Ansible-常用模块
Ansible命令格式
ansible 清单 -m 模块 -a 模块参数
常用参数
–version:显示版本 -m module:指定模块,默认为command模块 -v:显示详细过程 -vv -vvv更详细过程 –list:显示主机列表,也可以用–list-hosts -k:提示输入ssh连接密码,默认key认证 -C:预执行检测 -T:执行命令超时时间,默认为10s -u:指定远程执行的用户 -b:执行sudo切换身份操作 -become-user=USERNAME:指定sudo的用户 -K:提示输入sudo密码-a MODULE_ARGS#模块的参数,如果执行默认COMMAND的模块,即是命令参数,如: “date”,“pwd”等等
ansible的执行颜色:绿色:执行成功但对远程主机做任何改变。黄色:执行成功并对远程主机作改变。红色:执行失败
1.ping模块
ping 模块,这个很好理解,跟我们常用的 ping 命令是一样的,用来检测与目标主机的连通性
[root@master ~]# ansible 192.168.142.45 -m ping 192.168.142.45 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } [root@master ~]# ansible -m ping all 192.168.142.45 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 192.168.142.51 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" }
如果能够 ping 通,那么结果字体是显示绿色,反之黄色
2.command模块
这个是默认模块,我们敲命令的时候可以省略,在后面写上我们要执行的命令
例如我想查看一下目标主机home目录下的详细信息
[root@master ~]# ansible 192.168.142.51 -m command -a "ls -l /home" 192.168.142.51 | CHANGED | rc=0 >> 总用量 4 -rw-r--r-- 1 root root 0 5月 4 23:18 ansible drwx------. 15 xiaoming xiaoming 4096 5月 10 19:42 xiaoming [root@master ~]# ansible 192.168.142.51 -a "ls -l /home" 192.168.142.51 | CHANGED | rc=0 >> 总用量 4 -rw-r--r-- 1 root root 0 5月 4 23:18 ansible drwx------. 15 xiaoming xiaoming 4096 5月 10 19:42 xiaoming
#这里不能用别名 ll
又或者我想在目标主机上添加用户 xianyu
ansible 192.168.244.135 -a "useradd xianyu"
3.shell模块
我们在上面介绍了 command 模块,其实 shell 模块跟 command 模块没什么大区别,主要区别还是在于 shell 模块中支持命令带有 $、< >、|、;、&等特殊符号
[root@master ~]# ansible 192.168.142.45 -m shell -a 'ps -ef|grep top' 192.168.142.45 | CHANGED | rc=0 >> xiaoming 11322 10741 0 20:40 ? 00:00:00 nautilus-desktop --force root 11885 11788 0 20:41 pts/2 00:00:00 top root 19400 19395 0 20:47 pts/3 00:00:00 /bin/sh -c ps -ef|grep top root 19402 19400 0 20:47 pts/3 00:00:00 grep top
4.copy模块
如果我们想要将 ansible 机器上的文件发送给远程目标主机,可以使用 copy 模块
把ansible节点/home/master.txt 复制到所有受控主机上
[root@master home]# ansible all -m copy -a 'src=/home/master.txt dest=/home/' 192.168.142.51 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "8032dbb683be75651a12df180695cf4c05a8b22c", "dest": "/home/master.txt", "gid": 0, "group": "root", "md5sum": "666dbeb2228e98b69c76a799bddf24f0", "mode": "0644", "owner": "root", "size": 12, "src": "/root/.ansible/tmp/ansible-tmp-1683863763.09-38970-140181575023535/source", "state": "file", "uid": 0 } 192.168.142.45 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "8032dbb683be75651a12df180695cf4c05a8b22c", "dest": "/home/master.txt", "gid": 0, "group": "root", "md5sum": "666dbeb2228e98b69c76a799bddf24f0", "mode": "0644", "owner": "root", "size": 12, "src": "/root/.ansible/tmp/ansible-tmp-1683863763.09-38968-103816816685507/source", "state": "file", "uid": 0 }
在命令行中写上内容然后直接生成目标文件
[root@master ~]# ansible all -m copy -a 'content="test content" dest=/home/content.txt' 192.168.142.51 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "1eebdf4fdc9fc7bf283031b93f9aef3338de9052", "dest": "/home/content.txt", "gid": 0, "group": "root", "md5sum": "9473fdd0d880a43c21b7778d34872157", "mode": "0644", "owner": "root", "size": 12, "src": "/root/.ansible/tmp/ansible-tmp-1684220645.69-37850-219532395045282/source", "state": "file", "uid": 0 } 192.168.142.27 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "1eebdf4fdc9fc7bf283031b93f9aef3338de9052", "dest": "/home/content.txt", "gid": 0, "group": "root", "md5sum": "9473fdd0d880a43c21b7778d34872157", "mode": "0644", "owner": "root", "size": 12, "src": "/root/.ansible/tmp/ansible-tmp-1684220645.69-37848-17776971204135/source", "state": "file", "uid": 0 }
除此之外,copy 模块还有一些选项供我们使用
owner = #用户 mode = #权限 backup = yes/no #如果目标文件存在,默认覆盖然后备份
5.fetch模块
既然有 copy 模块将 ansible 机器上的文件发送(复制)到远程目标主机上,那么也可以将远程目标主机上的文件抓取(下载)到 ansible 机器上
例如:我们将远程目标主机上的 node1.txt 文件获取并下载到本地 ansible 主机上的 /home/node1 目录下
[root@master home]# ansible 192.168.142.27 -m fetch -a 'src=/home/node1.txt dest=/home/node1/' 192.168.142.27 | CHANGED => { "changed": true, "checksum": "4106e6023129e8a00659891a7eee38537ecd8680", "dest": "/home/node1/192.168.142.27/home/node1.txt", "md5sum": "0dd993aa6eec11a45fff4c24effd3cea", "remote_checksum": "4106e6023129e8a00659891a7eee38537ecd8680", "remote_md5sum": null }
查看本地 ansible 主机下载node1.txt后的路径
如果我们想一次性获取多个文件,我们可以先将用 shell 模块将这些文件打包到一起,再用 fetch 模块将其下载下来
# 打包多个文件 ansible all -m shell -a "tar jcf log.tar.xz /var/log/*.log"#获取文件 ansible all -m fetch -a "src=/root/log.tar.xz dest=/data"
6.file模块
Ansible中的file模块用于管理文件和目录。以下是file模块的一些参数:
path:指定文件路径
mode:指定文件权限
state:
directory 如果目录不存在,创建目录
touch 如果文件不存在,则会创建一个新的文件,如果文件或目录已存在,则更新其最后修改时间
absent 删除目录、文件或者取消链接文件
file 即使文件不存在,也不会被创建
link 创建软链接
hard 创建硬链接
name:指定文件名字(同path,两者用一个)
扩展:
ansible file模块常用参数如下:
path:指定文件或目录的路径。
state:指定文件或目录的状态,可选值为file、directory、link、hard、absent,默认为file。
mode:指定文件或目录的权限,可以使用数字或字符串表示,如0644或u=rw,g=r,o=r。
owner:指定文件或目录的所有者。
group:指定文件或目录的所属组。
src:指定源文件的路径,用于创建符号链接。
dest:指定符号链接的目标路径。
recurse:指定是否递归处理目录,默认为no。
force:指定是否强制覆盖已存在的文件或目录,默认为no。
backup:指定是否备份已存在的文件或目录,默认为no。
follow:指定是否跟随符号链接,默认为yes。
selevel:指定SELinux安全级别。
serole:指定SELinux安全角色。
setype:指定SELinux安全类型。
seuser:指定SELinux安全用户。
6.1 file模块创建目录
在/home目录下创建ceshi目录
[root@master ~]# ansible 192.168.142.37 -m file -a 'path=/home/ceshi state=directory' 192.168.142.37 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/home/ceshi", "size": 6, "state": "directory", "uid": 0 }
6.2 file模块创建文件
在/home目录下创建ceshi.txt文件
[root@master ~]# ansible 192.168.142.37 -m file -a 'path=/home/ceshi.txt state=touch' 192.168.142.37 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "dest": "/home/ceshi.txt", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "size": 0, "state": "file", "uid": 0 }
6.3 删除文件或目录
在/home目录下分别删除ceshi目录和ceshi.txt文件
[root@master ~]# ansible 192.168.142.37 -m file -a 'path=/home/ceshi state=absent' 192.168.142.37 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "path": "/home/ceshi", "state": "absent" } [root@master ~]# ansible 192.168.142.37 -m file -a 'path=/home/ceshi.txt state=absent' 192.168.142.37 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "path": "/home/ceshi.txt", "state": "absent" }
6.4 修改文件或目录权限
修改/home下ceshi.txt文件及node1目录
[root@master ~]# ansible 192.168.142.37 -m file -a 'path=/home/ceshi.txt state=file mode=0755' 192.168.142.37 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/home/ceshi.txt", "size": 0, "state": "file", "uid": 0 } [root@master ~]# ansible 192.168.142.37 -m file -a 'path=/home/node1 state=directory mode=0777' 192.168.142.37 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/home/node1", "size": 6, "state": "directory", "uid": 0 }
6.5 创建软连接
创建/home/ceshi.txt的软连接/home/shell.txt
[root@master ~]# ansible 192.168.142.37 -m file -a "src=/home/ceshi.txt dest=/home/shell/ceshi.txt state=link" 192.168.142.37 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "dest": "/home/shell/ceshi.txt", "gid": 0, "group": "root", "mode": "0777", "owner": "root", "size": 15, "src": "/home/ceshi.txt", "state": "link", "uid": 0 }
6.5 创建硬连接
[root@master ~]# ansible 192.168.142.37 -m file -a 'src=/home/master.txt dest=/home/shell/master.txt state=hard' 192.168.142.37 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "dest": "/home/shell/master.txt", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "size": 12, "src": "/home/master.txt", "state": "hard", "uid": 0 }
7.yum模块
包管理器模块
相关参数
| 参数名 | 是否必须 | 默认值 | 选项值 | 参数说明 |
| conf_file | 否 | 设定远程yum执行时所依赖的yum配置文件 | ||
| disable_gpg_check | 否 | No | Yes/No | 在安装包前检查包,只会影响state参数为present或者latest的时候 |
| list | 否 | 只能由ansible调用,不支持playbook | ||
| name | 是 | 你需要安装的包的名字,也能如此使用name=python=2.7安装python2.7 | ||
| state | 否 | present | present/latest/absent | 用于描述安装包最终状态,present/latest用于安装包,absent用于remove安装包 |
| update_cache | 否 | no | yes/no | 用于安装包前执行更新list;只会影响state参数为present/latest的时候 |
7.1 下载 httpd服务,并且在安装前执行更新操作
[root@master ~]# ansible 192.168.142.37 -m yum -a "name=httpd update_cache=yes" 192.168.142.37 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "changes": { "installed": [ "httpd" ] }, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror, langpacks\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.bfsu.edu.cn\n * updates: mirrors.ustc.edu.cn\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-98.el7.centos.7 will be installed\n--> Processing Dependency: httpd-tools = 2.4.6-98.el7.centos.7 for package: httpd-2.4.6-98.el7.centos.7.x86_64\n--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-98.el7.centos.7.x86_64\n--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-98.el7.centos.7.x86_64\n--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-98.el7.centos.7.x86_64\n--> Running transaction check\n---> Package apr.x86_64 0:1.4.8-7.el7 will be installed\n---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed\n---> Package httpd-tools.x86_64 0:2.4.6-98.el7.centos.7 will be installed\n---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n httpd x86_64 2.4.6-98.el7.centos.7 updates 2.7 M\nInstalling for dependencies:\n apr x86_64 1.4.8-7.el7 base 104 k\n apr-util x86_64 1.5.2-6.el7 base 92 k\n httpd-tools x86_64 2.4.6-98.el7.centos.7 updates 94 k\n mailcap noarch 2.1.41-2.el7 base 31 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+4 Dependent packages)\n\nTotal download size: 3.0 M\nInstalled size: 10 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 5.1 MB/s | 3.0 MB 00:00 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : apr-1.4.8-7.el7.x86_64 1/5 \n Installing : apr-util-1.5.2-6.el7.x86_64 2/5 \n Installing : httpd-tools-2.4.6-98.el7.centos.7.x86_64 3/5 \n Installing : mailcap-2.1.41-2.el7.noarch 4/5 \n Installing : httpd-2.4.6-98.el7.centos.7.x86_64 5/5 \n Verifying : httpd-tools-2.4.6-98.el7.centos.7.x86_64 1/5 \n Verifying : mailcap-2.1.41-2.el7.noarch 2/5 \n Verifying : apr-1.4.8-7.el7.x86_64 3/5 \n Verifying : httpd-2.4.6-98.el7.centos.7.x86_64 4/5 \n Verifying : apr-util-1.5.2-6.el7.x86_64 5/5 \n\nInstalled:\n httpd.x86_64 0:2.4.6-98.el7.centos.7 \n\nDependency Installed:\n apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7 \n httpd-tools.x86_64 0:2.4.6-98.el7.centos.7 mailcap.noarch 0:2.1.41-2.el7 \n\nComplete!\n" ] }
7.2 移除 httpd
[root@master ~]# ansible 192.168.142.37 -m yum -a "name=httpd state=absent" 192.168.142.37 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "changes": { "removed": [ "httpd" ] }, "msg": "", "rc": 0, "results": [ "已加载插件:fastestmirror, langpacks\n正在解决依赖关系\n--> 正在检查事务\n---> 软件包 httpd.x86_64.0.2.4.6-98.el7.centos.7 将被 删除\n--> 解决依赖关系完成\n\n依赖关系解决\n\n================================================================================\n Package 架构 版本 源 大小\n================================================================================\n正在删除:\n httpd x86_64 2.4.6-98.el7.centos.7 @updates 9.4 M\n\n事务概要\n================================================================================\n移除 1 软件包\n\n安装大小:9.4 M\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n 正在删除 : httpd-2.4.6-98.el7.centos.7.x86_64 1/1 \n 验证中 : httpd-2.4.6-98.el7.centos.7.x86_64 1/1 \n\n删除:\n httpd.x86_64 0:2.4.6-98.el7.centos.7 \n\n完毕!\n" ] }
8.service模块
用于服务管理,相关参数
| 参数名 | 是否必须 | 选项 | 说明 |
| enabled | no | yes/no | 启动os后启动对应service的选项。使用service模块的时候,enabled和state至少要有一个被定义 |
| name | yes | 需要进行操作的service名字 | |
| state | no | stared/stoped/restarted/reloaded | service最后操作的状态 |
例如我们想开启 httpd 服务
ansible all -m service -a "name=httpd state=started "
关闭 httpd 服务
ansible all -m service -a "name=httpd state=stopped"
在开启服务的同时设置开机自启动
ansible all -m service -a "name=httpd state=started enabled=yes"
9.group模块
创建组。
[root@localhost ~]# ansible all -m group -a 'name=testgroup system=yes' 192.168.235.147 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 981, "name": "testgroup", "state": "present", "system": true } [root@localhost ~]# ansible all -m group -a 'name=testgroup state=absent' 192.168.235.147 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "name": "testgroup", "state": "absent" }
cat /etc/group 可以查看组名。
10.user模块
创建用户
[root@localhost ~]# ansible all -m user -a "name=goooge shell=/sbin/nologin system=yes home=/var/goooge groups=root,bin uid=80 comment='goooge user'" 192.168.235.147 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "goooge user", "create_home": true, "group": 80, "groups": "root,bin", "home": "/var/goooge", "name": "goooge", "shell": "/sbin/nologin", "state": "present", "system": true, "uid": 80 }
system:是否为系统用户
shell:指定shell
home:指定家目录
group:主组
groups:指定附家组
comment:注释删除用户
[root@localhost ~]# ansible all -m user -a 'name=goooge remove=yes state=absent' 192.168.235.147 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "force": false, "name": "goooge", "remove": true, "state": "absent", "stderr": "userdel: goooge 邮件池 (/var/spool/mail/goooge) 未找到\n", "stderr_lines": [ "userdel: goooge 邮件池 (/var/spool/mail/goooge) 未找到" ] }
remove:删除用户的时候删除家目录数据
在/var里查看生成的用户