ansible 常用模块操作
文章目录
-
- ansible 常用模块操作
-
- 一. 常用模块
- 二. Ansible命令行选项
- 三. 临时命令的操作
- 1. 使用临时命令通过模块执行任务
-
-
- 1.1. ansible 常用模块,raw,command,shell的区别
- 1.2 幂等性
- 2. 本机清单及环境
-
- 2.1 清单文件
- 2.2 环境
- 2.3 查看帮助文档命令
- 3. ping
-
- 3.1 检查指定节点机是否连接
- 4. command
-
- 4.1 command在远程主机上执行命令的模块,ansible默认是使用command模块。不支持管道符,不支持重定向
- 4.2 不支持管道符,不支持重定向
- 5. raw
-
- 5.1 raw该模块用于在远程主机上执行命令,支持管道符和重定向
- 6.shell
-
- 6.1 shell该模块用于执行受控机上的脚本,或直接执行受控机上的命令。
- 6.2 shell模块还支持管道和重定向
- 7. script
-
- 7.1 script模块用于执行控制器上的脚本
- 8. template
-
- 8.1 template该模块用于生成具有文件传输功能的模板,并可以传输到远程主机
- 9. yum/dnf
-
- 9.1 yum在指定的节点机器上使用模块yum管理软件主要支持两个参数
- 9.2 state常用的值:
- 10. copy
-
- 10.1 copy将文件复制到远程制到远程控制器。
- 11. group
-
- 11.1 group在控制器上添加或删除模块
- 12. user
-
- 12.1 user用于管理受控机用户账户的模块
- 12.2 [user设置密码](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module)
- 13. service
-
- 13.1 service用于管理受控机上的服务。
-
一. 常用模块
文件模块 | copy:将本地文件复制到受管主机file:设置文件的权限和其他属性lineinfile:确保特定行是否在文件中synchronize:使用rsync同步内容 |
软件包模块 | package:自动检测软件包管理器管理软件包yum:使用yum管理软件包apt:使用APT管理软件包dnf:使用dnf管理软件包gem:管理Ruby gempip:从PyPI管理Python软件包 |
系统模块 | firewalld:使用firewalld管理防火墙reboot:重启计算机service:管理服务user:用户、删除和管理用户账户账户 |
Net Tools模块 | get_url:通过HTTP、HTTPS或FTP下载文件nmcli:管理网络uri:与Web服务交互 |
二. Ansible命令行选项
inventory | -i |
remote_user | -u |
become | –become,-b |
become_method | –become-method |
become_user | –become-user |
become_ask_pass | –ask-become-pass、-K |
三. 临时命令的操作
- 使用临时命令可以快速执行单个命令Ansible任务不需要保存,以后再运行
- 这是一个简单的在线操作,不需要编写playbook即可运行
- 临时命令对快速测试和改变非常有用
1. 使用临时命令通过模块执行任务
1.1. ansible 常用模块,raw,command,shell的区别
- shell模块调用/bin/sh指令执行
- command不调用模块shell所以没有指令bash的环境变量
- raw很多地方和shell类似地,建议使用更多的地方shell和command但是如果使用旧版本的话。python,需要用到raw,或者客户端是路由器,因为没有安装python需要使用模块raw模块了
- 没有幂等性
1.2 幂等性
- raw,command,shell 没有等性,其他模块大部分都是幂等的,可以自动进行更改跟踪
2. 本机清单和环境
2.1 清单文件
httpd 是创建的
[root@SYL2 ~]# cd /opt/httpd/
[root@SYL2 httpd]# vim inventory
[root@SYL2 httpd]# cat inventory
[webservers]
SYL3 ansible_user=root ansible_password=run123456
[root@SYL2 httpd]# cat inventory |grep checking
[root@SYL2 httpd]# cat ansible.cfg |grep checking
# uncomment this to disable SSH key host checking
host_key_checking = False
# host key checking setting above.
[root@SYL2 httpd]#
[root@SYL2 httpd]# vim ansible.cfg
[root@SYL2 httpd]# cat ansible.cfg |grep /opt/httpd/inventory
inventory =/opt/httpd/inventory
[root@SYL2 httpd]#
识别域名
[root@SYL2 httpd]# vim /etc/hosts
[root@SYL2 httpd]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.232.128 SYL3
[root@SYL2 httpd]#
2.2 环境
控制节点(控制主机)
ip 192.168.232.129
域名 SYL2
版本 CentOS Stream release 8
受管节点(受管主机)
ip 192.168.232.128
域名 SYL3
版本 Red Hat Enterprise Linux release 8.5
2.3 查看帮助文档命令
[root@SYL2 httpd]# ansible-doc ping
3. ping
3.1 用于检查指定节点机器是否连通
[root@SYL2 httpd]# ansible all -m ping
SYL3 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@SYL2 httpd]#
4. command
4.1 command模块用于在远程主机上执行命令,ansible默认就是使用command模块。不支持管道符,不支持重定向
1.查看版本
[root@SYL2 httpd]# ansible all -m command -a 'cat /etc/redhat-release'
SYL3 | CHANGED | rc=0 >>
Red Hat Enterprise Linux release 8.5 (Ootpa)
2.查看目录
[root@SYL2 httpd]# ansible all -m command -a 'ls /tmp'
SYL3 | CHANGED | rc=0 >>
ansible_command_payload_9silzmua
vmware-root_1004-2957649132
vmware-root_1010-2957124853
vmware-root_1014-2965448048
[root@SYL2 httpd]#
[root@SYL2 httpd]# ansible all -m command -a 'ls /tmp' -o
SYL3 | CHANGED | rc=0 | (stdout) aaaa\nansible_command_payload_isdmq8ja\nmuc\nvmware-root_1004-2957649132\nvmware-root_1010-2957124853\nvmware-root_1014-2965448048
[root@SYL2 httpd]#
3.创建文件
[root@SYL2 httpd]# ansible all -m command -a 'touch /tmp/aaaa'
[WARNING]: Consider using the file module with state=touch rather than running
'touch'. If you need to use command because file is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
SYL3 | CHANGED | rc=0 >>
[root@SYL2 httpd]#
在受管主机查看
[root@SYL3 ~]# ls /tmp/
aaaa vmware-root_1010-2957124853
vmware-root_1004-2957649132 vmware-root_1014-2965448048
[root@SYL3 ~]#
4.2 不支持管道符,不支持重定向
重定向
[root@SYL2 httpd]# ansible all -m command -a 'echo aaa > /tmp/muc '
SYL3 | CHANGED | rc=0 >>
aaa > /tmp/muc
[root@SYL2 httpd]#
[root@SYL3 ~]# ls /tmp/
aaaa vmware-root_1010-2957124853
vmware-root_1004-2957649132 vmware-root_1014-2965448048
管道符
[root@SYL2 httpd]# ansible all -m command -a 'ps -ef|grep sleep'
SYL3 | FAILED | rc=1 >>
error: unsupported SysV option
Usage:
ps [options]
Try 'ps --help <simple|list|output|threads|misc|all>'
or 'ps --help <s|l|o|t|m|a>'
for additional help text.
For more details see ps(1).non-zero return code
[root@SYL2 httpd]#
5. raw
5.1 raw模块用于在远程主机上执行命令,其支持管道符与重定向
重定向
[root@SYL2 httpd]# ansible all -m raw -a 'echo 1223 > /tmp/muc'SYL3 | CHANGED | rc=0 >>
Shared connection to syl3 closed.
[root@SYL2 httpd]# ansible all -m raw -a 'echo 666 >> /tmp/muc'
SYL3 | CHANGED | rc=0 >>
Shared connection to syl3 closed.
[root@SYL2 httpd]#
[root@SYL3 ~]# ls /tmp/
aaaa vmware-root_1004-2957649132 vmware-root_1014-2965448048
muc vmware-root_1010-2957124853
[root@SYL3 ~]# ls /tmp/muc
/tmp/muc
[root@SYL3 ~]# cat /tmp/muc
1223
[root@SYL3 ~]# cat /tmp/muc
1223
666
[root@SYL3 ~]#
管道符
[root@SYL2 httpd]# ansible all -m raw -a 'ps -ef|grep sleep'SYL3 | CHANGED | rc=0 >>
root 724913 1670 0 15:16 pts/0 00:00:00 sleep 500
root 724940 1669 0 15:16 ? 00:00:00 bash -c export LANG="en_US";export LANGUAGE="en_US";export LC_ALL="en_US";free;echo finalshell_separator;uptime;echo finalshell_separator;cat /proc/net/dev;echo finalshell_separator;df;echo finalshell_separator;sleep 1;free;echo finalshell_separator;uptime;echo finalshell_separator;cat /proc/net/dev;echo finalshell_separator;df;echo finalshell_separator;
root 724957 724940 0 15:16 ? 00:00:00 sleep 1
root 724999 720210 0 15:16 pts/2 00:00:00 bash -c ps -ef|grep sleep
root 725019 724999 0 15:16 pts/2 00:00:00 grep sleep
Shared connection to syl3 closed.
[root@SYL2 httpd]#
[root@SYL3 ~]# sleep 500
6.shell
6.1 shell模块用于在受控机上执行受控机上的脚本,亦可直接在受控机上执行命令。
6.2 shell模块亦支持管道与重定向
[root@SYL2 httpd]# ansible all -m shell -a 'set'
创建简单脚本,受管
[root@SYL3 ~]# mkdir /scripts
[root@SYL3 ~]# vim /scripts/test.sh
[root@SYL3 ~]# cat /scripts/test.sh
#!/bin/bash
nohup sleep 7000 &
[root@SYL3 ~]#
主控
[root@SYL2 httpd]# ansible all -m shell -a '/bin/bash /scripts/test.sh'
SYL3 | CHANGED | rc=0 >>
[root@SYL2 httpd]# ansible all -m shell -a 'ps -ef|grep sleep
'SYL3 | CHANGED | rc=0 >>
root 899244 1 0 16:40 ? 00:00:00 sleep 7000
root 899927 1669 0 16:41 ? 00:00:00 bash -c export LANG="en_US";export LANGUAGE="en_US";export LC_ALL="en_US";free;echo finalshell_separator;uptime;echo finalshell_separator;cat /proc/net/dev;echo finalshell_separator;df;echo finalshell_separator;sleep 1;free;echo finalshell_separator;uptime;echo finalshell_separator;cat /proc/net/dev;echo finalshell_separator;df;echo finalshell_separator;
root 899944 899927 0 16:41 ? 00:00:00 sleep 1
root 900033 899134 0 16:41 pts/2 00:00:00 /bin/sh -c /usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1653468077.5401285-1002951-32489098133078/AnsiballZ_command.py && sleep 0
root 900053 900052 0 16:41 pts/2 00:00:00 /bin/sh -c ps -ef|grep sleep
root 900055 900053 0 16:41 pts/2 00:00:00 grep sleep
[root@SYL2 httpd]#
杀掉进程
[root@SYL2 httpd]# ansible all -m shell -a 'kill -9 899244'SYL3 | CHANGED | rc=0 >>
[root@SYL2 httpd]# ansible all -m shell -a 'ps -ef|grep sleep'
SYL3 | CHANGED | rc=0 >>
root 904415 1669 0 16:43 ? 00:00:00 bash -c export LANG="en_US";export LANGUAGE="en_US";export LC_ALL="en_US";free;echo finalshell_separator;uptime;echo finalshell_separator;cat /proc/net/dev;echo finalshell_separator;df;echo finalshell_separator;sleep 1;free;echo finalshell_separator;uptime;echo finalshell_separator;cat /proc/net/dev;echo finalshell_separator;df;echo finalshell_separator;
root 904432 904415 0 16:43 ? 00:00:00 sleep 1
root 904521 903987 0 16:43 pts/2 00:00:00 /bin/sh -c /usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1653468201.1694856-1007768-108871760899245/AnsiballZ_command.py && sleep 0
root 904541 904540 0 16:43 pts/2 00:00:00 /bin/sh -c ps -ef|grep sleep
root 904543 904541 0 16:43 pts/2 00:00:00 grep sleep
[root@SYL2 httpd]#
删除文件
[root@SYL2 httpd]# ansible all -m shell -a 'rm -rf /etc/yum.repos.d/*'
SYL3 | CHANGED | rc=0 >>
[root@SYL2 httpd]#
[root@SYL3 ~]# cd /etc/yum.repos.d/
[root@SYL3 yum.repos.d]# ls
redhat.repo
[root@SYL3 yum.repos.d]# ls
[root@SYL3 yum.repos.d]#
7. script
7.1 script模块用于在受控机上执行主控机上的脚本
[root@ansible ~]# ll /etc/ansible/scripts/
总用量 4
-rw-r--r--. 1 root root 61 9月 8 18:59 a.sh
[root@ansible ~]# ansible 172.16.103.129 -m script -a '/etc/ansible/scripts/a.sh &>/tmp/a'
172.16.103.129 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.16.103.129 closed.\r\n",
"stderr_lines": [
"Shared connection to 172.16.103.129 closed."
],
"stdout": "",
"stdout_lines": []
}
//查看受控机上的/tmp/a文件内容
[root@ansible ~]# ansible 172.16.103.129 -m shell -a 'cat /tmp/a'
172.16.103.129 | SUCCESS | rc=0 >>
root:x:0:0:root:/root:/bin/bash
....此处省略N行
jerry:x:1000:1000::/home/jerry:/bin/bash
//由此可见确是在受控机上执行了主控机上的脚本,且输出记录到了受控机上。因为此处 \
//的jerry用户是在受控机上才有的用户
8. template
8.1 template模块用于生成一个模板,并可将其传输至远程主机上,有传文件的功能
[root@SYL2 httpd]# cd /etc/yum.repos.d/
[root@SYL2 yum.repos.d]# ls
CentOS-Base.repo CentOS-SIG-ansible-29.repo
[root@SYL2 yum.repos.d]# cd /opt/httpd/
[root@SYL2 httpd]# ls
ansible.cfg inventory
[root@SYL2 httpd]# vim ansible.cfg
[root@SYL2 httpd]# cat ansible.cfg |grep command_warnings
command_warnings = False //将注释取消,会把警告取消
[root@SYL2 httpd]#
[root@SYL2 httpd]# ansible all -m template -a 'src=/etc/yum.repos.d/CentOS-Base.repo dest=/etc/yum.repos.d/CentOS-Base.repo owner=root group=root mode=0644'
SYL3 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "8bbf30b2d80c3b97292ca7b32f33ef494269a5b8",
"dest": "/etc/yum.repos.d/CentOS-Base.repo",
"gid": 0,
"group": "root",
"md5sum": "ed031c350da2532e6a8d09a4d9b05278",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:system_conf_t:s0",
"size": 1653,
"src": "/root/.ansible/tmp/ansible-tmp-1653470010.8950334-1083231-220201675160083/source",
"state": "file",
"uid": 0
}
[root@SYL2 httpd]#
src=源地址
dest=目标地址
owner=所有者
group=组
mode=权限
[root@SYL3 yum.repos.d]# ls
[root@SYL3 yum.repos.d]# ls
CentOS-Base.repo
[root@SYL3 yum.repos.d]#
9. yum/dnf
9.1 yum模块用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个
- name:要管理的包名
- state:要进行的操作
9.2 state常用的值:
- latest:安装软件
- installed:安装软件
- present:安装软件
- removed:卸载软件
- absent:卸载软件
在受控机上查询看vsftpd软件是否安装
[root@SYL3 ~]# rpm -qa|grep vsftpd
[root@SYL3 ~]#
在主控主机上使用yum模块在受控机上安装vsftp
[root@SYL2 httpd]# ansible all -m dnf -a 'name=vsftpd state=present'
SYL3 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-34.el8.x86_64"
]
}
[root@SYL2 httpd]#
查看受控机上是否安装了vsftpd
[root@SYL3 ~]# rpm -qa|grep vsftpd
vsftpd-3.0.3-34.el8.x86_64
[root@SYL3 ~]#
卸载
[root@SYL2 httpd]# ansible all -m dnf -a 'name=vsftpd state=absent'
SYL3 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Removed: vsftpd-3.0.3-34.el8.x86_64"
]
}
[root@SYL2 httpd]#
[root@SYL3 ~]# rpm -qa|grep vsftpd
vsftpd-3.0.3-34.el8.x86_64
[root@SYL3 ~]# rpm -qa|grep vsftpd
[root@SYL3 ~]#
10. copy
10.1 copy模块用于复制文件至远程受控机。
[root@SYL2 httpd]# ansible all -m copy -a 'content="xixi\nhello 123\n888\n" dest=/tmp/mu'
SYL3 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "c08e2c0d13a0b9fece8ce4a88669dd3db3d9f9e0",
"dest": "/tmp/mu",
"gid": 0,
"group": "root",
"md5sum": "56c91232eeacaa96c53eca66dbd095ba",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 19,
"src": "/root/.ansible/tmp/ansible-tmp-1653470766.7468681-1112136-157273447777451/source",
"state": "file",
"uid": 0
}
[root@SYL2 httpd]#
[root@SYL3 ~]# cd /tmp/
[root@SYL3 tmp]# ls
aaaa muc vmware-root_1010-2957124853
mu vmware-root_1004-2957649132 vmware-root_1014-2965448048
[root@SYL3 tmp]# cat mu
xixi
hello 123
888
[root@SYL3 tmp]#
[root@SYL2 httpd]# ansible all -m copy -a 'src=inventory dest=/tmp/abc owner=root group=root mode=0644'
SYL3 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "0dbc13c68f309ce2dfc62b3d4fd55684f0a6d5c3",
"dest": "/tmp/abc/inventory",
"gid": 0,
"group": "root",
"md5sum": "4b525f0fa149d62259f8b527dc4f2da2",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 63,
"src": "/root/.ansible/tmp/ansible-tmp-1653470998.063784-1120985-158802732964238/source",
"state": "file",
"uid": 0
}
[root@SYL2 httpd]#
[root@SYL3 ~]# cd /tmp/abc
[root@SYL3 abc]# ls
[root@SYL3 abc]# ls
inventory
[root@SYL3 abc]# ll
total 4
-rw-r--r--. 1 root root 63 May 25 17:29 inventory
[root@SYL3 abc]#
11. group
11.1 group模块用于在受控机上添加或删除组
[root@SYL2 httpd]# ansible all -m group -a 'name=tom state=present' SYL3 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true 标签:
oke继电器底座