ansible常用模块
ansible常用模块使用详解
ansible常用模块有:
- ping
- yum
- template
- copy
- user
- group
- service
- raw
- command
- shell
- script
ansible常用模块raw、command、shell的区别:
- shell模块调用的/bin/sh指令执行
- command模块不是调用的shell的指令,所以没有bash的环境变量
- raw很多地方和shell类似,更多的地方建议使用shell和command模块。但是如果是使用老版本python,需要用到raw,又或者是客户端是路由器,因为没有安装python模块,那就需要使用raw模块了
ansible常用模块之ping
ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong
[root@yc1 ~]# vi /etc/ansible/inventory
[webservers]
yc2
[root@node1 ~]# ansible all -m ping
node2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[ro
ansible常用模块之command
command模块用于在远程主机上执行命令,ansible默认就是使用command模块。
command模块有一个缺陷就是不能使用管道符和重定向功能。
//查看受控主机的/tmp目录内容
[root@yc1 ~]# ansible yc2 -a 'ls /tmp'
yc2 | CHANGED | rc=0 >>
ansible_command_payload_dd3zynn_
hsperfdata_root
ks-script-jl5dglcm
systemd-private-c50b4a36efd7458f885f61a51c649380-mariadb.service-bkUl9X
vmware-root_960-2999133023
vmware-root_962-2990678749
vmware-root_978-2957649101
//在受控主机的/tmp目录下新建一个文件test
[root@yc1 ~]# ansible yc2 -a 'touch /tmp/test'
[WARNING]: Consider using the file module with state=touch rather than running
'touch'. If you need to use command because file is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get
rid of this message.
yc2 | CHANGED | rc=0 >>
[root@yc1 ~]# ansible yc2 -a 'ls /tmp'
yc2 | CHANGED | rc=0 >>
ansible_command_payload_yg2ldpb0
hsperfdata_root
ks-script-jl5dglcm
systemd-private-c50b4a36efd7458f885f61a51c649380-mariadb.service-bkUl9X
test
vmware-root_960-2999133023
vmware-root_962-2990678749
vmware-root_978-2957649101
//command模块不支持管道符,不支持重定向
[root@yc1 ~]# ansible yv2 -a "echo 'hello world' > /tmp/test"
yc2 | CHANGED | rc=0 >>
hahahaha > /tmp/test
[root@yc1 ~]# ansible yc2 -a 'cat /tmp/test'
yc2 | CHANGED | rc=0 >>
[root@yc1 ~]# ansible yc1 -a 'ps -ef|grep vsftpd'
yc2 | FAILED | rc=1 >>
error: unsupported SysV option
Usage:
ps [options]
Try 'ps --help <simple|list|output|threads|misc|all>'
or 'ps --help <s|l|o|t|m|a>'
for additional help text.
For more details see ps(1).non-zero return code
ansible常用模块之raw
raw模块用于在远程主机上执行命令,其支持管道符与重定向
//支持重定向
[root@yc1 ~]# ansible yc2 -m raw -a 'echo "hahahaha" > /tmp/test'
yv2 | CHANGED | rc=0 >>
Shared connection to yc2 closed.
[root@yv1 ~]# ansible yv2 -a 'cat /tmp/test'
yc2 | CHANGED | rc=0 >>
hahahaha
//支持管道符
[root@yc1 ~]# ansible yc2 -m raw -a 'cat /tmp/test|grep -Eo ha'
yc2 | CHANGED | rc=0 >>
ha
Shared connection to yc2 closed.
ansible常用模块之shell
shell模块用于在受控机上执行受控机上的脚本,亦可直接在受控机上执行命令。
shell模块亦支持管道与重定向。
//先写一个脚本
[root@yc1 ~]# mkdir scripts
[root@yc1 ~]# cd scripts/
[root@yc1 scripts]# vi ip.sh
#!/bin/bash
ip a > /tmp/ip.txt
[root@yc1 scripts]# ansible yc2 -m script -a '~/scripts/ip.sh'
yc2 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to node2 closed.
",
"stderr_lines": [
"Shared connection to node2 closed."
],
"stdout": "",
"stdout_lines": []
}
[root@yc1 scripts]# ansible yc2 -m shell -a 'cat /tmp/ip.txt'
node2 | CHANGED | rc=0 >>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:6a:c0:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.23.133/24 brd 192.168.23.255 scope global dynamic noprefixroute ens160
valid_lft 1430sec preferred_lft 1430sec
inet6 fe80::fb61:522f:254f:7c32/64 scope link noprefixroute
valid_lft forever preferred_lft forever
ansible常用模块之script
script模块用于在受控机上执行主控机上的脚本
[root@yc1 ~]# ll /etc/ansible/scripts/
总用量 4
-rw-r--r--. 1 root root 61 jar 07 23:29 a.sh
[root@yc1 ~]# ansible yc2 -m script -a '/etc/ansible/scripts/a.sh &>/tmp/a'
yc2 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.16.103.129 closed.
",
"stderr_lines": [
"Shared connection to 172.16.103.129 closed."
],
"stdout": "",
"stdout_lines": []
}
//查看受控机上的/tmp/a文件内容
[root@yc1 ~]# ansible yc2 -m shell -a 'cat /tmp/a'
yc2 | SUCCESS | rc=0 >>
root:x:0:0:root:/root:/bin/bash
....此处省略N行
jerry:x:1000:1000::/home/jerry:/bin/bash
//由此可见确是在受控机上执行了主控机上的脚本,且输出记录到了受控机上。所以jerry用户是在受控机上才有的用户
ansible常用模块之template
template模块用于生成一个模板,并可将其传输至远程主机上。
将yc1 /root 目录下的anaconda-ks.cfg传输到yc2的/tmp 目录下
[root@yc1 ~]# ansible all -m template -a 'src=/root/anaconda-ks.cfg dest=/tmp/
yc2 | SUCCESS => {
"ansible_ facts": {
"discovered_ _interpreter_ python":"/usr/libexec/platform-python"
},
"changed": true,
" checksum": "38e4a633bda4f5410009b5995e7 c8d0c99e5da8e" ,
"dest": "/tmp/ anaconda-ks.cfg",
"gid": 0,
group":" root" ,
"md5sum": " ab4e4b429f7ba22f35bab60764b9a193",
"mode": "0644"
"owner": " root",
'size": 1172,
"src": "/root/ . ans ible/tmp/ansible-tmp-1609920197.1827474-2254-134425854336083/source",
"state": "file",
"uid": 0
}
//查看受控机上是否有anaconda-ks.cfg文件
[root@yc1]# ansible all -a 'ls /tmpnode2 yc2 |CHANGED rc=0 >>
anaconda-ks.cfg
ansible_command_payload_ohqv_rcr
ansible_command_payload_vjq20vav
ip.txt
vmware-root_914-2689209517
vmware-root_922-2722632355
vmware-root_926-2731217702
ansible常用模块之yum
yum模块用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个
- name:要管理的包名
- state:要进行的操作
state常用的值:
- latest:安装软件
- installed:安装软件
- present:安装软件
- removed:卸载软件
- absent:卸载软件
若想使用yum来管理软件,请确保受控机上的yum源无异常
//在受控机上查询看vsftpd软件是否安装
[root@yc1]# ansible all -a 'rpm 一q vsftpd'
[WARNING] : Consider using the yum, dnf or zypper module rather than
running
'rpm'. If you need to use command because yum, dnf or zypper is ins
ufficient
you can add 'warn: false' to this command task or set ' command warni
ngs= =False '
in ansible.cfg to get rid of this message.
yc2| FAILED| rc=1 >>
package vsftpd is not installednon- zero return code
//在yc1上使用yum模块在yc2上安装vsftpd
[root@yc1]# ansible all -m yum -a ' name =vsftpd state=present
yc2| SUCCESS => {
"ansible_ _facts": {
"discovered_ interpreter_ _python": "/us r/libexec/platform-pyth
on"
},
'changed": false,
"msg": "Nothing to do",
"rc": 0,
"results": []
}
ansible常用模块之copy
copy模块用于复制文件至远程受控机。
[root@yc1]# ansible all -m copy -a 'src=templates/hosts.j2 dest=/tmp/hehe
yc2 | CHANGED = :> {
"ansible_ _facts": {
"discovered_ interpreter_ python": "/usr/libexec/platform-pyth
on"
},
'changed": true,
"checksum": "c523fe980a46bfd6a440979f07fd930efb99df54",
"dest": "/tmp/hehe",
"gid": 0,
'group": "root" ,
"md5sum": " ea8e96f77 c03a752afffa6ecbaae1d18",
"mode": "0644" ,
' owner": " root"
"size": 187,
'src": "/root/ . ansible/tmp/ansible- -tmp- -1609922483.7490127-2768 -150814463202178/ source",
"state": "file"
"uid": 0
}
[root@yc1] # ansible all -a 'ls /tmp'
yc2| CHANGED| rc: =0 > >
anaconda-ks。cfg
ansible_ command_ _payload_ _ohqv_ rcr
ansible_ .command_ .payload_ vj q20vav
hehe
ip. txt
vmware- -root_ 914- 2689209517
vmware- root_ 922- -2722632355
vmware- - root_ 926- -2731217702
ansible常用模块之group
group模块用于在受控机上添加或删除组。
[root@yc1]# ansible all -m command -a 'grep runtime /etc/group'
yc2| CHANGED| rc= =0 > >
runtime:x:2002:
[root@yc1] # ansible all -m group -a 'name= runtime state=absent'
yc2| CHANGED : =>{
"ansible_ facts": {
"discovered_ _interpreter_ python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "runtime",
"state": "absent"
}
ansible常用模块之service
service模块用于管理受控机上的服务。
//查看受控机上的vsftpd服务是否启动
[root@yc1 ~]# ansible yc2 -m shell -a 'systemctl is-active vsftpd'
yc2 | FAILED | rc=3 >>
unknownnon-zero return code
//启动受控机上的vsftpd服务
[root@yc1 ~]# ansible yc2 -m service -a 'name=vsftpd state=started'
yc2 | SUCCESS => {
"changed": true,
"name": "vsftpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
......
}
//查看受控机上的vsftpd服务是否启动
[root@yc1 ~]# ansible yc2 -m shell -a 'systemctl is-active vsftpd'
yc2 | SUCCESS | rc=0 >>
active
//查看受控机上的vsftpd服务是否开机自动启动
[root@yc1 ~]# ansible yc2 -m shell -a 'systemctl is-enabled vsftpd'
yc2 | FAILED | rc=1 >>
disablednon-zero return code
//设置受控机上的vsftpd服务开机自动启动
[root@yc1 ~]# ansible yc2 -m service -a 'name=vsftpd enabled=yes'
yc2 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "vsftpd",
"status": {
"ActiveEnterTimestamp": "6 2021-01-07 02:02:39 EDT",
......
}
//查看受控机上的vsftpd服务是否开机自动启动
[root@yc1 ~]# ansible yc2 -m shell -a 'systemctl is-enabled vsftpd'
yc2 | SUCCESS | rc=0 >>
enabled
//停止受控机上的vsftpd服务
[root@yc1 ~]# ansible yc2 -m service -a 'name=vsftpd state=stopped'
yc2 | SUCCESS => {
"changed": true,
"name": "vsftpd",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "6 2021-01-07 00:03:45 EDT",
......
}
[root@yc1 ~]# ansible yc2 -m shell -a 'systemctl is-active vsftpd'
yc2 | FAILED | rc=3 >>
inactivenon-zero return code
作业
弄4台主机,其中一台装ansible,其余三台分别部署nginx、mysql、php,实现lnmp架构
主控机ip:
192.168.23.132 name=yc1
受控机ip:
192.168.23.133 name=yc2 httpd
192.168.23.134 name=yc3 mysql
192.168.23.135 name=yc4 php
//设置三台受控机免密登录
[root@yc1 ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.23.132 yc1
192.168.23.133 yc2
192.168.23.134 yc3
192.168.23.135 yc4
[root@yc1 ~]# ssh-copy-id root@192.168.23.133
[root@yc1 ~]# ssh-copy-id root@192.168.23.134
[root@yc1 ~]# ssh-copy-id root@192.168.23.135
[root@yc1 ~]# vi /etc/ansible/inventory
yc2
yc3
yc4
HTTPD的配置与安装
//给yc2配置yum源和下载相关依赖包
[root@yc1 ~]# ansible all -m copy -a 'src=/etc/yum.repos.d/ dest=/etc/yum.repos.d/'
[root@yc1 rpm-gpg]# ansible all -m copy -a 'src=/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8'
[root@yc1 ~]# ansible all -m yum -a 'name=wget,bzip2,gcc,gcc-c++,make,pcre-devel,expat-devel,libxml2-devel,openssl-devel state=present'
[root@yc1 ~]# ansible yc2 -m shell -a 'cd ~ && wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.46.tar.bz2'
[root@yc1 ~]# ansible yc2 -m shell -a 'cd ~ && wget https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.7.0.tar.gz'
[root@yc1 ~]# ansible yc2 -m shell -a 'cd ~ && wget https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz'
[root@yc1 ~]# ansible yc2 -m shell -a 'cd ~ && tar xf httpd-2.4.46.tar.bz2'
[root@yc1 ~]# ansible yc2 -m shell -a 'cd ~ && tar xf apr-1.7.0.tar.gz'
[root@yc1 ~]# ansible yc2 -m shell -a 'cd ~ && tar xf apr-util-1.6.1.tar.gz'
//安装apr
[root@yc1 ~]# ansible yc2 -m shell -a 'cd apr-1.7.0 && ./configure --prefix=/usr/local/apr'
[root@yc1 ~]# ansible yc2 -m shell -a 'cd apr-1.7.0 && make && make install'
//安装apr-util
[root@yc1 ~]# ansible yc2 -m shell -a 'cd apr-util-1.6.1 && ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr'
[root@yc1 ~]# ansible yc2 -m shell -a 'cd apr-util-1.6.1 && make && make install'
//安装http
[root@yc1 ~]# ansible yc2 -m shell -a 'yum -y groups mark install "Development Tools" '
[root@yc1 ~]# ansible yc2 -m user -a 'name=apache system=yes create_home=no shell=/sbin/nologin state=present'
[root@yc1 ~]# ansible yc2 -m shell -a 'cd httpd-2.4.46 && ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork'
[root@yc1 ~]# ansible yc2 -m shell -a 'cd httpd-2.4.46 && make && make install'
//设置环境变量
[root@yc1 ~]# ansible yc2 -m shell -a 'echo "export PATH=/usr/local/apache/bin:$PATH" > /etc/profile.d/httpd.sh'
[root@yc1 ~]# ansible yc2 -m shell -a 'source /etc/profile.d/httpd.sh'
//设置软链接
[root@yc1 ~]# ansible yc2 -m shell -a 'cd /usr/local && ln -s /usr/local/apache/include /usr/include/apache'
//设置帮助文档
[root@yc1 ~]# ansible all -m copy -a 'src=/etc/man_db.conf dest=/etc/man_db.conf'
//启动服务
[root@yc1 ~]# ansible yc2 -m shell -a '/usr/local/apache/bin/apachectl start'