Ansible是一个IT自动化工具。它能配置系统、部署软件、编排更复杂的 IT 任务,如连续部署或零停机时间滚动更新。Ansible 用 Python 编写,尽管市面上已经有很多可供选择的配置管理解决方案(例如 Salt、Puppet、Chef等),但它们各有优劣,而Ansible的特点在于它的简洁。让 Ansible 在主流的配置管理系统中与众不同的一点便是,它并不需要你在想要配置的每个节点上安装自己的组件。同时提供的另一个优点,如果需要的话,你可以在不止一个地方控制你的整个基础架构(Ansible没有客户端)
1、在ANSIBLE 管理体系中,存在"管理节点" 和 “被管理节点” 两种角色。
2、被管理节点通常被称为"资产"
3、在管理节点上,Ansible将 AdHoc 或 PlayBook 转换为Python脚本
inventory 英 [ˈɪnvəntri] 美 [ˈɪnvəntɔːri] n.财产清单
Ad-hoc:相当于shell普通命令行
PlayBook:相当于shell脚本
首选yum安装,如果想要二次开发,用pip安装
管理节点安装Ansible被管理节点不安装Ansible
[kakaops@ansible ~]$ sudo yum -y install epel-release
[kakaops@ansible ~]$ sudo yum -y install ansible
[kakaops@ansible ~]$ ansible --version
ansible 2.9.14
config file = /etc/ansible/ansible.cfg
configured module search path = [u’/home/kakaops/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 2.7.5 (default, Apr 2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
[kakaops@ansible ~]$ sudo yum -y install epel-release
[kakaops@ansible ~]$ sudo yum install python2-pip
[kakaops@ansible ~]$ sudo pip install ansible
管理节点(Ansible)创建密钥对
管理节点把本地的公钥传输到被管理节点
每个被管理节点都需要传递公钥做免密
[kakaops@ansible ~]$ ssh-keygen
[kakaops@ansible ~]$ sudo ssh-copy-id -i 10.11.67.18
[kakaops@ansible ~]$ sudo ssh-copy-id -i 10.11.67.19
[kakaops@ansible ~]$ sudo ssh-copy-id -i 10.11.67.20
[kakaops@ansible ~]$ sudo ssh-copy-id -i 10.11.67.21
[kakaops@ansible ~]$ sudo ssh 10.11.67.18
[kakaops@ansible ~]$ sudo ssh 10.11.67.19
[kakaops@ansible ~]$ sudo ssh 10.11.67.20
[kakaops@ansible ~]$ sudo ssh 10.11.67.21
[kakaops@ansible ~]$ ansible all -i hosts --list-hosts
hosts (4):
10.11.67.18
10.11.67.19
10.11.67.20
10.11.67.21
修改inventory、roles目录路径、执行远程用户的名
inventory = /home/kakaops/ansible/inventory
roles_path = /home/kakaops/ansible/roles
remote_user = root(这个是远程主机用户名字root)
普通账户sudo操作Ansible修改Anshble的配置文里面的特权升级
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
ansible all -i 172.18.0.3, -m ping
不指定-i参数,默认是配置文件中制定的inventory路径
-i可以指定一个文件,如果是ip,要加逗号,告诉absible指定的是列表
尤其是-i后面跟只有一个单独的ip的时候,一定要加逗号
ansible all -i hosts -m copy -a “src=/mnt/test.sh dest=/mnt/a.txt”
-i:指定Ansible 的资产,也就是被管理服务器。
-m:指定要运行的模块,比如这里的 ping 模块和 copy 模块
-a:指定模块的参数, 这里模块 ping 没有指定参数。 模块 copy 指定了 src 和 dest 参数
源文件src:source file
目的文件dest:destination file
ansible 就是用什么模块,让谁去干什么事情
Ansible 的资产分为静态资产和动态资产
动态资产会在后面的高级部分详细阐释,下面仅介绍静态资产
本身是一个文本文件,一个格式类似INI的文件。默认情况下,Ansible的资产文件位于 /ect/ansible/hosts
pip 安装的可能没有这个文件,创建一个即可。
/ect/ansible/hosts ansiblel配置文件中的inventory指定的静态资产路径
这个文件可以自定义,之后使用相应的参数指定。
下面给出一个自定义的静态资产实例,然后再具体解释其含义
2.2.2.2
3.3.3.[1:15]
test01.kakaops.com
test[05:09].kakaops.com
[web_servers]
192.168.1.2
192.168.1.3
[dbdb_servers]
192.168.2.2
192.168.2.3
[alldb_servers]
192.168.9.2
[alldb_servers:children]
dbdb_servers
web_servers
1、Ansible 的资产文件中,可以以IP地址的形式或者域名(做域名解析)的形式存在
2、Ansible 的资产若连续,可以使用[stat:end] 的形式去表达
3、可以将服务器按照业务场景定义成组,比如dbdb_servers和web_servers
4、组和组之间可以存在继承关系,比如dbdb_servers和web_servers同时继承alldb_servers组
[web_server]
10.11.67.18
10.11.67.19
[db_server]
10.11.67.20
[my_server]
10.11.67.21
[my_server:children]
web_server
组名的特殊字符只能是下划线_
[my_server:children],下面给只能写主机组名字,且主机组名不带[]
i:指定自定义资产的路径就可以使用,不指定-i 就按照配置文件里面指定默认路径
列出所有的资产:
[kakaops@ansible ansible]$ sudo ansible all -i hosts --list-hosts
列出选定资产:
[kakaops@ansible ansible]$ sudo ansible my_server -i hosts --list-hosts
[kakaops@ansible ansible]$ sudo ansible 10.11.67.20 -i hosts --list-hosts
[kakaops@ansible ansible]$ sudo ansible 10.11.67.20,10.11.67.19 -i hosts --list-hosts
有时操作者希望只对资产中的一部分服务器进行操作,而不是资产中所有服务器
此时可以使用 Ansible 的资产选择器 PATTERN
使用pattern选择一台或者几台资产
ansible 10.11.67.20 -i hosts --list-hosts
ansible 10.11.67.20,10.11.67.19 -i hosts --list-hosts
使用pattern选择一组资产
ansible my_server -i hosts --list-hosts
使用匹配资产
ansible 10.11.67. -i hosts --list-hosts
使用逻辑匹配并集、交集、补集(引号引起来)
并集 :
ansible “web_server:db_server” -i hosts --list-hosts
交集 :&
ansible ‘web_server:&db_server’ -i hosts --list-hosts
差集 :!
在web_servers中,但是不在db_servers中
ansible ‘web_server:!db_server’ -i hosts --list-hosts
Ad-hoc 是一个概念性的名字,是相对于写 Ansible playbook 来说的.类似于在命令行敲入shell命令和 写shell scripts两者之间的关系。可以用于执行一些临时命令。如果我们敲入一些命令去比较快的完成一些事情,而不需要将这些执行的命令特别保存下来, 这样的命令就叫做 ad-hoc 命令。Ansible提供两种方式去完成任务,一是 ad-hoc 命令,一是写 Ansible playbook(这部分在高级课程中会详细阐释)。前者可以解决一些简单的任务, 后者解决较复杂的任务,比如做配置管理或部署
ansible pattern [-i inventory] -m module -a argument
Ansible 模块分三种类型: 核心模块(core module)、附加模块(extra module)及用户自定义模块(consume module)
核心模块是由Ansible 的官方团队提供的
附加模块是由各个社区提供的。例如: OPENSTACK(kvm虚拟机集群) 社区、DOCKER 社区等等
当核心模块和附加模块都无法满足你的需求时,用户可以自定义模块
默认情况下,在安装Ansible 的时候, 核心模块和附加模块都已经安装而无需用户干预
列举出所有的核心模块和附加模块
[kakaops@ansible ansible]$ ansible-doc -l
查询某个模块的使用方法
[kakaops@ansible ansible]$ ansible-doc modulename
查询某个模块的使用方法,比较简洁的信息
[kakaops@ansible ansible]$ ansible-doc -s modulename
使用方法示例:
[kakaops@ansible ansible]$ ansible-doc -l | grep yum
[kakaops@ansible ansible]$ ansible-doc yum_repository
G直接翻到最后,看使用示例
两个模块都是在远程服务器上去执行命令
但command模块是ad-hoc的默认模块在执行ad-hoc时,若不指定模块的名字则默认使用此模块
ansible all -i hosts -a “echo ‘hello’”
ansible all -i hosts -m shell -a “echo ‘hello’”
ansible all -i hosts -m shell -a “cat /etc/passwd | wc -l”
两个模块的差异
• shell 模块可以执行SHELL 的内置命令和特性(比如管道符)
• command 模块无法执行SHELL 的内置命令和特性
[kakaops@ansible ansible]$ sudo ansible all -i hosts -a "echo 'kakaops'"
[sudo] kakaops 的密码:
Sunday 01 November 2020 18:36:28 +0800 (0:00:00.093) 0:00:00.093 *******
10.11.67.21 | CHANGED | rc=0 >>
kakaops
10.11.67.18 | CHANGED | rc=0 >>
kakaops
10.11.67.19 | CHANGED | rc=0 >>
kakaops
10.11.67.20 | CHANGED | rc=0 >>
kakaops
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m shell -a "echo 'kakaops'"
Sunday 01 November 2020 18:36:58 +0800 (0:00:00.067) 0:00:00.067 *******
10.11.67.21 | CHANGED | rc=0 >>
kakaops
10.11.67.20 | CHANGED | rc=0 >>
kakaops
10.11.67.18 | CHANGED | rc=0 >>
kakaops
10.11.67.19 | CHANGED | rc=0 >>
kakaops
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m shell -a "cat /etc/passwd | wc -l"
Sunday 01 November 2020 18:38:26 +0800 (0:00:00.063) 0:00:00.063 *******
10.11.67.21 | CHANGED | rc=0 >>
23
10.11.67.18 | CHANGED | rc=0 >>
24
10.11.67.19 | CHANGED | rc=0 >>
23
10.11.67.20 | CHANGED | rc=0 >>
23
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m command -a "cat /etc/passwd | wc -l"
Sunday 01 November 2020 18:38:47 +0800 (0:00:00.063) 0:00:00.063 *******
10.11.67.18 | FAILED | rc=1 >>
cat:无效选项 -- l
Try 'cat --help' for more information.non-zero return code
10.11.67.20 | FAILED | rc=1 >>
cat:无效选项 -- l
Try 'cat --help' for more information.non-zero return code
10.11.67.21 | FAILED | rc=1 >>
cat:无效选项 -- l
Try 'cat --help' for more information.non-zero return code
10.11.67.19 | FAILED | rc=1 >>
cat:无效选项 -- l
Try 'cat --help' for more information.non-zero return code
将管理节点上的脚本传递到被管理节点(远程服务器)上进行执行。
脚本不会传递到被管理资产上,只是产生了执行脚本的效果
默认使用bash 解释器,如果是python脚本,指定python解释器
脚本里使用绝对路径,如果是相对路径,是相对于被管理资产的家目录
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m script -a "/mnt/test.sh"
Sunday 01 November 2020 18:45:31 +0800 (0:00:00.064) 0:00:00.064 *******
10.11.67.21 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.11.67.21 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.11.67.21 closed."
],
"stdout": "",
"stdout_lines": []
}
10.11.67.20 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.11.67.20 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.11.67.20 closed."
],
"stdout": "",
"stdout_lines": []
}
10.11.67.18 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.11.67.18 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.11.67.18 closed."
],
"stdout": "",
"stdout_lines": []
}
10.11.67.19 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.11.67.19 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.11.67.19 closed."
],
"stdout": "",
"stdout_lines": []
}
copy 模块的主要用于管理节点和被管理节点之间的文件拷贝。
常用参数
src:指定拷贝文件的源地址
dest:指定拷贝文件的目标地址
backup:拷贝文件前,若原目标文件发生了变化,则对目标文件进行备份,在被管理资产上加入时间戳备份
owner:指定新拷贝文件的所有者
group:指定新拷贝文件的所有组
mode:指定新拷贝文件的权限
ansible 10.11.67.20 -i hosts -m copy -a “src=./hosts dest=/mnt/hosts owner=root group=root mode=777”
ansible 10.11.67.20 -i hosts -m copy -a “src=./hosts dest=/mnt/hosts backup=yes owner=root group=root mode=777”
[kakaops@ansible ansible]$ sudo ansible 10.11.67.20 -i hosts -m copy -a "src=./hosts dest=/mnt/hosts owner=root group=root mode=777"
[sudo] kakaops 的密码:
Sunday 01 November 2020 18:55:12 +0800 (0:00:00.064) 0:00:00.064 *******
10.11.67.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "3f10f244ecc0efad4f90612d0e5a78b81e45bbcc",
"dest": "/mnt/hosts",
"gid": 0,
"group": "root",
"md5sum": "9b9803b6d236aec7a4a98cd6abdf16a4",
"mode": "0777",
"owner": "root",
"size": 133,
"src": "/root/.ansible/tmp/ansible-tmp-1604228112.57-30600-133305554930484/source",
"state": "file",
"uid": 0
}
[root@serverb ~]# ls /mnt
a.txt hosts
[kakaops@ansible ansible]$ sudo ansible 10.11.67.20 -i hosts -m copy -a "src=./hosts dest=/mnt/hosts backup=yes owner=root group=root mode=777"
Sunday 01 November 2020 18:58:43 +0800 (0:00:00.062) 0:00:00.062 *******
10.11.67.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup_file": "/mnt/hosts.5211.2020-11-01@18:58:43~",
"changed": true,
"checksum": "dbacc96e19fd9abcd5083ffc8480ad20a456b25a",
"dest": "/mnt/hosts",
"gid": 0,
"group": "root",
"md5sum": "1c0a2f3c50a5ad47e65bce80f66af17a",
"mode": "0777",
"owner": "root",
"size": 134,
"src": "/root/.ansible/tmp/ansible-tmp-1604228323.7-32715-93127853396913/source",
"state": "file",
"uid": 0
}
[root@serverb ~]# ls /mnt
a.txt hosts hosts.5084.2020-11-01@18:57:31~
第一次copy不必用backup=yes,除非被管理节点已经存在重名文件,希望备份一下,或者修改源文件继续拷贝,希望备份
等同于 Linux 上的YUM 命令, 对远程服务器上RPM包进行管理。
常用参数
name:要安装的软件包名, 多个软件包以英文逗号(,) 隔开
state :对当前指定的软件安装、移除操作(present installed latest absent removed)
支持的参数
- present 确认已经安装,但不升级
- installed 确认已经安装
- latest 确保安装,且升级为最新
- absent 和 removed 确认已移除
ansible web_server -i hosts -m yum -a “name=nginx state=present”
ansible web_server -i hosts -m yum -a “name=nginx state=installed”
ansible web_server -i hosts -m yum -a “name=nginx state=latest”
ansible web_server -i hosts -m yum -a “name=nginx state=absent”
ansible web_server -i hosts -m yum -a “name=nginx state=removed”
[kakaops@ansible ansible]$ sudo ansible web_server -i hosts --list-hosts
hosts (2):
10.11.67.18
10.11.67.19
[kakaops@ansible ansible]$ sudo ansible web_server -i hosts -m yum -a "name=nginx state=present"
Sunday 01 November 2020 19:09:21 +0800 (0:00:00.062) 0:00:00.062 *******
10.11.67.18 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"nginx"
]
},
[kakaops@ansible ansible]$ sudo ansible web_server -i hosts -m yum -a "name=nginx state=latest"
Sunday 01 November 2020 19:12:27 +0800 (0:00:00.071) 0:00:00.071 *******
10.11.67.18 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"changes": {
"installed": [],
"updated": []
},
"msg": "",
"rc": 0,
"results": [
"All packages providing nginx are up to date",
""
]
}
[kakaops@ansible ansible]$ sudo ansible web_server -i hosts -m yum -a "name=nginx state=absent"
Sunday 01 November 2020 19:15:36 +0800 (0:00:00.064) 0:00:00.064 *******
10.11.67.19 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"removed": [
"nginx"
]
},
安装一个组包(组包名字用引号引起来,组名前面加@)
[kakaops@ansible ansible]$ sudo ansible 10.11.67.20 -i hosts -m yum -a "name='@Development Tools' state=present"
Sunday 01 November 2020 19:23:40 +0800 (0:00:00.063) 0:00:00.063 *******
10.11.67.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"@Development Tools"
]
},
管理远程节点上的 systemd 服务,就是由 systemd 所管理的服务。
常用参数
daemon_reload:重新载入 systemd,扫描新的或有变动的单元
enabled :是否开机自启动 yes|no
name:必选项,服务名称 ,比如 httpd vsftpd
state:对当前服务执行启动,停止、重启、重新加载等操作(started,stopped,restarted,reloaded)
重新加载 systemd
ansible 10.11.67.19 -i hosts -m systemd -a “daemon_reload=yes”
启动 Nginx 服务
ansible 10.11.67.19 -i hosts -m systemd -a “name=nginx state=started”
关闭 Nginx 服务
ansible 10.11.67.19 -i hosts -m systemd -a “name=nginx state=stopped”
重启 Nginx 服务
ansible 10.11.67.19 -i hosts -m systemd -a “name=nginx state=restarted”
重新加载 Nginx 服务
ansible 10.11.67.19 -m systemd -a “name=nginx state=reloaded”
将 Nginx 服务设置开机自启动
ansible 10.11.67.19 -m systemd -a “name=nginx enabled=yes”
[kakaops@ansible ansible]$ sudo ansible 10.11.67.19 -i hosts -m systemd -a "daemon_reload=yes"
Sunday 01 November 2020 19:31:45 +0800 (0:00:00.066) 0:00:00.066 *******
10.11.67.19 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"name": null,
"status": {}
}
[kakaops@ansible ansible]$ sudo ansible 10.11.67.19 -i hosts -m systemd -a "name=nginx state=started"
Sunday 01 November 2020 19:34:06 +0800 (0:00:00.064) 0:00:00.064 *******
10.11.67.19 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "nginx",
"state": "started",
"status": {
[kakaops@ansible ansible]$ sudo ansible 10.11.67.19 -i hosts -m systemd -a "name=nginx state=stopped"
Sunday 01 November 2020 19:36:22 +0800 (0:00:00.067) 0:00:00.067 *******
10.11.67.19 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "nginx",
"state": "stopped",
"status": {
[kakaops@ansible ansible]$ sudo ansible 10.11.67.19 -i hosts -m systemd -a "name=nginx state=restarted"
Sunday 01 November 2020 19:37:54 +0800 (0:00:00.063) 0:00:00.063 *******
10.11.67.19 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "nginx",
"state": "started",
"status": {
[kakaops@ansible ansible]$ sudo ansible 10.11.67.19 -m systemd -a "name=nginx state=reloaded"
Sunday 01 November 2020 19:39:22 +0800 (0:00:00.071) 0:00:00.071 *******
10.11.67.19 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "nginx",
"state": "started",
"status": {
[kakaops@ansible ansible]$ sudo ansible 10.11.67.19 -m systemd -a "name=nginx enabled=yes"
Sunday 01 November 2020 19:40:39 +0800 (0:00:00.062) 0:00:00.062 *******
10.11.67.19 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"enabled": true,
"name": "nginx",
"status": {
被管理节点上,对组进行管理
name :组名称, 必须的
system:是否为系统组, yes/no , 默认是 no
state:删除或这创建,present/absent ,默认是present
创建删除普通组db_admin
ansible all -i hosts -m group -a “name=db_admin state=present”
ansible all -i hosts -m group -a “name=db_admin state=absent”
创建删除系统组删除ka_admin
ansible all -i hosts -m group -a “name=ka_admin state=present system=yes”
ansible all -i hosts -m group -a “name=ka_admin state=absent”
\
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m group -a "name=db_admin state=present"
[sudo] kakaops 的密码:
Sunday 01 November 2020 19:45:58 +0800 (0:00:00.064) 0:00:00.064 *******
10.11.67.21 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 1011,
"name": "db_admin",
"state": "present",
"system": false
}
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m group -a "name=db_admin state=absent"
Sunday 01 November 2020 19:47:57 +0800 (0:00:00.068) 0:00:00.068 *******
10.11.67.21 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "db_admin",
"state": "absent"
}
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m group -a "name=ka_admin state=present system=yes"
Sunday 01 November 2020 19:50:21 +0800 (0:00:00.061) 0:00:00.061 *******
10.11.67.18 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 995,
"name": "ka_admin",
"state": "present",
"system": true
}
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m group -a "name=ka_admin state=absent"
Sunday 01 November 2020 19:51:37 +0800 (0:00:00.083) 0:00:00.083 *******
10.11.67.18 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "ka_admin",
"state": "absent"
}
用于在被管理节点上对用户进行管理。
常用参数
name:必须的参数, 指定用户名
password:设置用户的密码,这里接受的是一个加密的值,因为会直接存到 shadow, 默认不设置密码
update_password:假如设置的密码不同于原密码,则会更新密码
home:指定用户的家目录
shell:设置用户的登录shell /nologin
comment:用户的描述信息
create_home:创建用户时,是否创建其家目录。默认创建,假如不创建,设置为 no
group:设置用户的主组
groups:将用户加入到多个其他组中,多个用逗号隔开
默认会把用户从其他已经加入的组中删除
append: yes|no 和 groups 配合使用,yes 时,
不会把用户从其他已经加入的组中删除
system:设置为 yes 时,将会创建一个系统账号
expires:设置用户的过期时间,值为时间戳,会转为为天数后,放在 shadow 的第 8 个字段里
expires=$(date +%s -d 20200415)
expires 英 [ɪkˈspaɪəz] 美 [ɪkˈspaɪərz] v.(因到期而)失效,终止
generate_ssh_key:设置为 yes 将会为用户生成密钥,这不会覆盖原来的密钥
generate 英 [ˈdʒenəreɪt] 美 [ˈdʒenəreɪt] v.产生;引起
ssh_key_type:指定用户的密钥类型, 默认 rsa, 具体的类型取决于被管理节点
state:删除或添加用户, present 为添加,absent 为删除,默认值 present
remove,当与 state=absent 一起使用,删除一个用户及关联的目录,
比如家目录,邮箱目录。可选的值为: yes/no
创建kakaops用户,并且设置加密密码
pass= ( e c h o " 123456 " ∣ o p e n s s l p a s s w d − 1 − s t d i n ) a n s i b l e 10.11.67.20 − i h o s t s − m u s e r − a " n a m e = k a k a o p s s t a t e = p r e s e n t p a s s w o r d = (echo "123456" | openssl passwd -1 -stdin) ansible 10.11.67.20 -i hosts -m user -a "name=kakaops state=present password= (echo"123456"∣opensslpasswd−1−stdin) ansible10.11.67.20−ihosts−muser−a"name=kakaopsstate=presentpassword={pass}"
创建用户sunlizhen, 并且为其创建密钥对,并且密钥类型为: ecdsa
然后删除干净
ansible 10.11.67.20 -i hosts -m user -a “name=sunlizhen state=present generate_ssh_key=yes ssh_key_type=ecdsa”
ansible 10.11.67.20 -i hosts -m user -a “name=sunlizhen state=absent remove=yes”
创建chenzhiqing,设置有效时间到2022年04月09日,加入wheel组,不改变原有的组
ansible 10.11.67.20 -i hosts -m user -a “name=chenzhiqing state=present expires=$(date +%s -d 20200215) groups=wheel append=yes”
[kakaops@ansible ansible]$ sudo ansible 10.11.67.20 -i hosts -m user -a "name=kakaops state=present password=${pass}"
[sudo] kakaops 的密码:
Sunday 01 November 2020 20:16:32 +0800 (0:00:00.065) 0:00:00.065 *******
10.11.67.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1004,
"home": "/home/kakaops",
"name": "kakaops",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1004
[kakaops@ansible ansible]$ sudo ansible 10.11.67.20 -i hosts -m user -a "name=sunlizhen state=absent remove=yes"
Sunday 01 November 2020 20:25:42 +0800 (0:00:00.061) 0:00:00.061 *******
10.11.67.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "sunlizhen",
"remove": true,
"state": "absent"
}
[kakaops@ansible ansible]$ sudo ansible 10.11.67.20 -i hosts -m user -a "name=chenzhiqing state=present expires=$(date +%s -d 20200215) groups=wheel append=yes"
Sunday 01 November 2020 20:29:09 +0800 (0:00:00.065) 0:00:00.065 *******
10.11.67.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1005,
"groups": "wheel",
"home": "/home/chenzhiqing",
"name": "chenzhiqing",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1005
}
// 计算 3 小时之后是几点几分
# date +%T -d '3 hours'
// 任意日期的前 N 天,后 N 天的具体日期
# date +%F -d "20190910 1 day"
# date +%F -d "20190910 -1 day"
// 计算两个日期相差天数, 比如计算生日距离现在还有多少天
# d1=$(date +%s -d 20180728)
# d2=$(date +%s -d 20180726)
# echo $(((d1-d2)/86400))
file模块主要用于远程主机上的文件操作
常用参数
owner:定义文件/目录的属主
group:定义文件/目录的属组
mode:定义文件/目录的权限
path:必选项,定义文件/目录的路径
recurse 递归的设置文件的属性,只对目录有效
src:链接(软/硬)文件的源文件路径,只应用于state=link的情况
dest:链接文件的路径,只应用于state=link的情况
state(directory、file、link、hard、touch、absent)
- directory:如果目录不存在,创建目录
- file:文件不存在,则不会被创建,存在则返回文件的信息
常用于检查文件是否存在。
- link:创建软链接
- hard:创建硬链接
- touch:如果文件不存在,则会创建一个新的文件,如果文件或目录
已存在,则更新其最后修改时间
- absent:删除除目录、文件或者取消链接文件
硬链接文件直接删除,软连接文件取消链接,也相当于删除
创建一个文件
ansible all -i hosts -m file -a “path=/mnt/kakaops state=touch”
改变文件所有者及权限
ansible all -i hosts -m file -a “path=/mnt/kakaops owner=nobody group=nobody mode=777”
创建一个软连接
ansible all -i hosts -m file -a “src=/mnt/kakaops dest=/mnt/sunlizhen state=link”
创建一个目录
ansible all -i hosts -m file -a “path=/mnt/chenzhiqing state=directory”
取消一个连接
ansible all -i hosts -m file -a “path=/mnt/sunlizhen state=absent”
删除一个文件
ansible all -i hosts -m file -a “path=/mnt/kakaops state=absent”
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m file -a "path=/mnt/kakaops state=touch"
Sunday 01 November 2020 20:46:23 +0800 (0:00:00.062) 0:00:00.062 *******
10.11.67.21 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/mnt/kakaops",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m file -a "path=/mnt/kakaops owner=nobody group=nobody mode=777"
Sunday 01 November 2020 20:48:27 +0800 (0:00:00.069) 0:00:00.069 *******
10.11.67.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 99,
"group": "nobody",
"mode": "0777",
"owner": "nobody",
"path": "/mnt/kakaops",
"size": 0,
"state": "file",
"uid": 99
}
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m file -a "src=/mnt/kakaops dest=/mnt/sunlizhen state=link"
Sunday 01 November 2020 20:50:13 +0800 (0:00:00.061) 0:00:00.061 *******
10.11.67.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/mnt/sunlizhen",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 12,
"src": "/mnt/kakaops",
"state": "link",
"uid": 0
}
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m file -a "path=/mnt/chenzhiqing state=directory"
Sunday 01 November 2020 20:52:21 +0800 (0:00:00.063) 0:00:00.063 *******
10.11.67.21 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/mnt/chenzhiqing",
"size": 6,
"state": "directory",
"uid": 0
}
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m file -a "path=/mnt/sunlizhen state=absent"
Sunday 01 November 2020 20:54:03 +0800 (0:00:00.062) 0:00:00.062 *******
10.11.67.21 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/mnt/sunlizhen",
"state": "absent"
}
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m file -a "path=/mnt/kakaops state=absent"
Sunday 01 November 2020 20:55:27 +0800 (0:00:00.061) 0:00:00.061 *******
10.11.67.18 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/mnt/kakaops",
"state": "absent"
}
管理远程节点的CRON 服务。等同于Linux 中的 计划任务
注意:使用 Ansible 创建的计划任务,是不能使用本地
crontab -e去编辑,否则 Ansible 无法再次操作此计划任务了
常用参数
name:指定一个cron job 的名字。一定要指定,便于日之后删除
minute:指定分钟,可以设置成(0-59, *, */2 等)格式。 默认是 * , 也就是每分钟
hour:指定小时,可以设置成(0-23, *, */2 等)格式。 默认是 * , 也就是每小时
day:指定天, 可以设置成(1-31, *, */2 等)格式。 默认是 * , 也就是每天
month:指定月份, 可以设置成(1-12, *, */2 等)格式。 默认是 * , 也就是每周
weekday:指定星期, 可以设置成(0-6 for Sunday-Saturday, * 等)格式。默认是 *,也就是每星期
job:指定要执行的内容,通常可以写个脚本,或者一段内容
state:指定这个job的状态,可以是新增(present)或者是删除(absent)。 默认为新增(present)
创建一个计划任务
ansible 10.11.67.20 -i hosts -m cron -a “name=‘my-job1’ minute=2 hour=3 day=8 month=10 weekday=0 job=‘touch /mnt/sun’ state=present”
根据名字删除计划任务
ansible 10.11.67.20 -i hosts -m cron -a “name=my-job1 state=absent”
[kakaops@ansible ansible]$ sudo ansible 10.11.67.20 -i hosts -m cron -a "name=my-job1 state=absent"
Sunday 01 November 2020 21:09:16 +0800 (0:00:00.061) 0:00:00.061 *******
10.11.67.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
debug 模块主要用于调试时使用,通常的作用是将一个变量的值给打印出来。
常用参数(-e传递参数)
var:直接打印一个指定的变量值
msg:打印一段可以格式化的字符串
字符串里面的变量用{{ }}括起来
如果没有-e传递参数,执行命令后会报参数没有定义
ansible all -i hosts -m debug -a “var=sun”
“sun”: “VARIABLE IS NOT DEFINED!”
ansible all -i hosts -m debug -a “var=sun” -e “sun=kakaops”
“sun”: “kakaops”
ansible all -i hosts -m debug -a “msg=‘role is {{role}}’” -e “role=sunlizhen”
“msg”: “role is sunlizhen”
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m debug -a "var=sun"
Sunday 01 November 2020 21:13:29 +0800 (0:00:00.064) 0:00:00.064 *******
10.11.67.21 | SUCCESS => {
"sun": "VARIABLE IS NOT DEFINED!"
}
10.11.67.20 | SUCCESS => {
"sun": "VARIABLE IS NOT DEFINED!"
}
10.11.67.18 | SUCCESS => {
"sun": "VARIABLE IS NOT DEFINED!"
}
10.11.67.19 | SUCCESS => {
"sun": "VARIABLE IS NOT DEFINED!"
}
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m debug -a "var=sun" -e "sun=kakaops"
Sunday 01 November 2020 21:13:53 +0800 (0:00:00.063) 0:00:00.063 *******
10.11.67.21 | SUCCESS => {
"sun": "kakaops"
}
10.11.67.19 | SUCCESS => {
"sun": "kakaops"
}
10.11.67.20 | SUCCESS => {
"sun": "kakaops"
}
10.11.67.18 | SUCCESS => {
"sun": "kakaops"
}
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m debug -a "msg='role is {{role}}'" -e "role=sunlizhen"
Sunday 01 November 2020 21:19:43 +0800 (0:00:00.061) 0:00:00.061 *******
10.11.67.21 | SUCCESS => {
"msg": "role is sunlizhen"
}
[WARNING]: Failure using method (v2_runner_on_ok) in callback plugin
(<ansible.plugins.callback.mysql_plays.CallbackModule object at
0x7ff8413013d0>): (2003, "Can't connect to MySQL server on u'server-2' ([Errno
-2] Name or service not known)")
10.11.67.18 | SUCCESS => {
"msg": "role is sunlizhen"
}
10.11.67.20 | SUCCESS => {
"msg": "role is sunlizhen"
}
10.11.67.19 | SUCCESS => {
"msg": "role is sunlizhen"
}
template 模块使用了Jinjia2格式作为文件模版,可以进行文档内变量的替换。文件以 .j2 结尾
常用参数
src:指定 Ansible 控制端的文件路径这里是引用
dest:指定 Ansible 被控端的文件路径
owner:指定文件的属主
group:指定文件的属组
mode:指定文件的权限
backup:创建一个包含时间戳信息的备份文件,这样如果您以某种方式错误地破坏了原始文件, 就可以将其恢复原状。yes/no
用法其实和 copy 模块基本一样
template 模块的强大之处就是使用变量替换,就是可以把传递给 Ansible 的变量的值替换到模板文件中
1、建立一个 template 文件, 名为 hello_world.j2
cat hello_world.j2
Hello {{var}} !
2、执行命令,并且设置变量 var 的值为 world
ansible all -i hosts -m template -a “src=./hello_world.j2 dest=/opt/kakaops backup=yes” -e “var=world”
3、在被控主机上验证
cat /tmp/hello_world.world
Hello world !
[kakaops@ansible ansible]$ sudo ansible all -i hosts -m template -a "src=./hello_world.j2 dest=/opt/kakaops backup=yes" -e "var=world"
\Sunday 01 November 2020 21:29:15 +0800 (0:00:00.062) 0:00:00.062 *******
10.11.67.21 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "22596363b3de40b06f981fb85d82312e8c0ed511",
"dest": "/opt/kakaops",
"gid": 0,
"group": "root",
"md5sum": "6f5902ac237024bdd0c176cb93063dc4",
"mode": "0644",
"owner": "root",
"size": 12,
"src": "/root/.ansible/tmp/ansible-tmp-1604237355.12-1977-218132888014363/source",
"state": "file",
"uid": 0
}
在被管理节点上,用正则匹配的方式对目标文件的一行内容修改删除等操作。
如果是在一个文件中把所有匹配到的多行都进行统一处理,请参考replace模块
如果想对一个文件进行一次性添加/更新/删除多行内容等操作,参考blockinfile模块
常用参数
path:被管理节点的目标文件路径, 必须
state:可选值absent 删除 present 替换(默认值)
regexp:在文件的每一行中查找的正则表达式
对于 state=present ,仅找到的最后一行将被替换。
line 要在文件中插入/替换的行。需要state=present
line参数插入,默认插入到最后一行
create 文件不存在时,是否要创建文件并添加内容。yes/no
删除被控节点文件里的某一条内容
ansible 10.11.67.21 -i hosts -m lineinfile -a “path=/etc/sudoers regexp=’^%wheel’ state=absent”
替换某一行
ansible 10.11.67.21 -i hosts -m lineinfile -a “path=/etc/selinux/config regexp=’^SELINUX’ line=‘SELINUX=disabled’ state=present”
[kakaops@ansible ansible]$ sudo ansible 10.11.67.21 -i hosts -m lineinfile -a "path=/etc/sudoers regexp='^%wheel' state=absent"
Sunday 01 November 2020 21:41:25 +0800 (0:00:00.061) 0:00:00.061 *******
10.11.67.21 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"found": 1,
"msg": "1 line(s) removed"
}
[kakaops@ansible ansible]$ sudo ansible 10.11.67.21 -i hosts -m lineinfile -a "path=/etc/selinux/config regexp='^SELINUX' line='SELINUX=disabled' state=present"
Sunday 01 November 2020 21:45:39 +0800 (0:00:00.061) 0:00:00.061 *******
10.11.67.21 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
对目标文件进行多行的添加/更新/删除操作。
常用参数
path:目标文件路径
block:文件中被操作的块内容
state:块内容如何处理,absent 删除, present 添加/更新(默认值)
向文件/mnt/kakaops的最后添加几行内容
sunlizhen
chenzhiqing
ansible 10.11.67.20 -i hosts -m blockinfile -a “path=/mnt/kakaops block=sunlizhen\nchenzhiqing”
[root@serverb ~]# cat /mnt/kakaops
hahahahahaha
# BEGIN ANSIBLE MANAGED BLOCK
sunlizhen
chenzhiqing
# END ANSIBLE MANAGED BLOCK
更新之前的内容
ansible 10.11.67.20 -i hosts -m blockinfile -a “path=/mnt/kakaops block=‘kakaops’”
[root@serverb ~]# cat /mnt/kakaops
hahahahahaha
# BEGIN ANSIBLE MANAGED BLOCK
kakaops
# END ANSIBLE MANAGED BLOCK
删除文件中的连续出现几行内容
ansible 10.11.67.20 -i hosts -m blockinfile -a “path=/mnt/kakaops block=kakaops state=absent”
[root@serverb ~]# cat /mnt/kakaops
hahahahahaha
也就是说:blockinfile就是在被控主机上的文件最后加入ansible block块
在这个block块里进行操作
[kakaops@ansible ansible]$ sudo ansible 10.11.67.20 -i hosts -m blockinfile -a "path=/mnt/kakaops block=sunlizhen\nchenzhiqing"
[sudo] kakaops 的密码:
Sunday 01 November 2020 22:02:15 +0800 (0:00:00.071) 0:00:00.071 *******
10.11.67.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "Block inserted"
}
[kakaops@ansible ansible]$ sudo ansible 10.11.67.20 -i hosts -m blockinfile -a "path=/mnt/kakaops block='kakaops'"
Sunday 01 November 2020 23:03:59 +0800 (0:00:00.062) 0:00:00.062 *******
10.11.67.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "Block inserted"
}
[kakaops@ansible ansible]$ sudo ansible 10.11.67.20 -i hosts -m blockinfile -a "path=/mnt/kakaops block=kakaops state=absent"
Sunday 01 November 2020 23:06:51 +0800 (0:00:00.062) 0:00:00.062 *******
10.11.67.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "Block removed"
}
该模块主要用于收集信息,是通过调用facts组件来实现的。
facts组件是Ansible用于采集被管机器设备信息的一个功能,我们可以使用setup模块查机器的所有facts信息,可以使用filter来查看指定信息。整个facts信息被包装在一个JSON格式的数据结构中,ansible_facts是最上层的值。facts就是变量,内建变量 。每个主机的各种信息,cpu颗数、内存大小等。会存在facts中的某个变量中。调用后返回很多对应主机的信息,在后面的操作中可以根据不同的信息来做不同的操作。如redhat系列用yum安装,而debian系列用apt来安装软件
setup模块用filter(滤波器)查看facts变量
ansible 10.11.67.19 -i hosts -m setup -a “filter=‘mem’”
[kakaops@ansible ansible]$ sudo ansible 10.11.67.19 -i hosts -m setup -a "filter='*mem*'"
[sudo] kakaops 的密码:
Monday 02 November 2020 19:28:07 +0800 (0:00:00.992) 0:00:00.992 *******
10.11.67.19 | SUCCESS => {
"ansible_facts": {
"ansible_memfree_mb": 672,
"ansible_memory_mb": {
"nocache": {
"free": 816,
"used": 160
},
"real": {
"free": 672,
"total": 976,
"used": 304
},
"swap": {
"cached": 0,
"free": 0,
"total": 0,
"used": 0
}
},
"ansible_memtotal_mb": 976,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
功能2:保存信息,可以保存我们所筛选的信息至我们的主机上
同时,文件名为我们被管制的主机的IP,这样方便我们知道是哪台机器出的问题
ansible 10.11.67.19 -i hosts -m setup -a “filter=‘mem’” --tree /mnt/facts
[kakaops@ansible ansible]$ sudo ansible 10.11.67.19 -i hosts -m setup -a "filter='*mem*'" --tree /mnt/facts
[sudo] kakaops 的密码:
Monday 02 November 2020 19:33:32 +0800 (0:00:00.061) 0:00:00.061 *******
10.11.67.19 | SUCCESS => {
"ansible_facts": {
"ansible_memfree_mb": 668,
"ansible_memory_mb": {
"nocache": {
"free": 816,
"used": 160
},
"real": {
"free": 668,
"total": 976,
"used": 308
},
"swap": {
"cached": 0,
"free": 0,
"total": 0,
"used": 0
}
},
"ansible_memtotal_mb": 976,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
[WARNING]: Failure using method (v2_runner_on_ok) in callback plugin
(<ansible.plugins.callback.mysql_plays.CallbackModule object at
0x7efd2cd6a390>): (2003, "Can't connect to MySQL server on u'server-2' ([Errno
-2] Name or service not known)")
Monday 02 November 2020 19:33:39 +0800 (0:00:06.963) 0:00:07.025 *******
===============================================================================
setup ------------------------------------------------------------------- 6.96s
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
total ------------------------------------------------------------------- 6.96s
Playbook run took 0 days, 0 hours, 0 minutes, 7 seconds
[kakaops@ansible ansible]$ cd /mnt/facts/
[kakaops@ansible facts]$ ls
10.11.67.19
[kakaops@ansible facts]$ cat 10.11.67.19
{"ansible_facts": {"ansible_memfree_mb": 668, "ansible_memory_mb": {"nocache": {"free": 816, "used": 160}, "real": {"free": 668, "total": 976, "used": 308}, "swap": {"cached": 0, "free": 0, "total": 0, "used": 0}}, "ansible_memtotal_mb": 976, "discovered_interpreter_python": "/usr/bin/python"}, "changed": false}[kakaops@ansible facts]$
[kakaops@ansible facts]$
[kakaops@ansible facts]$
用于将文件或软件从http、https或ftp下载到本地节点上
dest:指定将文件下载的远程绝对路径(目录需要存在)—必须
url:文件的下载地址(网址)—必须
url_username:用于http基本认证的用户名
url_password:用于http基本认证的密码
validate_certs: 如果否,SSL证书将不会验证。这只应在使用自签名证书的个人控制站点上使用
owner:指定属主
group:指定属组
mode:指定权限
ansible 10.11.67.19 -i hosts -m file -a “path=/opt/koko state=directory”
ansible 10.11.67.19 -i hosts -m get_url -a “url=ftp://10.11.67.31/test.py dest=/opt/koko”
[kakaops@ansible ansible]$ sudo ansible 10.11.67.19 -i hosts -m shell -a "rm -rvf /opt/*"
Monday 02 November 2020 19:49:14 +0800 (0:00:00.579) 0:00:00.579 *******
[WARNING]: Consider using the file module with state=absent rather than running
'rm'. If you need to use command because file is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
10.11.67.19 | CHANGED | rc=0 >>
已删除"/opt/test.py"
[WARNING]: Failure using method (v2_runner_on_ok) in callback plugin
(<ansible.plugins.callback.mysql_plays.CallbackModule object at
0x7f55cc8603d0>): (2003, "Can't connect to MySQL server on u'server-2' ([Errno
-2] Name or service not known)")
Monday 02 November 2020 19:49:15 +0800 (0:00:01.070) 0:00:01.650 *******
===============================================================================
shell ------------------------------------------------------------------- 1.07s
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
total ------------------------------------------------------------------- 1.07s
Playbook run took 0 days, 0 hours, 0 minutes, 1 seconds
[kakaops@ansible ansible]$ sudo an
anaconda ansible-galaxy
anaconda-cleanup ansible-galaxy-2
anaconda-disable-nm-ibft-plugin ansible-galaxy-2.7
anacron ansible-inventory
analog ansible-playbook
animalsay ansible-playbook-2
animate ansible-playbook-2.7
annotate-output ansible-pull
ansible ansible-pull-2
ansible-2 ansible-pull-2.7
ansible-2.7 ansible-test
ansible-config ansible-vault
ansible-connection ansible-vault-2
ansible-console ansible-vault-2.7
ansible-console-2 ant
ansible-console-2.7 antlr
ansible-doc antRun
ansible-doc-2 antRun.pl
ansible-doc-2.7
[kakaops@ansible ansible]$ sudo ansible 10.11.67.19 -i hosts -m file -a "path=/opt/koko state=directory"
Monday 02 November 2020 19:50:44 +0800 (0:00:00.071) 0:00:00.071 *******
10.11.67.19 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/opt/koko",
"size": 6,
"state": "directory",
"uid": 0
}
[WARNING]: Failure using method (v2_runner_on_ok) in callback plugin
(<ansible.plugins.callback.mysql_plays.CallbackModule object at
0x7f8306b11350>): (2003, "Can't connect to MySQL server on u'server-2' ([Errno
-2] Name or service not known)")
Monday 02 November 2020 19:50:45 +0800 (0:00:01.040) 0:00:01.112 *******
===============================================================================
file -------------------------------------------------------------------- 1.04s
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
total ------------------------------------------------------------------- 1.04s
Playbook run took 0 days, 0 hours, 0 minutes, 1 seconds
[kakaops@ansible ansible]$ sudo ansible 10.11.67.19 -i hosts -m get_url -a "url=ftp://10.11.67.31/test.py dest=/opt/koko"
Monday 02 November 2020 19:51:53 +0800 (0:00:00.072) 0:00:00.072 *******
10.11.67.19 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum_dest": null,
"checksum_src": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/opt/koko/test.py",
"elapsed": 0,
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"msg": "OK (0 bytes)",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1604317913.63-12512-215125862920696/tmphaSZ8I",
"state": "file",
"status_code": null,
"uid": 0,
"url": "ftp://10.11.67.31/test.py"
}
[WARNING]: Failure using method (v2_runner_on_ok) in callback plugin
(<ansible.plugins.callback.mysql_plays.CallbackModule object at
0x7fad14610350>): (2003, "Can't connect to MySQL server on u'server-2' ([Errno
-2] Name or service not known)")
Monday 02 November 2020 19:51:54 +0800 (0:00:01.295) 0:00:01.368 *******
===============================================================================
get_url ----------------------------------------------------------------- 1.30s
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
total ------------------------------------------------------------------- 1.30s
Playbook run took 0 days, 0 hours, 0 minutes, 1 seconds
检查文件或文件系统的状态
注意:对于Windows目标,请改用win_stat模块
参数:
path:文件/对象的完整路径(必须)
ansible 10.11.67.19 -i hosts -m stat -a “path=/opt/koko/test.py”
常用的返回值判断:
exists: 判断是否存在
isuid: 调用用户的ID与所有者ID是否匹配
[kakaops@ansible ansible]$ sudo ansible 10.11.67.19 -i hosts -m stat -a "path=/mnt/koko/test.py"
Monday 02 November 2020 19:57:49 +0800 (0:00:00.062) 0:00:00.062 *******
10.11.67.19 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"stat": {
"exists": false
}
}
[WARNING]: Failure using method (v2_runner_on_ok) in callback plugin
(<ansible.plugins.callback.mysql_plays.CallbackModule object at
0x7f7a5ecd4390>): (2003, "Can't connect to MySQL server on u'server-2' ([Errno
-2] Name or service not known)")
Monday 02 November 2020 19:57:50 +0800 (0:00:00.903) 0:00:00.965 *******
===============================================================================
stat -------------------------------------------------------------------- 0.90s
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
total ------------------------------------------------------------------- 0.90s
Playbook run took 0 days, 0 hours, 0 minutes, 0 seconds
[kakaops@ansible ansible]$ sudo ansible 10.11.67.19 -i hosts -m stat -a "path=/opt/koko/test.py"
Monday 02 November 2020 19:58:21 +0800 (0:00:00.064) 0:00:00.064 *******
10.11.67.19 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"stat": {
"atime": 1604317912.957131,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 0,
"charset": "binary",
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"ctime": 1604317912.957131,
"dev": 64768,
"device_type": 0,
"executable": false,
"exists": true,
"gid": 0,
"gr_name": "root",
"inode": 51029999,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mimetype": "inode/x-empty",
"mode": "0644",
"mtime": 1604317912.954131,
"nlink": 1,
"path": "/opt/koko/test.py",
"pw_name": "root",
"readable": true,
"rgrp": true,
"roth": true,
"rusr": true,
"size": 0,
"uid": 0,
"version": "18446744072110931985",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
}
}
[WARNING]: Failure using method (v2_runner_on_ok) in callback plugin
(<ansible.plugins.callback.mysql_plays.CallbackModule object at
0x7f8b1e189390>): (2003, "Can't connect to MySQL server on u'server-2' ([Errno
-2] Name or service not known)")
Monday 02 November 2020 19:58:22 +0800 (0:00:00.889) 0:00:00.954 *******
===============================================================================
stat -------------------------------------------------------------------- 0.89s
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
用途:从本地机器上复制存档后,将其解包。
该unarchive模块将解压缩一个存档。
默认情况下,它将在解包之前将源文件从本地系统复制到目标。
设置remote_src=yes为解包目标上已经存在的档案。
对于Windows目标,请改用win_unzip模块。
常用选项:
src:指定本地主机的源压缩文件
dest:远程绝对路径,档案应该被解压缩
exec:列出需要排除的目录和文件
creates:一个文件名,当它已经存在时,这个步骤将不会被运行。
ansible 10.11.67.19 -i hosts -m unarchive -a “src=./kakaops.tar.gz dest=/opt/koko”
传递到远程主机之后,不出所料,又是一个套娃文件
[kakaops@ansible ansible]$ sudo ansible 10.11.67.19 -i hosts -m unarchive -a "src=./kakaops.tar.gz dest=/opt/koko"
Monday 02 November 2020 20:08:06 +0800 (0:00:00.125) 0:00:00.125 *******
10.11.67.19 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/koko",
"extract_results": {
"cmd": [
"/usr/bin/gtar",
"--extract",
"-C",
"/opt/koko",
"-z",
"-f",
"/root/.ansible/tmp/ansible-tmp-1604318886.57-22110-270463387525506/source"
],
"err": "",
"out": "",
"rc": 0
},
"gid": 0,
"group": "root",
"handler": "TgzArchive",
"mode": "0755",
"owner": "root",
"size": 32,
"src": "/root/.ansible/tmp/ansible-tmp-1604318886.57-22110-270463387525506/source",
"state": "directory",
"uid": 0
}
[WARNING]: Failure using method (v2_runner_on_ok) in callback plugin
(<ansible.plugins.callback.mysql_plays.CallbackModule object at
0x7fc9791cb350>): (2003, "Can't connect to MySQL server on u'server-2' ([Errno
-2] Name or service not known)")
Monday 02 November 2020 20:08:08 +0800 (0:00:01.796) 0:00:01.922 *******
===============================================================================
unarchive --------------------------------------------------------------- 1.80s