模块类型 | 模块 |
---|---|
文件模块 | copy:将本地文件复制到受管主机 file:设置文件的权限和其他属性lineinfile:确保特定行是否在文件中 synchronize:使用rsync同步内容 |
软件包模块 | package:使用操作系统本机的自动检测软件包管理器管理软件包 yum:使用yum管理软件包 apt:使用APT管理软件包 dnf:使用dnf管理软件包 gem:管理Ruby gempip:从PyPI管理Python软件包 |
系统模块 | firewalld:使用firewalld管理防火墙 reboot:重启计算机 service:管理服务 user:添加、删除和管理用户帐户 |
Net Tools模块 | get_url:通过HTTP、HTTPS或FTP下载文件 nmcli:管理网络 uri:与Web服务交互 |
其他模块
command,shell模块:
raw模块:
ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong
[root@localhost ansible]# ansible all -m ping
192.168.25.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
command模块用于在远程主机上执行命令,ansible默认就是使用command模块。(即不指定模块默认使用command模块)
[root@localhost ansible]# ansible all -m command -a 'ls /opt'
192.168.25.130 | CHANGED | rc=0 >>
abc
[root@localhost ansible]# ansible all -a 'ls /opt'
192.168.25.130 | CHANGED | rc=0 >>
abc
command模块参数
[root@localhost ansible]# ansible all -m command -a "chdir=/opt/ ls"
192.168.25.130 | CHANGED | rc=0 >>
abc
[root@node1 ~]# cd /opt/
[root@node1 opt]# ls
abc
[root@localhost ansible]# ansible all -m command -a "creates=/opt/abc echo redhat-test"
192.168.25.130 | SUCCESS | rc=0 >>
skipped, since /opt/abc exists
[root@node1 ~]# cd /opt/
[root@node1 opt]# ls
[root@node1 opt]#
[root@localhost ansible]# ansible all -m command -a "creates=/opt/abc echo redhat-test"
192.168.25.130 | CHANGED | rc=0 >>
redhat-test
[root@node1 ~]# cd /opt/
[root@node1 opt]# ls
[root@node1 opt]#
[root@localhost ansible]# ansible all -m command -a "removes=/opt/abc echo redhat-test"
192.168.25.130 | SUCCESS | rc=0 >>
skipped, since /opt/abc does not exist
[root@node1 ~]# cd /opt/
[root@node1 opt]# ls
abc
[root@localhost ansible]# ansible all -m command -a "removes=/opt/abc echo redhat-test"
192.168.25.130 | CHANGED | rc=0 >>
redhat-test
[root@localhost ansible]# ansible all -m command -a 'touch /opt/ll'
[WARNING]: Consider using the file module with state=touch rather than running
'touch'. If you need to use command because file is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get
rid of this message.
192.168.25.130 | CHANGED | rc=0 >>
[root@localhost ansible]# ansible all -m command -a 'chdir=/opt/ ls'
192.168.25.130 | CHANGED | rc=0 >>
abc
ll
command模块有一个缺陷就是不能使用管道符和重定向功能
[root@localhost ansible]# ansible all -m command -a "echo 'hello world' > /opt/ll"
192.168.25.130 | CHANGED | rc=0 >>
hello world > /opt/ll
[root@localhost ansible]# ansible all -m command -a 'cat /opt/ll'
192.168.25.130 | CHANGED | rc=0 >>
[root@localhost ansible]# ansible all -m command -a 'ps -ef|grep vsftpd'
192.168.25.130 | FAILED | rc=1 >>
error: unsupported SysV option
Usage:
ps [options]
Try 'ps --help '
or 'ps --help '
for additional help text.
For more details see ps(1).non-zero return code
raw模块用于在远程主机上执行命令,其支持管道符与重定向
//支持重定向
[root@localhost ansible]# ansible all -m raw -a 'echo "hell word" > /opt/ll'
192.168.25.130 | CHANGED | rc=0 >>
Shared connection to 192.168.25.130 closed.
[root@localhost ansible]# ansible all -m raw -a 'cat /opt/ll'
192.168.25.130 | CHANGED | rc=0 >>
hell word
Shared connection to 192.168.25.130 closed.
//支持管道符
[root@localhost ansible]# ansible all -m raw -a 'ss -antl'
192.168.25.130 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6010 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6011 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
LISTEN 0 128 [::1]:6010 [::]:*
LISTEN 0 128 [::1]:6011 [::]:*
Shared connection to 192.168.25.130 closed.
[root@localhost ansible]# ansible all -m raw -a 'ss -antl|grep 22'
192.168.25.130 | CHANGED | rc=0 >>
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
Shared connection to 192.168.25.130 closed.
//脚本文件
[root@node1 ~]# vim test.sh
[root@node1 ~]# cat test.sh
#!/bin/bash
echo "hello word"
[root@node1 ~]# chmod +x test.sh
[root@node1 ~]# ll
总用量 12
drwxr-xr-x. 2 root root 6 11月 2 2020 公共
drwxr-xr-x. 2 root root 6 11月 2 2020 模板
drwxr-xr-x. 2 root root 6 11月 2 2020 视频
drwxr-xr-x. 2 root root 6 11月 2 2020 图片
drwxr-xr-x. 2 root root 6 11月 2 2020 文档
drwxr-xr-x. 2 root root 6 11月 2 2020 下载
drwxr-xr-x. 2 root root 6 11月 2 2020 音乐
drwxr-xr-x. 2 root root 6 11月 2 2020 桌面
-rw-------. 1 root root 1230 11月 2 2020 anaconda-ks.cfg
-rw-r--r--. 1 root root 1385 11月 2 2020 initial-setup-ks.cfg
-rwxr-xr-x. 1 root root 31 7月 17 03:49 test.sh
//查看受控主机的脚本文件
[root@localhost ansible]# ansible all -m command -a 'cat test.sh'
192.168.25.130 | CHANGED | rc=0 >>
#!/bin/bash
echo "hello word"
//使用shell模块在受控机上执行受控机上的脚本
[root@localhost ansible]# ansible all -m shell -a '/bin/bash /root/test.sh &> /opt/test.log'
192.168.25.130 | CHANGED | rc=0 >>
[root@localhost ansible]# ansible all -m command -a 'cat /opt/test.log'
192.168.25.130 | CHANGED | rc=0 >>
hello word
script模块是在受控主机上执行ansible管理主机上的脚本,脚本存在于ansible管理主机上,不需要拷贝到受控主机后在执行(即script模块用于在受控机上执行主控机上的脚本)
//脚本文件
[root@localhost ansible]# ls
ansible.cfg hosts inventory roles
[root@localhost ansible]# mkdir scripts
[root@localhost ansible]# cd scripts/
[root@localhost scripts]# vim test.sh
[root@localhost scripts]# cat test.sh
#!/bin/bash
useradd tom
echo "redhat" | passwd --stdin tom
echo "hello word" > ~tom/abc
//在主控机上执行脚本文件
[root@localhost ansible]# ansible all -m script -a 'scripts/test.sh'
192.168.25.130 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.25.130 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.25.130 closed."
],
"stdout": "更改用户 tom 的密码 。\r\npasswd:所有的身份验证令牌已经成功更新。\r\n",
"stdout_lines": [
"更改用户 tom 的密码 。",
"passwd:所有的身份验证令牌已经成功更新。"
]
}
//查看受控机上的内容
[root@node1 ~]# id tom
uid=1001(tom) gid=1002(tom) 组=1002(tom)
[root@node1 ~]# cd /home/tom/
[root@node1 tom]# ls
abc
[root@node1 tom]# cat abc
hello word
//传输文件
[root@localhost ansible]# ansible all -m template -a 'src=~/anaconda-ks.cfg dest=/opt/hehe'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "4e0b9a45ca5724c0e46a70d56213e1d90f2f0595",
"dest": "/opt/hehe/anaconda-ks.cfg",
"gid": 0,
"group": "root",
"md5sum": "a840aed2908e3fca668c10f7face84cc",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 1230,
"src": "/root/.ansible/tmp/ansible-tmp-1626510875.6001868-10108-259486274186289/source",
"state": "file",
"uid": 0
}
[root@node1 ~]# head -3 /opt/hehe
#version=RHEL8
ignoredisk --only-use=nvme0n1
autopart --type=lvm
主要参数
name 指定需要管理的软件包
state 指定软件包的状态
statec常用值
present 确保软件包已安装 【installed】
latest 表示安装yum中最新的版本
removed 表示删除对应的软件包【absent】
//在受控机上查询vsftpd软件是否安装
[root@node1 ~]# rpm -qa|grep vsftpd
[root@node1 ~]#
//在管理主机上通过yum模块在受控机上安装vsftpd
[root@localhost ansible]# ansible all -m yum -a 'name=vsftpd state=present'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-31.el8.x86_64"
]
}
//在管理主机上查询受控机是否安装vsftpd
[root@localhost ansible]# ansible all -m shell -a 'rpm -qa | grep vsftpd'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'.
If you need to use command because yum, dnf or zypper is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to
get rid of this message.
192.168.25.130 | CHANGED | rc=0 >>
vsftpd-3.0.3-31.el8.x86_64
//在管理主机上通过yum模块卸载受控机上的vsftpd
[root@localhost ansible]# ansible all -m yum -a 'name=vsftpd state=absent'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Removed: vsftpd-3.0.3-31.el8.x86_64"
]
}
//在管理主机上查询受控机上的vsftpd是否卸载
[root@localhost ansible]# ansible all -m shell -a 'rpm -qa | grep vsftpd'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'.
If you need to use command because yum, dnf or zypper is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to
get rid of this message.
192.168.25.130 | FAILED | rc=1 >>
non-zero return code
copy模块是将ansible管理主机上的文件拷贝到受管主机上
常用参数
//将管理主机上的inventory拷贝到控制主机上
[root@localhost ansible]# ansible all -m copy -a 'src=/etc/ansible/inventory dest=/opt/inventory'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "895cbc69037e6266a4cc5ac0b702ecbc6e5f93c9",
"dest": "/opt/inventory",
"gid": 0,
"group": "root",
"md5sum": "fb1a9c0d2acdde2788955941206a48f8",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 67,
"src": "/root/.ansible/tmp/ansible-tmp-1626513540.3747706-10780-226187928193702/source",
"state": "file",
"uid": 0
}
[root@node1 ~]# cd /opt/
[root@node1 opt]# ls
abc hehe inventory ll test.log
[root@node1 opt]# cat inventory
[webservers]
192.168.25.130 ansible_user=root ansible_password=1
group模块是帮助我们管理受控主机上的组
常用参数
name 指定要操作的组的名称
sate 指定组的状态【present 创建组 ,absent 删除组】
gid 指定组的gid
system 跟改为系统组(yes/no)
//在受控机上添加一个系统组,其gid为306,组名为mysql
[root@localhost ansible]# ansible all -m group -a 'name=mysql gid=306 state=present'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 306,
"name": "mysql",
"state": "present",
"system": false
}
//查看受控主机上是否创建组
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/group'
192.168.25.130 | CHANGED | rc=0 >>
mysql:x:306:
//将mysql组跟改为系统组
[root@localhost ansible]# ansible all -m group -a 'name=mysql gid=306 system=yes'
192.168.25.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"gid": 306,
"name": "mysql",
"state": "present",
"system": true
}
//更改mysql组的gid
[root@localhost ansible]# ansible all -m group -a 'name=mysql gid=600 '
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 600,
"name": "mysql",
"state": "present",
"system": false
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/group'
192.168.25.130 | CHANGED | rc=0 >>
mysql:x:600:
//删除mysql组
[root@localhost ansible]# ansible all -m group -a 'name=mysql state=absent '
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "mysql",
"state": "absent"
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/group'
192.168.25.130 | FAILED | rc=1 >>
non-zero return code
user模块用来管理受控主机上的用户,例如创建用户,删除用户,修改用户,删除用户,为用户创建密钥等操作
常用参数
name 指定用户的名称
group 指定用户所在的基本组
groups 指定用户所在的附加组
shell 指定用户的默认shell
uid 指定用户的uid
create_home 在创建用户时或home目录不存在时为用户创建home
system 指定用户是否是系统用户
//在受控机上添加一个系统用户,用户名为mysql,uid为306,设置其shell为/sbin/nologin,无家目录
[root@localhost ansible]# ansible all -m user -a 'name=mysql uid=306 shell=/sbin/nologin system=yes create_home=no'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 306,
"home": "/home/mysql",
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 306
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/passwd'
192.168.25.130 | CHANGED | rc=0 >>
mysql:x:306:306::/home/mysql:/sbin/nologin
[root@localhost ansible]# ansible all -m shell -a 'ls /home'
192.168.25.130 | CHANGED | rc=0 >>
ii
runtime
tom
//修改用户的uid
[root@localhost ansible]# ansible all -m user -a 'name=mysql uid=360'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"append": false,
"changed": true,
"comment": "",
"group": 306,
"home": "/home/mysql",
"move_home": false,
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"uid": 360
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/passwd'
192.168.25.130 | CHANGED | rc=0 >>
mysql:x:360:306::/home/mysql:/sbin/nologin
//删除受控主机上的mysql用户
[root@localhost ansible]# ansible all -m user -a 'name=mysql state=absent'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"force": false,
"name": "mysql",
"remove": false,
"state": "absent"
}
[root@localhost ansible]# ansible all -m shell -a 'grep mysql /etc/passwd'
192.168.25.130 | FAILED | rc=1 >>
non-zero return code
service模块帮助我们管理受控主机上的服务
常用参数
name 指定需要操作的服务名称
state 指定服务的状态【started 启动服务,stopped 停止服务】
enabled 指定是否将服务设置为开机自启(yes/no)
//查看受控机上是否安装vsftpd服务
[root@localhost ansible]# ansible all -m shell -a 'rpm -qa |grep vsftpd'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If
you need to use command because yum, dnf or zypper is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of
this message.
192.168.25.130 | FAILED | rc=1 >>
non-zero return code
//在受控主机上安装vsftpd服务
[root@localhost ansible]# ansible all -m yum -a 'name=vsftpd state=present'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-31.el8.x86_64"
]
}
[root@localhost ansible]# ansible all -m shell -a 'rpm -qa |grep vsftpd'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If
you need to use command because yum, dnf or zypper is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of
this message.
192.168.25.130 | CHANGED | rc=0 >>
vsftpd-3.0.3-31.el8.x86_64
//查看受控机上的vsftpd服务是否启动
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.25.130 | FAILED | rc=3 >>
inactivenon-zero return code
//启动受控机上的vsftpd服务
[root@localhost ansible]# ansible all -m service -a 'name=vsftpd state=started'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "vsftpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "systemd-journald.socket basic.target system.slice sysinit.target network.target",
"AllowIsolate": "no",
"AllowedCPUs": "",
......
//查看受控机上的vsftpd服务是否启动
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.25.130 | CHANGED | rc=0 >>
active
//查看受控机上的vsftpd服务是否开机自动启动
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-enabled vsftpd'
192.168.25.130 | FAILED | rc=1 >>
disablednon-zero return code
//设置受控机上的vsftpd服务开机自动启动
[root@localhost ansible]# ansible all -m service -a 'name=vsftpd enabled=yes'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "vsftpd",
"status": {
"ActiveEnterTimestamp": "Sat 2021-07-17 06:15:20 EDT",
"ActiveEnterTimestampMonotonic": "34314422767",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "network.target systemd-journald.socket basic.target sysinit.target system.slice",
......
//查看受控机上的vsftpd服务是否开机自动启动
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-enabled vsftpd'
192.168.25.130 | CHANGED | rc=0 >>
enabled
//停止受控机上的vsftpd服务
[root@localhost ansible]# ansible all -m service -a 'name=vsftpd state=stopped'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "vsftpd",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "Sat 2021-07-17 06:15:20 EDT",
"ActiveEnterTimestampMonotonic": "34314422767",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "system.slice network.target sysinit.target systemd-journald.socket basic.target",
......
[root@localhost ansible]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.25.130 | FAILED | rc=3 >>
inactivenon-zero return code
常用参数
//将/etc/selinx/config中的SELINUX=enforcing跟改为disabled
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/etc/selinux/config regexp="^SELINUX=" line="SELINUX=disabled"'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
[root@localhost ansible]# ansible all -m shell -a 'cat /etc/selinux/config'
192.168.25.130 | CHANGED | rc=0 >>
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
//在受管主机/opt/ll内插入hehe,xixi
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/opt/ll line="hehe\nxixi"'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@localhost ansible]# ansible all -m shell -a 'cat /opt/ll'
192.168.25.130 | CHANGED | rc=0 >>
hell word
hehe
xixi
//删除/opt/ll里的hehe这一行
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/opt/ll state=absent regexp="hehe"'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"found": 1,
"msg": "1 line(s) removed"
}
[root@localhost ansible]# ansible all -m shell -a 'cat /opt/ll'
192.168.25.130 | CHANGED | rc=0 >>
hell word
xixi
//更改属主和属组
[root@node1 opt]# ll ll
-rw-r--r--. 1 root root 15 7月 17 08:45 ll
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/opt/ll owner=zhao group=zhao line=xix state=present'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "ownership, perms or SE linux context changed"
}
[root@node1 ~]# cd /opt/
[root@node1 opt]# ll ll
-rw-r--r--. 1 zhao zhao 19 7月 17 08:52 ll
//在受管主机上的/opt/ll里插入一行
[root@node1 opt]# cat ll
#Listen=80
hell word
xixi
[root@localhost ansible]# ansible all -m lineinfile -a 'path=/opt/ll regexp="^Listen" insertafter="#Listen" line=Listen=80'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@localhost ansible]# ansible all -m shell -a 'cat /opt/ll'
192.168.25.130 | CHANGED | rc=0 >>
#Listen=80
Listen=80
hell word
xixi
firewalld 指定放行的服务,此服务必须要在firewalld-cmd --get-service上查询到
//将受管主机上的vsftpd服务加载到防火墙规则里面去
[root@localhost ansible]# ansible all -m firewalld -a 'service=ftp permanent=yes state=enabled immediate=yes'
192.168.25.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed service ftp to enabled"
}
[root@node1 opt]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ftp ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules: