1. ansible-常用模块
根据官方的分类,将模块按功能分类为:云模块、命令模块、数据库模块、文件模块、资产模块、消息模块、监控模块、网络模块、通知模块、包管理模块、源码控制模块、系统模块、单元模块、web设施模块、windows模块
- user:配置用户
- group:配置用户组
- cron:配置计划任务
- copy:复制文件到远程主机
- file: 用于配置文件属性
- yum:用于安装软件包
- service:用于管理服务
- shell: 用于执行命令可以带 “ |”管道符号等
- scripts:在远程主机执行控制端的脚本文件
- setup:查看远程主机的基本信息
- filesystem:在块设备上创建文件系统
- mount:配置挂载点
- synchronize:使用rsync同步文件
- get_url:该模块主要用于从http、ftp、https服务器上下载文件(类似于wget)
- package:使用os包管理器安装,升级和删除包
- stat:获取远程主机文件状态信息。
- unarchive: 用于解压文件
- command:在远程主机上执行命令
- raw:类似于shell模块,支持管道
- ping:用于检测远程主机是否存活
- systemd: 用于管理服务(CentOS7)后使用
- hostname: 管理远程主机的主机名。
2.模块的使用
查看模块帮助
1 [root@test-1 bin]# ansible-doc -l #查看所有模块
2 [root@test-1 bin]#ansible-doc -s MODULE_NAME #查看指定模块的详细帮助
3.ansible命令应用基础
使用语法:
1 ansible <host-pattern> [-f forks] [-m module_name] [-a args]
注释:
- -f forks:启动的并发线程数
- -m module_name: 要使用的模块
- -a args:模块特有的参数
4.模块使用案例
4.1 ping模块
测试主机是否通的,用法很简单,如果成功就返回的是pong。
1 [root@test-1 ansible]# ansible test -m ping
2 [DEPRECATION WARNING]: DEFAULT_SUDO_USER option, In favor of Ansible Become, which is a generic framework. See become_user. , use become instead. This feature will be
3 removed in version 2.8. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
4 192.168.3.174 | SUCCESS => {
5 "changed": false,
6 "ping": "pong"
7 }
8 192.168.3.175 | SUCCESS => {
9 "changed": false,
10 "ping": "pong"
11 }
4.2 file-模块
file模块主要用于远程主机上的文件操作,file模块包含如下选项:
1 force:需要在两种情况下强制创建软连接。
2 • 一种是源文件不存在但之后会创建的情况下;
3 • 另一种是目标软链接已存在,需要先取消之前的软链,然后创建新的软链,有两个选项:yes|no
4 group:定义文件/目录的属组
5 owner:定义文件/目录的属主
6 mode:定义文件/目录的权限
7 path:必选项,定义文件/目录的路径
8 recurse:递归设置文件的属性,只对目录有效
9 src:要被链接的源文件的路径,只应用于state=link的情况
10 dest:被链接到的路径,只应用于state=link的情况
11 state:定义文件状态
12 • directory:如果目录不存在,创建目录
13 • file:即使文件不存在,也不会被创建
14 • link:创建软链接
15 • hard:创建硬链接
16 • touch:如果文件不存在,则会创建一个新的文件,如果文件或目录已存在,则更新其最后修改时间
17 • absent:删除目录、文件或者取消链接文件
4.2.1 案例1-用file创建一个软连接/etc/fstab到/tmp/fstab
1 [root@test-1 ansible]# ansible test -m file -a "src=/etc/fstab dest=/tmp/fstab state=link"
2 [DEPRECATION WARNING]: DEFAULT_SUDO_USER option, In favor of Ansible Become, which is a generic framework. See become_user. , use become instead. This feature will be
3 removed in version 2.8. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
4 192.168.3.175 | CHANGED => {
5 "changed": true,
6 "dest": "/tmp/fstab",
7 "gid": 0,
8 "group": "root",
9 "mode": "0777",
10 "owner": "root",
11 "secontext": "unconfined_u:object_r:user_tmp_t:s0",
12 "size": 10,
13 "src": "/etc/fstab",
14 "state": "link",
15 "uid": 0
16 }
17 192.168.3.174 | CHANGED => {
18 "changed": true,
19 "dest": "/tmp/fstab",
20 "gid": 0,
21 "group": "root",
22 "mode": "0777",
23 "owner": "root",
24 "secontext": "unconfined_u:object_r:user_tmp_t:s0",
25 "size": 10,
26 "src": "/etc/fstab",
27 "state": "link",
28 "uid": 0
29 }
执行结果:
1 [root@test-2 tmp]# ll
2 total 8
3 lrwxrwxrwx. 1 root root 10 Nov 19 02:44 fstab -> /etc/fstab
4 -rwx------. 1 root root 836 Oct 24 09:40 ks-script-6aY4Ug
5 drwx------. 3 root root 17 Oct 25 23:39 systemd-private-664f2393bb954d4d812ce589bd921c84-chronyd.service-sclu10
6 -rw-r--r--. 1 root root 8 Oct 25 22:26 test.txt
7 drwx------. 2 root root 6 Oct 24 09:44 vmware-root
8 -rw-------. 1 root root 0 Oct 24 09:36 yum.log
4.2.2 案例2-我们需要在远程服务器上/tmp/下创建一个file文件
1 [root@test-1 ansible]# ansible test -m file -a 'path=/tmp/file state=touch'
2 [DEPRECATION WARNING]: DEFAULT_SUDO_USER option, In favor of Ansible Become, which is a generic framework. See become_user. , use become instead. This feature will be
3 removed in version 2.8. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
4 192.168.3.174 | CHANGED => {
5 "changed": true,
6 "dest": "/tmp/file",
7 "gid": 0,
8 "group": "root",
9 "mode": "0644",
10 "owner": "root",
11 "secontext": "unconfined_u:object_r:user_tmp_t:s0",
12 "size": 0,
13 "state": "file",
14 "uid": 0
执行结果:
1 [root@test-2 tmp]# ll
2 total 8
3 -rw-r--r--. 1 root root 0 Nov 19 03:12 file
4 lrwxrwxrwx. 1 root root 10 Nov 19 02:44 fstab -> /etc/fstab
5 -rwx------. 1 root root 836 Oct 24 09:40 ks-script-6aY4Ug
6 drwx------. 3 root root 17 Oct 25 23:39 systemd-private-664f2393bb954d4d812ce589bd921c84-chronyd.service-sclu10
7 -rw-r--r--. 1 root root 8 Oct 25 22:26 test.txt
8 drwx------. 2 root root 6 Oct 24 09:44 vmware-root
9 -rw-------. 1 root root 0 Oct 24 09:36 yum.log
4.3 copy模块
1 backup:在覆盖之前将原文件备份,备份文件包含时间信息。有两个选项:yes|no
2 content:用于替代"src",可以直接设定指定文件的值
3 dest:必选项。要将源文件复制到的远程主机的绝对路径,如果源文件是一个目录,那么该路径也必须是个目录
4 directory_mode:递归的设定目录的权限,默认为系统默认权限
5 force:如果目标主机包含该文件,但内容不同,如果设置为yes,则强制覆盖,如果为no,则只有当目标主机的目标位置不存在该文件时,才复制。默认为yes
6 others:所有的file模块里的选项都可以在这里使用
7 src:要复制到远程主机的文件在本地的地址,可以是绝对路径,也可以是相对路径。如果路径是一个目录,它将递归复制。在这种情况下,如果路径使用"/"来结尾,则只复制目录里的内容,如果没有使用"/"来结尾,则包含目录在内的整个内容全部复制,类似于rsync。
8 validate :The validation command to run before copying into place. The path to the file to validate is passed in via '%s' which must be present as in the visudo example below.
4.3.1 案例1-从本地拷贝文件到ansibel目标的目录
1 [root@test-1 ansible]# touch /tmp/aa #本地测试创建的aa文件
2 [root@test-1 ansible]# ansible test -m copy -a "src=/tmp/aa dest=/tmp/aa"
3 [DEPRECATION WARNING]: DEFAULT_SUDO_USER option, In favor of Ansible Become, which is a generic framework. See become_user. , use become instead. This feature will be
4 removed in version 2.8. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
5 192.168.3.174 | CHANGED => {
6 "changed": true,
7 "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
8 "dest": "/tmp/aa",
9 "gid": 0,
10 "group": "root",
11 "md5sum": "d41d8cd98f00b204e9800998ecf8427e",
12 "mode": "0644",
13 "owner": "root",
14 "secontext": "unconfined_u:object_r:admin_home_t:s0",
15 "size": 0,
16 "src": "/root/.ansible/tmp/ansible-tmp-1542616228.03-86258002572076/source",
17 "state": "file",
18 "uid": 0
19 }
执行结果:
1 [root@test-2 tmp]# ll
2 total 8
3 -rw-r--r--. 1 root root 0 Nov 19 03:30 aa
4 -rwxr-xr-x. 1 root root 0 Nov 19 03:12 file
5 lrwxrwxrwx. 1 root root 10 Nov 19 02:44 fstab -> /etc/fstab
6 -rwx------. 1 root root 836 Oct 24 09:40 ks-script-6aY4Ug
7 drwx------. 3 root root 17 Oct 25 23:39 systemd-private-664f2393bb954d4d812ce589bd921c84-chronyd.service-sclu10
8 -rw-r--r--. 1 root root 8 Oct 25 22:26 test.txt
9 drwx------. 2 root root 6 Oct 24 09:44 vmware-root
10 -rw-------. 1 root root 0 Oct 24 09:36 yum.log
4.3.2 案例2-ansible使用backup进行备份
1 [root@test-1 ansible]# vim /tmp/aa
2 [root@test-1 ansible]# ansible test -m copy -a "src=/tmp/aa dest=/tmp/aa backup=yes"
3 [DEPRECATION WARNING]: DEFAULT_SUDO_USER option, In favor of Ansible Become, which is a generic framework. See become_user. , use become instead. This feature will be
4 removed in version 2.8. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
5 192.168.3.174 | CHANGED => {
6 "backup_file": "/tmp/aa.3042.2018-11-19@03:37:06~",
7 "changed": true,
8 "checksum": "5730dd3a58d64a39a7fc704c3c5570d70303d9db",
9 "dest": "/tmp/aa",
10 "gid": 0,
11 "group": "root",
12 "md5sum": "96fdb0b7ddbb489f8636769965584623",
13 "mode": "0644",
14 "owner": "root",
15 "secontext": "unconfined_u:object_r:admin_home_t:s0",
16 "size": 35,
17 "src": "/root/.ansible/tmp/ansible-tmp-1542616624.56-136259009428901/source",
18 "state": "file",
19 "uid": 0
执行结果:
1 [root@test-2 tmp]# ll
2 total 16
3 -rw-r--r--. 1 root root 35 Nov 19 03:37 aa
4 -rw-r--r--. 1 root root 56 Nov 19 03:36 aa.3042.2018-11-19@03:37:06~ #这里是ansible使用的
5 -rwxr-xr-x. 1 root root 0 Nov 19 03:12 file
6 lrwxrwxrwx. 1 root root 10 Nov 19 02:44 fstab -> /etc/fstab
7 -rwx------. 1 root root 836 Oct 24 09:40 ks-script-6aY4Ug
8 drwx------. 3 root root 17 Oct 25 23:39 systemd-private-664f2393bb954d4d812ce589bd921c84-chronyd.service-sclu10
9 -rw-r--r--. 1 root root 8 Oct 25 22:26 test.txt
10 drwx------. 2 root root 6 Oct 24 09:44 vmware-root
11 -rw-------. 1 root root 0 Oct 24 09:36 yum.log
4.4 command-模块
在远程主机上执行命令
command模块包含如下选项:
1 creates:一个文件名,当该文件存在,则该命令不执行
2 free_form:要执行的linux指令
3 chdir:在执行指令之前,先切换到该指定的目录
4 removes:一个文件名,当该文件不存在,则该选项不执行
5 executable:切换shell来执行指令,该执行路径必须是一个绝对路径
4.4.1 案例1-creates文件存在,不执行后面的命令
1 [root@test-1 ansible]# ansible test -a 'creates=/tmp/file ls /root'
2 [DEPRECATION WARNING]: DEFAULT_SUDO_USER option, In favor of Ansible Become, which is a generic framework. See become_user. , use become instead. This feature will be
3 removed in version 2.8. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
4 192.168.3.174 | SUCCESS | rc=0 >>
5 skipped, since /tmp/file exists
6
7 [root@test-1 ansible]# ansible test -a 'creates=/tmp/file2 ls /root'
8 [DEPRECATION WARNING]: DEFAULT_SUDO_USER option, In favor of Ansible Become, which is a generic framework. See become_user. , use become instead. This feature will be
9 removed in version 2.8. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
10 192.168.3.174 | CHANGED | rc=0 >>
11 anaconda-ks.cfg
执行结果:
1 [root@test-2 tmp]# ll /root/
2 total 4
3 -rw-------. 1 root root 1340 Oct 24 09:40 anaconda-ks.cfg
4.4.2 案例2-chdir在执行指令前,先切到指定目录,然后在做后面命令操作
1 [root@test-1 ansible]# ansible test -m command -a 'chdir=/tmp tar zcf aa.tar.gz aa'
2 192.168.3.174 | CHANGED | rc=0 >>
执行结果:
1 [root@test-2 tmp]# ll
2 total 20
3 -rw-r--r--. 1 root root 35 Nov 19 03:37 aa
4 -rw-r--r--. 1 root root 56 Nov 19 03:36 aa.3042.2018-11-19@03:37:06~
5 -rw-r--r--. 1 root root 137 Nov 19 04:37 aa.tar.gz
6 -rwxr-xr-x. 1 root root 0 Nov 19 03:12 file
7 lrwxrwxrwx. 1 root root 10 Nov 19 02:44 fstab -> /etc/fstab
8 -rwx------. 1 root root 836 Oct 24 09:40 ks-script-6aY4Ug
9 drwx------. 3 root root 17 Oct 25 23:39 systemd-private-664f2393bb954d4d812ce589bd921c84-chronyd.service-sclu10
10 -rw-r--r--. 1 root root 8 Oct 25 22:26 test.txt
11 drwx------. 2 root root 6 Oct 24 09:44 vmware-root
12 -rw-------. 1 root root 0 Oct 24 09:36 yum.log
4.5 shell模块
功能:执行的命令中有管道或者变量,就需要使用shell
1 [root@test-1 ansible]# ansible-doc -s shell
2 - name: Execute commands in nodes.
3 shell:
4 chdir: # 执行之前,先cd到指定目录在执行命令
5 creates: # 一个文件名,当这个文件存在,则该命令不执行
6 executable: # 切换shell来执行命令,需要使用命令的绝对路径
7 free_form: # (required) The shell module takes a free form command to run, as a string. There's not an actual option named "free form". See the
8 examples!
9 removes: # a filename, when it does not exist, this step will *not* be run.
10 stdin: # Set the stdin of the command directly to the specified value.
11 warn: # if command warnings are on in ansible.cfg, do not warn about this particular line if set to no/false.
4.5.1 案例1-shell模块可以支持| 等
1 [root@test-1 ansible]# ansible test -m shell -a 'netstat -lntup |grep 22'
2 192.168.3.174 | CHANGED | rc=0 >>
3 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 975/sshd
4 tcp6 0 0 :::22 :::* LISTEN 975/sshd
4.6 service模块
用于管理服务
该模块包含如下选项
1 arguments:给命令行提供一些选项
2 enabled:是否开机启动 yes|no
3 name:必选项,服务名称
4 pattern:定义一个模式,如果通过status指令来查看服务的状态时,没有响应,就会通过ps指令在进程中根据该模式进行查找,如果匹配到,则认为该服务依然在运行
5 runlevel:运行级别
6 sleep:如果执行了restarted,在则stop和start之间沉睡几秒钟
7 state:对当前服务执行启动,停止、重启、重新加载等操作(started,stopped,restarted,reloaded)
4.6.1 service设置开机启动
1 [root@test-1 bin]# ansible web1 -m service -a "name=nginx enabled=yes"
2 192.168.200.133 | CHANGED => {
3 "ansible_facts": {
4 "discovered_interpreter_python": "/usr/bin/python"
5 },
6 "changed": true,
7 "enabled": true,
8 "name": "nginx",
9 "status": {
10 "ActiveEnterTimestamp": "Thu 2019-08-22 11:22:08 CST",
11 "ActiveEnterTimestampMonotonic": "644109632234",
12 "ActiveExitTimestamp": "Thu 2019-08-22 11:22:08 CST",
13 "ActiveExitTimestampMonotonic": "644109612635",
14 "ActiveState": "active",
15 "After": "systemd-journald.socket remote-fs.target basic.target network-online.target nss-lookup.target system.slice",
16 "AllowIsolate": "no",
17 "AmbientCapabilities": "0",
18 "AssertResult": "yes",
19 "AssertTimestamp": "Thu 2019-08-22 11:22:08 CST",
20 "AssertTimestampMonotonic": "644109623574",
21 "Before": "shutdown.target",
22 "BlockIOAccounting": "no",
23 "BlockIOWeight": "18446744073709551615",
24 "CPUAccounting": "no",
25 "CPUQuotaPerSecUSec": "infinity",
26 "CPUSchedulingPolicy": "0",
27 "CPUSchedulingPriority": "0",
28 "CPUSchedulingResetOnFork": "no",
29 "CPUShares": "18446744073709551615",
30 "CanIsolate": "no",
31 "CanReload": "yes",
32 "CanStart": "yes",
33 "CanStop": "yes",
34 "CapabilityBoundingSet": "18446744073709551615",
35 "ConditionResult": "yes",
36 "ConditionTimestamp": "Thu 2019-08-22 11:22:08 CST",
37 "ConditionTimestampMonotonic": "644109623574",
38 "Conflicts": "shutdown.target",
39 "ControlGroup": "/system.slice/nginx.service",
40 "ControlPID": "0",
41 "DefaultDependencies": "yes",
42 "Delegate": "no",
43 "Description": "nginx - high performance web server",
44 "DevicePolicy": "auto",
45 "Documentation": "http://nginx.org/en/docs/",
46 "ExecMainCode": "0",
47 "ExecMainExitTimestampMonotonic": "0",
48 "ExecMainPID": "20717",
49 "ExecMainStartTimestamp": "Thu 2019-08-22 11:22:08 CST",
50 "ExecMainStartTimestampMonotonic": "644109632178",
51 "ExecMainStatus": "0",
52 "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -s HUP $MAINPID ; ignore_errors=no ; start_time=[Tue 2019-08-20 20:41:12 CST] ; stop_time=[Tue 2019-08-20 20:41:12 CST] ; pid=18612 ; code=exited ; status=0 }",
53 "ExecStart": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx -c /etc/nginx/nginx.conf ; ignore_errors=no ; start_time=[Thu 2019-08-22 11:22:08 CST] ; stop_time=[Thu 2019-08-22 11:22:08 CST] ; pid=20716 ; code=exited ; status=0 }",
54 "ExecStop": "{ path=/bin/kill ; argv[]=/bin/kill -s TERM $MAINPID ; ignore_errors=no ; start_time=[Thu 2019-08-22 11:22:08 CST] ; stop_time=[Thu 2019-08-22 11:22:08 CST] ; pid=20713 ; code=exited ; status=0 }",
55 "FailureAction": "none",
56 "FileDescriptorStoreMax": "0",
57 "FragmentPath": "/usr/lib/systemd/system/nginx.service",
58 "GuessMainPID": "yes",
59 "IOScheduling": "0",
60 "Id": "nginx.service",
61 "IgnoreOnIsolate": "no",
62 "IgnoreOnSnapshot": "no",
63 "IgnoreSIGPIPE": "yes",
64 "InactiveEnterTimestamp": "Thu 2019-08-22 11:22:08 CST",
65 "InactiveEnterTimestampMonotonic": "644109623218",
66 "InactiveExitTimestamp": "Thu 2019-08-22 11:22:08 CST",
67 "InactiveExitTimestampMonotonic": "644109624078",
68 "JobTimeoutAction": "none",
69 "JobTimeoutUSec": "0",
70 "KillMode": "control-group",
71 "KillSignal": "15",
72 "LimitAS": "18446744073709551615",
73 "LimitCORE": "18446744073709551615",
74 "LimitCPU": "18446744073709551615",
75 "LimitDATA": "18446744073709551615",
76 "LimitFSIZE": "18446744073709551615",
77 "LimitLOCKS": "18446744073709551615",
78 "LimitMEMLOCK": "65536",
79 "LimitMSGQUEUE": "819200",
80 "LimitNICE": "0",
81 "LimitNOFILE": "4096",
82 "LimitNPROC": "31193",
83 "LimitRSS": "18446744073709551615",
84 "LimitRTPRIO": "0",
85 "LimitRTTIME": "18446744073709551615",
86 "LimitSIGPENDING": "31193",
87 "LimitSTACK": "18446744073709551615",
88 "LoadState": "loaded",
89 "MainPID": "20717",
90 "MemoryAccounting": "no",
91 "MemoryCurrent": "18446744073709551615",
92 "MemoryLimit": "18446744073709551615",
93 "MountFlags": "0",
94 "Names": "nginx.service",
95 "NeedDaemonReload": "no",
96 "Nice": "0",
97 "NoNewPrivileges": "no",
98 "NonBlocking": "no",
99 "NotifyAccess": "none",
100 "OOMScoreAdjust": "0",
101 "OnFailureJobMode": "replace",
102 "PIDFile": "/var/run/nginx.pid",
103 "PermissionsStartOnly": "no",
104 "PrivateDevices": "no",
105 "PrivateNetwork": "no",
106 "PrivateTmp": "no",
107 "ProtectHome": "no",
108 "ProtectSystem": "no",
109 "RefuseManualStart": "no",
110 "RefuseManualStop": "no",
111 "RemainAfterExit": "no",
112 "Requires": "basic.target",
113 "Restart": "no",
114 "RestartUSec": "100ms",
115 "Result": "success",
116 "RootDirectoryStartOnly": "no",
117 "RuntimeDirectoryMode": "0755",
118 "SameProcessGroup": "no",
119 "SecureBits": "0",
120 "SendSIGHUP": "no",
121 "SendSIGKILL": "yes",
122 "Slice": "system.slice",
123 "StandardError": "inherit",
124 "StandardInput": "null",
125 "StandardOutput": "journal",
126 "StartLimitAction": "none",
127 "StartLimitBurst": "5",
128 "StartLimitInterval": "10000000",
129 "StartupBlockIOWeight": "18446744073709551615",
130 "StartupCPUShares": "18446744073709551615",
131 "StatusErrno": "0",
132 "StopWhenUnneeded": "no",
133 "SubState": "running",
134 "SyslogLevelPrefix": "yes",
135 "SyslogPriority": "30",
136 "SystemCallErrorNumber": "0",
137 "TTYReset": "no",
138 "TTYVHangup": "no",
139 "TTYVTDisallocate": "no",
140 "TasksAccounting": "no",
141 "TasksCurrent": "18446744073709551615",
142 "TasksMax": "18446744073709551615",
143 "TimeoutStartUSec": "1min 30s",
144 "TimeoutStopUSec": "1min 30s",
145 "TimerSlackNSec": "50000",
146 "Transient": "no",
147 "Type": "forking",
148 "UMask": "0022",
149 "UnitFilePreset": "disabled",
150 "UnitFileState": "disabled",
151 "Wants": "network-online.target system.slice",
152 "WatchdogTimestamp": "Thu 2019-08-22 11:22:08 CST",
153 "WatchdogTimestampMonotonic": "644109632206",
154 "WatchdogUSec": "0"
155 }
156 }
4.7 cron-模块
用于管理设计任务
包含如下选项
1 backup:对远程主机上的原任务计划内容修改之前做备份
2 cron_file:如果指定该选项,则用该文件替换远程主机上的cron.d目录下的用户的任务计划
3 day:日(1-31,*,*/2,……)
4 hour:小时(0-23,*,*/2,……)
5 minute:分钟(0-59,*,*/2,……)
6 month:月(1-12,*,*/2,……)
7 weekday:周(0-7,*,……)
8 job:要执行的任务,依赖于state=present
9 name:该任务的描述
10 special_time:指定什么时候执行,参数:reboot,yearly,annually,monthly,weekly,daily,hourly
11 state:确认该任务计划是创建还是删除
12 user:以哪个用户的身份执行
4.7.1 案例1-使用ansible执行远程的计划定时任务升级系统yum update
1 [root@test-1 ansible]# ansible test -m cron -a 'name="yum update" minute=00 hour=02 day=* month=* weekday=* user=root job="yum update"'
2 192.168.3.174 | CHANGED => {
3 "changed": true,
4 "envs": [],
5 "jobs": [
6 "yum update"
7 ]
8 }
执行结果:
1 [root@test-1 ansible]# ansible test -m command -a "crontab -l"
2 192.168.3.174 | CHANGED | rc=0 >>
3 #Ansible: yum update
4 00 02 * * * yum update
4.7.2 案例2-使用ansible执行远程计划定时任务执行脚本
1 [root@test-1 scripts]# ansible web1 -m cron -a 'name="yum update" minute=02 hour=* day=* month=* weekday=1 user=root job="/usr/bin/bash /scripts/lnmp.sh >/dev/null 2>&1"'
2 192.168.200.133 | CHANGED => {
3 "ansible_facts": {
4 "discovered_interpreter_python": "/usr/bin/python"
5 },
6 "changed": true,
7 "envs": [],
8 "jobs": [
9 "yum update"
10 ]
11 }
12 192.168.200.132 | CHANGED => {
13 "ansible_facts": {
14 "discovered_interpreter_python": "/usr/bin/python"
15 },
16 "changed": true,
17 "envs": [],
18 "jobs": [
19 "yum update"
20 ]
21 }
执行结果:
1 [root@test-1 scripts]# ansible web1 -m command -a "crontab -l"
2 192.168.200.133 | CHANGED | rc=0 >>
3 #Ansible: yum update
4 02 * * * 1 /usr/bin/bash /scripts/lnmp.sh >/dev/null 2>&1
5
6 192.168.200.132 | CHANGED | rc=0 >>
7 #Ansible: yum update
8 02 * * * 1 /usr/bin/bash /scripts/lnmp.sh >/dev/null 2>&1
4.8 yum安装模块
1 config_file:yum的配置文件
2 disable_gpg_check:关闭gpg_check
3 disablerepo:不启用某个源
4 enablerepo:启用某个源
5 name:要进行操作的软件包的名字,也可以传递一个url或者一个本地的rpm包的路径
6 state:定义软件包状态
7 present:安装
8 absent:删除
9 latest:安装最新的
4.8.1 案例1-ansible远程执行安装http服务
1 [root@test-1 ansible]# ansible test -m yum -a "name=httpd state=present"
2 192.168.3.174 | CHANGED => {
3 "ansible_facts": {
4 "pkg_mgr": "yum"
5 },
6 "changed": true,
7 "msg": "",
8 "rc": 0,
9 "results": [
10 "Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: centos.ustc.edu.cn\n * epel: mirrors.aliyun.com\n * extras: mirrors.cn99.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-80.el7.centos.1 will be installed\n--> Processing Dependency: httpd-tools = 2.4.6-80.el7.centos.1 for package: httpd-2.4.6-80.el7.centos.1.x86_64\n--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-80.el7.centos.1.x86_64\n--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-80.el7.centos.1.x86_64\n--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-80.el7.centos.1.x86_64\n--> Running transaction check\n---> Package apr.x86_64 0:1.4.8-3.el7_4.1 will be installed\n---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed\n---> Package httpd-tools.x86_64 0:2.4.6-80.el7.centos.1 will be installed\n---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n httpd x86_64 2.4.6-80.el7.centos.1 updates 2.7 M\nInstalling for dependencies:\n apr x86_64 1.4.8-3.el7_4.1 base 103 k\n apr-util x86_64 1.5.2-6.el7 base 92 k\n httpd-tools x86_64 2.4.6-80.el7.centos.1 updates 90 k\n mailcap noarch 2.1.41-2.el7 base 31 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+4 Dependent packages)\n\nTotal download size: 3.0 M\nInstalled size: 10 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 1.5 MB/s | 3.0 MB 00:01 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : apr-1.4.8-3.el7_4.1.x86_64 1/5 \n Installing : apr-util-1.5.2-6.el7.x86_64 2/5 \n Installing : httpd-tools-2.4.6-80.el7.centos.1.x86_64 3/5 \n Installing : mailcap-2.1.41-2.el7.noarch 4/5 \n Installing : httpd-2.4.6-80.el7.centos.1.x86_64 5/5 \n Verifying : mailcap-2.1.41-2.el7.noarch 1/5 \n Verifying : httpd-tools-2.4.6-80.el7.centos.1.x86_64 2/5 \n Verifying : apr-util-1.5.2-6.el7.x86_64 3/5 \n Verifying : apr-1.4.8-3.el7_4.1.x86_64 4/5 \n Verifying : httpd-2.4.6-80.el7.centos.1.x86_64 5/5 \n\nInstalled:\n httpd.x86_64 0:2.4.6-80.el7.centos.1 \n\nDependency Installed:\n apr.x86_64 0:1.4.8-3.el7_4.1 apr-util.x86_64 0:1.5.2-6.el7 \n httpd-tools.x86_64 0:2.4.6-80.el7.centos.1 mailcap.noarch 0:2.1.41-2.el7 \n\nComplete!\n"
11 ]
12 }
执行结果
1 [root@test-1 ansible]# ansible test -m shell -a "rpm -qa |grep httpd"
2 192.168.3.174 | CHANGED | rc=0 >>
3 httpd-2.4.6-80.el7.centos.1.x86_64
4 httpd-tools-2.4.6-80.el7.centos.1.x86_64
4.8.2 案例2-ansible远程执行安装centos 7 epel源
1 [root@test-1 ansible]# ansible test-3 -m yum -a "name='https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm' state=present"
2 192.168.3.175 | CHANGED => {
3 "ansible_facts": {
4 "pkg_mgr": "yum"
5 },
6 "changed": true,
7 "msg": "",
8 "rc": 0,
9 "results": [
10 "Loaded plugins: fastestmirror\nExamining /root/.ansible/tmp/ansible-tmp-1542686869.36-173961956771252/epel-release-latest-7.noarchxjZ9vT.rpm: epel-release-7-11.noarch\nMarking /root/.ansible/tmp/ansible-tmp-1542686869.36-173961956771252/epel-release-latest-7.noarchxjZ9vT.rpm to be installed\nResolving Dependencies\n--> Running transaction check\n---> Package epel-release.noarch 0:7-11 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n epel-release noarch 7-11 /epel-release-latest-7.noarchxjZ9vT 24 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal size: 24 k\nInstalled size: 24 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : epel-release-7-11.noarch 1/1 \n Verifying : epel-release-7-11.noarch 1/1 \n\nInstalled:\n epel-release.noarch 0:7-11 \n\nComplete!\n"
11 ]
12 }
查看执行结果
1 [root@test-1 ansible]# ansible test-3 -m shell -a 'rpm -qa |grep epel'
2 192.168.3.175 | CHANGED | rc=0 >>
3 epel-release-7-11.noarch
4.9 group-模块
group模块请求的是groupadd,groupdel,groupmod三个指令
1 gid:指定组的gid
2 name:指定用户组名
3 state:是否创建还是删除
4 present: (默认是创建用户)
5 absent:删除用户
6 system:是否为系统用户
4.9.1 案例1-创建一个用户组
1 [root@test-1 scripts]# ansible web1 -m group -a "name=www gid=1000 state=present"
2 192.168.200.133 | CHANGED => {
3 "ansible_facts": {
4 "discovered_interpreter_python": "/usr/bin/python"
5 },
6 "changed": true,
7 "gid": 1000,
8 "name": "www",
9 "state": "present",
10 "system": false
11 }
12 192.168.200.132 | CHANGED => {
13 "ansible_facts": {
14 "discovered_interpreter_python": "/usr/bin/python"
15 },
16 "changed": true,
17 "gid": 1000,
18 "name": "www",
19 "state": "present",
20 "system": false
21 }
执行结果
1 [root@test-1 scripts]# ansible web1 -m shell -a "tail -1 /etc/group"
2 192.168.200.132 | CHANGED | rc=0 >>
3 www:x:1000:
4
5 192.168.200.133 | CHANGED | rc=0 >>
6 www:x:1000:
4.10 user用户模块
user模块是请求的是useradd, userdel, usermod三个指令
1 - name: 管理用户帐号
2 action: user
3 comment # 用户的描述信息
4 createhome # 是否创建家目录
5 force # 在使用`state=absent'是, 行为与`userdel --force'一致.
6 group # 指定基本组
7 groups # 指定附加组,如果指定为('groups=')表示删除所有组
8 home # 指定用户家目录
9 login_class #可以设置用户的登录类 FreeBSD, OpenBSD and NetBSD系统.
10 move_home # 如果设置为`home='时, 试图将用户主目录移动到指定的目录
11 name= # 指定用户名
12 non_unique # 该选项允许改变非唯一的用户ID值
13 password # 指定用户密码
14 remove # 在使用 `state=absent'时, 行为是与 `userdel --remove'一致.
15 shell # 指定用户的shell环境,默认是没有bash,指定系统用户的时候,是有bash环境
16 state #设置帐号状态,不指定为创建,指定值为absent表示删除
17 system # 当创建一个用户,设置这个用户是系统用户。这个设置不能更改现有用户。
18 uid #指定用户的uid
19 update_password # 更新用户密码
4.10.1 案例1-使用ansible远程执行创建一个普通用户,uid为1000,password为123456,创建家目录,指定/bin/bash
1 [root@test-1 .ssh]# ansible test-2 -m user -a 'name=www groups=www password=123456 createhome=yes home=/home/www state=present shell=/bin/bash'
2 [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
3
4 192.168.3.174 | CHANGED => {
5 "changed": true,
6 "comment": "",
7 "create_home": true,
8 "group": 1001,
9 "groups": "www",
10 "home": "/home/www",
11 "name": "www1",
12 "password": "NOT_LOGGING_PASSWORD",
13 "shell": "/bin/bas",
14 "state": "present",
15 "stderr": "useradd: warning: the home directory already exists.\nNot copying any file from skel directory into it.\n",
16 "stderr_lines": [
17 "useradd: warning: the home directory already exists.",
18 "Not copying any file from skel directory into it."
19 ],
20 "system": false,
21 "uid": 1001
22 }
上面黄色标记的提示警告,输入的明文的密码,用户创建成功了,但是密码不对
1 ####利用ansible的user模块状态用户时要注意在password参数的后边添加密文,否则不能登陆用户
2 #通过Python的pip程序安装passlib即可为密码加密
3
4 #安装Python2的pip工具,并通过pip工具安装Python的加密模块来给密码加密
5 [root@ansible ~]# yum -y install python2-pip
6 [root@ansible ~]# pip install passlib
7 Collecting passlib
8 Downloading https://files.pythonhosted.org/packages/ee/a7/d6d238d927df355d4e4e000670342ca4705a72f0bf694027cf67d9bcf5af/passlib-1.7.1-py2.py3-none-any.whl (498kB)
9 100% |████████████████████████████████| 501kB 36kB/s
10 Installing collected packages: passlib
11 Successfully installed passlib-1.7.1
12 [root@test-1 .ssh]# python -c "from passlib.hash import sha512_crypt;import getpass;print sha512_crypt.encrypt(getpass.getpass())"
13 Password: #这里测试,输入的密码为123456
14 $6$rounds=656000$9EdjgslzEasKjuhu$cnHjbtbcaAWBvMbJ/R6PI340gcP.6hmohFESkul5KXswtou/QO3trYJO9Ukkb3qHKw7.YGlFgL2..0b6RCxgm. #这是加密后的密码
再次重新执行验证
1 [root@test-1 .ssh]# ansible test-2 -m user -a 'name=www groups=www password=$6$rounds=656000$9EdjgslzEasKjuhu$cnHjbtbcaAWBvMbJ/R6PI340gcP.6hmohFESkul5KXswtou/QO3trYJO9Ukkb3qHKw7.YGlFgL2..0b6RCxgm. createhome=yes home=/home/www state=present shell=/bin/bash'
2 192.168.3.174 | CHANGED => {
3 "append": false,
4 "changed": true,
5 "comment": "",
6 "group": 100,
7 "groups": "www",
8 "home": "/home/www",
9 "move_home": false,
10 "name": "www",
11 "password": "NOT_LOGGING_PASSWORD",
12 "shell": "/bin/bash",
13 "state": "present",
14 "uid": 1000
15 }
查看执行后的结果
1 [root@test-1 .ssh]# ansible test-2 -m command -a 'tail /etc/passwd'
2 192.168.3.174 | CHANGED | rc=0 >>
3 dbus:x:81:81:System message bus:/:/sbin/nologin
4 polkitd:x:999:998:User for polkitd:/:/sbin/nologin
5 sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
6 postfix:x:89:89::/var/spool/postfix:/sbin/nologin
7 chrony:x:998:996::/var/lib/chrony:/sbin/nologin
8 saslauth:x:997:76:Saslauthd user:/run/saslauthd:/sbin/nologin
9 nginx:x:996:995:nginx user:/var/cache/nginx:/sbin/nologin
10 apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
11 www:x:1000:100::/home/www:/bin/bash
4.11 synchronize-模块
使用rsync同步文件,其参数如下:
1 archive: 归档,相当于同时开启recursive(递归)、links、perms、times、owner、group、-D选项都为yes ,默认该项为开启
2 checksum: 跳过检测sum值,默认关闭
3 compress:是否开启压缩
4 copy_links:复制链接文件,默认为no ,注意后面还有一个links参数
5 delete: 删除不存在的文件,默认no
6 dest:目录路径
7 dest_port:默认目录主机上的端口 ,默认是22,走的ssh协议
8 dirs:传速目录不进行递归,默认为no,即进行目录递归
9 rsync_opts:rsync参数部分(-avz)等参数
10 set_remote_user:主要用于/etc/ansible/hosts中定义或默认使用的用户与rsync使用的用户不同的情况
11 mode: push或pull 模块,push模的话,一般用于从本机向远程主机上传文件,pull 模式用于从远程主机上取文件
12 src:源目录路径
13 rsync_path:指定rsync的执行文件路径
4.11.1 案例1-ansible同步目录文件测试
1 [root@test-1 src]# touch /tmp/hello
2 [root@test-1 src]# vim /tmp/hello
3 [root@test-1 src]# ansible test-2 -m synchronize -a 'src=/tmp/hello dest=/tmp/'
4 192.168.3.174 | CHANGED => {
5 "changed": true,
6 "cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh=/usr/bin/ssh -S none -i /root/.ssh/id_rsa -o Port=22 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --out-format=<<CHANGED>>%i %n%L /tmp/hello 192.168.3.174:/tmp/",
7 "msg": "<f+++++++++ hello\n",
8 "rc": 0,
9 "stdout_lines": [
10 "<f+++++++++ hello"
11 ]
12 }
执行结果
1 [root@test-1 src]# ansible test-2 -m command -a 'ls -lh /tmp/hello'
2 192.168.3.174 | CHANGED | rc=0 >>
3 -rw-r--r--. 1 root root 6 Nov 20 03:15 /tmp/hello
4.11.2 案例2-ansible执行从本地向远程服务器上传文件
1 [root@test-1 src]# ansible test-2 -m synchronize -a 'src=/usr/local/src/ dest=/usr/local/src/ dirs=no dest_port=22 mode=push delete=yes'
2 192.168.3.174 | CHANGED => {
3 "changed": true,
4 "cmd": "/usr/bin/rsync --delay-updates -F --compress --delete-after --archive --rsh=/usr/bin/ssh -S none -i /root/.ssh/id_rsa -o Port=22 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --out-format=<<CHANGED>>%i %n%L /usr/local/src/ 192.168.3.174:/usr/local/src/",
5 "msg": ".d..t...... ./\n<f+++++++++ boost_1_59_0.tar.gz\n<f+++++++++ mysql-5.7.22.tar.gz\n<f+++++++++ nginx-1.14.0.tar.gz\n<f+++++++++ php-7.2.6.tar.gz\n",
6 "rc": 0,
7 "stdout_lines": [
8 ".d..t...... ./",
9 "<f+++++++++ boost_1_59_0.tar.gz",
10 "<f+++++++++ mysql-5.7.22.tar.gz",
11 "<f+++++++++ nginx-1.14.0.tar.gz",
12 "<f+++++++++ php-7.2.6.tar.gz"
13 ]
14 }
执行结果
1 [root@test-1 src]# ansible test-2 -m command -a 'ls -lh /usr/local/src'
2 192.168.3.174 | CHANGED | rc=0 >>
3 total 149M
4 -rw-r--r--. 1 root root 80M Oct 23 01:47 boost_1_59_0.tar.gz
5 -rw-r--r--. 1 root root 50M Oct 22 22:57 mysql-5.7.22.tar.gz
6 -rw-r--r--. 1 root root 993K Apr 17 2018 nginx-1.14.0.tar.gz
7 -rw-r--r--. 1 root root 19M Oct 23 21:43 php-7.2.6.tar.gz
4.11.3 案例3-ansible执行同步案例命令使用
1 [root@test-1 src]# ansible test-2 -m synchronize -a 'src=/usr/local/src/ dest=/usr/local/src/ dirs=no dest_port=22 mode=push delete=yes rsync_path=/usr/bin/rsync rsync_opts="-avz"'
2 192.168.3.174 | CHANGED => {
3 "changed": true,
4 "cmd": "/usr/bin/rsync --delay-updates -F --compress --delete-after --archive --rsh=/usr/bin/ssh -S none -i /root/.ssh/id_rsa -o Port=22 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --rsync-path=/usr/bin/rsync -avz --out-format=<<CHANGED>>%i %n%L /usr/local/src/ 192.168.3.174:/usr/local/src/",
5 "msg": "building file list ... done\n.d..t...... ./\n<f+++++++++ boost_1_59_0.tar.gz\n<f+++++++++ mysql-5.7.22.tar.gz\n<f+++++++++ nginx-1.14.0.tar.gz\n<f+++++++++ php-7.2.6.tar.gz\n\nsent 153,090,035 bytes received 98 bytes 23,552,328.15 bytes/sec\ntotal size is 156,206,518 speedup is 1.02\n",
6 "rc": 0,
7 "stdout_lines": [
8 "building file list ... done",
9 ".d..t...... ./",
10 "<f+++++++++ boost_1_59_0.tar.gz",
11 "<f+++++++++ mysql-5.7.22.tar.gz",
12 "<f+++++++++ nginx-1.14.0.tar.gz",
13 "<f+++++++++ php-7.2.6.tar.gz",
14 "sent 153,090,035 bytes received 98 bytes 23,552,328.15 bytes/sec",
15 "total size is 156,206,518 speedup is 1.02"
16 ]
17 }
执行结果
1 [root@test-1 src]# ansible test-2 -m command -a 'ls -lh /usr/local/src'
2 192.168.3.174 | CHANGED | rc=0 >>
3 total 149M
4 -rw-r--r--. 1 root root 80M Oct 23 01:47 boost_1_59_0.tar.gz
5 -rw-r--r--. 1 root root 50M Oct 22 22:57 mysql-5.7.22.tar.gz
6 -rw-r--r--. 1 root root 993K Apr 17 2018 nginx-1.14.0.tar.gz
7 -rw-r--r--. 1 root root 19M Oct 23 21:43 php-7.2.6.tar.gz
4.12 filesystem-模块
在块设备上创建文件系统
1 dev:目标块设备
2 force:在一个已有文件系统 的设备上强制创建
3 fstype:文件系统的类型
4 opts:传递给mkfs命令的选项
4.12.1 案例
1 ansible test -m filesystem -a 'fstype=ext3 dev=/dev/sdb1 force=yes'
2 ansible test -m filesystem -a 'fstype=ext4 dev=/dev/sdb1 opts="-cc"'
4.13 mount-模块
配置挂载点
1 dump
2 fstype:必选项,挂载文件的类型
3 name:必选项,挂载点
4 opts:传递给mount命令的参数
5 src:必选项,要挂载的文件
6 state:必选项
7 present:只处理fstab中的配置
8 absent:删除挂载点
9 mounted:自动创建挂载点并挂载之
10 umounted:卸载
4.13.1 创建挂载示例
1 ansible test -a 'dd if=/dev/zero of=/disk.img bs=4k count=1024'
2 ansible test -a 'losetup /dev/loop0 /disk.img'
3 ansible test -m filesystem 'fstype=ext4 force=yes opts=-F dev=/dev/loop0'
4 ansible test -m mount 'name=/mnt src=/dev/loop0 fstype=ext4 state=mounted opts=rw'
4.14 get_url模块
该模块主要用于从http、ftp、https服务器上下载文件(类似与wget)
1 sha256sum:下载完成后进行sha256 check;
2 timeout:下载超时时间,默认10s
3 url:下载的URL
4 url_password、url_username:主要用于需要用户名密码进行验证的情况
5 use_proxy:是事使用代理,代理需事先在环境变更中定义
6 dest:指定保存的目录
4.14.1 案例1-url下nginx包
1 [root@test-1 src]# ansible test-2 -m get_url -a "url=http://nginx.org/download/nginx-1.14.1.tar.gz dest=/usr/local/src"
2 192.168.3.174 | CHANGED => {
3 "changed": true,
4 "checksum_dest": null,
5 "checksum_src": "a9dc8c5b055a3f0021d09c112d27422f45dd439c",
6 "dest": "/usr/local/src/nginx-1.14.1.tar.gz",
7 "gid": 0,
8 "group": "root",
9 "md5sum": "18561561ffa2b63885b607453390b49c",
10 "mode": "0644",
11 "msg": "OK (1014040 bytes)",
12 "owner": "root",
13 "secontext": "system_u:object_r:usr_t:s0",
14 "size": 1014040,
15 "src": "/root/.ansible/tmp/ansible-tmp-1542766406.28-80553441492405/tmpe_tiWK",
16 "state": "file",
17 "status_code": 200,
18 "uid": 0,
19 "url": "http://nginx.org/download/nginx-1.14.1.tar.gz"
20 }
查看执行结果
1 [root@test-1 src]# ansible test-2 -m shell -a 'ls /usr/local/src'
2 192.168.3.174 | CHANGED | rc=0 >>
3 nginx-1.14.1.tar.gz
4.15 unarchive-解压模块
1 copy:在解压文件之前,是否先将文件复制到远程主机,默认为yes。若为no,则要求目标主机上压缩包必须存在。
2 creates:指定一个文件名,当该文件存在时,则解压指令不执行
3 dest:远程主机上的一个路径,即文件解压的路径
4 grop:解压后的目录或文件的属组
5 list_files:如果为yes,则会列出压缩包里的文件,默认为no,2.0版本新增的选项
6 mode:解决后文件的权限
7 src:如果copy为yes,则需要指定压缩文件的源路径
8 owner:解压后文件或目录的属主
4.15.1 案例1-ansible从本地解压到目标服务器上,指定路径
1 [root@test-1 scripts]# ansible localhost -m unarchive -a "src=/usr/local/src/nginx-1.16.1.tar.gz dest=/usr/local/src/"
2 192.168.200.131 | CHANGED => {
3 "ansible_facts": {
4 "discovered_interpreter_python": "/usr/bin/python"
5 },
6 "changed": true,
7 "dest": "/usr/local/src/",
8 "extract_results": {
9 "cmd": [
10 "/usr/bin/gtar",
11 "--extract",
12 "-C",
13 "/usr/local/src/",
14 "-z",
15 "-f",
16 "/root/.ansible/tmp/ansible-tmp-1566460438.03-170976243195560/source"
17 ],
18 "err": "",
19 "out": "",
20 "rc": 0
21 },
22 "gid": 0,
23 "group": "root",
24 "handler": "TgzArchive",
25 "mode": "0755",
26 "owner": "root",
27 "size": 53,
28 "src": "/root/.ansible/tmp/ansible-tmp-1566460438.03-170976243195560/source",
29 "state": "directory",
30 "uid": 0
31 }
执行结果查看
1 [root@test-1 scripts]# ansible localhost -m shell -a "ls -a /usr/local/src/"
2 192.168.200.131 | CHANGED | rc=0 >>
3 .
4 ..
5 nginx-1.16.1
6 nginx-1.16.1.tar.gz
4.16 raw模块
类似于shell模块,支持管道
4.16.1 案例使用raw查看
1 [root@test-1 scripts]# ansible localhost -m raw -a "ls -a /usr/local/src/"
2 192.168.200.131 | CHANGED | rc=0 >>
3 . .. nginx-1.16.1 nginx-1.16.1.tar.gz
4 Shared connection to 192.168.200.131 closed.
5
6
7 [root@test-1 scripts]# ansible web1 -m raw -a "netstat -lntup|grep 80"
8 192.168.200.132 | CHANGED | rc=0 >>
9 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 20648/nginx: master
10 Shared connection to 192.168.200.132 closed.
11
12
13 192.168.200.133 | CHANGED | rc=0 >>
14 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 20717/nginx: master
15 Shared connection to 192.168.200.133 closed.
4.17 script脚本模块
1 - name: 将本地脚本复制到远程主机并运行之
2 action: script
3 creates # 一个文件名,当这个文件存在,则该命令不执行
4 free_form= # 本地脚本路径
5 removes # 一个文件名,这个文件不存在,则该命令不执行
4.17.1 案例将本地脚本复制到远程主机并运行
创建测试执行脚本
1 [root@test-1 scripts]# vim /scripts/lnmp.sh
2 [root@test-1 scripts]# cat /scripts/lnmp.sh
3 echo "ansible is lnmp"
ansible远程执行
1 [root@test-1 scripts]# ansible web1 -m script -a "/scripts/lnmp.sh"
2 192.168.200.132 | CHANGED => {
3 "changed": true,
4 "rc": 0,
5 "stderr": "Shared connection to 192.168.200.132 closed.\r\n",
6 "stderr_lines": [
7 "Shared connection to 192.168.200.132 closed."
8 ],
9 "stdout": "ansible is lnmp\r\n",
10 "stdout_lines": [
11 "ansible is lnmp"
12 ]
13 }
14 192.168.200.133 | CHANGED => {
15 "changed": true,
16 "rc": 0,
17 "stderr": "Shared connection to 192.168.200.133 closed.\r\n",
18 "stderr_lines": [
19 "Shared connection to 192.168.200.133 closed."
20 ],
21 "stdout": "ansible is lnmp\r\n",
22 "stdout_lines": [
23 "ansible is lnmp"
24 ]
25 }
注释:
黄色输出的是,脚本编写内容
4.18 setup收集指定服务器的信息
收集指定服务器的信息,每个被管理节点在接收并运行管理命令之前,会将自己主机相关信息,如操作系统版本、IP地址等报告给远程的ansbile主机.在playbooks里经常会用到的一个参数gather_facts就与该模块相关。setup模块下经常使用的一个参数是filter参数,具体使用示例如下:
1 [root@test-1 scripts]# ansible-doc -s setup
2 - name: Gathers facts about remote hosts
3 setup:
4 fact_path: # path used for local ansible facts (`*.fact') - files in this dir will be run (if executable) and their results
5 be added to `ansible_local' facts if a file is not executable it is read. Check
6 notes for Windows options. (from 2.1 on) File/results format can be JSON or INI-
7 format. The default `fact_path' can be specified in `ansible.cfg' for when setup
8 is automatically called as part of `gather_facts'.
9 filter: # if supplied, only return facts that match this shell-style (fnmatch) wildcard.
10 gather_subset: # if supplied, restrict the additional facts collected to the given subset. Possible values: `all', `min',
11 `hardware', `network', `virtual', `ohai', and `facter'. Can specify a list of
12 values to specify a larger subset. Values can also be used with an initial `!' to
13 specify that that specific subset should not be collected. For instance:
14 `!hardware,!network,!virtual,!ohai,!facter'. If `!all' is specified then only the
15 min subset is collected. To avoid collecting even the min subset, specify
16 `!all,!min'. To collect only specific facts, use `!all,!min', and specify the
17 particular fact subsets. Use the filter parameter if you do not want to display
18 some collected facts.
19 gather_timeout: # Set the default timeout in seconds for individual fact gathering
4.18.1 ansible的setup常用模块
ansible_all_ipv4_addresses:仅显示ipv4的信息
ansible_devices:仅显示磁盘设备信息
ansible_distribution:显示是什么系统,例:centos,suse等
ansible_distribution_major_version:显示是系统主版本
ansible_distribution_version:仅显示系统版本
ansible_machine:显示系统类型,例:32位,还是64位
ansible_eth0:仅显示eth0的信息
ansible_hostname:仅显示主机名
ansible_kernel:仅显示内核版本
ansible_lvm:显示lvm相关信息
ansible_memtotal_mb:显示系统总内存
ansible_memfree_mb:显示可用系统内存
ansible_memory_mb:详细显示内存情况
ansible_swaptotal_mb:显示总的swap内存
ansible_swapfree_mb:显示swap内存的可用内存
ansible_mounts:显示系统磁盘挂载情况
ansible_processor:显示cpu个数(具体显示每个cpu的型号)
ansible_processor_vcpus:显示cpu个数(只显示总的个数)
ansible_python_version:显示python版本
4.18.2 执行案例
1 ansible 10.212.52.252 -m setup -a 'filter=ansible_*_mb' //查看主机内存信息
2 ansible 10.212.52.252 -m setup -a 'filter=ansible_eth[0-2]' //查看地接口为eth0-2的网卡信息
3 ansible all -m setup --tree /tmp/facts //将所有主机的信息输入到/tmp/facts目录下,每台主机的信息输入到主机名文件中(/etc/ansible/hosts里的主机名)
4.19 systemd模块
用于管理服务
该模块包含如下选项
1 daemon_reload:重新载入systemd
2 enabled:是否开机启动 yes|no
3 name:必选项,服务名称
4 state:对当前服务执行启动,停止、重启、重新加载等操作(started,stopped,restarted,reloaded)
4.19.1 使用案例
1 ansible webservers -m systemd -a "deamon_reload=yes" // 刷新服务
2 ansible webservers -m systemd -a "name=nginx enabled=yes state=started" // 启动服务并开机启动
3 ansible webservers -m systemd -a "name=nginx enabled=no state=stopped" // 停止服务 开机禁止启动
4 ansible webservers -m systemd -a "name=nginx state=restarted" // 重启服务
4.20 hostname模块
功能:用于管理远程主机的主机名。
name: 必选项,主机名称
4.20.1 使用案例
[root@ansible ansible-kubeadm-install-k8s]# ansible 1.116.112.164 -m hostname -a 'name=k8s-master'
1.116.112.164 | SUCCESS => {
"ansible_facts": {
"ansible_domain": "",
"ansible_fqdn": "k8s-master",
"ansible_hostname": "k8s-master",
"ansible_nodename": "k8s-master",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"name": "k8s-master"
}