目录
(1)轻便性:无需在被控制服务器上安装客户端,Ansible基于ssh协议
(3)判断性:大部分模块在执行时都会判断目标节点是否要执行任务,所有重复执行某个任务大部分时间不会产生副作用
(4)简介性:一个窗口即可管理所有需要控制的机器,无需开启多个窗口
(1)部署简单,只需要主控端部署Ansible环境,被控端无需做任何操作;
(1)HostInventory:记录由Ansible管理的主机信息,端口,ip,密码等
(2)playbooks:'剧本'YAML格式文件,多任务定义在一个文件中,定义主机需要调用那些模块完成功能
(3)core modeules:核心模块主要操作通过调用核心模块来完成管理任务
(4)customodules:自定义模块,完成核心模块无法完成的模块,支持多种语言编写
(5)connectiontugins:连接插件,ansible和主机通信使用(ssh协议)
(1)加载自己的配置文件,默认/etc/ansible/ansible.cfg
(2)查找对应的主机的配置文件,找到要执行的主机或组/etc/ansible/hosts文件
(3)加载自己对应的模块文件,如command、yum、ping、
(4)通过ansible将模块命令生成对应的临时py文件(类似python脚本),并将该文件传输至被管理端
(5)传输到在被控制端的对应用户的家目录下.ansible/tmp/xxx/xxx.py
(7)执行并返回结果,执行完成后删除py文件并sleep 0退出
一.Ansible基本内容
1.定义
Ansible是基于模块工作的,只是提供了一种运行框架,本身没有完成任务的能力,真正操作的是Anisble的模块。每个模块都是独立的、实现了批量系统配置、批量程序部署、批量运行命令等功能。
2.特点与优势
优势:
(1)轻便性:无需在被控制服务器上安装客户端,Ansible基于ssh协议
(2)幂等性:大部分模块有幂等性,即如果输入systemctl stop firewalld当发现要停止的服务已经停止就不会做任何操作了,多次停止不会改变结果。systemtl restart是非幂等的。
(3)判断性:大部分模块在执行时都会判断目标节点是否要执行任务,所有重复执行某个任务大部分时间不会产生副作用
(4)简介性:一个窗口即可管理所有需要控制的机器,无需开启多个窗口
特点:
(1)部署简单,只需要主控端部署Ansible环境,被控端无需做任何操作;
(2)默认使用SSH协议设备进行管理;
(3)主从集中化管理;
(4)配置简单、功能强大、扩展性强;
(5)支持API及自定义模块,可以通过Python轻松扩展
(6)通过playbooks来定制强大的配置、状态管理
(7)对云平台和大数据都有很好的支持
4.Anisible核心程序
(1)HostInventory:记录由Ansible管理的主机信息,端口,ip,密码等
(2)playbooks:'剧本'YAML格式文件,多任务定义在一个文件中,定义主机需要调用那些模块完成功能
(3)core modeules:核心模块主要操作通过调用核心模块来完成管理任务
(4)customodules:自定义模块,完成核心模块无法完成的模块,支持多种语言编写
(5)connectiontugins:连接插件,ansible和主机通信使用(ssh协议)
5.Ansible工作原理
(1)加载自己的配置文件,默认/etc/ansible/ansible.cfg
(2)查找对应的主机的配置文件,找到要执行的主机或组/etc/ansible/hosts文件
(3)加载自己对应的模块文件,如command、yum、ping、
(4)通过ansible将模块命令生成对应的临时py文件(类似python脚本),并将该文件传输至被管理端
(5)传输到在被控制端的对应用户的家目录下.ansible/tmp/xxx/xxx.py
(6)被控制端给传输过来的py文件加执行权限
(7)执行并返回结果,执行完成后删除py文件并sleep 0退出
6.选项
| --version | #显示版本 |
| -m module | #指定模块,默认为command |
| -v | #详细过程 -vv -vvv更详细 |
| --list-hosts | #显示主机列表,可简写 --list |
| -C, --check | #检查,并不执行 |
| -T, --timeout=TIMEOUT | #执行命令的超时时间,默认10s |
| -k, --ask-pass | #提示输入ssh连接密码,默认Key验证 |
| -u, --user=REMOTE_USER | #执行远程执行的用户,默认root |
| -b, --become | #代替旧版的sudo 切换 |
| --become-user=USERNAME | #指定sudo的runas用户,默认为root |
| vim /etc/sudoers 用户权限 | |
| -K, --ask-become-pass | #提示输入sudo时的口令 |
| -f FORKS, --forks FORKS | #指定并发同时执行ansible任务的主机 |
二.Ansible自动化运维工具安装
1.yum安装
[root@localhost ~]#yum install epel-release.noarch -y
[root@localhost ~]#yum install ansible -y
[root@localhost ~]#ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]2.编译安装——不建议
yum -y install python-jinja2 PyYAML python-paramiko python-babel python-crypto
wget https://releases.ansible.com/ansible/ansible-2.9.27.tar.gz
tar xf ansible-1.5.4.tar.gz
cd ansible-2.9.27
python setup.py build
python setup.py install
mkdir /etc/ansible
cp -r examples/* /etc/ansible3.Git安装——不建议
yum install git
git clone git://github.com/ansible/ansible.git --recursive
cd ./ansible
source ./hacking/env-setup三、相关文件
- /etc/ansible/ansible.cfg 主配置文件,配置ansible工作特性,也可以在项目的目录中创建此文件,当前目录下如果也有ansible.cfg,则此文件优先生效,建议每个项目目录下,创建独有的ansible.cfg文 件
- /etc/ansible/hosts 主机清单
- /etc/ansible/roles/ 存放角色的目录
1.Ansible主配置文件
Ansible 的配置文件可以放在多个不同地方,优先级从高到低顺序如下
ANSIBLE_CONFIG
#环境变量,注意此项用 ansible --version 看不到,但可以生效
./ansible.cfg
#当前目录下的ansible.cfg
~/.ansible.cfg
#当前用户家目录下的.ansible.cfg
/etc/ansible/ansible.cfg
#系统默认配置文件Ansible 的默认配置文件 /etc/ansible/ansible.cfg ,其中大部分的配置内容无需进行修改
[defaults]
#inventory = /etc/ansible/hosts #主机列表配置文件
#library = /usr/share/my_modules/ #库文件存放目录
#remote_tmp = $HOME/.ansible/tmp #临时py命令文件存放在远程主机目录
#local_tmp = $HOME/.ansible/tmp #本机的临时命令执行目录
#forks = 5 #默认并发数
#sudo_user = root #默认sudo 用户
#ask_sudo_pass = True #每次执行ansible命令是否询问ssh密码
#ask_pass = True
#remote_port = 22
#host_key_checking = False #检查对应服务器的host_key,建议取消此行注释,实现第一次连接自动信任目标主机
#log_path=/var/log/ansible.log #日志文件,建议启用
#module_name = command 、mod #默认模块,可以修改为shell模块
[privilege_escalation] #普通用户提权配置
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False2.inventory主机清单文件
ansible的主要功用在于批量主机操作,为了便捷地使用其中的部分主机,可以在inventory 主机清单文件中将其分组组织
官方文档: https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
默认的inventory file位置在 /etc/ansible/hosts
ansible_ssh_host
#将要连接的远程主机名.与你想要设定的主机的别名不同的话,可通过此变量设置.
ansible_ssh_port
#ssh端口号.如果不是默认的端口号,通过此变量设置.这种可以使用 ip:端口
192.168.1.100:2222
ansible_ssh_user
#默认的 ssh 用户名
ansible_ssh_pass
#ssh 密码(这种方式并不安全,我们强烈建议使用 --ask-pass 或 SSH 密钥)
ansible_sudo_pass
#sudo 密码(这种方式并不安全,我们强烈建议使用 --ask-sudo-pass)
ansible_sudo_exe (new in version 1.8)
#sudo 命令路径(适用于1.8及以上版本)
ansible_connection
#与主机的连接类型.比如:local, ssh 或者 paramiko. Ansible 1.2 以前默认使用 paramiko.1.2 以后默认使用 'smart','smart' 方式会根据是否支持 ControlPersist, 来判断'ssh' 方式是否可行.
ansible_ssh_private_key_file
#ssh 使用的私钥文件.适用于有多个密钥,而你不想使用 SSH 代理的情况.
ansible_shell_type
#目标系统的shell类型.默认情况下,命令的执行使用 'sh' 语法,可设置为'csh' 或 'fish'.
ansible_python_interpreter
#目标主机的 python 路径.适用于的情况: 系统中有多个 Python, 或者命令路径不是"/usr/bin/python",比如 \*BSD, 或者 /usr/bin/python 不是 2.X 版本的Python.之所以不使用 "/usr/bin/env" 机制,因为这要求远程用户的路径设置正确,且要求 "python" 可执行程序名不可为 python以外的名字(实际有可能名为python26).与ansible_python_interpreter 的工作方式相同,可设定如 ruby 或 perl 的路径....3.示例
[root@localhost ~]#vim /etc/ansible/hosts
[root@localhost ~]#sed -n '45,51p' /etc/ansible/hosts
[web]
192.168.241.22
192.168.241.23
[all]
192.168.241.[22:26][root@localhost ~]#ansible 192.168.91.105 -m ping
#可以指定 m代表使用模块 ping代表ping模块 命令探测下,需要输入 yes 或no
m代表使用模块 ping代表ping模块 命令探测下,需要输入 yes 或no
[root@localhost ~]#ansible web -m ping -k
#-k 输入密码 只有一次机会,如果密码不同无法一起管理,建议ssh免密
SSH password:
192.168.241.23 | FAILED! => {
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
}
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}3.1修改ssh配置——免密
[root@localhost ~]#vim /etc/ssh/ssh_config
[root@localhost ~]#sed -n '35p' /etc/ssh/ssh_config
StrictHostKeyChecking ask---->no[root@localhost ~]#ansible web -m ping -k
SSH password:
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@localhost ~]#ansible web -m ping
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}[root@localhost ~]#ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:asSeknDK6vVK7Xq2iCLXjPiCRsAd9d4n7TTSw+v5f+U root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| .. |
| . . |
|. . . . |
|.. . .. . + |
|. . . o.S+ O |
| o +.+ o * + .|
|o.o*o.= o ..|
|*o* *= . . E|
|**.+=+. o.....|
+----[SHA256]-----+
[root@localhost ~]#ssh-copy-id 192.168.241.22
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.241.22's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.241.22'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]#ssh-copy-id 192.168.241.23
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.241.23's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.241.23'"
and check to make sure that only the key(s) you wanted were added.3.2修改ansible配置——免密
[root@localhost ~]#vim /etc/ansible/ansible.cfg
[root@localhost ~]#sed -n '71p' /etc/ansible/ansible.cfg
host_key_checking = False[root@localhost ~]#echo " " > .ssh/known_hosts
[root@localhost ~]#cat .ssh/known_hosts
[root@localhost ~]#ansible web -m ping -k
SSH password:
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@localhost ~]#ansible web -m ping
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@localhost ~]#cat .ssh/known_hosts
192.168.241.22 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFJ0yF0PqvJxGhvSbYYG8cruLD23vFivSgMr3ozmortbWK+P3BoYjpSdhEB3xv/2s1mEzol/aWLd+/qNgdbqTmc=
192.168.241.23 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFNCvnWTWT+7UYGSPzChIOIEvYJk8+OtYDdoiN6DEc222O4Pm0AteuzOGjsgc1La170AhxLWO1DGKDaFCynAwTs=4.Ansible相关工具
- /usr/bin/ansible 主程序,临时命令执行工具
- /usr/bin/ansible-doc 查看配置文档,模块功能查看工具,相当于man ansible-doc -l |grep 关键字 具体模块名字
- /usr/bin/ansible-playbook 定制自动化任务,编排剧本工具,相当于脚本
- /usr/bin/ansible-pull 远程执行命令的工具
- /usr/bin/ansible-vault 文件加密工具
- /usr/bin/ansible-console 基于Console界面与用户交互的执行工具
- /usr/bin/ansible-galaxy 下载/上传优秀代码或Roles模块的官网平台
5.Ansible选项
执行临时任务一次性任务
ansible <host-pattern> [-m module_name] [-a args]
命令 主机或者清单中的组 -m 指定模块 -a 执行的任务| 选项 | 含义 |
|---|---|
| --version | 显示版本 |
| -m module | 指定模块,默认为command |
| -v | 详细过程 -vv -vvv更详细 |
| --list-hosts | 显示主机列表,可简写 --list |
| -C, --check | 检查,并不执行 |
| -T, --timeout=TIMEOUT | 执行命令的超时时间,默认10s |
| -k, --ask-pass | 提示输入ssh连接密码,默认Key验证 |
| -u, --user=REMOTE_USER | 执行远程执行的用户,默认root |
| -b, --become | 代替旧版的sudo 切换 |
| --become-user=USERNAME | 指定sudo的runas用户,默认为root vim /etc/sudoers 用户权限 |
| -K, --ask-become-pass | 提示输入sudo时的口令 |
| -f FORKS, --forks FORKS | 指定并发同时执行ansible任务的主机数 |
[root@localhost ~]#ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]主机列表 支持通配符
ansible all -m ping
#执行一次计划任务 对all组内的主机执行ping命令
ansible "*" -m ping
#执行一次计划任务 对所有主机进行ping命令
ansible 192.168.241.* -m ping
#对192.168.241网段的主机执行ping
ansible "srvs" -m ping
#指定srvs组的主机执行ping
ansible "192.168.241.22 192.168.241.23" -m ping
#执行特定主机执行ping
[root@localhost ~]#ansible web --list
hosts (2):
192.168.241.22
192.168.241.23
[root@localhost ~]#ansible all --list
hosts (5):
192.168.241.22
192.168.241.23
192.168.241.24
192.168.241.25
192.168.241.26
#或
[root@localhost ~]#ansible 'web:all' --list-hosts
hosts (5):
192.168.241.22
192.168.241.23
192.168.241.24
192.168.241.25
192.168.241.26
#并且
[root@localhost ~]#ansible 'web:&all' --list-hosts
hosts (2):
192.168.241.22
192.168.241.23
#逻辑非
[root@localhost ~]#ansible 'all:!web' --list-hosts
hosts (3):
192.168.241.24
192.168.241.25
192.168.241.26
#正则表达式
[root@localhost ~]#ansible "~(w|a).*" -m ping -k
SSH password:
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.241.24 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.241.25 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.241.25 port 22: No route to host",
"unreachable": true
}
192.168.241.26 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.241.26 port 22: No route to host",
"unreachable": true
}[root@localhost ~]#ansible web -a "sleep 3" -f1
192.168.241.22 | CHANGED | rc=0 >>
192.168.241.23 | CHANGED | rc=0 >>
[root@localhost ~]#ansible web -a "sleep 3" -f4
192.168.241.22 | CHANGED | rc=0 >>
192.168.241.23 | CHANGED | rc=0 >> 
-f1 一台一台的执行操作 -f并行执行
[root@localhost ~]#ansible web -a "sleep 300" -f1
192.168.241.22 | CHANGED | rc=0 >>
192.168.241.23 | CHANGED | rc=0 >>[root@node2 ~]#ls -a
. .bash_profile Desktop .local Templates
.. .bashrc Documents Music Videos
anaconda-ks.cfg .cache Downloads Pictures .viminfo
.ansible .config .esd_auth Public .Xauthority
.bash_history .cshrc .ICEauthority .ssh
.bash_logout .dbus initial-setup-ks.cfg .tcshrc
[root@node2 ~]#tree .ansible/
.ansible/
└── tmp
└── ansible-tmp-1710222280.45-5420-206640600379694
└── AnsiballZ_command.py
2 directories, 1 file[root@node2 ~]#tree .ansible/
.ansible/
└── tmp
1 directory, 0 files如果执行休眠300秒的话,远端主机会有一个py的脚本存在,执行结束后,脚本就自动删除脚本
[root@localhost ~]#ansible web -a "touch /opt/cxk" -v
Using /etc/ansible/ansible.cfg as config file
[WARNING]: Consider using the file module with state=touch rather than running
'touch'. If you need to use command because file is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
192.168.241.23 | CHANGED | rc=0 >>
192.168.241.22 | CHANGED | rc=0 >>[root@node2 ~]#ls /opt
apache-tomcat-9.0.16.tar.gz cxk jdk-8u291-linux-x64.tar.gz[root@node3 ~]#ls /opt
apache-tomcat-9.0.16.tar.gz cxk jdk-8u291-linux-x64.tar.gzAnsible命令执行过程
- 加载自己的配置文件,默认/etc/ansible/ansible.cfg
- 加载自己对应的模块文件,如:command
- 通过ansible将模块或命令生成对应的临时py文件,并将该文件传输至远程服务器的对应执行用户($HOME/.ansible/tmp/ansible-tmp-数字/XXX.PY文件)
- 给文件+x执行
- 执行并返回结果
- 删除临时py文件,退出
6.执行返回结果
vim /etc/ansible/ansible.cfg
[colors]
#highlight = white
#verbose = blue
#warn = bright purple
#error = red
#debug = dark gray
#deprecate = purple
#skip = cyan
#unreachable = red
#ok = green
#changed = yellow
#diff_add = green- 绿色:执行成功并且不需要做改变的操作
- 黄色:执行成功并且对目标主机做变更
- 红色:执行失败
7.Ansible-doc
[root@localhost ~]#ansible-doc
#可以查看所有支持的模块
usage: ansible-doc [-h] [--version] [-v] [-M MODULE_PATH]
[--playbook-dir BASEDIR]
[-t {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,module,strategy,vars}]
[-j] [-F | -l | -s | --metadata-dump]
[plugin [plugin ...]]
plugin documentation tool
positional arguments:
plugin Plugin
optional arguments:
--metadata-dump **For internal testing only** Dump json metadata for
all plugins.
--playbook-dir BASEDIR
Since this tool does not use playbooks, use this as a
substitute playbook directory.This sets the relative
path for many features including roles/ group_vars/
etc.
--version show program's version number, config file location,
configured module search path, module location,
executable location and exit
-F, --list_files Show plugin names and their source files without
summaries (implies --list)
-M MODULE_PATH, --module-path MODULE_PATH
prepend colon-separated path(s) to module library (def
ault=~/.ansible/plugins/modules:/usr/share/ansible/plu
gins/modules)
-h, --help show this help message and exit
-j, --json Change output into json format.
-l, --list List available plugins
-s, --snippet Show playbook snippet for specified plugin(s)
-t {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,module,strategy,vars}, --type {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,module,strategy,vars}
Choose which plugin type (defaults to "module").
Available plugin types are : ('become', 'cache',
'callback', 'cliconf', 'connection', 'httpapi',
'inventory', 'lookup', 'netconf', 'shell', 'module',
'strategy', 'vars')
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
See man pages for Ansible CLI options or website for tutorials
https://docs.ansible.com
ERROR! Incorrect options passed
[root@localhost ~]#ansible-doc -l|wc -l
3387
#共有3387个模块
[root@localhost ~]#ansible-doc ping
#可以查看指定模块
[root@localhost ~]#ansible-doc -s ping
#查看简单模块
- name: Try to connect to host, verify a usable python and return `pong' on s
ping:
data: # Data to return for the `ping' return value. If
this parameter is
set to `crash',
the module will
cause an
exception.
[root@localhost ~]#ansible-doc file
#幂等性,安全性,自己写脚本8. Ansible-console
此工具可交互执行命令,支持tab,ansible 2.0+新增
执行用户@当前操作的主机组 (当前组的主机数量)[f:并发数]$| 命令 | 含义 |
|---|---|
| forks n(forks 10) | 设置并发数 |
| cd 主机组(cd web) | 切换组 |
| list | 列出当前组主机列表 |
| ?或help | 列出所有的内置命令 |
[root@localhost ~]#ansible-console
Welcome to the ansible console.
Type help or ? to list commands.
root@all (5)[f:5]$ list
192.168.241.22
192.168.241.23
192.168.241.24
192.168.241.25
192.168.241.26
root@all (5)[f:5]$ cd web
root@web (2)[f:5]$ list
192.168.241.22
192.168.241.23
root@web (2)[f:5]$ ping
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
root@web (2)[f:5]$ 四、模块
2015年底270多个模块,2016年达到540个,2018年01月12日有1378个模块,2018年07月15日1852个模块,2019年05月25日(ansible 2.7.10)时2080个模块,2020年03月02日有3387个模块虽然模块众多,但最常用的模块也就2,30个而已,针对特定业务只用10几个模块
常用模块帮助文档参考:
https://docs.ansible.com/ansible/2.9/modules/modules_by_category.html
https://docs.ansible.com/ansible/2.9/modules/list_of_all_modules.html
https://docs.ansible.com/ansible/latest/modules/list_of_all_modules.html
https://docs.ansible.com/ansible/latest/modules/modules_by_category.html
1.Command 模块
功能:在远程主机执行命令,此为默认模块,可忽略 -m 选项
注意:此命令不支持 $VARNAME < > | ; & 等,可能用shell模块实现
注意:此模块不具有幂等性
[root@localhost ~]#ansible web -m command -a "cp /etc/passwd /opt"
192.168.241.22 | CHANGED | rc=0 >>
192.168.241.23 | CHANGED | rc=0 >>[root@node2 ~]#ls /opt
passwd[root@localhost ~]#ansible web -a "echo hello world > /opt/hello"
192.168.241.22 | CHANGED | rc=0 >>
hello world > /opt/hello
192.168.241.23 | CHANGED | rc=0 >>
hello world > /opt/helloCommand模块不支持重定向;如果想支持重定向可以使用shell模块
2.Shell 模块
功能:和command相似,用shell执行命令,支持各种符号,比如:*,$, >
注意:此模块不具有幂等性
[root@localhost ~]#ansible web -m shell -a "echo hello world > /opt/hello"
192.168.241.23 | CHANGED | rc=0 >>
192.168.241.22 | CHANGED | rc=0 >>[root@node2 ~]#ls /opt
hello passwd
[root@node2 ~]#cat /opt/hello
hello world可以通过修改默认模块,来支持shell模块
[root@localhost ~]#vim /etc/ansible/ansible.cfg 
3.Script 模块
功能:在远程主机上运行ansible服务器上的脚本(无需执行权限)
注意:此模块不具有幂等性
[root@localhost ~]#vim test.sh
[root@localhost ~]#cat test.sh
#!/bin/bash
echo "hello world"
[root@localhost ~]#ansible web -m script -a "~/test.sh"
192.168.241.22 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.241.22 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.241.22 closed."
],
"stdout": "hello world\r\n",
"stdout_lines": [
"hello world"
]
}
192.168.241.23 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.241.23 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.241.23 closed."
],
"stdout": "hello world\r\n",
"stdout_lines": [
"hello world"
]
}[root@localhost ~]#vim test.sh
[root@localhost ~]#ll test.sh
-rw-r--r-- 1 root root 27 3月 12 14:59 test.sh
[root@localhost ~]#ansible web -m script -a "~/test.sh"
192.168.241.22 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.241.22 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.241.22 closed."
],
"stdout": "",
"stdout_lines": []
}
192.168.241.23 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.241.23 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.241.23 closed."
],
"stdout": "",
"stdout_lines": []
}[root@node2 ~]#ls /opt
cxk hello passwd
4.Copy 模块
功能:从ansible服务器主控端复制文件到远程主机
注意: src=file 如果是没指明路径,则为当前目录或当前目录下的files目录下的file文件
关键字
- src 代表源文件路径
- dest 代表文件落地路径
- owner 属主
- group 属组
- mode 代表权限
- backup 如果复制时有同名文件会先备份再复制
[root@localhost ~]#ansible web -m copy -a "src=/etc/fstab dest=/opt/ owner=ghd group=ghd mode=644"
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "0a8f7ec11a7ba2691809e9c6c79137d24b91187f",
"dest": "/opt/fstab",
"gid": 1000,
"group": "ghd",
"md5sum": "231ccf5a7234d4f3c0f0a30e98fcb19c",
"mode": "0644",
"owner": "ghd",
"secontext": "system_u:object_r:usr_t:s0",
"size": 465,
"src": "/root/.ansible/tmp/ansible-tmp-1710227335.94-6918-138458584116423/source",
"state": "file",
"uid": 1000
}
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "0a8f7ec11a7ba2691809e9c6c79137d24b91187f",
"dest": "/opt/fstab",
"gid": 1002,
"group": "ghd",
"mode": "0644",
"owner": "ghd",
"path": "/opt/fstab",
"secontext": "system_u:object_r:usr_t:s0",
"size": 465,
"state": "file",
"uid": 1002
}[root@node2 ~]#ls /opt
fstab cxk hello passwd
[root@node2 ~]#cat /opt/fstab
#
# /etc/fstab
# Created by anaconda on Tue Dec 19 00:11:27 2023
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=0ebf43c7-c647-4e61-ab4f-cf6c64fb6a0c /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
[root@node2 ~]#ll /opt/fstab
-rw-r--r--. 1 ghd ghd 465 Mar 12 03:08 /opt/fstabbackup
[root@localhost ~]#vim test.sh
[root@localhost ~]#cat test.sh
#!/bin/bash
touch /opt/cxk
123123
[root@localhost ~]#ansible web -m copy -a "src=~/test.sh dest=/opt/ owner=ghd group=ghd mode=777"
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "0d1614b01219096a6a8c827827ead953ddaff014",
"dest": "/opt/test.sh",
"gid": 1002,
"group": "ghd",
"md5sum": "fb8c0738d3c09da20924bc6b632eb7e7",
"mode": "0777",
"owner": "ghd",
"secontext": "system_u:object_r:usr_t:s0",
"size": 34,
"src": "/root/.ansible/tmp/ansible-tmp-1710228145.96-7404-18496525191031/source",
"state": "file",
"uid": 1002
}
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "0d1614b01219096a6a8c827827ead953ddaff014",
"dest": "/opt/test.sh",
"gid": 1000,
"group": "ghd",
"md5sum": "fb8c0738d3c09da20924bc6b632eb7e7",
"mode": "0777",
"owner": "ghd",
"secontext": "system_u:object_r:usr_t:s0",
"size": 34,
"src": "/root/.ansible/tmp/ansible-tmp-1710228145.95-7402-249014437514833/source",
"state": "file",
"uid": 1000
}[root@node2 ~]#ls /opt
test.sh
[root@node2 ~]#cat /opt/test.sh
#!/bin/bash
touch /opt/cxk
123123[root@localhost ~]#vim test.sh
[root@localhost ~]#cat test.sh
#!/bin/bash
touch /opt/cxk
123123
123123123123
[root@localhost ~]#ansible web -m copy -a "src=~/test.sh dest=/opt/ owner=ghd group=ghd mode=777 backup=yes"
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup_file": "/opt/test.sh.8274.2024-03-12@03:23:19~",
"changed": true,
"checksum": "8908a5fb0ed0bf37176a2179267c7425256cae67",
"dest": "/opt/test.sh",
"gid": 1000,
"group": "ghd",
"md5sum": "c2be730d6da7cdf3ad9c0bc3c865868f",
"mode": "0777",
"owner": "ghd",
"secontext": "system_u:object_r:usr_t:s0",
"size": 47,
"src": "/root/.ansible/tmp/ansible-tmp-1710228198.82-7515-126408936780150/source",
"state": "file",
"uid": 1000
}
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup_file": "/opt/test.sh.7980.2024-03-12@23:23:18~",
"changed": true,
"checksum": "8908a5fb0ed0bf37176a2179267c7425256cae67",
"dest": "/opt/test.sh",
"gid": 1002,
"group": "ghd",
"md5sum": "c2be730d6da7cdf3ad9c0bc3c865868f",
"mode": "0777",
"owner": "ghd",
"secontext": "system_u:object_r:usr_t:s0",
"size": 47,
"src": "/root/.ansible/tmp/ansible-tmp-1710228198.83-7517-181272217391761/source",
"state": "file",
"uid": 1002
}[root@node2 ~]#ls /opt
test.sh test.sh.8274.2024-03-12@03:23:19~
[root@node2 ~]#cat /opt/test.sh
#!/bin/bash
touch /opt/cxk
123123
123123123123源文件变动后 会有如果复制时有同名文件会先备份再复制
ansible web -m copy -a "src=/etc dest=/backup"
ansible web -m copy -a "src=/etc/ dest=/backup"
etc 不加 / 连etc 一起复制 etc会变成子目录
etc 加 / 只复制etc下的文件 把etc下的文件夹改名为 bakckup[root@localhost ~]#ansible web -m copy -a "content='test line1\ntest line2\n' dest=/tmp/test.txt"
#指定内容,直接生成目标文件
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "bbd9f88cdd0202dc851c4ff635538e652c48da02",
"dest": "/tmp/test.txt",
"gid": 0,
"group": "root",
"md5sum": "d913c48ee3f663f1e1f2e626aefa7fa9",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 22,
"src": "/root/.ansible/tmp/ansible-tmp-1710229571.89-44664-73626291238432/source",
"state": "file",
"uid": 0
}
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "bbd9f88cdd0202dc851c4ff635538e652c48da02",
"dest": "/tmp/test.txt",
"gid": 0,
"group": "root",
"md5sum": "d913c48ee3f663f1e1f2e626aefa7fa9",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 22,
"src": "/root/.ansible/tmp/ansible-tmp-1710229571.89-44666-244732855127428/source",
"state": "file",
"uid": 0
}[root@node2 opt]#cat /tmp/test.txt
test line1
test line25.Get_url 模块
功能: 用于将文件从http、https或ftp下载到被管理机节点上
[root@localhost ~]#ansible web -m get_url -a "url=https://nginx.org/download/nginx-1.18.0.tar.gz dest=/opt"
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum_dest": null,
"checksum_src": "47b2c5ccd12e2a7088b03d629ff6b9ab18215180",
"dest": "/opt/nginx-1.18.0.tar.gz",
"elapsed": 103,
"gid": 0,
"group": "root",
"md5sum": "b2d33d24d89b8b1f87ff5d251aa27eb8",
"mode": "0644",
"msg": "OK (1039530 bytes)",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 1039530,
"src": "/root/.ansible/tmp/ansible-tmp-1710229702.93-44730-43314050926576/tmpQjPDrw",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "https://nginx.org/download/nginx-1.18.0.tar.gz"
}
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum_dest": null,
"checksum_src": "47b2c5ccd12e2a7088b03d629ff6b9ab18215180",
"dest": "/opt/nginx-1.18.0.tar.gz",
"elapsed": 111,
"gid": 0,
"group": "root",
"md5sum": "b2d33d24d89b8b1f87ff5d251aa27eb8",
"mode": "0644",
"msg": "OK (1039530 bytes)",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 1039530,
"src": "/root/.ansible/tmp/ansible-tmp-1710229702.9-44728-46949300097557/tmpXkjqHv",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "https://nginx.org/download/nginx-1.18.0.tar.gz"
}[root@node2 opt]#ls
nginx-1.18.0.tar.gz5.1md5sum
[root@node2 opt]#md5sum nginx-1.18.0.tar.gz
b2d33d24d89b8b1f87ff5d251aa27eb8 nginx-1.18.0.tar.gz可以根据md5sum值来对比下载的软件包是否被修改过源码,或者是否植入了病毒
wget https://nginx.org/download/nginx-1.18.0.tar.gz
md5sum nginx-1.18.0.tar.gz
ansible web -m get_url -a 'url=https://nginx.org/download/nginx-1.18.0.tar.gz dest=/opt checksum="md5:3ca4a37931e9fa301964b8ce889da8cb"'- url: 下载文件的URL,支持HTTP,HTTPS或FTP协议
- dest:下载到目标路径(绝对路径),如果目标是一个目录,就用服务器上面文件的名称,如果目标设置了名称就用目标设置的名称
- owner:指定属主
- group:指定属组
- mode:指定权限
- force:如果yes,dest不是目录,将每次下载文件,如果内容改变,替换文件。如果否,则只有在目标不存在时才会下载该文件
- checksum:对目标文件在下载后计算摘要,以确保其完整性
- url_username:用于HTTP基本认证的用户名。对于允许空密码的站点,此参数可以不使用`url_password'
- url_password:用于HTTP基本认证的密码。如果未指定`url_username'参数,则不会使用`url_password'参数
- validate_certs:如果“no”,SSL证书将不会被验证。适用于自签名证书在私有网站上使用
- timeout: URL请求的超时时间,秒为单位
5.2修改名称
[root@localhost ~]#ansible web -m get_url -a "url=https://nginx.org/download/nginx-1.18.0.tar.gz dest=/opt/nginx"
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum_dest": null,
"checksum_src": "47b2c5ccd12e2a7088b03d629ff6b9ab18215180",
"dest": "/opt/nginx",
"elapsed": 2,
"gid": 0,
"group": "root",
"md5sum": "b2d33d24d89b8b1f87ff5d251aa27eb8",
"mode": "0644",
"msg": "OK (1039530 bytes)",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 1039530,
"src": "/root/.ansible/tmp/ansible-tmp-1710229996.86-44818-609181738931/tmphM5N4q",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "https://nginx.org/download/nginx-1.18.0.tar.gz"
}
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum_dest": null,
"checksum_src": "47b2c5ccd12e2a7088b03d629ff6b9ab18215180",
"dest": "/opt/nginx",
"elapsed": 4,
"gid": 0,
"group": "root",
"md5sum": "b2d33d24d89b8b1f87ff5d251aa27eb8",
"mode": "0644",
"msg": "OK (1039530 bytes)",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 1039530,
"src": "/root/.ansible/tmp/ansible-tmp-1710229996.88-44820-143263033525380/tmpst830i",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "https://nginx.org/download/nginx-1.18.0.tar.gz"
}[root@node2 opt]#ls
nginx nginx-1.18.0.tar.gz6.Fetch 模块
功能:从远程主机提取文件至ansible的主控端,copy相反,目前不支持目录
只能传文件 文件夹不支持 (文件夹需要打包成压缩包传输)
[root@localhost ~]#ansible web -m fetch -a 'src=/etc/passwd dest=/opt'
192.168.241.23 | CHANGED => {
"changed": true,
"checksum": "7e3ac5475ddaad6b864911f0cd0b1f25fe04cd1e",
"dest": "/opt/192.168.241.23/etc/passwd",
"md5sum": "9a030d4bf488b35b673152d29b04b08d",
"remote_checksum": "7e3ac5475ddaad6b864911f0cd0b1f25fe04cd1e",
"remote_md5sum": null
}
192.168.241.22 | CHANGED => {
"changed": true,
"checksum": "5c66c1bf80e2d40906b7b2aaf5d24262aa52f600",
"dest": "/opt/192.168.241.22/etc/passwd",
"md5sum": "02b1e96833a784acec8560cacf189b06",
"remote_checksum": "5c66c1bf80e2d40906b7b2aaf5d24262aa52f600",
"remote_md5sum": null
}[root@localhost ~]#tree /opt
/opt
├── 192.168.241.22
│ └── etc
│ └── passwd
├── 192.168.241.23
│ └── etc
│ └── passwd
└── rh
5 directories, 2 files7.File 模块
功能:设置文件属性,创建软链接等
关键字
- path 指定文件路径
- state 文件状态 有:新建(touch) 删除(absent) 文件夹(directory) 连接文件(link)等
- src 源文件
- mode 权限
- owner 属主
- group 属组
- recurse 递归
7.1新建空文件
[root@localhost opt]#ansible web -m file -a "path=/opt/cxk state=touch mode=644 owner=ghd group=ghd"
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/cxk",
"gid": 1002,
"group": "ghd",
"mode": "0644",
"owner": "ghd",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 0,
"state": "file",
"uid": 1002
}
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/cxk",
"gid": 1000,
"group": "ghd",
"mode": "0644",
"owner": "ghd",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 0,
"state": "file",
"uid": 1000
}[root@node2 opt]#ls
cxk nginx nginx-1.18.0.tar.gz7.2新建目录
[root@localhost opt]#ansible web -m file -a 'path=/opt/web state=directory'
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/opt/web",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/opt/web",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}[root@node2 opt]#ls
cxk nginx nginx-1.18.0.tar.gz web
[root@node2 opt]#ll
total 2032
-rw-r--r--. 1 ghd ghd 0 Mar 12 04:02 cxk
-rw-r--r--. 1 root root 1039530 Mar 12 03:53 nginx
-rw-r--r--. 1 root root 1039530 Mar 12 03:50 nginx-1.18.0.tar.gz
drwxr-xr-x. 2 root root 6 Mar 12 04:04 web7.3删除文件
[root@localhost opt]#ansible web -m file -a 'path=/opt/web/ state=absent'
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/opt/web/",
"state": "absent"
}
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/opt/web/",
"state": "absent"
}7.4递归修改目录属性
[root@localhost opt]#ansible web -m file -a "path=/opt state=directory owner=ghd group=ghd"
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 1002,
"group": "ghd",
"mode": "0755",
"owner": "ghd",
"path": "/opt",
"secontext": "system_u:object_r:usr_t:s0",
"size": 57,
"state": "directory",
"uid": 1002
}
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 1000,
"group": "ghd",
"mode": "0755",
"owner": "ghd",
"path": "/opt",
"secontext": "system_u:object_r:usr_t:s0",
"size": 57,
"state": "directory",
"uid": 1000
}[root@node2 opt]#ll /
drwxr-xr-x. 2 ghd ghd 57 Mar 12 04:05 opt[root@localhost opt]#ansible web -m file -a "path=/opt/aa/bb/cc state=directory"
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/opt/aa/bb/cc",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/opt/aa/bb/cc",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}[root@node3 opt]#tree aa/
aa/
└── bb
└── cc
2 directories, 0 files删除的话,只删除了cc
[root@localhost opt]#ansible web -m file -a "path=/opt/aa/bb/cc state=absent"
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/opt/aa/bb/cc",
"state": "absent"
}
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/opt/aa/bb/cc",
"state": "absent"
}[root@node2 opt]#tree aa/
aa/
└── bb
1 directory, 0 files8.State 模块
功能:检查文件或文件系统的状态
注意:对于Windows目标,请改用win_stat模块
选项:path:文件/对象的完整路径(必须)
exists: 判断是否存在
isuid: 调用用户的ID与所有者ID是否匹配
[root@localhost opt]#ansible web -m stat -a 'path=/opt/aa/'
#查看文件是否存在
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"stat": {
"atime": 1710260184.7045586,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 0,
"charset": "binary",
"ctime": 1710259864.3275952,
"dev": 64768,
"device_type": 0,
"executable": true,
"exists": true,
"gid": 0,
"gr_name": "root",
"inode": 68775287,
"isblk": false,
"ischr": false,
"isdir": true,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": false,
"issock": false,
"isuid": false,
"mimetype": "inode/directory",
"mode": "0755",
"mtime": 1710259864.3275952,
"nlink": 3,
"path": "/opt/aa/",
"pw_name": "root",
"readable": true,
"rgrp": true,
"roth": true,
"rusr": true,
"size": 16,
"uid": 0,
"version": "18446744073393648841",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": true,
"xoth": true,
"xusr": true
}
}
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"stat": {
"atime": 1710231180.964472,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 0,
"charset": "binary",
"ctime": 1710231172.5894346,
"dev": 64768,
"device_type": 0,
"executable": true,
"exists": true,
"gid": 0,
"gr_name": "root",
"inode": 2403489,
"isblk": false,
"ischr": false,
"isdir": true,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": false,
"issock": false,
"isuid": false,
"mimetype": "inode/directory",
"mode": "0755",
"mtime": 1710231172.5894346,
"nlink": 3,
"path": "/opt/aa/",
"pw_name": "root",
"readable": true,
"rgrp": true,
"roth": true,
"rusr": true,
"size": 16,
"uid": 0,
"version": "2110318447",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": true,
"xoth": true,
"xusr": true
}
}9.Unarchive 模块
功能:解包解压缩
实现有两种用法:
- 将ansible主机上的压缩包传到远程主机后解压缩至特定目录,设置copy=yes,此为默认值,可省略
- 将远程主机上的某个压缩包解压缩到指定路径下,设置copy=no
常见参数:
- copy:默认为yes,当copy=yes,拷贝的文件是从ansible主机复制到远程主机上,如果设置为copy=no,会在远程主机上寻找src源文件
- remote_src:和copy功能一样且互斥,yes表示在远程主机,不在ansible主机,no表示文件在ansible主机上
- src:源路径,可以是ansible主机上的路径,也可以是远程主机(被管理端或者第三方主机)上的路径,如果是远程主机上的路径,则需要设置copy=no
- dest:远程主机上的目标路径
- mode:设置解压缩后的文件权限
9.1把本机的压缩包解压到远端主机
[root@localhost opt]#cp /etc/passwd /etc/shadow .
[root@localhost opt]#ls
passwd shadow
[root@localhost opt]#tar zcvf user.tar.gz *
passwd
shadow
[root@localhost opt]#ls
passwd shadow user.tar.gz
[root@localhost opt]#ansible web -m unarchive -a "src=/opt/user.tar.gz dest=/opt"
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt",
"extract_results": {
"cmd": [
"/usr/bin/gtar",
"--extract",
"-C",
"/opt",
"-z",
"-f",
"/root/.ansible/tmp/ansible-tmp-1710232216.08-45753-7227623148723/source"
],
"err": "",
"out": "",
"rc": 0
},
"gid": 1000,
"group": "ghd",
"handler": "TgzArchive",
"mode": "0755",
"owner": "ghd",
"secontext": "system_u:object_r:usr_t:s0",
"size": 44,
"src": "/root/.ansible/tmp/ansible-tmp-1710232216.08-45753-7227623148723/source",
"state": "directory",
"uid": 1000
}
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt",
"extract_results": {
"cmd": [
"/usr/bin/gtar",
"--extract",
"-C",
"/opt",
"-z",
"-f",
"/root/.ansible/tmp/ansible-tmp-1710232216.09-45755-96624297311254/source"
],
"err": "",
"out": "",
"rc": 0
},
"gid": 1002,
"group": "ghd",
"handler": "TgzArchive",
"mode": "0755",
"owner": "ghd",
"secontext": "system_u:object_r:usr_t:s0",
"size": 104,
"src": "/root/.ansible/tmp/ansible-tmp-1710232216.09-45755-96624297311254/source",
"state": "directory",
"uid": 1002
}[root@node2 opt]#ls
aa passwd shadow9.2把远端主机的压缩包解压到指定目录
[root@localhost opt]#ansible web -m unarchive -a "src=/opt/nginx-1.18.0.tar.gz dest=/opt copy=no"
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt",
"extract_results": {
"cmd": [
"/usr/bin/gtar",
"--extract",
"-C",
"/opt",
"-z",
"-f",
"/opt/nginx-1.18.0.tar.gz"
],
"err": "",
"out": "",
"rc": 0
},
"gid": 1000,
"group": "ghd",
"handler": "TgzArchive",
"mode": "0755",
"owner": "ghd",
"secontext": "system_u:object_r:usr_t:s0",
"size": 91,
"src": "/opt/nginx-1.18.0.tar.gz",
"state": "directory",
"uid": 1000
}
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt",
"extract_results": {
"cmd": [
"/usr/bin/gtar",
"--extract",
"-C",
"/opt",
"-z",
"-f",
"/opt/nginx-1.18.0.tar.gz"
],
"err": "",
"out": "",
"rc": 0
},
"gid": 1002,
"group": "ghd",
"handler": "TgzArchive",
"mode": "0755",
"owner": "ghd",
"secontext": "system_u:object_r:usr_t:s0",
"size": 124,
"src": "/opt/nginx-1.18.0.tar.gz",
"state": "directory",
"uid": 1002
}[root@node2 opt]#ls
aa nginx-1.18.0 nginx-1.18.0.tar.gz passwd shadow10.Archive 模块
功能:打包压缩保存在被管理节点
压缩远端主机上的指定内容到远端主机上(只对远端有效)
11.Hostname 模块
功能:管理主机名[root@node2 opt]#ls /mnt/
all.tar.bz211.Hostname 模块
功能:管理主机名
ansible web -m hostname -a 'name=node3 '
#一般不使用此模块,主机名会一致12.Cron 模块
功能:计划任务
支持时间:minute,hour,day,month,weekday
关键字:
- name 会生成一行注释,显示标题如下显示
- job 执行的命令
12.1生成远端主机的定时计划
[root@localhost opt]#ansible 192.168.241.22 -m cron -a 'hour=*/2 weekday=1-5 name="backup mysql" job=/opt/mysql_backup.sh'
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"backup mysql"
]
}[root@node2 opt]#crontab -l
#Ansible: backup mysql
* */2 * * 1-5 /opt/mysql_backup.sh12.2disabled——不启用
disabled=yes
[root@localhost opt]#ansible 192.168.241.22 -m cron -a 'hour=*/2 weekday=1-5 name="backup mysql" job=/opt/mysql_backup.sh disabled=yes'
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"backup mysql"
]
}[root@node2 opt]#crontab -l
#Ansible: backup mysql
#* */2 * * 1-5 /opt/mysql_backup.shdisabled=no
[root@localhost opt]#ansible 192.168.241.22 -m cron -a 'hour=*/2 weekday=1-5 name="backup mysql" job=/opt/mysql_backup.sh disabled=no'
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"backup mysql"
]
}[root@node2 opt]#crontab -l
#Ansible: backup mysql
* */2 * * 1-5 /opt/mysql_backup.sh12.3删除计划任务
[root@localhost opt]#ansible 192.168.241.22 -m cron -a "name='backup mysql' state=absent"
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}[root@node2 opt]#crontab -l
[root@node2 opt]#13.Yum和Apt 模块
功能:yum 管理软件包,只支持RHEL,CentOS,fedora,不支持Ubuntu其它版本apt 模块管理 Debian 相关版本的软件包
关键字
- name 所安装的包的名称
- state present--->安装, latest--->安装最新的, absent---> 卸载软件。
- update_cache 强制更新yum的缓存
- conf_file 指定远程yum安装时所依赖的配置文件(安装本地已有的包)。
- disable_pgp_check 是否禁止GPG checking,只用于presentor latest。
- disablerepo 临时禁止使用yum库。 只用于安装或更新时。
- enablerepo 临时使用的yum库。只用于安装或更新时
示例:
[root@localhost opt]#ansible web -m yum -a 'name=httpd state=present'
#yum安装httpd
ansible websrvs -m yum -a 'name=nginx state=present enablerepo=epel'
#启用epel源
进行安装
ansible websrvs -m yum -a 'name=* state=lastest exclude=kernel*,foo*'
#升级除kernel和foo开头以外的所有包
ansible websrvs -m yum -a 'name=httpd state=absent'
#删除[root@node2 opt]#rpm -q httpd
httpd-2.4.6-99.el7.centos.1.x86_6414.yum_repository 模块
功能:建立yum仓库模块
- name参数:必须参数,用于指定要操作的唯一的仓库ID,也就是”.repo”配置文件中每个仓库对应的”中括号”内的仓库ID。
- baseurl参数:此参数用于设置 yum 仓库的 baseurl。
- description参数:此参数用于设置仓库的注释信息,也就是”.repo”配置文件中每个仓库对应的”name字段”对应的内容。
- file参数:此参数用于设置仓库的配置文件名称,即设置”.repo”配置文件的文件名前缀,在不使用此参数的情况下,默认以 name 参数的仓库ID作为”.repo”配置文件的文件名前缀,同一个”.repo” 配置文件中 可以存在多个 yum 源。
- enabled参数:此参数用于设置是否激活对应的 yum 源,此参数默认值为 yes,表示启用对应的 yum 源,设置为 no 表示不启用对应的 yum 源。
- gpgcheck参数:此参数用于设置是否开启 rpm 包验证功能,默认值为 no,表示不启用包验证,设置为 yes 表示开启包验证功能。
- gpgcakey参数:当gpgcheck 参数设置为 yes 时,需要使用此参数指定验证包所需的公钥。
- state参数:默认值为 present,当值设置为absent 时,表示删除对应的 yum 源。
[root@localhost opt]#ansible web -m yum_repository -a 'name=epel description=epel baseurl=https://download.fedoraproject.org/pub/epel/$releasever/$basearch/ gpgcheck=no file=epel'
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"repo": "epel",
"state": "present"
}
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"repo": "epel",
"state": "present"
}[root@node2 opt]#cd /etc/yum.repos.d/
[root@node2 yum.repos.d]#ls
CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-Media.repo epel.repo
CentOS-Debuginfo.repo CentOS-Sources.repo
[root@node2 yum.repos.d]#cat epel.repo
[epel]
baseurl = https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
gpgcheck = 0
name = epel可以不用指定仓库
15.Service 模块
功能:管理服务
- name参数:此参数用于指定需要操作的服务名称,比如 nginx。
- state参数:此参数用于指定服务的状态,比如,我们想要启动远程主机中的 nginx,则可以将 state 的值设置为 started;如果想要停止远程主机中的服务,则可以将 state 的值设置为 stopped。此参数的可用值有 started、stopped、restarted、reloaded。
- enabled参数:此参数用于指定是否将服务设置为开机 启动项,设置为 yes 表示将对应服务设置为开机启动,设置为 no 表示不会开机启动。
ansible web -m service -a 'name=httpd state=started enabled=yes'
#管理httpd服务 让其开机启动
ansible web -m service -a 'name=httpd state=stopped'
#管理httpd服务 让其停止服务
ansible web -m service -a 'name=httpd state=reloaded'
#管理httpd服务 让其重新加载配置
ansible web -m service -a 'name=httpd state=restarted'
#管理httpd服务 让其重启[root@node2 yum.repos.d]#systemctl status httpd
â httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-03-12 06:05:22 EDT; 12s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 13080 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
ââ13080 /usr/sbin/httpd -DFOREGROUND
ââ13082 /usr/sbin/httpd -DFOREGROUND
ââ13083 /usr/sbin/httpd -DFOREGROUND
ââ13084 /usr/sbin/httpd -DFOREGROUND
ââ13085 /usr/sbin/httpd -DFOREGROUND
ââ13087 /usr/sbin/httpd -DFOREGROUND
Mar 12 06:05:21 node2.localdomain systemd[1]: Starting The Apache HTTP Ser....
Mar 12 06:05:21 node2.localdomain httpd[13080]: AH00558: httpd: Could not r...
Mar 12 06:05:22 node2.localdomain systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.[root@localhost opt]#ansible web -m shell -a "sed -i 's/^Listen 80/Listen 8080/' /etc/httpd/conf/httpd.conf"
#将/etc/httpd/conf/httpd.conf 中配置文件以Listen 80 开头的行 改为Listen 8080
[WARNING]: Consider using the replace, lineinfile or template module rather
than running 'sed'. If you need to use command because replace, lineinfile or
template is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.241.22 | CHANGED | rc=0 >>
192.168.241.23 | CHANGED | rc=0 >>[root@node2 yum.repos.d]#sed -n '42p' /etc/httpd/conf/httpd.conf
Listen 80
[root@node2 yum.repos.d]#sed -n '42p' /etc/httpd/conf/httpd.conf
Listen 808016.mount 挂载和卸载模块
功能: 挂载和卸载文件系统
[root@localhost opt]#ansible web -a 'blkid'
192.168.241.22 | CHANGED | rc=0 >>
/dev/sda1: UUID="325ac58f-3bb2-4665-a210-b7a4e1608d41" TYPE="xfs"
/dev/sda2: UUID="M5DELP-GK7D-q10Y-EAPM-4ubZ-Ka0f-cLIHQ4" TYPE="LVM2_member"
/dev/sr0: UUID="2017-09-06-10-51-00-00" LABEL="CentOS 7 x86_64" TYPE="iso9660" PTTYPE="dos"
/dev/mapper/centos-root: UUID="282b4b58-b5cc-43d3-8144-7b1451fad56f" TYPE="xfs"
/dev/mapper/centos-swap: UUID="7d82a566-3c42-400b-8762-7f74dca72631" TYPE="swap"
192.168.241.23 | CHANGED | rc=0 >>
/dev/sr0: UUID="2017-09-06-10-51-00-00" LABEL="CentOS 7 x86_64" TYPE="iso9660" PTTYPE="dos"
/dev/sda1: UUID="fbdbf3e2-2cdd-4e98-99e1-31450c405b4c" TYPE="xfs"
/dev/sda2: UUID="614lKT-jKwh-Xgb1-7UDu-Ie6n-CxGk-JWcfPc" TYPE="LVM2_member"
/dev/mapper/centos-root: UUID="be367737-70e1-4bf8-8aed-866c955b8905" TYPE="xfs"
/dev/mapper/centos-swap: UUID="753872eb-1d85-417a-b834-84236b228278" TYPE="swap" #临时挂载
mount websrvs -m mount -a 'src="UUID=b3e48f45-f933-4c8e-a700-22a159ec9077" path=/home fstype=xfs opts=noatime state=present'
#临时取消挂载
mount websrvs -m mount -a 'path=/home fstype=xfs opts=noatime state=unmounted'
#永久挂载
ansible websrvs -m mount -a 'src=10.0.0.8:/data/wordpress path=/var/www/html/wp-content/uploads opts="_netdev" state=mounted'
#永久卸载
ansible websrvs -m mount -a 'src=10.0.0.8:/data/wordpress path=/var/www/html/wp-content/uploads state=absent'17.User 模块
功能:管理用户
- comment 用户的描述信息
- createhome 是否创建家目录
- force 在使用state=absent时, 行为与userdel –force一致.
- group 指定基本组
- groups 指定附加组,如果指定为(groups=)表示删除所有组
- home 指定用户家目录
- move_home 如果设置为home=时, 试图将用户主目录移动到指定的目录
- name 指定用户名
- non_unique 该选项允许改变非唯一的用户ID值
- password 指定用户密码,使用 SHA512 hash
- remove 在使用state=absent时, 行为是与userdel –remove一致
- shell 指定默认shell
- state 设置帐号状态,不指定为创建,指定值为absent表示删除
- system 当创建一个用户,设置这个用户是系统用户。这个设置不能更改现有用户
- uid 指定用户的uid
- update_ password
- always 如果password参数设置的值与用户当前的加密过的密码字符串不一致,则直接更新用户的密码,默认值即为always
- on_create 如果password参数设置的值与用户当前的加密过的密码字符串不一致,则不会更新用户的密码字符串,保持之前的密码设定
[root@localhost opt]#ansible web -m user -a "name=user1 comment='test user' uid=2048 group=root"
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": false,
"comment": "test user",
"group": 0,
"home": "/home/user1",
"move_home": false,
"name": "user1",
"shell": "/bin/bash",
"state": "present",
"uid": 2048
}
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "test user",
"create_home": true,
"group": 0,
"home": "/home/user1",
"name": "user1",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 2048
}[root@node2 ~]#id user1
uid=2048(user1) gid=0(root) groups=0(root)18.Group 模块
功能:管理组
[root@localhost opt]#ansible web -m group -a "name=cxk gid=88"
#创建组
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 88,
"name": "cxk",
"state": "present",
"system": false
}
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 88,
"name": "cxk",
"state": "present",
"system": false
}[root@node2 ~]#getent group|grep cxk
cxk:x:88:[root@localhost opt]#ansible web -m group -a "name=cxk state=absent"
#删除组
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "cxk",
"state": "absent"
}
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "cxk",
"state": "absent"
}19.reboot 模块
[root@ansible ~]#ansible web -m reboot20.Lineinfile 模块
ansible在使用sed进行替换时,经常会遇到需要转义的问题,而且ansible在遇到特殊符号进行替换时,存在问题,无法正常进行替换 。其实在ansible自身提供了两个模块:lineinfile模块和replace模块,可以方便的进行替换一般在ansible当中去修改某个文件的单行进行替换的时候需要使用lineinfile模块
regexp参数 :使用正则表达式匹配对应的行,当替换文本时,如果有多行文本都能被匹配,则只有最后面被匹配到的那行文本才会被替换,当删除文本时,如果有多行文本都能被匹配,这么这些行都会被删除。
如果想进行多行匹配进行替换需要使用replace模块
功能:相当于sed,可以修改文件内容
关键字:
- path 指定要操作的文件
- regexp 使用正则表达式匹配对应的行
- line 修改为新的内容
- insertafter 将文本插入到“指定的行”之后
- insertbefore 将文本插入到“指定的行”之前
- state 删除对应的文本时,需要state=absent
- backrefs 1.支持后向引用、2.当未匹配到内容则不操作文件
- backup 是否在修改文件之前对文件进行备份
- create 当要操作的文件并不存在时,是否创建对应的文件
[root@localhost opt]#ansible web -m lineinfile -a 'dest=/etc/fstab state=absent regexp="^#"'
#将远端主机/etc/fstab 中 所有#开头的行全部删除
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"found": 7,
"msg": "7 line(s) removed"
}
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"found": 7,
"msg": "7 line(s) removed"
}[root@node2 ~]#cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Mon Dec 18 08:36:06 2023
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=325ac58f-3bb2-4665-a210-b7a4e1608d41 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
[root@node2 ~]#cat /etc/fstab
/dev/mapper/centos-root / xfs defaults 0 0
UUID=325ac58f-3bb2-4665-a210-b7a4e1608d41 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0[root@localhost opt]#ansible web -m lineinfile -a "path=/etc/httpd/conf/httpd.conf regexp='^Listen' line='Listen 80'"
#将/etc/httpd/conf/httpd.conf 中以Listen开头的行 修改为Listen 80
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}[root@node3 opt]#cat /etc/httpd/conf/httpd.conf |grep Listen
# Listen: Allows you to bind Apache to specific IP addresses and/or
# Change this to Listen on specific IP addresses as shown below to
#Listen 12.34.56.78:80
Listen 8080
[root@node3 opt]#cat /etc/httpd/conf/httpd.conf |grep Listen
# Listen: Allows you to bind Apache to specific IP addresses and/or
# Change this to Listen on specific IP addresses as shown below to
#Listen 12.34.56.78:80
Listen 80[root@localhost opt]#ansible web -m lineinfile -a "path=/etc/selinux/config regexp='^SELINUX=' line='SELINUX=disabled'"
#将远端主机所有/etc/selinux/config配置文件中 以Selinux开头的行 更改为SELINUX=disabled
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}[root@node2 ~]#cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@node2 ~]#cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted 21.replace 模块
该模块有点类似于sed命令,主要也是基于正则进行匹配和替换,建议使用
[root@localhost opt]#ansible web -m replace -a "path=/etc/fstab regexp='^(UUID.*)' replace='#\1'"
#将远端主机/etc/fstab中 UUID的行 注释
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "1 replacements made"
}
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "1 replacements made"
}[root@node2 ~]#cat /etc/fstab
/dev/mapper/centos-root / xfs defaults 0 0
UUID=325ac58f-3bb2-4665-a210-b7a4e1608d41 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
[root@node2 ~]#cat /etc/fstab
/dev/mapper/centos-root / xfs defaults 0 0
#UUID=325ac58f-3bb2-4665-a210-b7a4e1608d41 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0[root@localhost opt]#ansible web -m replace -a "path=/etc/fstab regexp='^#(UUID.*)' replace='\1'"
#将远端主机 /etc/fstab中 UUID的行 取消注释
192.168.241.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "1 replacements made"
}
192.168.241.23 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "1 replacements made"
}[root@node2 ~]#cat /etc/fstab
/dev/mapper/centos-root / xfs defaults 0 0
#UUID=325ac58f-3bb2-4665-a210-b7a4e1608d41 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
[root@node2 ~]#cat /etc/fstab
/dev/mapper/centos-root / xfs defaults 0 0
UUID=325ac58f-3bb2-4665-a210-b7a4e1608d41 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0[root@localhost opt]#ansible web -m replace -a "path=/etc/httpd/conf/httpd.conf regexp='^Listen.*' line='Listen 80'"
#将远端主机/etc/httpd/conf/httpd.conf 中 Listen开头的行 修改为 Listen 80[root@node3 ~]#cat /etc/httpd/conf/httpd.conf |grep 9527
Listen 9527
[root@node3 ~]#cat /etc/httpd/conf/httpd.conf |grep 9527
Listen 8022.setup 模块
功能: setup 模块来收集主机的系统信息,这些 facts 信息可以直接以变量的形式使用,但是如果主机较多,会影响执行速度
可以使用 gather_facts: no 来禁止 Ansible 收集 facts 信息
22.1主机相关信息
[root@localhost opt]#ansible web -m setup -a "filter=ansible_nodename"
#收集主机相关信息
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_nodename": "node3.node3",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_nodename": "node2.localdomain",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}[root@localhost opt]#ansible web -m setup -a "filter=ansible_hostname"
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_hostname": "node2",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_hostname": "node3",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}[root@localhost opt]#ansible web -m setup -a "filter=ansible_domain"
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_domain": "localdomain",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_domain": "node3",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}22.2系统总内存
[root@localhost opt]#ansible web -m setup -a "filter=ansible_memtotal_mb"
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_memtotal_mb": 1823,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_memtotal_mb": 1823,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}22.3详细显示内存情况
[root@localhost opt]#ansible web -m setup -a "filter=ansible_memory_mb"
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_memory_mb": {
"nocache": {
"free": 1469,
"used": 354
},
"real": {
"free": 1073,
"total": 1823,
"used": 750
},
"swap": {
"cached": 0,
"free": 4095,
"total": 4095,
"used": 0
}
},
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_memory_mb": {
"nocache": {
"free": 1359,
"used": 464
},
"real": {
"free": 475,
"total": 1823,
"used": 1348
},
"swap": {
"cached": 0,
"free": 5115,
"total": 5115,
"used": 0
}
},
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}22.4显示可用系统内存
[root@localhost opt]#ansible web -m setup -a "filter=ansible_memfree_mb"
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_memfree_mb": 1073,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_memfree_mb": 477,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}22.5系统所属信息
[root@localhost opt]#ansible web -m setup -a "filter=ansible_os_family"
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_os_family": "RedHat",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_os_family": "RedHat",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}22.6当前系统版本
[root@localhost opt]#ansible web -m setup -a "filter=ansible_distribution_major_version"
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_distribution_major_version": "7",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_distribution_major_version": "7",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}22.7当前系统详细版本
[root@localhost opt]#ansible web -m setup -a "filter=ansible_distribution_version"
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_distribution_version": "7.4",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_distribution_version": "7.4",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}22.8显示cpu个数(只显示总的个数)
[root@localhost opt]#ansible web -m setup -a "filter=ansible_processor_vcpus"
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_processor_vcpus": 2,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_processor_vcpus": 2,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}22.9仅显示ipv4的信息
[root@localhost opt]#ansible web -m setup -a "filter=ansible_all_ipv4_addresses"
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.122.1",
"192.168.241.22"
],
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.122.1",
"192.168.241.23"
],
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}22.10版本信息
[root@localhost opt]#ansible web -m setup -a "filter=ansible_architecture"
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_architecture": "x86_64",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_architecture": "x86_64",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}22.11在线时长
[root@localhost opt]#ansible web -m setup -a "filter=ansible_uptime_seconds"
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_uptime_seconds": 3066,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_uptime_seconds": 32296,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}22.12内核参数信息
[root@localhost opt]#ansible web -m setup -a "filter=ansible_processor*"
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_processor": [
"0",
"GenuineIntel",
"Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz",
"1",
"GenuineIntel",
"Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz"
],
"ansible_processor_cores": 1,
"ansible_processor_count": 2,
"ansible_processor_threads_per_core": 1,
"ansible_processor_vcpus": 2,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_processor": [
"0",
"GenuineIntel",
"Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz",
"1",
"GenuineIntel",
"Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz"
],
"ansible_processor_cores": 1,
"ansible_processor_count": 2,
"ansible_processor_threads_per_core": 1,
"ansible_processor_vcpus": 2,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}22.13环境变量
[root@localhost opt]#ansible web -m setup -a 'filter=ansible_env'
192.168.241.22 | SUCCESS => {
"ansible_facts": {
"ansible_env": {
"HOME": "/root",
"LANG": "C",
"LC_ALL": "C",
"LC_NUMERIC": "C",
"LESSOPEN": "||/usr/bin/lesspipe.sh %s",
"LOGNAME": "root",
"LS_COLORS": "rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:",
"MAIL": "/var/mail/root",
"PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin",
"PWD": "/root",
"SELINUX_LEVEL_REQUESTED": "",
"SELINUX_ROLE_REQUESTED": "",
"SELINUX_USE_CURRENT_RANGE": "",
"SHELL": "/bin/bash",
"SHLVL": "2",
"SSH_CLIENT": "192.168.241.11 43238 22",
"SSH_CONNECTION": "192.168.241.11 43238 192.168.241.22 22",
"SSH_TTY": "/dev/pts/3",
"TERM": "xterm",
"USER": "root",
"XDG_DATA_DIRS": "/root/.local/share/flatpak/exports/share/:/var/lib/flatpak/exports/share/:/usr/local/share/:/usr/share/",
"XDG_RUNTIME_DIR": "/run/user/0",
"XDG_SESSION_ID": "29",
"_": "/usr/bin/python"
},
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.241.23 | SUCCESS => {
"ansible_facts": {
"ansible_env": {
"CLASSPATH": "/usr/local/jdk/lib/:/usr/local/jdk/jre/lib/",
"HOME": "/root",
"JAVA_HOME": "/usr/local/jdk",
"JRE_HOME": "/usr/local/jdk/jre",
"LANG": "C",
"LC_ALL": "C",
"LC_NUMERIC": "C",
"LESSOPEN": "||/usr/bin/lesspipe.sh %s",
"LOGNAME": "root",
"LS_COLORS": "rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:",
"MAIL": "/var/mail/root",
"PATH": "/usr/local/jdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin",
"PWD": "/root",
"SELINUX_LEVEL_REQUESTED": "",
"SELINUX_ROLE_REQUESTED": "",
"SELINUX_USE_CURRENT_RANGE": "",
"SHELL": "/bin/bash",
"SHLVL": "2",
"SSH_CLIENT": "192.168.241.11 33164 22",
"SSH_CONNECTION": "192.168.241.11 33164 192.168.241.23 22",
"SSH_TTY": "/dev/pts/0",
"TERM": "xterm",
"USER": "root",
"XDG_DATA_DIRS": "/root/.local/share/flatpak/exports/share/:/var/lib/flatpak/exports/share/:/usr/local/share/:/usr/share/",
"XDG_RUNTIME_DIR": "/run/user/0",
"XDG_SESSION_ID": "131",
"_": "/usr/bin/python"
},
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}22.14setup模块总结——常用信息
| 命令 | 含义 |
|---|---|
| ansible_all_ipv4_addresse | 仅显示ipv4的信息 |
| ansible_devices | 仅显示磁盘设备信息 |
| ansible_distribution | 显示是什么系统,例:centos,suse等 |
| ansible_distribution_version | 仅显示系统版本 |
| ansible_machine | 显示系统类型,例:32位,还是64位 |
| ansible_eth0 | 仅显示eth0的信息 |
| ansible_hostname | 仅显示主机名 |
| ansible_kernel | 仅显示内核版本 |
| ansible_lvm | 显示lvm相关信息 |
| ansible_memtotal_mb | 显示系统总内存 |
| ansible_memfree_mb | 显示可用系统内存 |
| ansible_memory_mb | 详细显示内存情况 |
| ansible_swaptotal_mb | 显示总的swap内存 |
| ansible_swapfree_mb | 显示swap内存的可用内存 |
| ansible_mounts | 显示系统磁盘挂载情况 |
| ansible_processor | 显示cpu个数(具体显示每个cpu的型号) |
| ansible_processor_vcpus | 显示cpu个数(只显示总的个数) |
| ansible_python_version | 显示python版本 |
472
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
