ansible常用模块（copy模块,file模块,yum模块,service模块,firewalld模块,）

前言：本篇博客内容承接上一篇博客

添加链接描述

常用模块

1.ping模块

[devops@server1 ansible]$ ansible all -m ping
server3 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
server2 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

2.copy模块

src：源文件路径位置
dest：目的地路径位置

[devops@server1 ansible]$ ansible test -m copy -a 'src=/etc/passwd dest=/tmp/passwd' 
server2 | CHANGED => {
    "changed": true, 
    "checksum": "3cc081d3b176d007c783e59c954eec74f6df7d64", 
    "dest": "/tmp/passwd", 
    "gid": 1001, 
    "group": "devops", 
    "md5sum": "c43e79d19ca578c7f892829679495a01", 
    "mode": "0664", 
    "owner": "devops", 
    "size": 1055, 
    "src": "/home/devops/.ansible/tmp/ansible-tmp-1560418590.1-259605285233838/source", 
    "state": "file", 
    "uid": 1001
}
[devops@server1 ansible]$ ansible test -a 'ls /tmp/passwd'
server2 | CHANGED | rc=0 >>
/tmp/passwd

3.file模块

修改文件的权限

[devops@server1 ansible]$ ansible test -m file -a 'dest=/tmp/passwd mode=600'
server2 | CHANGED => {
    "changed": true, 
    "gid": 1001, 
    "group": "devops", 
    "mode": "0600", 
    "owner": "devops", 
    "path": "/tmp/passwd", 
    "size": 1055, 
    "state": "file", 
    "uid": 1001
}
[devops@server1 ansible]$ ansible test -a 'ls -l /tmp/passwd'
server2 | CHANGED | rc=0 >>
-rw------- 1 devops devops 1055 Jun 13 17:36 /tmp/passwd

4.yum模块

[devops@server1 ansible]$ ansible test -m \
> yum -a 'name=httpd state=present' -b 

执行yum需要root权限，所以要做sudo

[root@server2 ~]# vim /etc/sudoers
[root@server3 ~]# vim  /etc/sudoers

[devops@server1 ansible]$ ansible test -a ‘rpm -q httpd’
查看安装的的版本
server2 | CHANGED | rc=0 >>
httpd-2.4.6-45.el7.x86_64

上一条命令中-b这个选项如果不想加，可以修改文件

[devops@server1 ansible]$ vim ansible.cfg 
[defaults]

inventory	= inventory

[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False

[devops@server1 ansible]$ ansible test -m \
> yum -a 'name=httpd state=present'

5.service模块

常见service有以下指令
reloaded, restarted, started, stopped
[devops@server1 ansible]$ ansible db -m yum -a ‘name=httpd state=present’
[devops@server1 ansible]$ ansible db -m service -a ‘name=httpd state=started’

6.firewalld模块

[devops@server1 ansible]$ ansible test -m copy -a 'content="www.server2.com\n" dest=/var/www/html/index.html'
[devops@server1 ansible]$ curl server2
www.server2.com

正常访问没问题

配置火墙开启并且开机自启动

[devops@server1 ansible]$ ansible db -m service -a 'name=firewalld state=started enabled=true'
[devops@server1 ansible]$ curl server6
curl: (7) Failed connect to server6:80; No route to host

再次访问被拦截

[devops@server1 ansible]$ ansible-doc firewalld ##查看帮助

添加火墙策略

[devops@server1 ansible]$ ansible db -m firewalld -a 'service=http state=enabled permanent=yes  immediate=yes'
server3 | CHANGED => {
    "changed": true, 
    "msg": "Permanent and Non-Permanent(immediate) operation, Changed service http to enabled"
}
[devops@server1 ansible]$ curl server3
www.server3.com

访问成功