Ansible(4):常用模块
Ansible(4):常用模块
1 常用模块
command 执行shell命令(不支持管道等特殊字符) shell 执行shell命令 scripts 执行shell脚本 yum_repository 配置yum仓库 get_url 联网下载 yum 安装 copy 配置 service、systemd 启动 user、group 创建用户与组 file 授权 crond 定时任务 mount 挂载 firewalld firewall selinux selinux
2 ansible-doc模块帮助手册
ansible-doc -l 查看所有模块说明 ansible-doc copy 表示查看指定模块说明 ansible-doc -s copy 表示指定模块的参数
3 command模块 默认执行bash命令,不支持重定向或管道
[admin@pe-jira ~]$ ansible ris -m command -a 'uptime' 10.6.75.171 | CHANGED | rc=0 >> 19:48:47 up 679 days, 21:37, 1 user, load average: 0.00, 0.01, 0.05 10.6.75.172 | CHANGED | rc=0 >> 19:48:47 up 679 days, 21:37, 1 user, load average: 0.03, 0.03, 0.05
4 shell模块,bash命令模块,支持管道不支持别名
[admin@pe-jira ~]$ ansible ris -m command -a 'df -h| grep centos-root' 10.6.75.171 | FAILED | rc=1 >> df:无效选项 -- | Try 'df --help' for more information.non-zero return code 10.6.75.172 | FAILED | rc=1 >> df:无效选项 -- | Try 'df --help' for more information.non-zero return code [admin@pe-jira ~]$ ansible ris -m shell -a 'df -h| grep centos-root' 10.6.75.171 | CHANGED | rc=0 >> /dev/mapper/centos-root 120G 18G 103G 15% / 10.6.75.172 | CHANGED | rc=0 >> /dev/mapper/centos-root 120G 19G 102G 16% / [admin@pe-jira ~]$
5 script脚本模块
[admin@pe-jira ~]$ cat /tmp/1.sh #!/bin/bash ip=`/usr/sbin/ifconfig eth0| grep inet| grep netmask| awk -F '[ ]+' '{print $3}'` echo "主机IP是:$ip" [admin@pe-jira ~]$ ansible ris -m script -a '/tmp/1.sh' 10.6.75.171 | CHANGED => { "changed": true, "rc": 0, "stderr": "Shared connection to 10.6.75.171 closed.\r\n", "stderr_lines": [ "Shared connection to 10.6.75.171 closed." ], "stdout": "主机IP是:10.6.75.171\r\n", "stdout_lines": [ "主机IP是:10.6.75.171" ] } 10.6.75.172 | CHANGED => { "changed": true, "rc": 0, "stderr": "Shared connection to 10.6.75.172 closed.\r\n", "stderr_lines": [ "Shared connection to 10.6.75.172 closed." ], "stdout": "主机IP是:10.6.75.172\r\n", "stdout_lines": [ "主机IP是:10.6.75.172" ] }
6 yum安装软件模块
常用参数
常用参数 name= --所安装的包的名称 state= --指定使用yum方法 installed /present --->安装 latest --->安装最新的, remove/absent ---> 卸载软件。 update_cache #强制更新yum的缓存 conf_file #指定远程yum安装时所依赖的配置文件(安装本地已有的包)。 disable_pgp_check #是否禁止GPG checking,只用于presentor latest。 disablerepo #临时禁止使用yum库。 只用于安装或更新时。 enablerepo #临时使用的yum库。只用于安装或更新时。
Yum 需要root权限 用户密码或者--become
[admin@pe-jira ~]$ sudo vim /etc/ansible/hosts [test] 10.6.76.23 ansible_ssh_user=root ansible_ssh_pass=123456 10.6.76.24 ansible_ssh_user=root ansible_ssh_pass=123456 10.6.76.25 ansible_ssh_user=root ansible_ssh_pass=123456 10.6.76.26 ansible_ssh_user=root ansible_ssh_pass=123456 [admin@pe-jira ~]$ ansible test -m yum -a "name=httpd state=installed" 10.6.76.26 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "msg": "", "rc": 0, "results": [ "httpd-2.4.6-89.el7.centos.x86_64 providing httpd is already installed" ] } 10.6.76.24 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "msg": "", "rc": 0, "results": [ "httpd-2.4.6-90.el7.centos.x86_64 providing httpd is already installed" ] } 10.6.76.23 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "msg": "", "rc": 0, "results": [ "httpd-2.4.6-90.el7.centos.x86_64 providing httpd is already installed" ] } 10.6.76.25 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "msg": "", "rc": 0, "results": [ "httpd-2.4.6-89.el7.centos.1.x86_64 providing httpd is already installed" ] } [admin@pe-jira ~]$ ansible test -m shell -a 'rpm -qa | grep httpd' [WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If you need to use command because yum, dnf or zypper is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. 10.6.76.24 | CHANGED | rc=0 >> httpd-tools-2.4.6-90.el7.centos.x86_64 httpd-2.4.6-90.el7.centos.x86_64 10.6.76.23 | CHANGED | rc=0 >> httpd-2.4.6-90.el7.centos.x86_64 httpd-tools-2.4.6-90.el7.centos.x86_64 10.6.76.26 | CHANGED | rc=0 >> httpd-tools-2.4.6-89.el7.centos.x86_64 httpd-2.4.6-89.el7.centos.x86_64 10.6.76.25 | CHANGED | rc=0 >> httpd-2.4.6-89.el7.centos.1.x86_64 httpd-tools-2.4.6-89.el7.centos.1.x86_64
7 copy文件拷贝模块
常用参数
src #被复制到远程主机的本地文件。可以是绝对路径,也可以是相对路径。如果路径是一个目录,则会递归复制,用法类似于"rsync" content 直接在批量的被管理端文件中追加内容 dest #必选项,将源文件复制到的远程主机的绝对路径 backup #当文件内容发生改变后,在覆盖之前把源文件备份,备份文件包含时间信息 directory_mode #递归设定目录的权限,默认为系统默认权限 force #当目标主机包含该文件,但内容不同时,设为"yes",表示强制覆盖;设为"no",表示目标主机的目标位置不存在该文件才复制。默认为"yes" others #所有的 file 模块中的选项可以在这里使用 group 本地文件推送到远端,指定文件属组 owner 本地文件推送到远端,指定文件属主 mode 本地文件推送到远端,指定文件权限信息
#1.拷贝文件文件至被控节点
ansible test -m copy -a 'src=/etc/hosts dest=/tmp/test.txt' [admin@pe-jira ~]$ ansible test -m shell -a "ls /tmp/test.txt -l" 10.6.76.26 | CHANGED | rc=0 >> -rw-r--r--. 1 root root 776 2月 17 20:26 /tmp/test.txt 10.6.76.25 | CHANGED | rc=0 >> -rw-r--r--. 1 root root 776 2月 17 20:26 /tmp/test.txt 10.6.76.23 | CHANGED | rc=0 >> -rw-r--r--. 1 root root 776 2月 17 20:26 /tmp/test.txt 10.6.76.24 | CHANGED | rc=0 >> -rw-r--r--. 1 root root 776 2月 17 20:26 /tmp/test.txt
#2.对远端已有文件进行备份,首先是文件有变化,按照时间信息备份
[admin@pe-jira ~]$ ansible test -m copy -a 'src=./iplist dest=/tmp/test.txt backup=yes' [admin@pe-jira ~]$ ansible test -m shell -a "ls /tmp/test.txt* -l" 10.6.76.26 | CHANGED | rc=0 >> -rw-r--r--. 1 root root 355 2月 17 20:29 /tmp/test.txt -rw-r--r--. 1 root root 776 2月 17 20:26 /tmp/test.txt.14602.2020-02-17@20:29:50~ 10.6.76.25 | CHANGED | rc=0 >> -rw-r--r--. 1 root root 355 2月 17 20:29 /tmp/test.txt -rw-r--r--. 1 root root 776 2月 17 20:26 /tmp/test.txt.29477.2020-02-17@20:29:50~ 10.6.76.23 | CHANGED | rc=0 >> -rw-r--r--. 1 root root 355 2月 17 20:29 /tmp/test.txt -rw-r--r--. 1 root root 776 2月 17 20:26 /tmp/test.txt.28496.2020-02-17@20:29:50~ 10.6.76.24 | CHANGED | rc=0 >> -rw-r--r--. 1 root root 355 2月 17 20:29 /tmp/test.txt -rw-r--r--. 1 root root 776 2月 17 20:26 /tmp/test.txt.1734.2020-02-17@20:29:50~ [admin@pe-jira ~]$
#3.向被控端主机写入数据,并且会覆盖远端文件内原有数据信息
[admin@pe-jira ~]$ ansible test -m copy -a "content='ansible-test' dest=/tmp/test.txt" [admin@pe-jira ~]$ ansible test -m shell -a "ls /tmp/test.txt* -l" 10.6.76.26 | CHANGED | rc=0 >> -rw-r--r--. 1 root root 12 2月 17 20:31 /tmp/test.txt -rw-r--r--. 1 root root 776 2月 17 20:26 /tmp/test.txt.14602.2020-02-17@20:29:50~ 10.6.76.23 | CHANGED | rc=0 >> -rw-r--r--. 1 root root 12 2月 17 20:31 /tmp/test.txt -rw-r--r--. 1 root root 776 2月 17 20:26 /tmp/test.txt.28496.2020-02-17@20:29:50~ 10.6.76.24 | CHANGED | rc=0 >> -rw-r--r--. 1 root root 12 2月 17 20:31 /tmp/test.txt -rw-r--r--. 1 root root 776 2月 17 20:26 /tmp/test.txt.1734.2020-02-17@20:29:50~ 10.6.76.25 | CHANGED | rc=0 >> -rw-r--r--. 1 root root 12 2月 17 20:31 /tmp/test.txt -rw-r--r--. 1 root root 776 2月 17 20:26 /tmp/test.txt.29477.2020-02-17@20:29:50~ [admin@pe-jira ~]$ ansible test -m shell -a "cat /tmp/test.txt" 10.6.76.26 | CHANGED | rc=0 >> ansible-test 10.6.76.24 | CHANGED | rc=0 >> ansible-test 10.6.76.25 | CHANGED | rc=0 >> ansible-test 10.6.76.23 | CHANGED | rc=0 >> ansible-test
#4对被控制端文件设置文件属组和属性
[admin@pe-jira ~]$ ansible test -m copy -a 'src=./iplist dest=/tmp/test.txt2 backup=yes owner=root group=root mode=777' [admin@pe-jira ~]$ ansible test -m shell -a "ls -l /tmp/test.txt2" 10.6.76.26 | CHANGED | rc=0 >> -rwxrwxrwx. 1 root root 355 2月 17 20:41 /tmp/test.txt2 10.6.76.24 | CHANGED | rc=0 >> -rwxrwxrwx. 1 root root 355 2月 17 20:41 /tmp/test.txt2 10.6.76.25 | CHANGED | rc=0 >> -rwxrwxrwx. 1 root root 355 2月 17 20:41 /tmp/test.txt2 10.6.76.23 | CHANGED | rc=0 >> -rwxrwxrwx. 1 root root 355 2月 17 20:41 /tmp/test.txt2 [admin@pe-jira ~]$ [admin@pe-jira ~]$ ansible test -m copy -a 'src=./iplist dest=/tmp/test.txt2 backup=yes owner=admin group=admin mode=700' [admin@pe-jira ~]$ ansible test -m shell -a "ls -l /tmp/test.txt2" 10.6.76.26 | CHANGED | rc=0 >> -rwx------. 1 admin admin 355 2月 17 20:41 /tmp/test.txt2 10.6.76.24 | CHANGED | rc=0 >> -rwx------. 1 admin admin 355 2月 17 20:41 /tmp/test.txt2 10.6.76.25 | CHANGED | rc=0 >> -rwx------. 1 admin admin 355 2月 17 20:41 /tmp/test.txt2 10.6.76.23 | CHANGED | rc=0 >> -rwx------. 1 admin admin 355 2月 17 20:41 /tmp/test.txt2 [admin@pe-jira ~]$
8 service服务状态模块
name #定义要启动的服务名称 state #指定服务状态是停止或者运行。停止和启动指令要写成过去时 started --启动 stoped --停止 restarted --重启 reloaded --重载 enabled #是否设置自启动 yes --是 no --否 sleep #在重启服务的过程中,是否等待。如在服务关闭以后等待2秒再启动。(定义在剧本中。)
#1开启服务并设置自启动
[admin@pe-jira ~]$ ansible test -m shell -a "ps -ef | grep httpd| grep -v grep" 10.6.76.24 | FAILED | rc=1 >> non-zero return code 10.6.76.26 | FAILED | rc=1 >> non-zero return code 10.6.76.25 | CHANGED | rc=0 >> root 1432 1 0 1月11 ? 00:03:14 /usr/sbin/httpd -DFOREGROUND apache 9689 1432 0 2月16 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 9690 1432 0 2月16 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 9691 1432 0 2月16 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 9692 1432 0 2月16 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 9694 1432 0 2月16 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND 10.6.76.23 | FAILED | rc=1 >> non-zero return code [admin@pe-jira ~]$ ansible test -m service -a "name=httpd state=started enabled=yes" [admin@pe-jira ~]$ ansible test -m shell -a "systemctl status httpd" 10.6.76.24 | FAILED | rc=3 >> ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: man:httpd(8) man:apachectl(8)non-zero return code 10.6.76.23 | FAILED | rc=3 >> ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: man:httpd(8) man:apachectl(8)non-zero return code 10.6.76.26 | FAILED | rc=3 >> ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since 二 2019-11-05 15:49:32 CST; 3 months 12 days ago Docs: man:httpd(8) man:apachectl(8) Main PID: 4851 (code=exited, status=1/FAILURE) Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.non-zero return code 10.6.76.25 | CHANGED | rc=0 >> ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since 六 2020-01-11 20:43:38 CST; 1 months 6 days ago Docs: man:httpd(8) man:apachectl(8) Process: 9636 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS) Main PID: 1432 (httpd) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" Tasks: 6 Memory: 42.5M CGroup: /system.slice/httpd.service ├─1432 /usr/sbin/httpd -DFOREGROUND ├─9689 /usr/sbin/httpd -DFOREGROUND ├─9690 /usr/sbin/httpd -DFOREGROUND ├─9691 /usr/sbin/httpd -DFOREGROUND ├─9692 /usr/sbin/httpd -DFOREGROUND └─9694 /usr/sbin/httpd -DFOREGROUND Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. [admin@pe-jira ~]$ ansible test -m service -a "name=httpd state=started enabled=yes" …. [admin@pe-jira ~]$ ansible test -m shell -a "systemctl status httpd|grep enable" 10.6.76.26 | CHANGED | rc=0 >> Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) 10.6.76.24 | CHANGED | rc=0 >> Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) 10.6.76.25 | CHANGED | rc=0 >> Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) 10.6.76.23 | CHANGED | rc=0 >> Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) [admin@pe-jira ~]$
#2修改一下首页
[admin@pe-jira ~]$ curl -s 10.6.76.23| grep "Apache HTTP server" <p class="lead">This page is used to test the proper operation of the <a href="http://apache.org">Apache HTTP server</a> after it has been installed. If you can read this page it means that this site is working properly. This server is powered by <ahref="http://centos.org">CentOS</a>.</p> [admin@pe-jira ~]$ [admin@pe-jira ~]$ ansible test -m copy -a "content='test-------' dest=/var/www/html/index.html" [admin@pe-jira ~]$ ansible test -m shell -a "cat /var/www/html/index.html" 10.6.76.26 | CHANGED | rc=0 >> test------- 10.6.76.24 | CHANGED | rc=0 >> test------- 10.6.76.25 | CHANGED | rc=0 >> test------- 10.6.76.23 | CHANGED | rc=0 >> test------- [admin@pe-jira ~]$ curl -s 10.6.76.23 test-------[admin@pe-jira ~]$ curl -s 10.6.76.24 test-------[admin@pe-jira ~]$ [admin@pe-jira ~]$
9 group 添加或删除组
常用的选项如下:
gid= #设置组的GID号 name= #指定组的名称 state= #指定组的状态,默认为创建,设置值为absent为删除 system= #设置值为yes,表示创建为系统组
#1创建组
[admin@pe-jira ~]$ ansible test -m group -a 'name=wx gid=2222' 10.6.76.26 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 2222, "name": "wx", "state": "present", "system": false } 10.6.76.24 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 2222, "name": "wx", "state": "present", "system": false } … [admin@pe-jira ~]$ ansible test -m shell -a "cat /etc/group|grep 2222" 10.6.76.24 | CHANGED | rc=0 >> wx:x:2222: 10.6.76.26 | CHANGED | rc=0 >> wx:x:2222: 10.6.76.23 | CHANGED | rc=0 >> wx:x:2222: 10.6.76.25 | CHANGED | rc=0 >> wx:x:2222: [admin@pe-jira ~]$
#2删除组
[admin@pe-jira ~]$ ansible test -m group -a 'name=wx state=absent' 10.6.76.26 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "name": "wx", "state": "absent" } 10.6.76.24 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "name": "wx", "state": "absent" …….
10 User模块管理用户账号
其主要选项如下:
comment # 用户的描述信息 createhome # 是否创建家目录 force # 在使用state=absent时, 行为与userdel –force一致. group # 指定基本组 groups # 指定附加组,如果指定为(groups=)表示删除所有组 home # 指定用户家目录 move_home # 如果设置为home=时, 试图将用户主目录移动到指定的目录 name # 指定用户名 non_unique # 该选项允许改变非唯一的用户ID值 password # 指定用户密码,你们使用明文,需要openssl加密后的密码 remove # 在使用state=absent时, 行为是与userdel –remove一致 shell # 指定默认shell state # 设置帐号状态,不指定为创建,指定值为absent表示删除 system # 当创建一个用户,设置这个用户是系统用户。这个设置不能更改现有用户 uid # 指定用户的uid
#1添加一个用户并指定其 uid
[admin@pe-jira ~]$ ansible test -m user -a 'name=wx uid=1111' 10.6.76.24 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1111, "home": "/home/wx", "name": "wx", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1111 } 10.6.76.23 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1111, "home": "/home/wx", "name": "wx", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1111 } 10.6.76.25 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1111, "home": "/home/wx", "name": "wx", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1111 } [admin@pe-jira ~]$ ansible test -m shell -a "cat /etc/passwd|grep 1111" 10.6.76.23 | CHANGED | rc=0 >> wx:x:1111:1111::/home/wx:/bin/bash 10.6.76.24 | CHANGED | rc=0 >> wx:x:1111:1111::/home/wx:/bin/bash
#2删除用户
[admin@pe-jira ~]$ ansible test -m user -a 'name=wx state=absent' 10.6.76.24 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "force": false, "name": "wx", "remove": false, "state": "absent" } 10.6.76.23 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "force": false, "name": "wx", "remove": false, "state": "absent" } [admin@pe-jira ~]$ ansible test -m shell -a "cat /etc/passwd|grep 1111" 10.6.76.23 | FAILED | rc=1 >> non-zero return code 10.6.76.24 | FAILED | rc=1 >> non-zero return code
#3增加用户wx3,设置密码123
需要安装openssl密码加密值,最好双引号
[admin@pe-jira ~]$ echo "123" | openssl passwd -1 -stdin $1$N40DQDfq$EvmD58Rn0OwvfsnFcezxc. [admin@pe-jira ~]$ [admin@pe-jira ~]$ ansible test -m user -a 'name=wx3 uid=60000 group=wx password=$1$N40DQDfq$EvmD58Rn0OwvfsnFcezxc. ' 10.6.76.24 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "append": false, "changed": true, "comment": "", "group": 1111, "home": "/home/wx3", "move_home": false, "name": "wx3", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "uid": 60000 } [admin@pe-jira ~]$ ssh wx3@10.6.76.26 wx3@10.6.76.26's password: Last login: Tue Feb 18 21:19:04 2020 from 10.6.76.27 [wx3@k8s-master ~]$
#4增加用户wx2,不让登陆,不创建家目录
[admin@pe-jira ~]$ ansible test -m user -a "name=wx2 uid=555 group=wx2 shell=/sbin/nologin create_home=no" 10.6.76.24 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "append": false, "changed": true, "comment": "", "group": 1112, "home": "/home/wx2", "move_home": false, "name": "wx2", "shell": "/sbin/nologin", "state": "present", "uid": 555 }
11 file模块设置文件属性
该模块主要用于设置文件的属性,比如创建文件、创建链接文件、删除文件等。
下面是一些常见的命令:
src 源文件路径 force #需要在两种情况下强制创建软链接,一种是源文件不存在,但之后会建立的情况下;另一种是目标软链接已存在,需要先取消之前的软链,然后创建新的软链,有两个选项:yes|no group #定义文件/目录的属组。后面可以加上mode:定义文件/目录的权限 owner #定义文件/目录的属主。后面必须跟上path:定义文件/目录的路径 recurse #递归设置文件的属性,只对目录有效,后面跟上src:被链接的源文件路径,只应用于state=link的情况recurse=yes dest #被链接到的路径,只应用于state=link的情况 state #状态,有以下选项: directory:如果目录不存在,就创建目录 file:即使文件不存在,也不会被创建 link:创建软链接 hard:创建硬链接 touch:如果文件不存在,则会创建一个新的文件,如果文件或目录已存在,则更新其最后修改时间 absent:删除目录、文件或者取消链接文件
#1创建目录/data,属主666,属组666
[admin@pe-jira ~]$ ansible test -m file -a 'path=/data owner=666 group=666 recurse=yes state=directory' 10.6.76.23 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 666, "group": "666", "mode": "0755", "owner": "666", "path": "/data", "secontext": "system_u:object_r:default_t:s0", "size": 6, "state": "directory", "uid": 666 }
#2创建文件/tmp/ansible-test,权限600
[admin@pe-jira ~]$ ansible test -m file -a 'path=/tmp/ansible-test state=touch mode=600' 10.6.76.24 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "dest": "/tmp/ansible-test", "gid": 0, "group": "root", "mode": "0600", "owner": "root", "secontext": "system_u:object_r:user_tmp_t:s0", "size": 0, "state": "file", "uid": 0 } [admin@pe-jira ~]$ ansible test -m shell -a "ls -l /tmp/ansible-test " 10.6.76.24 | CHANGED | rc=0 >> -rw-------. 1 root root 0 2月 18 22:30 /tmp/ansible-test
#3远端文件设置软连接
[admin@pe-jira ~]$ ansible test -m file -a "src=/etc/hosts path=/tmp/hosts state=link" 10.6.76.24 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "dest": "/tmp/hosts", "gid": 0, "group": "root", "mode": "0777", "owner": "root", "secontext": "system_u:object_r:user_tmp_t:s0", "size": 10, "src": "/etc/hosts", "state": "link", "uid": 0 } [admin@pe-jira ~]$ ansible test -m shell -a "ls /tmp/hosts -l" 10.6.76.26 | CHANGED | rc=0 >> lrwxrwxrwx. 1 root root 10 2月 18 22:36 /tmp/hosts -> /etc/hosts
12 mount挂载模块
常用参数
path 挂载点
src 需要挂载的设置
fstype 挂在社保的文件系统
iso9660光驱
ext4
xfs
nfs
cifs samba 共享文件系统
ntfs windows磁盘文件系统
opts 挂载属性
noatime
noexec
nosuid
state 挂载动作
absent 会进行卸载,也会修改fstab文件信息
unmounted 会进行卸载,不会修改fstab文件
present 不会挂载,只会修改fstab文件
mounted 会进行挂载,会修改fstab文件
#1 通过nfs实现文件共享
1 安装nfs ansible pe -m yum -a 'name=nfs-utils state=installed' --become 2 启动服务 ansible pe -m service -a "name=nfs state=started" --become 3 修改配置文件 #直接追加内容,或者写好文件推送过去 ansible pe -m copy -a "content='/data 10.6.76.0/24 (rw,sync,all_squash,anonuid=666,anongid=666)' dest=/etc/exports owner=root group=root" --become 4 创建目录,用户,修改所属 5 重载配置文件 ansible pe -m service -a "name=nfs state=restarted" --become 6 在web端安装http ansible test -m yum -a 'name=httpd state=installed' --become
[admin@pe-jira ~]$ ansible pe -m yum -a 'name=nfs-utils state=installed' --become 10.6.76.28 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "msg": "", "rc": 0, "results": [ "1:nfs-utils-1.3.0-0.65.el7.x86_64 providing nfs-utils is already installed" ] } [admin@pe-jira ~]$ ansible pe -m service -a "name=nfs state=started" --become 10.6.76.28 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "name": "nfs", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", …. [admin@pe-jira wangxu]$ vim conf/exports [admin@pe-jira wangxu]$ pwd /home/admin/wangxu [admin@pe-jira wangxu]$ cat conf/exports /data 10.6.76.0/24 (rw,sync,all_squash,anonuid=666,anongid=666) [admin@pe-jira wangxu]$ pwd /home/admin/wangxu [admin@pe-jira wangxu]$ ansible pe -m copy -a "src=/home/admin/wangxu/conf/exports dest=/etc/ owner=root group=root" --become 10.6.76.28 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "ce544fe760fc1cf43c3ac983f96491edaeaa1beb", "dest": "/etc/exports", "gid": 0, "group": "root", "md5sum": "64980eaab155114f7b20416525be88e2", "mode": "0644", "owner": "root", "size": 64, "src": "/home/admin/.ansible/tmp/ansible-tmp-1582046929.84-41104357188626/source", "state": "file", "uid": 0 } [admin@pe-jira wangxu]$ ansible pe -m copy -a "content='/data 10.6.76.0/24 (rw,sync,all_squash,anonuid=666,anongid=666)' dest=/etc/exports owner=root group=root" --become 10.6.76.28 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "8826385613938c7796571e93326dc544443cadab", "dest": "/etc/exports", "gid": 0, "group": "root", "md5sum": "be4bed9c94dbee88efddf1b1189273d1", "mode": "0644", "owner": "root", "size": 63, "src": "/home/admin/.ansible/tmp/ansible-tmp-1582047210.81-244412409761131/source", "state": "file", "uid": 0 } [admin@pe-jira wangxu]$ ansible pe -m shell -a "cat /etc/exports" 10.6.76.28 | CHANGED | rc=0 >> /data 10.6.76.0/24 (rw,sync,all_squash,anonuid=666,anongid=666) [admin@pe-jira wangxu]$ [admin@pe-jira wangxu]$ ansible pe -m shell -a "showmount -e 127.0.0.1" --become10.6.76.28 | CHANGED | rc=0 >> Export list for 127.0.0.1: /tmp (everyone) [admin@pe-jira wangxu]$ ansible test -m yum -a 'name=httpd state=installed' --become 10.6.76.24 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "msg": "", "rc": 0, "results": [ "httpd-2.4.6-90.el7.centos.x86_64 providing httpd is already installed" ] } [admin@pe-jira wangxu]$ ansible test -m shell -a "tail -1 /etc/fstab" 10.6.76.24 | CHANGED | rc=0 >> 10.6.76.28:/data /var/www/html nfs defaults 0 0 10.6.76.26 | CHANGED | rc=0 >> 10.6.76.28:/data /var/www/html nfs defaults 0 0 10.6.76.23 | CHANGED | rc=0 >> 10.6.76.28:/data /var/www/html nfs defaults 0 0 10.6.76.25 | CHANGED | rc=0 >> 10.6.76.28:/data /var/www/html nfs defaults 0 0 [admin@pe-jira wangxu]$ ansible test -m shell -a "df -h | grep /var/www/html" --become 10.6.76.26 | CHANGED | rc=0 >> 10.6.76.28:/data 270G 100G 171G 38% /var/www/html 10.6.76.25 | CHANGED | rc=0 >> 10.6.76.28:/data 270G 100G 171G 38% /var/www/html 10.6.76.24 | CHANGED | rc=0 >> 10.6.76.28:/data 270G 100G 171G 38% /var/www/html 10.6.76.23 | CHANGED | rc=0 >> 10.6.76.28:/data 270G 100G 171G 38% /var/www/html [admin@pe-jira wangxu]$ [admin@pe-jira wangxu]$ ansible test -m mount -a "src=10.6.76.28:/data path=/var/www/html fstype=nfs state=mounted" 10.6.76.26 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "dump": "0", "fstab": "/etc/fstab", "fstype": "nfs", "name": "/var/www/html", "opts": "defaults", "passno": "0", "src": "10.6.76.28:/data" }
13 cron定时任务
day= #日应该运行的工作( 1-31, , /2, ) hour= # 小时 ( 0-23, , /2, ) minute= #分钟( 0-59, , /2, ) month= # 月( 1-12, *, /2, ) weekday= # 周 ( 0-6 for Sunday-Saturday,, ) job= #指明运行的命令是什么 name= #定时任务描述 reboot # 任务在重启时运行,不建议使用,建议使用special_time special_time #特殊的时间范围,参数:reboot(重启时),annually(每年),monthly(每月),weekly(每周),daily(每天),hourly(每小时) state #指定状态,present表示添加定时任务,也是默认设置,absent表示删除定时任务 user # 以哪个用户的身份执行
#添加
cat /home/admin/wangxu/scripts/test.sh #!/bin/bash echo "ansible cron test-------------------" ansible pe -m copy -a "src=/home/admin/wangxu/scripts/test.sh dest=/tmp/test.sh mode=777" [admin@pe-jira ~]$ ansible pe -m cron -a "name=test minute=* hour=* day=* month=* weekday=* job='/bin/bash /tmp/test.sh &>/dev/null'" 10.6.76.28 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "envs": [], "jobs": [ "test" ] } [admin@pe-jira ~]$ ansible pe -m shell -a "crontab -l" 10.6.76.28 | CHANGED | rc=0 >> #####wangxu 2018-08-04##### 01 * * * * /bin/bash /home/admin/scripts/data_bak.sh >> /dev/null 00 01 * * * /bin/bash /home/admin/scripts/del_data.sh >> /dev/null 0 2 * * * sudo /usr/bin/gitlab-rake gitlab:backup:create #Ansible: test * * * * * /bin/bash /tmp/test.sh &>/dev/null [admin@pe-jira ~]$
#注释
[admin@pe-jira ~]$ ansible pe -m cron -a "name=test minute=* hour=* day=* month=* weekday=* job='/bin/bash /tmp/test.sh &>/dev/null' disabled=yes" 10.6.76.28 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "envs": [], "jobs": [ "test" ] } [admin@pe-jira ~]$ ansible pe -m shell -a "crontab -l" 10.6.76.28 | CHANGED | rc=0 >> #####wangxu 2018-08-04##### 01 * * * * /bin/bash /home/admin/scripts/data_bak.sh >> /dev/null 00 01 * * * /bin/bash /home/admin/scripts/del_data.sh >> /dev/null 0 2 * * * sudo /usr/bin/gitlab-rake gitlab:backup:create #Ansible: test #* * * * * /bin/bash /tmp/test.sh &>/dev/null [admin@pe-jira ~]$
#删除
[admin@pe-jira ~]$ ansible pe -m cron -a "name=test minute=* hour=* day=* month=* weekday=* job='/bin/bash /tmp/test.sh &>/dev/null'state=absent " 10.6.76.28 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "envs": [], "jobs": [] } [admin@pe-jira ~]$ ansible pe -m shell -a "crontab -l"10.6.76.28 | CHANGED | rc=0 >> #####wangxu 2018-08-04##### 01 * * * * /bin/bash /home/admin/scripts/data_bak.sh >> /dev/null 00 01 * * * /bin/bash /home/admin/scripts/del_data.sh >> /dev/null 0 2 * * * sudo /usr/bin/gitlab-rake gitlab:backup:create [admin@pe-jira ~]$