ansible学习笔记
ansible学习笔记
第一天
常用自动化运维工具
Ansible:python,Agentless,中小型应用环境
Saltstack:python,一般需部署agent,执行效率更高
Puppet:ruby, 功能强大,配置复杂,重型,适合大型环境
Fabric:python,agentless
Chef:ruby,国内应用少
Cfengine
func
大纲:
运维自动化工具 Ansible
本章内容
运维自动化发展历程及技术应用
Ansible架构和相关命令使用
Ansible常用模块详解
Ansible playbook基础
Playbook变量、tags、handlers使用
Playbook模板 templates
Playbook条件判断 when
Playbook字典 with_items
Ansible Roles
00 课程介绍
ansible批量管理服务概念
ansible批量管理服务器特点
ansible批量管理服务部署
ansible批量管理服务应用--模块管理
ansible模块命令语法
ansible常用模块
01 课程知识回顾
远程管理服务器介绍
ssh 数据加密 22
telnet 数据明文 23
2.ssh远程管理服务工作原理
私钥 公钥
用途1:对数据进行加密处理
用途2:对用户访问进行认证
3.ssh远程连接的方式
a 基于口令的方式进行连接
b 基于秘钥的方式进行连接
基于秘钥连接的工作原理
4.基于秘钥的连接部署方式
第一个历程:创建秘钥对(管理端服务器)
ssh-keygen -t 秘钥的类型(dsa|rsa)
第二个历程:将公钥进行分发(被管理端服务器)
ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.1.185:/root/.ssh/
如何批量分发公钥:
0 需要输入链接确认 yes/no
ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.1.185:/root/.ssh/
02 需要第一次连接输入密码
yum -y install sshpass
03 远程服务器ssh服务端口号改动了
基于秘钥连接拍错思路:
0 利用命令进行连接测试
02.检查公钥在被管理主机上是否存在,并且与管理端公钥信息是否相同
03.利用公钥分发命令重新分发公钥
04.检查脚本的编写
05. 调试脚本功能 sh -x
5.ssh远程服务防范入侵案例
6.ssh服务的配置文件编写
监听地址???
7.ssh服务的相关命令总结
02 ansible批量管理
概述:
基于python
基于ssh远程管理实现主机批量管理
意义:
提高工作效率
提高工作准确度
减少维护的成本
减少重复性工作
功能:
批量系统操作配置
批量软件服务部署
批量文件数据分发
批量系统信息收集
特点:
管理端不需要启动服务程序(no server)
管理端不需要编写配置文件(/etc/ansible/ansible.log)
受控端不需要安装软件程序(libselinux-python)
受控端不需要启动服务程序(no agent)
服务程序管理操作模块众多(module)
03 ansible批量管理服务器部署
ansible的安装方法有多种
官方文档
https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
https://docs.ansible.com/ansible/latest/installation_guide/index.html
下载
https://releases.ansible.com/ansible/
pip 下载
https://pypi.org/project/ansible/
#CentOS 的EPEL源的rpm包安装
[root@centos ~]#yum install ansible
#ubuntu 安装
[root@ubuntu ~]#apt -y install ansible
范例:查看ansible版本
yum info ansible
[root@ansible-1 ~]# yum info ansible
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Installed Packages
Name : ansible
Arch : noarch
Version : 2.9.27
Release : el7
Size : 103 M
Repo : installed
From repo : epel
Summary : SSH-based configuration management, deployment, and task execution system
URL : http://ansible.com
License : GPLv3+
Description : Ansible is a radically simple model-driven configuration management,
: multi-node deployment, and remote task execution system. Ansible works
: over SSH and does not require any software or daemons to be installed
: on remote nodes. Extension modules can be written in any language and
: are transferred to managed machines automatically.
ansible基础篇
- 主机清单语法,学会如何批量管理服务器组,配置服务器认证,服务器变量
- 2.学习常见的模块,语法,参数,用法
- 3.改造shell脚本为ansible模块
yum install rsync -y
yum remove rsync -y
这个shell命令就得转变为ansible的模块操作, yum模块,提供参数
useradd yiyuan
简单的linux命令,转变为ansible的模块操作
users模块,提供一些参数,用户名的名字,用户的uid,以及用户的过期时间等 6.7.
自动化运维好处
- 提高工作效率,减少重复性工作
- 大大减少人为出错的可能性
- 数据化管理、数据化汇报、问题可追溯
ansible
saltstack
这俩自动化运维工具
ansible-1master机器,管理了100台目标机器
指标
shell 脚本结合for循环处理这100个机器
每一个指标就是每一个命令
free -m > xxx.file
cpuinfo
shell,命令导出的数据就是一堆普通的文本字符串,难以加工处理
如果能导出为数据交换格式,如json,如yaml,如xml就可以很轻松的发给各种编程语言,实现数据加工,格式化处理,发给前端去做网页展示
ansible几条命令就可以实现了
并且
ansible导出的服务器信息,如内存,磁盘,网卡,等等一堆信息,可以直接导出为json数据
json数据就可以直接发给前端,前端就可以展示出服务器的信息
这就是运维开发做的事
后端python+ansible获取数据,导出json,发给前端
前端写html,js,对json数据展示
运维平台就出来了 12.13. 2 22.23.24.
打开ansible官网,查看所有最新的功能,不要看其他的文档,可能已经很陈旧了,python3也已经更新了很多,导致用法变化等。
https://docs.ansible.com/ansible/latest/
最新官网文档
nfs服务
rsync服务
shell脚本,堆砌了各种部署的命令
↓
把这个脚本,所有的操作,全部替换为ansible的模块
2.你可能要执行的各种命令,ansible都提供了模块,如文件拷贝,如软件安装,服务重启等;
3.你使用ansible,必须严格按照ansible提供的语法来,否则只有报错
4.先学语法,语法基本功扎实后,面对千变万化的需求,才能游刃有余
5.多动手,ansible需要记忆的操作比较多 12.13.14.15.
一.ansible安装部署
在ansible-1master管理机安装
yum install epel-release ansible libselinux-python -y
前提你配置好了阿里云的epel源可以直接安装
yum install ansible -y
[root@ansible-1 ~]# ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 14 2023, 16:14:06) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
主机清单文件(主机分组)
把综合架构需要用到的机器,进行分组
主机清单配置文件
[zabbix]
10.0.1.184
主机分组后,执行命令测试,批量管理一组机器
管理所有的机器,使用特殊主机组,all
让所有的主机,远程执行hostname,返回主机名信息
[root@ansible-1 ~]# ansible all -m shell -a "hostname"
The authenticity of host '10.0.1.187 (10.0.1.187)' can't be established.
ECDSA key fingerprint is SHA256:WNHlA4APdESQiNa1jvJ1HHo3Ey6XJh5vjRepHX8k36o.
ECDSA key fingerprint is MD5:b0:c9:fe:89:6e:49:75:58:87:2b:c5:5e:78:fd:82:1a.
Are you sure you want to continue connecting (yes/no)? The authenticity of host '10.0.1.188 (10.0.1.188)' can't be established.
ECDSA key fingerprint is SHA256:WNHlA4APdESQiNa1jvJ1HHo3Ey6XJh5vjRepHX8k36o.
ECDSA key fingerprint is MD5:b0:c9:fe:89:6e:49:75:58:87:2b:c5:5e:78:fd:82:1a.
Are you sure you want to continue connecting (yes/no)? The authenticity of host '10.0.1.186 (10.0.1.186)' can't be established.
ECDSA key fingerprint is SHA256:WNHlA4APdESQiNa1jvJ1HHo3Ey6XJh5vjRepHX8k36o.
ECDSA key fingerprint is MD5:b0:c9:fe:89:6e:49:75:58:87:2b:c5:5e:78:fd:82:1a.
Are you sure you want to continue connecting (yes/no)? The authenticity of host '10.0.1.185 (10.0.1.185)' can't be established.
ECDSA key fingerprint is SHA256:WNHlA4APdESQiNa1jvJ1HHo3Ey6XJh5vjRepHX8k36o.
ECDSA key fingerprint is MD5:b0:c9:fe:89:6e:49:75:58:87:2b:c5:5e:78:fd:82:1a.
Are you sure you want to continue connecting (yes/no)? yes
10.0.1.187 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '10.0.1.187' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,password,keyboard-interactive).",
"unreachable": true
}
10.0.1.189 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 10.0.1.189 port 22: No route to host",
"unreachable": true
}
^C [ERROR]: User interrupted execution
但是默认没配置认证方式,权限被拒绝
ansible主机登录认证
Ansible批量管理主机有两种方式:
- 传统的密码认证
- 公钥认证
ansible基于公私钥认证
将master61机器的公钥,分发给想免密登录的机器
ssh-keygen
ssh-copy-id root@10.0.1.185:
ssh 10.0.1.185 ip a
[root@ansible-1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:5pt7JhOnMDwgy32Yksy6p+HvC6Dt9eTzxFjrtql1oIk root@ansible-1
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| |
| . . |
|.+ = = S |
|o.B +.*O.o. |
|oo..E.=+*+. |
|ooo. +.+==o |
|o=++. +=OB |
+----[SHA256]-----+
[root@ansible-1 ~]# ssh-copy-id root@10.0.1.185:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.1.185's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@10.0.1.185'"
and check to make sure that only the key(s) you wanted were added.
[root@ansible-1 ~]# ssh 10.0.1.185 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ee:89:e6 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.185/24 brd 10.0. 255 scope global noprefixroute dynamic eth0
valid_lft 1667sec preferred_lft 1667sec
inet6 fe80::d7ef:b055:520:39a9/64 scope link noprefixroute
valid_lft forever preferred_lft forever
2.后续在对该机器操作,就直接进行ssh的公钥认证了,可以免密码,直接远程执行
配置好ansible-1master免密登录31机器
2.后续可以免密执行ansible的各种模块了
[root@ansible-1 ~]#ansible nfs -m command -a "hostname"
你可以配置所有机器的公钥一键分发,就可以实现all所有主机的远程命令执行
ansible all -m shell "hostname" # 返回结果给ansible-1master机器
[root@ansible-1 ~]#ssh-copy-id root@192.168.106.31 6.
基于密码认证
- 在你的客户端机器、修改了ssh默认端口、以及密码需要修改主机清单文件才可以正确连接。
- 注意你得配置允许密码登录才能进行如下测试,可以再开一个web-9机器。
ansible主机清单配置文件语法(重要)
/etc/ansible/hosts 主机清单文件
注意,部分资料里的主机配置文件语法,旧版如下
Ansible 2.0 has deprecated the “ssh” from ansible_ssh_user, ansible_ssh_host, and ansible_ssh_port to become
这是旧版本的用法
ansible_ssh_host
ansible_ssh_port
ansible_ssh_user
ansible_ssh_password
最新的,去掉了中间的_ssh
新版参数
ansible_user
ansible_host
ansible_port
如果你写旧版本的语法,新版也也认识
新版参数
| 参数 | 参数类型 | 参数说明 |
|---|---|---|
| ansible_host | 主机地址 | 远程主机ip |
| ansible_port | 主机端口 | 设置SSH连接端口,默认22 |
| ansible_user | 主机用户 | 默认SSH远程连接的用户身份 |
| ansible_password | 用户密码 | 指定SSH远程主机密码 |
给rsync机器,进行密码认证
给rsync机器,添加密码,端口等信息
[backup]
192.168.106.41 ansible_port=22 ansible_password='123456'
2.如果目标机器的ssh信息都被改了,这里也得改
[backup]
192.168.106.41 ansible_port=22999 ansible_password='123456' 6.7.
添加rsync机器的ssh信息
Ansible软件使用的前提是SSH+KEY免密验证的环境,如果没有配置也可以使用Ansible,如下
[root@ansible-1 ~]#tail -2 /etc/ansible/hosts
[backup]
192.168.106.41 ansible_port=22 ansible_user=root ansible_password=123456
测试执行
[root@ansible-1 ~]# ansible backup -m ping
[WARNING]: sftp transfer mechanism failed on [10.0.1.189]. Use ANSIBLE_DEBUG=1 to see
detailed information
10.0.1.189 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
添加web机器组的信息
设置为不检查key
vim /etc/ansible/ansible.cfg
71 host_key_checking = False
[root@ansible-1 ~]# tailf /etc/ansible/hosts
10.0.1.185 ansible_port=22 ansible_user=root ansible_password='553214'
10.0.1.186 ansible_port=22 ansible_user=root ansible_password='553214'
10.0.1.187 ansible_port=22 ansible_user=root ansible_password='553214'
[nfs]
10.0.1.188 ansible_port=22 ansible_user=root ansible_password='553214'
[backup]
10.0.1.189 ansible_port=22 ansible_user=root ansible_password='553214'
测试执行
[root@ansible-1 ~]# ansible web -m ping
10.0.1.187 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.1.185 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.1.186 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
拿web机器测试(单独操作某主机)
先配置主机组的参数
[root@ansible-1 ~]# tail /etc/ansible/hosts
10.0.1.185 ansible_port=22 ansible_user=root ansible_password='553214'
10.0.1.186 ansible_port=22 ansible_user=root ansible_password='553214'
10.0.1.187 ansible_port=22 ansible_user=root ansible_password='553214'
[nfs]
10.0.1.188 ansible_port=22 ansible_user=root ansible_password='553214'
[backup]
10.0.1.189 ansible_port=22 ansible_user=root ansible_password='553214'
2.执行ping模块,看下是否和远程主机通信
[root@ansible-1 ~]# ansible web -m ping
10.0.1.185 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.1.186 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.1.187 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
故障解决
你可能会遇见如下问题,关于新机器的指纹确认问题。
[root@ansible-1 ~]#
[root@ansible-1 ~]#ansible 192.168.106.9 -m ping
192.168.106.9 | FAILED! => {
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
}
解决办法1,手动ssh连接,进行指纹确认,写入到本机的
[root@ansible-1 ~]#ssh root@192.168.106.9
[root@ansible-1 ~]#cat ~/.ssh/known_hosts
解决办法2,ansible配置文件中忽略指纹确认
[root@ansible-1 ~]#grep 'host_key_checking' /etc/ansible/ansible.cfg
host_key_checking = False
问题以及解决,可以正确操作web-9机器
[root@ansible-1 ~]# ansible 10.0.1.185 -m ping
10.0.1.185 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
踩坑记录(ansible缓存)
由于ansible在对远程主机操作之前,默认会先通过setup模块获取机器的facts(静态属性),并且会生成缓存,便于加速远程主机的操作;
但缓存也会导致一些奇怪的现象,比如客户端的机器信息更新了,服务端依旧使用的是旧数据,那就不准确了,因此可以删除缓存。
关于缓存导致bug的文章,https://serverfault.com/questions/630253/ansible-stuck-on-gathering-facts
清理ansible的缓存目录即可
[root@ansible-1 ~]#rm -rf ~/.ansible/cp/*
同一组连续的ip
可以修改主机清单文件如下,前提是该些主机的配置一致
[web]
192.168.106.[7:9]
公共变量
当主机清单里,很多主机组,有相同的变量属性,可以写成公共变量
这部分配置是针对web主机组,抽象的变量
[root@ansible-1 ~]#grep -vE '^#|^$' /etc/ansible/hosts
[root@ansible-1 ~]# grep -Ev '^#|^$' /etc/ansible/hosts
[web]
10.0.1.185 ansible_port=22 ansible_user=root ansible_password='553214'
10.0.1.186 ansible_port=22 ansible_user=root ansible_password='553214'
10.0.1.187 ansible_port=22 ansible_user=root ansible_password='553214'
[nfs]
10.0.1.188 ansible_port=22 ansible_user=root ansible_password='553214'
[backup]
10.0.1.189 ansible_port=22 ansible_user=root ansible_password='553214'
测试web组和backup组是否可用
主机清单
[web:vars]
ansible_port=22
ansible_password='123456'
[web]
192.168.106.[7:9]
[nfs]
192.168.106.31
[backup]
192.168.106.41 ansible_port=22 ansible_password='123456'
2.ansible ad-hoc命令
web机器组
[root@ansible-1 ~]#ansible web -m ping
rsync机器
[root@ansible-1 ~]# ansible backup -m shell -a "touch /opt/鸡你太美miao warn=false "
10.0.1.189 | CHANGED | rc=0 >>
[root@ansible-1 ~]# ansible backup -m shell -a "ls /opt/"
10.0.1.189 | CHANGED | rc=0 >>
鸡你太美miao
[root@ansible-1 ~]# ansible web -m ping
10.0.1.186 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.1.185 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.1.187 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
# 获取主机名
[root@ansible-1 ~]# ansible web -m shell -a "hostname"
10.0.1.186 | CHANGED | rc=0 >>
web2
10.0.1.187 | CHANGED | rc=0 >>
web3
10.0.1.185 | CHANGED | rc=0 >>
web1
所有主机都生效的变量(最终版)
指定主机组名all,即可针对所有主机生效,前提是,你要确保这个信息是所有主机通用的。
[root@ansible-1 ~]#grep -vE '^#|^$' /etc/ansible/hosts
[all:vars]
ansible_port=22999
#ansible_user=root
#ansible_password=123123
[web]
172.16. 7
172.16. 8
172.16. 9
[nfs]
172.16. 31
[backup]
172.16. 41 15.16.
远程执行命令
[root@ansible-1 ~]#rm -rf ~/.ansible/cp/*
[root@ansible-1 ~]#
[root@ansible-1 ~]#ansible all -m shell -a hostname
[root@ansible-1 ~]# ansible all -m shell -a hostname
10.0.1.189 | CHANGED | rc=0 >>
backup
10.0.1.185 | CHANGED | rc=0 >>
web1
10.0.1.187 | CHANGED | rc=0 >>
web3
10.0.1.186 | CHANGED | rc=0 >>
web2
10.0.1.188 | CHANGED | rc=0 >>
nfs
关于ansible连接指纹确认的问题
ansible-1master需要确认目标机器的指纹,记录到本地known_hosts文件
ls ~/.ssh/known_hosts文件中 这里就存放了目标机器的指纹信息
可以进行认证方式,密码,还是公钥
2.首次远程连接,需要指纹确认,可以忽略该指纹
ssh的连接参数,忽略指纹的确认
ansible的配置文件中也有一个参数忽略指纹的确认
一般用法是
总之ansible就是以ssh连接标准来
指纹确认 yes/no
2.密码认证/公钥认证
关于ansible如何初始化的使用,有三个方案
方案1
已经基于ssh完成了指纹确认,认证方式
ansible直接用就可以
你可以先一键分发公钥,实现批量免密登录,再ansible免密远程执行命令
方案2
ssh root@ 10.0.1.185
手动确认yes,写入到本地的known_hosts
你可以手动ssh连接,确认指纹后,再ansible去远程操作,选择认证方式就行
方案3,
你可以直接忽略指纹确认,在主机清单文件中定义好ssh连接配置参数
这个是最简单的,修改ansible配置文件,打开忽略指纹确认的参数即可
修改如下参数即可
72 # uncomment this to disable SSH key host checking
73 host_key_checking = False
后续就进入了认证方式阶段,选择密码,还是公钥,
常见错误
- 端口错了
- 密码错了
- 用户错了
如果出错
找ansible的/etc/ansible/hosts中语法是否出错
2.看目标机器,到底提供了什么样的ssh连接形式(sshd_config)
三.ansible命令执行方式
ansible提供了多少个模块给你用
[[root@ansible-1 ~]# ansible-doc -l |wc -l
3387
Ansible实现批量管理主机的模式主要有俩:
- 利用ansible命令实现批量管理(ad-hoc)模式
- 利用ansible剧本实现批量管理(playbook)模式
Ad-hoc和playbook的关系就好比shell命令与shell scripts的关系
ad-hoc模式
Ansible的ad-hoc模式也就是ansible的命令行模式,该模式通常用来临时处理一些任务。例如
- 临时批量查看所有被管控机器的内存、负载、磁盘
- 临时批量分发某个特定文件
Playbook模式
Ansible的playbook模式就是针对特定的具体较大的任务,事先写好执行剧本,然后在其他机器上批量执行相同的任务,属于定制化的批量执行任务,例如
- 一键安装Rsync
- 一键搭建LNMP集群等
ansible-doc命令
列出ansible所有支持的模块,这就是ansible这个万能工具箱所有的零件了。
[root@ansible-1 ~]# ansible-doc -l |grep ^ping
ping Try to connect to host, v...
pingdom Pause/unpause Pingdom ale...
[root@ansible-1 ~]# ansible-doc -l |grep ^shell
shell Execute shell commands on...
当前ansible支持3387个模块
[root@ansible-1 ~]#ansible-doc -l |wc -l
3387
当前ansible支持的模块数量
[root@ansible-1 ~]#ansible-doc -l |wc -l
3387
查看某个模块的具体用法
[root@ansible-1 ~]# ansible-doc -s shell
- name: Execute shell commands on targets
shell:
chdir: # Change into this directory before running the command.
cmd: # The command to run followed by optional arguments.
creates: # A filename, when it already exists, this step will *not* be
run.
executable: # Change the shell used to execute the command. This expects
an absolute path to the
executable.
free_form: # The shell module takes a free form command to run, as a
string. There is no actual
parameter named 'free form'.
See the examples on how to
use this module.
removes: # A filename, when it does not exist, this step will *not* be
run.
stdin: # Set the stdin of the command directly to the specified
value.
stdin_add_newline: # Whether to append a newline to stdin data.
warn: # Whether to enable task warnings.
[root@ansible-1 ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
ping:
data: # Data to return for the `ping' return value. If this
parameter is set to `crash',
the module will cause an
exception.
四.ansible核心内容(模块学习)
ansible执行命令结果(状态颜色)
你后续使用各种模块操作,会有不同的颜色结果,都是有意义的
运维远程执行命令,有2个方式
shell脚本,远程执行
ansible模块,远程执行
区别在哪
shell脚本不够智能,不会记录上一次的执行状态,以及修改的状态,因此导致,傻瓜式的,重复性执行。效率是极其低下的,不做状态记录
shell yum install rsync ; mkdir -p ;
ansible的模块,yum模块会记录执行的状态
第一次执行,装完之后,的确对目标机器产生了修改的状态,会给ansible-1master返回一个命令的执行结果,执行状态,存储下来
ansible web -m yum -a "name=rsync state=installed"
ansible会检测目标机器,对比这个状态,如果状态没变,ansible就不会再执行该命令,因此效率很高
ansible web -m yum -a "name=rsync state=installed"
ansible的状态,就是如下的颜色区分,看到不同的状态
这俩是命令成功了
绿色:命令以用户期望的执行了,但是状态没有发生改变;
黄色:命令以用户期望的执行了,并且状态发生了改变;
紫色:警告信息,说明ansible提示你有更合适的用法;出现了warning警告
红色:命令错误,执行失败;
蓝色: 详细的执行过程;
官网文档
如果说学ansible该去哪找正确玩法
Ansible自动化软件的核心功能就在于其众多的模块,可以说学习Ansible就是学习模块的使用。
剩余的是对Ansible剧本编写的熟练度。
题外话
如今的运维只需要学这几样东西,可以横着走
- ansible
- docker k8s
- 阿里云运维
- shell
ping测试连通性
通过ansible-1master查看目标机器是否运行
ansible all -m ping
范例:[root@ansible-1 ~]# ansible all -m ping
10.0.1.188 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.1.186 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.1.189 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.1.187 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.1.185 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
命令语法
ansible 主机组 -m 模块名 [模块参数]
查看模块解释
[root@ansible-1 ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
ping:
data: # Data to return for the `ping' return value. If this
parameter is set to `crash',
the module will cause an
exception.
执行
[root@ansible-1 ~]# ansible web -m ping
10.0.1.185 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.1.187 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.1.186 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
command 简单命令模块
语法
[root@ansible-1 ~]#ansible-doc -s command
ansible 主机组 -m command -a "需要批量执行的命令"
该模块作用:在远程节点上执行一个命令
- command模块是ansible默认的模块,也就是默认就指定了 -m command
- 只支持简单命令命令执行,比如你想远程看下服务器的资源信息,普通的linux命令
command模块是ansible命令基本模块
- 使用command模块执行远程命令,命令不得用变量($HOME)
- 不得出现特殊符号
< 、>、|、;、&
,否则无法识别,需要则使用shell模块实现
- 也就是无法使用复杂的linux命令
远程查看主机名
[root@ansible-1 ~]# ansible web -m command -a "hostname"
10.0.1.185 | CHANGED | rc=0 >>
web1
10.0.1.187 | CHANGED | rc=0 >>
web3
10.0.1.186 | CHANGED | rc=0 >>
web2
[root@ansible-1 ~]# ansible web -a "hostname"
10.0.1.186 | CHANGED | rc=0 >>
web2
10.0.1.185 | CHANGED | rc=0 >>
web1
10.0.1.187 | CHANGED | rc=0 >>
web3
简写,command是ansible的基础模块,默认就是-m command
ansible web -a "hostname"
查看远程主机内存
ansible web -a "free -m"
范例:
[root@ansible-1 ~]# ansible web -a "free -m"
10.0.1.186 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 972 132 747 7 91 720
Swap: 4095 0 4095
10.0.1.187 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 972 133 746 7 92 718
Swap: 4095 0 4095
10.0.1.185 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 972 130 735 7 105 714
Swap: 4095 0 4095
远程创建文件、查看文件
[root@ansible-1 ~]#ansible web -m command -a "touch /opt/姬霓太美.log"
[root@ansible-1 ~]#ansible web -m command -a "cat /opt/姬霓太美.log"
范例:[root@ansible-1 ~]# ansible web -m command -a "cat /opt/ txt"
10.0.1.185 | CHANGED | rc=0 >>
10.0.1.187 | CHANGED | rc=0 >>
10.0.1.186 | CHANGED | rc=0 >>
[root@ansible-1 ~]# ansible web -m command -a "echo 1234 > /opt/ txt"
10.0.1.185 | CHANGED | rc=0 >>
1234 > /opt/ txt
10.0.1.186 | CHANGED | rc=0 >>
1234 > /opt/ txt
10.0.1.187 | CHANGED | rc=0 >>
1234 > /opt/ txt
[root@ansible-1 ~]# ansible web -m command -a "cat /opt/ txt"
10.0.1.186 | CHANGED | rc=0 >>
10.0.1.185 | CHANGED | rc=0 >>
10.0.1.187 | CHANGED | rc=0 >>
远程获取机器负载
[root@ansible-1 ~]# ansible web -a "uptime"
10.0.1.185 | CHANGED | rc=0 >>
22:14:51 up 12:16, 2 users, load average: 0.00, 0.01, 0.04
10.0.1.186 | CHANGED | rc=0 >>
22:14:51 up 1:08, 2 users, load average: 0.00, 0.01, 0.02
10.0.1.187 | CHANGED | rc=0 >>
22:14:51 up 1:08, 2 users, load average: 0.02, 0.03, 0.04
关闭告警信息
[root@ansible-1 ~]# ansible web -m command -a "touch /opt/鸡你不太美.log warn=false "
10.0.1.186 | CHANGED | rc=0 >>
10.0.1.185 | CHANGED | rc=0 >>
10.0.1.187 | CHANGED | rc=0 >>
在所有机器上,创建yuchao01用户
[root@ansible-1 ~]# ansible web -m command -a "useradd yoyuan01"
10.0.1.185 | CHANGED | rc=0 >>
10.0.1.187 | CHANGED | rc=0 >>
10.0.1.186 | CHANGED | rc=0 >>
[root@ansible-1 ~]# ansible web -m command -a "userdel yoyuan01"
10.0.1.186 | CHANGED | rc=0 >>
10.0.1.187 | CHANGED | rc=0 >>
10.0.1.185 | CHANGED | rc=0 >>
使用command提供的专有命令
这些命令用于编写ansible-playbook,完成服务器部署的各种复杂条件限定。
| 选项参数 | 选项说明 |
|---|---|
| chdir | 在执行命令执行,通过cd命令进入指定目录 |
| creates | 定义一个文件是否存在,若不存在,则运行相应命令;存在则跳过 |
| free_form(必须) | 参数信息中可以输入任何系统命令,实现远程管理 |
| removes | 定义一个文件是否存在,如果存在,则运行相应命令;如果不存在则跳过 |
Command练习
备份/var/log日志目录,需要先进入根目录
[root@ansible-1 ~]# cd / && tar zcvf /opt/log.tgz /var/log
注意你备份文件存放的文件夹是否存在
ansible web -m command -a "tar -zcf /opt/log.tgz /var/log chdir=/"
ansible web -a "ls -l /opt"
范例:
[root@ansible-1 /]# ansible web -m command -a "tar -zcf /opt/log.tgz /var/log chdir=/"
[WARNING]: Consider using the unarchive module rather than running 'tar'. If you need to
use command because unarchive is insufficient you can add 'warn: false' to this command
task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
10.0.1.186 | CHANGED | rc=0 >>
tar: Removing leading `/' from member names
10.0.1.187 | CHANGED | rc=0 >>
tar: Removing leading `/' from member names
10.0.1.185 | CHANGED | rc=0 >>
tar: Removing leading `/' from member names
[root@ansible-1 /]# ansible web -a "ls -l /opt"
10.0.1.185 | CHANGED | rc=0 >>
total 460
-rw-r--r-- 1 root root 0 Apr 22 22:13 txt
-rw-r--r-- 1 root root 469945 Apr 22 22:22 log.tgz
-rw-r--r-- 1 root root 0 Apr 22 22:15 鸡你不太美.log
-rw-r--r-- 1 root root 0 Apr 22 22:11 鸡你太美.log
10.0.1.186 | CHANGED | rc=0 >>
total 336
-rw-r--r-- 1 root root 0 Apr 22 22:13 txt
-rw-r--r-- 1 root root 342304 Apr 22 22:22 log.tgz
-rw-r--r-- 1 root root 0 Apr 22 22:15 鸡你不太美.log
-rw-r--r-- 1 root root 0 Apr 22 22:11 鸡你太美.log
10.0.1.187 | CHANGED | rc=0 >>
total 336
-rw-r--r-- 1 root root 0 Apr 22 22:13 txt
-rw-r--r-- 1 root root 341555 Apr 22 22:22 log.tgz
-rw-r--r-- 1 root root 0 Apr 22 22:15 鸡你不太美.log
-rw-r--r-- 1 root root 0 Apr 22 22:11 鸡你太美.log
在/opt下创建chaoge666.log
2个写法
ansible web -a "touch /opt/yiyuan666.log"
ansible web -a "touch yiyuan666.log chdir=/opt"
范例:
[root@ansible-1 /]# ansible web -a "touch /opt/yiyuan666.log"
[WARNING]: Consider using the file module with state=touch rather than running 'touch'. If
you need to use command because file is insufficient you can add 'warn: false' to this
command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
10.0.1.187 | CHANGED | rc=0 >>
10.0.1.185 | CHANGED | rc=0 >>
10.0.1.186 | CHANGED | rc=0 >>
[root@ansible-1 /]# ansible web -a "touch yiyuan666.log chdir=/opt"
[WARNING]: Consider using the file module with state=touch rather than running 'touch'. If
you need to use command because file is insufficient you can add 'warn: false' to this
command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
10.0.1.185 | CHANGED | rc=0 >>
10.0.1.187 | CHANGED | rc=0 >>
10.0.1.186 | CHANGED | rc=0 >>
备份/etc所有配置文件到 /backup_config/etc.tgz 。
ansible web -a "tar -zcf /backup_config/etc.tgz etc chdir=/"
目标目录不存在则会报错
[root@ansible-1 /]# ansible web -a "tar zcf /backup_config/etc.tgz etc chdir=/"
[WARNING]: Consider using the unarchive module rather than running 'tar'. If you need to
use command because unarchive is insufficient you can add 'warn: false' to this command
task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
10.0.1.185 | FAILED | rc=-13 >>
tar (child): /backup_config/etc.tgz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting nownon-zero return code
10.0.1.186 | FAILED | rc=-13 >>
tar (child): /backup_config/etc.tgz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting nownon-zero return code
10.0.1.187 | FAILED | rc=-13 >>
tar (child): /backup_config/etc.tgz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting nownon-zero return code
练习removes命令
这里就得提前考虑 /backup_config文件夹是否存在,必须先有文件夹,才能执行该备份命令
2.判断如果该文件夹不存在,则不执行备份
目标文件夹不存在,这个命令不会对目标机器产生任何修改,因此绿色结果
ansible web -a "tar -zcf /backup_config/etc.tgz etc chdir=/ removes=/backup_config"
3.你必须先创建该文件夹
ansible web -a "mkdir -p /backup_config"
ansible web -a "tar -zcf /backup_config/etc.tgz etc chdir=/ removes=/backup_config"
4.再次执行该命令
范例:
[root@ansible-1 /]# ansible web -a "mkdir -p /backup_config"
[WARNING]: Consider using the file module with state=directory rather than running 'mkdir'.
If you need to use command because file is insufficient you can add 'warn: false' to this
command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
10.0.1.187 | CHANGED | rc=0 >>
10.0.1.186 | CHANGED | rc=0 >>
10.0.1.185 | CHANGED | rc=0 >>
测试creates命令,如果目标目录已经存在了,就别创建该目录了
[root@ansible-1 /]# ansible backup -m command -a "mkdir /opt creates=/opt"
10.0.1.189 | SUCCESS | rc=0 >>
skipped, since /opt exists
远程过滤进程信息,无法使用,因为command不支持特殊符号
想用特殊符号,更复杂的linux命令用shell模块
虽然ansible提供了大量的模块
万能模块shell
但是你在学习阶段,还是尽量的用专有的模块
shell模块(万能模块)
shell模块功能:在远程节点上执行命令(复杂的命令)
也就是等于你在linux上直接执行任何复杂的命令都可以
但是ansible的使用理念是,人家提供了几千个模块,并且有很复杂的功能,你在用shell模块之前,先查一查是否有对应的模块。
你如果想使用ansible提供的状态功能,记录你每次执行命令的结果,你就必须得使用专有的模块,否则无法使用该功能
Shell练习
shell模块可以识别特殊符号,就等于远程执行命令了
远程过滤ssh进程信息
ansible all -m shell -a "ps -ef|grep ssh"
范例:[root@ansible-1 /]# ansible all -m shell -a "ps -ef |grep ssh"
10.0.1.185 | CHANGED | rc=0 >>
root 839 1 0 09:58 ? 00:00:00 /usr/sbin/sshd -D
root 962 839 0 10:00 ? 00:00:00 sshd: root@pts/0
root 10759 839 1 22:32 ? 00:00:00 sshd: root@pts/1
root 10831 10830 0 22:32 pts/1 00:00:00 /bin/sh -c ps -ef |grep ssh
root 10833 10831 0 22:32 pts/1 00:00:00 grep ssh
10.0.1.186 | CHANGED | rc=0 >>
root 838 1 0 21:06 ? 00:00:00 /usr/sbin/sshd -D
root 950 838 0 21:06 ? 00:00:00 sshd: root@pts/0
root 4944 838 1 22:32 ? 00:00:00 sshd: root@pts/1
root 5016 5015 0 22:32 pts/1 00:00:00 /bin/sh -c ps -ef |grep ssh
root 5018 5016 0 22:32 pts/1 00:00:00 grep ssh
10.0.1.189 | CHANGED | rc=0 >>
root 839 1 0 21:21 ? 00:00:00 /usr/sbin/sshd -D
root 953 839 0 21:23 ? 00:00:00 sshd: root@pts/0
root 1802 839 1 22:32 ? 00:00:00 sshd: root@pts/1
root 1874 1873 0 22:32 pts/1 00:00:00 /bin/sh -c ps -ef |grep ssh
root 1876 1874 0 22:32 pts/1 00:00:00 grep ssh
10.0.1.188 | CHANGED | rc=0 >>
root 843 1 0 21:06 ? 00:00:00 /usr/sbin/sshd -D
root 954 843 0 21:07 ? 00:00:00 sshd: root@pts/0
root 1836 843 0 22:32 ? 00:00:00 sshd: root@pts/1
root 1908 1907 0 22:32 pts/1 00:00:00 /bin/sh -c ps -ef |grep ssh
root 1910 1908 0 22:32 pts/1 00:00:00 grep ssh
10.0.1.187 | CHANGED | rc=0 >>
root 839 1 0 21:06 ? 00:00:00 /usr/sbin/sshd -D
root 951 839 0 21:07 ? 00:00:00 sshd: root@pts/0
root 4928 839 1 22:32 ? 00:00:00 sshd: root@pts/1
root 5000 4999 0 22:32 pts/1 00:00:00 /bin/sh -c ps -ef |grep ssh
root 5002 5000 0 22:32 pts/1 00:00:00 grep ssh
[root@ansible-1 /]# ansible all -m shell -a "ps aux |grep ssh"
10.0.1.189 | CHANGED | rc=0 >>
root 839 0.0 0.4 113004 4372 ? Ss 21:21 0:00 /usr/sbin/sshd -D
root 953 0.0 0.5 117840 5252 ? Ss 21:23 0:00 sshd: root@pts/0
root 1802 0.1 0.5 115404 5208 ? Ss 22:32 0:00 sshd: root@pts/1
root 1957 0.0 0.1 113284 1208 pts/1 S+ 22:33 0:00 /bin/sh -c ps aux |grep ssh
root 1959 0.0 0.0 113284 188 pts/1 R+ 22:33 0:00 /bin/sh -c ps aux |grep ssh
10.0.1.187 | CHANGED | rc=0 >>
root 839 0.0 0.4 113004 4368 ? Ss 21:06 0:00 /usr/sbin/sshd -D
root 951 0.0 0.5 117840 5252 ? Ss 21:07 0:00 sshd: root@pts/0
root 4928 0.1 0.5 115404 5208 ? Ss 22:32 0:00 sshd: root@pts/1
root 5083 0.0 0.1 113284 1204 pts/1 S+ 22:33 0:00 /bin/sh -c ps aux |grep ssh
root 5085 0.0 0.0 113284 184 pts/1 R+ 22:33 0:00 /bin/sh -c ps aux |grep ssh
10.0.1.186 | CHANGED | rc=0 >>
root 838 0.0 0.4 113004 4372 ? Ss 21:06 0:00 /usr/sbin/sshd -D
root 950 0.0 0.5 117840 5252 ? Ss 21:06 0:00 sshd: root@pts/0
root 4944 0.1 0.5 115404 5208 ? Ss 22:32 0:00 sshd: root@pts/1
root 5099 0.0 0.1 113284 1208 pts/1 S+ 22:33 0:00 /bin/sh -c ps aux |grep ssh
root 5101 0.0 0.0 113284 188 pts/1 R+ 22:33 0:00 /bin/sh -c ps aux |grep ssh
10.0.1.185 | CHANGED | rc=0 >>
root 839 0.0 0.4 113004 4376 ? Ss 09:58 0:00 /usr/sbin/sshd -D
root 962 0.0 0.5 117840 5252 ? Ss 10:00 0:00 sshd: root@pts/0
root 10759 0.1 0.5 115404 5212 ? Ss 22:32 0:00 sshd: root@pts/1
root 10933 0.0 0.1 113284 1208 pts/1 S+ 22:33 0:00 /bin/sh -c ps aux |grep ssh
root 10935 0.0 0.0 113284 188 pts/1 R+ 22:33 0:00 /bin/sh -c ps aux |grep ssh
10.0.1.188 | CHANGED | rc=0 >>
root 843 0.0 0.4 113004 4372 ? Ss 21:06 0:00 /usr/sbin/sshd -D
root 954 0.0 0.5 117840 5248 ? Ss 21:07 0:00 sshd: root@pts/0
root 1836 0.1 0.5 115404 5208 ? Ss 22:32 0:00 sshd: root@pts/1
root 1991 0.0 0.1 113284 1208 pts/1 S+ 22:33 0:00 /bin/sh -c ps aux |grep ssh
root 1993 0.0 0.0 113284 188 pts/1 R+ 22:33 0:00 /bin/sh -c ps aux |grep ssh
使用重定向符号,创建文件
>>
>
# 远程获取时间信息,且写入到文件中
command
command不认识重定向
# ansible web -m command -a "date > /tmp/date.log"
范例:
[root@ansible-1 /]# ansible web -m shell -a "date '+%F %T' > /tmp/date.log "
10.0.1.187 | CHANGED | rc=0 >>
10.0.1.185 | CHANGED | rc=0 >>
10.0.1.186 | CHANGED | rc=0 >>
[root@ansible-1 /]# ansible web -m shell -a "cat /tmp/date.log"
10.0.1.185 | CHANGED | rc=0 >>
2024-04-22 22:34:54
10.0.1.187 | CHANGED | rc=0 >>
2024-04-22 22:34:54
10.0.1.186 | CHANGED | rc=0 >>
2024-04-22 22:34:54
远程执行复杂linux命令
这个命令就无法在command中执行
通过一条命令,做如下事情
- 创建文件夹
- 生成sh脚本文件(查看主机名)
- 赋予脚本可执行权限
- 执行脚本
- 忽略warning信息
[root@ansible-1 /]# ansible web -m shell -a "mkdir /2226/;echo 'hostname' > /2226/hostname.sh;chmod +x /2226/hostname.sh;/2226/hostname.sh; warn=false"
10.0.1.185 | CHANGED | rc=0 >>
web1
10.0.1.186 | CHANGED | rc=0 >>
web2
10.0.1.187 | CHANGED | rc=0 >>
web3
小结shell模块
shell命令别过度依赖,那就等于用ansible远程帮你执行了个普通的shell命令;
你应该多去琢磨其他模块,如文件模块、拷贝模块,脚本模块,定时任务模块,yum模块等等等
copy拷贝文件
copy模块是远程推送数据模块,只能把数据推送给远程主机节点,无法拉取数据到本地。
既然是文件拷贝,可用参数也就是围绕文件属性。
将ansible-1master管理机器上的数据,拷贝到目标机器上
copy练习
语法
ansible 主机组 -m copy -a "参数"
简单发送文件
src 自己的路径文件
dest 存档到对方的路径文件
参数练习
并且ansible的模块记录了文件属性,文件的md5值,得到了文件的唯一校验值,判断文件内容是否变化,如果未变化,不做处理,提升批量管理的效率
[root@ansible-1 /]# echo nwq >/tmp/61-dnf.log
[root@ansible-1 /]# ll /tmp/
61-dnf.log
.font-unix/
.ICE-unix/
systemd-private-fb606e9efc4946d2ada59a7811bdedbd-systemd-hostnamed.service-6VxNjL/
.Test-unix/
.X11-unix/
.XIM-unix/
[root@ansible-1 /]# ansible web -m copy -a "src=/tmp/61-dnf.log dest=/tmp/web-dnf.log"
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "799deea643656eb4398a6e80d58354c6e2419c24",
"dest": "/tmp/web-dnf.log",
"gid": 0,
"group": "root",
"md5sum": "3fe253aa1eb0002fb35db293239848f9",
"mode": "0644",
"owner": "root",
"size": 4,
"src": "/root/.ansible/tmp/ansible-tmp-1713796879.33-6194-155828484740867/source",
"state": "file",
"uid": 0
}
10.0.1.187 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "799deea643656eb4398a6e80d58354c6e2419c24",
"dest": "/tmp/web-dnf.log",
"gid": 0,
"group": "root",
"md5sum": "3fe253aa1eb0002fb35db293239848f9",
"mode": "0644",
"owner": "root",
"size": 4,
"src": "/root/.ansible/tmp/ansible-tmp-1713796879.33-6196-201232796202167/source",
"state": "file",
"uid": 0
}
10.0.1.186 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "799deea643656eb4398a6e80d58354c6e2419c24",
"dest": "/tmp/web-dnf.log",
"gid": 0,
"group": "root",
"md5sum": "3fe253aa1eb0002fb35db293239848f9",
"mode": "0644",
"owner": "root",
"size": 4,
"src": "/root/.ansible/tmp/ansible-tmp-1713796879.32-6195-46672497159033/source",
"state": "file",
"uid": 0
}
发送文件且指定文件属性
61
↓
web机器组(属性变化,www,600)
权限改为600、修改为www用户(要求目标机器存在该用户)
创建www用户
[root@ansible-1 /]# ansible web -m command -a "useradd -r -s /sbin/nologin -M www"
10.0.1.187 | CHANGED | rc=0 >>
10.0.1.186 | CHANGED | rc=0 >>
10.0.1.185 | CHANGED | rc=0 >>、
远程拷贝文件,且修改权限,为600
ansible web -m copy -a "src=/tmp/61-dnf.log dest=/opt/web-dnf.log group=www owner=www mode=600"
[root@ansible-1 /]# ansible web -m copy -a "src=/tmp/61-dnf.log dest=/opt/web-dnf.log group=www owner=www mode=600"
10.0.1.187 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "799deea643656eb4398a6e80d58354c6e2419c24",
"dest": "/opt/web-dnf.log",
"gid": 996,
"group": "www",
"mode": "0600",
"owner": "www",
"path": "/opt/web-dnf.log",
"size": 4,
"state": "file",
"uid": 998
}
10.0.1.186 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "799deea643656eb4398a6e80d58354c6e2419c24",
"dest": "/opt/web-dnf.log",
"gid": 996,
"group": "www",
"mode": "0600",
"owner": "www",
"path": "/opt/web-dnf.log",
"size": 4,
"state": "file",
"uid": 998
}
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "799deea643656eb4398a6e80d58354c6e2419c24",
"dest": "/opt/web-dnf.log",
"gid": 996,
"group": "www",
"mode": "0600",
"owner": "www",
"path": "/opt/web-dnf.log",
"size": 4,
"state": "file",
"uid": 998
}
远程检查文件信息
[root@ansible-1 /]# ansible web -m shell -a "ls -l /opt/web-dnf.log"
10.0.1.187 | CHANGED | rc=0 >>
-rw------- 1 www www 4 Apr 22 22:45 /opt/web-dnf.log
10.0.1.185 | CHANGED | rc=0 >>
-rw------- 1 www www 4 Apr 22 22:45 /opt/web-dnf.log
10.0.1.186 | CHANGED | rc=0 >>
-rw------- 1 www www 4 Apr 22 22:45 /opt/web-dnf.log
发送文件且先做好备份
使用backup参数,防止覆盖远程文件,丢失备份,提前备份该目标机器的数据
检查目标机器的文件
[root@ansible-1 /]# ansible web -m shell -a "ls -l /opt/web-dnf.log"
10.0.1.187 | CHANGED | rc=0 >>
-rw------- 1 www www 4 Apr 22 22:45 /opt/web-dnf.log
10.0.1.186 | CHANGED | rc=0 >>
-rw------- 1 www www 4 Apr 22 22:45 /opt/web-dnf.log
10.0.1.185 | CHANGED | rc=0 >>
-rw------- 1 www www 4 Apr 22 22:45 /opt/web-dnf.log
2.远程拷贝文件,且做好备份
[root@ansible-1 ~]#ansible web -m copy -a "src=/tmp/61-dnf.log dest=/opt/web-dnf.log backup=yes"
3.发现ansible帮你做好了备份
[root@ansible-1 ~]#ansible web -m copy -a "src=/tmp/61-dnf.log dest=/opt/web-dnf.log backup=yes"
[root@ansible-1 /]# ansible web -m shell -a "ls -l /opt/web*"
10.0.1.187 | CHANGED | rc=0 >>
-rw------- 1 www www 4 Apr 22 22:45 /opt/web-dnf.log
10.0.1.186 | CHANGED | rc=0 >>
-rw------- 1 www www 4 Apr 22 22:45 /opt/web-dnf.log
10.0.1.185 | CHANGED | rc=0 >>
-rw------- 1 www www 4 Apr 22 22:45 /opt/web-dnf.log
指定数据写入到远程文件中
向rsyncd.conf中填入账号密码,覆盖其原有的文件内容
content参数
[root@ansible-1 ~]#ansible web -m copy -a "content=' 老铁' dest=/opt/web-dnf.log"
查看文件内容
[root@ansible-1 ~]#ansible web -m shell -a "cat /opt/web-dnf.log"
192.168.106.8 | CHANGED | rc=0 >>
老铁
10.0.1.185 | CHANGED | rc=0 >>
老铁
192.168.106.9 | CHANGED | rc=0 >>
老铁
范例:
[root@ansible-1 /]# ansible web -m copy -a "content='老铁' dest=/opt/web-dnf.log"
10.0.1.186 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "b9377e56ad6491fbf230a65e7c624e88405c15a9",
"dest": "/opt/web-dnf.log",
"gid": 996,
"group": "www",
"md5sum": "8fd7263c46987829c96838ee754271d3",
"mode": "0600",
"owner": "www",
"size": 6,
"src": "/root/.ansible/tmp/ansible-tmp-1713797990.06-7469-143042957193099/source",
"state": "file",
"uid": 998
}
10.0.1.187 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "b9377e56ad6491fbf230a65e7c624e88405c15a9",
"dest": "/opt/web-dnf.log",
"gid": 996,
"group": "www",
"md5sum": "8fd7263c46987829c96838ee754271d3",
"mode": "0600",
"owner": "www",
"size": 6,
"src": "/root/.ansible/tmp/ansible-tmp-1713797990.07-7470-239961101806060/source",
"state": "file",
"uid": 998
}
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "b9377e56ad6491fbf230a65e7c624e88405c15a9",
"dest": "/opt/web-dnf.log",
"gid": 996,
"group": "www",
"md5sum": "8fd7263c46987829c96838ee754271d3",
"mode": "0600",
"owner": "www",
"size": 6,
"src": "/root/.ansible/tmp/ansible-tmp-1713797990.06-7468-192612475454218/source",
"state": "file",
"uid": 998
}
[root@ansible-1 /]# ansible web -m shell -a "cat /opt/web-dnf.log"
10.0.1.187 | CHANGED | rc=0 >>
老铁
10.0.1.186 | CHANGED | rc=0 >>
老铁
10.0.1.185 | CHANGED | rc=0 >>
老铁
注意像这样的覆盖操作,还是添加备份参数更合适
ansible web -m copy -a "content=' 老铁' dest=/opt/web-dnf.log backup=yes"
复制文件夹,注意结尾斜杠
练习src、dest,以及分隔符的添加
远程拷贝/opt/ 下的所有内容到目标机器
[root@ansible-1 ~]#ansible web -m copy -a "src=/opt/ dest=/tmp/"
远程拷贝/opt 整个目录到目标机器
[root@ansible-1 ~]#ansible web -m copy -a "src=/opt dest=/tmp/"
范例:
[root@ansible-1 /]# ansible web -m copy -a "src=/opt/ dest=/tmp/"
10.0.1.186 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"checksum": "e6cdc188e3709bd59ba3ea8dac94dd05e9d1d89d",
"dest": "/tmp/log.tgz",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/tmp/log.tgz",
"size": 314230,
"state": "file",
"uid": 0
}
10.0.1.185 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"checksum": "e6cdc188e3709bd59ba3ea8dac94dd05e9d1d89d",
"dest": "/tmp/log.tgz",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/tmp/log.tgz",
"size": 314230,
"state": "file",
"uid": 0
}
10.0.1.187 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"checksum": "e6cdc188e3709bd59ba3ea8dac94dd05e9d1d89d",
"dest": "/tmp/log.tgz",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/tmp/log.tgz",
"size": 314230,
"state": "file",
"uid": 0
}
[root@ansible-1 /]# ansible web -m copy -a "src=/opt dest=/tmp/"
10.0.1.187 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "e6cdc188e3709bd59ba3ea8dac94dd05e9d1d89d",
"dest": "/tmp/opt/log.tgz",
"gid": 0,
"group": "root",
"md5sum": "137b84723357238a6f079edd877815fa",
"mode": "0644",
"owner": "root",
"size": 314230,
"src": "/root/.ansible/tmp/ansible-tmp-1713798177.57-7895-157886428967526/source",
"state": "file",
"uid": 0
}
10.0.1.186 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "e6cdc188e3709bd59ba3ea8dac94dd05e9d1d89d",
"dest": "/tmp/opt/log.tgz",
"gid": 0,
"group": "root",
"md5sum": "137b84723357238a6f079edd877815fa",
"mode": "0644",
"owner": "root",
"size": 314230,
"src": "/root/.ansible/tmp/ansible-tmp-1713798177.57-7894-16035321357244/source",
"state": "file",
"uid": 0
}
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "e6cdc188e3709bd59ba3ea8dac94dd05e9d1d89d",
"dest": "/tmp/opt/log.tgz",
"gid": 0,
"group": "root",
"md5sum": "137b84723357238a6f079edd877815fa",
"mode": "0644",
"owner": "root",
"size": 314230,
"src": "/root/.ansible/tmp/ansible-tmp-1713798177.57-7893-41277505180954/source",
"state": "file",
"uid": 0
}
目前已学的模块
ping 检测目标机器是否存活
command 远程执行简单linux命令不支持特殊符号
shell 万能模块,远程执行简单linux命令,支持特殊符号
copy 批量分发文件 ansible-1master机器要给所有被管理的机器,批量的发送,更新某文件,某文件夹
/etc/hosts文件 ansible-1master机器上 ,所有被管理的机器集群,都可以使用这个本地
hosts 域名解析
ansible all -m copy -a "src=/etc/hosts dest=/etc/hosts backup=yes"
准备了一些列的数据文件,网站的所有静态页面,图片等
ansible-1master机器的 /www目录下,全部发给共享存储/nginx-html/,提供给web服务器组使用
/www/static/logo.png
/www/html/index.html
ansible nfs -m copy -a "src=/www/ dest=/nginx-html/"
file文件操作模块
copy区别开
file模块作用是创建、以及设置文件目录属性。
copy模块,src(管理机器上 ) dest(目标机器上)
file专门用于在远程机器上,关于文件的所有操作
file src(目标机器上的文件) dest(目标机器上的文件)
file模块主要用于创建文件、目录数据,以及对现有的文件、目录权限进行修改
对文件属性各种操作的
请看官网
https://docs.ansible.com/ansible/latest/modules/file_module.html#file-module
直接看examples示例用法即可
或者看命令帮助
[root@ansible-1 ~]#ansible-doc -s file
范例:
- name: Manage files and file properties
file:
access_time: # This parameter indicates the time the file's access time
should be set to. Should be
`preserve' when no
modification is required,
`YYYYMMDDHHMM.SS' when using
default time format, or
`now'. Default is `None'
meaning that `preserve' is
the default for `state=[file,
directory,link,hard]' and
`now' is default for
`state=touch'.
access_time_format: # When used with `access_time', indicates the time format that
must be used. Based on
default Python format (see
time.strftime doc).
attributes: # The attributes the resulting file or directory should have.
To get supported flags look
at the man page for `chattr'
on the target system. This
string should contain the
attributes in the same order
as the one displayed by
`lsattr'. The `=' operator is
assumed as default, otherwise
远程创建文件
ansible每次命令的执行,都会记录下当前的状态
state参数、path参数
远程在web服务器组中,创建一个文本, hello_ansible.log
ansible web -m file -a "path=/opt/hello_ansible.log state=touch"
范例:
[root@ansible-1 /]# ansible web -m shell -a "echo 老铁你又行了 >/opt/hello_ansible.log"
10.0.1.186 | CHANGED | rc=0 >>
10.0.1.185 | CHANGED | rc=0 >>
10.0.1.187 | CHANGED | rc=0 >>
[root@ansible-1 /]# ansible web -m shell -a "ls -ld /opt/hello*"
10.0.1.186 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 19 Apr 22 23:05 /opt/hello_ansible.log
10.0.1.185 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 19 Apr 22 23:05 /opt/hello_ansible.log
10.0.1.187 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 19 Apr 22 23:05 /opt/hello_ansible.log
创建文件夹
state参数、path参数
[root@ansible-1 ~]#ansible web -m file -a "path=/opt/hello_ansible state=directory"
创建文件且设定权限
state参数、path参数、owner参数、group参数
path=/opt/hello-linux.log
ansible web -m file -a "path=/opt/hello-linux.log state=touch owner=www group=www"
范例:
[root@ansible-1 /]# ansible web -m copy -a "content='' dest=/opt/hello-linux.log owner=www group=www mode=0644"
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/opt/hello-linux.log",
"gid": 996,
"group": "www",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "www",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1713798590.54-8432-103629192784758/source",
"state": "file",
"uid": 998
}
10.0.1.186 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/opt/hello-linux.log",
"gid": 996,
"group": "www",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "www",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1713798590.53-8433-189008989312503/source",
"state": "file",
"uid": 998
}
10.0.1.187 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/opt/hello-linux.log",
"gid": 996,
"group": "www",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "www",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1713798590.54-8434-187396616155921/source",
"state": "file",
"uid": 998
}
[root@ansible-1 /]# ansible web -m file -a "path=/opt/hello-linux.log state=file owner=www group=www"
10.0.1.186 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"gid": 996,
"group": "www",
"mode": "0644",
"owner": "www",
"path": "/opt/hello-linux.log",
"size": 0,
"state": "file",
"uid": 998
}
10.0.1.185 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"gid": 996,
"group": "www",
"mode": "0644",
"owner": "www",
"path": "/opt/hello-linux.log",
"size": 0,
"state": "file",
"uid": 998
}
10.0.1.187 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"gid": 996,
"group": "www",
"mode": "0644",
"owner": "www",
"path": "/opt/hello-linux.log",
"size": 0,
"state": "file",
"uid": 998
}
远程修改文件属性
[root@ansible-1 ~]#ansible web -m file -a "path=/opt/hello-linux.log state=file owner=www group=www mode=777"
[root@ansible-1 /]# ansible web -m file -a "path=/opt/hello-linux.log state=file owner=www group=www mode=777"
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 996,
"group": "www",
"mode": "0777",
"owner": "www",
"path": "/opt/hello-linux.log",
"size": 0,
"state": "file",
"uid": 998
}
10.0.1.186 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 996,
"group": "www",
"mode": "0777",
"owner": "www",
"path": "/opt/hello-linux.log",
"size": 0,
"state": "file",
"uid": 998
}
10.0.1.187 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 996,
"group": "www",
"mode": "0777",
"owner": "www",
"path": "/opt/hello-linux.log",
"size": 0,
"state": "file",
"uid": 998
}
创建软连接文件
软连接,也就是在目标机器上,指定源文件,创建软连接
src、dest、state
给web服务器组的 /etc/hosts文件,添加软连接到/opt/hosts文件
ansible web -m file -a "src=/etc/hosts dest=/opt/hosts state=link"
范例:[root@ansible-1 /]# ansible web -m file -a "src=/etc/hosts dest=/opt/hosts state=link"
10.0.1.186 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hosts",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/etc/hosts",
"state": "link",
"uid": 0
}
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hosts",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/etc/hosts",
"state": "link",
"uid": 0
}
10.0.1.187 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hosts",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/etc/hosts",
"state": "link",
"uid": 0
}
强制性创建文件(软连接)
意义不大,查看force参数的作用
[root@ansible-1 ~]#ansible web -m file -a "src=/etc/hostsss dest=/opt/hosts state=link force=yes"
范例:
[root@ansible-1 /]# ansible web -m file -a "src=/etc/hosts dest=/opt/hosts state=link force=yes"
10.0.1.187 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"dest": "/opt/hosts",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/etc/hosts",
"state": "link",
"uid": 0
}
10.0.1.186 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"dest": "/opt/hosts",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/etc/hosts",
"state": "link",
"uid": 0
}
10.0.1.185 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"dest": "/opt/hosts",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/etc/hosts",
"state": "link",
"uid": 0
}
修改已存在文件/文件夹的属性
修改文件 Path、mode
[root@ansible-1 ~]#ansible 10.0.1.185 -m file -a "path=/opt/yiyuan666.log owner=www group=www mode=666"
修改文件夹 Path、mode owner,group
[root@ansible-1 ~]#ansible 10.0.1.185 -m file -a "path=/opt/hello_ansible owner=www group=www"
范例:
[root@ansible-1 /]# ansible 10.0.1.185 -m file -a "path=/opt/yiyuan666.log owner=www group=www mode=666"
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 996,
"group": "www",
"mode": "0666",
"owner": "www",
"path": "/opt/yiyuan666.log",
"size": 0,
"state": "file",
"uid": 998
}
[root@ansible-1 /]# ansible 10.0.1.185 -m file -a "path=/opt/hello_ansible owner=www group=www"
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 996,
"group": "www",
"mode": "0755",
"owner": "www",
"path": "/opt/hello_ansible",
"size": 6,
"state": "directory",
"uid": 998
}
关于file模块的所有参数作用
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html#parameters
关于file模块的实例用法
playbook剧本的写法,yaml写法
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html#examples
script脚本模块
一键部署rsync,nfs,nginx等
把脚本发到目标机器上执行,
2.远程执行,目标机器上不需要存在这个脚本
官网
模块功能:把本地脚本传输到远程节点上并运行脚本
比起shell模块,script模块功能更强大,管理机本地有一份脚本,就可以在所有机器上运行。
scripts模块的功能参数
| 选项参数 | 选项说明 |
|---|---|
| creates | 定义一个文件是否存在,若不存在,则运行相应命令;存在则跳过 |
| free_form(必须) | 参数信息中可以输入任何系统命令,实现远程管理 |
| removes | 定义一个文件是否存在,如果存在,则运行相应命令;如果不存在则跳过 |
远程执行脚本
为什么要用ansible,主要是ansible使用对应的模块,执行完命令后,记录了每一次文件修改的状态,这个状态,一是让你更清晰文件的情况、而是也防止反复修改文件,提升效率。
管理机创建测试脚本
ansible-1master创建该脚本
cd /root
[root@ansible-1 ~]#vim server_info.sh
#!/bin/bash
echo "$(hostname -I)" >> /tmp/server_info.log
echo "$(uptime)" >> /tmp/server_info.log
echo "$(free -m)" >> /tmp/server_info.log
2.添加执行权限
[root@ansible-1 ~]#chmod +x server_info.sh
3.远程执行
发给nfs机器去执行
ansible nfs -m script -a "/root/server_info.sh"
4.检查结果
利用script模块批量让所有被管控机器执行脚本,该脚本不用在远程主机上存在
远程在目标机器执行脚本
远程安装nginx脚本
目标机器:
[root@ansible-1 ~]#cat install_nginx.sh
#!/bin/bash
yum -y install nginx
yum -y remove nginx
echo "laotie666"
[root@ansible-1 ~]#ansible nfs -m script -a "/root/install_nginx.sh"
范例:
[root@ansible-1 ~]# ansible nfs -m script -a "/root/install_nginx.sh"
10.0.1.188 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.0.1.188 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.0.1.188 closed."
],
"stdout": "Loaded plugins: fastestmirror\r\nLoading mirror speeds from cached hostfile\r\n * base: mirrors.aliyun.com\r\n * extras: mirrors.aliyun.com\r\n * updates: mirrors.aliyun.com\r\nResolving Dependencies\r\n--> Running transaction check\r\n---> Package nginx.x86_64 1: 20.1-10.el7 will be installed\r\n--> Finished Dependency Resolution\r\n\r\nDependencies Resolved\r\n\r\n================================================================================\r\n Package Arch Version Repository Size\r\n================================================================================\r\nInstalling:\r\n nginx x86_64 1: 20.1-10.el7 epel 588 k\r\n\r\nTransaction Summary\r\n================================================================================\r\nInstall 1 Package\r\n\r\nTotal download size: 588 k\r\nInstalled size: 7 M\r\nDownloading packages:\r\n\rnginx- 20.1-10.el7.x86_64.rpm | 588 kB 00:00 \r\nRunning transaction check\r\nRunning transaction test\r\nTransaction test succeeded\r\nRunning transaction\r\n\r Installing : 1:nginx- 20.1-10.el7.x86_64 [ ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [# ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [## ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [### ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [#### ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [##### ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [###### ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [####### ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [######## ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [########## ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [########### ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [############ ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [############# ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [############## ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [############### ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [################ ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [################# ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [################## ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [################### ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [#################### ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [##################### ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [###################### ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [####################### ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [######################## ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [######################### ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [########################## ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [########################### ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 [############################ ] 1/1\r Installing : 1:nginx- 20.1-10.el7.x86_64 1/1 \r\n\r Verifying : 1:nginx- 20.1-10.el7.x86_64 1/1 \r\n\r\nInstalled:\r\n nginx.x86_64 1: 20.1-10.el7 \r\n\r\nComplete!\r\nLoaded plugins: fastestmirror\r\nResolving Dependencies\r\n--> Running transaction check\r\n---> Package nginx.x86_64 1: 20.1-10.el7 will be erased\r\n--> Finished Dependency Resolution\r\n\r\nDependencies Resolved\r\n\r\n================================================================================\r\n Package Arch Version Repository Size\r\n================================================================================\r\nRemoving:\r\n nginx x86_64 1: 20.1-10.el7 @epel 7 M\r\n\r\nTransaction Summary\r\n================================================================================\r\nRemove 1 Package\r\n\r\nInstalled size: 7 M\r\nDownloading packages:\r\nRunning transaction check\r\nRunning transaction test\r\nTransaction test succeeded\r\nRunning transaction\r\n\r Erasing : 1:nginx- 20.1-10.el7.x86_64 1/1 \r\n\r Verifying : 1:nginx- 20.1-10.el7.x86_64 1/1 \r\n\r\nRemoved:\r\n nginx.x86_64 1: 20.1-10.el7 \r\n\r\nComplete!\r\nlaotie666\r\n",
"stdout_lines": [
"Loaded plugins: fastestmirror",
"Loading mirror speeds from cached hostfile",
" * base: mirrors.aliyun.com",
" * extras: mirrors.aliyun.com",
" * updates: mirrors.aliyun.com",
"Resolving Dependencies",
"--> Running transaction check",
"---> Package nginx.x86_64 1: 20.1-10.el7 will be installed",
"--> Finished Dependency Resolution",
"",
"Dependencies Resolved",
"",
"================================================================================",
" Package Arch Version Repository Size",
"================================================================================",
"Installing:",
" nginx x86_64 1: 20.1-10.el7 epel 588 k",
"",
"Transaction Summary",
"================================================================================",
"Install 1 Package",
"",
"Total download size: 588 k",
"Installed size: 7 M",
"Downloading packages:",
"",
"nginx- 20.1-10.el7.x86_64.rpm | 588 kB 00:00 ",
"Running transaction check",
"Running transaction test",
"Transaction test succeeded",
"Running transaction",
"",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [ ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [# ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [## ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [### ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [#### ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [##### ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [###### ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [####### ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [######## ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [########## ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [########### ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [############ ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [############# ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [############## ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [############### ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [################ ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [################# ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [################## ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [################### ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [#################### ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [##################### ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [###################### ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [####################### ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [######################## ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [######################### ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [########################## ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [########################### ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 [############################ ] 1/1",
" Installing : 1:nginx- 20.1-10.el7.x86_64 1/1 ",
"",
" Verifying : 1:nginx- 20.1-10.el7.x86_64 1/1 ",
"",
"Installed:",
" nginx.x86_64 1: 20.1-10.el7 ",
"",
"Complete!",
"Loaded plugins: fastestmirror",
"Resolving Dependencies",
"--> Running transaction check",
"---> Package nginx.x86_64 1: 20.1-10.el7 will be erased",
"--> Finished Dependency Resolution",
"",
"Dependencies Resolved",
"",
"================================================================================",
" Package Arch Version Repository Size",
"================================================================================",
"Removing:",
" nginx x86_64 1: 20.1-10.el7 @epel 7 M",
"",
"Transaction Summary",
"================================================================================",
"Remove 1 Package",
"",
"Installed size: 7 M",
"Downloading packages:",
"Running transaction check",
"Running transaction test",
"Transaction test succeeded",
"Running transaction",
"",
" Erasing : 1:nginx- 20.1-10.el7.x86_64 1/1 ",
"",
" Verifying : 1:nginx- 20.1-10.el7.x86_64 1/1 ",
"",
"Removed:",
" nginx.x86_64 1: 20.1-10.el7 ",
"",
"Complete!",
"laotie666"
]
}
查看命令执行详细过程
-vvvvv参数显示详细过程,v越多,越详细
[root@ansible-1 ~]#ansible nfs -vvvvv -m shell -a "df -h"
显示命令执行的详细过程,开启了debug日志模式
范例:
[root@ansible-1 ~]# ansible nfs -vvvvv -m shell -a "df -h"
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 14 2023, 16:14:06) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin minimal of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/minimal.pyc
Attempting to use 'actionable' callback.
Skipping callback 'actionable', as we already have a stdout callback.
Attempting to use 'aws_resource_actions' callback.
Attempting to use 'cgroup_memory_recap' callback.
Attempting to use 'cgroup_perf_recap' callback.
Attempting to use 'context_demo' callback.
Attempting to use 'counter_enabled' callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Attempting to use 'debug' callback.
Skipping callback 'debug', as we already have a stdout callback.
Attempting to use 'dense' callback.
Skipping callback 'dense', as we already have a stdout callback.
Attempting to use 'dense' callback.
Skipping callback 'dense', as we already have a stdout callback.
Attempting to use 'foreman' callback.
Attempting to use 'full_skip' callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Attempting to use 'grafana_annotations' callback.
Attempting to use 'hipchat' callback.
Attempting to use 'jabber' callback.
Attempting to use 'json' callback.
Skipping callback 'json', as we already have a stdout callback.
Attempting to use 'junit' callback.
Attempting to use 'log_plays' callback.
Attempting to use 'logdna' callback.
Attempting to use 'logentries' callback.
Attempting to use 'logstash' callback.
Attempting to use 'mail' callback.
Attempting to use 'minimal' callback.
Skipping callback 'minimal', as we already have a stdout callback.
Attempting to use 'nrdp' callback.
Attempting to use 'null' callback.
Skipping callback 'null', as we already have a stdout callback.
Attempting to use 'oneline' callback.
Skipping callback 'oneline', as we already have a stdout callback.
Attempting to use 'osx_say' callback.
Attempting to use 'profile_roles' callback.
Attempting to use 'profile_tasks' callback.
Attempting to use 'say' callback.
Attempting to use 'selective' callback.
Skipping callback 'selective', as we already have a stdout callback.
Attempting to use 'skippy' callback.
Skipping callback 'skippy', as we already have a stdout callback.
Attempting to use 'slack' callback.
Attempting to use 'splunk' callback.
Attempting to use 'stderr' callback.
Skipping callback 'stderr', as we already have a stdout callback.
Attempting to use 'sumologic' callback.
Attempting to use 'syslog_json' callback.
Attempting to use 'timer' callback.
Attempting to use 'tree' callback.
Attempting to use 'unixy' callback.
Skipping callback 'unixy', as we already have a stdout callback.
Attempting to use 'yaml' callback.
Skipping callback 'yaml', as we already have a stdout callback.
META: ran handlers
<10.0.1.188> ESTABLISH SSH CONNECTION FOR USER: root
<10.0.1.188> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.1.188> SSH: ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: (-o)(StrictHostKeyChecking=no)
<10.0.1.188> SSH: ANSIBLE_REMOTE_PORT/remote_port/ansible_port set: (-o)(Port=22)
<10.0.1.188> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User="root")
<10.0.1.188> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<10.0.1.188> SSH: PlayContext set ssh_common_args: ()
<10.0.1.188> SSH: PlayContext set ssh_extra_args: ()
<10.0.1.188> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/root/.ansible/cp/b80ff88f95)
<10.0.1.188> SSH: EXEC sshpass -d8 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/b80ff88f95 10.0.1.188 '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<10.0.1.188> (0, '/root\n', 'OpenSSH_7.4p1, OpenSSL 0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 9656\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<10.0.1.188> ESTABLISH SSH CONNECTION FOR USER: root
<10.0.1.188> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.1.188> SSH: ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: (-o)(StrictHostKeyChecking=no)
<10.0.1.188> SSH: ANSIBLE_REMOTE_PORT/remote_port/ansible_port set: (-o)(Port=22)
<10.0.1.188> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User="root")
<10.0.1.188> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<10.0.1.188> SSH: PlayContext set ssh_common_args: ()
<10.0.1.188> SSH: PlayContext set ssh_extra_args: ()
<10.0.1.188> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/root/.ansible/cp/b80ff88f95)
<10.0.1.188> SSH: EXEC sshpass -d8 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/b80ff88f95 10.0.1.188 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1713800997.08-9678-127225945779150 `" && echo ansible-tmp-1713800997.08-9678-127225945779150="` echo /root/.ansible/tmp/ansible-tmp-1713800997.08-9678-127225945779150 `" ) && sleep 0'"'"''
<10.0.1.188> (0, 'ansible-tmp-1713800997.08-9678-127225945779150=/root/.ansible/tmp/ansible-tmp-1713800997.08-9678-127225945779150\n', 'OpenSSH_7.4p1, OpenSSL 0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 9656\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/_text.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/basic.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/common/collections.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/common/__init__.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/six/__init__.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/common/text/formatters.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/common/validation.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/common/text/converters.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/pycompat24.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/common/text/__init__.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/common/process.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/common/_json_compat.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/common/_collections_compat.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/common/_utils.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/parsing/convert_bool.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/parsing/__init__.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/compat/selectors.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/common/sys_info.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/common/parameters.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/compat/__init__.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/common/file.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/compat/_selectors2.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/distro/__init__.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/distro/_distro.py
<10.0.1.188> Attempting python interpreter discovery
<10.0.1.188> ESTABLISH SSH CONNECTION FOR USER: root
<10.0.1.188> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.1.188> SSH: ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: (-o)(StrictHostKeyChecking=no)
<10.0.1.188> SSH: ANSIBLE_REMOTE_PORT/remote_port/ansible_port set: (-o)(Port=22)
<10.0.1.188> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User="root")
<10.0.1.188> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<10.0.1.188> SSH: PlayContext set ssh_common_args: ()
<10.0.1.188> SSH: PlayContext set ssh_extra_args: ()
<10.0.1.188> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/root/.ansible/cp/b80ff88f95)
<10.0.1.188> SSH: EXEC sshpass -d8 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/b80ff88f95 10.0.1.188 '/bin/sh -c '"'"'echo PLATFORM; uname; echo FOUND; command -v '"'"'"'"'"'"'"'"'/usr/bin/python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.5'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/libexec/platform-python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python3'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python'"'"'"'"'"'"'"'"'; echo ENDFOUND && sleep 0'"'"''
<10.0.1.188> (0, 'PLATFORM\nLinux\nFOUND\n/usr/bin/python\n/usr/bin/python2.7\n/usr/libexec/platform-python\n/usr/bin/python\nENDFOUND\n', 'OpenSSH_7.4p1, OpenSSL 0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 9656\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<10.0.1.188> ESTABLISH SSH CONNECTION FOR USER: root
<10.0.1.188> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.1.188> SSH: ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: (-o)(StrictHostKeyChecking=no)
<10.0.1.188> SSH: ANSIBLE_REMOTE_PORT/remote_port/ansible_port set: (-o)(Port=22)
<10.0.1.188> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User="root")
<10.0.1.188> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<10.0.1.188> SSH: PlayContext set ssh_common_args: ()
<10.0.1.188> SSH: PlayContext set ssh_extra_args: ()
<10.0.1.188> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/root/.ansible/cp/b80ff88f95)
<10.0.1.188> SSH: EXEC sshpass -d8 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/b80ff88f95 10.0.1.188 '/bin/sh -c '"'"'/usr/bin/python && sleep 0'"'"''
<10.0.1.188> (0, '{"osrelease_content": "NAME=\\"CentOS Linux\\"\\nVERSION=\\"7 (Core)\\"\\nID=\\"centos\\"\\nID_LIKE=\\"rhel fedora\\"\\nVERSION_ID=\\"7\\"\\nPRETTY_NAME=\\"CentOS Linux 7 (Core)\\"\\nANSI_COLOR=\\"0;31\\"\\nCPE_NAME=\\"cpe:/o:centos:centos:7\\"\\nHOME_URL=\\"https://www.centos.org/\\"\\nBUG_REPORT_URL=\\"https://bugs.centos.org/\\"\\n\\nCENTOS_MANTISBT_PROJECT=\\"CentOS-7\\"\\nCENTOS_MANTISBT_PROJECT_VERSION=\\"7\\"\\nREDHAT_SUPPORT_PRODUCT=\\"centos\\"\\nREDHAT_SUPPORT_PRODUCT_VERSION=\\"7\\"\\n\\n", "platform_dist_result": ["centos", "7.9.2009", "Core"]}\n', 'OpenSSH_7.4p1, OpenSSL 0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 9656\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
Using module file /usr/lib/python2.7/site-packages/ansible/modules/commands/command.py
<10.0.1.188> PUT /root/.ansible/tmp/ansible-local-9670hTU1Dc/tmp_MnOFT TO /root/.ansible/tmp/ansible-tmp-1713800997.08-9678-127225945779150/AnsiballZ_command.py
<10.0.1.188> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.1.188> SSH: ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: (-o)(StrictHostKeyChecking=no)
<10.0.1.188> SSH: ANSIBLE_REMOTE_PORT/remote_port/ansible_port set: (-o)(Port=22)
<10.0.1.188> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User="root")
<10.0.1.188> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<10.0.1.188> SSH: PlayContext set ssh_common_args: ()
<10.0.1.188> SSH: PlayContext set scp_extra_args: ()
<10.0.1.188> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/root/.ansible/cp/b80ff88f95)
<10.0.1.188> SSH: EXEC sshpass -d8 scp -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/b80ff88f95 /root/.ansible/tmp/ansible-local-9670hTU1Dc/tmp_MnOFT '[10.0.1.188]:/root/.ansible/tmp/ansible-tmp-1713800997.08-9678-127225945779150/AnsiballZ_command.py'
<10.0.1.188> (0, '', 'Executing: program /usr/bin/ssh host 10.0.1.188, user (unspecified), command scp -v -t /root/.ansible/tmp/ansible-tmp-1713800997.08-9678-127225945779150/AnsiballZ_command.py\nOpenSSH_7.4p1, OpenSSL 0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 9656\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\nSending file modes: C0600 118551 tmp_MnOFT\nSink: C0600 118551 tmp_MnOFT\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<10.0.1.188> ESTABLISH SSH CONNECTION FOR USER: root
<10.0.1.188> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.1.188> SSH: ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: (-o)(StrictHostKeyChecking=no)
<10.0.1.188> SSH: ANSIBLE_REMOTE_PORT/remote_port/ansible_port set: (-o)(Port=22)
<10.0.1.188> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User="root")
<10.0.1.188> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<10.0.1.188> SSH: PlayContext set ssh_common_args: ()
<10.0.1.188> SSH: PlayContext set ssh_extra_args: ()
<10.0.1.188> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/root/.ansible/cp/b80ff88f95)
<10.0.1.188> SSH: EXEC sshpass -d8 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/b80ff88f95 10.0.1.188 '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1713800997.08-9678-127225945779150/ /root/.ansible/tmp/ansible-tmp-1713800997.08-9678-127225945779150/AnsiballZ_command.py && sleep 0'"'"''
<10.0.1.188> (0, '', 'OpenSSH_7.4p1, OpenSSL 0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 9656\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<10.0.1.188> ESTABLISH SSH CONNECTION FOR USER: root
<10.0.1.188> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.1.188> SSH: ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: (-o)(StrictHostKeyChecking=no)
<10.0.1.188> SSH: ANSIBLE_REMOTE_PORT/remote_port/ansible_port set: (-o)(Port=22)
<10.0.1.188> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User="root")
<10.0.1.188> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<10.0.1.188> SSH: PlayContext set ssh_common_args: ()
<10.0.1.188> SSH: PlayContext set ssh_extra_args: ()
<10.0.1.188> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/root/.ansible/cp/b80ff88f95)
<10.0.1.188> SSH: EXEC sshpass -d8 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/b80ff88f95 -tt 10.0.1.188 '/bin/sh -c '"'"'/usr/bin/python /root/.ansible/tmp/ansible-tmp-1713800997.08-9678-127225945779150/AnsiballZ_command.py && sleep 0'"'"''
<10.0.1.188> (0, '\r\n{"changed": true, "end": "2024-04-22 23:49:57.310392", "stdout": "Filesystem Size Used Avail Use% Mounted on\\ndevtmpfs 475M 0 475M 0% /dev\\ntmpfs 487M 0 487M 0% /dev/shm\\ntmpfs 487M 7.6M 479M 2% /run\\ntmpfs 487M 0 487M 0% /sys/fs/cgroup\\n/dev/sda2 94G 2.1G 92G 3% /\\n/dev/sda3 47G 33M 47G 1% /data\\n/dev/sda1 1014M 153M 862M 16% /boot", "cmd": "df -h", "rc": 0, "start": "2024-04-22 23:49:57.306562", "stderr": "", "delta": "0:00:00.003830", "invocation": {"module_args": {"creates": null, "executable": null, "_uses_shell": true, "strip_empty_ends": true, "_raw_params": "df -h", "removes": null, "argv": null, "warn": true, "chdir": null, "stdin_add_newline": true, "stdin": null}}}\r\n', 'OpenSSH_7.4p1, OpenSSL 0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 9656\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\nShared connection to 10.0.1.188 closed.\r\n')
<10.0.1.188> ESTABLISH SSH CONNECTION FOR USER: root
<10.0.1.188> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.1.188> SSH: ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: (-o)(StrictHostKeyChecking=no)
<10.0.1.188> SSH: ANSIBLE_REMOTE_PORT/remote_port/ansible_port set: (-o)(Port=22)
<10.0.1.188> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User="root")
<10.0.1.188> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<10.0.1.188> SSH: PlayContext set ssh_common_args: ()
<10.0.1.188> SSH: PlayContext set ssh_extra_args: ()
<10.0.1.188> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/root/.ansible/cp/b80ff88f95)
<10.0.1.188> SSH: EXEC sshpass -d8 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/b80ff88f95 10.0.1.188 '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1713800997.08-9678-127225945779150/ > /dev/null 2>&1 && sleep 0'"'"''
<10.0.1.188> (0, '', 'OpenSSH_7.4p1, OpenSSL 0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 9656\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
10.0.1.188 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
devtmpfs 475M 0 475M 0% /dev
tmpfs 487M 0 487M 0% /dev/shm
tmpfs 487M 7.6M 479M 2% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sda2 94G 2.1G 92G 3% /
/dev/sda3 47G 33M 47G 1% /data
/dev/sda1 1014M 153M 862M 16% /boot
META: ran handlers
META: ran handlers
cron定时任务模块
官网文档 https://docs.ansible.com/ansible/latest/modules/cron_module.html#cron-module
cron模块用于管理定时任务的记录,编写任务
定时任务的记录,语法格式
* * * * * 要执行的命令
对比ansible的cron模块,和crontab
常见的参数如此,使用ansible编写定时任务,和直接编写是没有什么区别的
添加ntpdate定时任务
添加每5分钟执行一次和阿里云时间同步
*/5 * * * * ntpdate -u ntp.aliyun.com
name、job、minute参数
cron模块创建定时任务
[root@ansible-1 ~]# ansible nfs -m cron -a "name='ntp aliyun' minute=*/5 job='ntpdate -u ntp.aliyun'"
10.0.1.188 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"ntp aliyun"
]
}
查看远程机器的crontab记录
[root@ansible-1 ~]# ansible nfs -m shell -a "crontab -l"
10.0.1.188 | CHANGED | rc=0 >>
#time sync by lidao at 2017-03-08
*/5 * * * * /usr/sbin/ntpdate ntp aliyun.com >/dev/null 2>&1
#Ansible: ntp aliyun
*/5 * * * * ntpdate -u ntp.aliyun
删除定时任务
只能基于cron模块指定名字的修改
name参数,state参数
先检查远程的定时任务
[root@ansible-1 ~]# ansible nfs -m cron -a "name='ntp aliyun' state=absent"
10.0.1.188 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
正统用法
ansible nfs -m cron -a "name='ntp aliyun' state=absent" #absent表示删除或不存在
[root@ansible-1 ~]# ansible nfs -m shell -a "crontab -l"
10.0.1.188 | CHANGED | rc=0 >>
#time sync by lidao at 2017-03-08
*/5 * * * * /usr/sbin/ntpdate ntp aliyun.com >/dev/null 2>&1
歪门邪道
[root@ansible-1 ~]#ansible nfs -m shell -a "crontab -r"
192.168.106.31 | CHANGED | rc=0 >>
创建每分钟执行的任务
不指定任何时间规则,默认是每分钟
[root@ansible-1 ~]#ansible nfs -m cron -a "name='一句话' job='echo "人定胜天" >>/tmp/hello.log'"
[root@ansible-1 ~]# ansible nfs -m cron -a "name='牛逼' job='echo "人定胜天" >> /tmp/hello.log'"
范例:
[root@ansible-1 ~]# ansible nfs -m cron -a "name='牛逼' job='echo "人定胜天" >> /tmp/hello.log'"
10.0.1.188 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"一句话",
"牛逼"
]
}
[root@ansible-1 ~]# ansible nfs -m shell -a "crontab -l"
10.0.1.188 | CHANGED | rc=0 >>
#time sync by lidao at 2017-03-08
*/5 * * * * /usr/sbin/ntpdate ntp aliyun.com >/dev/null 2>&1
#Ansible: 一句话
* * * * * echo 人定胜天 >>/tmp/hello.log
#Ansible: 牛逼
* * * * * echo 人定胜天 >> /tmp/hello.log
修改指定名称的定时任务
[root@ansible-1 ~]# ansible nfs -m cron -a "name='一句话' minute=30 hour=23 job='echo 人定胜天 >> /tmp/hello.log'"
10.0.1.188 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"一句话",
"牛逼"
]
}
[root@ansible-1 ~]# ansible nfs -m shell -a "crontab -l"
10.0.1.188 | CHANGED | rc=0 >>
#time sync by lidao at 2017-03-08
*/5 * * * * /usr/sbin/ntpdate ntp aliyun.com >/dev/null 2>&1
#Ansible: 一句话
30 23 * * * echo 人定胜天 >> /tmp/hello.log
#Ansible: 牛逼
* * * * * echo 人定胜天 >> /tmp/hello.log
group模块
管理系统用户组的模块
官网文档 https://docs.ansible.com/ansible/latest/modules/group_module.html#group-
语法
模块参数 参数描述
name 创建指定的组名
gid 组的GID
state absent,移除远程主机的组
present,创建远端主机的组
对组管理,也就是创建、删除、查看了
创建yiyuan_ops组,gid=1234
name、gid
ansible nfs -m group -a "name=yiyuan_ops gid=1234"
范例:
[root@ansible-1 ~]# ansible nfs -m group -a "name=yiyuan_ops gid=1234"
10.0.1.188 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 1234,
"name": "yiyuan_ops",
"state": "present",
"system": false
}
删除组
name、gid、state
ansible nfs -m group -a "name=yiyuan_ops gid=1234 state=absent"
范例:
[root@ansible-1 ~]# ansible nfs -m group -a "name=yiyuan_ops gid=1234 state=absent"
10.0.1.188 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "yiyuan_ops",
"state": "absent"
}
user用户模块
用户管理,也就是关于用户的
- uid
- 用户名
- 用户主组
- 用户附加组
- 创建用户
- 删除用户
- 创建关于用户的公私钥
- 用户过期时间
- 用户密码过期时间
官网文档 https://docs.ansible.com/ansible/latest/modules/user_module.html#user-module
语法参数
实例用法 https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html#examples
| 模块参数 | 参数描述 |
|---|---|
| create_home | 创建家目录,设置no则不创建家目录 |
| group | 创建用户组 |
| name | 创建用户的名字 |
| password | 创建用户的密码 |
| uid | 创建用户的UID |
| shell | 用户登录解释器 |
| state | Absent(删除用户)present(默认参数,创建) |
| expires | 账户过期时间 |
创建yiyuan用户,uid为8888
ansible nfs -m user -a "name=yiyuan uid=8888"
范例:
[root@ansible-1 ~]# ansible nfs -m user -a "name=yiyuan uid=8888"
10.0.1.188 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 8888,
"home": "/home/yiyuan",
"name": "yiyuan",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 8888
}
创建用户eryuan
- uid、gid为1777
- 没有家目录、不允许登录
注意该用户组是否存在,否则报错
group、name、gid
ansible nfs -m group -a "name=eryuan gid=1777"
[root@ansible-1 ~]# ansible nfs -m group -a "name=eryuan gid=1777"
10.0.1.188 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 1777,
"name": "eryuan",
"state": "present",
"system": false
}
创建用户,设置权限
user、name、uid、group、create_home、shell
ansible nfs -m group -a "name=eryuan gid=1777"
[root@ansible-1 ~]#ansible nfs -m user -a "name=yiyuan uid=1777 group=1777 create_home=no shell=/sbin/nologin"
[root@ansible-1 ~]# ansible nfs -m user -a "name=yiyuan uid=1777 group=1777 create_home=no shell=/sbin/nologin"
10.0.1.188 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": true,
"comment": "",
"group": 1777,
"home": "/home/yiyuan",
"move_home": false,
"name": "yiyuan",
"shell": "/sbin/nologin",
"state": "present",
"uid": 1777
}
检查用户
[root@ansible-1 ~]# ansible nfs -m user -a "name=yiyuan state=present"
10.0.1.188 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": false,
"comment": "",
"group": 1777,
"home": "/home/yiyuan",
"move_home": false,
"name": "yiyuan",
"shell": "/sbin/nologin",
"state": "present",
"uid": 1777
}
yum安装软件
yum模块明显就是一个专门用于管理软件的模块。
官网文档示例用法 https://docs.ansible.com/ansible/latest/collections/ansible/builtin/yum_module.html#examples
yum模块其实就是在远程节点上,执行yum命令,你可以快速登录到目标机器,查看进程
安装net-tools最新版本
latest参数也用于升级软件包
ansible backup -m yum -a "name=net-tools state=latest"
ansible all -m yum -a "name=net-tools state=installed"
范例:
[root@ansible-1 ~]# ansible backup -m yum -a "name=net-tools state=latest"
10.0.1.189 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"net-tools"
],
"updated": []
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n net-tools x86_64 2.0-0.25.20131004git.el7 base 306 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 306 k\nInstalled size: 917 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1 \n Verifying : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1 \n\nInstalled:\n net-tools.x86_64 0:2.0-0.25.20131004git.el7 \n\nComplete!\n"
]
}
[root@ansible-1 ~]# ansible all -m yum -a "name=net-tools state=installed"
10.0.1.189 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "",
"rc": 0,
"results": [
"net-tools-2.0-0.25.20131004git.el7.x86_64 providing net-tools is already installed"
]
}
10.0.1.188 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"net-tools"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n net-tools x86_64 2.0-0.25.20131004git.el7 base 306 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 306 k\nInstalled size: 917 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1 \n Verifying : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1 \n\nInstalled:\n net-tools.x86_64 0:2.0-0.25.20131004git.el7 \n\nComplete!\n"
]
}
10.0.1.187 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"net-tools"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n net-tools x86_64 2.0-0.25.20131004git.el7 base 306 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 306 k\nInstalled size: 917 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1 \n Verifying : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1 \n\nInstalled:\n net-tools.x86_64 0:2.0-0.25.20131004git.el7 \n\nComplete!\n"
]
}
10.0.1.186 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"net-tools"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n net-tools x86_64 2.0-0.25.20131004git.el7 base 306 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 306 k\nInstalled size: 917 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1 \n Verifying : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1 \n\nInstalled:\n net-tools.x86_64 0:2.0-0.25.20131004git.el7 \n\nComplete!\n"
]
}
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"net-tools"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n net-tools x86_64 2.0-0.25.20131004git.el7 base 306 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 306 k\nInstalled size: 917 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1 \n Verifying : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1 \n\nInstalled:\n net-tools.x86_64 0:2.0-0.25.20131004git.el7 \n\nComplete!\n"
]
}
卸载net-tools软件
ansible backup -m yum -a "name=net-tools state=absent"
范例:
[root@ansible-1 ~]# ansible backup -m yum -a "name=net-tools state=absent"
10.0.1.189 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"removed": [
"net-tools"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nResolving Dependencies\n--> Running transaction check\n---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n net-tools x86_64 2.0-0.25.20131004git.el7 @base 917 k\n\nTransaction Summary\n================================================================================\nRemove 1 Package\n\nInstalled size: 917 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Erasing : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1 \n Verifying : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1 \n\nRemoved:\n net-tools.x86_64 0:2.0-0.25.20131004git.el7 \n\nComplete!\n"
]
}
卸载rsync服务
ansible backup -m yum -a "name=rsync state=abesent"
范例:
[root@ansible-1 ~]# ansible backup -m yum -a "name=rsync state=absent"
10.0.1.189 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "",
"rc": 0,
"results": [
"rsync is not installed"
]
}
安装rsync服务
ansible backup -m yum -a "name=rsync state=installed"
检查rsync
ansible backup -m shell -a "rpm -qa rsync"
范例:
[root@ansible-1 ~]# ansible backup -m yum -a "name=rsync state=installed"
10.0.1.189 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"rsync"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package rsync.x86_64 0:3.1.2-12.el7_9 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n rsync x86_64 3.1.2-12.el7_9 updates 408 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 408 k\nInstalled size: 820 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : rsync-3.1.2-12.el7_9.x86_64 1/1 \n Verifying : rsync-3.1.2-12.el7_9.x86_64 1/1 \n\nInstalled:\n rsync.x86_64 0:3.1.2-12.el7_9 \n\nComplete!\n"
]
}
[root@ansible-1 ~]# ansible backup -m shell -a "rpm -qa rsync"
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If you
need to use command because yum, dnf or zypper is insufficient you can add 'warn: false' to
this command task or set 'command_warnings=False' in ansible.cfg to get rid of this
message.
10.0.1.189 | CHANGED | rc=0 >>
rsync-3.1.2-12.el7_9.x86_64
[root@ansible-1 ~]# ansible backup -m shell -a "rpm -qa rsync warn=false"
10.0.1.189 | CHANGED | rc=0 >>
rsync-3.1.2-12.el7_9.x86_64
service/systemd模块
该模块作用是针对yum包管理
service适用于centos6前的系统
systemd命令应用于centos7系统
要注意的是service模块依旧对centos7有效,但是建议大家使用systemd模块
- systemd模块用于控制远程主机的systemd服务,说白了,就是Linux下的systemd命令。需要远程主机支持systemd
- 用法和service模块基本相同
systemd模块参数
如果使用systemctl 管理程序的话,可以使用systemd模块,systemctl 可以 控制程序启/停,reload,开机启动,观察程序状态(status)等,掌握使用后管理就更方便了
主要参数
daemon_reload:在执行任何其他操作之前运行守护进程重新加载,以确保systemd已经读取其他更改
enabled:服务是否开机自动启动yes|no。enabled和state至少要有一个被定义
masked:是否将服务设置为masked状态,被mask的服务是无法启动的
name:必选项,服务名称
no_block(2.3后新增):不要同步等待操作请求完成
state:对当前服务执行启动,停止、重启、重新加载等操作(started,stopped,restarted,reloaded)
user:使用服务的调用者运行systemctl,而不是系统的服务管理者
安装、启动nginx服务
安装nginx服务
ansible 10.0.1.185 -m yum -a "name=nginx state=installed"
2.启动服务
ansible web -m systemd -a "name=nginx state=started"
3.查询状态,这里ansible未直接提供status参数,你可以借助command模块即可
ansible web -a "systemctl status nginx"
4.停止nginx服务
ansible web -m systemd -a "name=nginx state=stopped"
5.设置nginx开机自启
ansible web -m systemd -a "name=nginx state=started enabled=yes"
6.检查nginx状态
ansible web -a "systemctl is-enabled nginx"
ansible web -a "systemctl status nginx"
7.关闭开机自启、且停止服务
ansible web -m systemd -a "name=nginx state=stopped enabled=no"
8.再次检查状态
ansible web -m shell -a "systemctl is-enabled nginx;systemctl status nginx"
范例:
[root@ansible-1 ~]# ansible 10.0.1.185 -m yum -a "name=nginx state=installed"
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"nginx"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package nginx.x86_64 1:1.20.1-10.el7 will be installed\n--> Processing Dependency: nginx-filesystem = 1:1.20.1-10.el7 for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_0)(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_1)(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: nginx-filesystem for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: redhat-indexhtml for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: libcrypto.so.1.1()(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: libprofiler.so.0()(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: libssl.so.1.1()(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Running transaction check\n---> Package centos-indexhtml.noarch 0:7-9.el7.centos will be installed\n---> Package gperftools-libs.x86_64 0:2.6.1-1.el7 will be installed\n---> Package nginx-filesystem.noarch 1:1.20.1-10.el7 will be installed\n---> Package openssl11-libs.x86_64 1:1.1.1k-7.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n nginx x86_64 1:1.20.1-10.el7 epel 588 k\nInstalling for dependencies:\n centos-indexhtml noarch 7-9.el7.centos base 92 k\n gperftools-libs x86_64 2.6.1-1.el7 base 272 k\n nginx-filesystem noarch 1:1.20.1-10.el7 epel 24 k\n openssl11-libs x86_64 1:1.1.1k-7.el7 epel 1.5 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+4 Dependent packages)\n\nTotal download size: 2.4 M\nInstalled size: 6.7 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 1.8 MB/s | 2.4 MB 00:01 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : 1:openssl11-libs-1.1.1k-7.el7.x86_64 1/5 \n Installing : 1:nginx-filesystem-1.20.1-10.el7.noarch 2/5 \n Installing : centos-indexhtml-7-9.el7.centos.noarch 3/5 \n Installing : gperftools-libs-2.6.1-1.el7.x86_64 4/5 \n Installing : 1:nginx-1.20.1-10.el7.x86_64 5/5 \n Verifying : gperftools-libs-2.6.1-1.el7.x86_64 1/5 \n Verifying : centos-indexhtml-7-9.el7.centos.noarch 2/5 \n Verifying : 1:nginx-filesystem-1.20.1-10.el7.noarch 3/5 \n Verifying : 1:nginx-1.20.1-10.el7.x86_64 4/5 \n Verifying : 1:openssl11-libs-1.1.1k-7.el7.x86_64 5/5 \n\nInstalled:\n nginx.x86_64 1:1.20.1-10.el7 \n\nDependency Installed:\n centos-indexhtml.noarch 0:7-9.el7.centos gperftools-libs.x86_64 0:2.6.1-1.el7\n nginx-filesystem.noarch 1:1.20.1-10.el7 openssl11-libs.x86_64 1:1.1.1k-7.el7\n\nComplete!\n"
]
}
[root@ansible-1 ~]# ansible web -m systemd -a "name=nginx state=started"
10.0.1.186 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "Could not find the requested service nginx: host"
}
10.0.1.187 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "Could not find the requested service nginx: host"
}
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "nginx",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "systemd-journald.socket -.mount tmp.mount basic.target nss-lookup.target network-online.target system.slice remote-fs.target",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Before": "shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"CollectMode": "inactive",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"Conflicts": "shutdown.target",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The nginx HTTP and reverse proxy server",
"DevicePolicy": "auto",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx -s reload ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStartPre": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx -t ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/nginx.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "nginx.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestampMonotonic": "0",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "process",
"KillSignal": "3",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "4096",
"LimitNPROC": "3799",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "3799",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "0",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "nginx.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PIDFile": "/run/nginx.pid",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "yes",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "basic.target -.mount system.slice",
"RequiresMountsFor": "/var/tmp",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "18446744073709551615",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "5s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"Wants": "network-online.target",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
[root@ansible-1 ~]# ansible web -a "systemctl status nginx"
10.0.1.186 | FAILED | rc=4 >>
Unit nginx.service could not be found.non-zero return code
10.0.1.187 | FAILED | rc=4 >>
Unit nginx.service could not be found.non-zero return code
10.0.1.185 | CHANGED | rc=0 >>
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2024-04-23 00:19:54 CST; 1min 28s ago
Process: 15629 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 15627 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 15626 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 15632 (nginx)
CGroup: /system.slice/nginx.service
├─15632 nginx: master process /usr/sbin/ngin
└─15634 nginx: worker proces
Apr 23 00:19:54 web1 systemd[1]: Starting The nginx HTTP and reverse proxy server...
Apr 23 00:19:54 web1 nginx[15627]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Apr 23 00:19:54 web1 nginx[15627]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Apr 23 00:19:54 web1 systemd[1]: Started The nginx HTTP and reverse proxy server.
[root@ansible-1 ~]# ansible web -m systemd -a "name=nginx state=stopped"
10.0.1.187 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "Could not find the requested service nginx: host"
}
10.0.1.186 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "Could not find the requested service nginx: host"
}
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "nginx",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "Tue 2024-04-23 00:19:54 CST",
"ActiveEnterTimestampMonotonic": "51680310310",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "systemd-journald.socket -.mount system.slice basic.target nss-lookup.target network-online.target remote-fs.target tmp.mount",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "yes",
"AssertTimestamp": "Tue 2024-04-23 00:19:54 CST",
"AssertTimestampMonotonic": "51680297662",
"Before": "shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Tue 2024-04-23 00:19:54 CST",
"ConditionTimestampMonotonic": "51680297662",
"Conflicts": "shutdown.target",
"ControlGroup": "/system.slice/nginx.service",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The nginx HTTP and reverse proxy server",
"DevicePolicy": "auto",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "15632",
"ExecMainStartTimestamp": "Tue 2024-04-23 00:19:54 CST",
"ExecMainStartTimestampMonotonic": "51680310289",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx -s reload ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx ; ignore_errors=no ; start_time=[Tue 2024-04-23 00:19:54 CST] ; stop_time=[Tue 2024-04-23 00:19:54 CST] ; pid=15629 ; code=exited ; status=0 }",
"ExecStartPre": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx -t ; ignore_errors=no ; start_time=[Tue 2024-04-23 00:19:54 CST] ; stop_time=[Tue 2024-04-23 00:19:54 CST] ; pid=15627 ; code=exited ; status=0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/nginx.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "nginx.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestamp": "Tue 2024-04-23 00:19:54 CST",
"InactiveExitTimestampMonotonic": "51680298000",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "process",
"KillSignal": "3",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "4096",
"LimitNPROC": "3799",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "3799",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "15632",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "nginx.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PIDFile": "/run/nginx.pid",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "yes",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "basic.target -.mount system.slice",
"RequiresMountsFor": "/var/tmp",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "running",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "18446744073709551615",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "5s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"Wants": "network-online.target",
"WatchdogTimestamp": "Tue 2024-04-23 00:19:54 CST",
"WatchdogTimestampMonotonic": "51680310299",
"WatchdogUSec": "0"
}
}
[root@ansible-1 ~]# ansible web -m systemd -a "name=nginx state=started enabled=yes"
10.0.1.187 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "Could not find the requested service nginx: host"
}
10.0.1.186 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "Could not find the requested service nginx: host"
}
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"enabled": true,
"name": "nginx",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "remote-fs.target network-online.target system.slice systemd-journald.socket basic.target -.mount tmp.mount nss-lookup.target",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Before": "shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"CollectMode": "inactive",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"Conflicts": "shutdown.target",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The nginx HTTP and reverse proxy server",
"DevicePolicy": "auto",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx -s reload ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStartPre": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx -t ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/nginx.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "nginx.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestampMonotonic": "0",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "process",
"KillSignal": "3",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "4096",
"LimitNPROC": "3799",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "3799",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "0",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "nginx.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PIDFile": "/run/nginx.pid",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "yes",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "basic.target -.mount system.slice",
"RequiresMountsFor": "/var/tmp",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "18446744073709551615",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "5s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"Wants": "network-online.target",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
[root@ansible-1 ~]# ansible web -a "systemctl is-enabled nginx"
10.0.1.185 | CHANGED | rc=0 >>
enabled
10.0.1.186 | FAILED | rc=1 >>
Failed to get unit file state for nginx.service: No such file or directorynon-zero return code
10.0.1.187 | FAILED | rc=1 >>
Failed to get unit file state for nginx.service: No such file or directorynon-zero return code
[root@ansible-1 ~]# ansible web -a "systemctl status nginx"
10.0.1.185 | CHANGED | rc=0 >>
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-04-23 00:22:45 CST; 35s ago
Process: 15933 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 15931 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 15930 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 15935 (nginx)
CGroup: /system.slice/nginx.service
├─15935 nginx: master process /usr/sbin/ngin
└─15937 nginx: worker proces
Apr 23 00:22:45 web1 systemd[1]: Starting The nginx HTTP and reverse proxy server...
Apr 23 00:22:45 web1 nginx[15931]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Apr 23 00:22:45 web1 nginx[15931]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Apr 23 00:22:45 web1 systemd[1]: Started The nginx HTTP and reverse proxy server.
10.0.1.187 | FAILED | rc=4 >>
Unit nginx.service could not be found.non-zero return code
10.0.1.186 | FAILED | rc=4 >>
Unit nginx.service could not be found.non-zero return code
[root@ansible-1 ~]# ansible web -m systemd -a "name=nginx state=stopped enabled=no"
10.0.1.187 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "Could not find the requested service nginx: host"
}
10.0.1.186 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "Could not find the requested service nginx: host"
}
10.0.1.185 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"enabled": false,
"name": "nginx",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "Tue 2024-04-23 00:22:45 CST",
"ActiveEnterTimestampMonotonic": "51851424703",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "-.mount remote-fs.target systemd-journald.socket basic.target tmp.mount nss-lookup.target network-online.target system.slice",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "yes",
"AssertTimestamp": "Tue 2024-04-23 00:22:45 CST",
"AssertTimestampMonotonic": "51851413477",
"Before": "multi-user.target shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Tue 2024-04-23 00:22:45 CST",
"ConditionTimestampMonotonic": "51851413477",
"Conflicts": "shutdown.target",
"ControlGroup": "/system.slice/nginx.service",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The nginx HTTP and reverse proxy server",
"DevicePolicy": "auto",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "15935",
"ExecMainStartTimestamp": "Tue 2024-04-23 00:22:45 CST",
"ExecMainStartTimestampMonotonic": "51851424683",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx -s reload ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx ; ignore_errors=no ; start_time=[Tue 2024-04-23 00:22:45 CST] ; stop_time=[Tue 2024-04-23 00:22:45 CST] ; pid=15933 ; code=exited ; status=0 }",
"ExecStartPre": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx -t ; ignore_errors=no ; start_time=[Tue 2024-04-23 00:22:45 CST] ; stop_time=[Tue 2024-04-23 00:22:45 CST] ; pid=15931 ; code=exited ; status=0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/nginx.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "nginx.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestamp": "Tue 2024-04-23 00:22:45 CST",
"InactiveExitTimestampMonotonic": "51851413768",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "process",
"KillSignal": "3",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "4096",
"LimitNPROC": "3799",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "3799",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "15935",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "nginx.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PIDFile": "/run/nginx.pid",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "yes",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "system.slice basic.target -.mount",
"RequiresMountsFor": "/var/tmp",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "running",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "18446744073709551615",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "5s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "enabled",
"WantedBy": "multi-user.target",
"Wants": "network-online.target",
"WatchdogTimestamp": "Tue 2024-04-23 00:22:45 CST",
"WatchdogTimestampMonotonic": "51851424693",
"WatchdogUSec": "0"
}
}
[root@ansible-1 ~]# ansible web -m shell -a "systemctl is-enabled nginx;systemctl status nginx"
10.0.1.185 | FAILED | rc=3 >>
disabled
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Apr 23 00:19:54 web1 nginx[15627]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Apr 23 00:19:54 web1 systemd[1]: Started The nginx HTTP and reverse proxy server.
Apr 23 00:22:15 web1 systemd[1]: Stopping The nginx HTTP and reverse proxy server...
Apr 23 00:22:15 web1 systemd[1]: Stopped The nginx HTTP and reverse proxy server.
Apr 23 00:22:45 web1 systemd[1]: Starting The nginx HTTP and reverse proxy server...
Apr 23 00:22:45 web1 nginx[15931]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Apr 23 00:22:45 web1 nginx[15931]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Apr 23 00:22:45 web1 systemd[1]: Started The nginx HTTP and reverse proxy server.
Apr 23 00:23:51 web1 systemd[1]: Stopping The nginx HTTP and reverse proxy server...
Apr 23 00:23:51 web1 systemd[1]: Stopped The nginx HTTP and reverse proxy server.non-zero return code
10.0.1.186 | FAILED | rc=4 >>
Failed to get unit file state for nginx.service: No such file or directory
Unit nginx.service could not be found.non-zero return code
10.0.1.187 | FAILED | rc=4 >>
Failed to get unit file state for nginx.service: No such file or directory
Unit nginx.service could not be found.non-zero return code
mount挂载模块
官网 https://docs.ansible.com/ansible/latest/collections/ansible/posix/mount_module.html#mount-
state参数
mounted
立即挂载
2.写入fstab文件
3.创建挂载点
unmounted
卸载挂载设备
2.不会删除fstab文件的记录
present
只写入fstab文件记录
2.不会立即挂载
absent
删除fstab中记录
2.卸载设备
3.删除挂载点
remounted
重新挂载这个设备
给web-1机器挂载nfs目录(只写入/etc/fstab而不挂载)
nfs服务器部署
yum install -y nfs-utils
mkdir /nfs
vim /etc/exports
/nfs 10.0.0.0/24(rw,async,no_root_squash,no_all_squash)
systemctl restart rpcbind
systemctl restart nfs
systemctl enable rpcbind
systemctl enable nfs
检查 NFS 服务器端是否有目录共享
showmount -e 10.0.0.20
/nfs 共享目录
10.0.0.0/24 授权ip网段
(rw,sync,no_root_squash,no_all_squash)
rw:读写
sync:同步写入内存和硬盘
no_root_squash:root身份访问
no_all_squash:所有用户不能转换匿名用户
挂载设备
立即挂载,可以访问该设备的资料
[root@ansible-1 ~]#ansible 10.0.1.185 -m mount -a "src='172.16. 31:/nfs' path='/test-nfs' state=present fstype=nfs"
####命令解释:
这条命令的作用是通过Ansible在IP地址为10.0.1.185的远程主机上,挂载来自IP地址为172.16.31.0的NFS服务器上的/nfs目录到远程主机的/test-nfs目录下,使用NFS文件系统类型,并确保这个挂载是存在的(或激活挂载状态)
2.设置重启后,开机自动挂载, /etc/fstab文件
[root@ansible-1 ~]#ansible 10.0.1.185 -m shell -a "cat /etc/fstab"
10.0.1.185 | CHANGED | rc=0 >>
#
# /etc/fstab
# Created by anaconda on Wed Dec 6 09:39:04 2023
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=25ef620d-b95f-4c8f-b31f-abea6cc783a9 /boot xfs defaults 0 0
#/dev/mapper/centos-swap swap swap defaults 0 0
192.168.106.31:/nfs-data /test-nfs nfs defaults 0 0
给web-1机器挂载nfs目录(立即挂载且写入/etc/fstab)
ansible 10.0.1.185 -m mount -a "src='192.168.106.31:/nfs-data' path='/test-nfs' state=mounted fstype=nfs"
检查
ansible web -a "df -h"
ansible web -a "cat /"
取消挂载,以及删除fstab记录
删除fstab
2.卸载设备
3.删除挂载点
ansible 10.0.1.185 -m mount -a "src='192.168.106.31:/nfs-data' path='/test-nfs' state=absent fstype=nfs"
取消挂载,不删除fstab记录
ansible 10.0.1.185 -m mount -a "src='192.168.106.31:/nfs-data' path='/test-nfs' state=unmounted fstype=nfs"
archive压缩模块
官网文档 https://docs.ansible.com/ansible/latest/collections/community/general/archive_module.html
支持压缩类型
bz2
gz ← (default)
tar
xz
zip
用法文档
https://docs.ansible.com/ansible/latest/collections/community/general/archive_module.html#examples
指定format即可
压缩/etc配置文件到指定路径
压缩整个/etc文件夹到 /tmp/all_etc.tar.gz
path=/etc
dest=/tmp/all_etc.tar.gz
backup机器
ansible backup -m archive -a "path=/etc dest=/tmp/all_etc.tar.gz"
范例:
[root@ansible-1 ~]# ansible backup -m archive -a "path=/etc dest=/tmp/all_etc.tar.gz"
"/etc/selinux/targeted/active/modules/100/dnssec/hll",
"/etc/selinux/targeted/active/modules/100/dnssec/lang_ext",
"/etc/selinux/targeted/active/modules/100/dovecot/cil",
"/etc/selinux/targeted/active/modules/100/dovecot/hll",
"/etc/selinux/targeted/active/modules/100/dovecot/lang_ext",
"/etc/selinux/targeted/active/modules/100/drbd/cil",
"/etc/selinux/targeted/active/modules/100/drbd/hll",
"/etc/selinux/targeted/active/modules/100/drbd/lang_ext",
"/etc/selinux/targeted/active/modules/100/dspam/cil",
"/etc/selinux/targeted/active/modules/100/dspam/hll",
"/etc/selinux/targeted/active/modules/100/dspam/lang_ext",
"/etc/selinux/targeted/active/modules/100/entropyd/cil",
"/etc/selinux/targeted/active/modules/100/entropyd/hll",
"/etc/selinux/targeted/active/modules/100/entropyd/lang_ext",
"/etc/selinux/targeted/active/modules/100/exim/cil",
"/etc/selinux/targeted/active/modules/100/exim/hll",
"/etc/selinux/targeted/active/modules/100/exim/lang_ext",
"/etc/selinux/targeted/active/modules/100/fail2ban/cil",
"/etc/selinux/targeted/active/modules/100/fail2ban/hll",
"/etc/selinux/targeted/active/modules/100/fail2ban/lang_ext",
"/etc/selinux/targeted/active/modules/100/fcoe/cil",
"/etc/selinux/targeted/active/modules/100/fcoe/hll",
"/etc/selinux/targeted/active/modules/100/fcoe/lang_ext",
"/etc/selinux/targeted/active/modules/100/fetchmail/cil",
"/etc/selinux/targeted/active/modules/100/fetchmail/hll",
"/etc/selinux/targeted/active/modules/100/fetchmail/lang_ext",
"/etc/selinux/targeted/active/modules/100/finger/cil",
"/etc/selinux/targeted/active/modules/100/finger/hll",
"/etc/selinux/targeted/active/modules/100/finger/lang_ext",
"/etc/selinux/targeted/active/modules/100/firewalld/cil",
"/etc/selinux/targeted/active/modules/100/firewalld/hll",
"/etc/selinux/targeted/active/modules/100/firewalld/lang_ext",
"/etc/selinux/targeted/active/modules/100/firewallgui/cil",
"/etc/selinux/targeted/active/modules/100/firewallgui/hll",
"/etc/selinux/targeted/active/modules/100/firewallgui/lang_ext",
"/etc/selinux/targeted/active/modules/100/firstboot/cil",
"/etc/selinux/targeted/active/modules/100/firstboot/hll",
"/etc/selinux/targeted/active/modules/100/firstboot/lang_ext",
"/etc/selinux/targeted/active/modules/100/fprintd/cil",
"/etc/selinux/targeted/active/modules/100/fprintd/hll",
"/etc/selinux/targeted/active/modules/100/fprintd/lang_ext",
"/etc/selinux/targeted/active/modules/100/freeipmi/cil",
"/etc/selinux/targeted/active/modules/100/freeipmi/hll",
"/etc/selinux/targeted/active/modules/100/freeipmi/lang_ext",
"/etc/selinux/targeted/active/modules/100/freqset/cil",
"/etc/selinux/targeted/active/modules/100/freqset/hll",
"/etc/selinux/targeted/active/modules/100/freqset/lang_ext",
"/etc/selinux/targeted/active/modules/100/fstools/cil",
"/etc/selinux/targeted/active/modules/100/fstools/hll",
"/etc/selinux/targeted/active/modules/100/fstools/lang_ext",
"/etc/selinux/targeted/active/modules/100/ftp/cil",
"/etc/selinux/targeted/active/modules/100/ftp/hll",
"/etc/selinux/targeted/active/modules/100/ftp/lang_ext",
"/etc/selinux/targeted/active/modules/100/games/cil",
"/etc/selinux/targeted/active/modules/100/games/hll",
"/etc/selinux/targeted/active/modules/100/games/lang_ext",
"/etc/selinux/targeted/active/modules/100/ganesha/cil",
"/etc/selinux/targeted/active/modules/100/ganesha/hll",
"/etc/selinux/targeted/active/modules/100/ganesha/lang_ext",
"/etc/selinux/targeted/active/modules/100/gdomap/cil",
"/etc/selinux/targeted/active/modules/100/gdomap/hll",
"/etc/selinux/targeted/active/modules/100/gdomap/lang_ext",
"/etc/selinux/targeted/active/modules/100/geoclue/cil",
"/etc/selinux/targeted/active/modules/100/geoclue/hll",
"/etc/selinux/targeted/active/modules/100/geoclue/lang_ext",
"/etc/selinux/targeted/active/modules/100/getty/cil",
"/etc/selinux/targeted/active/modules/100/getty/hll",
"/etc/selinux/targeted/active/modules/100/getty/lang_ext",
"/etc/selinux/targeted/active/modules/100/git/cil",
"/etc/selinux/targeted/active/modules/100/git/hll",
"/etc/selinux/targeted/active/modules/100/git/lang_ext",
"/etc/selinux/targeted/active/modules/100/gitosis/cil",
"/etc/selinux/targeted/active/modules/100/gitosis/hll",
"/etc/selinux/targeted/active/modules/100/gitosis/lang_ext",
"/etc/selinux/targeted/active/modules/100/glance/cil",
"/etc/selinux/targeted/active/modules/100/glance/hll",
"/etc/selinux/targeted/active/modules/100/glance/lang_ext",
"/etc/selinux/targeted/active/modules/100/glusterd/cil",
"/etc/selinux/targeted/active/modules/100/glusterd/hll",
"/etc/selinux/targeted/active/modules/100/glusterd/lang_ext",
"/etc/selinux/targeted/active/modules/100/gnome/cil",
"/etc/selinux/targeted/active/modules/100/gnome/hll",
"/etc/selinux/targeted/active/modules/100/gnome/lang_ext",
"/etc/selinux/targeted/active/modules/100/gpg/cil",
"/etc/selinux/targeted/active/modules/100/gpg/hll",
"/etc/selinux/targeted/active/modules/100/gpg/lang_ext",
"/etc/selinux/targeted/active/modules/100/gpm/cil",
"/etc/selinux/targeted/active/modules/100/gpm/hll",
"/etc/selinux/targeted/active/modules/100/gpm/lang_ext",
"/etc/selinux/targeted/active/modules/100/gpsd/cil",
"/etc/selinux/targeted/active/modules/100/gpsd/hll",
"/etc/selinux/targeted/active/modules/100/gpsd/lang_ext",
"/etc/selinux/targeted/active/modules/100/gssproxy/cil",
"/etc/selinux/targeted/active/modules/100/gssproxy/hll",
"/etc/selinux/targeted/active/modules/100/gssproxy/lang_ext",
"/etc/selinux/targeted/active/modules/100/guest/cil",
"/etc/selinux/targeted/active/modules/100/guest/hll",
"/etc/selinux/targeted/active/modules/100/guest/lang_ext",
"/etc/selinux/targeted/active/modules/100/hddtemp/cil",
"/etc/selinux/targeted/active/modules/100/hddtemp/hll",
"/etc/selinux/targeted/active/modules/100/hddtemp/lang_ext",
"/etc/selinux/targeted/active/modules/100/hostname/cil",
"/etc/selinux/targeted/active/modules/100/hostname/hll",
"/etc/selinux/targeted/active/modules/100/hostname/lang_ext",
"/etc/selinux/targeted/active/modules/100/hsqldb/cil",
"/etc/selinux/targeted/active/modules/100/hsqldb/hll",
"/etc/selinux/targeted/active/modules/100/hsqldb/lang_ext",
"/etc/selinux/targeted/active/modules/100/hwloc/cil",
"/etc/selinux/targeted/active/modules/100/hwloc/hll",
"/etc/selinux/targeted/active/modules/100/hwloc/lang_ext",
"/etc/selinux/targeted/active/modules/100/hypervkvp/cil",
"/etc/selinux/targeted/active/modules/100/hypervkvp/hll",
"/etc/selinux/targeted/active/modules/100/hypervkvp/lang_ext",
"/etc/selinux/targeted/active/modules/100/icecast/cil",
"/etc/selinux/targeted/active/modules/100/icecast/hll",
"/etc/selinux/targeted/active/modules/100/icecast/lang_ext",
"/etc/selinux/targeted/active/modules/100/inetd/cil",
"/etc/selinux/targeted/active/modules/100/inetd/hll",
"/etc/selinux/targeted/active/modules/100/inetd/lang_ext",
"/etc/selinux/targeted/active/modules/100/init/cil",
"/etc/selinux/targeted/active/modules/100/init/hll",
"/etc/selinux/targeted/active/modules/100/init/lang_ext",
"/etc/selinux/targeted/active/modules/100/inn/cil",
"/etc/selinux/targeted/active/modules/100/inn/hll",
"/etc/selinux/targeted/active/modules/100/inn/lang_ext",
"/etc/selinux/targeted/active/modules/100/iodine/cil",
"/etc/selinux/targeted/active/modules/100/iodine/hll",
"/etc/selinux/targeted/active/modules/100/iodine/lang_ext",
"/etc/selinux/targeted/active/modules/100/iotop/cil",
"/etc/selinux/targeted/active/modules/100/iotop/hll",
"/etc/selinux/targeted/active/modules/100/iotop/lang_ext",
"/etc/selinux/targeted/active/modules/100/ipa/cil",
"/etc/selinux/targeted/active/modules/100/ipa/hll",
"/etc/selinux/targeted/active/modules/100/ipa/lang_ext",
"/etc/selinux/targeted/active/modules/100/ipmievd/cil",
"/etc/selinux/targeted/active/modules/100/ipmievd/hll",
"/etc/selinux/targeted/active/modules/100/ipmievd/lang_ext",
"/etc/selinux/targeted/active/modules/100/ipsec/cil",
"/etc/selinux/targeted/active/modules/100/ipsec/hll",
"/etc/selinux/targeted/active/modules/100/ipsec/lang_ext",
"/etc/selinux/targeted/active/modules/100/iptables/cil",
"/etc/selinux/targeted/active/modules/100/iptables/hll",
"/etc/selinux/targeted/active/modules/100/iptables/lang_ext",
"/etc/selinux/targeted/active/modules/100/irc/cil",
"/etc/selinux/targeted/active/modules/100/irc/hll",
"/etc/selinux/targeted/active/modules/100/irc/lang_ext",
"/etc/selinux/targeted/active/modules/100/irqbalance/cil",
"/etc/selinux/targeted/active/modules/100/irqbalance/hll",
"/etc/selinux/targeted/active/modules/100/irqbalance/lang_ext",
"/etc/selinux/targeted/active/modules/100/iscsi/cil",
"/etc/selinux/targeted/active/modules/100/iscsi/hll",
"/etc/selinux/targeted/active/modules/100/iscsi/lang_ext",
"/etc/selinux/targeted/active/modules/100/isns/cil",
"/etc/selinux/targeted/active/modules/100/isns/hll",
"/etc/selinux/targeted/active/modules/100/isns/lang_ext",
"/etc/selinux/targeted/active/modules/100/jabber/cil",
"/etc/selinux/targeted/active/modules/100/jabber/hll",
"/etc/selinux/targeted/active/modules/100/jabber/lang_ext",
"/etc/selinux/targeted/active/modules/100/jetty/cil",
"/etc/selinux/targeted/active/modules/100/jetty/hll",
"/etc/selinux/targeted/active/modules/100/jetty/lang_ext",
"/etc/selinux/targeted/active/modules/100/jockey/cil",
"/etc/selinux/targeted/active/modules/100/jockey/hll",
"/etc/selinux/targeted/active/modules/100/jockey/lang_ext",
"/etc/selinux/targeted/active/modules/100/journalctl/cil",
"/etc/selinux/targeted/active/modules/100/journalctl/hll",
"/etc/selinux/targeted/active/modules/100/journalctl/lang_ext",
"/etc/selinux/targeted/active/modules/100/kdump/cil",
"/etc/selinux/targeted/active/modules/100/kdump/hll",
"/etc/selinux/targeted/active/modules/100/kdump/lang_ext",
"/etc/selinux/targeted/active/modules/100/kdumpgui/cil",
"/etc/selinux/targeted/active/modules/100/kdumpgui/hll",
"/etc/selinux/targeted/active/modules/100/kdumpgui/lang_ext",
"/etc/selinux/targeted/active/modules/100/keepalived/cil",
"/etc/selinux/targeted/active/modules/100/keepalived/hll",
"/etc/selinux/targeted/active/modules/100/keepalived/lang_ext",
"/etc/selinux/targeted/active/modules/100/kerberos/cil",
"/etc/selinux/targeted/active/modules/100/kerberos/hll",
"/etc/selinux/targeted/active/modules/100/kerberos/lang_ext",
"/etc/selinux/targeted/active/modules/100/keyboardd/cil",
"/etc/selinux/targeted/active/modules/100/keyboardd/hll",
"/etc/selinux/targeted/active/modules/100/keyboardd/lang_ext",
"/etc/selinux/targeted/active/modules/100/keystone/cil",
"/etc/selinux/targeted/active/modules/100/keystone/hll",
"/etc/selinux/targeted/active/modules/100/keystone/lang_ext",
"/etc/selinux/targeted/active/modules/100/kismet/cil",
"/etc/selinux/targeted/active/modules/100/kismet/hll",
"/etc/selinux/targeted/active/modules/100/kismet/lang_ext",
"/etc/selinux/targeted/active/modules/100/kmscon/cil",
"/etc/selinux/targeted/active/modules/100/kmscon/hll",
"/etc/selinux/targeted/active/modules/100/kmscon/lang_ext",
"/etc/selinux/targeted/active/modules/100/kpatch/cil",
"/etc/selinux/targeted/active/modules/100/kpatch/hll",
"/etc/selinux/targeted/active/modules/100/kpatch/lang_ext",
"/etc/selinux/targeted/active/modules/100/ksmtuned/cil",
"/etc/selinux/targeted/active/modules/100/ksmtuned/hll",
"/etc/selinux/targeted/active/modules/100/ksmtuned/lang_ext",
"/etc/selinux/targeted/active/modules/100/ktalk/cil",
"/etc/selinux/targeted/active/modules/100/ktalk/hll",
"/etc/selinux/targeted/active/modules/100/ktalk/lang_ext",
"/etc/selinux/targeted/active/modules/100/l2tp/cil",
"/etc/selinux/targeted/active/modules/100/l2tp/hll",
"/etc/selinux/targeted/active/modules/100/l2tp/lang_ext",
"/etc/selinux/targeted/active/modules/100/ldap/cil",
"/etc/selinux/targeted/active/modules/100/ldap/hll",
"/etc/selinux/targeted/active/modules/100/ldap/lang_ext",
"/etc/selinux/targeted/active/modules/100/libraries/cil",
"/etc/selinux/targeted/active/modules/100/libraries/hll",
"/etc/selinux/targeted/active/modules/100/libraries/lang_ext",
"/etc/selinux/targeted/active/modules/100/likewise/cil",
"/etc/selinux/targeted/active/modules/100/likewise/hll",
"/etc/selinux/targeted/active/modules/100/likewise/lang_ext",
"/etc/selinux/targeted/active/modules/100/linuxptp/cil",
"/etc/selinux/targeted/active/modules/100/linuxptp/hll",
"/etc/selinux/targeted/active/modules/100/linuxptp/lang_ext",
"/etc/selinux/targeted/active/modules/100/lircd/cil",
"/etc/selinux/targeted/active/modules/100/lircd/hll",
"/etc/selinux/targeted/active/modules/100/lircd/lang_ext",
"/etc/selinux/targeted/active/modules/100/livecd/cil",
"/etc/selinux/targeted/active/modules/100/livecd/hll",
"/etc/selinux/targeted/active/modules/100/livecd/lang_ext",
"/etc/selinux/targeted/active/modules/100/lldpad/cil",
"/etc/selinux/targeted/active/modules/100/lldpad/hll",
"/etc/selinux/targeted/active/modules/100/lldpad/lang_ext",
"/etc/selinux/targeted/active/modules/100/loadkeys/cil",
"/etc/selinux/targeted/active/modules/100/loadkeys/hll",
"/etc/selinux/targeted/active/modules/100/loadkeys/lang_ext",
"/etc/selinux/targeted/active/modules/100/locallogin/cil",
"/etc/selinux/targeted/active/modules/100/locallogin/hll",
"/etc/selinux/targeted/active/modules/100/locallogin/lang_ext",
"/etc/selinux/targeted/active/modules/100/lockdev/cil",
"/etc/selinux/targeted/active/modules/100/lockdev/hll",
"/etc/selinux/targeted/active/modules/100/lockdev/lang_ext",
"/etc/selinux/targeted/active/modules/100/logadm/cil",
"/etc/selinux/targeted/active/modules/100/logadm/hll",
"/etc/selinux/targeted/active/modules/100/logadm/lang_ext",
"/etc/selinux/targeted/active/modules/100/logging/cil",
"/etc/selinux/targeted/active/modules/100/logging/hll",
"/etc/selinux/targeted/active/modules/100/logging/lang_ext",
"/etc/selinux/targeted/active/modules/100/logrotate/cil",
"/etc/selinux/targeted/active/modules/100/logrotate/hll",
"/etc/selinux/targeted/active/modules/100/logrotate/lang_ext",
"/etc/selinux/targeted/active/modules/100/logwatch/cil",
"/etc/selinux/targeted/active/modules/100/logwatch/hll",
"/etc/selinux/targeted/active/modules/100/logwatch/lang_ext",
"/etc/selinux/targeted/active/modules/100/lpd/cil",
"/etc/selinux/targeted/active/modules/100/lpd/hll",
"/etc/selinux/targeted/active/modules/100/lpd/lang_ext",
"/etc/selinux/targeted/active/modules/100/lsm/cil",
"/etc/selinux/targeted/active/modules/100/lsm/hll",
"/etc/selinux/targeted/active/modules/100/lsm/lang_ext",
"/etc/selinux/targeted/active/modules/100/lttng-tools/cil",
"/etc/selinux/targeted/active/modules/100/lttng-tools/hll",
"/etc/selinux/targeted/active/modules/100/lttng-tools/lang_ext",
"/etc/selinux/targeted/active/modules/100/lvm/cil",
"/etc/selinux/targeted/active/modules/100/lvm/hll",
"/etc/selinux/targeted/active/modules/100/lvm/lang_ext",
"/etc/selinux/targeted/active/modules/100/mailman/cil",
"/etc/selinux/targeted/active/modules/100/mailman/hll",
"/etc/selinux/targeted/active/modules/100/mailman/lang_ext",
"/etc/selinux/targeted/active/modules/100/mailscanner/cil",
"/etc/selinux/targeted/active/modules/100/mailscanner/hll",
"/etc/selinux/targeted/active/modules/100/mailscanner/lang_ext",
"/etc/selinux/targeted/active/modules/100/man2html/cil",
"/etc/selinux/targeted/active/modules/100/man2html/hll",
"/etc/selinux/targeted/active/modules/100/man2html/lang_ext",
"/etc/selinux/targeted/active/modules/100/mandb/cil",
"/etc/selinux/targeted/active/modules/100/mandb/hll",
"/etc/selinux/targeted/active/modules/100/mandb/lang_ext",
"/etc/selinux/targeted/active/modules/100/mcelog/cil",
"/etc/selinux/targeted/active/modules/100/mcelog/hll",
"/etc/selinux/targeted/active/modules/100/mcelog/lang_ext",
"/etc/selinux/targeted/active/modules/100/mediawiki/cil",
"/etc/selinux/targeted/active/modules/100/mediawiki/hll",
"/etc/selinux/targeted/active/modules/100/mediawiki/lang_ext",
"/etc/selinux/targeted/active/modules/100/memcached/cil",
"/etc/selinux/targeted/active/modules/100/memcached/hll",
"/etc/selinux/targeted/active/modules/100/memcached/lang_ext",
"/etc/selinux/targeted/active/modules/100/milter/cil",
"/etc/selinux/targeted/active/modules/100/milter/hll",
"/etc/selinux/targeted/active/modules/100/milter/lang_ext",
"/etc/selinux/targeted/active/modules/100/minidlna/cil",
"/etc/selinux/targeted/active/modules/100/minidlna/hll",
"/etc/selinux/targeted/active/modules/100/minidlna/lang_ext",
"/etc/selinux/targeted/active/modules/100/minissdpd/cil",
"/etc/selinux/targeted/active/modules/100/minissdpd/hll",
"/etc/selinux/targeted/active/modules/100/minissdpd/lang_ext",
"/etc/selinux/targeted/active/modules/100/mip6d/cil",
"/etc/selinux/targeted/active/modules/100/mip6d/hll",
"/etc/selinux/targeted/active/modules/100/mip6d/lang_ext",
"/etc/selinux/targeted/active/modules/100/mirrormanager/cil",
"/etc/selinux/targeted/active/modules/100/mirrormanager/hll",
"/etc/selinux/targeted/active/modules/100/mirrormanager/lang_ext",
"/etc/selinux/targeted/active/modules/100/miscfiles/cil",
"/etc/selinux/targeted/active/modules/100/miscfiles/hll",
"/etc/selinux/targeted/active/modules/100/miscfiles/lang_ext",
"/etc/selinux/targeted/active/modules/100/mock/cil",
"/etc/selinux/targeted/active/modules/100/mock/hll",
"/etc/selinux/targeted/active/modules/100/mock/lang_ext",
"/etc/selinux/targeted/active/modules/100/modemmanager/cil",
"/etc/selinux/targeted/active/modules/100/modemmanager/hll",
"/etc/selinux/targeted/active/modules/100/modemmanager/lang_ext",
"/etc/selinux/targeted/active/modules/100/modutils/cil",
"/etc/selinux/targeted/active/modules/100/modutils/hll",
"/etc/selinux/targeted/active/modules/100/modutils/lang_ext",
"/etc/selinux/targeted/active/modules/100/mojomojo/cil",
"/etc/selinux/targeted/active/modules/100/mojomojo/hll",
"/etc/selinux/targeted/active/modules/100/mojomojo/lang_ext",
"/etc/selinux/targeted/active/modules/100/mon_statd/cil",
"/etc/selinux/targeted/active/modules/100/mon_statd/hll",
"/etc/selinux/targeted/active/modules/100/mon_statd/lang_ext",
"/etc/selinux/targeted/active/modules/100/mongodb/cil",
"/etc/selinux/targeted/active/modules/100/mongodb/hll",
"/etc/selinux/targeted/active/modules/100/mongodb/lang_ext",
"/etc/selinux/targeted/active/modules/100/motion/cil",
"/etc/selinux/targeted/active/modules/100/motion/hll",
"/etc/selinux/targeted/active/modules/100/motion/lang_ext",
"/etc/selinux/targeted/active/modules/100/mount/cil",
"/etc/selinux/targeted/active/modules/100/mount/hll",
"/etc/selinux/targeted/active/modules/100/mount/lang_ext",
"/etc/selinux/targeted/active/modules/100/mozilla/cil",
"/etc/selinux/targeted/active/modules/100/mozilla/hll",
"/etc/selinux/targeted/active/modules/100/mozilla/lang_ext",
"/etc/selinux/targeted/active/modules/100/mpd/cil",
"/etc/selinux/targeted/active/modules/100/mpd/hll",
"/etc/selinux/targeted/active/modules/100/mpd/lang_ext",
"/etc/selinux/targeted/active/modules/100/mplayer/cil",
"/etc/selinux/targeted/active/modules/100/mplayer/hll",
"/etc/selinux/targeted/active/modules/100/mplayer/lang_ext",
"/etc/selinux/targeted/active/modules/100/mrtg/cil",
"/etc/selinux/targeted/active/modules/100/mrtg/hll",
"/etc/selinux/targeted/active/modules/100/mrtg/lang_ext",
"/etc/selinux/targeted/active/modules/100/mta/cil",
"/etc/selinux/targeted/active/modules/100/mta/hll",
"/etc/selinux/targeted/active/modules/100/mta/lang_ext",
"/etc/selinux/targeted/active/modules/100/munin/cil",
"/etc/selinux/targeted/active/modules/100/munin/hll",
"/etc/selinux/targeted/active/modules/100/munin/lang_ext",
"/etc/selinux/targeted/active/modules/100/mysql/cil",
"/etc/selinux/targeted/active/modules/100/mysql/hll",
"/etc/selinux/targeted/active/modules/100/mysql/lang_ext",
"/etc/selinux/targeted/active/modules/100/mythtv/cil",
"/etc/selinux/targeted/active/modules/100/mythtv/hll",
"/etc/selinux/targeted/active/modules/100/mythtv/lang_ext",
"/etc/selinux/targeted/active/modules/100/nagios/cil",
"/etc/selinux/targeted/active/modules/100/nagios/hll",
"/etc/selinux/targeted/active/modules/100/nagios/lang_ext",
"/etc/selinux/targeted/active/modules/100/namespace/cil",
"/etc/selinux/targeted/active/modules/100/namespace/hll",
"/etc/selinux/targeted/active/modules/100/namespace/lang_ext",
"/etc/selinux/targeted/active/modules/100/ncftool/cil",
"/etc/selinux/targeted/active/modules/100/ncftool/hll",
"/etc/selinux/targeted/active/modules/100/ncftool/lang_ext",
"/etc/selinux/targeted/active/modules/100/netlabel/cil",
"/etc/selinux/targeted/active/modules/100/netlabel/hll",
"/etc/selinux/targeted/active/modules/100/netlabel/lang_ext",
"/etc/selinux/targeted/active/modules/100/netutils/cil",
"/etc/selinux/targeted/active/modules/100/netutils/hll",
"/etc/selinux/targeted/active/modules/100/netutils/lang_ext",
"/etc/selinux/targeted/active/modules/100/networkmanager/cil",
"/etc/selinux/targeted/active/modules/100/networkmanager/hll",
"/etc/selinux/targeted/active/modules/100/networkmanager/lang_ext",
"/etc/selinux/targeted/active/modules/100/ninfod/cil",
"/etc/selinux/targeted/active/modules/100/ninfod/hll",
"/etc/selinux/targeted/active/modules/100/ninfod/lang_ext",
"/etc/selinux/targeted/active/modules/100/nis/cil",
"/etc/selinux/targeted/active/modules/100/nis/hll",
"/etc/selinux/targeted/active/modules/100/nis/lang_ext",
"/etc/selinux/targeted/active/modules/100/nova/cil",
"/etc/selinux/targeted/active/modules/100/nova/hll",
"/etc/selinux/targeted/active/modules/100/nova/lang_ext",
"/etc/selinux/targeted/active/modules/100/nscd/cil",
"/etc/selinux/targeted/active/modules/100/nscd/hll",
"/etc/selinux/targeted/active/modules/100/nscd/lang_ext",
"/etc/selinux/targeted/active/modules/100/nsd/cil",
"/etc/selinux/targeted/active/modules/100/nsd/hll",
"/etc/selinux/targeted/active/modules/100/nsd/lang_ext",
"/etc/selinux/targeted/active/modules/100/nslcd/cil",
"/etc/selinux/targeted/active/modules/100/nslcd/hll",
"/etc/selinux/targeted/active/modules/100/nslcd/lang_ext",
"/etc/selinux/targeted/active/modules/100/ntop/cil",
"/etc/selinux/targeted/active/modules/100/ntop/hll",
"/etc/selinux/targeted/active/modules/100/ntop/lang_ext",
"/etc/selinux/targeted/active/modules/100/ntp/cil",
"/etc/selinux/targeted/active/modules/100/ntp/hll",
"/etc/selinux/targeted/active/modules/100/ntp/lang_ext",
"/etc/selinux/targeted/active/modules/100/numad/cil",
"/etc/selinux/targeted/active/modules/100/numad/hll",
"/etc/selinux/targeted/active/modules/100/numad/lang_ext",
"/etc/selinux/targeted/active/modules/100/nut/cil",
"/etc/selinux/targeted/active/modules/100/nut/hll",
"/etc/selinux/targeted/active/modules/100/nut/lang_ext",
"/etc/selinux/targeted/active/modules/100/nx/cil",
"/etc/selinux/targeted/active/modules/100/nx/hll",
"/etc/selinux/targeted/active/modules/100/nx/lang_ext",
"/etc/selinux/targeted/active/modules/100/obex/cil",
"/etc/selinux/targeted/active/modules/100/obex/hll",
"/etc/selinux/targeted/active/modules/100/obex/lang_ext",
"/etc/selinux/targeted/active/modules/100/oddjob/cil",
"/etc/selinux/targeted/active/modules/100/oddjob/hll",
"/etc/selinux/targeted/active/modules/100/oddjob/lang_ext",
"/etc/selinux/targeted/active/modules/100/openct/cil",
"/etc/selinux/targeted/active/modules/100/openct/hll",
"/etc/selinux/targeted/active/modules/100/openct/lang_ext",
"/etc/selinux/targeted/active/modules/100/opendnssec/cil",
"/etc/selinux/targeted/active/modules/100/opendnssec/hll",
"/etc/selinux/targeted/active/modules/100/opendnssec/lang_ext",
"/etc/selinux/targeted/active/modules/100/openhpid/cil",
"/etc/selinux/targeted/active/modules/100/openhpid/hll",
"/etc/selinux/targeted/active/modules/100/openhpid/lang_ext",
"/etc/selinux/targeted/active/modules/100/openshift/cil",
"/etc/selinux/targeted/active/modules/100/openshift/hll",
"/etc/selinux/targeted/active/modules/100/openshift/lang_ext",
"/etc/selinux/targeted/active/modules/100/openshift-origin/cil",
"/etc/selinux/targeted/active/modules/100/openshift-origin/hll",
"/etc/selinux/targeted/active/modules/100/openshift-origin/lang_ext",
"/etc/selinux/targeted/active/modules/100/opensm/cil",
"/etc/selinux/targeted/active/modules/100/opensm/hll",
"/etc/selinux/targeted/active/modules/100/opensm/lang_ext",
"/etc/selinux/targeted/active/modules/100/openvpn/cil",
"/etc/selinux/targeted/active/modules/100/openvpn/hll",
"/etc/selinux/targeted/active/modules/100/openvpn/lang_ext",
"/etc/selinux/targeted/active/modules/100/openvswitch/cil",
"/etc/selinux/targeted/active/modules/100/openvswitch/hll",
"/etc/selinux/targeted/active/modules/100/openvswitch/lang_ext",
"/etc/selinux/targeted/active/modules/100/openwsman/cil",
"/etc/selinux/targeted/active/modules/100/openwsman/hll",
"/etc/selinux/targeted/active/modules/100/openwsman/lang_ext",
"/etc/selinux/targeted/active/modules/100/oracleasm/cil",
"/etc/selinux/targeted/active/modules/100/oracleasm/hll",
"/etc/selinux/targeted/active/modules/100/oracleasm/lang_ext",
"/etc/selinux/targeted/active/modules/100/osad/cil",
"/etc/selinux/targeted/active/modules/100/osad/hll",
"/etc/selinux/targeted/active/modules/100/osad/lang_ext",
"/etc/selinux/targeted/active/modules/100/pads/cil",
"/etc/selinux/targeted/active/modules/100/pads/hll",
"/etc/selinux/targeted/active/modules/100/pads/lang_ext",
"/etc/selinux/targeted/active/modules/100/passenger/cil",
"/etc/selinux/targeted/active/modules/100/passenger/hll",
"/etc/selinux/targeted/active/modules/100/passenger/lang_ext",
"/etc/selinux/targeted/active/modules/100/pcmcia/cil",
"/etc/selinux/targeted/active/modules/100/pcmcia/hll",
"/etc/selinux/targeted/active/modules/100/pcmcia/lang_ext",
"/etc/selinux/targeted/active/modules/100/pcp/cil",
"/etc/selinux/targeted/active/modules/100/pcp/hll",
"/etc/selinux/targeted/active/modules/100/pcp/lang_ext",
"/etc/selinux/targeted/active/modules/100/pcscd/cil",
"/etc/selinux/targeted/active/modules/100/pcscd/hll",
"/etc/selinux/targeted/active/modules/100/pcscd/lang_ext",
"/etc/selinux/targeted/active/modules/100/pegasus/cil",
"/etc/selinux/targeted/active/modules/100/pegasus/hll",
"/etc/selinux/targeted/active/modules/100/pegasus/lang_ext",
"/etc/selinux/targeted/active/modules/100/permissivedomains/cil",
"/etc/selinux/targeted/active/modules/100/permissivedomains/lang_ext",
"/etc/selinux/targeted/active/modules/100/pesign/cil",
"/etc/selinux/targeted/active/modules/100/pesign/hll",
"/etc/selinux/targeted/active/modules/100/pesign/lang_ext",
"/etc/selinux/targeted/active/modules/100/pingd/cil",
"/etc/selinux/targeted/active/modules/100/pingd/hll",
"/etc/selinux/targeted/active/modules/100/pingd/lang_ext",
"/etc/selinux/targeted/active/modules/100/piranha/cil",
"/etc/selinux/targeted/active/modules/100/piranha/hll",
"/etc/selinux/targeted/active/modules/100/piranha/lang_ext",
"/etc/selinux/targeted/active/modules/100/pkcs/cil",
"/etc/selinux/targeted/active/modules/100/pkcs/hll",
"/etc/selinux/targeted/active/modules/100/pkcs/lang_ext",
"/etc/selinux/targeted/active/modules/100/pki/cil",
"/etc/selinux/targeted/active/modules/100/pki/hll",
"/etc/selinux/targeted/active/modules/100/pki/lang_ext",
"/etc/selinux/targeted/active/modules/100/plymouthd/cil",
"/etc/selinux/targeted/active/modules/100/plymouthd/hll",
"/etc/selinux/targeted/active/modules/100/plymouthd/lang_ext",
"/etc/selinux/targeted/active/modules/100/podsleuth/cil",
"/etc/selinux/targeted/active/modules/100/podsleuth/hll",
"/etc/selinux/targeted/active/modules/100/podsleuth/lang_ext",
"/etc/selinux/targeted/active/modules/100/policykit/cil",
"/etc/selinux/targeted/active/modules/100/policykit/hll",
"/etc/selinux/targeted/active/modules/100/policykit/lang_ext",
"/etc/selinux/targeted/active/modules/100/polipo/cil",
"/etc/selinux/targeted/active/modules/100/polipo/hll",
"/etc/selinux/targeted/active/modules/100/polipo/lang_ext",
"/etc/selinux/targeted/active/modules/100/portmap/cil",
"/etc/selinux/targeted/active/modules/100/portmap/hll",
"/etc/selinux/targeted/active/modules/100/portmap/lang_ext",
"/etc/selinux/targeted/active/modules/100/portreserve/cil",
"/etc/selinux/targeted/active/modules/100/portreserve/hll",
"/etc/selinux/targeted/active/modules/100/portreserve/lang_ext",
"/etc/selinux/targeted/active/modules/100/postfix/cil",
"/etc/selinux/targeted/active/modules/100/postfix/hll",
"/etc/selinux/targeted/active/modules/100/postfix/lang_ext",
"/etc/selinux/targeted/active/modules/100/postgresql/cil",
"/etc/selinux/targeted/active/modules/100/postgresql/hll",
"/etc/selinux/targeted/active/modules/100/postgresql/lang_ext",
"/etc/selinux/targeted/active/modules/100/postgrey/cil",
"/etc/selinux/targeted/active/modules/100/postgrey/hll",
"/etc/selinux/targeted/active/modules/100/postgrey/lang_ext",
"/etc/selinux/targeted/active/modules/100/ppp/cil",
"/etc/selinux/targeted/active/modules/100/ppp/hll",
"/etc/selinux/targeted/active/modules/100/ppp/lang_ext",
"/etc/selinux/targeted/active/modules/100/prelink/cil",
"/etc/selinux/targeted/active/modules/100/prelink/hll",
"/etc/selinux/targeted/active/modules/100/prelink/lang_ext",
"/etc/selinux/targeted/active/modules/100/prelude/cil",
"/etc/selinux/targeted/active/modules/100/prelude/hll",
"/etc/selinux/targeted/active/modules/100/prelude/lang_ext",
"/etc/selinux/targeted/active/modules/100/privoxy/cil",
"/etc/selinux/targeted/active/modules/100/privoxy/hll",
"/etc/selinux/targeted/active/modules/100/privoxy/lang_ext",
"/etc/selinux/targeted/active/modules/100/procmail/cil",
"/etc/selinux/targeted/active/modules/100/procmail/hll",
"/etc/selinux/targeted/active/modules/100/procmail/lang_ext",
"/etc/selinux/targeted/active/modules/100/prosody/cil",
"/etc/selinux/targeted/active/modules/100/prosody/hll",
"/etc/selinux/targeted/active/modules/100/prosody/lang_ext",
"/etc/selinux/targeted/active/modules/100/psad/cil",
"/etc/selinux/targeted/active/modules/100/psad/hll",
"/etc/selinux/targeted/active/modules/100/psad/lang_ext",
"/etc/selinux/targeted/active/modules/100/ptchown/cil",
"/etc/selinux/targeted/active/modules/100/ptchown/hll",
"/etc/selinux/targeted/active/modules/100/ptchown/lang_ext",
"/etc/selinux/targeted/active/modules/100/publicfile/cil",
"/etc/selinux/targeted/active/modules/100/publicfile/hll",
"/etc/selinux/targeted/active/modules/100/publicfile/lang_ext",
"/etc/selinux/targeted/active/modules/100/pulseaudio/cil",
"/etc/selinux/targeted/active/modules/100/pulseaudio/hll",
"/etc/selinux/targeted/active/modules/100/pulseaudio/lang_ext",
"/etc/selinux/targeted/active/modules/100/puppet/cil",
"/etc/selinux/targeted/active/modules/100/puppet/hll",
"/etc/selinux/targeted/active/modules/100/puppet/lang_ext",
"/etc/selinux/targeted/active/modules/100/pwauth/cil",
"/etc/selinux/targeted/active/modules/100/pwauth/hll",
"/etc/selinux/targeted/active/modules/100/pwauth/lang_ext",
"/etc/selinux/targeted/active/modules/100/qmail/cil",
"/etc/selinux/targeted/active/modules/100/qmail/hll",
"/etc/selinux/targeted/active/modules/100/qmail/lang_ext",
"/etc/selinux/targeted/active/modules/100/qpid/cil",
"/etc/selinux/targeted/active/modules/100/qpid/hll",
"/etc/selinux/targeted/active/modules/100/qpid/lang_ext",
"/etc/selinux/targeted/active/modules/100/quantum/cil",
"/etc/selinux/targeted/active/modules/100/quantum/hll",
"/etc/selinux/targeted/active/modules/100/quantum/lang_ext",
"/etc/selinux/targeted/active/modules/100/quota/cil",
"/etc/selinux/targeted/active/modules/100/quota/hll",
"/etc/selinux/targeted/active/modules/100/quota/lang_ext",
"/etc/selinux/targeted/active/modules/100/rabbitmq/cil",
"/etc/selinux/targeted/active/modules/100/rabbitmq/hll",
"/etc/selinux/targeted/active/modules/100/rabbitmq/lang_ext",
"/etc/selinux/targeted/active/modules/100/radius/cil",
"/etc/selinux/targeted/active/modules/100/radius/hll",
"/etc/selinux/targeted/active/modules/100/radius/lang_ext",
"/etc/selinux/targeted/active/modules/100/radvd/cil",
"/etc/selinux/targeted/active/modules/100/radvd/hll",
"/etc/selinux/targeted/active/modules/100/radvd/lang_ext",
"/etc/selinux/targeted/active/modules/100/raid/cil",
"/etc/selinux/targeted/active/modules/100/raid/hll",
"/etc/selinux/targeted/active/modules/100/raid/lang_ext",
"/etc/selinux/targeted/active/modules/100/rasdaemon/cil",
"/etc/selinux/targeted/active/modules/100/rasdaemon/hll",
"/etc/selinux/targeted/active/modules/100/rasdaemon/lang_ext",
"/etc/selinux/targeted/active/modules/100/rdisc/cil",
"/etc/selinux/targeted/active/modules/100/rdisc/hll",
"/etc/selinux/targeted/active/modules/100/rdisc/lang_ext",
"/etc/selinux/targeted/active/modules/100/readahead/cil",
"/etc/selinux/targeted/active/modules/100/readahead/hll",
"/etc/selinux/targeted/active/modules/100/readahead/lang_ext",
"/etc/selinux/targeted/active/modules/100/realmd/cil",
"/etc/selinux/targeted/active/modules/100/realmd/hll",
"/etc/selinux/targeted/active/modules/100/realmd/lang_ext",
"/etc/selinux/targeted/active/modules/100/redis/cil",
"/etc/selinux/targeted/active/modules/100/redis/hll",
"/etc/selinux/targeted/active/modules/100/redis/lang_ext",
"/etc/selinux/targeted/active/modules/100/remotelogin/cil",
"/etc/selinux/targeted/active/modules/100/remotelogin/hll",
"/etc/selinux/targeted/active/modules/100/remotelogin/lang_ext",
"/etc/selinux/targeted/active/modules/100/rhcs/cil",
"/etc/selinux/targeted/active/modules/100/rhcs/hll",
"/etc/selinux/targeted/active/modules/100/rhcs/lang_ext",
"/etc/selinux/targeted/active/modules/100/rhev/cil",
"/etc/selinux/targeted/active/modules/100/rhev/hll",
"/etc/selinux/targeted/active/modules/100/rhev/lang_ext",
"/etc/selinux/targeted/active/modules/100/rhgb/cil",
"/etc/selinux/targeted/active/modules/100/rhgb/hll",
"/etc/selinux/targeted/active/modules/100/rhgb/lang_ext",
"/etc/selinux/targeted/active/modules/100/rhnsd/cil",
"/etc/selinux/targeted/active/modules/100/rhnsd/hll",
"/etc/selinux/targeted/active/modules/100/rhnsd/lang_ext",
"/etc/selinux/targeted/active/modules/100/rhsmcertd/cil",
"/etc/selinux/targeted/active/modules/100/rhsmcertd/hll",
"/etc/selinux/targeted/active/modules/100/rhsmcertd/lang_ext",
"/etc/selinux/targeted/active/modules/100/ricci/cil",
"/etc/selinux/targeted/active/modules/100/ricci/hll",
"/etc/selinux/targeted/active/modules/100/ricci/lang_ext",
"/etc/selinux/targeted/active/modules/100/rkhunter/cil",
"/etc/selinux/targeted/active/modules/100/rkhunter/hll",
"/etc/selinux/targeted/active/modules/100/rkhunter/lang_ext",
"/etc/selinux/targeted/active/modules/100/rlogin/cil",
"/etc/selinux/targeted/active/modules/100/rlogin/hll",
"/etc/selinux/targeted/active/modules/100/rlogin/lang_ext",
"/etc/selinux/targeted/active/modules/100/rngd/cil",
"/etc/selinux/targeted/active/modules/100/rngd/hll",
"/etc/selinux/targeted/active/modules/100/rngd/lang_ext",
"/etc/selinux/targeted/active/modules/100/roundup/cil",
"/etc/selinux/targeted/active/modules/100/roundup/hll",
"/etc/selinux/targeted/active/modules/100/roundup/lang_ext",
"/etc/selinux/targeted/active/modules/100/rpc/cil",
"/etc/selinux/targeted/active/modules/100/rpc/hll",
"/etc/selinux/targeted/active/modules/100/rpc/lang_ext",
"/etc/selinux/targeted/active/modules/100/rpcbind/cil",
"/etc/selinux/targeted/active/modules/100/rpcbind/hll",
"/etc/selinux/targeted/active/modules/100/rpcbind/lang_ext",
"/etc/selinux/targeted/active/modules/100/rpm/cil",
"/etc/selinux/targeted/active/modules/100/rpm/hll",
"/etc/selinux/targeted/active/modules/100/rpm/lang_ext",
"/etc/selinux/targeted/active/modules/100/rshd/cil",
"/etc/selinux/targeted/active/modules/100/rshd/hll",
"/etc/selinux/targeted/active/modules/100/rshd/lang_ext",
"/etc/selinux/targeted/active/modules/100/rssh/cil",
"/etc/selinux/targeted/active/modules/100/rssh/hll",
"/etc/selinux/targeted/active/modules/100/rssh/lang_ext",
"/etc/selinux/targeted/active/modules/100/rsync/cil",
"/etc/selinux/targeted/active/modules/100/rsync/hll",
"/etc/selinux/targeted/active/modules/100/rsync/lang_ext",
"/etc/selinux/targeted/active/modules/100/rtas/cil",
"/etc/selinux/targeted/active/modules/100/rtas/hll",
"/etc/selinux/targeted/active/modules/100/rtas/lang_ext",
"/etc/selinux/targeted/active/modules/100/rtkit/cil",
"/etc/selinux/targeted/active/modules/100/rtkit/hll",
"/etc/selinux/targeted/active/modules/100/rtkit/lang_ext",
"/etc/selinux/targeted/active/modules/100/rwho/cil",
"/etc/selinux/targeted/active/modules/100/rwho/hll",
"/etc/selinux/targeted/active/modules/100/rwho/lang_ext",
"/etc/selinux/targeted/active/modules/100/samba/cil",
"/etc/selinux/targeted/active/modules/100/samba/hll",
"/etc/selinux/targeted/active/modules/100/samba/lang_ext",
"/etc/selinux/targeted/active/modules/100/sambagui/cil",
"/etc/selinux/targeted/active/modules/100/sambagui/hll",
"/etc/selinux/targeted/active/modules/100/sambagui/lang_ext",
"/etc/selinux/targeted/active/modules/100/sandboxX/cil",
"/etc/selinux/targeted/active/modules/100/sandboxX/hll",
"/etc/selinux/targeted/active/modules/100/sandboxX/lang_ext",
"/etc/selinux/targeted/active/modules/100/sanlock/cil",
"/etc/selinux/targeted/active/modules/100/sanlock/hll",
"/etc/selinux/targeted/active/modules/100/sanlock/lang_ext",
"/etc/selinux/targeted/active/modules/100/sasl/cil",
"/etc/selinux/targeted/active/modules/100/sasl/hll",
"/etc/selinux/targeted/active/modules/100/sasl/lang_ext",
"/etc/selinux/targeted/active/modules/100/sbd/cil",
"/etc/selinux/targeted/active/modules/100/sbd/hll",
"/etc/selinux/targeted/active/modules/100/sbd/lang_ext",
"/etc/selinux/targeted/active/modules/100/sblim/cil",
"/etc/selinux/targeted/active/modules/100/sblim/hll",
"/etc/selinux/targeted/active/modules/100/sblim/lang_ext",
"/etc/selinux/targeted/active/modules/100/screen/cil",
"/etc/selinux/targeted/active/modules/100/screen/hll",
"/etc/selinux/targeted/active/modules/100/screen/lang_ext",
"/etc/selinux/targeted/active/modules/100/secadm/cil",
"/etc/selinux/targeted/active/modules/100/secadm/hll",
"/etc/selinux/targeted/active/modules/100/secadm/lang_ext",
"/etc/selinux/targeted/active/modules/100/sectoolm/cil",
"/etc/selinux/targeted/active/modules/100/sectoolm/hll",
"/etc/selinux/targeted/active/modules/100/sectoolm/lang_ext",
"/etc/selinux/targeted/active/modules/100/selinuxutil/cil",
"/etc/selinux/targeted/active/modules/100/selinuxutil/hll",
"/etc/selinux/targeted/active/modules/100/selinuxutil/lang_ext",
"/etc/selinux/targeted/active/modules/100/sendmail/cil",
"/etc/selinux/targeted/active/modules/100/sendmail/hll",
"/etc/selinux/targeted/active/modules/100/sendmail/lang_ext",
"/etc/selinux/targeted/active/modules/100/sensord/cil",
"/etc/selinux/targeted/active/modules/100/sensord/hll",
"/etc/selinux/targeted/active/modules/100/sensord/lang_ext",
"/etc/selinux/targeted/active/modules/100/setrans/cil",
"/etc/selinux/targeted/active/modules/100/setrans/hll",
"/etc/selinux/targeted/active/modules/100/setrans/lang_ext",
"/etc/selinux/targeted/active/modules/100/setroubleshoot/cil",
"/etc/selinux/targeted/active/modules/100/setroubleshoot/hll",
"/etc/selinux/targeted/active/modules/100/setroubleshoot/lang_ext",
"/etc/selinux/targeted/active/modules/100/seunshare/cil",
"/etc/selinux/targeted/active/modules/100/seunshare/hll",
"/etc/selinux/targeted/active/modules/100/seunshare/lang_ext",
"/etc/selinux/targeted/active/modules/100/sge/cil",
"/etc/selinux/targeted/active/modules/100/sge/hll",
"/etc/selinux/targeted/active/modules/100/sge/lang_ext",
"/etc/selinux/targeted/active/modules/100/shorewall/cil",
"/etc/selinux/targeted/active/modules/100/shorewall/hll",
"/etc/selinux/targeted/active/modules/100/shorewall/lang_ext",
"/etc/selinux/targeted/active/modules/100/slocate/cil",
"/etc/selinux/targeted/active/modules/100/slocate/hll",
"/etc/selinux/targeted/active/modules/100/slocate/lang_ext",
"/etc/selinux/targeted/active/modules/100/slpd/cil",
"/etc/selinux/targeted/active/modules/100/slpd/hll",
"/etc/selinux/targeted/active/modules/100/slpd/lang_ext",
"/etc/selinux/targeted/active/modules/100/smartmon/cil",
"/etc/selinux/targeted/active/modules/100/smartmon/hll",
"/etc/selinux/targeted/active/modules/100/smartmon/lang_ext",
"/etc/selinux/targeted/active/modules/100/smokeping/cil",
"/etc/selinux/targeted/active/modules/100/smokeping/hll",
"/etc/selinux/targeted/active/modules/100/smokeping/lang_ext",
"/etc/selinux/targeted/active/modules/100/smoltclient/cil",
"/etc/selinux/targeted/active/modules/100/smoltclient/hll",
"/etc/selinux/targeted/active/modules/100/smoltclient/lang_ext",
"/etc/selinux/targeted/active/modules/100/smsd/cil",
"/etc/selinux/targeted/active/modules/100/smsd/hll",
"/etc/selinux/targeted/active/modules/100/smsd/lang_ext",
"/etc/selinux/targeted/active/modules/100/snapper/cil",
"/etc/selinux/targeted/active/modules/100/snapper/hll",
"/etc/selinux/targeted/active/modules/100/snapper/lang_ext",
"/etc/selinux/targeted/active/modules/100/snmp/cil",
"/etc/selinux/targeted/active/modules/100/snmp/hll",
"/etc/selinux/targeted/active/modules/100/snmp/lang_ext",
"/etc/selinux/targeted/active/modules/100/snort/cil",
"/etc/selinux/targeted/active/modules/100/snort/hll",
"/etc/selinux/targeted/active/modules/100/snort/lang_ext",
"/etc/selinux/targeted/active/modules/100/sosreport/cil",
"/etc/selinux/targeted/active/modules/100/sosreport/hll",
"/etc/selinux/targeted/active/modules/100/sosreport/lang_ext",
"/etc/selinux/targeted/active/modules/100/soundserver/cil",
"/etc/selinux/targeted/active/modules/100/soundserver/hll",
"/etc/selinux/targeted/active/modules/100/soundserver/lang_ext",
"/etc/selinux/targeted/active/modules/100/spamassassin/cil",
"/etc/selinux/targeted/active/modules/100/spamassassin/hll",
"/etc/selinux/targeted/active/modules/100/spamassassin/lang_ext",
"/etc/selinux/targeted/active/modules/100/speech-dispatcher/cil",
"/etc/selinux/targeted/active/modules/100/speech-dispatcher/hll",
"/etc/selinux/targeted/active/modules/100/speech-dispatcher/lang_ext",
"/etc/selinux/targeted/active/modules/100/squid/cil",
"/etc/selinux/targeted/active/modules/100/squid/hll",
"/etc/selinux/targeted/active/modules/100/squid/lang_ext",
"/etc/selinux/targeted/active/modules/100/ssh/cil",
"/etc/selinux/targeted/active/modules/100/ssh/hll",
"/etc/selinux/targeted/active/modules/100/ssh/lang_ext",
"/etc/selinux/targeted/active/modules/100/sssd/cil",
"/etc/selinux/targeted/active/modules/100/sssd/hll",
"/etc/selinux/targeted/active/modules/100/sssd/lang_ext",
"/etc/selinux/targeted/active/modules/100/staff/cil",
"/etc/selinux/targeted/active/modules/100/staff/hll",
"/etc/selinux/targeted/active/modules/100/staff/lang_ext",
"/etc/selinux/targeted/active/modules/100/stapserver/cil",
"/etc/selinux/targeted/active/modules/100/stapserver/hll",
"/etc/selinux/targeted/active/modules/100/stapserver/lang_ext",
"/etc/selinux/targeted/active/modules/100/stunnel/cil",
"/etc/selinux/targeted/active/modules/100/stunnel/hll",
"/etc/selinux/targeted/active/modules/100/stunnel/lang_ext",
"/etc/selinux/targeted/active/modules/100/su/cil",
"/etc/selinux/targeted/active/modules/100/su/hll",
"/etc/selinux/targeted/active/modules/100/su/lang_ext",
"/etc/selinux/targeted/active/modules/100/sudo/cil",
"/etc/selinux/targeted/active/modules/100/sudo/hll",
"/etc/selinux/targeted/active/modules/100/sudo/lang_ext",
"/etc/selinux/targeted/active/modules/100/svnserve/cil",
"/etc/selinux/targeted/active/modules/100/svnserve/hll",
"/etc/selinux/targeted/active/modules/100/svnserve/lang_ext",
"/etc/selinux/targeted/active/modules/100/swift/cil",
"/etc/selinux/targeted/active/modules/100/swift/hll",
"/etc/selinux/targeted/active/modules/100/swift/lang_ext",
"/etc/selinux/targeted/active/modules/100/sysadm/cil",
"/etc/selinux/targeted/active/modules/100/sysadm/hll",
"/etc/selinux/targeted/active/modules/100/sysadm/lang_ext",
"/etc/selinux/targeted/active/modules/100/sysadm_secadm/cil",
"/etc/selinux/targeted/active/modules/100/sysadm_secadm/hll",
"/etc/selinux/targeted/active/modules/100/sysadm_secadm/lang_ext",
"/etc/selinux/targeted/active/modules/100/sysnetwork/cil",
"/etc/selinux/targeted/active/modules/100/sysnetwork/hll",
"/etc/selinux/targeted/active/modules/100/sysnetwork/lang_ext",
"/etc/selinux/targeted/active/modules/100/sysstat/cil",
"/etc/selinux/targeted/active/modules/100/sysstat/hll",
"/etc/selinux/targeted/active/modules/100/sysstat/lang_ext",
"/etc/selinux/targeted/active/modules/100/systemd/cil",
"/etc/selinux/targeted/active/modules/100/systemd/hll",
"/etc/selinux/targeted/active/modules/100/systemd/lang_ext",
"/etc/selinux/targeted/active/modules/100/tangd/cil",
"/etc/selinux/targeted/active/modules/100/tangd/hll",
"/etc/selinux/targeted/active/modules/100/tangd/lang_ext",
"/etc/selinux/targeted/active/modules/100/targetd/cil",
"/etc/selinux/targeted/active/modules/100/targetd/hll",
"/etc/selinux/targeted/active/modules/100/targetd/lang_ext",
"/etc/selinux/targeted/active/modules/100/tcpd/cil",
"/etc/selinux/targeted/active/modules/100/tcpd/hll",
"/etc/selinux/targeted/active/modules/100/tcpd/lang_ext",
"/etc/selinux/targeted/active/modules/100/tcsd/cil",
"/etc/selinux/targeted/active/modules/100/tcsd/hll",
"/etc/selinux/targeted/active/modules/100/tcsd/lang_ext",
"/etc/selinux/targeted/active/modules/100/telepathy/cil",
"/etc/selinux/targeted/active/modules/100/telepathy/hll",
"/etc/selinux/targeted/active/modules/100/telepathy/lang_ext",
"/etc/selinux/targeted/active/modules/100/telnet/cil",
"/etc/selinux/targeted/active/modules/100/telnet/hll",
"/etc/selinux/targeted/active/modules/100/telnet/lang_ext",
"/etc/selinux/targeted/active/modules/100/tftp/cil",
"/etc/selinux/targeted/active/modules/100/tftp/hll",
"/etc/selinux/targeted/active/modules/100/tftp/lang_ext",
"/etc/selinux/targeted/active/modules/100/tgtd/cil",
"/etc/selinux/targeted/active/modules/100/tgtd/hll",
"/etc/selinux/targeted/active/modules/100/tgtd/lang_ext",
"/etc/selinux/targeted/active/modules/100/thin/cil",
"/etc/selinux/targeted/active/modules/100/thin/hll",
"/etc/selinux/targeted/active/modules/100/thin/lang_ext",
"/etc/selinux/targeted/active/modules/100/thumb/cil",
"/etc/selinux/targeted/active/modules/100/thumb/hll",
"/etc/selinux/targeted/active/modules/100/thumb/lang_ext",
"/etc/selinux/targeted/active/modules/100/tlp/cil",
"/etc/selinux/targeted/active/modules/100/tlp/hll",
"/etc/selinux/targeted/active/modules/100/tlp/lang_ext",
"/etc/selinux/targeted/active/modules/100/tmpreaper/cil",
"/etc/selinux/targeted/active/modules/100/tmpreaper/hll",
"/etc/selinux/targeted/active/modules/100/tmpreaper/lang_ext",
"/etc/selinux/targeted/active/modules/100/tomcat/cil",
"/etc/selinux/targeted/active/modules/100/tomcat/hll",
"/etc/selinux/targeted/active/modules/100/tomcat/lang_ext",
"/etc/selinux/targeted/active/modules/100/tor/cil",
"/etc/selinux/targeted/active/modules/100/tor/hll",
"/etc/selinux/targeted/active/modules/100/tor/lang_ext",
"/etc/selinux/targeted/active/modules/100/tuned/cil",
"/etc/selinux/targeted/active/modules/100/tuned/hll",
"/etc/selinux/targeted/active/modules/100/tuned/lang_ext",
"/etc/selinux/targeted/active/modules/100/tvtime/cil",
"/etc/selinux/targeted/active/modules/100/tvtime/hll",
"/etc/selinux/targeted/active/modules/100/tvtime/lang_ext",
"/etc/selinux/targeted/active/modules/100/udev/cil",
"/etc/selinux/targeted/active/modules/100/udev/hll",
"/etc/selinux/targeted/active/modules/100/udev/lang_ext",
"/etc/selinux/targeted/active/modules/100/ulogd/cil",
"/etc/selinux/targeted/active/modules/100/ulogd/hll",
"/etc/selinux/targeted/active/modules/100/ulogd/lang_ext",
"/etc/selinux/targeted/active/modules/100/uml/cil",
"/etc/selinux/targeted/active/modules/100/uml/hll",
"/etc/selinux/targeted/active/modules/100/uml/lang_ext",
"/etc/selinux/targeted/active/modules/100/unconfined/cil",
"/etc/selinux/targeted/active/modules/100/unconfined/hll",
"/etc/selinux/targeted/active/modules/100/unconfined/lang_ext",
"/etc/selinux/targeted/active/modules/100/unconfineduser/cil",
"/etc/selinux/targeted/active/modules/100/unconfineduser/hll",
"/etc/selinux/targeted/active/modules/100/unconfineduser/lang_ext",
"/etc/selinux/targeted/active/modules/100/unlabelednet/cil",
"/etc/selinux/targeted/active/modules/100/unlabelednet/hll",
"/etc/selinux/targeted/active/modules/100/unlabelednet/lang_ext",
"/etc/selinux/targeted/active/modules/100/unprivuser/cil",
"/etc/selinux/targeted/active/modules/100/unprivuser/hll",
"/etc/selinux/targeted/active/modules/100/unprivuser/lang_ext",
"/etc/selinux/targeted/active/modules/100/updfstab/cil",
"/etc/selinux/targeted/active/modules/100/updfstab/hll",
"/etc/selinux/targeted/active/modules/100/updfstab/lang_ext",
"/etc/selinux/targeted/active/modules/100/usbmodules/cil",
"/etc/selinux/targeted/active/modules/100/usbmodules/hll",
"/etc/selinux/targeted/active/modules/100/usbmodules/lang_ext",
"/etc/selinux/targeted/active/modules/100/usbmuxd/cil",
"/etc/selinux/targeted/active/modules/100/usbmuxd/hll",
"/etc/selinux/targeted/active/modules/100/usbmuxd/lang_ext",
"/etc/selinux/targeted/active/modules/100/userdomain/cil",
"/etc/selinux/targeted/active/modules/100/userdomain/hll",
"/etc/selinux/targeted/active/modules/100/userdomain/lang_ext",
"/etc/selinux/targeted/active/modules/100/userhelper/cil",
"/etc/selinux/targeted/active/modules/100/userhelper/hll",
"/etc/selinux/targeted/active/modules/100/userhelper/lang_ext",
"/etc/selinux/targeted/active/modules/100/usermanage/cil",
"/etc/selinux/targeted/active/modules/100/usermanage/hll",
"/etc/selinux/targeted/active/modules/100/usermanage/lang_ext",
"/etc/selinux/targeted/active/modules/100/usernetctl/cil",
"/etc/selinux/targeted/active/modules/100/usernetctl/hll",
"/etc/selinux/targeted/active/modules/100/usernetctl/lang_ext",
"/etc/selinux/targeted/active/modules/100/uucp/cil",
"/etc/selinux/targeted/active/modules/100/uucp/hll",
"/etc/selinux/targeted/active/modules/100/uucp/lang_ext",
"/etc/selinux/targeted/active/modules/100/uuidd/cil",
"/etc/selinux/targeted/active/modules/100/uuidd/hll",
"/etc/selinux/targeted/active/modules/100/uuidd/lang_ext",
"/etc/selinux/targeted/active/modules/100/varnishd/cil",
"/etc/selinux/targeted/active/modules/100/varnishd/hll",
"/etc/selinux/targeted/active/modules/100/varnishd/lang_ext",
"/etc/selinux/targeted/active/modules/100/virt/cil",
"/etc/selinux/targeted/active/modules/100/virt/hll",
"/etc/selinux/targeted/active/modules/100/virt/lang_ext",
"/etc/selinux/targeted/active/modules/100/vdagent/cil",
"/etc/selinux/targeted/active/modules/100/vdagent/hll",
"/etc/selinux/targeted/active/modules/100/vdagent/lang_ext",
"/etc/selinux/targeted/active/modules/100/vhostmd/cil",
"/etc/selinux/targeted/active/modules/100/vhostmd/hll",
"/etc/selinux/targeted/active/modules/100/vhostmd/lang_ext",
"/etc/selinux/targeted/active/modules/100/vlock/cil",
"/etc/selinux/targeted/active/modules/100/vlock/hll",
"/etc/selinux/targeted/active/modules/100/vlock/lang_ext",
"/etc/selinux/targeted/active/modules/100/vmtools/cil",
"/etc/selinux/targeted/active/modules/100/vmtools/hll",
"/etc/selinux/targeted/active/modules/100/vmtools/lang_ext",
"/etc/selinux/targeted/active/modules/100/vmware/cil",
"/etc/selinux/targeted/active/modules/100/vmware/hll",
"/etc/selinux/targeted/active/modules/100/vmware/lang_ext",
"/etc/selinux/targeted/active/modules/100/vnstatd/cil",
"/etc/selinux/targeted/active/modules/100/vnstatd/hll",
"/etc/selinux/targeted/active/modules/100/vnstatd/lang_ext",
"/etc/selinux/targeted/active/modules/100/vpn/cil",
"/etc/selinux/targeted/active/modules/100/vpn/hll",
"/etc/selinux/targeted/active/modules/100/vpn/lang_ext",
"/etc/selinux/targeted/active/modules/100/w3c/cil",
"/etc/selinux/targeted/active/modules/100/w3c/hll",
"/etc/selinux/targeted/active/modules/100/w3c/lang_ext",
"/etc/selinux/targeted/active/modules/100/watchdog/cil",
"/etc/selinux/targeted/active/modules/100/watchdog/hll",
"/etc/selinux/targeted/active/modules/100/watchdog/lang_ext",
"/etc/selinux/targeted/active/modules/100/wdmd/cil",
"/etc/selinux/targeted/active/modules/100/wdmd/hll",
"/etc/selinux/targeted/active/modules/100/wdmd/lang_ext",
"/etc/selinux/targeted/active/modules/100/webadm/cil",
"/etc/selinux/targeted/active/modules/100/webadm/hll",
"/etc/selinux/targeted/active/modules/100/webadm/lang_ext",
"/etc/selinux/targeted/active/modules/100/webalizer/cil",
"/etc/selinux/targeted/active/modules/100/webalizer/hll",
"/etc/selinux/targeted/active/modules/100/webalizer/lang_ext",
"/etc/selinux/targeted/active/modules/100/wine/cil",
"/etc/selinux/targeted/active/modules/100/wine/hll",
"/etc/selinux/targeted/active/modules/100/wine/lang_ext",
"/etc/selinux/targeted/active/modules/100/wireshark/cil",
"/etc/selinux/targeted/active/modules/100/wireshark/hll",
"/etc/selinux/targeted/active/modules/100/wireshark/lang_ext",
"/etc/selinux/targeted/active/modules/100/xen/cil",
"/etc/selinux/targeted/active/modules/100/xen/hll",
"/etc/selinux/targeted/active/modules/100/xen/lang_ext",
"/etc/selinux/targeted/active/modules/100/xguest/cil",
"/etc/selinux/targeted/active/modules/100/xguest/hll",
"/etc/selinux/targeted/active/modules/100/xguest/lang_ext",
"/etc/selinux/targeted/active/modules/100/xserver/cil",
"/etc/selinux/targeted/active/modules/100/xserver/hll",
"/etc/selinux/targeted/active/modules/100/xserver/lang_ext",
"/etc/selinux/targeted/active/modules/100/zabbix/cil",
"/etc/selinux/targeted/active/modules/100/zabbix/hll",
"/etc/selinux/targeted/active/modules/100/zabbix/lang_ext",
"/etc/selinux/targeted/active/modules/100/zarafa/cil",
"/etc/selinux/targeted/active/modules/100/zarafa/hll",
"/etc/selinux/targeted/active/modules/100/zarafa/lang_ext",
"/etc/selinux/targeted/active/modules/100/zebra/cil",
"/etc/selinux/targeted/active/modules/100/zebra/hll",
"/etc/selinux/targeted/active/modules/100/zebra/lang_ext",
"/etc/selinux/targeted/active/modules/100/zoneminder/cil",
"/etc/selinux/targeted/active/modules/100/zoneminder/hll",
"/etc/selinux/targeted/active/modules/100/zoneminder/lang_ext",
"/etc/selinux/targeted/active/modules/100/zosremote/cil",
"/etc/selinux/targeted/active/modules/100/zosremote/hll",
"/etc/selinux/targeted/active/modules/100/zosremote/lang_ext",
"/etc/security/pwquality.conf",
"/etc/security/access.conf",
"/etc/security/chroot.conf",
"/etc/security/console.handlers",
"/etc/security/console.perms",
"/etc/security/group.conf",
"/etc/security/limits.conf",
"/etc/security/namespace.conf",
"/etc/security/namespace.init",
"/etc/security/opasswd",
"/etc/security/pam_env.conf",
"/etc/security/sepermit.conf",
"/etc/security/time.conf",
"/etc/security/limits.d/20-nproc.conf",
"/etc/modprobe.d/mlx4.conf",
"/etc/modprobe.d/firewalld-sysctls.conf",
"/etc/modprobe.d/dccp-blacklist.conf",
"/etc/modprobe.d/truescale.conf",
"/etc/modprobe.d/tuned.conf",
"/etc/audisp/audispd.conf",
"/etc/audisp/plugins.d/af_unix.conf",
"/etc/audisp/plugins.d/syslog.conf",
"/etc/pam.d/config-util",
"/etc/pam.d/other",
"/etc/pam.d/chfn",
"/etc/pam.d/chsh",
"/etc/pam.d/login",
"/etc/pam.d/remote",
"/etc/pam.d/runuser",
"/etc/pam.d/runuser-l",
"/etc/pam.d/su",
"/etc/pam.d/su-l",
"/etc/pam.d/systemd-user",
"/etc/pam.d/polkit-1",
"/etc/pam.d/crond",
"/etc/pam.d/ppp",
"/etc/pam.d/vlock",
"/etc/pam.d/smtp.postfix",
"/etc/pam.d/sshd",
"/etc/pam.d/passwd",
"/etc/pam.d/sudo",
"/etc/pam.d/sudo-i",
"/etc/pam.d/system-auth-ac",
"/etc/pam.d/system-auth",
"/etc/pam.d/postlogin-ac",
"/etc/pam.d/postlogin",
"/etc/pam.d/password-auth-ac",
"/etc/pam.d/password-auth",
"/etc/pam.d/fingerprint-auth-ac",
"/etc/pam.d/fingerprint-auth",
"/etc/pam.d/smartcard-auth-ac",
"/etc/pam.d/smartcard-auth",
"/etc/pam.d/smtp",
"/etc/rdma/mlx4.conf",
"/etc/rdma/rdma.conf",
"/etc/rdma/sriov-vfs",
"/etc/rdma/ibacm_opts.cfg",
"/etc/rdma/modules/infiniband.conf",
"/etc/rdma/modules/iwarp.conf",
"/etc/rdma/modules/iwpmd.conf",
"/etc/rdma/modules/opa.conf",
"/etc/rdma/modules/rdma.conf",
"/etc/rdma/modules/roce.conf",
"/etc/rdma/modules/srp_daemon.conf",
"/etc/openldap/ldap.conf",
"/etc/openldap/certs/password",
"/etc/openldap/certs/secmod.db",
"/etc/openldap/certs/cert8.db",
"/etc/openldap/certs/key3.db",
"/etc/dhcp/dhclient-exit-hooks.d/azure-cloud.sh",
"/etc/my.cnf.d/mysql-clients.cnf",
"/etc/audit/auditd.conf",
"/etc/audit/audit.rules",
"/etc/audit/audit.rules.prev",
"/etc/audit/audit-stop.rules",
"/etc/audit/rules.d/audit.rules",
"/etc/rsyslog.d/listen.conf",
"/etc/avahi/avahi-autoipd.action",
"/etc/cron.daily/logrotate",
"/etc/cron.daily/man-db.cron",
"/etc/logrotate.d/wpa_supplicant",
"/etc/logrotate.d/yum",
"/etc/logrotate.d/ppp",
"/etc/logrotate.d/syslog",
"/etc/logrotate.d/bootlog",
"/etc/logrotate.d/firewalld",
"/etc/depmod.d/dist.conf",
"/etc/postfix/access",
"/etc/postfix/canonical",
"/etc/postfix/generic",
"/etc/postfix/header_checks",
"/etc/postfix/main.cf",
"/etc/postfix/master.cf",
"/etc/postfix/relocated",
"/etc/postfix/transport",
"/etc/postfix/virtual",
"/etc/python/cert-verification.cfg"
],
"arcroot": "//",
"changed": true,
"dest": "/tmp/all_etc.tar.gz",
"expanded_exclude_paths": [],
"expanded_paths": [
"/etc"
],
"gid": 0,
"group": "root",
"missing": [],
"mode": "0644",
"owner": "root",
"size": 11922005,
"state": "file",
"uid": 0
}
压缩/var/log为zip类型到指定路径
ansible backup -m archive -a "path=/var/log dest=/tmp/all_log.zip format=zip "
范例:
[root@ansible-1 ~]# ansible backup -m archive -a "path=/etc dest=/tmp/all_etc.tar.gz"^C
[root@ansible-1 ~]# ansible backup -m archive -a "path=/var/log dest=/tmp/all_log.zip format=zip"
10.0.1.189 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"archived": [
"/var/log/tallylog",
"/var/log/lastlog",
"/var/log/wtmp",
"/var/log/btmp",
"/var/log/messages",
"/var/log/secure",
"/var/log/maillog",
"/var/log/spooler",
"/var/log/cron",
"/var/log/yum.log",
"/var/log/dmesg.old",
"/var/log/boot.log",
"/var/log/grubby_prune_debug",
"/var/log/grubby",
"/var/log/dmesg",
"/var/log/audit/audit.log",
"/var/log/tuned/tuned.log",
"/var/log/anaconda/anaconda.log",
"/var/log/anaconda/syslog",
"/var/log/anaconda/anaconda.xlog",
"/var/log/anaconda/anaconda.program.log",
"/var/log/anaconda/anaconda.packaging.log",
"/var/log/anaconda/anaconda.storage.log",
"/var/log/anaconda/anaconda.ifcfg.log",
"/var/log/anaconda/ks-script-ZzlEe1.log",
"/var/log/anaconda/ks-script-dOuhDa.log"
],
"arcroot": "/var/",
"changed": true,
"dest": "/tmp/all_log.zip",
"expanded_exclude_paths": [],
"expanded_paths": [
"/var/log"
],
"gid": 0,
"group": "root",
"missing": [],
"mode": "0644",
"owner": "root",
"size": 320974,
"state": "file",
"uid": 0
}
unarchive解压缩模块
ansible远程管理机器
解压缩,准备好原文件
原文件在61机器上
61机器的压缩文件,解压到 41机器的某目录
还是在目标机器上
41机器上,解压缩到41机器的本地 6.
注意了,你现在是远程解压缩,而不是在本机直接解压缩
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/unarchive_module.html#examples
解压缩etc.tgz到指定目录(远程解压)
远程的解压缩
backup机器的/tmp下有 all_etc.tar.gz
解压到/test-etc/
ansible backup -m unarchive -a "src=/tmp/all_etc.tar.gz dest=/test-etc/ remote_src=yes"
解压缩出了整个etc目录到 /test-etc/
[root@rsync-41 ~]#cd /test-etc/
[root@rsync-41 /test-etc]#ls
etc
范例:
[root@ansible-1 ~]# ansible backup -m file -a "path=/test-etc/ state=directory" -b
10.0.1.189 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/test-etc/",
"size": 6,
"state": "directory",
"uid": 0
}
[root@ansible-1 ~]# ansible backup -m unarchive -a "src=/tmp/all_etc.tar.gz dest=/test-etc/ remote_src=yes"
10.0.1.189 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/test-etc/",
"extract_results": {
"cmd": [
"/usr/bin/gtar",
"--extract",
"-C",
"/test-etc/",
"-z",
"-f",
"/tmp/all_etc.tar.gz"
],
"err": "/usr/bin/gtar: etc/udev: time stamp 2024-04-23 05:19:36 is 15873.126722707 s in the future\n/usr/bin/gtar: etc/resolv.conf: time stamp 2024-04-23 05:21:34 is 15991.125807592 s in the future\n/usr/bin/gtar: etc/resolv.conf.save: time stamp 2024-04-23 05:21:29 is 15986.11828903 s in the future\n/usr/bin/gtar: etc/tuned/active_profile: time stamp 2024-04-23 05:21:34 is 15991.10255815 s in the future\n/usr/bin/gtar: etc/tuned/profile_mode: time stamp 2024-04-23 05:21:34 is 15991.102478087 s in the future\n/usr/bin/gtar: etc/udev/hwdb.bin: time stamp 2024-04-23 05:19:36 is 15873.055161097 s in the future\n/usr/bin/gtar: etc/sysconfig/network-scripts/.ifcfg-eth0.swp: time stamp 2024-04-23 05:20:06 is 15903.051450758 s in the future\n",
"out": "",
"rc": 0
},
"gid": 0,
"group": "root",
"handler": "TgzArchive",
"mode": "0755",
"owner": "root",
"size": 16,
"src": "/tmp/all_etc.tar.gz",
"state": "directory",
"uid": 0
}
将管理机的压缩包,解压到远程机器上
将ansible-1master的压缩文件,解压到web-1机器上
复制
生成 all_png.tgz数据
sudo tar czvf /opt/2.tar.gz /etc/selinux
2.远程解压到web-1机器上
[root@ansible-1 ~]# ansible backup -m unarchive -a "src=/opt/2.tar.gz dest=/test-etc/"
10.0.1.189 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/test-etc/",
"extract_results": {
"cmd": [
"/usr/bin/gtar",
"--extract",
"-C",
"/test-etc/",
"-z",
"-f",
"/root/.ansible/tmp/ansible-tmp-1713805639.46-11936-276629873985418/source"
],
"err": "",
"out": "",
"rc": 0
},
"gid": 0,
"group": "root",
"handler": "TgzArchive",
"mode": "0755",
"owner": "root",
"size": 16,
"src": "/root/.ansible/tmp/ansible-tmp-1713805639.46-11936-276629873985418/source",
"state": "directory",
"uid": 0
}
3.检查
[root@ansible-1 ~]# ansible backup -m stat -a "path=/test-etc/"
10.0.1.189 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"stat": {
"atime": 1713805644.6466036,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 0,
"charset": "binary",
"ctime": 1713805640.4166036,
"dev": 2050,
"device_type": 0,
"executable": true,
"exists": true,
"gid": 0,
"gr_name": "root",
"inode": 269017630,
"isblk": false,
"ischr": false,
"isdir": true,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": false,
"issock": false,
"isuid": false,
"mimetype": "inode/directory",
"mode": "0755",
"mtime": 1713805640.4166036,
"nlink": 3,
"path": "/test-etc/",
"pw_name": "root",
"readable": true,
"rgrp": true,
"roth": true,
"rusr": true,
"size": 16,
"uid": 0,
"version": "876557446",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": true,
"xoth": true,
"xusr": true
}
}
补充:
`archive`模块: 打包文件或目录。
`unarchive`模块: 解压归档文件到指定目录。
ansible故障案例解决
故障一:
[root@ansible-1 ~]# ansible web -m ping
[WARNING]: sftp transfer mechanism failed on [10.0.1.187]. Use ANSIBLE_DEBUG=1 to see
detailed information
[WARNING]: sftp transfer mechanism failed on [10.0.1.185]. Use ANSIBLE_DEBUG=1 to see
detailed information
[WARNING]: sftp transfer mechanism failed on [10.0.1.186]. Use ANSIBLE_DEBUG=1 to see
detailed information
10.0.1.186 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.1.185 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.0.1.187 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
解决:ansible 执行命令时,部分主机出现[WARNING]: sftp transfer mechanism failed on [xx]. Use ANSIBLE_DEBUG=1 to see detailed information的报错,以下为解决方案:
一、修改sshd_config文件,取消注释Subsystem sftp /usr/lib/ssh/sftp-server
Subsystem sftp /usr/lib/ssh/sftp-server
当该行注释时,表示禁用sftp,需取消注释启用,修改配置后重启sshd服务
二、当sftp已启用时,报错仍然存在,修改ansible配置文件,添加scp_if_ssh=True
vi /etc/ansible/ansible.cfg
[ssh_connection]
407 scp_if_ssh=True
重新执行ansible,报错不存在了
故障2:
