ansible常用模块介绍
一、 ansible的功能
-
批量执行远程命令,可以对远程的多台主机同时进行命令的执行
-
批量安装和配置软件服务,可以对远程的多台主机进行自动化的方式配置和管理各种服务
-
编排高级的企业级复杂的IT架构任务,Ansible的Playbook和role可以轻松实现大型的IT复杂架构
-
提供自动化运维工具的开发API,有很多运维工具,如jumpserver就是基于 ansible 实现自动化管理功能
二、 ansible的特性
-
模块化:调用特定的模块完成特定任务,支持自定义模块,可使用任何编程语言写模块
-
Paramiko(python对ssh的实现),PyYAML,Jinja2(模板语言)三个关键模块
-
基于Python语言实现
-
部署简单,基于python和SSH(默认已安装),agentless,无需代理不依赖PKI(无需ssl)
-
安全,基于OpenSSH
-
幂等性:一个任务执行1遍和执行n遍效果一样,不因重复执行带来意外情况,此特性非绝对
-
支持playbook编排任务,YAML格式,编排任务,支持丰富的数据结构
-
较强大的多层解决方案 role
三、ansible的安装
#CentOS 的EPEL源的rpm包安装
[root@centos ~]#yum install ansible
#查看版本
[root@ansible ~]#ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Oct 14 2020, 14:45:30) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
#ubuntu 安装
[root@ubuntu ~]#apt -y install ansible四、ansible 使用前准备
ansible 相关工具大多数是通过ssh协议,实现对远程主机的配置管理、应用部署、任务执行等功能 建议:使用此工具前,先配置ansible主控端能基于密钥认证的方式联系各个被管理节点
[root@ansible ~]#vim /etc/ssh/ssh_config
#修改下面一行,实现首次登录不显示询问提示
StrictHostKeyChecking no
#检查对应服务器的host_key,建议取消此行注释,实现第一次连接自动信任目标主机
[root@ansible ~]#vim /etc/ansible/ansible.cfg
host_key_checking = False
#脚本实现基于key验证
[root@ansible ~]#vim ssh_key.sh
#!/bin/bash
PASS=linux2021.
#设置网段最后的地址,4-255之间,越小扫描越快
END=254
IP=`ip a s eth0 | awk -F'[ /]+' 'NR==3{print $3}'`
NET=${IP%.*}.
rm -f /root/.ssh/id_rsa
[ -e ./SCANIP.log ] && rm -f SCANIP.log
for((i=3;i<="$END";i++));do
ping -c 1 -w 1 ${NET}$i &> /dev/null && echo "${NET}$i" >> SCANIP.log &
done
wait
ssh-keygen -P "" -f /root/.ssh/id_rsa
rpm -q sshpass || yum -y install sshpass
sshpass -p $PASS ssh-copy-id -o StrictHostKeyChecking=no $IP
AliveIP=(`cat SCANIP.log`)
for n in ${AliveIP[*]};do
sshpass -p $PASS scp -o StrictHostKeyChecking=no -r /root/.ssh root@${n}:
done
#把.ssh/known_hosts拷贝到所有主机,使它们第一次互相访问时不需要输入回车
for n in ${AliveIP[*]};do
scp /root/.ssh/known_hosts ${n}:.ssh/
done
#注:ansible_connection=local #指定本地连接,无需ssh配置
ansible_connection=ssh 需要StrictHostKeyChecking no
#主机清单配置
[root@ansible ~]#vim /etc/ansible/hosts
[local]
10.0.0.7 ansible_connection=ssh
[webservers]
10.0.0.17
10.0.0.27
[dbservers]
10.0.0.7
10.0.0.17
[appservers]
10.0.0.7
10.0.0.17
10.0.0.27
#验证测试
[root@ansible ~]#ansible all -m ping
10.0.0.27 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.0.17 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.0.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
五、获取帮助
#ansible-doc,此工具用来显示模块帮助,相当于man
格式:
ansible-doc [options] [module...]
-l, --list #列出可用模块
-s, --snippet #显示指定模块的playbook片段
#查看帮助
ansible --help
man ansible
ansible-doc --help
#列出所有模块
ansible-doc -l
#查看指定模块帮助用法
ansible-doc ping
#查看指定模块帮助用法,显示指定模块的playbook代码段
ansible-doc -s ping六、ansible常用模块介绍
6.1、Command 模块
功能:在远程主机执行命令,此为默认模块,可忽略 -m 选项
注意:此命令不支持 $VARNAME < > | ; & 等,可用shell模块实现,此模块不具有幂等性
[root@ansible ~]#ansible webservers -m command -a 'hostname -I'
10.0.0.17 | CHANGED | rc=0 >>
10.0.0.17
10.0.0.27 | CHANGED | rc=0 >>
10.0.0.27
[root@ansible ~]#ansible webservers -m command -a 'touch /data/ansible.log'
[root@ansible ~]#ansible webservers -m command -a 'ls -l /data/ansible.log'
10.0.0.27 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 Mar 1 19:24 /data/ansible.log
10.0.0.17 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 Mar 1 19:24 /data/ansible.log
[root@ansible ~]#ansible webservers -m command -a 'rm /data/ansible.log'
[root@ansible ~]#ansible webservers -m command -a 'chdir=/data/ ls -l'
10.0.0.27 | CHANGED | rc=0 >>
total 0
10.0.0.17 | CHANGED | rc=0 >>
total 0
-rw-r--r-- 1 root root 0 Mar 1 19:36 test.log
[root@ansible ~]#ansible webservers -m command -a 'creates=/data/mysql mkdir /data/mysql'
[root@ansible ~]#ansible webservers -m command -a 'ls -l /data/'
10.0.0.27 | CHANGED | rc=0 >>
total 0
drwxr-xr-x 2 root root 6 Mar 1 19:46 mysql
10.0.0.17 | CHANGED | rc=0 >>
total 0
drwxr-xr-x 2 root root 6 Mar 1 19:46 mysql
-rw-r--r-- 1 root root 0 Mar 1 19:36 test.log
[root@ansible ~]#ansible webservers -m command -a 'creates=/data/mysql mkdir /data/mysql'
10.0.0.27 | SUCCESS | rc=0 >>
skipped, since /data/mysql exists
10.0.0.17 | SUCCESS | rc=0 >>
skipped, since /data/mysql exists6.2、Shell 模块
和command相似,用shell执行命令,支持各种符号,比如:*,$, >
注意:此模块不具有幂等性
[root@ansible ~]#ansible webservers -m shell -a 'echo hello > /data/hello.log'
[root@ansible ~]#ansible webservers -m shell -a 'ls -l /data/hello.log'
10.0.0.27 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 6 Mar 1 19:55 /data/hello.log
10.0.0.17 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 6 Mar 1 19:55 /data/hello.log
[root@ansible ~]#ansible webservers -m shell -a 'cat /data/hello.log'
10.0.0.27 | CHANGED | rc=0 >>
hello
10.0.0.17 | CHANGED | rc=0 >>
hello
#将shell模块代替command,设为模块
[root@ansible ~]#vim /etc/ansible/ansible.cfg
module_name = shell
[root@ansible ~]#ansible webservers -a 'echo $HOSTNAME'
10.0.0.17 | CHANGED | rc=0 >>
centos7
10.0.0.27 | CHANGED | rc=0 >>
centos76.3、Script 模块
功能:在远程主机上运行ansible服务器上的脚本(无需执行权限)
注意:此模块不具有幂等性
[root@ansible ~]#vim test.sh
#!/bin/bash
hostname -I
[root@ansible ~]#chmod +x test.sh
[root@ansible ~]#ansible webservers -m script -a '/root/test.sh'
10.0.0.27 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.0.0.27 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.0.0.27 closed."
],
"stdout": "10.0.0.27 \r\n",
"stdout_lines": [
"10.0.0.27 "
]
}
10.0.0.17 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.0.0.17 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.0.0.17 closed."
],
"stdout": "10.0.0.17 \r\n",
"stdout_lines": [
"10.0.0.17 "
]
}
[root@ansible ~]#chmod -x test.sh
[root@ansible ~]#ll test.sh
-rw-r--r-- 1 root root 429 Mar 1 20:18 test.sh
[root@ansible ~]#ansible webservers -m script -a '/root/test.sh'
10.0.0.17 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.0.0.17 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.0.0.17 closed."
],
"stdout": "10.0.0.17 \r\n",
"stdout_lines": [
"10.0.0.17 "
]
}
10.0.0.27 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.0.0.27 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.0.0.27 closed."
],
"stdout": "10.0.0.27 \r\n",
"stdout_lines": [
"10.0.0.27 "
]
}
6.4、Copy 模块
功能:从ansible服务器主控端复制文件到远程主机
注意: src=file 如果是没指明路径,则为当前目录或当前目录下的files目录下的file文件
#如目标存在,默认覆盖,此处指定先备份
[root@ansible ~]#ansible webservers -m copy -a 'src=ssh_key.sh dest=/data/ssh.sh owner=chen group=bin mode=700'
[root@centos7 data]#ll /data/
total 8
-rw-r--r-- 1 root root 6 Mar 1 19:55 hello.log
drwxr-xr-x 2 root root 6 Mar 1 19:46 mysql
-rwx------ 1 chen bin 1195 Mar 1 20:46 ssh.sh
-rw-r--r-- 1 root root 0 Mar 1 19:36 test.log
#复制/etc目录自身,注意/etc/后面没有/,ansible拷贝文件夹比较慢
[root@ansible ~]#ansible webservers -m copy -a "src=/etc dest=/data/"
#复制/etc/下的文件,不包括/etc/目录自身,注意/etc/后面有/
[root@ansible ~]#ansible webservers -m copy -a "src=/etc/ dest=/data/"
[root@centos7 ~]#ls /data/
at.deny fuse.conf machine-id named.conf passwd- shadow system-release-cpe
autofs.conf group- mailcap named.rfc1912.zones profile shadow- vimrc
centos-release inittab man_db.conf netconfig rwtab statetab yum.conf
cron.deny locale.conf mime.types os-release sestatus.conf system-release
6.5、Get_url 模块
功能: 用于将文件从http、https或ftp下载到被管理机节点上
常用参数如下:
url: 下载文件的URL,支持HTTP,HTTPS或FTP协议
dest: 下载到目标路径(绝对路径),如果目标是一个目录,就用服务器上面文件的名称,如果目标设置了名
称就用目标设置的名称
owner:指定属主
group:指定属组
mode:指定权限
force: 如果yes,dest不是目录,将每次下载文件,如果内容改变,替换文件。如果否,则只有在目标不存
在时才会下载该文件
checksum: 对目标文件在下载后计算摘要,以确保其完整性
示例: checksum="sha256:D98291AC[...]B6DC7B97",
checksum="sha256:http://example.com/path/sha256sum.txt"
url_username: 用于HTTP基本认证的用户名。 对于允许空密码的站点,此参数可以不使用
`url_password'
url_password: 用于HTTP基本认证的密码。 如果未指定`url_username'参数,则不会使用
`url_password'参数
validate_certs:如果“no”,SSL证书将不会被验证。 适用于自签名证书在私有网站上使用
timeout: URL请求的超时时间,秒为单位
[root@ansible ~]#wget http://nginx.org/download/nginx-1.18.0.tar.gz
[root@ansible ~]#md5sum nginx-1.18.0.tar.gz
b2d33d24d89b8b1f87ff5d251aa27eb8 nginx-1.18.0.tar.gz
[root@ansible ~]#openssl md5 nginx-1.18.0.tar.gz
MD5(nginx-1.18.0.tar.gz)= b2d33d24d89b8b1f87ff5d251aa27eb8
[root@ansible ~]#ansible webservers -m get_url -a 'url=http://nginx.org/download/nginx-1.18.0.tar.gz dest=/usr/local/src/nginx.tar.gz checksum="md5:b2d33d24d89b8b1f87ff5d251aa27eb8"'
[root@centos7 ~]#ll /usr/local/src/
total 1016
-rw-r--r-- 1 root root 1039530 Mar 2 09:09 nginx.tar.gz
6.6、Fetch 模块
功能:从远程主机提取文件至ansible的主控端,该模块的工作原理与[copy]类似,但与之相反,它用于从远程机器获取文件,并将它们存储在本地文件树中,按主机名组织,目前不支持目录
[root@ansible ~]#ansible webservers -m fetch -a 'src=/var/log/messages dest=/data/log'
[root@ansible ~]#ll /data/
total 0
drwxr-xr-x 4 root root 40 Mar 2 09:27 log
[root@ansible ~]#tree /data/
/data/
└── log
├── 10.0.0.17
│ └── var
│ └── log
│ └── messages
└── 10.0.0.27
└── var
└── log
└── messages
7 directories, 2 files6.7、 File 模块
功能:设置文件属性,创建软链接等
#创建空文件
[root@ansible ~]#ansible webservers -m file -a 'path=/data/a.txt state=touch owner=chen'
[root@centos7 ~]#ll /data/a.txt
-rw-r--r-- 1 chen root 0 Mar 2 09:54 /data/a.txt
#创建目录
[root@ansible ~]#ansible webservers -m file -a 'path=/data/mysql state=directory'
[root@centos7 ~]#ll /data/
total 0
drwxr-xr-x 2 root root 6 Mar 2 10:06 mysql
#创建软链接
[root@ansible ~]#ansible webservers -m file -a 'path=/data/mysql-5.7 state=directory'
[root@ansible ~]#ansible webservers -m file -a 'src=/data/mysql-5.7 path=/data/mysql-link state=link'
[root@centos7 ~]#ll /data/
total 0
drwxr-xr-x 2 root root 6 Mar 2 10:06 mysql
drwxr-xr-x 2 root root 6 Mar 2 10:11 mysql-5.7
lrwxrwxrwx 1 root root 15 Mar 2 10:16 mysql-link -> /data/mysql-5.7
#删除目录
[root@ansible ~]#ansible webservers -m file -a 'path=/data/mysql-5.7 state=absent'
[root@centos7 ~]#ll /data/
total 0
drwxr-xr-x 2 root root 6 Mar 2 10:06 mysql
lrwxrwxrwx 1 root root 15 Mar 2 10:16 mysql-link -> /data/mysql-5.7
[root@ansible ~]#ansible webservers -m file -a 'path=/data/mysql state=absent'
[root@centos7 ~]#ll /data/
total 0
#删除软连接
[root@ansible ~]#ansible webservers -m file -a 'path=/data/mysql-link state=absent'
[root@centos7 ~]#ll /data/
total 0
drwxr-xr-x 2 root root 6 Mar 2 10:06 mysql6.8、 stat 模块
功能:检查文件或文件系统的状态
注意:对于Windows目标,改用[win_stat]模块。
选项:
path:文件/对象的完整路径(必须)常用的返回值判断:
exists: 判断是否存在
isuid: 调用用户的ID与所有者ID是否匹配[root@ansible ~]#ansible 127.0.0.1 -m stat -a 'path=/etc/passwd'
127.0.0.1 | SUCCESS => {
"changed": false,
"stat": {
"atime": 1646128667.779402,
"attr_flags": "e",
"attributes": [
"extents"
],
"block_size": 4096,
"blocks": 8,
"charset": "us-ascii",
"checksum": "34bed15b9d357e00aee055bd8912c2e9c7c29f25",
"ctime": 1645808037.8519013,
"dev": 2050,
"device_type": 0,
"executable": false,
"exists": true,
"gid": 0,
"gr_name": "root",
"inode": 5243586,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mimetype": "text/plain",
"mode": "0644",
"mtime": 1645808037.8449013,
"nlink": 1,
"path": "/etc/passwd",
"pw_name": "root",
"readable": true,
"rgrp": true,
"roth": true,
"rusr": true,
"size": 1160,
"uid": 0,
"version": "18446744073124323490",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
}
}
6.9、unarchive 模块
功能:解包解压缩
实现有两种用法:
1、将ansible主机上的压缩包传到远程主机后解压缩至特定目录,设置copy=yes,此为默认值,可省略
2、将远程主机上的某个压缩包解压缩到指定路径下,设置copy=no
常见参数:
copy:默认为yes,当copy=yes,拷贝的文件是从ansible主机复制到远程主机上,如果设置为copy=no,
会在远程主机上寻找src源文件
remote_src:和copy功能一样且互斥,yes表示在远程主机,不在ansible主机,no表示文件在ansible主机上
src:源路径,可以是ansible主机上的路径,也可以是远程主机(被管理端或者第三方主机)上的路径,如果是远程主机上的路径,则需要设置copy=no
dest:远程主机上的目标路径
mode:设置解压缩后的文件权限[root@ansible ~]#ansible webservers -m unarchive -a 'src=nginx-1.18.0.tar.gz dest=/usr/local/src owner=chen group=bin'
[root@centos7 ~]#ls /usr/local/src/
nginx-1.18.0 nginx.tar.gz
[root@ansible ~]#ansible webservers -m unarchive -a 'src=http://nginx.org/download/nginx-1.18.0.tar.gz dest=/data copy=no'
[root@centos7 ~]#ll /data/
total 0
drwxr-xr-x 8 1001 1001 158 Apr 21 2020 nginx-1.18.0
[root@ansible ~]#ansible webservers -m unarchive -a 'src=/usr/local/src/nginx.tar.gz dest=/opt copy=no'
[root@centos7 ~]#ll /opt/
total 4
drwxr-xr-x 8 1001 1001 4096 Apr 21 2020 nginx-1.18.0
6.10、Archive 模块
功能:打包压缩保存在被管理节点
[root@ansible ~]#ansible webservers -m archive -a 'path=/var/log/ dest=/data/log.tar.bz2 format=bz2 owner=chen mode=0600'
[root@centos7 ~]#ll /data/
total 492
-rw------- 1 chen root 501654 Mar 2 11:37 log.tar.bz2
drwxr-xr-x 8 1001 1001 158 Apr 21 2020 nginx-1.18.0
6.11、Hostname 模块
功能:管理主机名,注意,此模块不修改“/etc/hosts”。
[root@ansible ~]#ansible 10.0.0.17 -m hostname -a 'name=nginx'
[root@centos7 ~]#hostname
nginx
6.12、Cron 模块
功能:计划任务,使用此模块管理crontab和环境变量条目。
支持时间:minute,hour,day,month,weekday
#备份数据库脚本
[root@centos7 ~]#cat /root/mysql_backup.sh
#!/bin/bash
mysqldump -A -F --single-transaction --master-data=2 -q -uroot |gzip >
/data/mysql_`date +%F_%T`.sql.gz
#创建计划任务
[root@ansible ~]#ansible 10.0.0.17 -m cron -a 'hour=2 minute=30 weekday=1-5 name="backup mysql" job=/root/mysql_backup.sh'
[root@centos7 ~]#crontab -e
#Ansible: backup mysql
30 2 * * 1-5 /root/mysql_backup.sh
#删除计划任务
[root@ansible ~]#ansible 10.0.0.17 -m cron -a "name='backup mysql' state=absent"
6.13、Yum 和 Apt 模块
功能:
yum 管理软件包,只支持RHEL,CentOS,fedora,不支持Ubuntu其它版本;
apt 模块管理 Debian 相关版本的软件包
#安装
[root@ansible ~]#ansible 10.0.0.17 -m yum -a 'name=sl'
[root@centos7 ~]#sl
(@@) ( ) (@) ( ) @@ () @ O @ O @
( )
(@@@@)
( )
(@@@)
==== ________ ___________
_D _| |_______/ \__I_I_____===__|_________|
|(_)--- | H\________/ | | =|___ ___| _________________
/ | | H | | | | ||_| |_|| _| \_____A
| | | H |__--------------------| [___] | =| |
| ________|___H__/__|_____/[][]~\_______| | -| |
|/ | |-----------I_____I [][] [] D |=======|____|________________________|_
__/ =| o |=-~~\ /~~\ /~~\ /~~\ ____Y___________|__|__________________________|_
|/-=|___|=O=====O=====O=====O |_____/~\___/ |_D__D__D_| |_D__D__D_|
\_/ \__/ \__/ \__/ \__/ \_/ \_/ \_/ \_/ \_/
[root@ansible ~]#ansible 10.0.0.17 -m yum -a 'name=httpd'
[root@centos7 ~]#rpm -qi httpd
Name : httpd
Version : 2.4.6
Release : 97.el7.centos.4
Architecture: x86_64
Install Date: Mon 31 Jan 2022 04:49:23 PM CST
Group : System Environment/Daemons
Size : 9821064
License : ASL 2.0
Signature : RSA/SHA256, Tue 25 Jan 2022 10:54:12 PM CST, Key ID 24c6a8a7f4a80eb5
Source RPM : httpd-2.4.6-97.el7.centos.4.src.rpm
Build Date : Tue 25 Jan 2022 10:10:28 PM CST
Build Host : x86-02.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : http://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
#卸载
[root@ansible ~]#ansible 10.0.0.17 -m yum -a 'name=httpd,sl state=absent'
[root@centos7 ~]#rpm -qi httpd sl
package httpd is not installed
package sl is not installed
#查看包
[root@ansible ~]#ansible 10.0.0.17 -m yum -a "list=tree"
10.0.0.17 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"results": [
{
"arch": "x86_64",
"envra": "0:tree-1.6.0-10.el7.x86_64",
"epoch": "0",
"name": "tree",
"release": "10.el7",
"repo": "base",
"version": "1.6.0",
"yumstate": "available"
},
{
"arch": "x86_64",
"envra": "0:tree-1.6.0-10.el7.x86_64",
"epoch": "0",
"name": "tree",
"release": "10.el7",
"repo": "installed",
"version": "1.6.0",
"yumstate": "installed"
}
]
}
[root@ansible ~]#ansible 10.0.0.17 -m yum -a "list=httpd"
10.0.0.17 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"results": [
{
"arch": "x86_64",
"envra": "0:httpd-2.4.6-95.el7.centos.x86_64",
"epoch": "0",
"name": "httpd",
"release": "95.el7.centos",
"repo": "base",
"version": "2.4.6",
"yumstate": "available"
}
]
}
6.14、yum_repository 模块
功能:将多个存储库添加到同一文件中,在基于RPM的Linux发行版中添加或删除YUM存储库
6.15、Service 模块
功能:管理服务,控制远程主机上的服务
[root@centos7 ~]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
[root@ansible ~]#ansible 10.0.0.27 -m service -a 'name=httpd state=started enabled=yes'
[root@centos7 ~]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
[root@centos7 ~]#systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2022-03-02 19:58:36 CST; 4min 26s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 1844 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─1844 /usr/sbin/httpd -DFOREGROUND
├─1845 /usr/sbin/httpd -DFOREGROUND
├─1846 /usr/sbin/httpd -DFOREGROUND
├─1847 /usr/sbin/httpd -DFOREGROUND
├─1848 /usr/sbin/httpd -DFOREGROUND
└─1849 /usr/sbin/httpd -DFOREGROUND
Mar 02 19:58:34 centos7 systemd[1]: Starting The Apache HTTP Server...
Mar 02 19:58:35 centos7 httpd[1844]: AH00558: httpd: Could not reliably determine the server's fully qualifie...essage
Mar 02 19:58:36 centos7 systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@ansible ~]#ansible 10.0.0.27 -m service -a 'name=httpd state=stopped enabled=no'
[root@centos7 ~]#systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)
Mar 02 19:58:34 centos7 systemd[1]: Starting The Apache HTTP Server...
Mar 02 19:58:35 centos7 httpd[1844]: AH00558: httpd: Could not reliably determine the server's fully qualifie...essage
Mar 02 19:58:36 centos7 systemd[1]: Started The Apache HTTP Server.
Mar 02 20:12:21 centos7 systemd[1]: Stopping The Apache HTTP Server...
Mar 02 20:12:22 centos7 systemd[1]: Stopped The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@ansible ~]#ansible 10.0.0.27 -m service -a 'name=httpd state=restarted'
6.16、User 模块
功能:管理用户,管理用户帐户和用户属性
#创建用户
[root@ansible ~]#ansible 10.0.0.27 -m user -a 'name=user1 comment="test user" uid=2048 home=/app/user1 group=root'
[root@ansible ~]#ansible 10.0.0.27 -m user -a 'name=nginx comment=nginx uid=88 group=nginx groups="root,daemon" shell=/sbin/nologin system=yes create_home=no home=/data/nginx non_unique=yes'
#remove=yes表示删除用户及家目录等数据,默认remove=no
[root@ansible ~]#ansible 10.0.0.27 -m user -a 'name=nginx state=absent remove=yes'
#生成123456加密的密码
ansible localhost -m debug -a "msg={{ '123456'|
password_hash('sha512','salt')}}"
localhost | SUCCESS => {
"msg": "$6$salt$MktMKPZJ6t59GfxcJU20DwcwQzfMvOlHFVZiOVD71w."
}
#用上面创建的密码创建用户
ansible webservers -m user -a 'name=test
password="$6$salt$MktMKPZJ6t59GfxcJU20DwcwQzfMvOlHFVZiOVD71w."'
#创建用户test,并生成4096bit的私钥
ansible webservers -m user -a 'name=test generate_ssh_key=yes ssh_key_bits=4096
ssh_key_file=.ssh/id_rsa'
6.17、Group 模块
功能:管理组
#创建组
ansible webservers -m group -a 'name=nginx gid=88 system=yes'
#删除组
ansible webservers -m group -a 'name=nginx state=absent'6.18、 Lineinfile 模块
ansible在使用sed进行替换时,经常会遇到需要转义的问题,而且ansible在遇到特殊符号进行替换时,存在问题,无法正常进行替换 。其实在ansible自身提供了两个模块:lineinfile模块和replace模块,可以方便的进行替换
此模块确保文件中有特定行,或使用替换现有行反向引用的正则表达式
一般在ansible当中去修改某个文件的单行进行替换的时候需要使用lineinfile模块
regexp参数 :使用正则表达式匹配对应的行,当替换文本时,如果有多行文本都能被匹配,则只有最后面被匹配到的那行文本才会被替换,当删除文本时,如果有多行文本都能被匹配,这么这些行都会被删除。
如果想进行多行匹配进行替换需要使用replace模块
功能:相当于sed,可以修改文件内容
[root@ansible ~]#ansible 10.0.0.27 -m lineinfile -a "path=/etc/httpd/conf/httpd.conf regexp='^Listen' line='Listen 8080'"
[root@centos7 ~]#grep Listen /etc/httpd/conf/httpd.conf
# Listen: Allows you to bind Apache to specific IP addresses and/or
# Change this to Listen on specific IP addresses as shown below to
#Listen 12.34.56.78:80
Listen 8080
[root@ansible ~]#ansible webservers -m lineinfile -a "path=/etc/selinux/config regexp='^SELINUX=' line='SELINUX=disabled'"
[root@centos7 ~]#cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Mon Jan 31 16:11:24 2022
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=099f9e4c-8094-4e19-ace1-f99b7f81744b / ext4 defaults 1 1
UUID=b36add53-d3f4-4ef7-9444-3c69bffb95db /boot xfs defaults 0 0
UUID=756b01bd-ccee-4563-a492-7368bb57b100 /data xfs defaults 0 0
UUID=076fc1a8-ac81-4378-8fcf-6968c31519bc swap swap defaults 0 0
[root@ansible ~]#ansible 10.0.0.27 -m lineinfile -a 'dest=/etc/fstab state=absent regexp="^#"'
[root@centos7 ~]#cat /etc/fstab
UUID=099f9e4c-8094-4e19-ace1-f99b7f81744b / ext4 defaults 1 1
UUID=b36add53-d3f4-4ef7-9444-3c69bffb95db /boot xfs defaults 0 0
UUID=756b01bd-ccee-4563-a492-7368bb57b100 /data xfs defaults 0 0
UUID=076fc1a8-ac81-4378-8fcf-6968c31519bc swap swap defaults 0 0
6.19、Replace 模块
功能:该模块有点类似于sed命令,主要也是基于正则表达式进行匹配和替换,建议使用
此模块将替换文件中模式的所有实例
[root@ansible ~]#ansible 10.0.0.27 -m replace -a "path=/etc/fstab regexp='^(UUID.*)' replace='#\1'"
[root@ansible ~]#ansible 10.0.0.27 -m replace -a "path=/etc/fstab regexp='^#(UUID.*)' replace='\1'"
[root@centos7 ~]#vim /etc/httpd/conf/httpd.conf
#Listen 12.34.56.78:80
Listen 8080
Listen 8080
Listen 8080
[root@ansible ~]#ansible 10.0.0.27 -m replace -a "path=/etc/httpd/conf/httpd.conf regexp='^Listen.*' replace='Listen 80'"
[root@centos7 ~]#grep Listen /etc/httpd/conf/httpd.conf
# Listen: Allows you to bind Apache to specific IP addresses and/or
# Change this to Listen on specific IP addresses as shown below to
#Listen 12.34.56.78:80
Listen 80
Listen 80
Listen 806.20、SELinux 模块
功能:管理 SELInux 策略,配置SELinux模式和策略,使用后可能需要重新启动
[root@ansible ~]#ansible 10.0.0.27 -m selinux -a 'state=disabled'
[root@ansible ~]#getenforce
Disabled
[root@ansible ~]#grep -v '#' /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
6.21、reboot 模块
功能:重启,重新启动一台机器,等待它停机、恢复并响应命令
[root@ansible ~]#ansible webservers -m reboot6.22、mount 挂载和卸载
功能: 挂载和卸载文件系统,此模块控制“/etc/fstab”中的活动和配置装载点。
#临时挂载
[root@ansible ~]#ansible webservers -m mount -a 'src="UUID=b3e48f45-f933-4c8e-a700-22a159ec9077" path=/home fstype=xfs opts=noatime state=present'
#临时取消挂载
[root@ansible ~]#ansible webservers -m mount -a 'path=/home fstype=xfs opts=noatime state=unmounted'
#永久挂载
[root@ansible ~]#ansible webservers -m mount -a 'src=10.0.0.17:/data/wordpress path=/var/www/html/wpcontent/uploads opts="_netdev" state=mounted'
#永久卸载
[root@ansible ~]#ansible webservers -m mount -a 'src=10.0.0.17:/data/wordpress path=/var/www/html/wpcontent/uploads state=absent'6.23、Setup 模块
功能: setup 模块来收集主机的系统信息,这些 facts 信息可以直接以变量的形式使用,但是如果主机较多,会影响执行速度,playbooks会自动调用此模块,以收集有关的有用变量可以在剧本中使用的远程主机
可以使用 gather_facts:no 来禁止 Ansible 收集 facts 信息
[root@ansible ~]#ansible 10.0.0.27 -m setup
[root@ansible ~]#ansible 10.0.0.27 -m setup -a "filter=ansible_nodename"
10.0.0.27 | SUCCESS => {
"ansible_facts": {
"ansible_nodename": "centos7",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
[root@ansible ~]#ansible 10.0.0.27 -m setup -a "filter=ansible_hostname"
10.0.0.27 | SUCCESS => {
"ansible_facts": {
"ansible_hostname": "centos7",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
[root@ansible ~]#ansible 10.0.0.27 -m setup -a "filter=ansible_memtotal_mb"
10.0.0.27 | SUCCESS => {
"ansible_facts": {
"ansible_memtotal_mb": 1980,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
[root@ansible ~]#ansible 10.0.0.27 -m setup -a "filter=ansible_processor_vcpus"
10.0.0.27 | SUCCESS => {
"ansible_facts": {
"ansible_processor_vcpus": 2,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
[root@ansible ~]#ansible 10.0.0.27 -m setup -a "filter=ansible_distribution_version"
10.0.0.27 | SUCCESS => {
"ansible_facts": {
"ansible_distribution_version": "7.9",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
[root@ansible ~]#ansible 10.0.0.27 -m setup -a "filter=ansible_os_family"
10.0.0.27 | SUCCESS => {
"ansible_facts": {
"ansible_os_family": "RedHat",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
#取默认IP
[root@ansible ~]#ansible 10.0.0.27 -m setup -a 'filter="ansible_default_ipv4"'
10.0.0.27 | SUCCESS => {
"ansible_facts": {
"ansible_default_ipv4": {
"address": "10.0.0.27",
"alias": "eth0",
"broadcast": "10.0.0.255",
"gateway": "10.0.0.2",
"interface": "eth0",
"macaddress": "00:50:56:3b:17:bf",
"mtu": 1500,
"netmask": "255.255.255.0",
"network": "10.0.0.0",
"type": "ether"
},
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
6.24、debug 模块
功能:此模块可以用于输出信息,并且通过 msg 定制输出的信息内容,该模块在执行期间打印语句,对调试非常有用
注意:msg后面的变量有时需要加 " " 引起来
[root@ansible ~]#ansible 10.0.0.17 -m debug
10.0.0.17 | SUCCESS => {
"msg": "Hello world!"
}
1198
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
