03 可常用模块
1. ansible常用模块使用详解
ansible常用模块有:
1.ping (测试主机之间能否通信的)
2.yum (安装软件的)
3.template (提供配置文件的)
4.copy (文件复制的)
5.user (用户的)
6.group (组管理)
7.service (控制服务的)
8.raw (万能模块)
9.command (万能模块)
10.shell(万能模块)
11.script (脚本模块)
ansible常用模块、、的区别:rawcommandshell
- shell模块调用的/bin/sh指令执行
- command模块不是调用的shell的指令,所以没有bash的环境变量
- raw很多地方和shell类似,更多的地方建议使用shell和command模块。但是如果是使用老版本python,需要用到raw,又或者是客户端是路由器,因为没有安装python模块,那就需要使用raw模块了
2. ansible常用模块之化
ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong
[root@localhost httpd]# ansible all -m ping web01.example.com | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" }
3. ansible常用模块之命令
command模块用于在远程主机上执行命令,ansible默认就是使用command模块。
command模块有一个缺陷就是不能使用管道符和重定向功能。
[root@localhost httpd]# ansible all -a 'date' # 看时间默认就是command模块所以不用-m指定模块 web01.example.com | CHANGED | rc=0 >> 2022年 05月 29日 星期日 11:59:56 CST [root@localhost httpd]# ansible all -a 'ls /tmp' # 查看tmp下面的文件 web01.example.com | CHANGED | rc=0 >> ansible_command_payload_d45v61db ks-script-o1_yjak3 ks-script-rsi7if_l systemd-private-8518df3210304e468b78cfdafb8b9828-chronyd.service-XomUEh vmware-root_1033-4248090797 [root@localhost httpd]# ansible all -a 'touch /tmp/hehe' # 在tmp下面创建hehe [WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. web01.example.com | CHANGED | rc=0 >> # rc等于0说明成功 [root@localhost httpd]# ansible all -a 'ls /tmp' # 查看 web01.example.com | CHANGED | rc=0 >> ansible_command_payload_xoacxuur hehe # hehe是一个空文件,应为command模块不支持管道和重定向 ks-script-o1_yjak3 ks-script-rsi7if_l systemd-private-8518df3210304e468b78cfdafb8b9828-chronyd.service-XomUEh vmware-root_1033-4248090797 [root@localhost httpd]# ansible all -a 'echo "hello world"' web01.example.com | CHANGED | rc=0 >># 都执行成功了 hello world [root@localhost httpd]# ansible all -a 'echo "hello world" > /tmp/hehe' web01.example.com | CHANGED | rc=0 >> hello world > /tmp/hehe [root@localhost httpd]# ansible all -a 'cat /tmp/hehe' web01.example.com | CHANGED | rc=0 >> #但是不支持重定向和管道的功能所以写不进去 [root@localhost httpd]# ansible all -a 'ps -ef|grep abc' # 不能用管道 web01.example.com | FAILED | rc=1 >> error: unsupported SysV option Usage: ps [options] Try 'ps --help <simple|list|output|threads|misc|all>' or 'ps --help <s|l|o|t|m|a>' for additional help text. For more details see ps(1).non-zero return code
4. ansible常用模块之拉
raw模块用于在远程主机上执行命令,其支持管道符与重定向
[root@localhost httpd]# ansible all -m raw -a 'echo "hello world" > /tmp/hehe' # 用raw模块把内容写到hehe里 web01.example.com | CHANGED | rc=0 >> # 成功 Shared connection to web01.example.com closed. [root@localhost httpd]# ansible all -m raw -a 'cat /tmp/hehe' web01.example.com | CHANGED | rc=0 >> hello world # 可以看到hehe的内容,raw支持重定向 Shared connection to web01.example.com closed. [root@web01 ~]# sleep 6000 # 受管主机执行一给进程 [root@localhost httpd]# ansible all -m raw -a 'ps -ef|grep sleep' web01.example.com | CHANGED | rc=0 >> # 管控主机过滤查找成功,说明raw模块支持管道 root 10170 10120 0 14:28 pts/0 00:00:00 sleep 6000 root 10176 10175 2 14:29 pts/2 00:00:00 bash -c ps -ef|grep sleep root 10196 10176 0 14:29 pts/2 00:00:00 grep sleep Shared connection to web01.example.com closed.
5. ansible常用模块之壳
shell模块用于在受控机上执行受控机上的脚本,亦可直接在受控机上执行命令。
shell模块亦支持管道与重定向。
[root@localhost httpd]# ansible all -m shell -a 'ps -ef|grep sleep' web01.example.com | CHANGED | rc=0 >> root 10170 10120 0 14:28 pts/0 00:00:00 sleep 6000 root 10295 10206 0 14:43 pts/2 00:00:00 /bin/sh -c /usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1653806584.6374104-16944-108005594145190/AnsiballZ_command.py && sleep 0 root 10315 10314 0 14:43 pts/2 00:00:00 /bin/sh -c ps -ef|grep sleep root 10317 10315 0 14:43 pts/2 00:00:00 grep sleep [root@localhost httpd]# ansible all -m shell -a 'echo "hehe" >> /tmp/hehe' web01.example.com | CHANGED | rc=0 >> [root@localhost httpd]# ansible all -m shell -a 'cat /tmp/hehe' web01.example.com | CHANGED | rc=0 >> hello world # shell模块支持管道重定向,还可以执行脚本 hehe
[root@web01 ~]# mkdir /scripts #创建一个目录 [root@web01 ~]# vi /scripts/test.sh # 写一个脚本在后运行 #!/bin/bash nohup sleep 7000 & [root@localhost httpd]# ansible all -m shell -a '/bin/bash /scripts/test.sh' web01.example.com | CHANGED | rc=0 >> # 脚本执行成功 [root@localhost httpd]# ansible all -m shell -a 'ps -ef|grep sleep' web01.example.com | CHANGED | rc=0 >> root 11226 1 0 15:13 ? 00:00:00 sleep 7000 root 11329 11116 0 15:13 pts/2 00:00:00 /bin/sh -c /usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1653808439.4453123-17202-220492927218189/AnsiballZ_command.py && sleep 0 root 11349 11348 0 15:13 pts/2 00:00:00 /bin/sh -c ps -ef|grep sleep root 11351 11349 0 15:13 pts/2 00:00:00 grep sleep [root@localhost httpd]# ansible all -m shell -a 'kill -9 11226' web01.example.com | CHANGED | rc=0 >>
6. ansible常用模块之脚本
script模块用于在受控机上执行主控机上的脚本
[root@ansible ~]# ll /etc/ansible/scripts/ 总用量 4 -rw-r--r--. 1 root root 61 9月 8 18:59 a.sh [root@ansible ~]# ansible 172.16.103.129 -m script -a '/etc/ansible/scripts/a.sh &>/tmp/a' 172.16.103.129 | SUCCESS => { "changed": true, "rc": 0, "stderr": "Shared connection to 172.16.103.129 closed.\r\n", "stderr_lines": [ "Shared connection to 172.16.103.129 closed." ], "stdout": "", "stdout_lines": [] } //查看受控机上的/tmp/a文件内容 [root@ansible ~]# ansible 172.16.103.129 -m shell -a 'cat /tmp/a' 172.16.103.129 | SUCCESS | rc=0 >> root:x:0:0:root:/root:/bin/bash ....此处省略N行 jerry:x:1000:1000::/home/jerry:/bin/bash //由此可见确是在受控机上执行了主控机上的脚本,且输出记录到了受控机上。因为此处 \ //的jerry用户是在受控机上才有的用户
7. ansible常用模块之模板
template模块用于生成一个模板,并可将其传输至远程主机上。
[root@web01 ~]# ls /etc/yum.repos.d/ # 查看源 CentOS-Stream-AppStream.repo CentOS-Stream-NFV.repo CentOS-Stream-BaseOS.repo CentOS-Stream-PowerTools.repo CentOS-Stream-Debuginfo.repo CentOS-Stream-RealTime.repo CentOS-Stream-Extras.repo CentOS-Stream-ResilientStorage.repo CentOS-Stream-HighAvailability.repo CentOS-Stream-Sources.repo CentOS-Stream-Media.repo [root@localhost httpd]# ansible all -a 'rm -rf /etc/yum.repos.d/*'#都删除 但是默认command模块不识别*,所以删不掉,所以要用shell模块 [WARNING]: Consider using the file module with state=absent rather than running 'rm'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. web01.example.com | CHANGED | rc=0 >> [root@localhost httpd]# vim ansible.cfg command_warnings = False # 此行注释取消就看不到警告了 [root@localhost httpd]# ansible all -m shell -a 'rm -rf /etc/yum.repos.d/*' # 使用shell模块 web01.example.com | CHANGED | rc=0 >> [root@web01 ~]# ls /etc/yum.repos.d/ # 受管主机查看 都删除了 [root@localhost httpd]# mkdir files # 创建一个放文件的目录 [root@localhost httpd]# ls ansible.cfg files inventory [root@localhost httpd]# cd files # 进到里面去 [root@localhost files]# ls [root@localhost files]# cp /etc/yum.repos.d/CentOS-Base.repo . #把本机的阿里云的源复制到这个目录 [root@localhost files]# ls CentOS-Base.repo [root@localhost httpd]# ansible all -m template -a 'src=files/CentOS-Base.repo dest=/etc/yum.repos.d/CentOS-Base.repo owner=root group=root mode=0644' # 用template模块把files里的yum源传到受管主机的/etc/yum.repos.d里去,拥有者是root,属于root组,权限是0644,应为没有特殊权限,如果传的文件是一个模板文件,文件最后一定要加.j2,别人一看就知道是摹本文件。 "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "checksum": "8bbf30b2d80c3b97292ca7b32f33ef494269a5b8", "dest": "/etc/yum.repos.d/CentOS-Base.repo", "gid": 0, "group": "root", "md5sum": "ed031c350da2532e6a8d09a4d9b05278", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:system_conf_t:s0", "size": 1653, "src": "/root/.ansible/tmp/ansible-tmp-1653811896.0084877-17486-90495303878585/source", "state": "file", "uid": 0 } [root@web01 ~]# ls /etc/yum.repos.d/ # 受管主机查看,传过来了 CentOS-Base.repo
8. ansible常用模块之yum
yum模块用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个
- 名称:要管理的包名
- 状态:要进行的操作
state常用的值:
- 最新:安装软件
- 已安装:安装软件
- 当前:安装软件
- 已删除:卸载软件
- absent:卸载软件
若想使用yum来管理软件,请确保受控机上的yum源无异常。
[root@web01 ~]# rpm -qa|grep vsftpd # 受管主机上没有这个包 [root@localhost httpd]# ansible all -m dnf -a 'name=vsftpd state=present' # 用dnf模块安装,yum也可以,装的包的名字,状态安装 web01.example.com | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "msg": "", "rc": 0, "results": [ "Installed: vsftpd-3.0.3-34.el8.x86_64" ] } [root@web01 ~]# rpm -qa|grep vsftpd # 已经装好 vsftpd-3.0.3-34.el8.x86_64 [root@localhost httpd]# ansible all -m dnf -a 'name=vsftpd state=absent' # 删除,把状态改成删除 web01.example.com | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "msg": "", "rc": 0, "results": [ "Removed: vsftpd-3.0.3-34.el8.x86_64" ] } [root@web01 ~]# rpm -qa|grep vsftpd # 已删除
9. 可控常用模块之复印
copy模块用于复制文件至远程受控机。
[root@localhost httpd]# ansible all -m copy -a 'content="xixi" dest=/tmp/hehe' # 把xixi文件加到hehe下面 web01.example.com | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "checksum": "1daf4eb81fe0f76949323544174e6e4900a39d39", "dest": "/tmp/hehe", "gid": 0, "group": "root", "md5sum": "de156e39c8481df78050021b1ffcd425", "mode": "0644", "owner": "root", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 4, "src": "/root/.ansible/tmp/ansible-tmp-1653813859.9440858-17606-106930879071085/source", "state": "file", "uid": 0 } [root@web01 ~]# cat /tmp/hehe xixi[root@web01 ~]# # xixi覆盖掉了之前的文件,而且没有换行 [root@localhost httpd]# ansible all -m copy -a 'content="xixi\n" dest=/tmp/hehe' # 加一个斜杠n就可以换行了 [root@web01 ~]# cat /tmp/hehe xixi [root@localhost httpd]# ansible all -m copy -a 'content="xixi\nhello world\nhello tom\n123\n" dest=/tmp/hehe' # 多加几行内容 web01.example.com | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "checksum": "53018e18d8e1c0b559f697b867b06a3016ddc4fb", "dest": "/tmp/hehe", "gid": 0, "group": "root", "md5sum": "0ee8522d362744b8975058ca7c818453", "mode": "0644", "owner": "root", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 31, "src": "/root/.ansible/tmp/ansible-tmp-1653814171.5738018-17695-210043463412059/source", "state": "file", "uid": 0 } [root@web01 ~]# cat /tmp/hehe xixi hello world hello tom 123 [root@localhost httpd]# ansible all -m copy -a 'src=inventory dest=/tmp/inventory owner=root group=root mode=0644' 把inventory复制到tmp下面 web01.example.com | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "checksum": "28aae659014066f2d944d48482d6bfa1135fe919", "dest": "/tmp/inventory", "gid": 0, "group": "root", "md5sum": "559a3105bfa213d8351cd3cd252f1704", "mode": "0644", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 73, "src": "/root/.ansible/tmp/ansible-tmp-1653814384.9537547-17738-162668302344956/source", "state": "file", "uid": 0 } [root@web01 ~]# ll /tmp # 受管主机查看 总用量 16 drwx------. 2 root root 41 5月 29 15:07 ansible_command_payload_fuj5ld4d -rw-r--r--. 1 root root 31 5月 29 16:49 hehe -rw-r--r--. 1 root root 73 5月 29 16:53 inventory
10. 可常用模块之组
group模块用于在受控机上添加或删除组。
[root@localhost httpd]# ansible all -m group -a 'name=tom state=present' # 创建tom组 状态是创建 web01.example.com | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "gid": 1000, "name": "tom", "state": "present", "system": false } [root@web01 ~]# grep tom /etc/group # 受管主机已创建好tom组 tom:x:1000: [root@localhost httpd]# ansible all -m group -a 'name=tom state=present gid=2000' # 修改gid web01.example.com | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "gid": 2000, "name": "tom", "state": "present", "system": false } [root@web01 ~]# grep tom /etc/group tom:x:2000: [root@localhost httpd]# ansible all -m group -a 'name=tom state=absent' # 删除组,把状态改成删除就可以了 web01.example.com | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "name": "tom", "state": "absent" } [root@web01 ~]# grep tom /etc/group # 没有了 [root@web01 ~]#
11. ansible常用模块之用户
user模块用于管理受控机的用户帐号。
[root@localhost httpd]# ansible all -m user -a 'name=apache state=present system=yes create_home=no shell=/sbin/nologin' #创建一个系统用户,叫apache 没有家目录没有登录的shell web01.example.com | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "comment": "", "create_home": false, "group": 991, "home": "/home/apache", "name": "apache", "shell": "/sbin/nologin", "state": "present", "system": true, "uid": 994 } [root@web01 ~]# id apache # 受管主机查看 uid=994(apache) gid=991(apache) 组=991(apache) [root@web01 ~]# grep apache /etc/passwd apache:x:994:991::/home/apache:/sbin/nologin [root@web01 ~]# ll /home/ 总用量 0 drwx------. 2 2000 4000 62 5月 27 22:53 tom [root@localhost httpd]# ansible all -m debug -a "msg={{ 'runtime123$' | password_hash('sha512', 'mysecretsalt') }}" web01.example.com | SUCCESS => { "msg": "$6$mysecretsalt$cggJvCJuq6WCiCz2.qEXEfu4JVPcWnDThHWOPxYU1Bt47xQJz7Fgap4OZHr/Ar/hBqwLMNjrYnDpqivjB9UAG." } # 生成加密的密码 [root@localhost httpd]# ansible all -m user -a 'name=tom password="$6$mysecretsalt$cggJvCJuq6WCiCz2.qEXEfu4JVPcWnDThHWOPxYU1Bt47xQJz7Fgap4OZHr/Ar/hBqwLMNjrYnDpqivjB9UAG." state=present' # 由加密的密码创建 web01.example.com | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "append": false, "changed": true, "comment": "", "group": 1000, "home": "/home/tom", "move_home": false, "name": "tom", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "uid": 1000 } [root@localhost httpd]# ansible all -m user -a 'name=jerry state=present' # 创建一个jerry用户不加密码 web01.example.com | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "comment": "", "create_home": true, "group": 1001, "home": "/home/jerry", "name": "jerry", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1001 } [root@web01 ~]# id tom uid=1000(tom) gid=1000(tom) 组=1000(tom) [root@web01 ~]# id jerry uid=1001(jerry) gid=1001(jerry) 组=1001(jerry) [jerry@web01 ~]$ su - tom 密码: # 输入密码 上一次登录:日 5月 29 22:01:52 CST 2022pts/1 上 su: 警告:无法更改到 /home/tom 目录: 权限不够 -bash: /home/tom/.bash_profile: 权限不够 [tom@web01 jerry]$ # 切换成功
12. ansible常用模块之服务
service模块用于管理受控机上的服务。
[root@localhost httpd]# ansible all -m dnf -a 'name=vsftpd state=present' # 用dnf模块安装vsftpd web01.example.com | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "msg": "", "rc": 0, "results": [ "Installed: vsftpd-3.0.3-34.el8.x86_64" ] } [root@web01 ~]# rpm -qa|grep vsftpd # 安装好了 vsftpd-3.0.3-34.el8.x86_64 [root@web01 ~]# systemctl status vsftpd # 没有启动 ● vsftpd.service - Vsftpd ftp daemon Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor pr> Active: inactive (dead) [root@localhost httpd]# ansible all -m service -a 'name=vsftpd enabled=yes state=started' # 用service模块设置vsftpd服务,开机自启,状态启动 [root@web01 ~]# systemctl status vsftpd # 查看启动 ● vsftpd.service - Vsftpd ftp daemon Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2022-05-29 22:51:15 CST; 1min 21s ago Process: 2471 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCE> Main PID: 2472 (vsftpd) Tasks: 1 (limit: 11175) Memory: 576.0K CGroup: /system.slice/vsftpd.service └─2472 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 25岁的心里话
· 闲置电脑爆改个人服务器(超详细) #公网映射 #Vmware虚拟网络编辑器
· 基于 Docker 搭建 FRP 内网穿透开源项目(很简单哒)
· 零经验选手,Compose 一天开发一款小游戏!
· 一起来玩mcp_server_sqlite,让AI帮你做增删改查!!