目录
一、command模块
command模块在远程主机执行命令,但是不支持管道,重定向等shell的特征,常用参数如下(不支持管道,不建议使用)。
- chdir:在远程主机上运行命令前要提前进入的目录
- creates:在命令运行时创建一个文件,如果文件已经存在,则不会创建任务
- removes:在命令运行时移除一个文件,如果文件不存在,则不会执行移除任务
- executable:指明运行命令的shell程序
案列
[root@ansible ~] ansible Rich -m command -a "useradd Rich"
#Rich是我在/etc/ansible/hosts里定义的主机名 输入IP192.168.1.XX也可以
192.168.1.134 | CHANGED | rc=0 >>
192.168.1.133 | CHANGED | rc=0 >>
[root@client1 ~] hostname
client1
[root@ansible ~] ansible Rich -m command -a "uptime"
192.168.1.134 | CHANGED | rc=0 >>
16:51:24 up 7:54, 3 users, load average: 0.05, 0.03, 0.05
192.168.1.133 | CHANGED | rc=0 >>
16:51:24 up 7:54, 3 users, load average: 0.00, 0.01, 0.05
二、shell模块
shell模块在远程主机执行命令,相当于调用远程主机的shell进程,然后在该shell下打开一个子shell运行命令,和command模块的区别是它支持shell特征,如管道,重定向等。
1、测试重定向
[root@ansible ~] ansible 192.168.1.133 -m shell -a "echo cool >1.txt"
192.168.1.133 | CHANGED | rc=0 >>
[root@client1 ~]# cat 1.txt
cool
2、测试管道符
三、raw模块
最原始的方式运行命令(不依赖python,仅通过ssh实现)
案列:清除yum缓存
[root@ansible ~] ansible 192.168.1.134 -m raw -a "yum clean all"
192.168.1.134 | CHANGED | rc=0 >>
已加载插件:fastestmirror
正在清理软件源: c7-media epel
Cleaning up list of fastest mirrors
Other repos take up 180 M of disk space (use --verbose for details)
Shared connection to 192.168.1.134 closed.
四、copy模块
copy模块用于复制指定主机文件到远程主机的指定位置,常见参数如下
- dest:指出复制文件的目标目录位置,使用绝对路径。如果源是目录,指目标也要是目录,如果目标文件已经存在会覆盖原有内容。
- src:指出源文件的路径,可以使用相对路径或绝对路径,支持直接指定目录,如果源是目录则目标也要是目录
- mode:指出复制时,目标文件的权限 可选
- owner:指出复制时,目标文件的属主 可选
- group:指出复制时,目标文件的属组 可选
- content:指出复制到目标主机上的内容,不能与src一起使用,相当于复制content指明的数据到目标文件中
特别提示:
参数:backup=yes===>意思是,如果目标路径下,有与我同名但不同内容的文件时,在覆盖前,对目标文件先进行备份。
所有被管理端节点必须安装libselinux-python
实验案例
将Rich组中主机的/etc/hosts文件拷贝到/tmp下 指定权限为777 更改属主为Rich更改属组为root
[root@ansible ~] ansible Rich -m copy -a "src=/etc/hosts dest=/tmp mode=777 owner=Rich group=root"
192.168.1.134 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "7335999eb54c15c67566186bdfc46f64e0d5a1aa",
"dest": "/tmp/hosts",
"gid": 0,
"group": "root",
"md5sum": "54fb6627dbaa37721048e4549db3224d",
"mode": "0777",
"owner": "Rich",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 158,
"src": "/root/.ansible/tmp/ansible-tmp-1689330661.87-9796-230501467348237/source",
"state": "file",
"uid": 1000
[root@client1 ~] ls /tmp/
hosts systemd-private-0eee05b8fb594c28b1d829918eb10657-chronyd.service-LWLJ47
五、hostname模块
hostname模块用于管理远程主机上的主机名,常用参数如下
name:指明主机名
案列:更改client主机名
[root@ansible ~] ansible 192.168.1.133 -m hostname -a "name=Rich"
192.168.1.133 | CHANGED => {
"ansible_facts": {
"ansible_domain": "",
"ansible_fqdn": "Rich",
"ansible_hostname": "Rich",
"ansible_nodename": "Rich",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "Rich"
}
#client上查看
[root@client1 ~] hostname
Rich
六、yum模块
Yum模块基于yum机制,对远程主机管理程序包,常用参数如下。
- name:程序包的名称,可以带上版本号,如不指定版本号默认安装为最新版本
- state=present | latest | absent:指明对程序包执行的操作,present表示安装程序包,latest表示安装最新版本的程序包,absent表示卸载程序包
- disablerepo:在用yum安装时禁用某个仓库的ID
- enablerepo:在用yum安装时启用某个参考的ID
- conf_file:yum运行时的配置文件而不是使用默认的配置文件
- diable_gpg_check=yes | no:是否启用完整性校验功能
案例:client端yum安装bind
[root@ansible ~] ansible Rich -m copy -a "src=/etc/hosts dest=/tmp mode=777 owner=Rich group=root"
192.168.1.134 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "7335999eb54c15c67566186bdfc46f64e0d5a1aa",
"dest": "/tmp/hosts",
"gid": 0,
"group": "root",
"md5sum": "54fb6627dbaa37721048e4549db3224d",
"mode": "0777",
"owner": "Rich",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 158,
"src": "/root/.ansible/tmp/ansible-tmp-1689330661.87-9796-230501467348237/source",
"state": "file",
"uid": 1000
}
[root@client1 ~] rpm -qa bind
bind-9.11.4-26.P2.el7_9.13.x86_64
七、service模块
Service模块为用来管理远程主机上的服务的模块,常见参数如下:
- name:被管理的服务名称
- state=started | stopped | restarted:动作包含启动关机或重启
- enabled=yes | no:表示是否设置该服务开机自启动
runlevel:如果设定了enabled开机自启动,则要定义在哪些运行目标下自启动
案例:启动httpd服务并设置为开启自启动
[root@ansible ~] ansible 192.168.1.133 -m service -a "name=httpd state=started enabled=yes"
192.168.1.133 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
[root@client1 ~] netstat -anptl |grep :80
tcp6 0 0 :::80 :::* LISTEN 11163/httpd
八、user模块
User模块用于管理远程主机上的用户账户,常见参数如下:
- name:必选参数 账号名称
- state=present | absent:创建账号或者删除账号,present表示创建,absent表示删除
- system=yes | no:是否为系统账号
- uid:用户UID
- group:用户的基本组
- groups:用户的附加组
- shell:默认使用的shell
- home:用户的家目录
- move_home=yes | no:如果设置的家目录已经存在,是否将已经存在的家目录进行移动
- password:用户的密码,建议使用加密后的字符串
- comment:用户的注释信息
- remove=yes | no:当state=absent时,是否删除用户的家目录
案列:给client1(192.168.1.133)创建用户
[root@ansible ~] ansible 192.168.1.133 -m user -a 'name=user1 system=yes uid=502 group=root groups=sshd shell=/sbin/nologin home=/home/user1 password=user1 comment="test user"'
[WARNING]: The input password appears not to have been hashed. The 'password' argument must
be encrypted for this module to work properly.
192.168.1.133 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "test user",
"create_home": true,
[root@client1 ~] tail /etc/passwd
user1:x:502:0:test user:/home/user1:/sbin/nologin
删除用户及家目录
[root@ansible ~] ansible 192.168.1.133 -m user -a 'name=user1 state=absent remove=yes'
192.168.1.133 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
九、script模块
script模块能够实现远程服务器批量运行本地的shell脚本
所有被管理端需要挂载光盘,并创建本地yum仓库文件
[root@ansible ~] vim test.sh
#!/bin/bash
touch /tmp/file{1..20}.txt
[root@ansible ~] ansible 192.168.1.133 -m script -a "test.sh"
192.168.1.133 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.1.133 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.1.133 closed."
],
"stdout": "",
"stdout_lines": []
[root@client1 ~] ls /tmp
file10.txt file2.txt
file11.txt file3.txt
file12.txt file4.txt
file13.txt file5.txt
file14.txt file6.txt
file15.txt file7.txt
file16.txt file8.txt
file17.txt file9.txt
file18.txt hosts
file19.txt systemd-private-0eee05b8fb594c28b1d829918eb10657-chronyd.service-LWLJ47
file1.txt systemd-private-0eee05b8fb594c28b1d829918eb10657-httpd.service-dqgrrv
file20.txt
十、unarchive用于在远程主机上解压文件
案列
[root@ansible ~] ansible Rich -m unarchive -a "src=/root/0.4.0.tar.gz dest=/mnt/"
192.168.1.134 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/mnt/",
"extract_results": {
[root@client1 ~] ls /mnt
hgfs jpress-0.4.0