文章目录
Ansible模块使用
1.ansible常用模块使用
ansible常用模块有:
- ping
- yum
- template
- copy
- user
- group
- service
- raw
- command
- shell
- script
2.常用模块之ping
测试连接可通性,没有参数。通的话返回pong。
实例:
[root@localhost opt]# ansible all -m ping
192.168.200.147 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
3.常用模块之yum
安装软件包
常用参数:
- name:要管理的包名
- state:要进行的操作
- latest:安装软件
- installed:安装软件
- present:安装软件
- removed:卸载软件
- absent:卸载软件
- started:启动服务
- stopped:停止服务
- enabled=yes/no:开机自启
实例:
//安装httpd服务
[root@localhost opt]# ansible 192.168.200.147 -m yum -a 'name=httpd state=present'
192.168.200.147 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: httpd-2.4.37-39.module_el8.4.0+778+c970deab.x86_64",
"Installed: apr-util-openssl-1.6.1-6.el8.x86_64",
"Installed: centos-logos-httpd-85.8-1.el8.noarch",
"Installed: httpd-filesystem-2.4.37-39.module_el8.4.0+778+c970deab.noarch",
"Installed: httpd-tools-2.4.37-39.module_el8.4.0+778+c970deab.x86_64",
"Installed: mod_http2-1.15.7-3.module_el8.4.0+778+c970deab.x86_64",
"Installed: apr-1.6.3-11.el8.x86_64",
"Installed: apr-util-1.6.1-6.el8.x86_64",
"Installed: mailcap-2.1.48-3.el8.noarch",
"Installed: apr-util-bdb-1.6.1-6.el8.x86_64"
]
}
//查看被控主机 以安装httpd
[root@localhost ~]# rpm -q httpd
httpd-2.4.37-39.module_el8.4.0+778+c970deab.x86_64
//卸载httpd
[root@localhost opt]# ansible 192.168.200.147 -m yum -a 'name=httpd state=absent'
192.168.200.147 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Removed: mod_http2-1.15.7-3.module_el8.4.0+778+c970deab.x86_64",
"Removed: httpd-2.4.37-39.module_el8.4.0+778+c970deab.x86_64"
]
}
//查看被控主机
[root@localhost ~]# rpm -q httpd
未安装软件包 httpd
4.常用模块之template
template模块用于生成一个模板,并可将其传输至远程主机上
常用参数:
- owner参数: 指定最终生成的文件拷贝到远程主机后的属主。
- group参数: 指定最终生成的文件拷贝到远程主机后的属组。
- mode参数:指定最终生成的文件拷贝到远程主机后的权限,如果你想将权限设置为"rw-r–r–",则可以使用mode=0644表示,如果你想要在user对应的权限位上添加执行权限,则可以使用
- mode=uforce参数:当远程主机的目标路径中已经存在同名文件,并且与最终生成的文件内容不同时,是否强制覆盖,可选值有yes和no,默认值为yes,表示覆盖,如果设置为no,则不会执行覆盖拷贝操作,远程主机中的文件保持不变。
- backup参数:当远程主机的目标路径中已经存在同名文件,并且与最终生成的文件内容不同时,是否对远程主机的文件进行备份,可选值有yes和no,当设置为yes时,会先备份远程主机中的文件,然后再将最终生成的文件拷贝到远程主机。
实例:
//拉取一个centso8的源 然后传过去
[root@localhost opt]# wget -o CentOS8-Base-163.repo http://mirrors.163.com/.help/CentOS8-Base-163.repo
[root@localhost opt]# ansible 192.168.200.147 -m template -a 'src=/etc/yum.repos.d/CentOS-Base.repo dest=/etc/yum.repos.d/163.repo'
192.168.200.147 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "4966466ad015ef3d2a3cc0b8252d43efbdcf2c94",
"dest": "/etc/yum.repos.d/163.repo",
"gid": 0,
"group": "root",
"md5sum": "d06fb7d5709727828bcaba7457ea673e",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:system_conf_t:s0",
"size": 2595,
"src": "/root/.ansible/tmp/ansible-tmp-1626495087.105093-41530-147485042026542/source",
"state": "file",
"uid": 0
}
//被控节点
[root@localhost yum.repos.d]# ls
163.repo
5.常用模块之copy
复制文件到受控主机
实例:
//在home目录下创建两个文件
[root@localhost home]# touch dada
[root@localhost home]# ls
dada zzzz
//传过去
[root@localhost opt]# ansible 192.168.200.147 -m copy -a 'src=/home/zzzz dest=/etc/'
192.168.200.147 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/etc/zzzz",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:etc_t:s0",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1626495923.9230802-64545-124292133034508/source",
"state": "file",
"uid": 0
}
//被控节点
[root@localhost etc]# ls |grep zzzz
zzzz
6.常用模块之user
用于用户管理
//创建用户 用户名为xym uid=2002
[root@localhost opt]# ansible 192.168.200.144 -m user -a 'name=xym uid=2002 state=present'
192.168.200.144 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 2002,
"home": "/home/xym",
"name": "xym",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 2002
}
//被控节点
[root@localhost ~]# id xym
uid=2002(xym) gid=2002(xym) 组=2002(xym)
//删除用户
[root@localhost opt]# ansible 192.168.200.144 -m user -a 'name=xym state=absent'
192.168.200.144 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"force": false,
"name": "xym",
"remove": false,
"state": "absent"
}
//被控节点
[root@localhost ~]# id xym
id: “xym”:无此用户
//创建一个名为zzz的用户 uid=2003 指定密码为123 不创建他的家目录
[root@localhost opt]# ansible 192.168.200.144 -m user -a 'name=zzz uid=2003 password=123 createhome=no state=present'
[WARNING]: The input password appears not to have been hashed. The 'password'
argument must be encrypted for this module to work properly.
192.168.200.144 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 2003,
"home": "/home/zzz",
"name": "zzz",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 2003
}
//被控节点
[root@localhost ~]# id zzz
uid=2003(zzz) gid=2003(zzz) 组=2003(zzz)
[root@localhost ~]# cd /home/
[root@localhost home]# ls
xym //没有zzz的家目录
//修改用户uid=2005
[root@localhost opt]# ansible 192.168.200.144 -m user -a 'name=zzz uid=2005 state=present'
192.168.200.144 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"append": false,
"changed": true,
"comment": "",
"group": 2003,
"home": "/home/zzz",
"move_home": false,
"name": "zzz",
"shell": "/bin/bash",
"state": "present",
"uid": 2005
}
//被控节点
[root@localhost home]# id zzz
uid=2005(zzz) gid=2003(zzz) 组=2003(zzz)
7.常用模块之group
用于组的管理
//创建一个系统组
[root@localhost opt]# ansible 192.168.200.147 -m group -a 'name=xym gid=777 system=yes state=present'
192.168.200.147 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"gid": 777,
"name": "xym",
"state": "present",
"system": true
}
//被控主机查看组
[root@localhost opt]# ansible 192.168.200.147 -m shell -a 'grep xym /etc/group'
192.168.200.147 | CHANGED | rc=0 >>
xym:x:777:
//修改组的gid
[root@localhost opt]# ansible 192.168.200.147 -m group -a 'name=xym gid=888 system=yes state=present'
192.168.200.147 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 888,
"name": "xym",
"state": "present",
"system": true
}
//删除被控主机上的组
[root@localhost opt]# ansible 192.168.200.147 -m group -a 'name=xym state=absent'
192.168.200.147 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "xym",
"state": "absent"
}
//查看被控主机
[root@localhost opt]# ansible 192.168.200.147 -m shell -a 'grep xym /etc/group'
192.168.200.147 | FAILED | rc=1 >>
non-zero return code
8.常用模块之service
service模块用于管理受控机上的服务
state状态:
- started:启动服务
- stopped:停止服务
- restarted:重启
- enabled=yes/no:开机自启
//查看httpd服务是否启动
[root@localhost ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd.service(8) //没有启动
//启动httpd服务 设置开机自启
[root@localhost opt]# ansible 192.168.200.147 -m service -a 'name=httpd state=started enabled=yes'
192.168.200.147 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "systemd-tmpfiles-setup.service systemd-journald.socket httpd-init.service tmp.mount nss-lookup.target remote-fs.target basic.target -.mount sysinit.target system.slice network.target",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
.......
//查看被控主机状态
[root@localhost ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.servi>
Active: active (running) since Sat 2021-07-17 01:05>
Docs: man:httpd.service(8)
Main PID: 132805 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 49594)
Memory: 44.6M
CGroup: /system.slice/httpd.service
├─132805 /usr/sbin/httpd -DFOREGROUND
├─132806 /usr/sbin/httpd -DFOREGROUND
├─132807 /usr/sbin/httpd -DFOREGROUND
├─132808 /usr/sbin/httpd -DFOREGROUND
└─132809 /usr/sbin/httpd -DFO
//已经启动并加入开机自启
//停止被控主机httpd服务
[root@localhost opt]# ansible 192.168.200.147 -m service -a 'name=httpd state=stopped'
192.168.200.147 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "httpd",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "Sat 2021-07-17 01:05:08 EDT",
"ActiveEnterTimestampMonotonic": "4772775759",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "nss-lookup.target -.mount systemd-tmpfiles-setup.service httpd-init.service systemd-journald.socket tmp.mount sysinit.target network.target remote-fs.target basic.target system.slice",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "yes",
"AssertTimestamp": "Sat 2021-07-17 01:05:08 EDT",
"AssertTimestampMonotonic": "4772739405",
"Before": "multi-user.target shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"CacheDirectoryMode": "0755",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Sat 2021-07-17 01:05:08 EDT",
"ConditionTimestampMonotonic": "4772739405",
"ConfigurationDirectoryMode": "0755",
"Conflicts": "shutdown.target",
"ControlGroup": "/system.slice/httpd.service",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The Apache HTTP Server",
"DevicePolicy": "auto",
"Documentation": "man:httpd.service(8)",
"DynamicUser": "no",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"Environment": "LANG=C",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "132805",
"ExecMainStartTimestamp": "Sat 2021-07-17 01:05:08 EDT",
.......
//查看被控主机httpd服务状态
[root@localhost ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.servi>
Active: inactive (dead) since Sat 2021-07-17 01:53:>
Docs: man:httpd.service(8)
Process: 132805 ExecStart=/usr/sbin/httpd $OPTIONS ->
Main PID: 132805 (code=exited, status=0/SUCCESS)
Status: "Running, listening on: port 80" 已经停止
9.常用模块之raw
raw模块用于在远程主机上执行命令,其支持管道符与重定向
//过滤/etc/man_db.congf 文件下的sbin导入到etc/zzzz里
[root@localhost opt]# ansible 192.168.200.147 -m raw -a'grep sbin /etc/man_db.conf |grep -v '^&' > /etc/zzzz '
192.168.200.147 | CHANGED | rc=0 >>
Shared connection to 192.168.200.147 closed.
//被控主机查看
[root@localhost etc]# cat /etc/zzzz
MANPATH_MAP /sbin /usr/share/man
MANPATH_MAP /usr/sbin /usr/share/man
MANPATH_MAP /usr/local/sbin /usr/local/man
MANPATH_MAP /usr/local/sbin /usr/local/share/man
MANPATH_MAP /opt/sbin /opt/man
10.常用模块之command
command模块用于在远程主机上执行命令,ansible默认就是使用command模块 但不能使用重定向和管道符
//创建一个zzzz文件
[root@localhost opt]# ansible 192.168.200.147 -m command -a 'touch zzzz'
[WARNING]: Consider using the file module with state=touch rather than running
'touch'. If you need to use command because file is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
192.168.200.147 | CHANGED | rc=0 >>
//查找时不能使用管道符过滤zzzz
[root@localhost opt]# ansible 192.168.200.147 -m command -a'ls /etc/ |grep zzzz '
zzzzls: 无法访问'|grep': 没有那个文件或目录
ls: 无法访问'zzzz': 没有那个文件或目录non-zero return code
11.常用模块之shell
shell模块用于在受控机上执行受控机上的脚本,亦可直接在受控机上执行命令。
shell模块亦支持管道与重定向
//运行脚本把脚本的内容放到etc/abc
[root@localhost opt]# ansible 192.168.200.147 -m shell -a '/bin/bash /root/scripts.sh &> /etc/abc'
192.168.200.147 | CHANGED | rc=0 >>
//查看被控主机
[root@localhost opt]# ansible 192.168.200.147 -m shell -a ' cat /etc/abc '
192.168.200.147 | CHANGED | rc=0 >>
woshicaiaochengtadie
12.常用模块之script
script模块用于在受控机上执行主控机上的脚本
[root@localhost opt]# ansible 192.168.200.147 -m script -a '/opt/script.sh &> /etc/abc'
192.168.200.147 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.200.147 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.200.147 closed."
],
"stdout": "",
"stdout_lines": []
}
//查看被控主机
[root@localhost opt]# ansible httpd -m shell -a 'cat /etc/abc'
192.168.200.147 | CHANGED | rc=0 >>
文件系统 容量 已用 可用 已用% 挂载点
devtmpfs 3.8G 0 3.8G 0% /dev
tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs 3.9G 9.0M 3.8G 1% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/mapper/rhel-root 44G 2.0G 43G 5% /
/dev/nvme0n1p1 1014M 179M 836M 18% /boot
tmpfs 779M 0 779M 0% /run/user/0
13.常用模块之lineinfile
替换文件中的内容,添加内容到指定文件位置
常用参数:
- regexp=’^ $’ 正则匹配,匹配数字
- line=’…’ 将匹配的内容替换成什么,直接是line时候 是在文件的最后添加内容
- insertbefore=’’ 在文件匹配到的内容前面添加啊
- insertafter=’’ 在文件匹配到的内容后面添加
//查看被控主机的/tmp/abc文件里的内容
[root@localhost opt]# ansible httpd -m shell -a 'cat /tmp/abc'
192.168.200.147 | CHANGED | rc=0 >>
hello world
123
456
python
java
//使用lineinfile模块替换 把开头为hello的字符串替换为hello linux
[root@localhost opt]# ansible httpd -m lineinfile -a 'path=/tmp/abc regexp="^hello" line="hello linux" '
192.168.200.147 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
//查看被控主机的/tmp/abc
[root@localhost opt]# ansible httpd -m shell -a 'cat /tmp/abc'
192.168.200.147 | CHANGED | rc=0 >>
hello linux
123
456
python
java
//在java的后面添加c++
[root@localhost opt]# ansible httpd -m lineinfile -a 'path=/tmp/abc insertafter="^java" line=c++'192.168.200.147 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@localhost opt]# ansible httpd -m shell -a 'cat /tmp/abc'
192.168.200.147 | CHANGED | rc=0 >>
hello linux
123
456
python
java
c++
//在python前面添加zzzz
[root@localhost opt]# ansible httpd -m lineinfile -a 'path=/tmp/abc insertbefore="^python" line=zzzz'
192.168.200.147 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@localhost opt]# ansible httpd -m shell -a 'cat /tmp/abc'
192.168.200.147 | CHANGED | rc=0 >>
hello linux
123
456
zzzz
python
java
c++
//删除zzzz这一行
[root@localhost opt]# ansible httpd -m lineinfile -a 'path=/tmp/abc state=absent line=zzzz'
192.168.200.147 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"found": 1,
"msg": "1 line(s) removed"
}
[root@localhost opt]# ansible httpd -m shell -a 'cat /tmp/abc'
192.168.200.147 | CHANGED | rc=0 >>
hello linux
123
456
python
java
c++
14.常用模块firewalld
//防火墙放行httpd服务
[root@localhost opt]# ansible httpd -m firewalld -a 'rich_rule="rule family=ipv4 source address=192.168.200.0/24 service name=http accept" permanent=yes state=enabled immediate=yes'
192.168.200.147 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed rich_rule rule family=ipv4 source address=192.168.200.0/24 service name=http accept to enabled"
}
//被控主机查看
[root@localhost tmp]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="192.168.200.0/24" service name="http" accept
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed rich_rule rule family=ipv4 source address=192.168.200.0/24 service name=http accept to enabled"
}
//被控主机查看
[root@localhost tmp]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="192.168.200.0/24" service name="http" accept