Ansible自动化运维(四)----Ansible模块精讲
ansible-doc -l
command模块
作用:在远程节点上执行一个命令
参数:
- ansible-doc -s commnand 查看该模块支持的参数
- chdir 在执行命令之前,先通过cd进入该参数指定的目录
- creates 在创建一个文件之前, 判断该文件是否存在,如果存在了则跳过前面的东西,如果不存在则执行前面的动作
- free_ form 该参数可以输入任何的系统命令,实现远程执行和管理removes定一个文件是否存在,如果存在了则执行前面的动作,如果不存在则跳过动作
command模块是ansible的默认基本模块,也可以省略不写,但是要注意如下的坑,
- 使用command模块,
不得出现
shell变量$name,也不得出现
特殊符号> <| ; &。这些符号command模块都不认识,如果你想用前面指定的变量,特殊符号,请使用shell模块 ,command模块就不适合你了。
command模块案例
# 1.获取所有被管理机器的负载信息
[root@Ansible-01 .ssh]# ansible shenfu -m command -a "uptime"
123.57.235.127 | CHANGED | rc=0 >>
15:26:23 up 3 days, 4:38, 2 users, load average: 0.08, 0.04, 0.01
# 2.让客户端机器,先切换到/tmp目录下,然后打印当前的工作目录
[root@Ansible-01 .ssh]# ansible shenfu -m command -a "pwd chdir=/tmp/"
123.57.235.127 | CHANGED | rc=0 >>
/tmp
# 3.creates参数,该参数作用是判断该文件是否存在,存在则跳过,不存在则执行
# 判断/opt是否存在,存在则不执行前面的pwd操作,不存在则执行pwd
# 存在
[root@Ansible-01 .ssh]# ansible shenfu -m command -a "pwd creates=/opt"
123.57.235.127 | SUCCESS | rc=0 >>
skipped, since /opt existsDid not run command since '/opt' exists
/root
# 不存在
[root@Ansible-01 .ssh]# ansible shenfu -m command -a "pwd creates=/opt123"
123.57.235.127 | CHANGED | rc=0 >>
/root
# 4.removes参数,存在则执行,不存在则跳过
# 不存在
[root@Ansible-01 opt]# ansible shenfu -a "ls /opt removes=/opt123"
123.57.235.127 | SUCCESS | rc=0 >>
skipped, since /opt123 does not existDid not run command since '/opt123' does not exist
# 存在
[root@Ansible-01 opt]# ansible shenfu -a "ls /opt removes=/opt"
123.57.235.127 | CHANGED | rc=0 >>
test
# 5.warn参数,是否提供警告信息
# 不忽略告警信息
[root@Ansible-01 opt]# ansible shenfu -m command -a "chmod 222 /opt/test warn=True"
[WARNING]: Consider using the file module with mode rather than running
'chmod'. If you need to use 'chmod' because the file module is insufficient
you can add 'warn: false' to this command task or set 'command_warnings=False'
in the defaults section of ansible.cfg to get rid of this message.
123.57.235.127 | CHANGED | rc=0 >>
# 忽略告警信息
[root@Ansible-01 opt]# ansible shenfu -m command -a "chmod 222 /opt/test warn=False"
123.57.235.127 | CHANGED | rc=0 >>
shell模块
作用:在远程机器上执行命令(复杂的命令)
了解模块用法的渠道
- linux命令行里面通过ansible-doc
- ansible官网查看帮助信息https://docs.ansible.com/ansible/latest/modules/shell_module.html
shell模块案例
# 1.批量查询进程信息
[root@Ansible-01 ~]# ansible shenfu -m shell -a "ps -ef|grep vi|grep -v grep"
123.57.235.127 | CHANGED | rc=0 >>
root 1239 1 0 Aug09 ? 00:01:34 /usr/local/share/aliyun-assist/2.2.3.309/aliyun-service
# 2.批量在客户端机器,创建写入文件信息
[root@Ansible-01 ~]# ansible shenfu -m shell -a "echo 测试 > /tmp/test.txt && cat /tmp/test.txt"
123.57.235.127 | CHANGED | rc=0 >>
测试
# 3.批量远程执行脚本
该需要执行的脚本,必须要求在客户端机器上存在,否则会报错文件不存在,
这是shell模块的特点,是因为还有一个专门执行脚本的script模块
注意的是这个脚本必须在客户端机器上存在才行
1.创建文件夹
2.创建sh脚本文件,还要写入脚本内容
3.赋予脚本可执行权限
4.执行脚本
5.忽略warning信息
# 思路分析
最好所有的操作都是在管理机器上,也就是(老板)这台机器Ansible-01上进行远程
的批量化操作。
[root@Ansible-01 ~]# ansible shenfu -m shell -a "mkdir -p /server/myscripts/;echo 'hostname' > /server/myscripts/hostname.sh;chmod +x /server/myscripts/hostname.sh;bash /server/myscripts/hostname.sh warn=False"
123.57.235.127 | CHANGED | rc=0 >>
Ansible-02
script模块
功能:把Ansible-01管理机器上的脚本远程的传输到备管理节点上去执行。
比起shell模块,script 模块功能更强大,在Ansible-01机器本地有一份脚本,就可以在所有被管理节点上去运行。
参数
- creates
- removes
- chdir
script模块案例
# 1.在管理节点上创建脚本
[root@Ansible-01 ~]# echo -e "pwd\nhostname" > /tmp/local_hostname.sh
[root@Ansible-01 ~]# cat /tmp/local_hostname.sh
pwd
hostname
[root@Ansible-01 ~]# chmod +x /tmp/local_hostname.sh
# 2.远程的批量执行脚本,且在客户端上不需要存在该脚本
[root@Ansible-01 ~]# ansible shenfu -m script -a "/tmp/local_hostname.sh"
123.57.235.127 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 123.57.235.127 closed.\r\n",
"stderr_lines": [
"Shared connection to 123.57.235.127 closed."
],
"stdout": "/root\r\nAnsible-02\r\n",
"stdout_lines": [
"/root",
"Ansible-02"
]
}
Ansible文件操作的模块
copy模块
作用:复制文件数据到远程主机
ansible-doc -s copy #查看copy模块的参数用法
参数解释如下:
copy模块是远程推送数据的模块,只能把管理节点上的数据,推送给远程节点,无法拉取数据到本地。
copy模块案例
- 把Ansible-01上的文件数据,发给被管理节点。
- 先创建好需要数据复制的user group, 批量创建用户用户组,通过command模块或者shell模块,远程的执行命令即可。
[root@Ansible-01 ~]# ansible shenfu -m command -a "useradd learn_ansible"
123.57.235.127 | CHANGED | rc=0 >>
[root@Ansible-01 ~]# ansible shenfu -m command -a "id learn_ansible"
123.57.235.127 | CHANGED | rc=0 >>
uid=1000(learn_ansible) gid=1000(learn_ansible) groups=1000(learn_ansible)
# 将管理机上/etc/hosts文件发给被管理机到/tmp/Ansible-01_hosts
[root@Ansible-01 ~]# ansible shenfu -m copy -a "src=/etc/hosts dest=/tmp/Ansible-01_hosts owner=learn_ansible group=learn_ansible mode=0666"
123.57.235.127 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "6a8a7f26bb5ea8414fc31a8dd4a2c4faf0014b9a",
"dest": "/tmp/Ansible-01_hosts",
"gid": 1000,
"group": "learn_ansible",
"md5sum": "5fd193a6519c17772d6858c5cd6fbb36",
"mode": "0666",
"owner": "learn_ansible",
"size": 184,
"src": "/root/.ansible/tmp/ansible-tmp-1660294190.0717683-69906-181716912576041/source",
"state": "file",
"uid": 1000
}
# 查看拷贝后的文件信息
[root@Ansible-01 ~]# ansible shenfu -m command -a "ls -l /tmp/Ansible-01_hosts"
123.57.235.127 | CHANGED | rc=0 >>
-rw-rw-rw- 1 learn_ansible learn_ansible 184 Aug 12 16:49 /tmp/Ansible-01_hosts
远程批量复制文件,备份,追加内容
# 1.批量远程的生成文件和内容
[root@Ansible-01 ~]# ansible shenfu -m shell -a "echo 今天天气不错 > /tmp/day.txt"
123.57.235.127 | CHANGED | rc=0 >>
[root@Ansible-01 ~]# ansible shenfu -m shell -a "cat /tmp/day.txt"
123.57.235.127 | CHANGED | rc=0 >>
今天天气不错
# 2.批量的实现了文件远程拷贝,且定义了新的内容放入文件中,并且针对目标机器的源数据文件,做了备份
[root@Ansible-01 ~]# ansible shenfu -m copy -a "content='Hello,my name is shenfu,who are u' dest=/tmp/day.txt backup=yes"
123.57.235.127 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup_file": "/tmp/day.txt.12646.2022-08-12@17:31:46~",
"changed": true,
"checksum": "fdabdcd7c4a026235345de507ada84cde16f7ac9",
"dest": "/tmp/day.txt",
"gid": 0,
"group": "root",
"md5sum": "a46b34883b7b85e1adf9e53edc7273af",
"mode": "0644",
"owner": "root",
"size": 33,
"src": "/root/.ansible/tmp/ansible-tmp-1660296705.3170724-70465-146643904936647/source",
"state": "file",
"uid": 0
}
[root@Ansible-01 ~]# ansible shenfu -m shell -a "ls -l /tmp/day*"
123.57.235.127 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 33 Aug 12 17:31 /tmp/day.txt
-rw-r--r-- 1 root root 19 Aug 12 17:28 /tmp/day.txt.12646.2022-08-12@17:31:46~
file模块
作用:创建,修改文件,目录的属性
参数:
- group 定义文件/目录的属组
- owner 定义属主
- mode 定义权限
- path 必选参数,定义文件路径
- src 定义源文件路径,主要用于创建link类型文件使用
- dest 创建出来的软连接它的路径
- state 参数:
- file:如果目标文件不存在,那么不会创建该文件
- touch:如果文件不存在, 则创建一个新的文件,如果文件已经存在了,则修改它的最后修改时间
- directory:如果目录不存在,那么会创建目录
- link:用于创建软连接类型
- absent:删除目录,文件或者取消连接
file模块主要用于创建文件,目录,以及文件数据,或者对现有的文件,目录修改权限。
file模块案例
# 1.远程的批量创建文件夹,并且设置权限是666
[root@Ansible-01 ~]# ansible shenfu -m shell -a "ls -l /tmp/day*"
123.57.235.127 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 33 Aug 12 17:31 /tmp/day.txt
-rw-r--r-- 1 root root 19 Aug 12 17:28 /tmp/day.txt.12646.2022-08-12@17:31:46~
[root@Ansible-01 ~]# ansible shenfu -m file -a "dest=/tmp/cc_dir/ mode=666 state=directory"
123.57.235.127 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0666",
"owner": "root",
"path": "/tmp/cc_dir/",
"size": 6,
"state": "directory",
"uid": 0
}
# 2.验证文件夹是否存在,以及权限查看
[root@Ansible-01 ~]# ansible shenfu -m shell -a "ls -ld /tmp/cc_dir"
123.57.235.127 | CHANGED | rc=0 >>
drw-rw-rw- 2 root root 6 Aug 12 17:39 /tmp/cc_dir
远程批量生成文件
# 目标文件不存在,则不执行动作,这是state的file属性
[root@Ansible-01 ~]# ansible shenfu -m file -a "dest=/tmp/cc_666.txt state=file owner=learn_ansible group=learn_ansible mode=600"
123.57.235.127 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "file (/tmp/cc_666.txt) is absent, cannot continue",
"path": "/tmp/cc_666.txt",
"state": "absent"
}
# 应该使用state的touch属性
[root@Ansible-01 ~]# ansible shenfu -m file -a "dest=/tmp/cc_666.txt state=touch owner=learn_ansible group=learn_ansible mode=600"
123.57.235.127 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/tmp/cc_666.txt",
"gid": 1000,
"group": "learn_ansible",
"mode": "0600",
"owner": "learn_ansible",
"size": 0,
"state": "file",
"uid": 1000
}
[root@Ansible-01 ~]# ansible shenfu -m shell -a "ls -l /tmp/cc_666.txt"
123.57.235.127 | CHANGED | rc=0 >>
-rw------- 1 learn_ansible learn_ansible 0 Aug 12 17:50 /tmp/cc_666.txt
远程创建软连接
# 源文件和软链接都是绝对路径
[root@Ansible-01 ~]# ansible shenfu -m file -a "src=/etc/hosts dest=/tmp/ansible_hosts_test state=link"
123.57.235.127 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/tmp/ansible_hosts_test",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/etc/hosts",
"state": "link",
"uid": 0
}
# 验证软链接
[root@Ansible-01 ~]# ansible shenfu -m shell -a "ls -l /tmp/ansible_hosts_test"
123.57.235.127 | CHANGED | rc=0 >>
lrwxrwxrwx 1 root root 10 Aug 12 17:53 /tmp/ansible_hosts_test -> /etc/hosts
yum模块
yum模块案例
# 1.批量检查所有被管理节点是否安装了nginx服务
[root@Ansible-01 ~]# ansible shenfu -m shell -a "rpm -qa nginx warn=false"
123.57.235.127 | CHANGED | rc=0 >>
# 2.通过yum模块批量安装服务
[root@Ansible-01 ~]# ansible shenfu -m yum -a "name=nginx state=installed"
123.57.235.127 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: libXpm-3.5.12-8.el8.x86_64",
"Installed: nginx-all-modules-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch",
"Installed: nginx-filesystem-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch",
"Installed: nginx-mod-http-image-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Installed: libwebp-1.0.0-5.el8.x86_64",
"Installed: jbigkit-libs-2.1-14.el8.x86_64",
"Installed: libtiff-4.0.9-20.el8.x86_64",
"Installed: nginx-mod-http-perl-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Installed: nginx-mod-http-xslt-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Installed: libjpeg-turbo-1.5.3-12.el8.x86_64",
"Installed: nginx-mod-mail-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Installed: nginx-mod-stream-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Installed: nginx-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Installed: gd-2.2.5-7.el8.x86_64"
]
}
# 3.远程检查服务是否安装了
[root@Ansible-01 ~]# ansible shenfu -m shell -a "rpm -qa nginx warn=false"
123.57.235.127 | CHANGED | rc=0 >>
nginx-1.14.1-9.module_el8.0.0+184+e34fea82.x86_64
# 4.批量远程卸载nginx
[root@Ansible-01 ~]# ansible shenfu -m yum -a "name=nginx state=absent"
123.57.235.127 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Removed: nginx-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Removed: nginx-all-modules-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch",
"Removed: nginx-mod-http-image-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Removed: nginx-mod-http-perl-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Removed: nginx-mod-http-xslt-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Removed: nginx-mod-mail-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Removed: nginx-mod-stream-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64"
]
}
# 5.再次检查nginx是否被卸载
[root@Ansible-01 ~]# ansible shenfu -m shell -a "rpm -qa nginx"
123.57.235.127 | CHANGED | rc=0 >>
# 6.升级软件包,指定升级nginx, 也可以写成name='*' 就等于yum update升级所有软件包,latest也提供下载更新
[root@Ansible-01 ~]# ansible shenfu -m yum -a "name='nginx' state=latest"
123.57.235.127 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: nginx-mod-stream-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Installed: nginx-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Installed: nginx-all-modules-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch",
"Installed: nginx-mod-http-image-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Installed: nginx-mod-http-perl-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Installed: nginx-mod-http-xslt-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64",
"Installed: nginx-mod-mail-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64"
]
}
# 7.升级系统所有软件包,排除某个服务不升级,这个命令,注意不要在服务器上随便敲,因为服务器不得任意更新一些服务版本,可能会造成服务挂掉(根据教程,作者确实没有敲)
ansible shenfu -m yum -a "state=latest name='*' exclude='nginx'"
Ansible服务管理模块
通过yum命安装的软件,在centos6和centos7平台下有不同的启动命令
Centos 6---- serivce
service nginx start/stop/restart/reload
Centos7–systemctl
systemctl start/stop/restart/reload/status/nginx. serivce
通过ansible的yum模块安装的软件,我们还可以通过远程批量化的服务管理模块,进行批量的启停
针对service命令,用在centos6系统平台 上
针对systemct1命令,主要用于centos7平台
ansible-doc -s service
ansible-doc -s systemd
要注意的是serivce已然对centos7有效
当你使用service命令管理服务,系统自动的重定向为systemct1服务管理
命令
systemd模块
- name 指定服务的名字,比如nginx.serivce,如crond.serivce
- state 填入你要执行的操作,如reloaded,restarted,started,stopped
- enabled 指定服务开机自启sys temctl enable nginx
- daemon_ reload 每当修改了配置文件,使用systemd重读配置文件
管理crond服务
# 1.远程的查看crond服务是否正常
[root@Ansible-01 ~]# ansible shenfu -m shell -a "systemctl status crond"|grep Active
Active: active (running) since Tue 2022-08-09 10:48:32 CST; 3 days ago
# 2.检查crond服务是否开机自启了
[root@Ansible-01 ~]# ansible shenfu -m shell -a "systemctl list-unit-files"|grep crond
crond.service enabled
# 3.通过systemd模块管理服务
ansible shenfu -m systemd -a "name=crond state=stopped"
ansible shenfu -m systemd -a "name=crond state=started"
ansible shenfu -m systemd -a "name=crond state=restarted"
ansible shenfu -m systemd -a "name=crond state=reloaded"
cron模块
作用:定时任务服务,主要是管理linux的定时任务条目
定时crontab条目都是遵循了规则
分 时 日 月 周 执行命令的绝对路径
* * * * *
*/5 * * * * 每5分钟执行命令每个月的3号,13号,早上8点整重启nginx
0 8 3, 13 * * /usr/bin/systemctl restart nginx
cron模块案例
# 1.添加定时任务,每5分钟进行时间同步
[root@Ansible-01 ~]# ansible shenfu -m cron -a "name=ntp_cron job='/usr/sbin/ntpdate ntp.aliyun.com > /dev/null 2>&1' minute=*/5"
123.57.235.127 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"envs": [],
"jobs": [
"ntp_cron"
]
}
# 2.远程的查看定时任务是否添加
[root@Ansible-01 ~]# ansible shenfu -m shell -a "crontab -l"
123.57.235.127 | CHANGED | rc=0 >>
#Ansible: ntp_cron
*/5 * * * * /usr/sbin/ntpdate ntp.aliyun.com > /dev/null 2>&1
# 3.再添加一个记录,事件是每个月的3号,13号,早上8点整重启nginx
# 思路:转化如下任务即可
0 8 3,13 * * /usr/bin/systemctl restart nginx
[root@Ansible-01 ~]# ansible shenfu -m cron -a "name=restart_nginx job='/usr/bin/systemctl restart nginx' minute=0 hour=8 day=3,13"
123.57.235.127 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"envs": [],
"jobs": [
"ntp_cron",
"restart_nginx"
]
}
# 4.删除定时任务,只能删除通过ansible模块添加的任务记录
[root@Ansible-01 ~]# ansible shenfu -m cron -a "name='restart_nginx' state=absent"
123.57.235.127 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"envs": [],
"jobs": [
"ntp_cron"
]
}
----根据于超老师视频讲解进行笔记,做了相对更改,如有侵权请联系作者删除。