
在末尾插入内容

查看结果

[root@test temp]# cat 123 
123
456
asd
bfg
[root@test temp]# cat 123 
123
456
asd
bfg
1111

[root@ansible ~]# ansible all -m lineinfile -a 'path=/temp/123 regexp="^1" line='222''
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "backup": "", 
    "changed": true, 
    "msg": "line replaced"
}
匹配以1开头的，替换掉

[root@test temp]# cat 123 
123
156
asd
afg
1111
[root@test temp]# cat 123 
123
156
asd
afg
222
只替换了最后一个

[root@ansible ~]# ansible all -m lineinfile -a 'path=/temp/123 regexp="^a" state=absent'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "backup": "", 
    "changed": true, 
    "found": 2, 
    "msg": "2 line(s) removed"
}
匹配以a开头的，删除他

[root@test temp]# cat 123 
123
156
asd
afg
222
[root@test temp]# cat 123 
123
156
222
以a开头的全被删除了

insertafter/insertbefore///插入之后或之前

[root@ansible ~]# ansible all -m lineinfile -a 'path=/temp/123 insertafter='222' line="111"'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "backup": "", 
    "changed": true, 
    "msg": "line added"
}
将文本插在指定行之后

blockinfile

[root@ansible ~]# ansible all -m blockinfile -a 'path=/temp/123  block="888"'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "msg": "Block inserted"
}
文件尾部插入数据

[root@test temp]# cat 123 
123
156
222
111
[root@test temp]# cat 123 
123
156
222
111
# BEGIN ANSIBLE MANAGED BLOCK
888
# END ANSIBLE MANAGED BLOCK
效果于lineinfile类似，不过block会在插入的文本中添加标记

[root@ansible ~]# ansible all -m blockinfile -a 'path=/temp/123  block="999" 'marker='#{mark}000'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "msg": "Block inserted"
}
marker可以替换标记名

#BEGIN000
999
#END000

[root@ansible ~]# ansible all -m blockinfile -a 'path=/temp/123  block="777" 'marker='#{mark}000'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "msg": "Block inserted"
}
存在相同标记但block值不同

#BEGIN000
777
#END000
结果block被替换

[root@ansible ~]# ansible all -m blockinfile -a 'path=/temp/123  block="" 'marker='#{mark}000'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "msg": "Block removed"
}
block为空则删除标记和标记内容

[root@ansible ~]# ansible all -m blockinfile -a 'path=/temp/123  block="555" 'marker='#{mark}000 insertbefore=BOF'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "msg": "Block inserted"
}
BOF表示插入到开头EOF表示插入到结尾

计划任务cron

disabled=yes=true/no=false

[root@ansible ~]# ansible all -m cron -a 'minute=* weekday=1,7 job="/usr/bin/wall warning" name=warningcron'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": [
        "warningcron"
    ]
}
星期一和星期天的每分钟执行计划任务warningcron命令用双引号括起来

Broadcast message from root@test (somewhere) (Sun Jul 18 22:09:01 2021):       
                                                                               
warning

目标主机计划任务表

#Ansible: warningcron
* * * * 1,7 /usr/bin/wall warning

禁用

[root@ansible ~]# ansible all -m cron -a 'disabled=true  job="/usr/bin/wall warning" name=warningcron'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": [
        "warningcron", 
        "None"
    ]
}

[root@test ~]# crontab -l
*/1 * * * * date
#Ansible: warningcron
#* * * * * /usr/bin/wall warning
被注释了

[root@ansible ~]# ansible all -m cron -a 'disabled=no  job="/usr/bin/wall warning" name=warningcron'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": [
        "warningcron"
    ]
}

[root@test ~]# crontab -l
*/1 * * * * date
#Ansible: warningcron
* * * * * /usr/bin/wall warning
取消注释了

删除

[root@ansible ~]# ansible all -m cron -a 'disabled=no  job="/usr/bin/wall warning" name=warningcron state=absent'
192.168.216.131 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": []
}
/state=absent

逐流·

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Ansible常见模块的使用

Ansible常见模块的使用ansible常见模块ping模块用于检查指定节点机器是否连通ansible常见模块pingyumtemplatecopyusergroupservicerawcommandshellscriptshell，raw，command的区别(除了需要交互的命令以外几乎都可以执行)shell模块调用的/bin/sh指令执行-可执行受控主机上的脚本command模块不是调用的shell的指令，所以没有bash的环境变量(不支持管道符，重定向)raw很
复制链接

扫一扫