*使用临时命令通过模块来执行任务*
查看系统上安装的所有模块
ansible-doc -l
查看ping模块帮助文档
ansible-doc ping
ansible模块
文件模块:
copy:将本地文件复制到受控主机
file:设置文件的权限和其他属性
lineinfile:确保特定行是否在文件中,也就是说修改文件内容
synchronize:使用rsync同步内容
软件包模块
package:使用操作系统本机的自动检测软件包管理器管理软件包
yum:使用yum软件包管理器管理软件包
apt:使用apt软件包管理器管理软件包
dnf:使用dnf软件包管理器管理软件包
pip:从PyPI管理Python软件包
系统模块
firewalld:使用firewalld管理任意端口和服务
reboot:重新启动计算机
service:管理服务
user:添加、删除和管理用户账户
Net Tools模块
get_url:通过http、https或者ftp下载文件
nmcli:管理网络
uri:与WEB服务交互
语法:
ansible bgx -m command -a ‘df -h’
命令 主机名称 指定模块 模块名称 模块动作 具体命令
执行的状态返回信息:
绿色:执行成功并且不需要做改变的动作
黄色:执行成功并且对目标主机做变更
红色:执行失败
*常用模块*
案例1:user
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-639H4hMY-1666608296532)(file:///C:\Users\左冕\AppData\Local\Temp\ksohtml21808\wps1.png)]
临时命令使用user模块来确保newbie用户存在于node1.example.com上,并且其UID为4000
[galaxy@server ~]$ ansible server1 -m user -a ‘name=newbie uid=4000 state=present’
创建用户并指定密码,如果该用户存在,仍然修改密码
[galaxy@server ~]$ openssl passwd -1 linux
1 1 1bChlQ4jX$97x50MlATs0PA6UsObqN1.
[galaxy@server ~]$ ansible all -m user -a ‘name=chenyu state=present password=“ 1 1 1bChlQ4jX$97x50MlATs0PA6UsObqN1.” update_password=always’
创建用户并指定密码,但是如果改用户存在,则不修改密码
[galaxy@server ~]$ openssl passwd -1 redhat
1 1 1zcVeWQiB$dIsAdkcv91mTjrCaayN3F/
[galaxy@server ~]$ ansible all -m user -a ‘name=chenyu12 state=present password=“ 1 1 1zcVeWQiB$dIsAdkcv91mTjrCaayN3F/” update_password=on_create’
案例2:shell
临时命令使用shell模块来删除node1.example.com节点中的用户newbie
ansible server1 -m shell -a ‘userdel -r newbie’
案例3:copy
ansible webserver -m copy -a ‘src=/etc/fstab dest=/var/tmp/fstab’
ansible webserver -m copy -a ‘src=/etc/fstab dest=/var/tmp/fstab group=chenyu owner=chenyu’
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-MFfjx2PO-1666608296533)(file:///C:\Users\左冕\AppData\Local\Temp\ksohtml21808\wps2.png)]
案例4:template模块—template模块用法和copy模块用法基本一致,它主要用于复制配置文件
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-pNIlviyG-1666608296534)(file:///C:\Users\左冕\AppData\Local\Temp\ksohtml21808\wps3.png)]
ansible all -m template -a 'src=/usr/share/doc/httpd/httpd-vhosts.conf dest=/etc/httpd/conf.d/httpd-vhosts.conf group=root owner=root mode=0644 ’
案例5:file
修改文件的权限属性和context值
ansible webserver -m file -a ‘path=/var/tmp/fstab mode=g+w mode=o+w group=galaxy owner=galaxy setype=samba_share_t’
mode:设置权限可以是mode=g+w 也可以是mode=666
group:设置文件的所属组
owner:设置文件的所有者
setype:修改文件的context值
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-wim2Tt8P-1666608296534)(file:///C:\Users\左冕\AppData\Local\Temp\ksohtml21808\wps4.png)]
新建文件
ansible webserver -m file -a ‘path=/var/tmp/bbb state=touch’
新建目录
ansible webserver -m file -a ‘path=/var/tmp/cc state=directory’
删除文件或者目录
ansible webserver -m file -a ‘path=/var/tmp/cc state=absent’
创建软链接
ansible webserver -m file -a ‘dest=/var/tmp/chenyu src=/var/tmp/bbb state=link’
创建硬链接
ansible webserver -m file -a ‘dest=/var/tmp/chenyu1 src=/var/tmp/aaa state=hard’
案例6:lineinfile
把abc开头的一行换成 bbbbb
ansible webserver -m lineinfile -a ‘dest=/tmp/cy regexp=abc line=bbbbb’
在某一行前面插入一行新数据—insertbefore
ansible webserver -m lineinfile -a ‘dest=/tmp/cy insertbefore=“aa(.*)” line=chenyu’
在某一行后面插入一行新数据—insertafter
ansible webserver -m lineinfile -a ‘dest=/tmp/cy insertafter=“aaaa(.*)” line=bbbb’
删除某一行
ansible webserver -m lineinfile -a ‘dest=/tmp/cy regexp=“aaa(.*)” state=absent’
案例7:yum_repository模块-----配置yum仓库
ansible webserver -m yum_repository -a ‘file=server name=baseos description=rhel8 baseurl=file:///mnt/BaseOS enabled=yes gpgcheck=no’
ansible webserver -m yum_repository -a ‘file=server name=appstream description=RHEL8 baseurl=file:///mnt/AppStream enabled=yes gpgcheck=no’
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-SlJLpqck-1666608296535)(file:///C:\Users\左冕\AppData\Local\Temp\ksohtml21808\wps5.png)]
案例8:yum模块----yum安装与卸载
state:present、installed、latest安装
absent、removed卸载
ansible all -m yum -a ‘name=httpd state=installed’ ----------------安装
ansible all -m yum -a ‘name=httpd state=removed’ ----------------卸载
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-uTMuH8se-1666608296535)(file:///C:\Users\左冕\AppData\Local\Temp\ksohtml21808\wps6.png)]
案例9:service模块
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-tnGxOj0B-1666608296535)(file:///C:\Users\左冕\AppData\Local\Temp\ksohtml21808\wps7.png)]
重启httpd服务并设置下次启动生效
ansible all -m service -a ‘name=httpd state=started enabled=yes’
案例10:fetch—拉取文件模块
和copy工作方式类似,只不过是从远程主机将文件拉取到本地端,存储时使用主机名作为目录树,且只能拉取文件,不能拉取目录
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-BqSaAihn-1666608296536)(file:///C:\Users\左冕\AppData\Local\Temp\ksohtml21808\wps8.png)]
将远程主机的/etc/fstab文件拉取到本地来,存储的名字为/tmp/node1(node2)/etc/fstab
ansible all -m fetch -a ‘src=/etc/fstab dest=/tmp’
将某台远程主机的/etc/fstab文件拉取到本地来,存储的名字为/tmp/fstab
ansible node1 -m fetch -a ‘src=/etc/fstab dest=/tmp/ flat=yes’
将远程主机的/etc/fstab文件拉取到本地来,存储的名字为/tmp/fstab-node1(node2)
ansible all -m fetch -a ‘src=/etc/fstab dest=/tmp/fstab-{{inventory_hostname}} flat=yes’
案例11:firewalld模块
允许http流量的传入
ansible all -m firewalld -a ‘service=http permanent=yes state=enabled immediate=yes’
富规则 允许172.16.30.0/24主机http流量的传入
ansible all -m firewalld -a ‘zone=public rich_rule=“rule family=ipv4 source address=172.16.30.0/24 service name=http accept” permanent=yes state=enabled immediate=yes’
案例12:replace模块
replace模块可以根据我们指定的正则表达式替换文件中的字符串,文件中所有被匹配的字符串都会被替换
参数:
path参数:2.3版本之前只能用dest、destfile、name指定操作文件,2.4版本中仍然可以用这些参数名,也可以用path
regexp参数:必须参数,指定一个python正则表达式,文件中与正则匹配的字符串将会被替换
replace参数:指定最终要替换成的字符串
backup参数:是否在修改文件之前对文件进行备份,最好设置为yes。
将/tmp/cy文件中的“abc”替换成“yyy”
ansible all -m replace -a ‘path=/tmp/cy regexp=“abc” replace=“yyy”’
将/tmp/cy文件中的“yyy”替换成“iii”,且把替换前的/tmp/cy文件备份
ansible all -m replace -a ‘path=/tmp/cy regexp=“yyy” replace=“iii” backup=yes’
案例13:parted模块
新建扩展分区
ansible node1 -m parted -a ‘device=/dev/sda number=4 part_type=extended part_start=46GiB part_end=49.8GiB state=present’
新建逻辑分区ansible node1 -m parted -a ‘device=/dev/sda number=5 part_type=logical part_start=46.1GiB part_end=48.2GiB state=present’
案例14:filesystem—文件系统
ansible node1 -m filesystem -a ‘fstype=xfs dev=/dev/sda5’
案例15:mount—挂载
新建挂载点/common
ansible node1 -m file -a ‘path=/common state=directory’
查看/dev/sda5的UUID
ansible node1 -m shell -a ‘blkid /dev/sda5’
将分区/dev/sda5挂载到/common目录
ansible node1 -m mount -a ‘path=/common src=“UUID=d162b8b9-2326-4ee4-a559-80861461c4f0” fstype=xfs state=mounted’
卸载
ansible node1 -m mount -a ‘path=/common src=“UUID=d162b8b9-2326-4ee4-a559-80861461c4f0” fstype=xfs state=absent’
案例16:lvg—新建卷组
ansible node1 -m lvg -a ‘vg=vg0 pesize=16M pvs=/dev/sda5’
案例17:lvol—新建逻辑卷
ansible node1 -m lvol -a ‘lv=lv0 size=1000M vg=vg0’
在线扩容逻辑卷
ansible node1 -m lvol -a ‘lv=lv0 size=1600M vg=vg0 resizefs=yes’
案例18:sefcontext—修改context值
ansible node1 -m file -a ‘path=/share state=directory’
修改context值
ansible node1 -m sefcontext -a ‘target=“/share(/.*)?” setype=samba_share_t state=present’
应用新的selinux 文件的context值
ansible node1 -m command -a ‘restorecon -irv /share’
案例19:debug
用户输出自定义的信息,类似于echo、print等输出命令。ansible中的debug主要用于输出变量值、表达式值,以及用于when条件判断时。使用方式非常简单
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-gwhkHNGd-1666608296536)(file:///C:\Users\左冕\AppData\Local\Temp\ksohtml21808\wps9.png)]
案例20:cron—计划任务模块
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-7nKgFH7F-1666608296537)(file:///C:\Users\左冕\AppData\Local\Temp\ksohtml21808\wps10.png)]
ansible node1 -m cron -a ‘name=“shuchu” job=“/bin/echo I AM RHCE” user=root minute=0 hour=14 state=present’
案例21:get_url
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-9zcp7LnP-1666608296537)(file:///C:\Users\左冕\AppData\Local\Temp\ksohtml21808\wps11.png)]
语法:ansible node1 -m get_url -a ‘url=需要下载的文件 dest=存放的位置’
使用所学的模块撰写ansible临时命令(ad-hoc模式)
一、部署web服务器
1、部署yum仓库
2、安装httpd
3、讲/var/www/html目录做一个软链接,到/www
4、在/www中新建index.html,内容为my name is chenyu(chenyu为你们自己名字的全拼)
5、实现在ansible中能够使用http://node1访问到该网页内容
[root@ansible ~]# su - student
Last login: Fri Oct 21 12:03:44 CST 2022 on pts/0
[student@ansible ~]$ cd ansible/
下载本地仓库
[student@ansible ansible]$ ansible node1 -m yum_repository -a 'file=server name=baseos description=centos8 baseurl=file:///mnt/BaseOS enabled=yes gpgcheck=no'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "baseos",
"state": "present"
}
[student@ansible ansible]$ ansible node1 -m yum_repository -a 'file=server name=appsteram description=centos8 baseurl=file:///mnt/AppStream enabled=yes gpgcheck=no'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "appsteram",
"state": "present"
}
挂载本地仓库
[student@ansible ansible]$ ansible node1 -m mount -a 'src=/dev/cdrom path=/mnt fstype=iso9660 state=mounted'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "iso9660",
"name": "/mnt",
"opts": "defaults",
"passno": "0",
"src": "/dev/cdrom"
}
下载htppd
[student@ansible ansible]$ ansible node1 -m yum -a 'name=httpd state=installed'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: httpd-filesystem-2.4.37-21.module_el8.2.0+382+15b0afa8.noarch",
"Installed: httpd-tools-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64",
"Installed: apr-util-1.6.1-6.el8.x86_64",
"Installed: apr-util-bdb-1.6.1-6.el8.x86_64",
"Installed: apr-util-openssl-1.6.1-6.el8.x86_64",
"Installed: mailcap-2.1.48-3.el8.noarch",
"Installed: centos-logos-httpd-80.5-2.el8.noarch",
"Installed: mod_http2-1.11.3-3.module_el8.2.0+307+4d18d695.x86_64",
"Installed: httpd-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64",
"Installed: apr-1.6.3-9.el8.x86_64"
]
}
做软链接
[student@ansible ansible]$ ansible node1 -m file -a 'src=/var/www/html dest=/www state=link'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/www",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:root_t:s0",
"size": 13,
"src": "/var/www/html",
"state": "link",
"uid": 0
}
[root@node1 ~]# ll -d /www
lrwxrwxrwx. 1 root root 13 Oct 24 18:21 /www -> /var/www/html
输入内容
[student@ansible ansible]$ ansible node1 -m shell -a 'echo "my name is zuomian" > /www/index.html'
node1 | CHANGED | rc=0 >>
[student@ansible ansible]$ ansible node1 -m shell -a 'cat /www/index.html'
node1 | CHANGED | rc=0 >>
my name is zuomian
设置httpd服务开机自启
[student@ansible ansible]$ ansible node1 -m service -a 'name=httpd state=started enabled=yes'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "-.mount basic.target network.target httpd-init.service tmp.mount systemd-journald.socket systemd-tmpfiles-setup.service nss-lookup.target sysinit.target system.slice remote-fs.target",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Before": "shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"CacheDirectoryMode": "0755",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend",
"CollectMode": "inactive",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"ConfigurationDirectoryMode": "0755",
"Conflicts": "shutdown.target",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The Apache HTTP Server",
"DevicePolicy": "auto",
"Documentation": "man:httpd.service(8)",
"DynamicUser": "no",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"Environment": "LANG=C",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/httpd.service",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
......
......
"Wants": "httpd-init.service",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
开启防火墙
[student@ansible ansible]$ ansible node1 -m service -a 'name=firewalld state=started enabled=yes'
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"enabled": true,
"name": "firewalld",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Thu 2022-10-20 18:01:14 CST",
"ActiveEnterTimestampMonotonic": "7552550",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "dbus.socket basic.target polkit.service dbus.service system.slice sysinit.target",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "yes",
"AssertTimestamp": "Thu 2022-10-20 18:01:13 CST",
"AssertTimestampMonotonic": "6550391",
"Before": "shutdown.target network-pre.target multi-user.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"BusName": "org.fedoraproject.FirewallD1",
"CPUAccounting": "no",
"CPUAffinity": "",
........
........
"Transient": "no",
"Type": "dbus",
"UID": "[not set]",
"UMask": "0022",
"UnitFilePreset": "enabled",
"UnitFileState": "enabled",
"UtmpMode": "init",
"WantedBy": "multi-user.target",
"Wants": "network-pre.target",
"WatchdogTimestamp": "Thu 2022-10-20 18:01:14 CST",
"WatchdogTimestampMonotonic": "7552547",
"WatchdogUSec": "0"
}
}
[root@node1 www]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor>
Active: active (running) since Thu 2022-10-20 18:01:14 CST; 4 days ago
Docs: man:firewalld(1)
Main PID: 991 (firewalld)
Tasks: 2 (limit: 22072)
Memory: 38.2M
CGroup: /system.slice/firewalld.service
└─991 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork>
Oct 20 18:01:13 node1.example.com systemd[1]: Starting firewalld - dynamic fi>
Oct 20 18:01:14 node1.example.com systemd[1]: Started firewalld - dynamic fir>
Oct 20 18:01:14 node1.example.com firewalld[991]: WARNING: AllowZoneDrifting >
[root@node1 www]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor>
Active: active (running) since Thu 2022-10-20 18:01:14 CST; 4 days ago
Docs: man:firewalld(1)
Main PID: 991 (firewalld)
Tasks: 2 (limit: 22072)
Memory: 38.2M
CGroup: /system.slice/firewalld.service
└─991 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork>
Oct 20 18:01:13 node1.example.com systemd[1]: Starting firewalld - dynamic fi>
Oct 20 18:01:14 node1.example.com systemd[1]: Started firewalld - dynamic fir>
Oct 20 18:01:14 node1.example.com firewalld[991]: WARNING: AllowZoneDrifting
设置允许http流量的传入
[student@ansible ansible]$ ansible node1 -m firewalld -a 'service=http permanent=yes state=enabled immediate=yes'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed service http to enabled"
}
测试
[student@ansible ansible]$ curl http://node1
my name is zuomian
…
python -s /usr/sbin/firewalld --nofork>
Oct 20 18:01:13 node1.example.com systemd[1]: Starting firewalld - dynamic fi>
Oct 20 18:01:14 node1.example.com systemd[1]: Started firewalld - dynamic fir>
Oct 20 18:01:14 node1.example.com firewalld[991]: WARNING: AllowZoneDrifting
设置允许http流量的传入
[student@ansible ansible]$ ansible node1 -m firewalld -a ‘service=http permanent=yes state=enabled immediate=yes’
node1 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/libexec/platform-python”
},
“changed”: true,
“msg”: “Permanent and Non-Permanent(immediate) operation, Changed service http to enabled”
}
测试
[student@ansible ansible]$ curl http://node1
my name is zuomian
…
![在这里插入图片描述](https://img-blog.csdnimg.cn/4995eb24a4784c96acacd4107de86353.png#pic_center)