文章目录
Ansible的常用模块介绍
ansible默认提供了很多的模块供我们使用。在Linux中,我们可以通过 ansible-doc -l 命令查看当前ansible支持的所有模块,通过 ansible-doc -s 模块名 来查看帮助文档中有哪些参数可以使用,通过 ansible 受管主机 -m 模块名 -a ‘参数’ 来执行命令。
ansible常用模块 shell command raw 的区别:
- shell模块调用的/bin/sh指令执行
- command模块不是调用的shell的指令,所以没有bash的环境变量
- raw很多地方和shell类似,更多的地方建议使用shell和command模块。但是如果是使用老版本python,需要用到raw,又或者是客户端是路由器,因为没有安装python模块,那就需要使用raw模块
ping模块
ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong
[root@localhost ansible]# ansible 192.168.220.8 -m ping
192.168.220.8 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
shell模块
shell模块用于在受管机上执行受管机上的脚本,也可直接在受管机上执行命令。
shell模块支持管道与重定向
//查看受管主机上的脚本
[root@localhost ansible]# ansible all -m shell -a 'ls -l /root'
192.168.220.8 | CHANGED | rc=0 >>
total 1
-rwxr-xr-x. 1 root root 23 Jul 18 01:07 ll.sh
[root@localhost ansible]# ansible all -m shell -a 'cat /root/ll.sh'
192.168.220.8 | CHANGED | rc=0 >>
#!/bin/bash
touch test
//执行受管主机上的脚本
[root@localhost ansible]# ansible all -m shell -a '/root/ll.sh'
192.168.220.8 | CHANGED | rc=0 >>
//查看
[root@localhost ansible]# ansible all -m shell -a 'ls /root'
192.168.220.8 | CHANGED | rc=0 >>
ll.sh
test
command模块
command模块用于在远程主机上执行命令,ansible默认就是使用command模块。
command模块有一个缺陷就是不能使用管道符和重定向功能
//查看受管主机上/tmp目录下的文件
[root@localhost ansible]# ansible all -m command -a 'ls /tmp'
192.168.220.8 | CHANGED | rc=0 >>
ansible_command_payload_5poztdyc
hsperfdata_root
ks-script-a85snvsm
....
//在受管主机的/tmp/目录下新建一个test文件
[root@localhost ansible]# ansible all -m command -a 'touch /tmp/test'
[WARNING]: Consider using the file module with state=touch rather than running 'touch'.
If you need to use command because file is insufficient you can add 'warn: false' to this
command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.220.8 | CHANGED | rc=0 >>
[root@localhost ansible]# ansible all -m command -a 'ls /tmp' //查看受管主机上/tmp目录下是否创建了test文件
192.168.220.8 | CHANGED | rc=0 >>
ansible_command_payload_9563eekh
hsperfdata_root
ks-script-a85snvsm
test
//command模块不支持管道符和重定向
[root@localhost ansible]# ansible all -m command -a 'echo "hello" > /tmp/test' //打印hello到/tmp/test
192.168.220.8 | CHANGED | rc=0 >>
hello > /tmp/test
[root@localhost ansible]# ansible all -m command -a 'cat /tmp/test' //查看返回结果没有
192.168.220.8 | CHANGED | rc=0 >>
//查看受管主机上进程过滤ssh失败,command模块不支持管道符
[root@localhost ansible]# ansible all -m command -a 'ps -aux | grep ssh'
192.168.220.8 | FAILED | rc=1 >>
error: user name does not exist
Usage:
ps [options]
Try 'ps --help <simple|list|output|threads|misc|all>'
or 'ps --help <s|l|o|t|m|a>'
for additional help text.
For more details see ps(1).non-zero return code
raw模块
raw模块用于在远程主机上执行命令,支持管道符与重定向
执行原始的命令,而不是通过模块子系统。在任何情况下,使用shell或命令模块是合适的。给定原始的参数直接通过配置的远程shell运行。可返回标准输出、错误输出和返回代码。此模块没有变更处理程序支持。这个模块不需要远程系统上的Python,就像脚本模块一样。此模块也支持Windows目标。
//使用重定向
[root@localhost ansible]# ansible all -m raw -a 'echo "world" > /tmp/test'
192.168.220.8 | CHANGED | rc=0 >>
Shared connection to 192.168.220.8 closed.
[root@localhost ansible]# ansible all -m raw -a 'cat /tmp/test' //查看
192.168.220.8 | CHANGED | rc=0 >>
world
Shared connection to 192.168.220.8 closed.
//支持管道符
[root@localhost ansible]# ansible all -m raw -a 'ps -aux|grep ssh'
192.168.220.8 | CHANGED | rc=0 >>
root 940 0.0 0.4 92296 7808 ? Ss 04:44 0:00 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@open
[root@localhost ansible]# ansible all -m raw -a 'cat /tmp/test |grep world ' //过滤world
192.168.220.8 | CHANGED | rc=0 >>
world
Shared connection to 192.168.220.8 closed.
user模块
user模块用于管理受管主机的用户帐号
//在受管主机上创建一个系统用户,名字为tom,uid为132,设置shell为/sbin/nologin,没有家目录
[root@localhost ansible]# ansible all -m user -a 'name=tom uid=132 system=yes create_home=no shell=/sbin/nologin'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 132,
"home": "/home/tom",
"name": "tom",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 132
}
//查看家目录下没有tom
[root@localhost ansible]# ansible all -m shell -a 'ls /home'
192.168.220.8 | CHANGED | rc=0 >>
harry
//修改受管主机上tom用户的uid为133
[root@localhost ansible]# ansible all -m user -a 'name=tom uid=133 system=yes create_home=no shell=/sbin/nologin'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"append": false,
"changed": true,
"comment": "",
"group": 132,
"home": "/home/tom",
"move_home": false,
"name": "tom",
"shell": "/sbin/nologin",
"state": "present",
"stderr": "usermod: warning: /var/spool/mail/tom not owned by tom\n",
"stderr_lines": [
"usermod: warning: /var/spool/mail/tom not owned by tom"
],
"uid": 133
}
//查看受管主机上tom用户和改变的uid
[root@localhost ansible]# ansible all -m shell -a 'grep tom /etc/passwd'
192.168.220.8 | CHANGED | rc=0 >>
tom:x:133:132::/home/tom:/sbin/nologin
//删除受管主机上的tom用户
[root@localhost ansible]# ansible all -m user -a 'name=tom state=absent'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"force": false,
"name": "tom",
"remove": false,
"state": "absent"
}
//查看受管主机tom用户已经删除成功
[root@localhost ansible]# ansible all -m shell -a 'grep tom /etc/passwd'
192.168.220.8 | FAILED | rc=1 >>
non-zero return code
group模块
group模块用于在受管主机上添加或删除组
//在受管主机上添加一个系统组,其gid为360,组名为test
[root@localhost ansible]# ansible all -m group -a 'name=test gid=360'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 360,
"name": "test",
"state": "present",
"system": false
}
[root@localhost ansible]# ansible all -m shell -a 'grep test /etc/group'
192.168.220.8 | CHANGED | rc=0 >>
test:x:360:
//删除受管主机上的组
[root@localhost ansible]# ansible all -m group -a 'name=test state=absent'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "test",
"state": "absent"
}
[root@localhost ansible]# ansible all -m shell -a 'grep test /etc/group'
192.168.220.8 | FAILED | rc=1 >>
non-zero return code
service模块
service模块用于管理受管主机上的服务
//查看受管主机上的mariadb服务是否启动
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-active mariadb' //查看发现没有启动
192.168.220.8 | FAILED | rc=3 >>
inactivenon-zero return code
...
//启动受管主机的mairadb服务
[root@localhost ansible]# ansible all -m service -a 'name=mariadb state=started'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "mariadb",
"state": "started",
"status": {
//查看状态是活跃的,启动成功
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-active mariadb'
192.168.220.8 | CHANGED | rc=0 >>
activ
//查看受管主机的mariadb服务是否开机自启,无自启
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-enabled mariadb'
192.168.220.8 | FAILED | rc=1 >>
disablednon-zero return code
//设置受管主机mariadb服务自启
[root@localhost ansible]# ansible all -m service -a 'name=mariadb enabled=yes'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "mariadb",
"status": {
//查看状态是否开机自启
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-enabled mariadb'
192.168.220.8 | CHANGED | rc=0 >>
enabled
//停止受管主机mariadb服务
root@localhost ansible]# ansible all -m service -a 'name=mariadb state=stopped'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "mariadb",
"state": "stopped",
"status": {
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-active mariadb'
192.168.220.8 | FAILED | rc=3 >>
inactivenon-zero return code
[root@localhost ansible]# ansible all -m shell -a 'ss -antl'
192.168.220.8 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
copy模块
copy模块用于复制文件至远程受管主机
ansible 172.16.103.129 -m copy -a 'src(源地址)=路径 dest(目的地)=路径’
使用force参数控制是否强制覆盖
ansible 受管主机 -m copy -a 'src=源路径 dest=目标路径 force=yes/no
froce=no 如果目标文件已经存在,则不操作;目标文件不存在,则会拷贝过去
froce=yes 如果目标文件已经存在,则会强制覆盖
使用backup参数控制是否备份文件
ansible 被管理机名称 -m copy -a 'src=原路径 dest=复制过去的路径 backup=yes owner= group= mode= ’
backup=yes表示如果拷贝的文件内容与原内容不一样,则会备份一份
[root@localhost ansible]# ansible all -m command -a 'ls /root' //查看受管主机/root目录下的文件
192.168.220.8 | CHANGED | rc=0 >>
anaconda-ks.cfg
[root@localhost ansible]# ansible all -m copy -a 'src=/tmp/project dest=/root' //将本机/tmp/目录下的文件project复制到受管主机/root/上
192.168.220.8 | CHANGED => {
"changed": true,
"dest": "/root/",
"src": "/root/project"
}
[root@localhost ansible]# ansible all -m command -a 'ls /root' //查看受管主机上/root目录下的文件,成功
192.168.220.8 | CHANGED | rc=0 >>
anaconda-ks.cfg
project
fetch模块
fetch模块与copy模块类似,但作用相反。用于把远程机器的文件拷贝到本地,不支持复制目录。
ansible 被管理机名称 -m fetch -a 'src=原路径 dest=目的路径‘
root@localhost ansible]# ansible all -m fetch -a 'src=/root/test1 dest=/root'
192.168.220.8 | CHANGED => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/root/192.168.220.8/root/test1",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
[root@localhost ~]# ll //主控机上查看
总用量 1
drwxr-xr-x. 3 root root 18 7月 18 00:36 192.168.220.8
[root@localhost ~]# ls 192.168.220.8/root/
test1
file模块
file模块主要用于远程主机上的文件操作,file模块包含如下选项:
-
force:需要在两种情况下强制创建软链接,一种是源文件不存在但之后会建立的情况下;另一种是目标软链接已存在,需要先取消之前的软链,然后创建新的软链,有两个选项:yes|no
-
group:定义文件/目录的属组
-
mode:定义文件/目录的权限
-
owner:定义文件/目录的属主
-
path:必选项,定义文件/目录的路径
-
recurse:递归的设置文件的属性,只对目录有效
-
src:要被链接的源文件的路径,只应用于state=link的情况
-
dest:被链接到的路径,只应用于state=link的情况
-
state:
directory:如果目录不存在,创建目录
file:即使文件不存在,也不会被创建
link:创建软链接
hard:创建硬链接
touch:如果文件不存在,则会创建一个新的文件,如果文件或目录已存在,则更新其最后修改时间
absent:删除目录、文件或者取消链接文件
//查看受管主机上/root/project的属主和属组和权限
[root@localhost ansible]# ansible all -m shell -a 'ls -l /root/'
192.168.220.8 | CHANGED | rc=0 >>
total 4
-rw-------. 1 root root 1023 Jul 13 12:06 anaconda-ks.cfg
drwxr-xr-x. 3 root root 17 Jul 17 07:22 project
//使用file模块修改受管主机上/root/project的属主和属组
[root@localhost ansible]# ansible all -m file -a 'path=/root/project owner=harry group=harry mode=0644'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 1000,
"group": "harry",
"mode": "0644",f
"owner": "harry",
"path": "/root/project",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 17,
"state": "directory",
"uid": 1000
}
//查看修改成功
[root@localhost ansible]# ansible all -m command -a 'ls -l /root/'
192.168.220.8 | CHANGED | rc=0 >>
total 4
-rw-------. 1 root root 1023 Jul 13 12:06 anaconda-ks.cfg
drw-r--r--. 3 harry harry 17 Jul 17 07:22 project
//在受管主机上/root/目录下touch一个文件school,属主为root,属组为harry,权限为644
[root@localhost ansible]# ansible all -m file -a 'path=/root/school state=touch owner=root group=harry mode=0644'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/root/school",
"gid": 1000,
"group": "harry",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
//更改受管主机上/root/qq的权限
[root@localhost ansible]# ansible all -m shell -a 'ls -l /root'
192.168.220.8 | CHANGED | rc=0 >>
total 1
drwxrwxrwx. 3 root root 15 Jul 17 21:57 qq
[root@localhost ansible]# ansible all -m file -a 'path=/root/qq mode=0644'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/root/qq",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 15,
"state": "directory",
"uid": 0
}
[root@localhost ansible]# ansible all -m shell -a 'ls -l /root'
192.168.220.8 | CHANGED | rc=0 >>
total 1
drw-r--r--. 3 root root 15 Jul 17 21:57 qq
//在受管主机上创建目录,更改属主为harry
[root@localhost ansible]# ansible all -m file -a 'path=/root/cd/d state=directory recurse=yes owner=harry'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 1000,
"group": "root",
"mode": "0755",
"owner": "harry",
"path": "/root/cd/d",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 6,
"state": "directory",
"uid": 1000
}
[root@localhost ansible]# ansible all -m shell -a 'ls -l /root/cd/' //查看
192.168.220.8 | CHANGED | rc=0 >>
total 0
drwxr-xr-x. 2 harry root 6 Jul 17 22:03 d
//给受管主机上root目录下的文件school创建软连接到/tmp目录下
[root@localhost ansible]# ansible all -m file -a 'src=/root/school dest=/tmp/ss state=link'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/tmp/ss",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 12,
"src": "/root/school",
"state": "link",
"uid": 0
}
[root@localhost ansible]# ansible all -m shell -a 'ls -l /tmp'
192.168.220.8 | CHANGED | rc=0 >>
total 4
drwx------. 2 root root 41 Jul 17 22:26 ansible_command_payload_i4oj3u65
drwxr-xr-x. 2 root root 19 Jul 17 03:40 hsperfdata_root
-rwx------. 1 root root 701 Jul 13 12:06 ks-script-a85snvsm
lrwxrwxrwx. 1 root root 12 Jul 17 22:25 ss -> /root/school
//创建硬链接
[root@localhost ansible]# ansible all -m file -a 'src=/root/qqq dest=/tmp/qq state=hard'192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/tmp/qq",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 0,
"src": "/root/qqq",
"state": "hard",
"uid": 0
}
lineinfile模块
确保特定行是否在文件中
//查看受管主机上的/etc/selinux/config
[root@localhost ansible]# ansible all -m shell -a 'cat /etc/selinux/config'
192.168.220.8 | CHANGED | rc=0 >>
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
//修改受管主机上 SELINUX=enforcing 为 SELINUX=disabled
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/etc/selinux/config regexp="SELINUX=" line="SELINUX=disabled"'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
[root@localhost ansible]# ansible all -m shell -a 'cat /etc/selinux/config'
192.168.220.8 | CHANGED | rc=0 >>
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
//向受管主机的/etc/selinux/config/插入一行
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/etc/selinux/config line=SELINUX=permissive'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@localhost ansible]# ansible all -m shell -a 'cat /etc/selinux/config'
192.168.220.8 | CHANGED | rc=0 >>
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
SELINUX=permissive
//删除一行 SELINUX=permissive
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/etc/selinux/config state=absent line=SELINUX=permissive'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"found": 1,
"msg": "1 line(s) removed"
}
[root@localhost ansible]# ansible all -m shell -a 'cat /etc/selinux/config'
192.168.220.8 | CHANGED | rc=0 >>
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
//修改文件属主和属主,test文件内容是jjyy
[root@localhost ansible]# ansible all -m shell -a 'ls -l /root'
192.168.220.8 | CHANGED | rc=0 >>
total 1
-rw-r--r--. 1 root root 5 Jul 18 02:01 test
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/root/test owner=harry group=zzz line=jjyy state=present'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "ownership, perms or SE linux context changed"
}
[root@localhost ansible]# ansible all -m shell -a 'ls -l /root'
192.168.220.8 | CHANGED | rc=0 >>
total 1
-rw-r--r--. 1 harry zzz 5 Jul 18 02:01 test
//向受管主机文件/etc/selinux/config/下的SELINUX=disabled后面插入一行
[root@localhost ansible]# ansible all -m shell -a 'cat /etc/selinux/config'
192.168.220.8 | CHANGED | rc=0 >>
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/etc/selinux/config insertafter="SELINUX=disabled" line="SELINUX=permissive"'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@localhost ansible]# ansible all -m shell -a 'cat /etc/selinux/config'
192.168.220.8 | CHANGED | rc=0 >>
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
SELINUX=permissive
yum 模块
yum模块用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个
- name:要管理的包名
- state:要进行的操作
state常用的值:
- latest:安装软件
- installed:安装软件
- present:安装软件
- removed:卸载软件
- absent:卸载软件
若想使用yum来管理软件,请确保受控机上的yum源无异常
//查看受管主机上是否安装了vsftpd
[root@localhost ansible]# ansible all -m shell -a 'rpm -qa |grep vsftpd'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If
you need to use command because yum, dnf or zypper is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of
this message.
192.168.220.8 | FAILED | rc=1 >>
non-zero return code
//在ansible主机上使用yum模块安装vsftpd
[root@localhost ansible]# ansible all -m yum -a 'name=vsftpd state=present'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-34.el8.x86_64"
]
}
//查看安装
[root@localhost ansible]# ansible all -m shell -a 'rpm -qa |grep vsftpd'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If
you need to use command because yum, dnf or zypper is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of
this message.
192.168.220.8 | CHANGED | rc=0 >>
vsftpd-3.0.3-34.el8.x86_64
script模块
script模块用于在受管主机上执行主控机上的脚本
ansible 受管主机 -m 模块 -a '脚本路径’
//查看主控机上的脚本
[root@localhost ansible]# ls -l /root/
总用量 1
-rwxr-xr-x. 1 root root 23 7月 17 23:43 a.sh
[root@localhost ansible]# cat /root/a.sh
#!/bin/bash
touch test
//在受管机上执行
[root@localhost ansible]# ansible all -m script -a '/root/a.sh'
192.168.220.8 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.220.8 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.220.8 closed."
],
"stdout": "",
"stdout_lines": []
}
//查看受管机上是否touch了一个文件test
[root@localhost ansible]# ansible all -m shell -a 'ls -l /root'
192.168.220.8 | CHANGED | rc=0 >>
total 0
-rw-r--r--. 1 root root 0 Jul 17 23:51 test
template模块
template模块用于生成一个模板,并可将其传输至远程主机上
[root@localhost ~]# ls
ansible.cfg
[root@localhost ~]# cat ansible.cfg
jjyy
[root@localhost ansible]# ansible all -m template -a 'src=~/ansible.cfg dest=/tmp/'
192.168.220.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "dce58c1e5d0ee30acff9282898b28b54b27c4e0a",
"dest": "/tmp/ansible.cfg",
"gid": 0,
"group": "root",
"md5sum": "6b6804d918ecdf41b7363b7ee7027346",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 5,
"src": "/root/.ansible/tmp/ansible-tmp-1626584618.565992-357179-252666804746292/source",
"state": "file",
"uid": 0
}
[root@localhost ansible]# ansible all -m shell -a 'cat /tmp/ansible.cfg'
192.168.220.8 | CHANGED | rc=0 >>
jjyy
get_url
功能:从http、https、ftp下载文件到远程主机
参数:
url:下载地址
dest:远程主机上的目标径路
mode:设置下载到远程主机后的文件的权限
ansible all -m get_url -a 'url=网址 dest=/usr/src' # 从网上下载文件到受控主机的/usr/src目录
unarchive
解压缩模块
选项:
src: 包路径,可以是ansible主机,也可以是受控主机,也可以是网址
dest:受控主机目录
remote_src: 功能同copy且相反,设定为yes 表示包在受控主机,设定为no表示包在ansible主机
copy: 默认为yes ,从ansible主机复制文件到受控主机,设定为no 从受控主机中寻找src源文件
mode: 加压后文件权限
示例:
unarchive:
src: https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-1.7.0.tar.gz # 地址,从网络上下载包到受控主机
dest: /root/ # 受控主机目录
remote_src: yes # 表示包在受控主机上
ansible all -m unarchive -a 'src=xxx dest=xxx copy=yes' # 将ansible主机上的文件解压到受控主机
archive
压缩文件
选项:
path: 打包目录的名称
dest: 打包文件目录和名称
format: 打包的格式
owner: 指定文件所属人
mode: 指定文件权限
ansible all -m archive -a " path=/usr/src dest=/mnt/backup.bz2 format=bz2 owner=tom mode=755"
# 将ansible主机上的/usr/src/目录,压缩到/mnt/下,名字为backup.bz2 ,压缩格式为bz2,拥有者为tom,权限是755