注意:编写yaml文件时,一定要注意文件的格式,必须严格按照以下格式执行,错一个都不行
此工具用于执行编写好的 playbook 任务
[root@instance-gvpb80ao ~]# cat hello.yaml
- hosts: public(public代表分组名)
remote_user: root
gather_facts: no
tasks:
- name: hello world
shell: echo "Hello world" > /root/1.txt
[root@instance-gvpb80ao ~]# ansible-playbook hello.yaml
PLAY [web] *********************************************************************************************************
TASK [hello world] *************************************************************************************************
changed: [172.16.1.9]
PLAY RECAP *********************************************************************************************************
172.16.1.9 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
此工具可以用于加密解密yml文件。
格式
ansible-vault [create|decrypt|edit|encrypt|rekey|view]
范例
ansible-vault encrypt hello.yml #加密
[root@instance-gvpb80ao ~]# ansible-vault encrypt hello.yaml
New Vault password:
Confirm New Vault password:
Encryption successful
[root@instance-gvpb80ao ~]# cat hello.yaml
$ANSIBLE_VAULT;1.1;AES256
32613137393965313332353065366264303763323230323766366261636430376661373038626432
3732623762313131316565386338633635613530653736640a363462373930396562343565653936
34333035633365343063303966386264343366383839333439643961383438316537616666353931
3234323937363565660a303931313032346134393534653662363266613563386633613537313664
37313434333764656637623761346662656238393631323230326366396364613138623430663063
34396532646266336136333566313164656232366336653932396634643565366266666464623631
65366163343764613166336430613564306633333331343166343236323834343631613438333865
30346430363465356562643932653766636230383137346332323064636236616532333432353432
62373435386162613961376134643237366461653734626664353737363432323761366263336461
36323537633837316664306439303534343536373162333537646462303864323233303436643839
336130356436613230633231623035633536
ansible-vault decrypt hello.yml #解密
[root@instance-gvpb80ao ~]# ansible-vault decrypt hello.yaml
Vault password:
Decryption successful
[root@instance-gvpb80ao ~]# cat hello.yaml
- hosts: public
remote_user: root
gather_facts: no
tasks:
- name: hello world
command: echo "Hello Chenyang" > /root/123456
ansible-vault view hello.yml #查看
[root@instance-gvpb80ao ~]# ansible-vault view hello.yaml
Vault password:
- hosts: public
remote_user: root
gather_facts: no
tasks:
- name: hello world
command: echo "Hello Chenyang" > /root/123456
ansible-vault edit hello.yml #编辑加密文件
[root@instance-gvpb80ao ~]# ansible-vault edit hello.yaml
Vault password:
[root@instance-gvpb80ao ~]# cat hello.yaml
$ANSIBLE_VAULT;1.1;AES256
32623539636538376665373330626334643538306161613462393334656633613030663634396334
6266386165643361323137343161313536643038393661650a623861366330343135623365623336
37323064623562316162613034636232333535366637613461396434363938643532616133643836
3766343533616637650a313737316262366233396433353030393262633366333939636537316165
65623861643233353939653430623334323138366435326234353638666635373132616162666332
36643834313263393237323232323537633933313430323530343032313637643332653862326465
66333438303737663463386363383034343135643431316634363737376265336366363764656437
66666333316466313161333061383930376562366631643962386462353535363535333461353035
62376463663630383465666662616139636631626334373564346131363531636439386431623666
3933393266353638346232366666313137653962356130373739
ansible-vault rekey hello.yml #修改口令
[root@instance-gvpb80ao ~]# ansible-vault rekey hello.yaml
Vault password:
New Vault password:
Confirm New Vault password:
Rekey successful
ansible-vault create new.yml #创建新文件
[root@instance-gvpb80ao ~]# ansible-vault create abc.yaml
New Vault password:
Confirm New Vault password:
[root@instance-gvpb80ao ~]# cat abc.yaml
$ANSIBLE_VAULT;1.1;AES256
32653230653437313566623734666166346632613366373732346533396130396132323433653238
6139333135386637303939306437306637303837663361650a653466663938313032613330653636
66346639613937333939393036336334396234616139633066386330343831333439643039353436
6134313033616235390a353362643562633763303063313264633435306635643965356636303964
6430
此工具可交互执行命令,支持tab,ansible 2.0+新增
提示符格式
执行用户@当前操作的主机组 (当前组的主机数量)[f:并发数]$
常用子命令
设置并发数: forks n 例如: forks 10
切换组: cd 主机组 例如: cd web
列出当前组主机列表: list
列出所有的内置命令: ?或help
范例:
[root@instance-gvpb80ao ~]# ansible-console
Welcome to the ansible console.
Type help or ? to list commands.
root@all (2)[f:5]$ ping
172.16.0.4 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
106.13.81.75 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
root@all (2)[f:5]$ list
106.13.81.75
172.16.0.4
此工具会连接 https://galaxy.ansible.com 下载相应的roles
#查看列表
[root@instance-gvpb80ao ~]# ansible-galaxy list
#/root/.ansible/roles
- geerlingguy.nginx, 3.0.0
#/usr/share/ansible/roles
#/etc/ansible/roles
#下载nginx roles
[root@instance-gvpb80ao ~]# ansible-galaxy install geerlingguy.nginx
- downloading role 'nginx', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-nginx/archive/3.0.0.tar.gz
- extracting geerlingguy.nginx to /root/.ansible/roles/geerlingguy.nginx
- geerlingguy.nginx (3.0.0) was installed successfully
#删除
[root@instance-gvpb80ao ~]# ansible-galaxy remove geerlingguy.nginx
- successfully removed geerlingguy.nginx
Ansible模块(一)
2015年底270多个模块,2016年达到540个,2018年01月12日有1378个模块,2018年07月15日1852个模块,2019年05月25日(ansible 2.7.10)时2080个模块,2020年03月02日有3387个模块。虽然模块众多,但最常用的模块也就20~30个而已,针对特定业务只用10几个模块。
常用模块帮助文档参考:
https://docs.ansible.com/ansible/2.9/modules/modules_by_category.html
https://docs.ansible.com/ansible/2.9/modules/list_of_all_modules.html
https://docs.ansible.com/ansible/latest/modules/list_of_all_modules.html
https://docs.ansible.com/ansible/latest/modules/modules_by_category.html
command模块是Ansible中的默认模块,
功能:在远程主机执行命令,此为默认模块,可忽略-m选项
注意:此命令不支持 $VARNAME < > | ; &(特殊字符,变量) 等,用shell模块实现
[root@instance-gvpb80ao ~]# ansible all -a 'hostname'
106.13.81.75 | CHANGED | rc=0 >>
instance-gvpb80ao.novalocal
172.16.0.4 | CHANGED | rc=0 >>
instance-gvpb80ao.novalocal
[root@instance-gvpb80ao ~]# ansible public -m command -a 'ls /root'
106.13.81.75 | CHANGED | rc=0 >>
abc.yaml
hello.yaml
hosts.list
open-user-crt.sh
push_ssh_key.sh
功能:和command相似,用shell执行命令,支持各种符号,变量等,比如:*,$, >
范例:
[root@instance-gvpb80ao ~]# ansible all -m shell -a "echo $HOSTNAME"
106.13.81.75 | CHANGED | rc=0 >>
instance-gvpb80ao.novalocal
172.16.0.4 | CHANGED | rc=0 >>
instance-gvpb80ao.novalocal
注意:调用bash执行命令 类似 cat /tmp/test.md | awk -F'|' '{print $1,$2}' &> /tmp/example.txt 这些复杂命令,即使使用shell也可能会失败。
解决办法:将复杂命令写到脚本中,copy到远程,再在自己主机上操作远端的机器执行脚本,就能得到结果。
将shell模块代替command,设为默认模块
[root@instance-gvpb80ao ~]# vim /etc/ansible/ansible.cfg
module_name = shell
功能:远程主机执行ansible服务器上的脚本(无需执行权限)
注意:脚本必须必须必须在本地ansible机器上
[root@instance-gvpb80ao ~]# ansible public -m script -a /root/test.sh
106.13.81.75 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 106.13.81.75 closed.\r\n",
"stderr_lines": [
"Shared connection to 106.13.81.75 closed."
],
"stdout": "",
"stdout_lines": []
}
[root@instance-gvpb80ao ~]# cat date.txt
Wed May 19 16:05:10 CST 2021
功能:从ansible服务器主控端复制文件到远程主机
参数
参数 | 解释 |
---|---|
src | 用于指定需要copy的文件或目录。 |
dest | 用于指定文件将被拷贝到远程主机的哪个目录中,dest为必须参数。 |
content | 当不使用src指定拷贝的文件时,可以使用content直接指定文件内容,src与content两个参数必有其一,否则会报错。 |
force | 当远程主机的目标路径中已经存在同名文件,并且与ansible主机中的文件内容不同时,是否强制覆盖,可选值有yes和no,默认值为yes,表示覆盖,如果设置为no,则不会执行覆盖拷贝操作,远程主机中的文件保持不变。 |
backup | 当远程主机的目标路径中已经存在同名文件,并且与ansible主机中的文件内容不同时,是否对远程主机的文件进行备份,可选值有yes和no,当设置为yes时,会先备份远程主机中的文件,然后再将ansible主机中的文件拷贝到远程主机。 |
owner | 指定文件拷贝到远程主机后的属主,但是远程主机上必须有对应的用户,否则会报错。 |
group | 指定文件拷贝到远程主机后的属组,但是远程主机上必须有对应的组,否则会报错。 |
mode | 指定文件拷贝到远程主机后的权限,如果你想将权限设置为”rw-r–r--“,则可以使用mode=0644表示,如果你想要在user对应的权限位上添加执行权限,则可以使用mode=u+x表示。 |
范例1:将本机的push_ssh_key.sh复制到远程的/tmp目录,用户为shanhe,权限为600
[root@instance-gvpb80ao ~]# ansible public -m copy -a “src=push_ssh_key.sh dest=/tmp owner=shanhe mode=600”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“checksum”: “0b836bbe30e61896040525bee00ffee867f4a08c”,
“dest”: “/tmp/push_ssh_key.sh”,
“gid”: 0,
“group”: “root”,
“md5sum”: “410a687367c54811ff9ce34791319e0c”,
“mode”: “0600”,
“owner”: “shanhe”,
“size”: 264,
“src”: “/root/.ansible/tmp/ansible-tmp-1621494824.72-317-250283194147221/source”,
“state”: “file”,
“uid”: 1001
}
[root@instance-gvpb80ao ~]# ll /tmp/push_ssh_key.sh
-rw------- 1 shanhe root 264 May 20 15:13 /tmp/push_ssh_
范例2:将本机test.sh复制到远程,并备份。
[root@instance-gvpb80ao ~]# ansible 172* -m copy -a “src=test.sh dest=/tmp/push_ssh_key.sh backup=yes”
172.16.0.4 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“backup_file”: “/tmp/push_ssh_key.sh.2054.2021-05-20@15:18:31~”,
“changed”: true,
“checksum”: “488c35d2c33b1e4cef55ff0d85cab928e68f3330”,
“dest”: “/tmp/push_ssh_key.sh”,
“gid”: 0,
“group”: “root”,
“md5sum”: “1adcefd1e3aea3dbd54f0da29e586732”,
“mode”: “0600”,
“owner”: “shanhe”,
“size”: 43,
“src”: “/root/.ansible/tmp/ansible-tmp-1621495109.9-1879-108678135537148/source”,
“state”: “file”,
“uid”: 1001
}
[root@instance-gvpb80ao ~]# ll /tmp/
total 2844
-rw------- 1 shanhe root 43 May 20 15:18 push_ssh_key.sh
-rw------- 1 shanhe root 264 May 20 15:13 pus
功能:从远程主机提取文件至ansible的主控端,copy相反,目前不支持目录
参数 解释
参数 | 解释 |
---|---|
src | (必需)要获取的远程系统上的文件。 |
dest | (必需)要将文件保存到的目录。 |
fail_on_missing | 当设置为 True 或 yes ,如果由于不明因素导致从远程主机中不能读取到该文件,则会显示 fail |
validate_checksum | 当文件fetch之后进行md5检查 |
Flat | 允许覆盖默认行为从hostname/path到/file的,如果dest以/结尾,它将使用源文件的基础名称 |
范例1
[root@instance-gvpb80ao ~]# ansible public -m fetch -a "src=/tmp/push_ssh_key.sh dest=shanhe.sh "
106.13.81.75 | CHANGED => {
“changed”: true,
“checksum”: “488c35d2c33b1e4cef55ff0d85cab928e68f3330”,
“dest”: “/root/shanhe.sh/106.13.81.75/tmp/push_ssh_key.sh”,
“md5sum”: “1adcefd1e3aea3dbd54f0da29e586732”,
“remote_checksum”: “488c35d2c33b1e4cef55ff0d85cab928e68f3330”,
“remote_md5sum”: null
}
[root@instance-gvpb80ao ~]# tree shanhe.sh
/root/shanhe.sh/
└── 106.13.81.75
└── tmp
└── push_ssh_key.sh
2 directories, 1 file
范例2
[root@instance-gvpb80ao /]# ansible public -m fetch -a “src=/tmp/push_ssh_key.sh dest=/opt validate_checksum=yes”
106.13.81.75 | CHANGED => {
“changed”: true,
“checksum”: “488c35d2c33b1e4cef55ff0d85cab928e68f3330”,
“dest”: “/opt/106.13.81.75/tmp/push_ssh_key.sh”,
“md5sum”: “1adcefd1e3aea3dbd54f0da29e586732”,
“remote_checksum”: “488c35d2c33b1e4cef55ff0d85cab928e68f3330”,
“remote_md5sum”: null
}
功能:设置文件属性,创建软链接等。
参数
参数 | 解释 |
---|---|
path | 必须参数,用于指定要操作的文件或目录,在之前版本的ansible中,使用dest参数或者name参数指定要操作的文件或目录,为了兼容之前的版本,使用dest或name也可以。 |
recurse | 当要操作的文件为目录,将recurse设置为yes,可以递归的修改目录中文件的属性。 |
state | 此参数非常灵活,其对应的值需要根据情况设定。 directory:在远端创建目录 touch:在远端创建文件 link:创建链接文件 absent:表示删除文件或目录 mode:设置文件或目录权限 owner:设置文件或目录属主 group:设置文件或目录属组 |
src | 当state设置为link或者hard时,表示我们想要创建一个软链或者硬链,所以,我们必须指明软链或硬链链接的哪个文件,通过src参数即可指定链接源。 |
force | 当state=link的时候,可配合此参数强制创建链接文件,当force=yes时,表示强制创建链接文件。不过强制创建链接文件分为三种情况。情况一:当要创建的链接文件指向的源文件并不存在时,使用此参数,可以先强制创建出链接文件。情况二:当要创建链接文件的目录中已经存在与链接文件同名的文件时,将force设置为yes,会将同名文件覆盖为链接文件,相当于删除同名文件,创建链接文件。情况三:当要创建链接文件的目录中已经存在与链接文件同名的文件,并且链接文件指向的源文件也不存在,这时会强制替换同名文件为链接文件。 |
owner | 用于指定被操作文件的属主,属主对应的用户必须在远程主机中存在,否则会报错。 |
group | 用于指定被操作文件的属组,属组对应的组必须在远程主机中存在,否则会报错。 |
mode | 用于指定被操作文件的权限,比如,如果想要将文件权限设置为”rw-r-x--- “,则可以使用mode=650进行设置,或者使用mode=0650,效果也是相同的。如果想要设置特殊权限,比如为二进制文件设置suid,则可以使用mode=4700。 |
范例1
[root@instance-gvpb80ao opt]# ansible public -m file -a “path=/root/1.txt state=touch”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“dest”: “/root/1.txt”,
“gid”: 0,
“group”: “root”,
“mode”: “0644”,
“owner”: “root”,
“size”: 0,
“state”: “file”,
“uid”: 0
}
[root@instance-gvpb80ao opt]# ll /root/
total 28
-rw-r–r-- 1 root root 0 May 20 15:55 1.txt
#删除文件
ansible public -m file -a “path=/root/1.txt state=absent”
范例2
[root@instance-gvpb80ao ~]# ansible public -m file -a “path=/root/txt state=directory owner=shanhe group=chenyang”
106.13.81.75 | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: false,
“gid”: 1002,
“group”: “chenyang”,
“mode”: “0755”,
“owner”: “shanhe”,
“path”: “/root/txt”,
“size”: 4096,
“state”: “directory”,
“uid”: 1001
}
[root@instance-gvpb80ao ~]# ll
total 36
drwxr-xr-x 2 shanhe chenyang 4096 May 20 16:08 txt
Copy to clipboardErrorCopied
范例3
[root@instance-gvpb80ao ~]# ansible public -m file -a “path=/root/test src=/root/txt state=link owner=shanhe group=chenyang”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“dest”: “/root/test”,
“gid”: 0,
“group”: “root”,
“mode”: “0777”,
“owner”: “root”,
“size”: 9,
“src”: “/root/txt”,
“state”: “link”,
“uid”: 0
}
[root@instance-gvpb80ao ~]# ll
total 36
lrwxrwxrwx 1 root root 9 May 20 16:11 test -> /root/txt
功能:解压缩。
实现有两种用法:
1、将ansible主机上的压缩包传到远程主机后解压缩至特定目录,设置copy=yes
2、将远程主机上的某个压缩包解压缩到指定路径下,设置copy=no
参数
参数 | 解释 |
---|---|
copy | 默认为yes,当copy=yes,拷贝的文件是从ansible主机复制到远程主机上,如果设置为no,则是在远程主机上直接解压文件 |
remote_src | 和copy功能一样且互斥,yes表示在远程主机,不在ansible主机,no表示文件在ansible主机上 |
src | 源路径,可以是ansible主机上的路径,也可以是远程主机(被管理端或者第三方主机)上的路径,如果是远程主机上的路径,则需要设copy=no |
dest | 远程主机上的目标路径 |
mode | 设置解压缩后的文件权限 |
范例
[root@instance-gvpb80ao ~]# ansible all -m unarchive -a "src=/root/test.tar.gz dest=/opt "
172.16.0.4 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“dest”: “/opt”,
“extract_results”: {
“cmd”: [
“/usr/bin/gtar”,
“–extract”,
“-C”,
“/opt”,
“-z”,
“-f”,
“/root/.ansible/tmp/ansible-tmp-1621499907.17-5491-141851802518117/source”
],
“err”: “”,
“out”: “”,
“rc”: 0
},
“gid”: 0,
“group”: “root”,
“handler”: “TgzArchive”,
“mode”: “0755”,
“owner”: “root”,
“size”: 4096,
“src”: “/root/.ansible/tmp/ansible-tmp-1621499907.17-5491-141851802518117/source”,
“state”: “directory”,
“uid”: 0
}
106.13.81.75 | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: false,
“dest”: “/opt”,
“gid”: 0,
“group”: “root”,
“handler”: “TgzArchive”,
“mode”: “0755”,
“owner”: “root”,
“size”: 4096,
“src”: “/root/.ansible/tmp/ansible-tmp-1621499906.94-5490-71573166890415/source”,
“state”: “directory”,
“uid”: 0
}
[root@instance-gvpb80ao ~]# ll /opt/
total 1448
-rw------- 1 root root 808 May 19 15:09 hello.yaml
范例2
[root@instance-gvpb80ao ~]# ansible public -m unarchive -a “src=https://repo.huaweicloud.com/etcd/v3.2.24/etcd-v3.2.24-linux-arm64.tar.gz dest=/opt copy=no owner=shanhe group=chenyang”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“dest”: “/opt”,
“extract_results”: {
“cmd”: [
“/usr/bin/gtar”,
“–extract”,
“-C”,
“/opt”,
“-z”,
“–owner=shanhe”,
“–group=chenyang”,
“-f”,
“/root/.ansible/tmp/ansible-tmp-1621500444.96-6522-191985417198936/etcd-v3.2.24-linux-arm64.tarsHzxWS.gz”
],
“err”: “”,
“out”: “”,
“rc”: 0
},
“gid”: 0,
“group”: “root”,
“handler”: “TgzArchive”,
“mode”: “0755”,
“owner”: “root”,
“size”: 4096,
“src”: “/root/.ansible/tmp/ansible-tmp-1621500444.96-6522-191985417198936/etcd-v3.2.24-linux-arm64.tarsHzxWS.gz”,
“state”: “directory”,
“uid”: 0
}
[root@instance-gvpb80ao ~]# ll /opt/
total 1452
drwxr-xr-x 3 shanhe chenyang 4096 Jul 25 2018 etcd-v3.2.24-linux-arm64
功能:打包压缩保存在被管理节点。
参数
参数 | 解释 |
---|---|
path | 要压缩的文件或目录 |
dest | 压缩后的文件 |
format | 指定打包的类型 |
mode | 权限 |
group | 属组 |
owner | 属主 |
范例
[root@instance-gvpb80ao ~]# ansible public -m archive -a “path=/root dest=/opt/root.tar.gz format=gz”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“archived”: [
“/root/.tcshrc”,
“/root/.cshrc”,
“/root/.bash_history”,
“/root/.bash_profile”,
“/root/.mysql_history”,
“/root/.viminfo”,
“/root/hello.yaml”,
“/root/test.tar.gz”,
“/root/abc.yaml”,
“/root/.ansible-console_history”,
“/root/hosts.list”,
“/root/open-user-crt.sh”,
“/root/date.txt”,
“/root/push_ssh_key.sh”,
“/root/.bash_logout”,
“/root/test.sh”,
“/root/.rnd”,
“/root/.bashrc”,
“/root/.ansible/galaxy_token”,
“/root/.ansible/tmp/ansible-local-7657zoXLcU/ansiballz_cache/archive-ZIP_DEFLATED”,
“/root/.ansible/tmp/ansible-tmp-1621502833.44-7666-63618490609724/AnsiballZ_archive.py”,
“/root/.ansible/cp/4e1832b56d”,
“/root/.cache/abrt/lastnotification”,
“/root/.ssh/authorized_keys”,
“/root/.ssh/id_rsa”,
“/root/.ssh/id_rsa.pub”,
“/root/.ssh/known_hosts”
],
“arcroot”: “//”,
“changed”: true,
“dest”: “/opt/root.tar.gz”,
“expanded_exclude_paths”: [],
“expanded_paths”: [
“/root”
],
“gid”: 0,
“group”: “root”,
“missing”: [],
“mode”: “0644”,
“owner”: “root”,
“size”: 188991,
“state”: “file”,
“uid”: 0
}
[root@instance-gvpb80ao ~]# ll /opt/
total 1640
-rw-r–r-- 1 root root 188991 May 20 17:27 root.tar.gz
[root@instance-gvpb80ao ~]#
功能:管理主机名。
参数
范例
[root@instance-gvpb80ao ~]# ansible public -m hostname -a ‘name=kubernetes’
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“ansible_domain”: “”,
“ansible_fqdn”: “kubernetes”,
“ansible_hostname”: “kubernetes”,
“ansible_nodename”: “kubernetes”,
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“name”: “kubernetes”
}
[root@instance-gvpb80ao ~]# bash
[root@kubernetes ~]#
功能:计划任务
支持时间:minute,hour,day,month,weekday
参数
参数 | 解释 |
---|---|
minute | 分钟 |
hour | 小时 |
day | 天 |
month | 月 |
weekday | 星期 |
job | 脚本路径 |
name | 定时任务名称 |
disabled | 是否启用 |
state | 状态:absent删除 |
范例1
[root@instance-gvpb80ao ~]# ansible public -m cron -a “minute=* job=‘echo date >> /root/ttt.log’ name=test disabled=yes”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“envs”: [],
“jobs”: [
“test”
]
}
[root@instance-gvpb80ao ~]# crontab -l
#Ansible: test
#* * * * * echo date >> /root/ttt.log
范例2
[root@instance-gvpb80ao ~]# ansible public -m cron -a “minute=* job=‘echo date >> /root/ttt.log’ name=test disabled=yes state=absent”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“envs”: [],
“jobs”: []
}
[root@instance-gvpb80ao ~]# crontab -l
yum 管理软件包,只支持RHEL,CentOS,fedora,不支持Ubuntu其它版本。
apt 模块管理 Debian 相关版本的软件包。
参数
参数 | 解释 |
---|---|
name | 安装的服务的名字 |
state | 执行命令 present installed removed latest absent 其中installed and present等效 latest标志安装yum中最新版本,absent and removed 等效 表示删除安装包 |
disable_gpg_check | 用于禁用rmp包的公钥gpg验证,默认值no 表示不做验证 |
enablerepo | 用于指定安装软件包是临时启用的yum元 |
disablerepo | 用于指定安装软件包是临时禁止用的yum元 |
范例1
[root@instance-gvpb80ao ~]# ansible public -m yum -a “name=httpd state=present”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“changes”: {
“installed”: [
“httpd”
]
},
“msg”: “”,
“rc”: 0,
“results”: [
“Loaded plugins: langpacks, versionlock\nExcluding 1 update due to versionlock (use “yum versionlock status” to show it)\nResolving Dependencies\n–> Running transaction check\n—> Package httpd.x86_64 0:2.4.6-97.el7.centos will be installed\n–> Processing Dependency: httpd-tools = 2.4.6-97.el7.centos for package: httpd-2.4.6-97.el7.centos.x86_64\n–> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-97.el7.centos.x86_64\n–> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-97.el7.centos.x86_64\n–> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-97.el7.centos.x86_64\n–> Running transaction check\n—> Package apr.x86_64 0:1.4.8-7.el7 will be installed\n—> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed\n—> Package httpd-tools.x86_64 0:2.4.6-97.el7.centos will be installed\n—> Package mailcap.noarch 0:2.1.41-2.el7 will be installed\n–> Finished Dependency Resolution\n\nDependencies Resolved\n\n======\n Package Arch Version Repository Size\n==========================================================================\nInstalling:\n httpd x86_64 2.4.6-97.el7.centos updates 2.7 M\nInstalling for dependencies:\n apr x86_64 1.4.8-7.el7 base 104 k\n apr-util x86_64 1.5.2-6.el7 base 92 k\n httpd-tools x86_64 2.4.6-97.el7.centos updates 93 k\n mailcap noarch 2.1.41-2.el7 base 31 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+4 Dependent packages)\n\nTotal download size: 3.0 M\nInstalled size: 10 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 14 MB/s | 3.0 MB 00:00 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : apr-1.4.8-7.el7.x86_64 1/5 \n Installing : apr-util-1.5.2-6.el7.x86_64 2/5 \n Installing : httpd-tools-2.4.6-97.el7.centos.x86_64 3/5 \n Installing : mailcap-2.1.41-2.el7.noarch 4/5 \n Installing : httpd-2.4.6-97.el7.centos.x86_64 5/5 \n Verifying : httpd-2.4.6-97.el7.centos.x86_64 1/5 \n Verifying : apr-1.4.8-7.el7.x86_64 2/5 \n Verifying : mailcap-2.1.41-2.el7.noarch 3/5 \n Verifying : httpd-tools-2.4.6-97.el7.centos.x86_64 4/5 \n Verifying : apr-util-1.5.2-6.el7.x86_64 5/5 \n\nInstalled:\n httpd.x86_64 0:2.4.6-97.el7.centos \n\nDependency Installed:\n apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7 \n httpd-tools.x86_64 0:2.4.6-97.el7.centos mailcap.noarch 0:2.1.41-2.el7 \n\nComplete!\n”
]
}
[root@instance-gvpb80ao ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)
[root@instance-gvpb80ao ~]#
功能:管理服务。
参数
参数 | 解释 |
---|---|
name | 定义要启动服务的名称 |
state | started #启动服务 stopped #停止服务 restarted #重启服务 reloaded #重载服务 |
enabled | 开机自启 |
范例
#1.启动crond服务,并加入开机自启
[root@m01 ~]# ansible webservers -m service -a “name=crond state=started enabled=yes”
#2.停止crond服务,并删除开机自启
[root@m01 ~]# ansible webservers -m service -a “name=crond state=stopped enabled=no”
#3.重启crond服务
[root@m01 ~]# ansible webservers -m service -a “name=crond state=restarted”
#4.重载crond服务
[root@m01 ~]# ansible webservers -m service -a “name=crond state=reloaded”
功能:管理用户。
参数
参数 | 解释 |
---|---|
uid | 指定用户的uid |
group | 指定用户组名称 |
groups | 指定附加组名称 |
password | 给用户添加密码(记得单引号) |
shell | 指定用户登录shell |
create_home | 是否创建家目录 |
state | 用户状态:absent(删除) |
home | 家目录路径 |
system | 是否是系统用户 |
remove | 是否删除家目录数据:yes(删除) |
范例
[root@instance-gvpb80ao ~]# ansible public -m user -a “name=www uid=1200”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“comment”: “”,
“create_home”: true,
“group”: 1200,
“home”: “/home/www”,
“name”: “www”,
“shell”: “/bin/bash”,
“state”: “present”,
“system”: false,
“uid”: 1200
}
[root@instance-gvpb80ao ~]# id www
uid=1200(www) gid=1200(www) groups=1200(www)
功能:管理组。
#创建组
ansible public -m group -a 'name=nginx gid=88 system=yes'
#删除组
ansible public -m group -a 'name=nginx state=absent'
功能:下载模块(类似于wget)。
参数
参数 | 解释 |
---|---|
url | 下载的URL |
mode | 权限 |
dest | 下载的路径 |
checksum | md5值 |
timeout | 下载文件的超时时间 |
url_password | URL密码 |
url_username | URL用户 |
范例
[root@instance-gvpb80ao ~]# ansible public -m get_url -a ‘url=https://repo.huaweicloud.com/etcd/v3.4.0-rc.4/etcd-v3.4.0-rc.4-linux-arm64.tar.gz mode=777 dest=/opt’
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“checksum_dest”: null,
“checksum_src”: “c721f9904ff9c47cb34f304ee7d48eb99253e13a”,
“dest”: “/opt/etcd-v3.4.0-rc.4-linux-arm64.tar.gz”,
“elapsed”: 6,
“gid”: 0,
“group”: “root”,
“md5sum”: “0372460bbdf457166391e5e71c074f1c”,
“mode”: “0777”,
“msg”: “OK (15997556 bytes)”,
“owner”: “root”,
“size”: 15997556,
“src”: “/root/.ansible/tmp/ansible-tmp-1621516877.39-15455-75914400512400/tmpbxzrIQ”,
“state”: “file”,
“status_code”: 200,
“uid”: 0,
“url”: “https://repo.huaweicloud.com/etcd/v3.4.0-rc.4/etcd-v3.4.0-rc.4-linux-arm64.tar.gz”
}
功能:挂载目录。
参数
参数 | 解释 |
---|---|
src | 挂载IP及目录 |
path | 挂载的路径 |
fstype | 挂载的类型 |
opts | 默认的类型 |
state | 挂载的状态 |
state参数
参数 | 解释 |
---|---|
present | 开机挂载,仅将挂载配置写入/etc/fstab |
mounted | 挂载设备,并将配置写入/etc/fstab |
unmounted | 卸载设备,不会清除/etc/fstab写入的配置 |
absent | 卸载设备,会清理/etc/fstab写入的配置 |
范例
[root@m01 ~]# ansible web02 -m mount -a “src=172.16.1.7:/data path=/data fstype=nfs opts=defaults state=present”
[root@m01 ~]# ansible web02 -m mount -a “src=172.16.1.7:/data path=/data fstype=nfs opts=defaults state=mounted”
[root@m01 ~]# ansible web02 -m mount -a “src=172.16.1.7:/data path=/data fstype=nfs opts=defaults state=unmounted”
[root@m01 ~]# ansible web02 -m mount -a “src=172.16.1.7:/data path=/data fstype=nfs opts=defaults state=absent”
功能: setup 模块来收集主机的系统信息,这些 facts 信息可以直接以变量的形式使用,但是如果主机较多,会影响执行速度,可以使用 gather_facts: no 来禁止 Ansible 收集 facts 信息。
范例
ansible all -m setup -a “filter=ansible_nodename”
ansible all -m setup -a “filter=ansible_hostname”
ansible all -m setup -a “filter=ansible_domain”
ansible all -m setup -a “filter=ansible_memtotal_mb”
ansible all -m setup -a “filter=ansible_memory_mb”
ansible all -m setup -a “filter=ansible_memfree_mb”
ansible all -m setup -a “filter=ansible_os_family”
ansible all -m setup -a “filter=ansible_distribution_major_version”
ansible all -m setup -a “filter=ansible_distribution_version”
ansible all -m setup -a “filter=ansible_processor_vcpus”
ansible all -m setup -a “filter=ansible_all_ipv4_addresses”
ansible all -m setup -a “filter=ansible_architecture”
ansible all -m setup -a “filter=ansible_processor*”