ansible常用模块有:
raw
、command
、shell
的区别:
ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong
[root@localhost ansible]# ansible all -m ping
192.168.237.161 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
command模块用于在远程主机上执行命令,ansible默认就是使用command模块。
command模块有一个缺陷就是不能使用管道符和重定向功能。
//查看受控主机的/tmp目录内容
[root@localhost ansible]# ansible all -a 'ls /tmp' //ansible默认使用command模块,无需指定
192.168.237.161 | CHANGED | rc=0 >>
ansible_command_payload_pZphWA
ks-script-Drhiok
vmware-root
yum.log
//在受控主机的/tmp目录下新建一个文件123
[root@localhost ansible]# ansible all -a 'touch /tmp/123'
[WARNING]: Consider using the file module with state=touch rather than running
'touch'. If you need to use command because file is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get
rid of this message.
192.168.237.161 | CHANGED | rc=0 >>
[root@localhost ansible]# ansible all -a 'ls /tmp'
192.168.237.161 | CHANGED | rc=0 >>
123
ansible_command_payload_OIL0RJ
//command模块不支持重定向和管道符
[root@localhost ansible]# ansible all -a "echo 'hello world' > /tmp/123"
192.168.237.161 | CHANGED | rc=0 >>
hello world > /tmp/123
[root@localhost ansible]# ansible all -a 'cat /tmp/123'
192.168.237.161 | CHANGED | rc=0 >>
[root@localhost ansible]# ansible all -a 'ls /tmp | grep abc'
192.168.237.161 | FAILED | rc=2 >>
/tmp:
123
abc
ansible_command_payload_7zbh0B
hellols: 无法访问|: 没有那个文件或目录
ls: 无法访问grep: 没有那个文件或目录
ls: 无法访问abc: 没有那个文件或目录non-zero return code
raw模块用于在远程主机上执行命令,其支持管道符与重定向
//支持重定向
[root@localhost ansible]# ansible all -m raw -a 'echo "hello world" > /tmp/123'
192.168.237.161 | CHANGED | rc=0 >>
Shared connection to 192.168.237.161 closed.
[root@localhost ansible]# ansible all -m raw -a 'cat /tmp/123'
192.168.237.161 | CHANGED | rc=0 >>
hello world
Shared connection to 192.168.237.161 closed.
//支持管道符
[root@localhost ansible]# ansible all -m raw -a 'cat /tmp/123 | grep hello'
192.168.237.161 | CHANGED | rc=0 >>
hello
Shared connection to 192.168.237.161 closed.
//执行脚本文件
[root@localhost ansible]# ansible all -m raw -a '/home/abc.sh'
192.168.237.161 | CHANGED | rc=0 >>
hello world
Shared connection to 192.168.237.161 closed.
shell模块用于在受控机上执行受控机上的脚本,亦可直接在受控机上执行命令。shell模块亦支持管道与重定向。
//使用shell模块在受控机上执行受控机上的脚本
[root@localhost ansible]# ansible all -m shell -a '/home/abc.sh'
192.168.237.161 | CHANGED | rc=0 >>
hello world
//支持管道符
[root@localhost ansible]# ansible all -m shell -a 'cat /tmp/123 | grep c'
192.168.237.161 | CHANGED | rc=0 >>
ccc
//支持重定向
[root@localhost ansible]# ansible all -m shell -a 'echo "hello world" > /tmp/123'
192.168.237.161 | CHANGED | rc=0 >>
[root@localhost ansible]# ansible all -m shell -a 'cat /tmp/123'
192.168.237.161 | CHANGED | rc=0 >>
hello world
script模块用于在受控机上执行控制节点上的脚本
[root@localhost ansible]# vim script.sh
[root@localhost ansible]# chmod +x script.sh
[root@localhost ansible]# ll script.sh
-rwxr-xr-x. 1 root root 19 7月 18 20:47 script.sh
[root@localhost ansible]# ansible all -m script -a '/etc/ansible/script.sh' //在受控主机上执行控制节点的脚本
192.168.237.161 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.237.161 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.237.161 closed."
],
"文件系统 容量 已用 可用 已用% 挂载点",
"/dev/mapper/centos-root 47G 1.2G 46G 3% /",
"devtmpfs 899M 0 899M 0% /dev",
"tmpfs 911M 0 911M 0% /dev/shm",
"tmpfs 911M 9.5M 902M 2% /run",
"tmpfs 911M 0 911M 0% /sys/fs/cgroup",
"/dev/sda1 1014M 142M 873M 14% /boot",
"tmpfs 183M 0 183M 0% /run/user/0"
]
}
template模块用于生成一个模板,并可将其传输至远程主机上。
[root@localhost ansible]# ansible all -m template -a 'src=/etc/ansible/inventory dest=/tmp/inventory'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "318fd6327aae78a489c73d582bcf40c3f330f854",
"dest": "/tmp/inventory",
"gid": 0,
"group": "root",
"md5sum": "3481650197f5d89f1270d0d930df4c91",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 16,
"src": "/root/.ansible/tmp/ansible-tmp-1626613193.61-48240-145514729812004/source",
"state": "file",
"uid": 0
}
//查看受控主机上是否有inventory文件
[root@node1 tmp]# ls | grep inventory
inventory
yum模块用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个
name:要管理的包名
state:要进行的操作
latest:安装软件 //安装最新版本软件
installed:安装软件 //让软件处于已安装的状态
present:安装软件 //直接安装
removed:卸载软件 //移除
absent:卸载软件 //缺席,这两个都是卸载的意思
使用yum模块在受控主机上安装vsftpd
//在受控机上查询看vsftpd软件是否安装
[root@node1 ~]# rpm -qa | grep vsftp
[root@node1 ~]#
//在控制节点上使用yum模块在受控机上安装vsftpd
[root@localhost ansible]# ansible all -m yum -a 'name=vsftpd state=present'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"vsftpd"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package vsftpd.x86_64 0:3.0.2-29.el7_9 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n vsftpd x86_64 3.0.2-29.el7_9 updates 173 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 173 k\nInstalled size: 353 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : vsftpd-3.0.2-29.el7_9.x86_64 1/1 \n Verifying : vsftpd-3.0.2-29.el7_9.x86_64 1/1 \n\nInstalled:\n vsftpd.x86_64 0:3.0.2-29.el7_9 \n\nComplete!\n"
]
}
//查看受控机上是否安装了vsftpd
[root@node1 ~]# rpm -qa | grep vsftpd
vsftpd-3.0.2-29.el7_9.x86_64
copy模块用于复制文件至远程受控机。
[root@localhost ansible]# ansible all -m copy -a 'src=/etc/ansible/scripts/a.sh dest=/tmp/scripts/'
192.168.237.161 | CHANGED => { //src:源 dest:目的地 目录不存在会自动创建,文件名不指定就用原文件名
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "80b4565043d489842b91f31101cfd5d00e670fce",
"dest": "/tmp/scripts/a.sh",
"gid": 0,
"group": "root",
"md5sum": "98d44a7874ea843e81a1694b8c9e5abc",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 19,
"src": "/root/.ansible/tmp/ansible-tmp-1626614966.98-79775-23375932737364/source",
"state": "file",
"uid": 0
}
[root@node1 tmp]# ls scripts/
a.sh
//在受控机上添加一个系统用户,用户名为mysql,uid为306,设置其shell为/sbin/nologin,无家目录
[root@localhost ansible]# ansible all -m user -a 'name=mysql uid=777 system=yes create_home=no shell=/sbin/nologin state=present'
192.168.237.161 | CHANGED => { //create_home=no 不创建家目录 system=yes 系统用户
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 777,
"home": "/home/mysql",
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 777
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/passwd'
192.168.237.161 | CHANGED | rc=0 >>
mysql:x:777:777::/home/mysql:/sbin/nologin
[root@localhost ansible]# ansible all -m shell -a 'ls /home'
192.168.237.161 | CHANGED | rc=0 >>
abc.sh
ka
wys
//修改mysql用户的uid为707
[root@localhost ansible]# ansible all -m user -a 'name=mysql uid=707'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": true,
"comment": "",
"group": 777,
"home": "/home/mysql",
"move_home": false,
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"uid": 707
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/passwd'
192.168.237.161 | CHANGED | rc=0 >>
mysql:x:707:777::/home/mysql:/sbin/nologin
//删除受控机上的mysql用户
[root@localhost ansible]# ansible all -m user -a 'name=mysql state=absent' //需要删除用户的家目录时加上remove=yes
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "mysql",
"remove": false,
"state": "absent"
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/passwd'
192.168.237.161 | FAILED | rc=1 >>
non-zero return code
group模块用于在受控机上添加或删除组。
//在受控机上添加一个系统组,其gid为306,组名为mysql
[root@localhost ansible]# ansible all -m group -a 'name=mysql gid=777 state=present'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 777,
"name": "mysql",
"state": "present",
"system": false
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/group'
192.168.237.161 | CHANGED | rc=0 >>
mysql:x:777:
//修改mysql组gid
[root@localhost ansible]# ansible all -m group -a 'name=mysql gid=707'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 707,
"name": "mysql",
"state": "present",
"system": false
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/group'
192.168.237.161 | CHANGED | rc=0 >>
mysql:x:707:
//删除受控机上的mysql组
[root@localhost ansible]# ansible all -m group -a 'name=mysql state=absent'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "mysql",
"state": "absent"
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/group'
192.168.237.161 | FAILED | rc=1 >>
non-zero return code
service模块用于管理受控机上的服务。
//查看受控机上的vsftpd服务是否启动
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.237.161 | FAILED | rc=3 >>
unknownnon-zero return code
//启动受控机上的vsftpd服务
[root@localhost ansible]# ansible all -m service -a 'name=vsftpd state=started'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "vsftpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
......
}
//查看vsftpd是否启动
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.237.161 | CHANGED | rc=0 >>
active
//查看受控机上的vsftpd服务是否开机自启
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-enabled vsftpd'
192.168.237.161 | FAILED | rc=1 >>
disablednon-zero return code
//设置受控机上的vsftpd服务开机自启
[root@localhost ansible]# ansible all -m service -a 'name=vsftpd enabled=yes'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"enabled": true,
"name": "vsftpd",
"status": {
"ActiveEnterTimestamp": "日 2021-07-18 22:40:44 CST",
......
}
//查看受控机上的vsftpd服务是否开机自启
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-enabled vsftpd'
192.168.237.161 | CHANGED | rc=0 >>
enabled
//禁止vsftpd服务开机自启
[root@localhost ansible]# ansible all -m service -a 'name=vsftpd enabled=no'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"enabled": false,
"name": "vsftpd",
"status": {
"ActiveEnterTimestamp": "日 2021-07-18 22:40:44 CST",
}
//查看vsftpd服务是否开机自启
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-enabled vsftpd'
192.168.237.161 | FAILED | rc=1 >>
disablednon-zero return code
//停止vsftpd服务
[root@localhost ansible]# ansible all -m service -a 'name=vsftpd state=stopped'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "vsftpd",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "日 2021-07-18 22:40:44 CST",
}
//查看vsftpd服务是否启动
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.237.161 | FAILED | rc=3 >>
unknownnon-zero return code
//查看端口号
[root@localhost ansible]# ansible all -m shell -a 'ss -antl'
192.168.237.161 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
file 模块可以帮助我们完成一些对文件的基本操作。比如,创建文件或目录、删除文件或目录、修改文件权限等。
常用参数:
rw-r-x---
,可以使用mode=650或者mode=0650,效果相同。1.创建文件
[root@localhost ansible]# ansible all -m file -a 'path=/tmp/abc state=touch'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/tmp/abc",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
[root@node1 tmp]# ls
abc
2.创建目录
[root@localhost ansible]# ansible all -m file -a 'path=/tmp/haha state=directory'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/haha",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
[root@node1 tmp]# ll
总用量 0
-rw-r--r--. 1 root root 0 7月 19 09:36 abc
drwxr-xr-x. 2 root root 6 7月 19 10:04 haha
3.创建软链接
[root@localhost ansible]# ansible all -m file -a 'path=/tmp/hehe src=/tmp/haha state=link'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/tmp/hehe",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 9,
"src": "/tmp/haha",
"state": "link",
"uid": 0
}
[root@node1 tmp]# ll
总用量 0
-rw-r--r--. 1 root root 0 7月 19 09:36 abc
drwxr-xr-x. 2 root root 6 7月 19 10:04 haha
lrwxrwxrwx. 1 root root 9 7月 19 10:08 hehe -> /tmp/haha
4.更改文件的权限mode
[root@localhost ansible]# ansible all -m file -a 'path=/tmp/abc mode=666' //path文件的位置,mode文件的权限
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0666",
"owner": "root",
"path": "/tmp/abc",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
[root@node1 tmp]# ll | grep abc
-rw-rw-rw-. 1 root root 0 7月 18 18:36 abc
5.修改文件的属主owner
[root@localhost ansible]# ansible all -m file -a 'path=/tmp/abc owner=123'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0666",
"owner": "123",
"path": "/tmp/abc",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 0,
"state": "file",
"uid": 123
}
[root@node1 tmp]# ll | grep abc
-rw-rw-rw-. 1 123 root 0 7月 18 18:36 abc
6.修改文件的属组group
[root@localhost ansible]# ansible all -m file -a 'path=/tmp/abc group=123'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 123,
"group": "123",
"mode": "0666",
"owner": "123",
"path": "/tmp/abc",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 0,
"state": "file",
"uid": 123
}
[root@node1 tmp]# ll | grep abc
-rw-rw-rw-. 1 123 123 0 7月 18 18:36 abc
blockinfile 模块可以在指定的文件中插入一段被标记过的文本,以便在以后的操作中可以通过”标记”找到这段文本,然后修改或者删除它。
常用参数
# BEGIN ANSIBLE MANAGED BLOCK
,结束标记为# END ANSIBLE MANAGED BLOCK
,我们可以使用marker参数自定义”标记”。比如,marker=#{mark}test
,这样设置以后,开始标记变成了# BEGIN test
,结束标记变成了# END test
。present
与absent
。将指定的一段文本插入到文件中,如果文件中已经存在对应标记的文本,state值为present
则会更新对应段落,state值为absent
则会删除对应标记的文本。//插入标记文本
[root@localhost ansible]# ansible all -m blockinfile -a 'path=/tmp/123 block="abczcx"'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "Block inserted"
}
[root@node1 tmp]# cat 123
hello world
hello
lll
# BEGIN ANSIBLE MANAGED BLOCK //开始标记
abczcx
# END ANSIBLE MANAGED BLOCK //结束标记
//删除标记文本
[root@localhost ansible]# ansible all -m blockinfile -a 'path=/tmp/123 block="abczcx" state=absent'
192.168.237.161 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "Block removed"
}
[root@node1 tmp]# cat 123
hello world
hello
lll