1. 命令行参数
-v,–verbose 详细模式,如果命令执行成功,输出详细的结果(-vv –vvv -vvvv) -i PATH,–inventory=PATH 指定host文件的路径,默认是在/etc/ansible/hosts(生产环境经常用到) -f NUM,–forks=NU NUM是指定一个整数,默认是5,指定fork开启同步进程的个数。 -m NAME,–module-name=NAME 指定使用的module名称,默认是command -m DIRECTORY,–module-path=DIRECTORY 指定module的目录来加载module,默认是/usr/share/ansible, -a,MODULE_ARGS 指定module模块的参数 -k,-ask-pass 提示输入ssh的密码,而不是使用基于ssh的密钥认证 -sudo 指定使用sudo获得root权限(生产环境经常用到) -K,-ask-sudo-pass 提示输入sudo密码,与–sudo一起使用 (生产环境经常用到) -u USERNAME,-user=USERNAME 指定移动端的执行用户 -C,-check 测试此命令执行会改变什么内容,不会真正的去执行
2. command模块测试环境
[root@temp01 ~]# ansible all -a "pwd" 192.168.3.70 | SUCCESS | rc=0 >> /root 192.168.3.60 | SUCCESS | rc=0 >> /root
[root@temp01 ~]# ansible all -m command -a "pwd" #-m command 原来是可以省略的,ansible 默认模块就是command
192.168.3.70 | SUCCESS | rc=0 >>
/root
192.168.3.60 | SUCCESS | rc=0 >>
/root
3. 再用ping模块
#-f 参数用法
[root@temp01 ~]# ansible all -m ping -f 1 #all 表示hosts里面所有主机 -m 调用模块 -f 指定同步进程数 192.168.3.60 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.3.70 | SUCCESS => { "changed": false, "ping": "pong" }
#-C参数用法 [root@temp01 ~]# ansible all -m ping -f 1 -C 192.168.3.60 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.3.70 | SUCCESS => { "changed": false, "ping": "pong" }
4. user模块
[root@temp01 ~]# ansible db -m user -a 'name=DBA uid=505 home=/home/dba shell=/sbin/nologin' 192.168.3.70 | SUCCESS => { "changed": true, "comment": "", "createhome": true, "group": 505, "home": "/home/dba", "name": "DBA", "shell": "/sbin/nologin", "state": "present", "system": false, "uid": 505 } [root@temp01 ~]# ansible db -m user -a 'name=DBA state=absent' #state属性有:present表示添加,absend表示删除,state属性默认是present 192.168.3.70 | SUCCESS => { "changed": true, "force": false, "name": "DBA", "remove": false, "state": "absent" }
修改用户密码
[root@temp01 ansible_playbook]# ansible all -m shell -a 'echo "123456" | passwd foo --stdin' 192.168.3.60 | SUCCESS | rc=0 >> Changing password for user foo. passwd: all authentication tokens updated successfully. 192.168.3.70 | SUCCESS | rc=0 >> Changing password for user foo. passwd: all authentication tokens updated successfully.
5. 看看下面这个坑
[root@temp01 ~]# ansible all -m cron -a "name=cat minute='*/1' job='ls /root'" 192.168.3.70 | FAILED! => { "changed": false, "failed": true, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!" } 192.168.3.60 | FAILED! => { "changed": false, "failed": true, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!" }
[root@temp01 ~]# ansible all -m copy -a "src=/etc/ansible/hosts dest=/root mode=600" 192.168.3.60 | FAILED! => { "changed": false, "checksum": "8add7a4e56ae6f7a1c6d0218ce757510d195bb3c", "failed": true, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!" } 192.168.3.70 | FAILED! => { "changed": false, "checksum": "8add7a4e56ae6f7a1c6d0218ce757510d195bb3c", "failed": true, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!" }
需要在客户端安装libselinux-python库
方法如下,随便介绍下yum模块,哈哈
[root@temp01 ~]# ansible all -m yum -a 'name=libselinux-python state=present' 192.168.3.70 | SUCCESS => { "changed": true, "msg": "warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY Importing GPG key 0xC105B9DE: Userid : CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org> Package: centos-release-6-5.el6.centos.11.1.x86_64 (@anaconda-CentOS-201311272149.x86_64/6.5) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 ", "rc": 0, "results": [ "Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile * base: mirrors.zju.edu.cn * extras: centos.ustc.edu.cn * updates: mirrors.zju.edu.cn Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package libselinux-python.x86_64 0:2.0.94-7.el6 will be installed --> Processing Dependency: libselinux = 2.0.94-7.el6 for package: libselinux-python-2.0.94-7.el6.x86_64 --> Running transaction check ---> Package libselinux.x86_64 0:2.0.94-5.3.el6_4.1 will be updated --> Processing Dependency: libselinux = 2.0.94-5.3.el6_4.1 for package: libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 ---> Package libselinux.x86_64 0:2.0.94-7.el6 will be an update --> Running transaction check ---> Package libselinux-utils.x86_64 0:2.0.94-5.3.el6_4.1 will be updated ---> Package libselinux-utils.x86_64 0:2.0.94-7.el6 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: libselinux-python x86_64 2.0.94-7.el6 base 203 k Updating for dependencies: libselinux x86_64 2.0.94-7.el6 base 109 k libselinux-utils x86_64 2.0.94-7.el6 base 82 k Transaction Summary ================================================================================ Install 1 Package(s) Upgrade 2 Package(s) Total download size: 394 k Downloading Packages: -------------------------------------------------------------------------------- Total 210 kB/s | 394 kB 00:01 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : libselinux-2.0.94-7.el6.x86_64 1/5 Installing : libselinux-python-2.0.94-7.el6.x86_64 2/5 Updating : libselinux-utils-2.0.94-7.el6.x86_64 3/5 Cleanup : libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 4/5 Cleanup : libselinux-2.0.94-5.3.el6_4.1.x86_64 5/5 Verifying : libselinux-python-2.0.94-7.el6.x86_64 1/5 Verifying : libselinux-utils-2.0.94-7.el6.x86_64 2/5 Verifying : libselinux-2.0.94-7.el6.x86_64 3/5 Verifying : libselinux-2.0.94-5.3.el6_4.1.x86_64 4/5 Verifying : libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 5/5 Installed: libselinux-python.x86_64 0:2.0.94-7.el6 Dependency Updated: libselinux.x86_64 0:2.0.94-7.el6 libselinux-utils.x86_64 0:2.0.94-7.el6 Complete! " ] } 192.168.3.60 | SUCCESS => { "changed": true, "msg": "warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY Importing GPG key 0xC105B9DE: Userid : CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org> Package: centos-release-6-5.el6.centos.11.1.x86_64 (@anaconda-CentOS-201311272149.x86_64/6.5) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 ", "rc": 0, "results": [ "Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile * base: mirrors.cn99.com * extras: mirrors.cn99.com * updates: mirrors.cn99.com Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package libselinux-python.x86_64 0:2.0.94-7.el6 will be installed --> Processing Dependency: libselinux = 2.0.94-7.el6 for package: libselinux-python-2.0.94-7.el6.x86_64 --> Running transaction check --->Package libselinux.x86_64 0:2.0.94-5.3.el6_4.1 will be updated --> Processing Dependency: libselinux = 2.0.94-5.3.el6_4.1 for package: libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 ---> Package libselinux.x86_64 0:2.0.94-7.el6 will be an update --> Running transaction check ---> Package libselinux-utils.x86_64 0:2.0.94-5.3.el6_4.1 will be updated ---> Package libselinux-utils.x86_64 0:2.0.94-7.el6 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: libselinux-python x86_64 2.0.94-7.el6 base 203 k Updatingfor dependencies: libselinux x86_64 2.0.94-7.el6 base 109 k libselinux-utils x86_64 2.0.94-7.el6 base 82 k Transaction Summary ================================================================================ Install 1 Package(s) Upgrade 2 Package(s) Total download size: 394 k Downloading Packages: -------------------------------------------------------------------------------- Total 70 kB/s | 394 kB 00:05 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : libselinux-2.0.94-7.el6.x86_64 1/5 Installing : libselinux-python-2.0.94-7.el6.x86_64 2/5 Updating : libselinux-utils-2.0.94-7.el6.x86_64 3/5 Cleanup : libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 4/5 Cleanup : libselinux-2.0.94-5.3.el6_4.1.x86_64 5/5 Verifying : libselinux-python-2.0.94-7.el6.x86_64 1/5 Verifying : libselinux-utils-2.0.94-7.el6.x86_64 2/5 Verifying : libselinux-2.0.94-7.el6.x86_64 3/5 Verifying : libselinux-2.0.94-5.3.el6_4.1.x86_64 4/5 Verifying : libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 5/5 Installed: libselinux-python.x86_64 0:2.0.94-7.el6 Dependency Updated: libselinux.x86_64 0:2.0.94-7.el6 libselinux-utils.x86_64 0:2.0.94-7.el6 Complete! " ] }
6. service 模块
[root@temp01 ~]# ansible all -m service -a 'name=sshd state=restarted' #state属性有running,started,stopped,restarted,reloaded 192.168.3.60 | SUCCESS => { "changed": true, "name": "sshd", "state": "started" } 192.168.3.70 | SUCCESS => { "changed": true, "name": "sshd", "state": "started" }
7. yum模块还是介绍下
[root@temp01 ~]# ansible all -m yum -a 'name=ntp state=present' #state属性有absent,present,installed,removed,latest 192.168.3.70 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "ntp-4.2.6p5-1.el6.centos.x86_64 providing ntp is already installed" ] } 192.168.3.60 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "ntp-4.2.6p5-1.el6.centos.x86_64 providing ntp is already installed" ] }
8. script模块 远程执行脚本
[root@temp01 ~]# cat ansible.sh #脚本内容 #!/bin/bash echo "Hello world" >>/root/ansible.log [root@temp01 ~]# ansible all -m script -a 'ansible.sh' 192.168.3.70 | SUCCESS => { "changed": true, "rc": 0, "stderr": "", "stdout": "", "stdout_lines": [] } 192.168.3.60 | SUCCESS => { "changed": true, "rc": 0, "stderr": "", "stdout": "", "stdout_lines": [] } [root@example_02 ~]# pwd #跳转到客户端验证 /root [root@example_02 ~]# cat ansible.log Hello world
9. 忘了一个重要的模块shell模块
shell 模块与command模块区别 ,shell支持管道符和变更,下面这个例子说明问题
[root@temp01 ~]# ansible all -m mommand -a 'cat /etc/passwd | grep root' ERROR! this task 'mommand' has extra params, which is only allowed in the following modules: command, win_command, shell, win_shell, script, include, include_vars, add_host, group_by, set_fact, raw, meta [root@temp01 ~]# ansible all -m shell -a 'cat /etc/passwd | grep root' 192.168.3.70 | SUCCESS | rc=0 >> root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin 192.168.3.60 | SUCCESS | rc=0 >> root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin
10. file模块
(1)修改文件属性
[root@temp01 ~]# ansible all -m file -a 'path=/root/ansible.log owner=root mode=777 group=root' #修改文件属性 192.168.3.60 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/root/ansible.log", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 12, "state": "file", "uid": 0 } 192.168.3.70 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/root/ansible.log", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 12, "state": "file", "uid": 0 }
(2)新建目录:类 mkdir -p
[root@temp01 ~]# ansible all -m file -a 'dest=/root/1/2/3/4/ mode=755 owner=root group=root state=directory' 192.168.3.60 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/root/1/2/3/4/", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 4096, "state": "directory", "uid": 0 } 192.168.3.70 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/root/1/2/3/4/", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 4096, "state": "directory", "uid": 0 } [root@example_02 ~]# ll total 48 -rw-------. 1 root root 1106 Jul 11 05:26 anaconda-ks.cfg -rwxrwxrwx. 1 root root 12 Dec 30 02:53 ansible.log -rw-------. 1 root root 1052 Dec 30 01:09 hosts -rw-r--r--. 1 root root 23089 Jul 11 05:26 install.log -rw-r--r--. 1 root root 6240 Jul 11 05:24 install.log.syslog [root@example_02 ~]# cd 1/2/3/4/ #转到客户端验证 You have new mail in /var/spool/mail/root [root@example_02 4]# pwd /root/1/2/3/4
(3)删除目录文件
[root@temp01 ~]# ansible all -m file -a 'dest=/root/1/2/3/4/ state=absent' 192.168.3.60 | SUCCESS => { "changed": true, "path": "/root/1/2/3/4/", "state": "absent" } 192.168.3.70 | SUCCESS => { "changed": true, "path": "/root/1/2/3/4/", "state": "absent" } [root@example_02 ~]# cd 1/2/3/4 #跳转验证 -bash: cd: 1/2/3/4: No such file or directory [root@example_02 ~]#