Ansible常用模块
-
-
- Ansible常用模块细节
- ping模块
- command模块
- raw模块
- shell模块
- script模块
- template模块
- yum模块
- copy模块
- group模块
- user模块
- service模块
- lineinfile模块
- firewalld模块
-
Ansible常用模块细节
Ansible常用模块
| 模块类别 | 模块 |
|---|---|
| 文件模块 | copy:将本地文件复制到受管主机file:设置文件的权限和其他属性lineinfile:确保特定行是否在文件中synchronize:使用rsync同步内容 |
| 软件包模块 | package:使用操作系统本地自动检测软件包管理yum:使用yum管理软件包apt:使用apt管理软件包dnf:使用dnf管理软件包gem:管理Ruby gempip:从PyPI管理Python软件包 |
| 系统模块 | firewalld:使用firewalld管理防火墙reboot:重启计算机service:管理服务user:添加、删除和管理用户账户账户 |
| Net Tools模块 | get_url:通过HTTP、HTTPS或FTP下载文件nmcli:管理网络uri:与Web服务交互 |
大多数模块将使用参数。可用于模块的参数列表可以在模块的文档中找到。临时命令可以通过-a选项将参数传递命令中省略,而不需要参数。-a选项。如需指定多个参数,请以引号包含的空间分隔列表的形式提供.
大多数模块都是idempotent,这意味着它们可以安全地多次运行;如果系统处于正确状态,则不会进行任何操作.
Ansible常用模块raw 、command、shell的区别:
- shell模块调用/bin/sh指令执行
- command不调用模块shell所以没有指令bash的环境变量
- raw很多地方和shell类似地,建议使用更多的地方shell和command但是如果使用旧版本的话。python,需要用到raw,或者客户端是路由器,因为没有安装python需要使用模块raw模块了
ping模块
ping模块用于检查指定节点的机器是否连接,使用简单,不涉及参数。如果主机在线,请回复pong
[root@client ansible]# ansible all -m ping 192.168.8.128 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } command模块
command在远程主机上执行命令的模块,ansible默认是使用command模块。
command管道符和重定向功能不能用于模块的一个缺陷。
[root@client ansible]# ansible all -a 'touch ABC ' #在受控主机上创建ABC文本 [WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. 192.168.8.128 | CHANGED | rc=0 >> [root@server ~]# ls
ABC
[root@client ansible]# ansible all -a 'ls /tmp ' #查看tmp下的文件
192.168.8.128 | CHANGED | rc=0 >>
ansible_command_payload_bxsqD7
systemd-private-0abda06828bb4579896592d2e11303f2-chronyd.service-ldz1vF
systemd-private-160925912258467f8c047cf4d957683c-chronyd.service-I5E0AH
systemd-private-4ca9094627204f61a8dd097f19fe0dc6-chronyd.service-5Wmoa4
systemd-private-6655dc7e05e841e498e3765c0fc090e5-chronyd.service-hAcWlb
systemd-private-68ccb21190d048e2a95da866d8a61de4-chronyd.service-WikD43
systemd-private-74ee60f5aab04988ac6520aadade4c91-chronyd.service-gXyLOr
systemd-private-879534aa1cb9447f83329fb95a7f2dfb-chronyd.service-O4eqFs
systemd-private-a1cae32ba9d1405bbc05095f856c5228-chronyd.service-z6qvrc
systemd-private-cbc17a6a68ef4a26979cd2c884de7210-chronyd.service-raG4xX
systemd-private-d5022c141ed241b9ab0bb376b8fe07fb-chronyd.service-Qe7seW
systemd-private-df5c9a525c1446399ba9978ed290b7ca-chronyd.service-k9mYfm
systemd-private-ee8bb682721047a98a892d74bb1a44a1-chronyd.service-ojrRaK
systemd-private-f316a1884e6f451a8773d805ab044fac-chronyd.service-mJtwHR
systemd-private-f6f86a0176e740dd87d0c974d633d5d4-chronyd.service-Mla1in
systemd-private-f8217ff86f384241b3f3d1189d769644-chronyd.service-6FJ45s
vmware-root
//command模块不支持管道符和重定向
[root@client ansible]# ansible all -a 'echo "hello" > /ABC'
192.168.8.128 | CHANGED | rc=0 >>
hello > ABC
[root@client ansible]# ansible all -a 'cat ABC'
192.168.8.128 | CHANGED | rc=0 >>
[root@client ansible]# ansible all -a 'ps -ef |grep vsftpd'
192.168.8.128 | FAILED | rc=1 >>
error: garbage option
Usage:
ps [options]
Try 'ps --help <simple|list|output|threads|misc|all>'
or 'ps --help <s|l|o|t|m|a>'
for additional help text.
For more details see ps(1).non-zero return code
raw模块
raw模块用于在远程主机上执行命令,其支持管道符与重定向
[root@client ansible]# ansible all -m raw -a " echo 'hello' > ABC"
192.168.8.128 | CHANGED | rc=0 >>
Shared connection to 192.168.8.128 closed.
[root@client ansible]# ansible all -m raw -a " cat ABC"
192.168.8.128 | CHANGED | rc=0 >>
hello
Shared connection to 192.168.8.128 closed.
[root@client ansible]# ansible all -m raw -a 'ps -ef |grep vsftpd'
192.168.8.128 | CHANGED | rc=0 >>
root 2054 1832 0 19:27 pts/1 00:00:00 bash -c ps -ef |grep vsftpd
root 2066 2054 0 19:27 pts/1 00:00:00 grep vsftpd
Shared connection to 192.168.8.128 closed.
shell模块
shell模块用于在受控机上执行受控机上的脚本,亦可直接在受控机上执行命令。 shell模块亦支持管道与重定向
[root@client ansible]# ansible all -m shell -a "/bin/bash /root/test.sh &> /root/abcd"
192.168.8.128 | CHANGED | rc=0 >>
[root@client ansible]# ansible all -a " cat abcd"
192.168.8.128 | CHANGED | rc=0 >>
hello
script模块
script模块用于在受控主机上执行主控机上的脚本
[root@client ansible]# ansible all -m script -a "/root/test.sh"
192.168.8.128 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.8.128 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.8.128 closed."
],
"stdout": "",
"stdout_lines": []
}
[root@client ansible]# ansible all -a "cat /opt/haha"
192.168.8.128 | CHANGED | rc=0 >>
123456
template模块
template模块用于生成一个模块,并可将其传输至远程主机上
[root@client ansible]# ansible all -m template -a "src=/root/initial-setup-ks.cfg dest=/tmp/haha"
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "0d7d1ff527132176c754e8a84aec3d061783413b",
"dest": "/tmp/haha",
"gid": 0,
"group": "root",
"md5sum": "78f5c37421f7295fb49440878e7fe0f4",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 1375,
"src": "/root/.ansible/tmp/ansible-tmp-1626487935.4883926-2838-233091174119543/source",
"state": "file",
"uid": 0
}
[root@client ansible]# ansible all -a "head -3 /tmp/haha"
192.168.8.128 | CHANGED | rc=0 >>
#version=RHEL8
# X Window System configuration information
xconfig --startxonboot
yum模块
yum模块用于指定节点机器上通过yum管理软件,其支持的参数主要有两个
- name:要管理的包名
- state:要进行的操作
state常用的值
- latest:安装软件
- installed:安装软件
- present:安装软件
- removed:卸载软件
- absent:卸载软件
[root@server ~]# rpm -qa | grep vsftpd #查看受控主机上是否安装vsftpd
[root@server ~]#
#使用yum模块安装vsftpd
[root@client ansible]# ansible all -m yum -a "name=vsftpd state=present"
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"vsftpd"
]
},
"msg": "",
"rc": 0,
"results": [
[root@server ~]# rpm -qa | grep vsftpd
vsftpd-3.0.2-29.el7_9.x86_64
copy模块
copy模块用于复制文件至远程受控机
[root@client ansible]# ansible all -m copy -a "src=/etc/ansible/inventory dest=/tmp/boot"
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "0b08e3f08b32f42bf7f61432bf7d47efb27addc6",
"dest": "/tmp/boot",
"gid": 0,
"group": "root",
"md5sum": "a1e63f50f9a027bf563f23d578254b86",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 27,
"src": "/root/.ansible/tmp/ansible-tmp-1626488593.2474375-3005-208879250756978/source",
"state": "file",
"uid": 0
}
[root@client ansible]# ansible all -a " ls /tmp"
192.168.8.128 | CHANGED | rc=0 >>
ansible_command_payload_gkkJ3w
boot
group模块
group模块用于在受控机上添加或删除组。
#在受控主机上添加一个系统组
[root@client ansible]# ansible all -m group -a "name=jake gid=1030 state=present"
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 1030,
"name": "jake",
"state": "present",
"system": false
}
[root@client ansible]# ansible all -m shell -a "grep jake /etc/group"
192.168.8.128 | CHANGED | rc=0 >>
jake:x:1030:
#删除受控主机上的jake组
[root@client ansible]# ansible all -m group -a "name=jake state=absent "
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "jake",
"state": "absent"
}
[root@client ansible]# ansible all -m shell -a "grep jake /etc/group"
192.168.8.128 | FAILED | rc=1 >>
non-zero return code
user模块
user模块用于管理受控机的用户账号
#在受控机上添加一个系统用户
[root@client ansible]# ansible all -m user -a "name=mike system=yes create_home=no shell=/sbin/nologin state=present"
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 995,
"home": "/home/mike",
"name": "mike",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 997
}
[root@client ansible]# ansible all -m shell -a "grep mike /etc/passwd"
192.168.8.128 | CHANGED | rc=0 >>
mike:x:997:995::/home/mike:/sbin/nologin
[root@client ansible]# ansible all -m shell -a "ls /home"
192.168.8.128 | CHANGED | rc=0 >>
tom
#修改mike用户uid为995
[root@client ansible]# ansible all -m user -a "name=mike uid=995"
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": true,
"comment": "",
"group": 995,
"home": "/home/mike",
"move_home": false,
"name": "mike",
"shell": "/sbin/nologin",
"state": "present",
"uid": 995
}
#删除mike用户
[root@client ansible]# ansible all -m user -a "name=mike state=absent"
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "mike",
"remove": false,
"state": "absent"
}
[root@client ansible]# ansible all -m shell -a "grep mike /etc/passwd"
192.168.8.128 | FAILED | rc=1 >>
non-zero return code
service模块
service模块用于管理受控主机上的服务
#查看受控机上的vsfptd服务是否自启
[root@client ansible]# ansible all -m shell -a "systemctl is-active vsftpd"
192.168.8.128 | FAILED | rc=3 >>
unknownnon-zero return code
#启动受控机上的vsfptd服务
[root@client ansible]# ansible all -m service -a " name=vsftpd state=started"
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "vsftpd",
"state": "started",
#查看受控机上的vsftpd服务是否启动
[root@client ansible]# ansible all -m shell -a "systemctl is-active vsftpd"
192.168.8.128 | CHANGED | rc=0 >>
active
#查看受控机上的vsftpd服务是否开机自动启动
[root@client ansible]# ansible all -m shell -a "systemctl is-enabled vsftpd"
192.168.8.128 | FAILED | rc=1 >>
disablednon-zero return code
#设置受控机上的vsftpd服务开机自动启动
[root@client ansible]# ansible all -m service -a " name=vsftpd enabled=yes"
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"enabled": true,
"name": "vsftpd",
#查看受控机上的vsftpd服务是否开机自动启动
[root@client ansible]# ansible all -m shell -a "systemctl is-enabled vsftpd"
192.168.8.128 | CHANGED | rc=0 >>
enabled
#停止受控机上的vsftpd服务
[root@client ansible]# ansible all -m service -a "name=vsftpd state=stopped"
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "vsftpd",
"state": "stopped"
[root@client ansible]# ansible all -m shell -a "systemctl is-active vsftpd"
192.168.8.128 | FAILED | rc=3 >>
inactivenon-zero return code
lineinfile模块
lineinfile模块用于确定特定行是否在存在
# regexp:过滤指定内容
[root@client ansible]# ansible all -m lineinfile -a "path=/etc/selinux/config regexp='^SELINUX=' line='SELINUX=disabled'"
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
[root@client ansible]# ansible all -m shell -a "cat /etc/selinux/config"
192.168.8.128 | CHANGED | rc=0 >>
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
// 不带regexp时,在文件尾添加内容
[root@client ansible]# ansible all -m lineinfile -a "path=/etc/selinux/config line=SELINUX=enforcing"
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@client ansible]# ansible all -m shell -a "cat /etc/selinux/config"
192.168.8.128 | CHANGED | rc=0 >>
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
SELINUX=enforcing
#删除内容
[root@client ansible]# ansible all -m lineinfile -a "path=/opt/haha state=absent regexp='xixi'"
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"found": 2,
"msg": "2 line(s) removed"
}
[root@server opt]# cat haha
123456
xxx
#insertafter 插入内容
[root@client ansible]# ansible all -m lineinfile -a "path=/opt/haha insertafter='123456' line='runtime'"
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@client ansible]# ansible all -m shell -a 'cat /opt/haha'
192.168.8.128 | CHANGED | rc=0 >>
123456
runtime
xxx
lineinfile其他用法参考 https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html
firewalld模块
firewalld模块用于管理防火墙规则
[root@client ansible]# ansible all -m firewalld -a "service=ftp permanent=yes state=enabled immediate=yes zone=public"
192.168.8.128 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "Permanent and Non-Permanent(immediate) operation"
}
[root@server ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: ssh dhcpv6-client ftp
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@client ansible]# ansible all -m firewalld -a 'rich_rule="rule family=ipv4 source address=0.0.0.0/0 service name=ftp accept" permanent=yes state=enabled immediate=yes'
192.168.8.128 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed rich_rule rule family=ipv4 source address=0.0.0.0/0 service name=ftp accept to enabled"
}
[root@server ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: ssh dhcpv6-client ftp
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="0.0.0.0/0" service name="ftp" accept
firewalld模块其他用法参考https://docs.ansible.com/ansible/latest/collections/ansible/posix/firewalld_module.html.