Ansible(4):常用模块

Ansible(4):常用模块

1 常用模块

command                     执行shell命令(不支持管道等特殊字符)
shell                       执行shell命令
scripts                     执行shell脚本
yum_repository              配置yum仓库
get_url                     联网下载       
yum                         安装         
copy                        配置         
service、systemd            启动           
user、group                 创建用户与组   
file                        授权          
crond                       定时任务       
mount                       挂载          
firewalld                   firewall
selinux                     selinux

 

2  ansible-doc模块帮助手册

ansible-doc -l   查看所有模块说明 
ansible-doc copy     表示查看指定模块说明 
ansible-doc -s copy 表示指定模块的参数 

3 command模块 默认执行bash命令,不支持重定向或管道

[admin@pe-jira ~]$ ansible ris -m command -a 'uptime'
10.6.75.171 | CHANGED | rc=0 >>
 19:48:47 up 679 days, 21:37,  1 user,  load average: 0.00, 0.01, 0.05

10.6.75.172 | CHANGED | rc=0 >>
 19:48:47 up 679 days, 21:37,  1 user,  load average: 0.03, 0.03, 0.05

 

4  shell模块,bash命令模块,支持管道不支持别名

[admin@pe-jira ~]$ ansible ris -m command -a 'df -h| grep centos-root'
10.6.75.171 | FAILED | rc=1 >>
df:无效选项 -- |
Try 'df --help' for more information.non-zero return code

10.6.75.172 | FAILED | rc=1 >>
df:无效选项 -- |
Try 'df --help' for more information.non-zero return code

[admin@pe-jira ~]$ ansible ris -m shell -a 'df -h| grep centos-root'
10.6.75.171 | CHANGED | rc=0 >>
/dev/mapper/centos-root  120G   18G  103G   15% /

10.6.75.172 | CHANGED | rc=0 >>
/dev/mapper/centos-root  120G   19G  102G   16% /

[admin@pe-jira ~]$

 

5 script脚本模块


[admin@pe-jira ~]$ cat /tmp/1.sh
#!/bin/bash
ip=`/usr/sbin/ifconfig eth0| grep inet| grep netmask| awk -F '[ ]+' '{print $3}'`
echo "主机IP是:$ip"
[admin@pe-jira ~]$ ansible ris -m script -a '/tmp/1.sh'
10.6.75.171 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 10.6.75.171 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 10.6.75.171 closed."
    ],
    "stdout": "主机IP是:10.6.75.171\r\n",
    "stdout_lines": [
        "主机IP是:10.6.75.171"
    ]
}
10.6.75.172 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 10.6.75.172 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 10.6.75.172 closed."
    ],
    "stdout": "主机IP是:10.6.75.172\r\n",
    "stdout_lines": [
        "主机IP是:10.6.75.172"
    ]
}

 

 

6 yum安装软件模块

常用参数

常用参数
name=  --所安装的包的名称
state=  --指定使用yum方法
installed /present  --->安装
latest             --->安装最新的,
remove/absent     ---> 卸载软件。
update_cache  #强制更新yum的缓存
conf_file  #指定远程yum安装时所依赖的配置文件(安装本地已有的包)。
disable_pgp_check  #是否禁止GPG checking,只用于presentor latest。
disablerepo  #临时禁止使用yum库。 只用于安装或更新时。
enablerepo  #临时使用的yum库。只用于安装或更新时。

 

Yum 需要root权限  用户密码或者--become

[admin@pe-jira ~]$ sudo vim /etc/ansible/hosts
[test]
10.6.76.23  ansible_ssh_user=root ansible_ssh_pass=123456
10.6.76.24  ansible_ssh_user=root ansible_ssh_pass=123456
10.6.76.25  ansible_ssh_user=root ansible_ssh_pass=123456
10.6.76.26  ansible_ssh_user=root ansible_ssh_pass=123456



[admin@pe-jira ~]$ ansible test -m yum  -a "name=httpd state=installed"
10.6.76.26 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "httpd-2.4.6-89.el7.centos.x86_64 providing httpd is already installed"
    ]
}
10.6.76.24 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "httpd-2.4.6-90.el7.centos.x86_64 providing httpd is already installed"
    ]
}
10.6.76.23 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "httpd-2.4.6-90.el7.centos.x86_64 providing httpd is already installed"
    ]
}
10.6.76.25 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "httpd-2.4.6-89.el7.centos.1.x86_64 providing httpd is already installed"
    ]
}

[admin@pe-jira ~]$ ansible test -m shell -a 'rpm -qa | grep httpd'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'.  If you need to use command because yum, dnf or
zypper is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of
this message.

10.6.76.24 | CHANGED | rc=0 >>
httpd-tools-2.4.6-90.el7.centos.x86_64
httpd-2.4.6-90.el7.centos.x86_64

10.6.76.23 | CHANGED | rc=0 >>
httpd-2.4.6-90.el7.centos.x86_64
httpd-tools-2.4.6-90.el7.centos.x86_64

10.6.76.26 | CHANGED | rc=0 >>
httpd-tools-2.4.6-89.el7.centos.x86_64
httpd-2.4.6-89.el7.centos.x86_64

10.6.76.25 | CHANGED | rc=0 >>
httpd-2.4.6-89.el7.centos.1.x86_64
httpd-tools-2.4.6-89.el7.centos.1.x86_64

 

 

7  copy文件拷贝模块

常用参数

src    #被复制到远程主机的本地文件。可以是绝对路径,也可以是相对路径。如果路径是一个目录,则会递归复制,用法类似于"rsync"
content    直接在批量的被管理端文件中追加内容
dest    #必选项,将源文件复制到的远程主机的绝对路径
backup   #当文件内容发生改变后,在覆盖之前把源文件备份,备份文件包含时间信息
directory_mode    #递归设定目录的权限,默认为系统默认权限
force    #当目标主机包含该文件,但内容不同时,设为"yes",表示强制覆盖;设为"no",表示目标主机的目标位置不存在该文件才复制。默认为"yes"
others    #所有的 file 模块中的选项可以在这里使用
group  本地文件推送到远端,指定文件属组
owner    本地文件推送到远端,指定文件属主
mode    本地文件推送到远端,指定文件权限信息

 

#1.拷贝文件文件至被控节点

ansible test -m copy -a 'src=/etc/hosts dest=/tmp/test.txt'

[admin@pe-jira ~]$ ansible test -m shell -a "ls /tmp/test.txt -l"
10.6.76.26 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 776 2月  17 20:26 /tmp/test.txt

10.6.76.25 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 776 2月  17 20:26 /tmp/test.txt

10.6.76.23 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 776 2月  17 20:26 /tmp/test.txt

10.6.76.24 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 776 2月  17 20:26 /tmp/test.txt

 

 

#2.对远端已有文件进行备份,首先是文件有变化,按照时间信息备份

[admin@pe-jira ~]$ ansible test -m copy -a 'src=./iplist dest=/tmp/test.txt backup=yes'

[admin@pe-jira ~]$ ansible test -m shell -a "ls /tmp/test.txt* -l"
10.6.76.26 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 355 2月  17 20:29 /tmp/test.txt
-rw-r--r--. 1 root root 776 2月  17 20:26 /tmp/test.txt.14602.2020-02-17@20:29:50~

10.6.76.25 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 355 2月  17 20:29 /tmp/test.txt
-rw-r--r--. 1 root root 776 2月  17 20:26 /tmp/test.txt.29477.2020-02-17@20:29:50~

10.6.76.23 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 355 2月  17 20:29 /tmp/test.txt
-rw-r--r--. 1 root root 776 2月  17 20:26 /tmp/test.txt.28496.2020-02-17@20:29:50~

10.6.76.24 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 355 2月  17 20:29 /tmp/test.txt
-rw-r--r--. 1 root root 776 2月  17 20:26 /tmp/test.txt.1734.2020-02-17@20:29:50~

[admin@pe-jira ~]$

 

#3.向被控端主机写入数据,并且会覆盖远端文件内原有数据信息

[admin@pe-jira ~]$ ansible test -m copy -a "content='ansible-test' dest=/tmp/test.txt"
[admin@pe-jira ~]$ ansible test -m shell -a "ls /tmp/test.txt* -l"
10.6.76.26 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root  12 2月  17 20:31 /tmp/test.txt
-rw-r--r--. 1 root root 776 2月  17 20:26 /tmp/test.txt.14602.2020-02-17@20:29:50~

10.6.76.23 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root  12 2月  17 20:31 /tmp/test.txt
-rw-r--r--. 1 root root 776 2月  17 20:26 /tmp/test.txt.28496.2020-02-17@20:29:50~

10.6.76.24 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root  12 2月  17 20:31 /tmp/test.txt
-rw-r--r--. 1 root root 776 2月  17 20:26 /tmp/test.txt.1734.2020-02-17@20:29:50~

10.6.76.25 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root  12 2月  17 20:31 /tmp/test.txt
-rw-r--r--. 1 root root 776 2月  17 20:26 /tmp/test.txt.29477.2020-02-17@20:29:50~

[admin@pe-jira ~]$ ansible test -m shell -a "cat  /tmp/test.txt"
10.6.76.26 | CHANGED | rc=0 >>
ansible-test

10.6.76.24 | CHANGED | rc=0 >>
ansible-test

10.6.76.25 | CHANGED | rc=0 >>
ansible-test

10.6.76.23 | CHANGED | rc=0 >>
ansible-test

 

 

#4对被控制端文件设置文件属组和属性

[admin@pe-jira ~]$ ansible test -m copy -a 'src=./iplist dest=/tmp/test.txt2 backup=yes owner=root group=root mode=777'
[admin@pe-jira ~]$ ansible test -m shell -a "ls -l  /tmp/test.txt2"
10.6.76.26 | CHANGED | rc=0 >>
-rwxrwxrwx. 1 root root 355 2月  17 20:41 /tmp/test.txt2

10.6.76.24 | CHANGED | rc=0 >>
-rwxrwxrwx. 1 root root 355 2月  17 20:41 /tmp/test.txt2

10.6.76.25 | CHANGED | rc=0 >>
-rwxrwxrwx. 1 root root 355 2月  17 20:41 /tmp/test.txt2

10.6.76.23 | CHANGED | rc=0 >>
-rwxrwxrwx. 1 root root 355 2月  17 20:41 /tmp/test.txt2

[admin@pe-jira ~]$

[admin@pe-jira ~]$ ansible test -m copy -a 'src=./iplist dest=/tmp/test.txt2 backup=yes owner=admin group=admin mode=700'
[admin@pe-jira ~]$ ansible test -m shell -a "ls -l  /tmp/test.txt2"
10.6.76.26 | CHANGED | rc=0 >>
-rwx------. 1 admin admin 355 2月  17 20:41 /tmp/test.txt2

10.6.76.24 | CHANGED | rc=0 >>
-rwx------. 1 admin admin 355 2月  17 20:41 /tmp/test.txt2

10.6.76.25 | CHANGED | rc=0 >>
-rwx------. 1 admin admin 355 2月  17 20:41 /tmp/test.txt2

10.6.76.23 | CHANGED | rc=0 >>
-rwx------. 1 admin admin 355 2月  17 20:41 /tmp/test.txt2

[admin@pe-jira ~]$

 


 

8 service服务状态模块

name    #定义要启动的服务名称
state    #指定服务状态是停止或者运行。停止和启动指令要写成过去时
    started    --启动
    stoped    --停止
    restarted    --重启
    reloaded    --重载
enabled    #是否设置自启动
    yes --是
    no  --sleep  #在重启服务的过程中,是否等待。如在服务关闭以后等待2秒再启动。(定义在剧本中。)

 

 

#1开启服务并设置自启动

[admin@pe-jira ~]$ ansible test -m shell -a "ps -ef | grep httpd| grep -v grep"
10.6.76.24 | FAILED | rc=1 >>
non-zero return code

10.6.76.26 | FAILED | rc=1 >>
non-zero return code

10.6.76.25 | CHANGED | rc=0 >>
root      1432     1  0 1月11 ?       00:03:14 /usr/sbin/httpd -DFOREGROUND
apache    9689  1432  0 2月16 ?       00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    9690  1432  0 2月16 ?       00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    9691  1432  0 2月16 ?       00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    9692  1432  0 2月16 ?       00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    9694  1432  0 2月16 ?       00:00:00 /usr/sbin/httpd -DFOREGROUND

10.6.76.23 | FAILED | rc=1 >>
non-zero return code

[admin@pe-jira ~]$ ansible test -m service -a "name=httpd state=started enabled=yes"
[admin@pe-jira ~]$ ansible test -m shell -a "systemctl status httpd"
10.6.76.24 | FAILED | rc=3 >>
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:httpd(8)
           man:apachectl(8)non-zero return code

10.6.76.23 | FAILED | rc=3 >>
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:httpd(8)
           man:apachectl(8)non-zero return code

10.6.76.26 | FAILED | rc=3 >>
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 二 2019-11-05 15:49:32 CST; 3 months 12 days ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 4851 (code=exited, status=1/FAILURE)

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.non-zero return code

10.6.76.25 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since 六 2020-01-11 20:43:38 CST; 1 months 6 days ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 9636 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
 Main PID: 1432 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
    Tasks: 6
   Memory: 42.5M
   CGroup: /system.slice/httpd.service
           ├─1432 /usr/sbin/httpd -DFOREGROUND
           ├─9689 /usr/sbin/httpd -DFOREGROUND
           ├─9690 /usr/sbin/httpd -DFOREGROUND
           ├─9691 /usr/sbin/httpd -DFOREGROUND
           ├─9692 /usr/sbin/httpd -DFOREGROUND
           └─9694 /usr/sbin/httpd -DFOREGROUND

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

[admin@pe-jira ~]$ ansible test -m service -a "name=httpd state=started enabled=yes"
….

[admin@pe-jira ~]$ ansible test -m shell -a "systemctl status httpd|grep enable"
10.6.76.26 | CHANGED | rc=0 >>
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)

10.6.76.24 | CHANGED | rc=0 >>
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)

10.6.76.25 | CHANGED | rc=0 >>
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)

10.6.76.23 | CHANGED | rc=0 >>
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)

[admin@pe-jira ~]$

 

 

 

#2修改一下首页

[admin@pe-jira ~]$ curl -s  10.6.76.23| grep "Apache HTTP server"
                <p class="lead">This page is used to test the proper operation of the <a href="http://apache.org">Apache HTTP server</a> after it has been installed. If you can read this page it means that this site is working properly. This server is powered by <ahref="http://centos.org">CentOS</a>.</p>
[admin@pe-jira ~]$
[admin@pe-jira ~]$ ansible test -m copy -a "content='test-------' dest=/var/www/html/index.html"
[admin@pe-jira ~]$ ansible test -m shell -a "cat /var/www/html/index.html"
10.6.76.26 | CHANGED | rc=0 >>
test-------

10.6.76.24 | CHANGED | rc=0 >>
test-------

10.6.76.25 | CHANGED | rc=0 >>
test-------

10.6.76.23 | CHANGED | rc=0 >>
test-------

[admin@pe-jira ~]$ curl -s  10.6.76.23
test-------[admin@pe-jira ~]$ curl -s  10.6.76.24
test-------[admin@pe-jira ~]$
[admin@pe-jira ~]$

 

 

9 group 添加或删除组

常用的选项如下:

gid=  #设置组的GID号
name=  #指定组的名称
state=  #指定组的状态,默认为创建,设置值为absent为删除
system=  #设置值为yes,表示创建为系统组

 

 

#1创建组

[admin@pe-jira ~]$ ansible test -m group -a 'name=wx gid=2222'
10.6.76.26 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "gid": 2222,
    "name": "wx",
    "state": "present",
    "system": false
}
10.6.76.24 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "gid": 2222,
    "name": "wx",
    "state": "present",
    "system": false
}
…

[admin@pe-jira ~]$ ansible test -m shell  -a   "cat /etc/group|grep 2222"
10.6.76.24 | CHANGED | rc=0 >>
wx:x:2222:

10.6.76.26 | CHANGED | rc=0 >>
wx:x:2222:

10.6.76.23 | CHANGED | rc=0 >>
wx:x:2222:

10.6.76.25 | CHANGED | rc=0 >>
wx:x:2222:

[admin@pe-jira ~]$

 

 

#2删除组

[admin@pe-jira ~]$ ansible test -m group -a 'name=wx state=absent'
10.6.76.26 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "name": "wx",
    "state": "absent"
}
10.6.76.24 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "name": "wx",
"state": "absent"
…….

 

 

10 User模块管理用户账号

 

其主要选项如下:

comment  # 用户的描述信息
createhome  # 是否创建家目录
force  # 在使用state=absent时, 行为与userdel –force一致.
group  # 指定基本组
groups  # 指定附加组,如果指定为(groups=)表示删除所有组
home  # 指定用户家目录
move_home  # 如果设置为home=时, 试图将用户主目录移动到指定的目录
name       # 指定用户名
non_unique  # 该选项允许改变非唯一的用户ID值
password  # 指定用户密码,你们使用明文,需要openssl加密后的密码
remove  # 在使用state=absent时, 行为是与userdel –remove一致
shell  # 指定默认shell
state  # 设置帐号状态,不指定为创建,指定值为absent表示删除
system  # 当创建一个用户,设置这个用户是系统用户。这个设置不能更改现有用户
uid  # 指定用户的uid

 

 

#1添加一个用户并指定其 uid

[admin@pe-jira ~]$ ansible test -m user -a 'name=wx uid=1111'
10.6.76.24 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "comment": "",
    "create_home": true,
    "group": 1111,
    "home": "/home/wx",
    "name": "wx",
    "shell": "/bin/bash",
    "state": "present",
    "system": false,
    "uid": 1111
}
10.6.76.23 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "comment": "",
    "create_home": true,
    "group": 1111,
    "home": "/home/wx",
    "name": "wx",
    "shell": "/bin/bash",
    "state": "present",
    "system": false,
    "uid": 1111
}
10.6.76.25 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "comment": "",
    "create_home": true,
    "group": 1111,
    "home": "/home/wx",
    "name": "wx",
    "shell": "/bin/bash",
    "state": "present",
    "system": false,
    "uid": 1111
}

[admin@pe-jira ~]$ ansible test -m shell  -a   "cat /etc/passwd|grep 1111"
10.6.76.23 | CHANGED | rc=0 >>
wx:x:1111:1111::/home/wx:/bin/bash

10.6.76.24 | CHANGED | rc=0 >>
wx:x:1111:1111::/home/wx:/bin/bash

 

#2删除用户

[admin@pe-jira ~]$ ansible test -m user -a 'name=wx state=absent'
10.6.76.24 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "force": false,
    "name": "wx",
    "remove": false,
    "state": "absent"
}
10.6.76.23 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "force": false,
    "name": "wx",
    "remove": false,
    "state": "absent"
}

[admin@pe-jira ~]$ ansible test -m shell  -a   "cat /etc/passwd|grep 1111"
10.6.76.23 | FAILED | rc=1 >>
non-zero return code

10.6.76.24 | FAILED | rc=1 >>
non-zero return code

 

#3增加用户wx3,设置密码123

需要安装openssl密码加密值,最好双引号

[admin@pe-jira ~]$ echo "123" | openssl passwd -1 -stdin
$1$N40DQDfq$EvmD58Rn0OwvfsnFcezxc.
[admin@pe-jira ~]$
[admin@pe-jira ~]$ ansible test -m user -a 'name=wx3 uid=60000 group=wx password=$1$N40DQDfq$EvmD58Rn0OwvfsnFcezxc. '
10.6.76.24 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "append": false,
    "changed": true,
    "comment": "",
    "group": 1111,
    "home": "/home/wx3",
    "move_home": false,
    "name": "wx3",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/bash",
    "state": "present",
    "uid": 60000
}

[admin@pe-jira ~]$ ssh wx3@10.6.76.26
wx3@10.6.76.26's password:
Last login: Tue Feb 18 21:19:04 2020 from 10.6.76.27
[wx3@k8s-master ~]$

 

 

#4增加用户wx2,不让登陆,不创建家目录

[admin@pe-jira ~]$ ansible test -m user -a "name=wx2 uid=555 group=wx2 shell=/sbin/nologin create_home=no"
10.6.76.24 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "append": false,
    "changed": true,
    "comment": "",
    "group": 1112,
    "home": "/home/wx2",
    "move_home": false,
    "name": "wx2",
    "shell": "/sbin/nologin",
    "state": "present",
    "uid": 555
}

 

 

 

11 file模块设置文件属性

该模块主要用于设置文件的属性,比如创建文件、创建链接文件、删除文件等。

下面是一些常见的命令:

 

src        源文件路径
force  #需要在两种情况下强制创建软链接,一种是源文件不存在,但之后会建立的情况下;另一种是目标软链接已存在,需要先取消之前的软链,然后创建新的软链,有两个选项:yes|no
group  #定义文件/目录的属组。后面可以加上mode:定义文件/目录的权限
owner  #定义文件/目录的属主。后面必须跟上path:定义文件/目录的路径
recurse  #递归设置文件的属性,只对目录有效,后面跟上src:被链接的源文件路径,只应用于state=link的情况recurse=yes
dest  #被链接到的路径,只应用于state=link的情况
state  #状态,有以下选项:
directory:如果目录不存在,就创建目录
file:即使文件不存在,也不会被创建
link:创建软链接
hard:创建硬链接
touch:如果文件不存在,则会创建一个新的文件,如果文件或目录已存在,则更新其最后修改时间
absent:删除目录、文件或者取消链接文件

 

 

#1创建目录/data,属主666,属组666

[admin@pe-jira ~]$ ansible test -m file -a 'path=/data owner=666 group=666 recurse=yes state=directory'
10.6.76.23 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "gid": 666,
    "group": "666",
    "mode": "0755",
    "owner": "666",
    "path": "/data",
    "secontext": "system_u:object_r:default_t:s0",
    "size": 6,
    "state": "directory",
    "uid": 666
}

 

#2创建文件/tmp/ansible-test,权限600

[admin@pe-jira ~]$ ansible test -m file -a 'path=/tmp/ansible-test state=touch mode=600'
10.6.76.24 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "dest": "/tmp/ansible-test",
    "gid": 0,
    "group": "root",
    "mode": "0600",
    "owner": "root",
    "secontext": "system_u:object_r:user_tmp_t:s0",
    "size": 0,
    "state": "file",
    "uid": 0
}
[admin@pe-jira ~]$ ansible test -m shell -a "ls -l  /tmp/ansible-test "
10.6.76.24 | CHANGED | rc=0 >>
-rw-------. 1 root root 0 2月  18 22:30 /tmp/ansible-test

 

#3远端文件设置软连接

[admin@pe-jira ~]$ ansible test -m file -a "src=/etc/hosts path=/tmp/hosts state=link"
10.6.76.24 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "dest": "/tmp/hosts",
    "gid": 0,
    "group": "root",
    "mode": "0777",
    "owner": "root",
    "secontext": "system_u:object_r:user_tmp_t:s0",
    "size": 10,
    "src": "/etc/hosts",
    "state": "link",
    "uid": 0
}

[admin@pe-jira ~]$ ansible test -m shell -a "ls /tmp/hosts -l"
10.6.76.26 | CHANGED | rc=0 >>
lrwxrwxrwx. 1 root root 10 2月  18 22:36 /tmp/hosts -> /etc/hosts

 

12 mount挂载模块

常用参数

 

path        挂载点
src        需要挂载的设置
fstype    挂在社保的文件系统
        iso9660光驱
        ext4
        xfs
        nfs
        cifs samba 共享文件系统
        ntfs windows磁盘文件系统

opts        挂载属性
        noatime
        noexec
        nosuid

 state    挂载动作
        absent        会进行卸载,也会修改fstab文件信息
        unmounted    会进行卸载,不会修改fstab文件
        present        不会挂载,只会修改fstab文件
        mounted        会进行挂载,会修改fstab文件

 


 

 

#1 通过nfs实现文件共享

1    安装nfs
  ansible pe -m yum -a 'name=nfs-utils state=installed'  --become
2    启动服务
  ansible pe -m service  -a "name=nfs state=started"  --become
3    修改配置文件 #直接追加内容,或者写好文件推送过去
  ansible pe -m copy -a "content='/data 10.6.76.0/24 (rw,sync,all_squash,anonuid=666,anongid=666)' dest=/etc/exports  owner=root group=root" --become

4    创建目录,用户,修改所属
5    重载配置文件
    ansible pe -m service  -a "name=nfs state=restarted"  --become
6    在web端安装http
   ansible test -m yum -a 'name=httpd state=installed'  --become

 

 

 

[admin@pe-jira ~]$ ansible pe -m yum -a 'name=nfs-utils state=installed'  --become
10.6.76.28 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "1:nfs-utils-1.3.0-0.65.el7.x86_64 providing nfs-utils is already installed"
    ]
}
[admin@pe-jira ~]$ ansible pe -m service  -a "name=nfs state=started"  --become
10.6.76.28 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "name": "nfs",
    "state": "started",
    "status": {
        "ActiveEnterTimestampMonotonic": "0",
        "ActiveExitTimestampMonotonic": "0",
        "ActiveState": "inactive",
….

[admin@pe-jira wangxu]$ vim conf/exports
[admin@pe-jira wangxu]$ pwd
/home/admin/wangxu
[admin@pe-jira wangxu]$ cat conf/exports
/data 10.6.76.0/24 (rw,sync,all_squash,anonuid=666,anongid=666)
[admin@pe-jira wangxu]$ pwd
/home/admin/wangxu
[admin@pe-jira wangxu]$ ansible pe -m copy -a "src=/home/admin/wangxu/conf/exports dest=/etc/ owner=root group=root" --become
10.6.76.28 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "checksum": "ce544fe760fc1cf43c3ac983f96491edaeaa1beb",
    "dest": "/etc/exports",
    "gid": 0,
    "group": "root",
    "md5sum": "64980eaab155114f7b20416525be88e2",
    "mode": "0644",
    "owner": "root",
    "size": 64,
    "src": "/home/admin/.ansible/tmp/ansible-tmp-1582046929.84-41104357188626/source",
    "state": "file",
    "uid": 0
}

[admin@pe-jira wangxu]$ ansible pe -m copy -a "content='/data 10.6.76.0/24 (rw,sync,all_squash,anonuid=666,anongid=666)' dest=/etc/exports  owner=root group=root" --become
10.6.76.28 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "checksum": "8826385613938c7796571e93326dc544443cadab",
    "dest": "/etc/exports",
    "gid": 0,
    "group": "root",
    "md5sum": "be4bed9c94dbee88efddf1b1189273d1",
    "mode": "0644",
    "owner": "root",
    "size": 63,
    "src": "/home/admin/.ansible/tmp/ansible-tmp-1582047210.81-244412409761131/source",
    "state": "file",
    "uid": 0
}
[admin@pe-jira wangxu]$ ansible pe  -m shell -a "cat /etc/exports"
10.6.76.28 | CHANGED | rc=0 >>
/data 10.6.76.0/24 (rw,sync,all_squash,anonuid=666,anongid=666)

[admin@pe-jira wangxu]$
[admin@pe-jira wangxu]$ ansible pe  -m shell -a "showmount -e 127.0.0.1"  --become10.6.76.28 | CHANGED | rc=0 >>
Export list for 127.0.0.1:
/tmp (everyone)

[admin@pe-jira wangxu]$ ansible test -m yum -a 'name=httpd state=installed'  --become
10.6.76.24 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "httpd-2.4.6-90.el7.centos.x86_64 providing httpd is already installed"
    ]
}


[admin@pe-jira wangxu]$ ansible test -m shell -a "tail -1 /etc/fstab"
10.6.76.24 | CHANGED | rc=0 >>
10.6.76.28:/data /var/www/html nfs defaults 0 0

10.6.76.26 | CHANGED | rc=0 >>
10.6.76.28:/data /var/www/html nfs defaults 0 0

10.6.76.23 | CHANGED | rc=0 >>
10.6.76.28:/data /var/www/html nfs defaults 0 0

10.6.76.25 | CHANGED | rc=0 >>
10.6.76.28:/data /var/www/html nfs defaults 0 0


[admin@pe-jira wangxu]$ ansible test -m shell -a "df -h | grep /var/www/html" --become
10.6.76.26 | CHANGED | rc=0 >>
10.6.76.28:/data         270G  100G  171G   38% /var/www/html

10.6.76.25 | CHANGED | rc=0 >>
10.6.76.28:/data                             270G  100G  171G   38% /var/www/html

10.6.76.24 | CHANGED | rc=0 >>
10.6.76.28:/data             270G  100G  171G   38% /var/www/html

10.6.76.23 | CHANGED | rc=0 >>
10.6.76.28:/data                                                                                                                   270G  100G  171G   38% /var/www/html

[admin@pe-jira wangxu]$




[admin@pe-jira wangxu]$ ansible test -m mount -a "src=10.6.76.28:/data path=/var/www/html fstype=nfs state=mounted"
10.6.76.26 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "dump": "0",
    "fstab": "/etc/fstab",
    "fstype": "nfs",
    "name": "/var/www/html",
    "opts": "defaults",
    "passno": "0",
    "src": "10.6.76.28:/data"
}

 

 

13  cron定时任务

 

day= #日应该运行的工作( 1-31, , /2, )
hour= # 小时 ( 0-23, , /2, )
minute= #分钟( 0-59, , /2, )
month= # 月( 1-12, *, /2, )
weekday= # 周 ( 0-6 for Sunday-Saturday,, )
job= #指明运行的命令是什么
name= #定时任务描述
reboot # 任务在重启时运行,不建议使用,建议使用special_time
special_time #特殊的时间范围,参数:reboot(重启时),annually(每年),monthly(每月),weekly(每周),daily(每天),hourly(每小时)
state #指定状态,present表示添加定时任务,也是默认设置,absent表示删除定时任务
user # 以哪个用户的身份执行

 

#添加

cat /home/admin/wangxu/scripts/test.sh
#!/bin/bash
echo "ansible cron test-------------------"

ansible pe -m copy -a "src=/home/admin/wangxu/scripts/test.sh dest=/tmp/test.sh mode=777"

[admin@pe-jira ~]$ ansible pe -m cron -a "name=test minute=* hour=* day=* month=* weekday=* job='/bin/bash /tmp/test.sh &>/dev/null'"
10.6.76.28 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "envs": [],
    "jobs": [
        "test"
    ]
}
[admin@pe-jira ~]$ ansible pe -m shell -a "crontab -l"
10.6.76.28 | CHANGED | rc=0 >>
#####wangxu 2018-08-04#####
01 * * * *  /bin/bash /home/admin/scripts/data_bak.sh >> /dev/null
00 01 * * *  /bin/bash /home/admin/scripts/del_data.sh >> /dev/null
0 2 * * * sudo /usr/bin/gitlab-rake gitlab:backup:create
#Ansible: test
* * * * * /bin/bash /tmp/test.sh &>/dev/null

[admin@pe-jira ~]$

 

 

#注释

[admin@pe-jira ~]$ ansible pe -m cron -a "name=test minute=* hour=* day=* month=* weekday=* job='/bin/bash /tmp/test.sh &>/dev/null' disabled=yes"
10.6.76.28 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "envs": [],
    "jobs": [
        "test"
    ]
}
[admin@pe-jira ~]$ ansible pe -m shell -a "crontab -l"
10.6.76.28 | CHANGED | rc=0 >>
#####wangxu 2018-08-04#####
01 * * * *  /bin/bash /home/admin/scripts/data_bak.sh >> /dev/null
00 01 * * *  /bin/bash /home/admin/scripts/del_data.sh >> /dev/null
0 2 * * * sudo /usr/bin/gitlab-rake gitlab:backup:create
#Ansible: test
#* * * * * /bin/bash /tmp/test.sh &>/dev/null

[admin@pe-jira ~]$

 

 

#删除

[admin@pe-jira ~]$ ansible pe -m cron -a "name=test minute=* hour=* day=* month=* weekday=* job='/bin/bash /tmp/test.sh &>/dev/null'state=absent "
10.6.76.28 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "envs": [],
    "jobs": []
}
[admin@pe-jira ~]$ ansible pe -m shell -a "crontab -l"10.6.76.28 | CHANGED | rc=0 >>
#####wangxu 2018-08-04#####
01 * * * *  /bin/bash /home/admin/scripts/data_bak.sh >> /dev/null
00 01 * * *  /bin/bash /home/admin/scripts/del_data.sh >> /dev/null
0 2 * * * sudo /usr/bin/gitlab-rake gitlab:backup:create

[admin@pe-jira ~]$

 

posted on 2020-02-19 20:52  光阴8023  阅读(388)  评论(0编辑  收藏  举报