Ansible-基础及常用模块
安装
1. 准备yum源:
https://developer.aliyun.com/mirror/epel?spm=a2c6h.13651102.0.0.3fde1b11FsojqW
https://developer.aliyun.com/mirror/centos?spm=a2c6h.13651102.0.0.3e221b11CbELri
yum -y install ansible
2. 重要的配置文件
/etc/ansible/ansible.cfg # 配置文件 /etc/ansible/hosts # 主机清单
/etc/ansible/roles # 角色
3. 管理端必须免密钥登录到被管理主机,所以需要配置ssh免密登录
4. 命令组成
host-pattern:主机分组
-m:模块名
-a:模块参数
-f:任务分批处理
ansible host-pattern -m mod_name -a mod_args -f forks -C -u username -c connection
5. 常用模块
ansible-doc -l # 查看所有
ansible-doc -s ping # 查看ping模块如何使用
6. 分组
vim /etc/ansible/hosts # 单台主机 # node1.magedu.com node[1:2]
7. 测试
]# ansible all -m ping node1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } node2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" }
8. command模块,不支持特殊符号
查看使用方法
]# ansible-doc -s command - name: Execute commands on targets command: argv: # Passes the command as a list rather than a string. Use `argv' to avoid quoting values that would otherwise be interpreted incorrectly (for example "user name"). Only the string or the list form can be provided, not both. One or the other must be provided. chdir: # Change into this directory before running the command. cmd: # The command to run. creates: # A filename or (since 2.0) glob pattern. If it already exists, this step *won't* be run. free_form: # The command module takes a free form command to run. There is no actual parameter named 'free form'. removes: # A filename or (since 2.0) glob pattern. If it already exists, this step *will* be run. stdin: # Set the stdin of the command directly to the specified value. stdin_add_newline: # If set to `yes', append a newline to stdin data. strip_empty_ends: # Strip empty lines from the end of stdout/stderr in result. warn: # Enable or disable task warnings.
创建文件
]# ansible all -m command -a 'mkdir /root/1.txt' [WARNING]: Consider using the file module with state=directory rather than running 'mkdir'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. node1 | CHANGED | rc=0 >> node2 | CHANGED | rc=0 >>
9. shell模块,使用shell解释器执行
]# ansible all -m shell -a "id user1 || useradd user1" node2 | CHANGED | rc=0 >> id: user1: no such user node1 | CHANGED | rc=0 >> id: user1: no such user ]# ansible all -m shell -a "id user1 || useradd user1" node1 | CHANGED | rc=0 >> uid=1002(user1) gid=1002(user1) groups=1002(user1) node2 | CHANGED | rc=0 >> uid=1001(user1) gid=1001(user1) groups=1001(user1)
10. group模块
]# ansible-doc -s group - name: Add or remove groups # 添加或移除组 group: gid: # Optional `GID' to set for the group. local: # Forces the use of "local" command alternatives on platforms that implement it. This is useful in environments that use centralized authentication when you want to manipulate the local groups. (e.g. it uses `lgroupadd' instead of `groupadd'). This requires that these commands exist on the targeted host, otherwise it will be a fatal error. name: # (required) Name of the group to manage. non_unique: # This option allows to change the group ID to a non-unique value. Requires `gid'. Not supported on macOS or BusyBox distributions. state: # Whether the group should be present or not on the remote host. # 状态 system: # If `yes', indicates that the group created is a system group. # 是否为系统组
]# ansible node2 -m group -a "name=mygrp gid=2000 system=yes" # 默认state为present node2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, # 黄颜色表示change "gid": 2000, "name": "mygrp", "state": "present", "system": true }
]# ansible node2 -m group -a "name=mygrp state=absent" # 指定state为absent,表示remove mygrp node2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "name": "mygrp", "state": "absent" }
11. user模块
]# ansible node2 -m user -a "name=tom uid=2000 group=mygrp shell=/bin/bash" node2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 2000, "home": "/home/tom", "name": "tom", "shell": "/bin/bash", "state": "present", "system": false, "uid": 2000 }
12. copy模块,拷贝数据到远端
]# ansible all -m copy -a "src=/etc/yum.repos.d/epel.repo dest=/etc/yum.repos.d/epel.repo " node1 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "2feedd589b72617f03d75c4b8a6e328cc1aad918", "dest": "/etc/yum.repos.d/epel.repo", "gid": 0, "group": "root", "md5sum": "bddf35db56cf6be9190fdabeae71c801", "mode": "0644", "owner": "root", "size": 664, "src": "/root/.ansible/tmp/ansible-tmp-1651659124.31-67399-190211834821017/source", "state": "file", "uid": 0 } node2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "2feedd589b72617f03d75c4b8a6e328cc1aad918", "dest": "/etc/yum.repos.d/epel.repo", "gid": 0, "group": "root", "md5sum": "bddf35db56cf6be9190fdabeae71c801", "mode": "0644", "owner": "root", "size": 664, "src": "/root/.ansible/tmp/ansible-tmp-1651659124.33-67401-55117876937371/source", "state": "file", "uid": 0 }
13. fetch模块,只能是文件类型
1. 创建链接文件
2. 修改属性
3. 创建目录
]# ansible node2 -m fetch -a "src=/tmp/fetch.txt dest=/tmp/fetch.txt" # 从远端复制数据到本地 node2 | CHANGED => { "changed": true, "checksum": "a8fdc205a9f19cc1c7507a60c4f01b13d11d7fd0", "dest": "/tmp/fetch.txt/node2/tmp/fetch.txt", "md5sum": "ba1f2511fc30423bdbb183fe33f3dd0f", "remote_checksum": "a8fdc205a9f19cc1c7507a60c4f01b13d11d7fd0", "remote_md5sum": null }
]# cat /tmp/fetch.txt/node2/tmp/fetch.txt 123
14. file模块,修改文件属性
]# ansible node2 -m file -a "group=mygrp mode=0660 path=/tmp/fetch.txt" node2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 2000, "group": "mygrp", "mode": "0660", "owner": "root", "path": "/tmp/fetch.txt", "size": 4, "state": "file", "uid": 0 }
]# ll /tmp/fetch.txt -rw-rw---- 1 root mygrp 4 May 4 18:19 /tmp/fetch.txt
如果文件不存在,会自动创建
]# ansible node2 -m file -a "group=mygrp mode=0660 path=/tmp/filemode-test state=directory" # state不指定,默认是文件类型 node2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 2000, "group": "mygrp", "mode": "0660", "owner": "root", "path": "/tmp/filemode-test", "size": 6, "state": "directory", "uid": 0 }
]# ll total 1796 -rw-rw---- 1 root mygrp 4 May 4 18:19 fetch.txt drw-rw---- 2 root mygrp 6 May 4 18:55 filemode-test # 目录类型
创建目录链接
]# ansible node2 -m file -a "path=/tmp/filemode-test/fetch.txt src=/tmp/fetch.txt state=link" node2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "dest": "/tmp/filemode-test/fetch.txt", "gid": 0, "group": "root", "mode": "0777", "owner": "root", "size": 14, "src": "/tmp/fetch.txt", "state": "link", "uid": 0 }
node2查看
]# ll filemode-test/ total 0 lrwxrwxrwx 1 root root 14 May 4 19:00 fetch.txt -> /tmp/fetch.txt
get_url 模块
下载文件,并且还可以指定属主属组
]# ansible all -m get_url -a "url=http://mirrors.aliyun.com/repo/epel-7.repo dest=/etc/yum.repos.d/ mode=0644" node1 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum_dest": null, "checksum_src": "2feedd589b72617f03d75c4b8a6e328cc1aad918", "dest": "/etc/yum.repos.d/epel-7.repo", "elapsed": 0, "gid": 0, "group": "root", "md5sum": "bddf35db56cf6be9190fdabeae71c801", "mode": "0644", "msg": "OK (664 bytes)", "owner": "root", "size": 664, "src": "/root/.ansible/tmp/ansible-tmp-1651662554.1-4769-61266454199978/tmp07Fcnn", "state": "file", "status_code": 200, "uid": 0, "url": "http://mirrors.aliyun.com/repo/epel-7.repo" } node2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum_dest": null, "checksum_src": "2feedd589b72617f03d75c4b8a6e328cc1aad918", "dest": "/etc/yum.repos.d/epel-7.repo", "elapsed": 0, "gid": 0, "group": "root", "md5sum": "bddf35db56cf6be9190fdabeae71c801", "mode": "0644", "msg": "OK (664 bytes)", "owner": "root", "size": 664, "src": "/root/.ansible/tmp/ansible-tmp-1651662554.17-4771-110854692420595/tmpqXD9Dl", "state": "file", "status_code": 200, "uid": 0, "url": "http://mirrors.aliyun.com/repo/epel-7.repo" }
cron 模块,如果要删除 state=absent 删除即可
]# ansible all -m cron -a "minute=*/5 job='/bin/bash /tmp/test.sh' name=test" # job需要加'' node2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "envs": [], "jobs": [ "test" ] } node1 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "envs": [], "jobs": [ "test" ] }
进入节点查看
]# crontab -l #Ansible: test */5 * * * * /bin/bash /tmp/test.sh ]# crontab -e #Ansible: test */5 * * * * /bin/bash /tmp/test.sh
git 模块
越学越感到自己的无知
