1. ansible常用模块使用详解
ansible常用模块有:
- ping
- yum
- template
- copy
- user
- group
- service
- raw
- command
- shell
- script
ansible常用模块raw、command、shell的区别:
- shell模块调用的/bin/sh指令执行
- command模块不是调用的shell的指令,所以没有bash的环境变量
- raw很多地方和shell类似,更多的地方建议使用shell和command模块。但是如果是使用老版本python,需要用到raw,又或者是客户端是路由器,因为没有安装python模块,那就需要使用raw模块了
1.ping 模块
ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong
[root@T1 ansible]# ansible all -m ping T2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } yes T3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } yes T4 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" }
2.command 模块
command模块用于在远程主机上执行命令,ansible默认就是使用command模块。
command模块有一个缺陷就是不能使用管道符和重定向功能。
[root@T1 ansible]# ansible T2 -a 'ls /tmp' //远程查看T2主机的/tmp下的内容 T2 | CHANGED | rc=0 >> ansible_command_payload_pc9897wd hsperfdata_root ks-script-29if2073 systemd-private-b04e284da352494bbd5f3fe9b83654b3-chronyd.service-2txGKg systemd-private-b04e284da352494bbd5f3fe9b83654b3-httpd.service-UkE8xj vmware-root_839-3979774022 vmware-root_853-4022308820 vmware-root_854-2697532808 vmware-root_862-2731217798 vmware-root_863-3980167256 [root@T1 ansible]#
[root@T1 ansible]# ansible T2 -a 'touch /tmp/abc' //远程在T2主机上的/tmp目录下创建abc文件 T2 | CHANGED | rc=0 >> [root@T1 ansible]# ansible T2 -a 'ls /tmp' T2 | CHANGED | rc=0 >> abc ansible_command_payload_bcejjgl8 hsperfdata_root ks-script-29if2073 systemd-private-b04e284da352494bbd5f3fe9b83654b3-chronyd.service-2txGKg systemd-private-b04e284da352494bbd5f3fe9b83654b3-httpd.service-UkE8xj vmware-root_839-3979774022 vmware-root_853-4022308820 vmware-root_854-2697532808 vmware-root_862-2731217798 vmware-root_863-3980167256 [root@T1 ansible]#
[root@T1 ansible]# ansible T2 -a "echo 123456 >/tmp/abc" //这模块不支持重定向 T2 | CHANGED | rc=0 >> 123456 >/tmp/abc [root@T1 ansible]# ansible T2 -a "cat /tmp/abc" T2 | CHANGED | rc=0 >>
[root@T1 ansible]# [root@T1 ansible]# ansible T2 -a 'ls /etc/passwd' //模块也不支持管道符 T2 | CHANGED | rc=0 >> /etc/passwd [root@T1 ansible]# ansible T2 -a 'cat /etc/passwd|grep sbin' T2 | FAILED | rc=2 >> ls: 无法访问'/etc/passwd|grep': 没有那个文件或目录 ls: 无法访问'sbin': 没有那个文件或目录non-zero return code [root@T1 ansible]#
3.raw 模块
raw模块用于在远程主机上执行命令,其支持管道符与重定向
[root@T1 ansible]# ansible T2 -m raw -a 'echo "123"> /tmp/abc' T2 | CHANGED | rc=0 >> Shared connection to t2 closed. [root@T1 ansible]# ansible T2 -m raw -a 'cat /tmp/abc' T2 | CHANGED | rc=0 >> 123 Shared connection to t2 closed.
[root@T1 ansible]# ansible T2 -m raw -a 'cat /etc/passwd|grep sbin' T2 | CHANGED | rc=0 >> bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin polkitd:x:998:996:User for polkitd:/:/sbin/nologin unbound:x:997:995:Unbound DNS resolver:/etc/unbound:/sbin/nologin sssd:x:996:993:User for sssd:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin chrony:x:995:992::/var/lib/chrony:/sbin/nologin apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/sbin/nologin Shared connection to t2 closed. [root@T1 ansible]#
4.shell 模块
shell模块用于在受控机上执行受控机上的脚本,亦可直接在受控机上执行命令。
shell模块亦支持管道与重定向。
[root@T2 ~]# ls /test //查看T2主机上的脚本 test.sh
[root@T2 ~]# cat /test/test.sh
#!/bin/bash
/usr/bin/echo hehe
[root@T1 ansible]# ansible T2 -m shell -a '/bin/bash /test/test.sh &> /test/abc' //执行脚本 T2 | CHANGED | rc=0 >> [root@T1 ansible]# ansible T2 -a 'cat /test/abc' //输出 T2 | CHANGED | rc=0 >> hehe [root@T1 ansible]#
5.script 模块
script模块用于在受控机上执行主控机上的脚本
[root@T1 ansible]# cat /scripts/scripts.sh //查看主机上的脚本 #!/bin/bash /usr/bin/echo xixi [root@T1 ansible]# [root@T1 ansible]# ansible T2 -m script -a '/scripts/scripts.sh >/a' T2 | CHANGED => { "changed": true, "rc": 0, "stderr": "Shared connection to t2 closed. ", "stderr_lines": [ "Shared connection to t2 closed." ], "stdout": "", "stdout_lines": [] } [root@T1 ansible]# ansible T2 -a 'cat /a' T2 | CHANGED | rc=0 >> xixi [root@T1 ansible]#
6.template 脚本
template模块用于生成一个模板,并可将其传输至远程主机上。
[root@T1 ansible]# ls /etc/yum.repos.d/ CentOS-Base.repo epel-playground.repo epel-testing-modular.repo redhat.repo epel-modular.repo epel.repo epel-testing.repo xx.repo //准备一个Centos7的源 [root@T1 ansible]# cd /etc/yum.repos.d/ [root@T1 yum.repos.d]# curl -o CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1572 100 1572 0 0 5292 0 --:--:-- --:--:-- --:--:-- 5292 [root@T1 yum.repos.d]# sed -i 's/$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo [root@T1 yum.repos.d]# sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo //丢到T2的/etc/yum.repos.d下面叫/163.repo [root@T1 yum.repos.d]# ansible T2 -m template -a 'src=/etc/yum.repos.d/CentOS7-Base-163.repo dest=/etc/yum.repos.d/163.repo' T2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "checksum": "60b8868e0599489038710c45025fc11cbccf35f2", "dest": "/etc/yum.repos.d/163.repo", "gid": 0, "group": "root", "md5sum": "5a3e688854d9ceccf327b953dab55b21", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:system_conf_t:s0", "size": 1462, "src": "/root/.ansible/tmp/ansible-tmp-1609933562.5860033-2302-183663223930972/source", "state": "file", "uid": 0 } //看一下过去没 [root@T2 ~]# ls /etc/yum.repos.d/ 163.repo redhat.repo
7.yum 模块
yum模块用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个
- name:要管理的包名
- state:要进行的操作
state常用的值:
- latest:安装软件
- installed:安装软件
- present:安装软件
- removed:卸载软件
- absent:卸载软件
若想使用yum来管理软件,请确保受控机上的yum源无异常。
[root@T2 ~]# rpm -qa |grep vsftpd //确保T2上没有vsftpd服务
[root@T1 ~]# ansible all -m yum -a 'name=zsh state=present' //安装zsh到其他主机上
T1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: zsh-5.5.1-6.el8_1.2.x86_64"
]
}
T2 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: zsh-5.5.1-6.el8_1.2.x86_64"
]
}
T4 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: zsh-5.5.1-6.el8_1.2.x86_64"
]
}
T3 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: zsh-5.5.1-6.el8_1.2.x86_64"
]
}
[root@T2 ~]# rpm -qa |grep zsh //验证
zsh-5.5.1-6.el8_1.2.x86_64
8.copy 模块
[root@T1 ~]# ansible all -m copy -a 'src=/etc/yum.repos.d/ dest=/etc/yum.repos.d ' //把T1上的源copy到其他主机上 T3 | CHANGED => { "changed": true, "dest": "/etc/yum.repos.d/", "src": "/etc/yum.repos.d/" } T4 | CHANGED => { "changed": true, "dest": "/etc/yum.repos.d/", "src": "/etc/yum.repos.d/" } T2 | CHANGED => { "changed": true, "dest": "/etc/yum.repos.d/", "src": "/etc/yum.repos.d/" } T1 | SUCCESS => { "changed": false, "dest": "/etc/yum.repos.d/", "src": "/etc/yum.repos.d/" } [root@T2 ~]# ls /etc/yum.repos.d/ //检查 CentOS-Base.repo redhat.repo
9.group 模块
group模块用于在受控机上添加或删除组。
//在受控机上添加一个系统组,其gid为306,组名为mysql [root@T1 ~]# ansible T2 -m group -a 'name=mysql gid=306 state=present > ' T2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "gid": 306, "name": "mysql", "state": "present", "system": false } [root@T1 ~]# ansible T2 -m shell -a 'grep mysql /etc/group' T2 | CHANGED | rc=0 >> mysql:x:306: //删除受控机上的mysql组 [root@T1~]# ansible T2 -m group -a 'name=mysql state=absent' T2 | SUCCESS => { "changed": true, "name": "mysql", "state": "absent" } [root@T1 ~]# ansible T2 -m shell -a 'grep mysql /etc/group' T2 | FAILED | rc=1 >> non-zero return code
10.user 模块
user模块用于管理受控机的用户帐号。
//在受控机上添加一个系统用户,用户名为abc,uid为101,设置其shell为/sbin/nologin,无家目录 [root@T1 ~]# ansible T2 -m user -a 'name=abc uid=101 system=yes create_home=no shell=/sbin/nologin state=present > ' T2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "comment": "", "create_home": false, "group": 101, "home": "/home/abc", "name": "abc", "shell": "/sbin/nologin", "state": "present", "system": true, "uid": 101 } [root@T1 ~]# ansible T2 -m shell -a 'grep mysql /etc/passwd' T2 | CHANGED | rc=0 >> mysql:x:27:306:MySQL Server:/var/lib/mysql:/sbin/nologin [root@T1 ~]# ansible T2 -m shell -a 'ls /home' T2 | CHANGED | rc=0 >> tom [root@T1 ~]# //修改abcl用户的uid为111 [root@T1 ~]# ansible T2 -m user -a 'name=abc uid=111' T2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "append": false, "changed": true, "comment": "", "group": 101, "home": "/home/abc", "move_home": false, "name": "abc", "shell": "/sbin/nologin", "state": "present", "uid": 111 } [root@T1 ~]# ansible T2 -m shell -a 'grep abc /etc/passwd' T2 | CHANGED | rc=0 >> abc:x:111:101::/home/abc:/sbin/nologin //删除abc [root@T1 ~]# ansible T2 -m user -a 'name=abc state=absent' T2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "force": false, "name": "abc", "remove": false, "state": "absent" } [root@T1 ~]# ansible T2 -m shell -a 'grep abc /etc/passwd' T2 | FAILED | rc=1 >> non-zero return code [root@T1 ~]#
11.service 模块
service模块用于管理受控机上的服务。
//查看受控机上的httpd服务是否启动 [root@T1 ~]# ansible T3 -m shell -a 'systemctl is-active httpd' T3 | FAILED | rc=3 >> inactivenon-zero return code [root@T1 ~]# ansible T3 -m service -a 'name=httpd state=started' //启动httpd T3 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "name": "httpd", "state": "started", "status": { ....//省略 [root@T1 ~]# ansible T3 -m shell -a 'systemctl is-active httpd' //查看服务起来没 T3 | CHANGED | rc=0 >> active [root@T1 ~]# ansible T3 -m shell -a 'systemctl is-enabled httpd' //查看httpd是不是开机自启状态。我这里已经有开机自启,但是不影响命令的使用 T3 | CHANGED | rc=0 >> enabled [root@T1 ~]# ansible T3 -m service -a 'name=httpd enabled=yes' //设置httpd开机自启 T3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "enabled": true, "name": "httpd", ....//省略 [root@T1 ~]# ansible T3 -m service -a 'name=httpd state=stopped' //关闭httpd服务 T3 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "name": "httpd", "state": "stopped", "status": { ..//省略 //验证 [root@T1 ~]# ansible T3 -m shell -a 'systemctl is-active httpd' T3 | FAILED | rc=3 >> inactivenon-zero return code [root@T1 ~]# ansible T3 -m shell -a 'ss -antl' T3 | CHANGED | rc=0 >> State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 [::]:22 [::]:* [root@T1 ~]#