文章目录
1Ansible常用模块详解
1.1模块介绍
- 模块是临时命令用于完成任务的工具。Ansible提供了数百个能够完成不同任务的模块。通常我们可以查找一个经过测试的专用模块,作为标准安装的一部分来完成所需的任务
- ansible-doc -l命令可以列出系统上安装的所有模块。可以使用ansible-doc来按照名称查看特定模块的帮助文档,再查找关于模块将取什么参数作为选项的信息
- 大部分模块会取用参数。可在模块的文档中找到可用于该模块的参数列表。可以通过-a选项向模块传递参数。无需参数时,可从省略-a选项。如果需要指定多个参数,请以引号括起的空格分隔列表形式提供
1.2模块分类
模块类型 | 模块 |
---|---|
文件模块 | copy:将本地文件复制到受管主机 file:设置文件的权限和其他属性lineinfile:确保特定行是否在文件中 synchronize:使用rsync同步内容 |
软件包模块 | package:使用操作系统本机的自动检测软件包管理器管理软件包 yum:使用yum管理软件包 apt:使用APT管理软件包 dnf:使用dnf管理软件包 gem:管理Ruby gempip:从PyPI管理Python软件包 |
系统模块 | firewalld:使用firewalld管理防火墙 reboot:重启计算机 service:管理服务 user:添加、删除和管理用户帐户 |
Net Tools模块 | get_url:通过HTTP、HTTPS或FTP下载文件 nmcli:管理网络 uri:与Web服务交互 |
其他模块
- 云模块
- 命令模块
- 数据库模块
- 资产模块
- 消息模块
- 监控模块
- 网络模块
- 通知模块
- 源码控制模块
- 单元模块
- web设施模块
- windows模块
1.3Ansible常用模块
- ping
- yum
- template
- copy
- user
- group
- service
- raw
- command
- shell
- script
1.4ansible常用模块raw、command、shell的区别
command,shell模块:
- 要求受管主机上安装python,command可以在受管主机上执行shell命令,但不支持环境变量和操作符(例如 ’ | ’ .’<’ ,’>’ ,’&’)
- shell模块调用的/bin/sh指令执行
raw模块:
- 不需要受管主机上安装python,直接使用远程shell运行命令
- 通常用于无法安装python的系统(例如网络设备)
2Ansible常用模块
2.1ping模块
ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong
[root@localhost ansible]# ansible all -m ping
192.168.25.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
2.2command模块
command模块用于在远程主机上执行命令,ansible默认就是使用command模块。(即不指定模块默认使用command模块)
[root@localhost ansible]# ansible all -m command -a 'ls /opt'
192.168.25.130 | CHANGED | rc=0 >>
abc
[root@localhost ansible]# ansible all -a 'ls /opt'
192.168.25.130 | CHANGED | rc=0 >>
abc
command模块参数
- chdir 指定一个目录,在执行命令前,会先进入到chdir指定的目录
[root@localhost ansible]# ansible all -m command -a "chdir=/opt/ ls"
192.168.25.130 | CHANGED | rc=0 >>
abc
- creates creates并不会帮助我们创建文件,他的作用是当指定文件存在时,就不会执行命令,例如/opt/abc文件存在时,就不执行指定的命令
[root@node1 ~]# cd /opt/
[root@node1 opt]# ls
abc
[root@localhost ansible]# ansible all -m command -a "creates=/opt/abc echo redhat-test"
192.168.25.130 | SUCCESS | rc=0 >>
skipped, since /opt/abc exists
- 不存在/opt/abc时,执行redhat-test命令
[root@node1 ~]# cd /opt/
[root@node1 opt]# ls
[root@node1 opt]#
[root@localhost ansible]# ansible all -m command -a "creates=/opt/abc echo redhat-test"
192.168.25.130 | CHANGED | rc=0 >>
redhat-test
- removes 当指定的文件不存在时,就不执行就不执行命令
[root@node1 ~]# cd /opt/
[root@node1 opt]# ls
[root@node1 opt]#
[root@localhost ansible]# ansible all -m command -a "removes=/opt/abc echo redhat-test"
192.168.25.130 | SUCCESS | rc=0 >>
skipped, since /opt/abc does not exist
- 当/opt/abc存在时,执行redha-test命令
[root@node1 ~]# cd /opt/
[root@node1 opt]# ls
abc
[root@localhost ansible]# ansible all -m command -a "removes=/opt/abc echo redhat-test"
192.168.25.130 | CHANGED | rc=0 >>
redhat-test
- touch 创建文件
[root@localhost ansible]# ansible all -m command -a 'touch /opt/ll'
[WARNING]: Consider using the file module with state=touch rather than running
'touch'. If you need to use command because file is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get
rid of this message.
192.168.25.130 | CHANGED | rc=0 >>
[root@localhost ansible]# ansible all -m command -a 'chdir=/opt/ ls'
192.168.25.130 | CHANGED | rc=0 >>
abc
ll
command模块有一个缺陷就是不能使用管道符和重定向功能
[root@localhost ansible]# ansible all -m command -a "echo 'hello world' > /opt/ll"
192.168.25.130 | CHANGED | rc=0 >>
hello world > /opt/ll
[root@localhost ansible]# ansible all -m command -a 'cat /opt/ll'
192.168.25.130 | CHANGED | rc=0 >>
[root@localhost ansible]# ansible all -m command -a 'ps -ef|grep vsftpd'
192.168.25.130 | FAILED | rc=1 >>
error: unsupported SysV option
Usage:
ps [options]
Try 'ps --help <simple|list|output|threads|misc|all>'
or 'ps --help <s|l|o|t|m|a>'
for additional help text.
For more details see ps(1).non-zero return code
2.3raw模块
raw模块用于在远程主机上执行命令,其支持管道符与重定向
//支持重定向
[root@localhost ansible]# ansible all -m raw -a 'echo "hell word" > /opt/ll'
192.168.25.130 | CHANGED | rc=0 >>
Shared connection to 192.168.25.130 closed.
[root@localhost ansible]# ansible all -m raw -a 'cat /opt/ll'
192.168.25.130 | CHANGED | rc=0 >>
hell word
Shared connection to 192.168.25.130 closed.
//支持管道符
[root@localhost ansible]# ansible all -m raw -a 'ss -antl'
192.168.25.130 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6010 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6011 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
LISTEN 0 128 [::1]:6010 [::]:*
LISTEN 0 128 [::1]:6011 [::]:*
Shared connection to 192.168.25.130 closed.
[root@localhost ansible]# ansible all -m raw -a 'ss -antl|grep 22'
192.168.25.130 | CHANGED | rc=0 >>
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
Shared connection to 192.168.25.130 closed.
2.4shell模块
- shell模块用于在受控机上执行受控机上的脚本,亦可直接在受控机上执行命令且shell模块亦支持管道与重定向
- shell模块在远程主机中执行命令时会经过远程主机上的/bin/sh程序处理
//脚本文件
[root@node1 ~]# vim test.sh
[root@node1 ~]# cat test.sh
#!/bin/bash
echo "hello word"
[root@node1 ~]# chmod +x test.sh
[root@node1 ~]# ll
总用量 12
drwxr-xr-x. 2 root root 6 11月 2 2020 公共
drwxr-xr-x. 2 root root 6 11月 2 2020 模板
drwxr-xr-x. 2 root root 6 11月 2 2020 视频
drwxr-xr-x. 2 root root 6 11月 2 2020 图片
drwxr-xr-x. 2 root root 6 11月 2 2020 文档
drwxr-xr-x. 2 root root 6 11月 2 2020 下载
drwxr-xr-x. 2 root root 6 11月 2 2020 音乐
drwxr-xr-x. 2 root root 6 11月 2 2020 桌面
-rw-------. 1 root root 1230 11月 2 2020 anaconda-ks.cfg
-rw-r--r--. 1 root root 1385 11月 2 2020 initial-setup-ks.cfg
-rwxr-xr-x. 1 root root 31 7月 17 03:49 test.sh
//查看受控主机的脚本文件
[root@localhost ansible]# ansible all -m command -a 'cat test.sh'
192.168.25.130 | CHANGED | rc=0 >>
#!/bin/bash
echo "hello word"
//使用shell模块在受控机上执行受控机上的脚本
[root@localhost ansible]# ansible all -m shell -a '/bin/bash /root/test.sh &> /opt/test.log'
192.168.25.130 | CHANGED | rc=0 >>
[root@localhost ansible]# ansible all -m command -a 'cat /opt/test.log'
192.168.25.130 | CHANGED | rc=0 >>
hello word
2.5script模块
script模块是在受控主机上执行ansible管理主机上的脚本,脚本存在于ansible管理主机上,不需要拷贝到受控主机后在执行(即script模块用于在受控机上执行主控机上的脚本)
//脚本文件
[root@localhost ansible]# ls
ansible.cfg hosts inventory roles
[root@localhost ansible]# mkdir scripts
[root@localhost ansible]# cd scripts/
[root@localhost scripts]# vim test.sh
[root@localhost scripts]# cat test.sh
#!/bin/bash
useradd tom
echo "redhat" | passwd --stdin tom
echo "hello word" > ~tom/abc
//在主控机上执行脚本文件
[root@localhost ansible]# ansible all -m script -a 'scripts/test.sh'
192.168.25.130 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.25.130 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.25.130 closed."
],
"stdout": "更改用户 tom 的密码 。\r\npasswd:所有的身份验证令牌已经成功更新。\r\n",
"stdout_lines": [
"更改用户 tom 的密码 。",
"passwd:所有的身份验证令牌已经成功更新。"
]
}
//查看受控机上的内容
[root@node1 ~]# id tom
uid=1001(tom) gid=1002(tom) 组=1002(tom)
[root@node1 ~]# cd /home/tom/
[root@node1 tom]# ls
abc
[root@node1 tom]# cat abc
hello word
2.6template模块
- template模块可以将带有参数的配置文件传递到目标地址并且可以对文件进行参数的修改以及备份
- template模块用于生成一个模板,并可将其传输至远程主机上
//传输文件
[root@localhost ansible]# ansible all -m template -a 'src=~/anaconda-ks.cfg dest=/opt/hehe'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "4e0b9a45ca5724c0e46a70d56213e1d90f2f0595",
"dest": "/opt/hehe/anaconda-ks.cfg",
"gid": 0,
"group": "root",
"md5sum": "a840aed2908e3fca668c10f7face84cc",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 1230,
"src": "/root/.ansible/tmp/ansible-tmp-1626510875.6001868-10108-259486274186289/source",
"state": "file",
"uid": 0
}
[root@node1 ~]# head -3 /opt/hehe
#version=RHEL8
ignoredisk --only-use=nvme0n1
autopart --type=lvm
2.7yum模块
- yum模块帮助我们在管理受控主机上通过yum源管理软件包
主要参数
name 指定需要管理的软件包
state 指定软件包的状态
statec常用值
present 确保软件包已安装 【installed】
latest 表示安装yum中最新的版本
removed 表示删除对应的软件包【absent】
//在受控机上查询vsftpd软件是否安装
[root@node1 ~]# rpm -qa|grep vsftpd
[root@node1 ~]#
//在管理主机上通过yum模块在受控机上安装vsftpd
[root@localhost ansible]# ansible all -m yum -a 'name=vsftpd state=present'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-31.el8.x86_64"
]
}
//在管理主机上查询受控机是否安装vsftpd
[root@localhost ansible]# ansible all -m shell -a 'rpm -qa | grep vsftpd'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'.
If you need to use command because yum, dnf or zypper is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to
get rid of this message.
192.168.25.130 | CHANGED | rc=0 >>
vsftpd-3.0.3-31.el8.x86_64
//在管理主机上通过yum模块卸载受控机上的vsftpd
[root@localhost ansible]# ansible all -m yum -a 'name=vsftpd state=absent'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Removed: vsftpd-3.0.3-31.el8.x86_64"
]
}
//在管理主机上查询受控机上的vsftpd是否卸载
[root@localhost ansible]# ansible all -m shell -a 'rpm -qa | grep vsftpd'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'.
If you need to use command because yum, dnf or zypper is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to
get rid of this message.
192.168.25.130 | FAILED | rc=1 >>
non-zero return code
2.8copy模块
copy模块是将ansible管理主机上的文件拷贝到受管主机上
常用参数
- src 【source源】 指定需要copy的文件或目录
- dest 【destination目标】 指定文件将被copy到受控主机上的那个目录
- content 不使用src指定拷贝的文件时吗,可以使用content直接指定文件内容
//将管理主机上的inventory拷贝到控制主机上
[root@localhost ansible]# ansible all -m copy -a 'src=/etc/ansible/inventory dest=/opt/inventory'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "895cbc69037e6266a4cc5ac0b702ecbc6e5f93c9",
"dest": "/opt/inventory",
"gid": 0,
"group": "root",
"md5sum": "fb1a9c0d2acdde2788955941206a48f8",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 67,
"src": "/root/.ansible/tmp/ansible-tmp-1626513540.3747706-10780-226187928193702/source",
"state": "file",
"uid": 0
}
[root@node1 ~]# cd /opt/
[root@node1 opt]# ls
abc hehe inventory ll test.log
[root@node1 opt]# cat inventory
[webservers]
192.168.25.130 ansible_user=root ansible_password=1
2.9group模块
group模块是帮助我们管理受控主机上的组
常用参数
name 指定要操作的组的名称
sate 指定组的状态【present 创建组 ,absent 删除组】
gid 指定组的gid
system 跟改为系统组(yes/no)
//在受控机上添加一个系统组,其gid为306,组名为mysql
[root@localhost ansible]# ansible all -m group -a 'name=mysql gid=306 state=present'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 306,
"name": "mysql",
"state": "present",
"system": false
}
//查看受控主机上是否创建组
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/group'
192.168.25.130 | CHANGED | rc=0 >>
mysql:x:306:
//将mysql组跟改为系统组
[root@localhost ansible]# ansible all -m group -a 'name=mysql gid=306 system=yes'
192.168.25.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"gid": 306,
"name": "mysql",
"state": "present",
"system": true
}
//更改mysql组的gid
[root@localhost ansible]# ansible all -m group -a 'name=mysql gid=600 '
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 600,
"name": "mysql",
"state": "present",
"system": false
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/group'
192.168.25.130 | CHANGED | rc=0 >>
mysql:x:600:
//删除mysql组
[root@localhost ansible]# ansible all -m group -a 'name=mysql state=absent '
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "mysql",
"state": "absent"
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/group'
192.168.25.130 | FAILED | rc=1 >>
non-zero return code
2.10user模块
user模块用来管理受控主机上的用户,例如创建用户,删除用户,修改用户,删除用户,为用户创建密钥等操作
常用参数
name 指定用户的名称
group 指定用户所在的基本组
groups 指定用户所在的附加组
shell 指定用户的默认shell
uid 指定用户的uid
create_home 在创建用户时或home目录不存在时为用户创建home
system 指定用户是否是系统用户
//在受控机上添加一个系统用户,用户名为mysql,uid为306,设置其shell为/sbin/nologin,无家目录
[root@localhost ansible]# ansible all -m user -a 'name=mysql uid=306 shell=/sbin/nologin system=yes create_home=no'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 306,
"home": "/home/mysql",
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 306
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/passwd'
192.168.25.130 | CHANGED | rc=0 >>
mysql:x:306:306::/home/mysql:/sbin/nologin
[root@localhost ansible]# ansible all -m shell -a 'ls /home'
192.168.25.130 | CHANGED | rc=0 >>
ii
runtime
tom
//修改用户的uid
[root@localhost ansible]# ansible all -m user -a 'name=mysql uid=360'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"append": false,
"changed": true,
"comment": "",
"group": 306,
"home": "/home/mysql",
"move_home": false,
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"uid": 360
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/passwd'
192.168.25.130 | CHANGED | rc=0 >>
mysql:x:360:306::/home/mysql:/sbin/nologin
//删除受控主机上的mysql用户
[root@localhost ansible]# ansible all -m user -a 'name=mysql state=absent'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"force": false,
"name": "mysql",
"remove": false,
"state": "absent"
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/passwd'
192.168.25.130 | FAILED | rc=1 >>
non-zero return code
2.11service模块
service模块帮助我们管理受控主机上的服务
常用参数
name 指定需要操作的服务名称
state 指定服务的状态【started 启动服务,stopped 停止服务】
enabled 指定是否将服务设置为开机自启(yes/no)
//查看受控机上是否安装vsftpd服务
[root@localhost ansible]# ansible all -m shell -a 'rpm -qa |grep vsftpd'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If
you need to use command because yum, dnf or zypper is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of
this message.
192.168.25.130 | FAILED | rc=1 >>
non-zero return code
//在受控主机上安装vsftpd服务
[root@localhost ansible]# ansible all -m yum -a 'name=vsftpd state=present'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-31.el8.x86_64"
]
}
[root@localhost ansible]# ansible all -m shell -a 'rpm -qa |grep vsftpd'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If
you need to use command because yum, dnf or zypper is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of
this message.
192.168.25.130 | CHANGED | rc=0 >>
vsftpd-3.0.3-31.el8.x86_64
//查看受控机上的vsftpd服务是否启动
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.25.130 | FAILED | rc=3 >>
inactivenon-zero return code
//启动受控机上的vsftpd服务
[root@localhost ansible]# ansible all -m service -a 'name=vsftpd state=started'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "vsftpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "systemd-journald.socket basic.target system.slice sysinit.target network.target",
"AllowIsolate": "no",
"AllowedCPUs": "",
......
//查看受控机上的vsftpd服务是否启动
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.25.130 | CHANGED | rc=0 >>
active
//查看受控机上的vsftpd服务是否开机自动启动
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-enabled vsftpd'
192.168.25.130 | FAILED | rc=1 >>
disablednon-zero return code
//设置受控机上的vsftpd服务开机自动启动
[root@localhost ansible]# ansible all -m service -a 'name=vsftpd enabled=yes'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "vsftpd",
"status": {
"ActiveEnterTimestamp": "Sat 2021-07-17 06:15:20 EDT",
"ActiveEnterTimestampMonotonic": "34314422767",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "network.target systemd-journald.socket basic.target sysinit.target system.slice",
......
//查看受控机上的vsftpd服务是否开机自动启动
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-enabled vsftpd'
192.168.25.130 | CHANGED | rc=0 >>
enabled
//停止受控机上的vsftpd服务
[root@localhost ansible]# ansible all -m service -a 'name=vsftpd state=stopped'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "vsftpd",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "Sat 2021-07-17 06:15:20 EDT",
"ActiveEnterTimestampMonotonic": "34314422767",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "system.slice network.target sysinit.target systemd-journald.socket basic.target",
......
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.25.130 | FAILED | rc=3 >>
inactivenon-zero return code
2.12lineinfile模块
- lineinfile模块用于确保一个特定的行在一个文件中,或者确保从文件中删除指定的文本(即确保指定的文本不存在于文件中),还可以使用一个正则表达式替换“某一行的文本”
常用参数
- path 指定要操作的文件
- line 指定文本内容
- state 设置状态【当想要删除对应文本时,需要将state参数设置为absent。state默认值为present】
- regexp 使用正则表达式匹配对应的行【当替换文本时,如多行被匹配则只有最后面被匹配的那行文本会被替换,当删除文本时,有多行被匹配,那么哲学行都会被删除】
- insertafter 借助insertafter可以将文本插入到“指定的行”之后
//将/etc/selinx/config中的SELINUX=enforcing跟改为disabled
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/etc/selinux/config regexp="^SELINUX=" line="SELINUX=disabled"'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
[root@localhost ansible]# ansible all -m shell -a 'cat /etc/selinux/config'
192.168.25.130 | CHANGED | rc=0 >>
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
//在受管主机/opt/ll内插入hehe,xixi
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/opt/ll line="hehe\nxixi"'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@localhost ansible]# ansible all -m shell -a 'cat /opt/ll'
192.168.25.130 | CHANGED | rc=0 >>
hell word
hehe
xixi
//删除/opt/ll里的hehe这一行
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/opt/ll state=absent regexp="hehe"'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"found": 1,
"msg": "1 line(s) removed"
}
[root@localhost ansible]# ansible all -m shell -a 'cat /opt/ll'
192.168.25.130 | CHANGED | rc=0 >>
hell word
xixi
//更改属主和属组
[root@node1 opt]# ll ll
-rw-r--r--. 1 root root 15 7月 17 08:45 ll
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/opt/ll owner=zhao group=zhao line=xix state=present'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "ownership, perms or SE linux context changed"
}
[root@node1 ~]# cd /opt/
[root@node1 opt]# ll ll
-rw-r--r--. 1 zhao zhao 19 7月 17 08:52 ll
//在受管主机上的/opt/ll里插入一行
[root@node1 opt]# cat ll
#Listen=80
hell word
xixi
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/opt/ll regexp="^Listen" insertafter="#Listen" line=Listen=80'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@localhost ansible]# ansible all -m shell -a 'cat /opt/ll'
192.168.25.130 | CHANGED | rc=0 >>
#Listen=80
Listen=80
hell word
xixi
2.13firewalld模块
firewalld 指定放行的服务,此服务必须要在firewalld-cmd --get-service上查询到
//将受管主机上的vsftpd服务加载到防火墙规则里面去
[root@localhost ansible]# ansible all -m firewalld -a 'service=ftp permanent=yes state=enabled immediate=yes'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed service ftp to enabled"
}
[root@node1 opt]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ftp ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules: