ansible基础(模块)

Ansible-playbook(剧本)

注意:编写yaml文件时,一定要注意文件的格式,必须严格按照以下格式执行,错一个都不行
此工具用于执行编写好的 playbook 任务

[root@instance-gvpb80ao ~]# cat hello.yaml 
- hosts: public(public代表分组名)
  remote_user: root
  gather_facts: no
  tasks:
    - name: hello world
      shell: echo "Hello world" > /root/1.txt





[root@instance-gvpb80ao ~]# ansible-playbook hello.yaml 
PLAY [web] *********************************************************************************************************
TASK [hello world] *************************************************************************************************
changed: [172.16.1.9]
PLAY RECAP *********************************************************************************************************
172.16.1.9                 : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-vault

此工具可以用于加密解密yml文件。
格式
ansible-vault [create|decrypt|edit|encrypt|rekey|view]

范例

ansible-vault encrypt hello.yml #加密
[root@instance-gvpb80ao ~]# ansible-vault encrypt hello.yaml 
New Vault password: 
Confirm New Vault password: 
Encryption successful
[root@instance-gvpb80ao ~]# cat hello.yaml 
$ANSIBLE_VAULT;1.1;AES256
32613137393965313332353065366264303763323230323766366261636430376661373038626432
3732623762313131316565386338633635613530653736640a363462373930396562343565653936
34333035633365343063303966386264343366383839333439643961383438316537616666353931
3234323937363565660a303931313032346134393534653662363266613563386633613537313664
37313434333764656637623761346662656238393631323230326366396364613138623430663063
34396532646266336136333566313164656232366336653932396634643565366266666464623631
65366163343764613166336430613564306633333331343166343236323834343631613438333865
30346430363465356562643932653766636230383137346332323064636236616532333432353432
62373435386162613961376134643237366461653734626664353737363432323761366263336461
36323537633837316664306439303534343536373162333537646462303864323233303436643839
336130356436613230633231623035633536

ansible-vault decrypt hello.yml #解密

[root@instance-gvpb80ao ~]# ansible-vault decrypt hello.yaml 
Vault password: 
Decryption successful
[root@instance-gvpb80ao ~]# cat hello.yaml 
- hosts: public
  remote_user: root
  gather_facts: no
  tasks:
    - name: hello world
      command: echo "Hello Chenyang" > /root/123456

ansible-vault view hello.yml #查看

[root@instance-gvpb80ao ~]# ansible-vault view hello.yaml
Vault password: 
- hosts: public
  remote_user: root
  gather_facts: no
  tasks:
    - name: hello world
      command: echo "Hello Chenyang" > /root/123456
      
ansible-vault edit hello.yml #编辑加密文件
[root@instance-gvpb80ao ~]# ansible-vault edit hello.yaml
Vault password: 
[root@instance-gvpb80ao ~]# cat hello.yaml 
$ANSIBLE_VAULT;1.1;AES256
32623539636538376665373330626334643538306161613462393334656633613030663634396334
6266386165643361323137343161313536643038393661650a623861366330343135623365623336
37323064623562316162613034636232333535366637613461396434363938643532616133643836
3766343533616637650a313737316262366233396433353030393262633366333939636537316165
65623861643233353939653430623334323138366435326234353638666635373132616162666332
36643834313263393237323232323537633933313430323530343032313637643332653862326465
66333438303737663463386363383034343135643431316634363737376265336366363764656437
66666333316466313161333061383930376562366631643962386462353535363535333461353035
62376463663630383465666662616139636631626334373564346131363531636439386431623666
3933393266353638346232366666313137653962356130373739

ansible-vault rekey hello.yml #修改口令

[root@instance-gvpb80ao ~]# ansible-vault rekey hello.yaml
Vault password: 
New Vault password: 
Confirm New Vault password: 
Rekey successful

ansible-vault create new.yml #创建新文件

[root@instance-gvpb80ao ~]# ansible-vault create abc.yaml
New Vault password: 
Confirm New Vault password: 
[root@instance-gvpb80ao ~]# cat abc.yaml 
$ANSIBLE_VAULT;1.1;AES256
32653230653437313566623734666166346632613366373732346533396130396132323433653238
6139333135386637303939306437306637303837663361650a653466663938313032613330653636
66346639613937333939393036336334396234616139633066386330343831333439643039353436
6134313033616235390a353362643562633763303063313264633435306635643965356636303964
6430

ansible-console

此工具可交互执行命令,支持tab,ansible 2.0+新增
提示符格式
执行用户@当前操作的主机组 (当前组的主机数量)[f:并发数]$

常用子命令
设置并发数: forks n 例如: forks 10
切换组: cd 主机组 例如: cd web
列出当前组主机列表: list
列出所有的内置命令: ?或help


范例:
[root@instance-gvpb80ao ~]# ansible-console
Welcome to the ansible console.
Type help or ? to list commands.

root@all (2)[f:5]$ ping
172.16.0.4 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
106.13.81.75 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
root@all (2)[f:5]$ list
106.13.81.75
172.16.0.4

ansible-galaxy

此工具会连接 https://galaxy.ansible.com 下载相应的roles

#查看列表
[root@instance-gvpb80ao ~]# ansible-galaxy list
#/root/.ansible/roles
- geerlingguy.nginx, 3.0.0
#/usr/share/ansible/roles
#/etc/ansible/roles

#下载nginx roles
[root@instance-gvpb80ao ~]# ansible-galaxy install geerlingguy.nginx
- downloading role 'nginx', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-nginx/archive/3.0.0.tar.gz
- extracting geerlingguy.nginx to /root/.ansible/roles/geerlingguy.nginx
- geerlingguy.nginx (3.0.0) was installed successfully

#删除
[root@instance-gvpb80ao ~]# ansible-galaxy remove geerlingguy.nginx
- successfully removed geerlingguy.nginx

Ansible模块(一)
2015年底270多个模块,2016年达到540个,2018年01月12日有1378个模块,2018年07月15日1852个模块,2019年05月25日(ansible 2.7.10)时2080个模块,2020年03月02日有3387个模块。虽然模块众多,但最常用的模块也就20~30个而已,针对特定业务只用10几个模块。
常用模块帮助文档参考:
https://docs.ansible.com/ansible/2.9/modules/modules_by_category.html
https://docs.ansible.com/ansible/2.9/modules/list_of_all_modules.html
https://docs.ansible.com/ansible/latest/modules/list_of_all_modules.html
https://docs.ansible.com/ansible/latest/modules/modules_by_category.html

Command 模块

command模块是Ansible中的默认模块,
功能:在远程主机执行命令,此为默认模块,可忽略-m选项
注意:此命令不支持 $VARNAME < > | ; &(特殊字符,变量) 等,用shell模块实现

[root@instance-gvpb80ao ~]# ansible all -a 'hostname'
106.13.81.75 | CHANGED | rc=0 >>
instance-gvpb80ao.novalocal
172.16.0.4 | CHANGED | rc=0 >>
instance-gvpb80ao.novalocal

[root@instance-gvpb80ao ~]# ansible public -m command -a 'ls /root'
106.13.81.75 | CHANGED | rc=0 >>
abc.yaml
hello.yaml
hosts.list
open-user-crt.sh
push_ssh_key.sh
Shell模块

功能:和command相似,用shell执行命令,支持各种符号,变量等,比如:*,$, >

范例:
[root@instance-gvpb80ao ~]# ansible all -m shell -a "echo $HOSTNAME"
106.13.81.75 | CHANGED | rc=0 >>
instance-gvpb80ao.novalocal
172.16.0.4 | CHANGED | rc=0 >>
instance-gvpb80ao.novalocal


注意:调用bash执行命令 类似 cat /tmp/test.md | awk -F'|' '{print $1,$2}' &> /tmp/example.txt 这些复杂命令,即使使用shell也可能会失败。
解决办法:将复杂命令写到脚本中,copy到远程,再在自己主机上操作远端的机器执行脚本,就能得到结果。


将shell模块代替command,设为默认模块
[root@instance-gvpb80ao ~]# vim /etc/ansible/ansible.cfg
module_name = shell
Script 模块

功能:远程主机执行ansible服务器上的脚本(无需执行权限)
注意:脚本必须必须必须在本地ansible机器上

[root@instance-gvpb80ao ~]# ansible public -m script -a /root/test.sh 
106.13.81.75 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 106.13.81.75 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to 106.13.81.75 closed."
    ], 
    "stdout": "", 
    "stdout_lines": []
}
[root@instance-gvpb80ao ~]# cat date.txt 
Wed May 19 16:05:10 CST 2021
Copy模块

功能:从ansible服务器主控端复制文件到远程主机
参数

参数 解释
src 用于指定需要copy的文件或目录。
dest 用于指定文件将被拷贝到远程主机的哪个目录中,dest为必须参数。
content 当不使用src指定拷贝的文件时,可以使用content直接指定文件内容,src与content两个参数必有其一,否则会报错。
force 当远程主机的目标路径中已经存在同名文件,并且与ansible主机中的文件内容不同时,是否强制覆盖,可选值有yes和no,默认值为yes,表示覆盖,如果设置为no,则不会执行覆盖拷贝操作,远程主机中的文件保持不变。
backup 当远程主机的目标路径中已经存在同名文件,并且与ansible主机中的文件内容不同时,是否对远程主机的文件进行备份,可选值有yes和no,当设置为yes时,会先备份远程主机中的文件,然后再将ansible主机中的文件拷贝到远程主机。
owner 指定文件拷贝到远程主机后的属主,但是远程主机上必须有对应的用户,否则会报错。
group 指定文件拷贝到远程主机后的属组,但是远程主机上必须有对应的组,否则会报错。
mode 指定文件拷贝到远程主机后的权限,如果你想将权限设置为”rw-r–r--“,则可以使用mode=0644表示,如果你想要在user对应的权限位上添加执行权限,则可以使用mode=u+x表示。

范例1:将本机的push_ssh_key.sh复制到远程的/tmp目录,用户为shanhe,权限为600
[root@instance-gvpb80ao ~]# ansible public -m copy -a “src=push_ssh_key.sh dest=/tmp owner=shanhe mode=600”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“checksum”: “0b836bbe30e61896040525bee00ffee867f4a08c”,
“dest”: “/tmp/push_ssh_key.sh”,
“gid”: 0,
“group”: “root”,
“md5sum”: “410a687367c54811ff9ce34791319e0c”,
“mode”: “0600”,
“owner”: “shanhe”,
“size”: 264,
“src”: “/root/.ansible/tmp/ansible-tmp-1621494824.72-317-250283194147221/source”,
“state”: “file”,
“uid”: 1001
}
[root@instance-gvpb80ao ~]# ll /tmp/push_ssh_key.sh
-rw------- 1 shanhe root 264 May 20 15:13 /tmp/push_ssh_

范例2:将本机test.sh复制到远程,并备份。
[root@instance-gvpb80ao ~]# ansible 172* -m copy -a “src=test.sh dest=/tmp/push_ssh_key.sh backup=yes”
172.16.0.4 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“backup_file”: “/tmp/push_ssh_key.sh.2054.2021-05-20@15:18:31~”,
“changed”: true,
“checksum”: “488c35d2c33b1e4cef55ff0d85cab928e68f3330”,
“dest”: “/tmp/push_ssh_key.sh”,
“gid”: 0,
“group”: “root”,
“md5sum”: “1adcefd1e3aea3dbd54f0da29e586732”,
“mode”: “0600”,
“owner”: “shanhe”,
“size”: 43,
“src”: “/root/.ansible/tmp/ansible-tmp-1621495109.9-1879-108678135537148/source”,
“state”: “file”,
“uid”: 1001
}
[root@instance-gvpb80ao ~]# ll /tmp/
total 2844
-rw------- 1 shanhe root 43 May 20 15:18 push_ssh_key.sh
-rw------- 1 shanhe root 264 May 20 15:13 pus

Fetch 模块

功能:从远程主机提取文件至ansible的主控端,copy相反,目前不支持目录
参数 解释

参数 解释
src (必需)要获取的远程系统上的文件。
dest (必需)要将文件保存到的目录。
fail_on_missing 当设置为 Trueyes,如果由于不明因素导致从远程主机中不能读取到该文件,则会显示 fail
validate_checksum 当文件fetch之后进行md5检查
Flat 允许覆盖默认行为从hostname/path到/file的,如果dest以/结尾,它将使用源文件的基础名称

范例1
[root@instance-gvpb80ao ~]# ansible public -m fetch -a "src=/tmp/push_ssh_key.sh dest=shanhe.sh "
106.13.81.75 | CHANGED => {
“changed”: true,
“checksum”: “488c35d2c33b1e4cef55ff0d85cab928e68f3330”,
“dest”: “/root/shanhe.sh/106.13.81.75/tmp/push_ssh_key.sh”,
“md5sum”: “1adcefd1e3aea3dbd54f0da29e586732”,
“remote_checksum”: “488c35d2c33b1e4cef55ff0d85cab928e68f3330”,
“remote_md5sum”: null
}
[root@instance-gvpb80ao ~]# tree shanhe.sh
/root/shanhe.sh/
└── 106.13.81.75
└── tmp
└── push_ssh_key.sh

2 directories, 1 file

范例2
[root@instance-gvpb80ao /]# ansible public -m fetch -a “src=/tmp/push_ssh_key.sh dest=/opt validate_checksum=yes”
106.13.81.75 | CHANGED => {
“changed”: true,
“checksum”: “488c35d2c33b1e4cef55ff0d85cab928e68f3330”,
“dest”: “/opt/106.13.81.75/tmp/push_ssh_key.sh”,
“md5sum”: “1adcefd1e3aea3dbd54f0da29e586732”,
“remote_checksum”: “488c35d2c33b1e4cef55ff0d85cab928e68f3330”,
“remote_md5sum”: null
}

File模块

功能:设置文件属性,创建软链接等。
参数

参数 解释
path 必须参数,用于指定要操作的文件或目录,在之前版本的ansible中,使用dest参数或者name参数指定要操作的文件或目录,为了兼容之前的版本,使用dest或name也可以。
recurse 当要操作的文件为目录,将recurse设置为yes,可以递归的修改目录中文件的属性。
state 此参数非常灵活,其对应的值需要根据情况设定。 directory:在远端创建目录 touch:在远端创建文件 link:创建链接文件 absent:表示删除文件或目录 mode:设置文件或目录权限 owner:设置文件或目录属主 group:设置文件或目录属组
src 当state设置为link或者hard时,表示我们想要创建一个软链或者硬链,所以,我们必须指明软链或硬链链接的哪个文件,通过src参数即可指定链接源。
force 当state=link的时候,可配合此参数强制创建链接文件,当force=yes时,表示强制创建链接文件。不过强制创建链接文件分为三种情况。情况一:当要创建的链接文件指向的源文件并不存在时,使用此参数,可以先强制创建出链接文件。情况二:当要创建链接文件的目录中已经存在与链接文件同名的文件时,将force设置为yes,会将同名文件覆盖为链接文件,相当于删除同名文件,创建链接文件。情况三:当要创建链接文件的目录中已经存在与链接文件同名的文件,并且链接文件指向的源文件也不存在,这时会强制替换同名文件为链接文件。
owner 用于指定被操作文件的属主,属主对应的用户必须在远程主机中存在,否则会报错。
group 用于指定被操作文件的属组,属组对应的组必须在远程主机中存在,否则会报错。
mode 用于指定被操作文件的权限,比如,如果想要将文件权限设置为”rw-r-x---“,则可以使用mode=650进行设置,或者使用mode=0650,效果也是相同的。如果想要设置特殊权限,比如为二进制文件设置suid,则可以使用mode=4700。

范例1
[root@instance-gvpb80ao opt]# ansible public -m file -a “path=/root/1.txt state=touch”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“dest”: “/root/1.txt”,
“gid”: 0,
“group”: “root”,
“mode”: “0644”,
“owner”: “root”,
“size”: 0,
“state”: “file”,
“uid”: 0
}
[root@instance-gvpb80ao opt]# ll /root/
total 28
-rw-r–r-- 1 root root 0 May 20 15:55 1.txt

#删除文件
ansible public -m file -a “path=/root/1.txt state=absent”

范例2
[root@instance-gvpb80ao ~]# ansible public -m file -a “path=/root/txt state=directory owner=shanhe group=chenyang”
106.13.81.75 | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: false,
“gid”: 1002,
“group”: “chenyang”,
“mode”: “0755”,
“owner”: “shanhe”,
“path”: “/root/txt”,
“size”: 4096,
“state”: “directory”,
“uid”: 1001
}
[root@instance-gvpb80ao ~]# ll
total 36
drwxr-xr-x 2 shanhe chenyang 4096 May 20 16:08 txt
Copy to clipboardErrorCopied
范例3
[root@instance-gvpb80ao ~]# ansible public -m file -a “path=/root/test src=/root/txt state=link owner=shanhe group=chenyang”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“dest”: “/root/test”,
“gid”: 0,
“group”: “root”,
“mode”: “0777”,
“owner”: “root”,
“size”: 9,
“src”: “/root/txt”,
“state”: “link”,
“uid”: 0
}
[root@instance-gvpb80ao ~]# ll
total 36
lrwxrwxrwx 1 root root 9 May 20 16:11 test -> /root/txt

unarchive模块

功能:解压缩。

实现有两种用法:
1、将ansible主机上的压缩包传到远程主机后解压缩至特定目录,设置copy=yes
2、将远程主机上的某个压缩包解压缩到指定路径下,设置copy=no

参数

参数 解释
copy 默认为yes,当copy=yes,拷贝的文件是从ansible主机复制到远程主机上,如果设置为no,则是在远程主机上直接解压文件
remote_src 和copy功能一样且互斥,yes表示在远程主机,不在ansible主机,no表示文件在ansible主机上
src 源路径,可以是ansible主机上的路径,也可以是远程主机(被管理端或者第三方主机)上的路径,如果是远程主机上的路径,则需要设copy=no
dest 远程主机上的目标路径
mode 设置解压缩后的文件权限

范例
[root@instance-gvpb80ao ~]# ansible all -m unarchive -a "src=/root/test.tar.gz dest=/opt "
172.16.0.4 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“dest”: “/opt”,
“extract_results”: {
“cmd”: [
“/usr/bin/gtar”,
“–extract”,
“-C”,
“/opt”,
“-z”,
“-f”,
“/root/.ansible/tmp/ansible-tmp-1621499907.17-5491-141851802518117/source”
],
“err”: “”,
“out”: “”,
“rc”: 0
},
“gid”: 0,
“group”: “root”,
“handler”: “TgzArchive”,
“mode”: “0755”,
“owner”: “root”,
“size”: 4096,
“src”: “/root/.ansible/tmp/ansible-tmp-1621499907.17-5491-141851802518117/source”,
“state”: “directory”,
“uid”: 0
}
106.13.81.75 | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: false,
“dest”: “/opt”,
“gid”: 0,
“group”: “root”,
“handler”: “TgzArchive”,
“mode”: “0755”,
“owner”: “root”,
“size”: 4096,
“src”: “/root/.ansible/tmp/ansible-tmp-1621499906.94-5490-71573166890415/source”,
“state”: “directory”,
“uid”: 0
}
[root@instance-gvpb80ao ~]# ll /opt/
total 1448
-rw------- 1 root root 808 May 19 15:09 hello.yaml

范例2
[root@instance-gvpb80ao ~]# ansible public -m unarchive -a “src=https://repo.huaweicloud.com/etcd/v3.2.24/etcd-v3.2.24-linux-arm64.tar.gz dest=/opt copy=no owner=shanhe group=chenyang”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“dest”: “/opt”,
“extract_results”: {
“cmd”: [
“/usr/bin/gtar”,
“–extract”,
“-C”,
“/opt”,
“-z”,
“–owner=shanhe”,
“–group=chenyang”,
“-f”,
“/root/.ansible/tmp/ansible-tmp-1621500444.96-6522-191985417198936/etcd-v3.2.24-linux-arm64.tarsHzxWS.gz”
],
“err”: “”,
“out”: “”,
“rc”: 0
},
“gid”: 0,
“group”: “root”,
“handler”: “TgzArchive”,
“mode”: “0755”,
“owner”: “root”,
“size”: 4096,
“src”: “/root/.ansible/tmp/ansible-tmp-1621500444.96-6522-191985417198936/etcd-v3.2.24-linux-arm64.tarsHzxWS.gz”,
“state”: “directory”,
“uid”: 0
}
[root@instance-gvpb80ao ~]# ll /opt/
total 1452
drwxr-xr-x 3 shanhe chenyang 4096 Jul 25 2018 etcd-v3.2.24-linux-arm64

Archive模块

功能:打包压缩保存在被管理节点。

参数

参数 解释
path 要压缩的文件或目录
dest 压缩后的文件
format 指定打包的类型
mode 权限
group 属组
owner 属主

范例
[root@instance-gvpb80ao ~]# ansible public -m archive -a “path=/root dest=/opt/root.tar.gz format=gz”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“archived”: [
“/root/.tcshrc”,
“/root/.cshrc”,
“/root/.bash_history”,
“/root/.bash_profile”,
“/root/.mysql_history”,
“/root/.viminfo”,
“/root/hello.yaml”,
“/root/test.tar.gz”,
“/root/abc.yaml”,
“/root/.ansible-console_history”,
“/root/hosts.list”,
“/root/open-user-crt.sh”,
“/root/date.txt”,
“/root/push_ssh_key.sh”,
“/root/.bash_logout”,
“/root/test.sh”,
“/root/.rnd”,
“/root/.bashrc”,
“/root/.ansible/galaxy_token”,
“/root/.ansible/tmp/ansible-local-7657zoXLcU/ansiballz_cache/archive-ZIP_DEFLATED”,
“/root/.ansible/tmp/ansible-tmp-1621502833.44-7666-63618490609724/AnsiballZ_archive.py”,
“/root/.ansible/cp/4e1832b56d”,
“/root/.cache/abrt/lastnotification”,
“/root/.ssh/authorized_keys”,
“/root/.ssh/id_rsa”,
“/root/.ssh/id_rsa.pub”,
“/root/.ssh/known_hosts”
],
“arcroot”: “//”,
“changed”: true,
“dest”: “/opt/root.tar.gz”,
“expanded_exclude_paths”: [],
“expanded_paths”: [
“/root”
],
“gid”: 0,
“group”: “root”,
“missing”: [],
“mode”: “0644”,
“owner”: “root”,
“size”: 188991,
“state”: “file”,
“uid”: 0
}
[root@instance-gvpb80ao ~]# ll /opt/
total 1640
-rw-r–r-- 1 root root 188991 May 20 17:27 root.tar.gz
[root@instance-gvpb80ao ~]#

Hostname模块

功能:管理主机名。
参数
在这里插入图片描述
范例
[root@instance-gvpb80ao ~]# ansible public -m hostname -a ‘name=kubernetes’
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“ansible_domain”: “”,
“ansible_fqdn”: “kubernetes”,
“ansible_hostname”: “kubernetes”,
“ansible_nodename”: “kubernetes”,
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“name”: “kubernetes”
}
[root@instance-gvpb80ao ~]# bash
[root@kubernetes ~]#

Cron模块

功能:计划任务
支持时间:minute,hour,day,month,weekday

参数

参数 解释
minute 分钟
hour 小时
day
month
weekday 星期
job 脚本路径
name 定时任务名称
disabled 是否启用
state 状态:absent删除

范例1
[root@instance-gvpb80ao ~]# ansible public -m cron -a “minute=* job=‘echo date >> /root/ttt.log’ name=test disabled=yes”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“envs”: [],
“jobs”: [
“test”
]
}
[root@instance-gvpb80ao ~]# crontab -l
#Ansible: test
#* * * * * echo date >> /root/ttt.log

范例2
[root@instance-gvpb80ao ~]# ansible public -m cron -a “minute=* job=‘echo date >> /root/ttt.log’ name=test disabled=yes state=absent”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“envs”: [],
“jobs”: []
}
[root@instance-gvpb80ao ~]# crontab -l

Yum和Apt模块

yum 管理软件包,只支持RHEL,CentOS,fedora,不支持Ubuntu其它版本。
apt 模块管理 Debian 相关版本的软件包。

参数

参数 解释
name 安装的服务的名字
state 执行命令 present installed removed latest absent 其中installed and present等效 latest标志安装yum中最新版本,absent and removed 等效 表示删除安装包
disable_gpg_check 用于禁用rmp包的公钥gpg验证,默认值no 表示不做验证
enablerepo 用于指定安装软件包是临时启用的yum元
disablerepo 用于指定安装软件包是临时禁止用的yum元

范例1
[root@instance-gvpb80ao ~]# ansible public -m yum -a “name=httpd state=present”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“changes”: {
“installed”: [
“httpd”
]
},
“msg”: “”,
“rc”: 0,
“results”: [
“Loaded plugins: langpacks, versionlock\nExcluding 1 update due to versionlock (use “yum versionlock status” to show it)\nResolving Dependencies\n–> Running transaction check\n—> Package httpd.x86_64 0:2.4.6-97.el7.centos will be installed\n–> Processing Dependency: httpd-tools = 2.4.6-97.el7.centos for package: httpd-2.4.6-97.el7.centos.x86_64\n–> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-97.el7.centos.x86_64\n–> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-97.el7.centos.x86_64\n–> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-97.el7.centos.x86_64\n–> Running transaction check\n—> Package apr.x86_64 0:1.4.8-7.el7 will be installed\n—> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed\n—> Package httpd-tools.x86_64 0:2.4.6-97.el7.centos will be installed\n—> Package mailcap.noarch 0:2.1.41-2.el7 will be installed\n–> Finished Dependency Resolution\n\nDependencies Resolved\n\n======\n Package Arch Version Repository Size\n==========================================================================\nInstalling:\n httpd x86_64 2.4.6-97.el7.centos updates 2.7 M\nInstalling for dependencies:\n apr x86_64 1.4.8-7.el7 base 104 k\n apr-util x86_64 1.5.2-6.el7 base 92 k\n httpd-tools x86_64 2.4.6-97.el7.centos updates 93 k\n mailcap noarch 2.1.41-2.el7 base 31 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+4 Dependent packages)\n\nTotal download size: 3.0 M\nInstalled size: 10 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 14 MB/s | 3.0 MB 00:00 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : apr-1.4.8-7.el7.x86_64 1/5 \n Installing : apr-util-1.5.2-6.el7.x86_64 2/5 \n Installing : httpd-tools-2.4.6-97.el7.centos.x86_64 3/5 \n Installing : mailcap-2.1.41-2.el7.noarch 4/5 \n Installing : httpd-2.4.6-97.el7.centos.x86_64 5/5 \n Verifying : httpd-2.4.6-97.el7.centos.x86_64 1/5 \n Verifying : apr-1.4.8-7.el7.x86_64 2/5 \n Verifying : mailcap-2.1.41-2.el7.noarch 3/5 \n Verifying : httpd-tools-2.4.6-97.el7.centos.x86_64 4/5 \n Verifying : apr-util-1.5.2-6.el7.x86_64 5/5 \n\nInstalled:\n httpd.x86_64 0:2.4.6-97.el7.centos \n\nDependency Installed:\n apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7 \n httpd-tools.x86_64 0:2.4.6-97.el7.centos mailcap.noarch 0:2.1.41-2.el7 \n\nComplete!\n”
]
}
[root@instance-gvpb80ao ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)
[root@instance-gvpb80ao ~]#

Service模块

功能:管理服务。
参数

参数 解释
name 定义要启动服务的名称
state started #启动服务 stopped #停止服务 restarted #重启服务 reloaded #重载服务
enabled 开机自启

范例
#1.启动crond服务,并加入开机自启
[root@m01 ~]# ansible webservers -m service -a “name=crond state=started enabled=yes”
#2.停止crond服务,并删除开机自启
[root@m01 ~]# ansible webservers -m service -a “name=crond state=stopped enabled=no”
#3.重启crond服务
[root@m01 ~]# ansible webservers -m service -a “name=crond state=restarted”
#4.重载crond服务
[root@m01 ~]# ansible webservers -m service -a “name=crond state=reloaded”

User模块

功能:管理用户。

参数

参数 解释
uid 指定用户的uid
group 指定用户组名称
groups 指定附加组名称
password 给用户添加密码(记得单引号)
shell 指定用户登录shell
create_home 是否创建家目录
state 用户状态:absent(删除)
home 家目录路径
system 是否是系统用户
remove 是否删除家目录数据:yes(删除)

范例
[root@instance-gvpb80ao ~]# ansible public -m user -a “name=www uid=1200”
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“comment”: “”,
“create_home”: true,
“group”: 1200,
“home”: “/home/www”,
“name”: “www”,
“shell”: “/bin/bash”,
“state”: “present”,
“system”: false,
“uid”: 1200
}
[root@instance-gvpb80ao ~]# id www
uid=1200(www) gid=1200(www) groups=1200(www)

Group模块

功能:管理组。

#创建组
ansible public -m group  -a 'name=nginx gid=88 system=yes'
#删除组
ansible public -m group  -a 'name=nginx state=absent'
get_url模块

功能:下载模块(类似于wget)。

参数

参数 解释
url 下载的URL
mode 权限
dest 下载的路径
checksum md5值
timeout 下载文件的超时时间
url_password URL密码
url_username URL用户

范例
[root@instance-gvpb80ao ~]# ansible public -m get_url -a ‘url=https://repo.huaweicloud.com/etcd/v3.4.0-rc.4/etcd-v3.4.0-rc.4-linux-arm64.tar.gz mode=777 dest=/opt’
106.13.81.75 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“checksum_dest”: null,
“checksum_src”: “c721f9904ff9c47cb34f304ee7d48eb99253e13a”,
“dest”: “/opt/etcd-v3.4.0-rc.4-linux-arm64.tar.gz”,
“elapsed”: 6,
“gid”: 0,
“group”: “root”,
“md5sum”: “0372460bbdf457166391e5e71c074f1c”,
“mode”: “0777”,
“msg”: “OK (15997556 bytes)”,
“owner”: “root”,
“size”: 15997556,
“src”: “/root/.ansible/tmp/ansible-tmp-1621516877.39-15455-75914400512400/tmpbxzrIQ”,
“state”: “file”,
“status_code”: 200,
“uid”: 0,
“url”: “https://repo.huaweicloud.com/etcd/v3.4.0-rc.4/etcd-v3.4.0-rc.4-linux-arm64.tar.gz”
}

mount模块

功能:挂载目录。

参数

参数 解释
src 挂载IP及目录
path 挂载的路径
fstype 挂载的类型
opts 默认的类型
state 挂载的状态

state参数

参数 解释
present 开机挂载,仅将挂载配置写入/etc/fstab
mounted 挂载设备,并将配置写入/etc/fstab
unmounted 卸载设备,不会清除/etc/fstab写入的配置
absent 卸载设备,会清理/etc/fstab写入的配置

范例
[root@m01 ~]# ansible web02 -m mount -a “src=172.16.1.7:/data path=/data fstype=nfs opts=defaults state=present”
[root@m01 ~]# ansible web02 -m mount -a “src=172.16.1.7:/data path=/data fstype=nfs opts=defaults state=mounted”
[root@m01 ~]# ansible web02 -m mount -a “src=172.16.1.7:/data path=/data fstype=nfs opts=defaults state=unmounted”
[root@m01 ~]# ansible web02 -m mount -a “src=172.16.1.7:/data path=/data fstype=nfs opts=defaults state=absent”

Setup模块

功能: setup 模块来收集主机的系统信息,这些 facts 信息可以直接以变量的形式使用,但是如果主机较多,会影响执行速度,可以使用 gather_facts: no 来禁止 Ansible 收集 facts 信息。

范例
ansible all -m setup -a “filter=ansible_nodename”
ansible all -m setup -a “filter=ansible_hostname”
ansible all -m setup -a “filter=ansible_domain”
ansible all -m setup -a “filter=ansible_memtotal_mb”
ansible all -m setup -a “filter=ansible_memory_mb”
ansible all -m setup -a “filter=ansible_memfree_mb”
ansible all -m setup -a “filter=ansible_os_family”
ansible all -m setup -a “filter=ansible_distribution_major_version”
ansible all -m setup -a “filter=ansible_distribution_version”
ansible all -m setup -a “filter=ansible_processor_vcpus”
ansible all -m setup -a “filter=ansible_all_ipv4_addresses”
ansible all -m setup -a “filter=ansible_architecture”
ansible all -m setup -a “filter=ansible_processor*”

你可能感兴趣的:(Linux架构篇)