zoukankan      html  css  js  c++  java
  • ANSIBLE安装和常用模块模块使用详细教程

    ANSIBLE安装和各种模块应用功能

    安装配置ANSIBLE

    1. 下载ANSIBLE
    [root@ansible ~]#yum install ansible
    
    1. 确认安装
    [root@ansible ~]#ansible --version
    ansible 2.9.1
      config file = /etc/ansible/ansible.cfg
      configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
      ansible python module location = /usr/lib/python2.7/site-packages/ansible
      executable location = /usr/bin/ansible
      python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
    
    1. 修改主机清单文件(添加要管理的主机)
    [root@ansible ~]#vim /etc/ansible/hosts
    [websrvs]
    192.168.39.27
    192.168.39.37
    192.168.39.47
    
    [appsrvs]
    192.168.39.57
    192.168.39.77
    192.168.39.8
    
    1. ANSIBLE选项使用
    # ansible-doc 查看各种模块帮助
    [root@ansible ~]#ansible-doc ping 
    > PING    (/usr/lib/python2.7/site-packages/ansible/modules/system/ping.py)
    
            A trivial test module, this module always returns `pong' on
            successful contact. It does not make sense in playbooks, but
            it is useful from `/usr/bin/ansible' to verify the ability to
            login and that a usable Python is configured. This is NOT ICMP
            ping, this is just a trivial test module that requires Python
            on the remote-node. For Windows targets, use the [win_ping]
            module instead. For Network targets, use the [net_ping] module
            instead.
    
      * This module is maintained by The Ansible Core Team
    OPTIONS (= is mandatory):
    
    - data
            Data to return for the `ping' return value.
            If this parameter is set to `crash', the module will cause an
            exception.
            [Default: pong]
            type: str
    
    
    SEE ALSO:
          * Module net_ping
               The official documentation on the net_ping module.
               https://docs.ansible.com/ansible/2.9/modules/net_ping
            _module.html
          * Module win_ping
               The official documentation on the win_ping module.
               https://docs.ansible.com/ansible/2.9/modules/win_ping
            _module.html
    
    
    AUTHOR: Ansible Core Team, Michael DeHaan
            METADATA:
              status:
              - stableinterface
              supported_by: core
    
    # -s 简单帮助
    [root@ansible ~]#ansible-doc -s ping
    - name: Try to connect to host, verify a usable python and return `pong' on success
      ping:
          data:                  # Data to return for the `ping' return value. If this
                                   parameter is set to
                                   `crash', the module
                                   will cause an
                                   exception.
    
    # -m 调用指定模块
    [root@ansible ~]#ansible websrvs -m ping   # 这样调用是链接不上的
    The authenticity of host '192.168.39.37 (192.168.39.37)' can't be established.
    ECDSA key fingerprint is SHA256:vYJfaHhadE2ci7V5WRkZJ6iDUkQFzoZPmny56D9qKfI.
    ECDSA key fingerprint is MD5:22:72:17:9a:a8:93:1a:02:d8:09:17:f4:85:fe:b3:f5.
    Are you sure you want to continue connecting (yes/no)? The authenticity of host '192.168.39.47 (192.168.39.47)' can't be established.
    ECDSA key fingerprint is SHA256:vYJfaHhadE2ci7V5WRkZJ6iDUkQFzoZPmny56D9qKfI.
    ECDSA key fingerprint is MD5:22:72:17:9a:a8:93:1a:02:d8:09:17:f4:85:fe:b3:f5.
    Are you sure you want to continue connecting (yes/no)? The authenticity of host '192.168.39.27 (192.168.39.27)' can't be established.
    ECDSA key fingerprint is SHA256:vYJfaHhadE2ci7V5WRkZJ6iDUkQFzoZPmny56D9qKfI.
    ECDSA key fingerprint is MD5:22:72:17:9a:a8:93:1a:02:d8:09:17:f4:85:fe:b3:f5.
    Are you sure you want to continue connecting (yes/no)? yes
    192.168.39.37 | UNREACHABLE! => {
        "changed": false, 
        "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.39.37' (ECDSA) to the list of known hosts.
    Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
        "unreachable": true
    }
    yes
    192.168.39.47 | UNREACHABLE! => {
        "changed": false, 
        "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.39.47' (ECDSA) to the list of known hosts.
    Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
        "unreachable": true
    }
    yes
    192.168.39.27 | UNREACHABLE! => {
        "changed": false, 
        "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.39.27' (ECDSA) to the list of known hosts.
    Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
        "unreachable": true
    }
    
    
    # -k 提示输入密码(密码都一样的话这样链接可以都链接成功(最好都是基于key验证))
    [root@ansible ~]#ansible websrvs -k  -m ping
    SSH password: 
    192.168.39.27 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    192.168.39.37 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    192.168.39.47 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    
    1. 做key验证链接
    • 使用sshpass实现key验证
    [root@ansible ~]#yum install sshpass -y  # 使用这个工具批量实现key验证
    
    # 使用口令提交直接查看远程主机信息
    [root@ansible ~]#sshpass -p 123456 ssh 192.168.39.27 cat /etc/redhat-release 
    CentOS Linux release 7.6.1810 (Core) 
    [root@ansible ~]#sshpass -p 123456 ssh 192.168.39.37 cat /etc/redhat-release 
    CentOS Linux release 7.6.1810 (Core) 
    [root@ansible ~]#sshpass -p 123456 ssh 192.168.39.47 cat /etc/redhat-release 
    CentOS Linux release 7.6.1810 (Core) 
    
    [root@ansible ~]#ll ~/.ssh/  # 查看一下有生成的key的公钥私钥吗?
    total 4
    -rw-r--r-- 1 root root 525 Dec  4 19:49 known_hosts
    [root@ansible ~]#ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:Xnbwv9kYkG8B9B9q4LbUDT2m8SsJn2K5YfzuYXDiFqk root@ansible
    The key's randomart image is:
    +---[RSA 2048]----+
    |            .    |
    |           . ..  |
    |          ...o.= |
    |          .o+oO.o|
    |        S oX=*.o.|
    |       . o*.@+o..|
    |        .E @ B=. |
    |          + *.o* |
    |           .o++ .|
    +----[SHA256]-----+
    
    [root@ansible ~]#ll ~/.ssh/   # 查看一下公钥私钥对生成成功
    total 12
    -rw------- 1 root root 1675 Dec  4 20:07 id_rsa
    -rw-r--r-- 1 root root  394 Dec  4 20:07 id_rsa.pub
    -rw-r--r-- 1 root root  525 Dec  4 19:49 known_hosts
    
    • 使用for循环来进行批量部署key验证
    # 因为之前连过三台机子所以连接过的配置成功了
    [root@ansible ~]#NET=192.168.39;for i in 7 27 37 47 57 77 8 ;do sshpass -p 123456 ssh-copy-id $NET.$i ;done
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh '192.168.39.27'"
    and check to make sure that only the key(s) you wanted were added.
    
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh '192.168.39.37'"
    and check to make sure that only the key(s) you wanted were added.
    
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh '192.168.39.47'"
    and check to make sure that only the key(s) you wanted were added.
    
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    
    
    • 修改配置文件来进行key验证
    # 在第一次远程连接的时候都会有一个提示就是输入yes/no(这个选项会影响第一次连接的服务器配置key所以在配置文件里修改一个选项来绕过这步)
    [root@ansible ~]#vim /etc/ssh/ssh_config 
    
    # Host *
    #   ForwardAgent no
    #   ForwardX11 no
    #   RhostsRSAAuthentication no
    #   RSAAuthentication yes
    #   PasswordAuthentication yes
    #   HostbasedAuthentication no
    #   GSSAPIAuthentication no
    #   GSSAPIDelegateCredentials no
    #   GSSAPIKeyExchange no
    #   GSSAPITrustDNS no
    #   BatchMode no
    #   CheckHostIP yes
    #   AddressFamily any
    #   ConnectTimeout 0
     StrictHostKeyChecking no  # 这一项本来是注释掉的,去掉注释在后面改为no就可以了
    #   IdentityFile ~/.ssh/identity
    #   IdentityFile ~/.ssh/id_rsa
    #   IdentityFile ~/.ssh/id_dsa
    #   IdentityFile ~/.ssh/id_ecdsa
    #   IdentityFile ~/.ssh/id_ed25519
    #   Port 22
    
    • 再次进行配置(之前配置好的不会在配置)
    [root@ansible ~]#NET=192.168.39;for i in 7 27 37 47 57 77 8 ;do sshpass -p 123456 ssh-copy-id $NET.$i ;done
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh '192.168.39.7'"  # 本机也要发一个key验证
    and check to make sure that only the key(s) you wanted were added.
    
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    
    /usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
    		(if you think this is a mistake, you may want to use -f option)
    
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    
    /usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
    		(if you think this is a mistake, you may want to use -f option)
    
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    
    /usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
    		(if you think this is a mistake, you may want to use -f option)
    
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh '192.168.39.57'"
    and check to make sure that only the key(s) you wanted were added.
    
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh '192.168.39.77'"
    and check to make sure that only the key(s) you wanted were added.
    
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh '192.168.39.8'"
    and check to make sure that only the key(s) you wanted were added.
    
    • 以上key验证就部署好了(测试一下能否连接)
    [root@ansible ~]#ssh 192.168.39.8
    Activate the web console with: systemctl enable --now cockpit.socket
    
    Last login: Thu Dec  5 03:22:37 2019 from 192.168.39.1
    [root@centos8 ~]#exit
    logout
    Connection to 192.168.39.8 closed.
    
    # 不用再输入密码(-p -k 都不用加了)
    [root@ansible ~]#ansible websrvs -m ping
    192.168.39.47 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    192.168.39.37 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    192.168.39.27 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    [root@ansible ~]#ansible appsrvs -m ping
    192.168.39.8 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/libexec/platform-python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    192.168.39.57 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    192.168.39.77 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    
    

    ANSIBLE使用

    1. 查看ansible管理所有主机
    [root@ansible ~]#ansible all --list-host
      hosts (6):
        192.168.39.57
        192.168.39.77
        192.168.39.8
        192.168.39.27
        192.168.39.37
        192.168.39.47
    
    1. 使用ansible访问其他用户
    [root@ansible ~]#ansible websrvs -u yang -m ping  # 因为yang这个账户没有做过key验证所以无法访问
    192.168.39.27 | UNREACHABLE! => {
        "changed": false, 
        "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
        "unreachable": true
    }
    192.168.39.47 | UNREACHABLE! => {
        "changed": false, 
        "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
        "unreachable": true
    }
    192.168.39.37 | UNREACHABLE! => {
        "changed": false, 
        "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
        "unreachable": true
    }
    
    # 想访问还是加-k来提示输入密码访问
    [root@ansible ~]#ansible websrvs -u yang -k -m ping
    SSH password: 
    192.168.39.37 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    192.168.39.47 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    192.168.39.27 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    
    1. 测试所有主机连接
    [root@ansible ~]#ansible all -m ping
    192.168.39.57 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    .....(省略)
    192.168.39.47 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    
    [root@ansible ~]#ansible '*' -m ping  # 这个是一样的效果
    192.168.39.57 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    .....(省略)
    192.168.39.47 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    
    [root@ansible ~]#ansible "192.168.39.*" -m ping  # 这个是指这个网段的所有主机
    192.168.39.57 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    .....(省略)
    192.168.39.47 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    
    # 加-v显示详细信息加的v越多显示越详细最多三个
    [root@ansible ~]#ansible websrvs -m ping -v
    Using /etc/ansible/ansible.cfg as config file
    192.168.39.37 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    192.168.39.47 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    192.168.39.27 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    [root@ansible ~]#ansible websrvs -m ping -vv
    ansible 2.9.1
      config file = /etc/ansible/ansible.cfg
      configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
      ansible python module location = /usr/lib/python2.7/site-packages/ansible
      executable location = /usr/bin/ansible
      python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
    Using /etc/ansible/ansible.cfg as config file
    META: ran handlers
    192.168.39.47 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    192.168.39.37 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    192.168.39.27 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    META: ran handlers
    META: ran handlers
    
    
    1. ansible颜色显示定义
      在这里插入图片描述
    • 修改颜色定义文件
    [root@ansible ~]#vim /etc/ansible/ansible.cfg
    [root@ansible ~]#grep -A 14 '[colors]' /etc/ansible/ansible.cfg  # 使用grep查找colors下面的是定义颜色的
    [colors]
    #highlight = white
    #verbose = blue
    #warn = bright purple
    #error = red
    #debug = dark gray
    #deprecate = purple
    #skip = cyan
    #unreachable = red
    #ok = green
    #changed = yellow
    #diff_add = green
    #diff_remove = red
    #diff_lines = cyan
    
    # 绿色:执行成功并且不需要做改变的操作
    # 黄色:执行成功并且对目标主机做变更
    # 红色:执行失败
    

    ansible-galaxy工具

    此工具会连接 https://galaxy.ansible.com 下载相应的roles
    范例:

    [root@ansible ~]#ansible-galaxy install geerlingguy.redis
    - downloading role 'redis', owned by geerlingguy
    - downloading role from https://github.com/geerlingguy/ansible-role-redis/archive/1.6.0.tar.gz
    - extracting geerlingguy.redis to /root/.ansible/roles/geerlingguy.redis
    - geerlingguy.redis (1.6.0) was installed successfully
    [root@ansible ~]#ansible-galaxy list
    # /root/.ansible/roles
    - geerlingguy.redis, 1.6.0
    # /usr/share/ansible/roles
    # /etc/ansible/roles
    [root@ansible ~]#ansible-galaxy remove geerlingguy.redis
    - successfully removed geerlingguy.redis
    [root@ansible ~]#ansible-galaxy list
    # /root/.ansible/roles
    # /usr/share/ansible/roles
    # /etc/ansible/roles
    
    #列出所有已安装的galaxy
    ansible-galaxy list
    #安装galaxy
    ansible-galaxy install geerlingguy.redis
    #删除galaxy
    ansible-galaxy remove geerlingguy.redis
    

    ansible-pull工具

    此工具会推送ansible的命令至远程,效率无限提升,对运维要求较高
    

    ansible-playbook

    此工具用于执行编写好的playbook任务
    

    范例:

    [root@ansible ~]#ansible-playbook hello.yml 
    [root@ansible ~]#cat hello.yml
    ---
    #hello world yml file
    - hosts: websrvs 
      remote_user: root 
      tasks:
        - name: hello world
          command: /usr/bin/wall hello world
    
    

    ansible常用模块

    Command 模块

    功能:在远程主机执行命令,此为默认模块,可忽略-m选项
    注意:此命令不支持 $VARNAME < > | ; & 等,用shell模块实现
    
    [root@ansible ~]#ansible websrvs -m command -a 'cat /etc/redhat-release'
    192.168.39.37 | CHANGED | rc=0 >>
    CentOS Linux release 7.6.1810 (Core) 
    
    192.168.39.27 | CHANGED | rc=0 >>
    CentOS Linux release 7.6.1810 (Core) 
    
    192.168.39.47 | CHANGED | rc=0 >>
    CentOS Linux release 7.6.1810 (Core) 
    
    [root@ansible ~]#ansible websrvs -a 'cat /etc/redhat-release'  # 默认模块为command可以不用写
    192.168.39.37 | CHANGED | rc=0 >>
    CentOS Linux release 7.6.1810 (Core) 
    
    192.168.39.47 | CHANGED | rc=0 >>
    CentOS Linux release 7.6.1810 (Core) 
    
    192.168.39.27 | CHANGED | rc=0 >>
    CentOS Linux release 7.6.1810 (Core)
    
    
    [root@ansible ~]#ansible websrvs -a 'chdir=/etc cat redhat-release' # 指定目录进入,之后不需要写全部路径
    192.168.39.37 | CHANGED | rc=0 >>
    CentOS Linux release 7.6.1810 (Core) 
    
    192.168.39.27 | CHANGED | rc=0 >>
    CentOS Linux release 7.6.1810 (Core) 
    
    192.168.39.47 | CHANGED | rc=0 >>
    CentOS Linux release 7.6.1810 (Core) 
    
    # 测试command模块判断执行
    # 在两台主机建立两个文件测试
    [root@centos27 ~]#touch /data/test.txt
    [root@centos37 ~]#touch /data/test.txt
    
    # 目标主机建立过文件的两个主机执行另一个不执行
    [root@ansible ~]#ansible websrvs -a 'creates=/data/test.txt ls /data'
    192.168.39.27 | SUCCESS | rc=0 >>
    skipped, since /data/test.txt exists     
    
    192.168.39.37 | SUCCESS | rc=0 >>
    skipped, since /data/test.txt exists
    
    192.168.39.47 | CHANGED | rc=0 >>
    log.tar.bz2
    
    • 可以用linux命令执行
    [root@ansible ~]#ansible websrvs -a 'useradd jack'   # 利用useradd建立一个用户
    192.168.39.47 | CHANGED | rc=0 >>
    
    
    192.168.39.27 | CHANGED | rc=0 >>
    
    
    192.168.39.37 | CHANGED | rc=0 >>
    
    [root@ansible ~]#ansible websrvs -a 'getent passwd jack' 
    192.168.39.47 | CHANGED | rc=0 >>
    jack:x:1001:1001::/home/jack:/bin/bash
    
    192.168.39.27 | CHANGED | rc=0 >>
    jack:x:1001:1001::/home/jack:/bin/bash
    
    192.168.39.37 | CHANGED | rc=0 >>
    jack:x:1001:1001::/home/jack:/bin/bash
    
    
    [root@centos27 ~]#grep jack /etc/passwd
    jack:x:1001:1001::/home/jack:/bin/bash
    
    [root@centos37 ~]#grep jack /etc/passwd
    jack:x:1001:1001::/home/jack:/bin/bash
    
    [root@centos47 ~]#grep jack /etc/passwd
    jack:x:1001:1001::/home/jack:/bin/bash
    
    • 但是这个模块也有的命令不支持
    [root@ansible ~]#ansible websrvs -a 'echo centos | passwd --stdin jack'  # 使用管道设置密码
    192.168.39.47 | CHANGED | rc=0 >>
    centos | passwd --stdin jack
    
    192.168.39.27 | CHANGED | rc=0 >>
    centos | passwd --stdin jack
    
    192.168.39.37 | CHANGED | rc=0 >>
    centos | passwd --stdin jack
    
    # 没有密码,证明没设置。(不支持管道符“|”)
    [root@centos27 ~]#grep jack /etc/shadow
    jack:!!:18235:0:99999:7:::
    
    
    # $也不可以使用
    [root@ansible ~]#ansible websrvs -a "echo $HOSTNAME"  # 查看的都是本机的变量
    192.168.39.37 | CHANGED | rc=0 >>
    ansible
    
    192.168.39.47 | CHANGED | rc=0 >>
    ansible
    
    192.168.39.27 | CHANGED | rc=0 >>
    ansible
    
    [root@ansible ~]#ansible websrvs -a "echo $UID"    
    192.168.39.47 | CHANGED | rc=0 >>
    0
    
    192.168.39.37 | CHANGED | rc=0 >>
    0
    
    192.168.39.27 | CHANGED | rc=0 >>
    0
    
    
    • 重定向也不支持
      在这里插入图片描述

    shell模块

    • shell模块简单说明
    [root@ansible ~]#ansible-doc -s shell
    - name: Execute shell commands on targets
      shell:
          chdir:                 # Change into this directory before running the command.
          cmd:                   # The command to run followed by optional arguments.
          creates:               # A filename, when it already exists, this step will
                                   *not* be run.
          executable:            # Change the shell used to execute the command. This
                                   expects an absolute
                                   path to the executable.
          free_form:             # The shell module takes a free form command to run, as
                                   a string. There is no
                                   actual parameter named
                                   'free form'. See the
                                   examples on how to use
                                   this module.
          removes:               # A filename, when it does not exist, this step will
                                   *not* be run.
          stdin:                 # Set the stdin of the command directly to the specified
                                   value.
          stdin_add_newline:     # Whether to append a newline to stdin data.
          warn:                  # Whether to enable task warnings.
    
    • 使用shell查看主机名
    [root@ansible ~]#ansible websrvs -m shell -a "echo $HOSTNAME"  # 不可以加双引号
    192.168.39.27 | CHANGED | rc=0 >>
    ansible
    
    192.168.39.37 | CHANGED | rc=0 >>
    ansible
    
    192.168.39.47 | CHANGED | rc=0 >>
    ansible
    
    [root@ansible ~]#ansible websrvs -m shell -a 'echo $HOSTNAME'  # 必须单引号
    192.168.39.47 | CHANGED | rc=0 >>
    centos47
    
    192.168.39.37 | CHANGED | rc=0 >>
    centos37
    
    192.168.39.27 | CHANGED | rc=0 >>
    centos27
    
    
    • 查看文件
    [root@ansible ~]#ansible websrvs -m shell -a 'cat /data/test.txt'
    192.168.39.27 | CHANGED | rc=0 >>
    
    
    192.168.39.47 | FAILED | rc=1 >>
    cat: /data/test.txt: No such file or directorynon-zero return code   # 这条信息是因为这个主机上没有这个文件
    
    192.168.39.37 | CHANGED | rc=0 >>
    
    
    • 设置用户密码
    [root@ansible ~]#ansible websrvs -m shell -a 'echo centos | passwd --stdin jack'
    192.168.39.27 | CHANGED | rc=0 >>
    Changing password for user jack.
    passwd: all authentication tokens updated successfully.
    
    192.168.39.37 | CHANGED | rc=0 >>
    Changing password for user jack.
    passwd: all authentication tokens updated successfully.
    
    192.168.39.47 | CHANGED | rc=0 >>
    Changing password for user jack.
    passwd: all authentication tokens updated successfully.
    
    [root@centos27 ~]#grep jack /etc/shadow  # 显示加密,密码设置成功
    jack:$6$jE4QxQod$9qCGuKlHK/vZpPHAos3LvaAvcLWIeXnLAitNGif6kkL/hupF4rBeet9W8o9u7D2O/YB391YS4S5U.y6FcoypE1:18235:0:99999:7:::
    
    • 使用shell模块修改selinux状态
    [root@centos27 ~]#cat /etc/selinux/config 
    
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=disabled  # 现在是禁用状态
    # SELINUXTYPE= can take one of three values:
    #     targeted - Targeted processes are protected,
    #     minimum - Modification of targeted policy. Only selected processes are protected. 
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted 
    
    [root@ansible ~]#ansible websrvs -m shell -a "sed -i 's/SELINUX=disabled/SELINUX=enforcing/' /etc/selinux/config"
    [WARNING]: Consider using the replace, lineinfile or template module rather than
    running 'sed'.  If you need to use command because replace, lineinfile or template is
    insufficient you can add 'warn: false' to this command task or set
    'command_warnings=False' in ansible.cfg to get rid of this message.   # 这些提示是修改这个文件这个模块不是专业的,有更专业的模块。(一般显示为粉色)
    
    192.168.39.47 | CHANGED | rc=0 >>
    
    
    192.168.39.27 | CHANGED | rc=0 >>
    
    
    192.168.39.37 | CHANGED | rc=0 >>
    
    
    [root@centos27 ~]#cat /etc/selinux/config 
    
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=enforcing  # 修改为启用了
    # SELINUXTYPE= can take one of three values:
    #     targeted - Targeted processes are protected,
    #     minimum - Modification of targeted policy. Only selected processes are protected. 
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted 
    
    • 修改shell为默认模块
    [root@ansible ~]#grep '^[#]module' /etc/ansible/ansible.cfg
    #module_utils   = /usr/share/my_module_utils/
    #module_lang    = C
    #module_set_locale = False
    module_name = shell   # 找到这一行删掉注释 把后面修改为shell就可以了
    #module_compression = 'ZIP_DEFLATED'
    
    
    # 使用的时候可以不加shell模块了
    [root@ansible ~]#ansible websrvs -a 'echo linux | passwd --stdin jack'
    192.168.39.27 | CHANGED | rc=0 >>
    Changing password for user jack.
    passwd: all authentication tokens updated successfully.
    
    192.168.39.47 | CHANGED | rc=0 >>
    Changing password for user jack.
    passwd: all authentication tokens updated successfully.
    
    192.168.39.37 | CHANGED | rc=0 >>
    Changing password for user jack.
    passwd: all authentication tokens updated successfully.
    
    几乎可以使用系统里的所有命令,但是有的命令有更专业的模块,最好对应使用。
    

    script模块

    功能::在远程主机上运行ansible服务器上的脚本
    
    • 模块简单介绍
    [root@ansible ~]#ansible-doc -s script
    - name: Runs a local script on a remote node after transferring it
      script:
          chdir:                 # Change into this directory on the remote node before
                                   running the script.
          cmd:                   # Path to the local script to run followed by optional
                                   arguments.
          creates:               # A filename on the remote node, when it already exists,
                                   this step will *not* be
                                   run.
          decrypt:               # This option controls the autodecryption of source
                                   files using vault.
          executable:            # Name or path of a executable to invoke the script
                                   with.
          free_form:             # Path to the local script file followed by optional
                                   arguments.
          removes:               # A filename on the remote node, when it does not exist,
                                   this step will *not* be
                                   run.
    
    
    • 在ansible主机写一个脚本来测试
    [root@ansible ~]#cat test.sh
    #!/bin/bash
    touch /data/host.txt   # 测试使用没写多
    
    • 开始使用script模块执行脚本在远程实现
    [root@ansible ~]#ansible websrvs -m script -a '/root/test.sh'
    192.168.39.27 | CHANGED => {
        "changed": true, 
        "rc": 0, 
        "stderr": "Shared connection to 192.168.39.27 closed.
    ", 
        "stderr_lines": [
            "Shared connection to 192.168.39.27 closed."
        ], 
        "stdout": "", 
        "stdout_lines": []
    }
    192.168.39.47 | CHANGED => {
        "changed": true, 
        "rc": 0, 
        "stderr": "Shared connection to 192.168.39.47 closed.
    ", 
        "stderr_lines": [
            "Shared connection to 192.168.39.47 closed."
        ], 
        "stdout": "", 
        "stdout_lines": []
    }
    192.168.39.37 | CHANGED => {
        "changed": true, 
        "rc": 0, 
        "stderr": "Shared connection to 192.168.39.37 closed.
    ", 
        "stderr_lines": [
            "Shared connection to 192.168.39.37 closed."
        ], 
        "stdout": "", 
        "stdout_lines": []
    }
    [root@ansible ~]#ansible websrvs -a 'ls /data'
    192.168.39.27 | CHANGED | rc=0 >>
    host.txt   # 创建成功
    log.tar.bz2
    mysql-20191130-1445.tar.gz
    test.txt
    
    192.168.39.47 | CHANGED | rc=0 >>
    host.txt
    log.tar.bz2
    
    192.168.39.37 | CHANGED | rc=0 >>
    host.txt
    log.tar.bz2
    test.txt
    

    copy模块

    功能:从ansible服务器主控端复制文件到远程主机
    
    • 模块简单介绍
    [root@ansible ~]#ansible-doc -s copy
    - name: Copy files to remote locations
      copy:
          attributes:            # The attributes the resulting file or directory should have.
                                   To get supported flags look at
                                   the man page for `chattr' on
                                   the target system. This string
                                   should contain the attributes
                                   in the same order as the one
                                   displayed by `lsattr'. The `='
                                   operator is assumed as
                                   default, otherwise `+' or `-'
                                   operators need to be included
                                   in the string.
          backup:                # Create a backup file including the timestamp information so
                                   you can get the original file
                                   back if you somehow clobbered
                                   it incorrectly.
          checksum:              # SHA1 checksum of the file being transferred. Used to validate
                                   that the copy of the file was
                                   successful. If this is not
                                   provided, ansible will use the
                                   local calculated checksum of
                                   the src file.
          content:               # When used instead of `src', sets the contents of a file
                                   directly to the specified
                                   value. Works only when `dest'
                                   is a file. Creates the file if
                                   it does not exist. For
                                   advanced formatting or if
                                   `content' contains a variable,
                                   use the [template] module.
          decrypt:               # This option controls the autodecryption of source files using
                                   vault.
          dest:                  # (required) Remote absolute path where the file should be
                                   copied to. If `src' is a
                                   directory, this must be a
                                   directory too. If `dest' is a
                                   non-existent path and if
                                   either `dest' ends with "/" or
                                   `src' is a directory, `dest'
                                   is created. If `dest' is a
    
    • 修改PATH变量并修改所有者所属组和权限
    profile.d/mysql.sh owner=yang group=bin mode=700"
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "checksum": "224051367fc65d418858652f7766065a65a46b83", 
        "dest": "/etc/profile.d/mysql.sh", 
        "gid": 1, 
        "group": "bin", 
        "md5sum": "4272eaf1388c674a434242136cd65beb", 
        "mode": "0700", 
        "owner": "yang", 
        "size": 81, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575536571.04-31281855976552/source", 
        "state": "file", 
        "uid": 1000
    }
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "checksum": "224051367fc65d418858652f7766065a65a46b83", 
        "dest": "/etc/profile.d/mysql.sh", 
        "gid": 1, 
        "group": "bin", 
        "md5sum": "4272eaf1388c674a434242136cd65beb", 
        "mode": "0700", 
        "owner": "yang", 
        "size": 81, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575536571.02-85433210657540/source", 
        "state": "file", 
        "uid": 1000
    }
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "checksum": "224051367fc65d418858652f7766065a65a46b83", 
        "dest": "/etc/profile.d/mysql.sh", 
        "gid": 1, 
        "group": "bin", 
        "md5sum": "4272eaf1388c674a434242136cd65beb", 
        "mode": "0700", 
        "owner": "yang", 
        "size": 81, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575536571.05-107810656824997/source", 
        "state": "file", 
        "uid": 1000
    }
    
    • 查看修改结果
    [root@ansible ~]#ansible websrvs -a 'ls -l /etc/profile.d/mysql.sh'
    192.168.39.47 | CHANGED | rc=0 >>
    -rwx------ 1 yang bin 81 Dec  5 17:02 /etc/profile.d/mysql.sh
    
    192.168.39.37 | CHANGED | rc=0 >>
    -rwx------ 1 yang bin 81 Dec  5 17:02 /etc/profile.d/mysql.sh
    
    192.168.39.27 | CHANGED | rc=0 >>
    -rwx------ 1 yang bin 81 Dec  5 17:02 /etc/profile.d/mysql.sh
    
    
    • 拷贝文件到目标主机
    [root@ansible ~]#ansible websrvs -m copy -a "src=/etc/selinux/config dest=/data"
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "checksum": "086428e2a122b0fec18cd17858f334ca65116f69", 
        "dest": "/data/config", 
        "gid": 0, 
        "group": "root", 
        "md5sum": "8a7e44af619a4538054b458dfa31941d", 
        "mode": "0644", 
        "owner": "root", 
        "size": 542, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575536783.04-173190751129047/source", 
        "state": "file", 
        "uid": 0
    }
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "checksum": "086428e2a122b0fec18cd17858f334ca65116f69", 
        "dest": "/data/config", 
        "gid": 0, 
        "group": "root", 
        "md5sum": "8a7e44af619a4538054b458dfa31941d", 
        "mode": "0644", 
        "owner": "root", 
        "size": 542, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575536783.03-90703232115071/source", 
        "state": "file", 
        "uid": 0
    }
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "checksum": "086428e2a122b0fec18cd17858f334ca65116f69", 
        "dest": "/data/config", 
        "gid": 0, 
        "group": "root", 
        "md5sum": "8a7e44af619a4538054b458dfa31941d", 
        "mode": "0644", 
        "owner": "root", 
        "size": 542, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575536783.02-59216625108124/source", 
        "state": "file", 
        "uid": 0
    }
    
    # 查看结果
    
    [root@ansible ~]#ansible websrvs -a 'll /data'  # 不要使用别名  ll类似于别名识别不了
    192.168.39.37 | FAILED | rc=127 >>
    /bin/sh: ll: command not foundnon-zero return code
    
    192.168.39.27 | FAILED | rc=127 >>
    /bin/sh: ll: command not foundnon-zero return code
    
    192.168.39.47 | FAILED | rc=127 >>
    /bin/sh: ll: command not foundnon-zero return code
    
    [root@ansible ~]#ansible websrvs -a 'ls -l /data'  
    192.168.39.37 | CHANGED | rc=0 >>
    total 640
    -rw-r--r-- 1 root root    542 Dec  5 17:06 config   # 拷贝成功
    -rw-r--r-- 1 root root      0 Dec  5 15:58 host.txt
    -rw-r--r-- 1 root root 647441 Dec  4 21:27 log.tar.bz2
    -rw-r--r-- 1 root root      0 Dec  5 14:54 test.txt
    
    192.168.39.27 | CHANGED | rc=0 >>
    total 1204
    -rw-r--r-- 1 root root    542 Dec  5 17:06 config
    -rw-r--r-- 1 root root      0 Dec  5 15:58 host.txt
    -rw-r--r-- 1 root root 640288 Dec  4 21:27 log.tar.bz2
    -rw-r--r-- 1 root root 585133 Nov 30 14:47 mysql-20191130-1445.tar.gz
    -rw-r--r-- 1 root root      0 Dec  5 14:54 test.txt
    
    192.168.39.47 | CHANGED | rc=0 >>
    total 624
    -rw-r--r-- 1 root root    542 Dec  5 17:06 config
    -rw-r--r-- 1 root root      0 Dec  5 15:58 host.txt
    -rw-r--r-- 1 root root 634270 Dec  4 21:27 log.tar.bz2
    
    
    • 判断拷贝目标主机有这个文件先备份再覆盖
    [root@ansible ~]#ansible websrvs -m copy -a "src=/etc/issue dest=/data/config backup=yes"
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "backup_file": "/data/config.13745.2019-12-05@17:12:29~", 
        "changed": true, 
        "checksum": "5c76e3b565c91e21bee303f15c728c71e6b39540", 
        "dest": "/data/config", 
        "gid": 0, 
        "group": "root", 
        "md5sum": "f078fe086dfc22f64b5dca2e1b95de2c", 
        "mode": "0644", 
        "owner": "root", 
        "size": 23, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575537147.78-218002224821544/source", 
        "state": "file", 
        "uid": 0
    }
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "backup_file": "/data/config.13680.2019-12-05@17:12:29~", 
        "changed": true, 
        "checksum": "5c76e3b565c91e21bee303f15c728c71e6b39540", 
        "dest": "/data/config", 
        "gid": 0, 
        "group": "root", 
        "md5sum": "f078fe086dfc22f64b5dca2e1b95de2c", 
        "mode": "0644", 
        "owner": "root", 
        "size": 23, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575537147.76-127133770301032/source", 
        "state": "file", 
        "uid": 0
    }
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "backup_file": "/data/config.13707.2019-12-05@17:12:29~", 
        "changed": true, 
        "checksum": "5c76e3b565c91e21bee303f15c728c71e6b39540", 
        "dest": "/data/config", 
        "gid": 0, 
        "group": "root", 
        "md5sum": "f078fe086dfc22f64b5dca2e1b95de2c", 
        "mode": "0644", 
        "owner": "root", 
        "size": 23, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575537147.79-135304360989753/source", 
        "state": "file", 
        "uid": 0
    }
    
    # 查看结果
    
    [root@ansible ~]#ansible websrvs -a 'ls -l /data'
    192.168.39.47 | CHANGED | rc=0 >>
    total 628
    -rw-r--r-- 1 root root     23 Dec  5 17:12 config  # 这个是拷贝过去的文件
    -rw-r--r-- 1 root root    542 Dec  5 17:06 config.13745.2019-12-05@17:12:29~  # 这是备份的,这个文件名每个服务器是不一样的
    -rw-r--r-- 1 root root      0 Dec  5 15:58 host.txt
    -rw-r--r-- 1 root root 634270 Dec  4 21:27 log.tar.bz2
    
    192.168.39.27 | CHANGED | rc=0 >>
    total 1208
    -rw-r--r-- 1 root root     23 Dec  5 17:12 config
    -rw-r--r-- 1 root root    542 Dec  5 17:06 config.13680.2019-12-05@17:12:29~
    -rw-r--r-- 1 root root      0 Dec  5 15:58 host.txt
    -rw-r--r-- 1 root root 640288 Dec  4 21:27 log.tar.bz2
    -rw-r--r-- 1 root root 585133 Nov 30 14:47 mysql-20191130-1445.tar.gz
    -rw-r--r-- 1 root root      0 Dec  5 14:54 test.txt
    
    192.168.39.37 | CHANGED | rc=0 >>
    total 644
    -rw-r--r-- 1 root root     23 Dec  5 17:12 config
    -rw-r--r-- 1 root root    542 Dec  5 17:06 config.13707.2019-12-05@17:12:29~
    -rw-r--r-- 1 root root      0 Dec  5 15:58 host.txt
    -rw-r--r-- 1 root root 647441 Dec  4 21:27 log.tar.bz2
    -rw-r--r-- 1 root root      0 Dec  5 14:54 test.txt
    
    
    • 拷贝目录到目标主机
    # 保证data下有文件做测试使用
    [root@ansible ~]#touch /data/test.txt
    [root@ansible ~]#ll /data/
    total 0
    -rw-r--r-- 1 root root 0 Dec  5 17:23 test.txt
    
    [root@ansible ~]#ansible websrvs -m copy -a "src=/data dest=/backup"
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", 
        "dest": "/backup/data/test.txt", 
        "gid": 0, 
        "group": "root", 
        "md5sum": "d41d8cd98f00b204e9800998ecf8427e", 
        "mode": "0644", 
        "owner": "root", 
        "size": 0, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575537831.85-231491228827500/source", 
        "state": "file", 
        "uid": 0
    }
    
    
     查看结果
    
    # 目录和文件都拷贝过去了
    [root@ansible ~]#ansible websrvs -a 'ls -l /backup'
    192.168.39.37 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root 22 Dec  5 17:23 data
    
    192.168.39.27 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root 22 Dec  5 17:23 data
    
    192.168.39.47 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root 22 Dec  5 17:23 data
    
    [root@ansible ~]#ansible websrvs -a 'ls -l /backup/data'
    192.168.39.27 | CHANGED | rc=0 >>
    total 0
    -rw-r--r-- 1 root root 0 Dec  5 17:23 test.txt
    
    192.168.39.47 | CHANGED | rc=0 >>
    total 0
    -rw-r--r-- 1 root root 0 Dec  5 17:23 test.txt
    
    192.168.39.37 | CHANGED | rc=0 >>
    total 0
    -rw-r--r-- 1 root root 0 Dec  5 17:23 test.txt
    
    • 只拷贝目录下的文件
    # 只用在源文件夹后面跟上斜杠就可以了
    [root@ansible ~]#ansible websrvs -m copy -a "src=/data/ dest=/backup"
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", 
        "dest": "/backup/test.txt", 
        "gid": 0, 
        "group": "root", 
        "md5sum": "d41d8cd98f00b204e9800998ecf8427e", 
        "mode": "0644", 
        "owner": "root", 
        "size": 0, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575538078.66-3118597090714/source", 
        "state": "file", 
        "uid": 0
    }
    
    # 查看结果
    
    [root@ansible ~]#ansible websrvs -a 'ls -l /backup/'  # 只拷贝了文件目录没有拷贝
    192.168.39.47 | CHANGED | rc=0 >>
    total 0
    -rw-r--r-- 1 root root 0 Dec  5 17:27 test.txt
    
    192.168.39.37 | CHANGED | rc=0 >>
    total 0
    -rw-r--r-- 1 root root 0 Dec  5 17:27 test.txt
    
    192.168.39.27 | CHANGED | rc=0 >>
    total 0
    -rw-r--r-- 1 root root 0 Dec  5 17:27 test.txt
    
    
    也可以配置远程主机yum源使用,src是源  dest是目标
    

    Fetch模块

    功能:从远程主机提取文件至ansible的主控端,copy相反,目前不支持目录,但是可以打包抓取目录。
    
    • 抓取文件到本机
    [root@ansible ~]#ansible websrvs -m fetch -a 'src=/etc/redhat-release dest=/data/os.txt'
    192.168.39.37 | CHANGED => {
        "changed": true, 
        "checksum": "dd9a53b0d396d3ab190cfbc08dca572d3e741a03", 
        "dest": "/data/os.txt/192.168.39.37/etc/redhat-release", 
        "md5sum": "712356bf79a10f4c45cc0a1772bbeaf6", 
        "remote_checksum": "dd9a53b0d396d3ab190cfbc08dca572d3e741a03", 
        "remote_md5sum": null
    }
    192.168.39.47 | CHANGED => {
        "changed": true, 
        "checksum": "dd9a53b0d396d3ab190cfbc08dca572d3e741a03", 
        "dest": "/data/os.txt/192.168.39.47/etc/redhat-release", 
        "md5sum": "712356bf79a10f4c45cc0a1772bbeaf6", 
        "remote_checksum": "dd9a53b0d396d3ab190cfbc08dca572d3e741a03", 
        "remote_md5sum": null
    }
    192.168.39.27 | CHANGED => {
        "changed": true, 
        "checksum": "dd9a53b0d396d3ab190cfbc08dca572d3e741a03", 
        "dest": "/data/os.txt/192.168.39.27/etc/redhat-release", 
        "md5sum": "712356bf79a10f4c45cc0a1772bbeaf6", 
        "remote_checksum": "dd9a53b0d396d3ab190cfbc08dca572d3e741a03", 
        "remote_md5sum": null
    }
    
    # 查看结果
    
    [root@ansible ~]#ll /data/  # 会生成一个文件夹
    total 0
    drwxr-xr-x 5 root root 69 Dec  5 17:50 os.txt
    -rw-r--r-- 1 root root  0 Dec  5 17:23 test.txt
    
    [root@ansible ~]#tree /data/os.txt/  # 文件夹结构 按照主机ip存放的
    /data/os.txt/
    ├── 192.168.39.27
    │   └── etc
    │       └── redhat-release
    ├── 192.168.39.37
    │   └── etc
    │       └── redhat-release
    └── 192.168.39.47
        └── etc
            └── redhat-release
    
    6 directories, 3 files
    
    

    File模块

    功能:管理文件和文件的属性
      state=absent 代表删除的意思
      state=touch  创建空文件
      state=directory  创建空文件夹
      state=link  创建软连接
      state=hard  创建硬链接
    
    • 更改远程主机文件属性没有这个文件不执行。
    [root@ansible ~]#ansible websrvs -m file -a 'path=/data/test.txt owner=yang group=root mode=600'
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "gid": 0, 
        "group": "root", 
        "mode": "0600", 
        "owner": "yang", 
        "path": "/data/test.txt", 
        "size": 0, 
        "state": "file", 
        "uid": 1000
    }
    192.168.39.47 | FAILED! => {   # 不执行但是会报错
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "msg": "file (/data/test.txt) is absent, cannot continue", 
        "path": "/data/test.txt"
    }
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "gid": 0, 
        "group": "root", 
        "mode": "0600", 
        "owner": "yang", 
        "path": "/data/test.txt", 
        "size": 0, 
        "state": "file", 
        "uid": 1000
    }
    
    # 查看结果
    
    [root@ansible ~]#ansible websrvs -a 'ls -l /data/test.txt'
    192.168.39.47 | FAILED | rc=2 >>
    ls: cannot access /data/test.txt: No such file or directorynon-zero return code
    
    192.168.39.27 | CHANGED | rc=0 >>
    -rw------- 1 yang root 0 Dec  5 14:54 /data/test.txt
    
    192.168.39.37 | CHANGED | rc=0 >>
    -rw------- 1 yang root 0 Dec  5 14:54 /data/test.txt
    
    
    • 也可以删除文件使用
    [root@ansible ~]#ansible websrvs -m file -a 'path=/data/test.txt state=absent'
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "path": "/data/test.txt", 
        "state": "absent"
    }
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "path": "/data/test.txt", 
        "state": "absent"
    }
    192.168.39.47 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "path": "/data/test.txt", 
        "state": "absent"
    }
    
    # 查看结果
    [root@ansible ~]#ansible websrvs -a 'ls -l /data/'
    192.168.39.47 | CHANGED | rc=0 >>
    total 628
    -rw-r--r-- 1 root root     23 Dec  5 17:12 config
    -rw-r--r-- 1 root root    542 Dec  5 17:06 config.13745.2019-12-05@17:12:29~
    -rw-r--r-- 1 root root      0 Dec  5 15:58 host.txt
    -rw-r--r-- 1 root root 634270 Dec  4 21:27 log.tar.bz2
    
    192.168.39.27 | CHANGED | rc=0 >>
    total 1208
    -rw-r--r-- 1 root root     23 Dec  5 17:12 config
    -rw-r--r-- 1 root root    542 Dec  5 17:06 config.13680.2019-12-05@17:12:29~
    -rw-r--r-- 1 root root      0 Dec  5 15:58 host.txt
    -rw-r--r-- 1 root root 640288 Dec  4 21:27 log.tar.bz2
    -rw-r--r-- 1 root root 585133 Nov 30 14:47 mysql-20191130-1445.tar.gz
    
    192.168.39.37 | CHANGED | rc=0 >>
    total 644
    -rw-r--r-- 1 root root     23 Dec  5 17:12 config
    -rw-r--r-- 1 root root    542 Dec  5 17:06 config.13707.2019-12-05@17:12:29~
    -rw-r--r-- 1 root root      0 Dec  5 15:58 host.txt
    -rw-r--r-- 1 root root 647441 Dec  4 21:27 log.tar.bz2
    
    • 删除文件夹
    [root@ansible ~]#ansible websrvs -m file -a 'path=/backup/ state=absent'  # 
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "path": "/backup/", 
        "state": "absent"
    }
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "path": "/backup/", 
        "state": "absent"
    }
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "path": "/backup/", 
        "state": "absent"
    }
    
    # 查看结果
    [root@ansible ~]#ansible websrvs -a 'ls -l /'
    192.168.39.27 | CHANGED | rc=0 >>
    total 32
    lrwxrwxrwx.   1 root root     7 Sep  5 16:17 bin -> usr/bin
    dr-xr-xr-x.   5 root root  4096 Sep  5 16:23 boot
    drwxr-xr-x.   2 root root     6 Dec  5 18:02 data
    drwxr-xr-x   19 root root  3320 Dec  5 14:50 dev
    drwxr-xr-x. 143 root root 12288 Dec  5 15:46 etc
    drwxr-xr-x.   4 root root    30 Dec  5 15:00 home
    lrwxrwxrwx.   1 root root     7 Sep  5 16:17 lib -> usr/lib
    lrwxrwxrwx.   1 root root     9 Sep  5 16:17 lib64 -> usr/lib64
    drwxr-xr-x.   2 root root     6 Apr 11  2018 media
    drwxr-xr-x    3 root root    16 Nov 15 20:06 misc
    drwxr-xr-x.   2 root root     6 Apr 11  2018 mnt
    drwxr-xr-x.   3 root root    16 Sep  5 16:20 opt
    dr-xr-xr-x  190 root root     0 Dec  5 14:49 proc
    dr-xr-x---.  17 root root  4096 Dec  5 14:56 root
    drwxr-xr-x   40 root root  1200 Dec  5 14:50 run
    lrwxrwxrwx.   1 root root     8 Sep  5 16:17 sbin -> usr/sbin
    drwxr-xr-x.   2 root root     6 Apr 11  2018 srv
    dr-xr-xr-x   13 root root     0 Dec  5 17:20 sys
    drwxrwxrwt.  19 root root  4096 Dec  5 18:03 tmp
    drwxr-xr-x.  13 root root   155 Sep  5 16:17 usr
    drwxr-xr-x.  21 root root  4096 Sep  5 16:25 var
    
    # 还有一种情况,当这个文件夹是挂载点的时候不能直接删除目录只会清空目录下的数据。
    [root@ansible ~]#ansible websrvs -m file -a 'path=/data/ state=absent'
    192.168.39.37 | FAILED! => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "msg": "rmtree failed: [Errno 16] Device or resource busy: '/data/'"
    }
    192.168.39.27 | FAILED! => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "msg": "rmtree failed: [Errno 16] Device or resource busy: '/data/'"
    }
    192.168.39.47 | FAILED! => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "msg": "rmtree failed: [Errno 16] Device or resource busy: '/data/'"
    }
    
    [root@ansible ~]#ansible websrvs -a 'ls -l /data'
    192.168.39.37 | CHANGED | rc=0 >>
    total 0
    
    192.168.39.47 | CHANGED | rc=0 >>
    total 0
    
    192.168.39.27 | CHANGED | rc=0 >>
    total 0
    
    
    • 创建空文件使用
    [root@ansible ~]#ansible websrvs -m file -a 'path=/data/fa.txt state=touch'
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "dest": "/data/fa.txt", 
        "gid": 0, 
        "group": "root", 
        "mode": "0644", 
        "owner": "root", 
        "size": 0, 
        "state": "file", 
        "uid": 0
    }
    [root@ansible ~]#ansible websrvs -a 'ls -l /data'
    192.168.39.27 | CHANGED | rc=0 >>
    total 0
    -rw-r--r-- 1 root root 0 Dec  5 18:06 fa.txt
    
    192.168.39.37 | CHANGED | rc=0 >>
    total 0
    -rw-r--r-- 1 root root 0 Dec  5 18:06 fa.txt
    
    192.168.39.47 | CHANGED | rc=0 >>
    total 0
    -rw-r--r-- 1 root root 0 Dec  5 18:06 fa.txt
    
    • 创建空文件夹
    [root@ansible ~]#ansible websrvs -m file -a 'path=/data/dir state=directory'
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "gid": 0, 
        "group": "root", 
        "mode": "0755", 
        "owner": "root", 
        "path": "/data/dir", 
        "size": 6, 
        "state": "directory", 
        "uid": 0
    }
    
    [root@ansible ~]#ansible websrvs -a 'ls -l /data'
    192.168.39.47 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root 6 Dec  5 18:10 dir
    -rw-r--r-- 1 root root 0 Dec  5 18:06 fa.txt
    
    192.168.39.37 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root 6 Dec  5 18:10 dir
    -rw-r--r-- 1 root root 0 Dec  5 18:06 fa.txt
    
    192.168.39.27 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root 6 Dec  5 18:10 dir
    -rw-r--r-- 1 root root 0 Dec  5 18:06 fa.txt
    
    [root@ansible ~]#ansible websrvs -a 'ls -l /data/dir'
    192.168.39.37 | CHANGED | rc=0 >>
    total 0
    
    192.168.39.47 | CHANGED | rc=0 >>
    total 0
    
    192.168.39.27 | CHANGED | rc=0 >>
    total 0
    
    • 创建软连接
    [root@ansible ~]#ansible websrvs -m file -a 'src=/etc/issue path=/data/issue.link state=link' 
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "dest": "/data/issue.link", 
        "gid": 0, 
        "group": "root", 
        "mode": "0777", 
        "owner": "root", 
        "size": 10, 
        "src": "/etc/issue", 
        "state": "link", 
        "uid": 0
    }
    
    [root@ansible ~]#ansible websrvs -a 'ls -l /data/'
    192.168.39.27 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root  6 Dec  5 18:10 dir
    -rw-r--r-- 1 root root  0 Dec  5 18:06 fa.txt
    lrwxrwxrwx 1 root root 10 Dec  5 18:12 issue.link -> /etc/issue
    
    192.168.39.37 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root  6 Dec  5 18:10 dir
    -rw-r--r-- 1 root root  0 Dec  5 18:06 fa.txt
    lrwxrwxrwx 1 root root 10 Dec  5 18:12 issue.link -> /etc/issue
    
    192.168.39.47 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root  6 Dec  5 18:10 dir
    -rw-r--r-- 1 root root  0 Dec  5 18:06 fa.txt
    lrwxrwxrwx 1 root root 10 Dec  5 18:12 issue.link -> /etc/issue
    
    # 删除软连接
    [root@ansible ~]#ansible websrvs -m file -a 'path=/data/issue.link state=absent'
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "path": "/data/issue.link", 
        "state": "absent"
    }
    [root@ansible ~]#ansible websrvs -a 'ls -l /data/'
    192.168.39.37 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root 6 Dec  5 18:10 dir
    -rw-r--r-- 1 root root 0 Dec  5 18:06 fa.txt
    
    192.168.39.27 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root 6 Dec  5 18:10 dir
    -rw-r--r-- 1 root root 0 Dec  5 18:06 fa.txt
    
    192.168.39.47 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root 6 Dec  5 18:10 dir
    -rw-r--r-- 1 root root 0 Dec  5 18:06 fa.txt
    
    
    • 创建硬链接(不能跨设备创建)
    [root@ansible ~]#ansible websrvs -m file -a 'src=/data/fa.txt path=/data/f1.txt.hardlink state=hard'
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "dest": "/data/f1.txt.hardlink", 
        "gid": 0, 
        "group": "root", 
        "mode": "0644", 
        "owner": "root", 
        "size": 0, 
        "src": "/data/fa.txt", 
        "state": "hard", 
        "uid": 0
    }
    
    [root@ansible ~]#ansible websrvs -a 'ls -l /data/'
    192.168.39.47 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root 6 Dec  5 18:10 dir
    -rw-r--r-- 2 root root 0 Dec  5 18:06 f1.txt.hardlink
    -rw-r--r-- 2 root root 0 Dec  5 18:06 fa.txt
    
    192.168.39.37 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root 6 Dec  5 18:10 dir
    -rw-r--r-- 2 root root 0 Dec  5 18:06 f1.txt.hardlink
    -rw-r--r-- 2 root root 0 Dec  5 18:06 fa.txt
    
    192.168.39.27 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 2 root root 6 Dec  5 18:10 dir
    -rw-r--r-- 2 root root 0 Dec  5 18:06 f1.txt.hardlink
    -rw-r--r-- 2 root root 0 Dec  5 18:06 fa.txt
    
    # 删除和软连接一样
    [root@ansible ~]#ansible websrvs -m file -a ' path=/data/f1.txt.hardlink state=absent'
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "path": "/data/f1.txt.hardlink", 
        "state": "absent"
    }
    

    unarchive模块

    功能:解包解压缩
    实现有两种用法: 
        1、将ansible主机上的压缩包传到远程主机后解压缩至特定目录,设置copy=yes 
        2、将远程主机上的某个压缩包解压缩到指定路径下,设置copy=no    
    
    • 常见参数:
      • copy:默认为yes,当copy=yes,拷贝的文件是从ansible主机复制到远程主机上,如果设置为copy=no,会在远程主机上寻找src源文件
      • remote_src:和copy功能一样且互斥,yes表示在远程主机,不在ansible主机,no表示文件在ansible主机上
      • src:源路径,可以是ansible主机上的路径,也可以是远程主机上的路径,如果是远程主机上的路径,则需要设置copy=no
      • dest:远程主机上的目标路径
      • mode:设置解压缩后的文件权限
    • 先打包一个文件夹
    [root@ansible ~]#tar cvf os2.txt.tar /data/os.txt 
    tar: Removing leading '/' from member names
    /data/os.txt/
    /data/os.txt/192.168.39.37/
    /data/os.txt/192.168.39.37/etc/
    /data/os.txt/192.168.39.37/etc/redhat-release
    /data/os.txt/192.168.39.27/
    /data/os.txt/192.168.39.27/etc/
    /data/os.txt/192.168.39.27/etc/redhat-release
    /data/os.txt/192.168.39.47/
    /data/os.txt/192.168.39.47/etc/
    /data/os.txt/192.168.39.47/etc/redhat-release
    [root@ansible ~]#ll os.txt.tar 
    -rw-r--r-- 1 root root 10240 Dec  5 18:46 os.txt.tar
    
    • 从本机解压到远程主机
    [root@ansible ~]#ansible websrvs -m unarchive -a 'src=/root/data.tar dest=/data mode=700'
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "dest": "/data", 
        "extract_results": {
            "cmd": [
                "/usr/bin/gtar", 
                "--extract", 
                "-C", 
                "/data", 
                "-f", 
                "/root/.ansible/tmp/ansible-tmp-1575543401.67-225423334919338/source"
            ], 
            "err": "", 
            "out": "", 
            "rc": 0
        }, 
        "gid": 0, 
        "group": "root", 
        "handler": "TarArchive", 
        "mode": "0755", 
        "owner": "root", 
        "size": 43, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575543401.67-225423334919338/source", 
        "state": "directory", 
        "uid": 0
    }
    
    # 查看结果
    [root@ansible ~]#ansible websrvs -a 'ls -l /data'  # 权限和目录都是对的
    192.168.39.47 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 3 root root 20 Dec  5 18:56 data
    drwxr-xr-x 2 root root  6 Dec  5 18:10 dir
    -rw-r--r-- 1 root root  0 Dec  5 18:06 fa.txt
    
    192.168.39.37 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 3 root root 20 Dec  5 18:56 data
    drwxr-xr-x 2 root root  6 Dec  5 18:10 dir
    -rw-r--r-- 1 root root  0 Dec  5 18:06 fa.txt
    
    192.168.39.27 | CHANGED | rc=0 >>
    total 0
    drwxr-xr-x 3 root root 20 Dec  5 18:56 data
    drwxr-xr-x 2 root root  6 Dec  5 18:10 dir
    -rw-r--r-- 1 root root  0 Dec  5 18:06 fa.txt
    
    [root@ansible ~]#ansible websrvs -a 'ls -l /data/data/os.txt'
    192.168.39.37 | CHANGED | rc=0 >>
    total 0
    drwx------ 3 root root 17 Dec  5 17:50 192.168.39.27
    drwx------ 3 root root 17 Dec  5 17:50 192.168.39.37
    drwx------ 3 root root 17 Dec  5 17:50 192.168.39.47
    
    192.168.39.27 | CHANGED | rc=0 >>
    total 0
    drwx------ 3 root root 17 Dec  5 17:50 192.168.39.27
    drwx------ 3 root root 17 Dec  5 17:50 192.168.39.37
    drwx------ 3 root root 17 Dec  5 17:50 192.168.39.47
    
    192.168.39.47 | CHANGED | rc=0 >>
    total 0
    drwx------ 3 root root 17 Dec  5 17:50 192.168.39.27
    drwx------ 3 root root 17 Dec  5 17:50 192.168.39.37
    drwx------ 3 root root 17 Dec  5 17:50 192.168.39.47
    
    
    • 在ansible主机解压远程主机的包,先打包一个目录做实验
    [root@centos27 ~]#tar zcvf etc.tar.gz /etc 
    [root@centos27 ~]#ll etc.tar.gz 
    -rw-r--r-- 1 root root 11091868 Dec  5 19:03 etc.tar.gz
    
    # 开始在ansible主机解压(下面报错的是因为另外两台主机没有这个压缩包)
    [root@ansible ~]#ansible websrvs -m unarchive -a 'copy=no src=/root/etc.tar.gz dest=/data'
    192.168.39.37 | FAILED! => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "msg": "Source '/root/etc.tar.gz' does not exist"
    }
    192.168.39.47 | FAILED! => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "msg": "Source '/root/etc.tar.gz' does not exist"
    }
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "dest": "/data", 
        "extract_results": {
            "cmd": [
                "/usr/bin/gtar", 
                "--extract", 
                "-C", 
                "/data", 
                "-z", 
                "-f", 
                "/root/etc.tar.gz"
            ], 
            "err": "", 
            "out": "", 
            "rc": 0
        }, 
        "gid": 0, 
        "group": "root", 
        "handler": "TgzArchive", 
        "mode": "0755", 
        "owner": "root", 
        "size": 17, 
        "src": "/root/etc.tar.gz", 
        "state": "directory", 
        "uid": 0
    }
    
    #在远程主机查看
    [root@centos27 ~]#ll /data/
    total 12
    drwxr-xr-x 143 root root 8192 Dec  5 15:46 etc
    

    Archive模块

    功能:打包压缩
    范例:

    ansible websrvs -m archive -a 'path=/var/log/ dest=/data/log.tar.bz2 format=bz2 owner=wang mode=0600'
    

    Hostname模块

    功能:管理主机名
    
    • 模块简介
    [root@ansible ~]#ansible-doc -s hostname
    - name: Manage hostname
      hostname:
          name:                  # (required) Name of the host
          use:                   # Which strategy to use to update the hostname. If not set we
                                   try to autodetect, but this
                                   can be problematic, specially
                                   with containers as they can
                                   present misleading
                                   information.
    
    
    • 直接使用的话所有的主机名都会改成一样的了
    [root@ansible ~]#ansible websrvs -m hostname -a 'name=node1'
    [root@ansible ~]#ansible websrvs -a 'hostname'
    192.168.39.27 | CHANGED | rc=0 >>
    node1
    
    192.168.39.47 | CHANGED | rc=0 >>
    node1
    
    192.168.39.37 | CHANGED | rc=0 >>
    node1
    
    
    • 指定主机修改主机名
    [root@ansible ~]#ansible 192.168.39.47 -m hostname -a 'name=node47.centos.com'
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "ansible_domain": "centos.com", 
            "ansible_fqdn": "node47.centos.com", 
            "ansible_hostname": "node47", 
            "ansible_nodename": "node47.centos.com", 
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "name": "node47.centos.com"
    }
    [root@ansible ~]#ansible websrvs -a 'hostname'
    192.168.39.27 | CHANGED | rc=0 >>
    node1
    
    192.168.39.47 | CHANGED | rc=0 >>
    node47.centos.com
    
    192.168.39.37 | CHANGED | rc=0 >>
    node1
    
    

    Cron模块

    功能:计划任务,支持时间:minute,hour,day,month,weekday
    
    • 模块简介
    [root@ansible ~]#ansible-doc -s cron
    - name: Manage cron.d and crontab entries
      cron:
          backup:                # If set, create a backup of the crontab before it is modified.
                                   The location of the backup is
                                   returned in the `backup_file'
                                   variable by this module.
          cron_file:             # If specified, uses this file instead of an individual user's
                                   crontab. If this is a relative
                                   path, it is interpreted with
                                   respect to `/etc/cron.d'. If
                                   it is absolute, it will
                                   typically be `/etc/crontab'.
                                   Many linux distros expect (and
                                   some require) the filename
                                   portion to consist solely of
                                   upper- and lower-case letters,
                                   digits, underscores, and
                                   hyphens. To use the
                                   `cron_file' parameter you must
                                   specify the `user' as well.
          day:                   # Day of the month the job should run ( 1-31, *, */2, etc )
          disabled:              # If the job should be disabled (commented out) in the crontab.
                                   Only has effect if
                                   `state=present'.
          env:                   # If set, manages a crontab's environment variable. New
                                   variables are added on top of
                                   crontab. `name' and `value'
                                   parameters are the name and
                                   the value of environment
                                   variable.
          hour:                  # Hour when the job should run ( 0-23, *, */2, etc )
          insertafter:           # Used with `state=present' and `env'. If specified, the
                                   environment variable will be
                                   inserted after the declaration
                                   of specified environment
                                   variable.
          insertbefore:          # Used with `state=present' and `env'. If specified, the
                                   environment variable will be
                                   inserted before the
                                   declaration of specified
                                   environment variable.
    
    • 创建计划任务每天晚上备份数据库 把脚本推送到远程,定期调用脚本,实现备份。
    [root@ansible ~]#cat mysql_backuo.sh
    #!/bin/bash
    mysqldump -A -F --single-transaction --master-data=2 -q -uroot |gzip > /data/mysql_`date +%F_%T`.sql.gz
    
    # 加个执行权限
    [root@ansible ~]#chmod +x mysql_backuo.sh   
    
    #推送脚本到远程并设置权限
    [root@ansible ~]#ansible websrvs -m copy -a 'src=/root/mysql_backuo.sh dest=/data mode=755' 
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "checksum": "5c0da3eb2bfa30920e8bdfb7a4196d8bc31c743f", 
        "dest": "/data/mysql_backuo.sh", 
        "gid": 0, 
        "group": "root", 
        "md5sum": "4c11424f39a5692e47c6d520f31bf586", 
        "mode": "0755", 
        "owner": "root", 
        "size": 116, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575548529.47-40893078198274/source", 
        "state": "file", 
        "uid": 0
    }
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "checksum": "5c0da3eb2bfa30920e8bdfb7a4196d8bc31c743f", 
        "dest": "/data/mysql_backuo.sh", 
        "gid": 0, 
        "group": "root", 
        "md5sum": "4c11424f39a5692e47c6d520f31bf586", 
        "mode": "0755", 
        "owner": "root", 
        "size": 116, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575548529.45-67802454244249/source", 
        "state": "file", 
        "uid": 0
    }
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "checksum": "5c0da3eb2bfa30920e8bdfb7a4196d8bc31c743f", 
        "dest": "/data/mysql_backuo.sh", 
        "gid": 0, 
        "group": "root", 
        "md5sum": "4c11424f39a5692e47c6d520f31bf586", 
        "mode": "0755", 
        "owner": "root", 
        "size": 116, 
        "src": "/root/.ansible/tmp/ansible-tmp-1575548529.43-261659034922163/source", 
        "state": "file", 
        "uid": 0
    }
    
    [root@ansible ~]#ansible websrvs -a 'ls -l /data'
    192.168.39.27 | CHANGED | rc=0 >>
    total 16
    drwxr-xr-x 143 root root 8192 Dec  5 15:46 etc
    -rwxr-xr-x   1 root root  116 Dec  5 20:22 mysql_backuo.sh
    
    192.168.39.37 | CHANGED | rc=0 >>
    total 4
    -rwxr-xr-x 1 root root 116 Dec  5 20:22 mysql_backuo.sh
    
    192.168.39.47 | CHANGED | rc=0 >>
    total 4
    -rwxr-xr-x 1 root root 116 Dec  5 20:22 mysql_backuo.sh
    
    
    • 创建计划任务
    [root@ansible ~]#ansible 192.168.39.27 -m cron -a 'hour=2 minute=30 weekday=1-5 name="backup mysql" job=/data/mysql_backup.sh'
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "envs": [], 
        "jobs": [
            "backup mysql"
        ]
    }
    [root@centos27 ~]#crontab -l
    #Ansible: backup mysql
    30 2 * * 1-5 /data/mysql_backup.sh
    
    • 测试计划任务
    # 时间调至计划任务前一点
    [root@centos27 ~]#date 120402292019.40
    Wed Dec  4 02:29:40 CST 2019
    [root@centos27 ~]#date
    Wed Dec  4 02:29:58 CST 2019
    # 执行成功
    [root@centos27 ~]#ll /data/
    total 16
    drwxr-xr-x 143 root root 8192 Dec  5  2019 etc
    -rwxr-xr-x   1 root root  116 Dec  5  2019 mysql_backuo.sh
    
    # 测试成功把计划任务推给所有需要备份数据库的主机
    [root@ansible ~]#ansible websrvs -m cron -a 'hour=2 minute=30 weekday=1-5 name="backup mysql" job=/data/mysql_backup.sh'
    192.168.39.27 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "envs": [], 
        "jobs": [
            "backup mysql"
        ]
    }
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "envs": [], 
        "jobs": [
            "backup mysql"
        ]
    }
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "envs": [], 
        "jobs": [
            "backup mysql"
        ]
    }
    
    
    备份数据库二进制日志必须开启
    
    • 创建计划任务每五分钟同步更新一次时间
    [root@ansible ~]#ansible 192.168.39.37 -m cron -a "minute=*/5 job='/usr/sbin/ntpdate 172.20.0.1 &>/dev/null' name=Synctime"
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "envs": [], 
        "jobs": [
            "backup mysql", 
            "Synctime"
        ]
    }
    
    [root@centos37 ~]#crontab -l
    #Ansible: backup mysql
    30 2 * * 1-5 /data/mysql_backup.sh
    #Ansible: Synctime
    */5 * * * * /usr/sbin/ntpdate 172.20.0.1 &>/dev/null
    
    [root@centos37 ~]#tail -f /var/log/cron
    Dec  5 20:01:01 centos7 run-parts(/etc/cron.hourly)[24559]: finished 0anacron
    Dec  5 20:10:02 centos7 CROND[25342]: (root) CMD (/usr/lib64/sa/sa1 1 1)
    Dec  5 20:20:01 centos7 CROND[26004]: (root) CMD (/usr/lib64/sa/sa1 1 1)
    Dec  5 20:30:01 centos7 CROND[26528]: (root) CMD (/usr/lib64/sa/sa1 1 1)
    Dec  5 20:31:57 centos7 crontab[26680]: (root) LIST (root)
    Dec  5 20:31:57 centos7 crontab[26681]: (root) REPLACE (root)
    Dec  5 20:35:16 centos7 crontab[26850]: (root) LIST (root)
    Dec  5 20:35:16 centos7 crontab[26851]: (root) REPLACE (root)
    Dec  5 20:35:42 centos7 crontab[26877]: (root) LIST (root)
    Dec  5 20:36:01 centos7 crond[6536]: (root) RELOAD (/var/spool/cron/root)
    Dec  5 20:40:01 centos7 CROND[26985]: (root) CMD (/usr/sbin/ntpdate 172.20.0.1 &>/dev/null)
    Dec  5 20:40:01 centos7 CROND[26986]: (root) CMD (/usr/lib64/sa/sa1 1 1)  # 执行成功
    
    
    • 启用和禁用计划任务
    disabled=no  # 启用计划任务
    disabled=yes # 禁用计划任务(计划任务的列表里加注释)
    
    [root@ansible ~]#ansible 192.168.39.37 -m cron -a "minute=*/5 job='/usr/sbin/ntpdate 172.20.0.1 &>/dev/null' name=Synctime disabled=no"
    192.168.39.37 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "envs": [], 
        "jobs": [
            "backup mysql", 
            "Synctime"
        ]
    }
    [root@ansible ~]#ansible 192.168.39.37 -m cron -a "minute=*/5 job='/usr/sbin/ntpdate 172.20.0.1 &>/dev/null' name=Synctime disabled=yes"
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "envs": [], 
        "jobs": [
            "backup mysql", 
            "Synctime"
        ]
    }
    
    [root@centos37 ~]#crontab -l
    #Ansible: backup mysql
    30 2 * * 1-5 /data/mysql_backup.sh
    #Ansible: Synctime
    #*/5 * * * * /usr/sbin/ntpdate 172.20.0.1 &>/dev/null  # 注释禁用
    
    • 删除计划任务
    [root@ansible ~]#ansible 192.168.39.37 -m cron -a "minute=*/5 job='/usr/sbin/ntpdate 172.20.0.1 &>/dev/null' name=Synctime state=absent"
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "envs": [], 
        "jobs": [
            "backup mysql"
        ]
    }
    
    # 指定删除计划任务
    [root@ansible ~]#ansible 192.168.39.37 -m cron -a "name=Synctime state=absent"
    [root@ansible ~]#ansible 192.168.39.37 -m cron -a "name='backup mysql' state=absent" # 如果名字中间有个空格就加单引号
    

    Yum模块(ubantu不支持)

    功能:管理软件包(yum源提前配置好)可以把写好的yum源用copy传到远程主机
    
    • 查看已经安装的包
    [root@centos7 ~]#ansible websrvs -m yum -a 'list=installed'
    
    • 使用yum模块安装httpd
    [root@node1 ~]#systemctl status httpd   # 是没有这个服务的
    Unit httpd.service could not be found.
    
    [root@ansible ~]#ansible websrvs -m yum -a 'name=httpd'
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "changes": {
            "installed": [
                "httpd"
            ]
        }, 
        "msg": "", 
        "rc": 0, 
        "results": [
    ...(省略)
    
    Last login: Wed Dec  4 02:33:24 2019 from 192.168.39.7
    [root@node1 ~]#systemctl status httpd   # 安装完成之后有了
    ● httpd.service - The Apache HTTP Server
       Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
       Active: inactive (dead)
         Docs: man:httpd(8)
               man:apachectl(8)
    
    
    • 卸载httpd
    [root@ansible ~]#ansible websrvs -m yum -a 'name=httpd state=absent'
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "changes": {
            "removed": [
                "httpd"
            ]
        }, 
        "msg": "", 
        "rc": 0, 
        "results": [
    [root@node1 ~]#rpm -qa httpd
    [root@node1 ~]#systemctl status httpd
    Unit httpd.service could not be found.
    
    

    Service模块

    功能:管理服务
    
    • 启动httpd服务
    # 查看端口
    [root@ansible ~]#ansible websrvs -m shell -a 'ss -ntl'
    192.168.39.27 | CHANGED | rc=0 >>
    State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
    LISTEN     0      128          *:111                      *:*                  
    LISTEN     0      128          *:6000                     *:*                  
    LISTEN     0      5      192.168.122.1:53                       *:*                  
    LISTEN     0      128          *:22                       *:*                  
    LISTEN     0      128    127.0.0.1:631                      *:*                  
    LISTEN     0      128    127.0.0.1:6010                     *:*                  
    LISTEN     0      128         :::111                     :::*                  
    LISTEN     0      128         :::6000                    :::*                  
    LISTEN     0      128         :::22                      :::*                  
    LISTEN     0      128        ::1:631                     :::*                  
    LISTEN     0      128        ::1:6010                    :::*                  
    
    # 启动服务并设置为开机启动
    [root@ansible ~]#ansible websrvs -m service -a 'name=httpd state=started enabled=yes'
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "enabled": true, 
        "name": "httpd", 
        "state": "started", 
        "status": {
            "ActiveEnterTimestampMonotonic": "0", 
            "ActiveExitTimestampMonotonic": "0", 
            "ActiveState": "inactive", 
            "After": "nss-lookup.target basic.target network.target -.mount systemd-journald.socket remote-fs.target tmp.mount system.slice", 
            "AllowIsolate": "no", 
            "AmbientCapabilities": "0", 
            "AssertResult": "no", 
            "AssertTimestampMonotonic": "0", 
            "Before": "shutdown.target", 
            "BlockIOAccounting": "no", 
            "BlockIOWeight": "18446744073709551615", 
            "CPUAccounting": "no", 
            "CPUQuotaPerSecUSec": "infinity", 
            "CPUSchedulingPolicy": "0", 
            "CPUSchedulingPriority": "0", 
            "CPUSchedulingResetOnFork": "no", 
            "CPUShares": "18446744073709551615", 
            "CanIsolate": "no", 
            "CanReload": "yes", 
            "CanStart": "yes", 
            "CanStop": "yes", 
        # ....(省略)
    
    # 查看端口
    [root@ansible ~]#ansible websrvs -m shell -a 'ss -ntl'
    192.168.39.27 | CHANGED | rc=0 >>
    State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
    LISTEN     0      128          *:111                      *:*                  
    LISTEN     0      5      192.168.122.1:53                       *:*                  
    LISTEN     0      128          *:22                       *:*                  
    LISTEN     0      128          *:4567                     *:*                  
    LISTEN     0      128    127.0.0.1:631                      *:*                  
    LISTEN     0      128    127.0.0.1:6010                     *:*                  
    LISTEN     0      128         :::111                     :::*                  
    LISTEN     0      128         :::80                      :::*                 # 监听http80端口以打开   
    LISTEN     0      128         :::22                      :::*                  
    LISTEN     0      128        ::1:631                     :::*                  
    LISTEN     0      128        ::1:6010                    :::*                
    
    
    • 更改httpd监听端口为8080,并重启服务
    [root@ansible ~]#ansible websrvs -m shell -a "sed -i 's/^Listen 80/Listen 8080/' /etc/httpd/conf/httpd.conf"
    [WARNING]: Consider using the replace, lineinfile or template module rather
    than running 'sed'.  If you need to use command because replace, lineinfile or
    template is insufficient you can add 'warn: false' to this command task or set
    'command_warnings=False' in ansible.cfg to get rid of this message.
    
    192.168.39.27 | CHANGED | rc=0 >>
    
    
    192.168.39.47 | CHANGED | rc=0 >>
    
    
    192.168.39.37 | CHANGED | rc=0 >>
    
    
    # 重启服务
    [root@ansible ~]#ansible websrvs -m service -a 'name=httpd state=restarted'
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "name": "httpd", 
        "state": "started", 
        "status": {
            "ActiveEnterTimestamp": "Fri 2019-12-06 19:26:56 CST", 
            "ActiveEnterTimestampMonotonic": "636072454", 
            "ActiveExitTimestampMonotonic": "0", 
            "ActiveState": "active", 
            "After": "nss-lookup.target basic.target remote-fs.target -.mount network.target systemd-journald.socket tmp.mount system.slice", 
            "AllowIsolate": "no", 
            "AmbientCapabilities": "0", 
            "AssertResult": "yes", 
            "AssertTimestamp": "Fri 2019-12-06 19:26:56 CST", 
            "AssertTimestampMonotonic": "635957067", 
            "Before": "multi-user.target shutdown.target", 
            "BlockIOAccounting": "no", 
            "BlockIOWeight": "18446744073709551615", 
            "CPUAccounting": "no", 
            "CPUQuotaPerSecUSec": "infinity", 
            "CPUSchedulingPolicy": "0", 
            "CPUSchedulingPriority": "0", 
            "CPUSchedulingResetOnFork": "no", 
            "CPUShares": "1844674407370955161
    .....(省略)
    
    
    # 查看端口
    [root@ansible ~]#ansible websrvs -m shell -a 'ss -ntl'
    192.168.39.37 | CHANGED | rc=0 >>
    State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
    LISTEN     0      128          *:111                      *:*                  
    LISTEN     0      5      192.168.122.1:53                       *:*                  
    LISTEN     0      128          *:22                       *:*                  
    LISTEN     0      128    127.0.0.1:631                      *:*                  
    LISTEN     0      128    127.0.0.1:6010                     *:*                  
    LISTEN     0      128         :::111                     :::*                  
    LISTEN     0      128         :::8080                    :::*             # 修改成功     
    LISTEN     0      128         :::22                      :::*                  
    LISTEN     0      128        ::1:631                     :::*                  
    LISTEN     0      128        ::1:6010                    :::*                  
    
    

    User模块

    功能:管理用户
    
    • 针对服务创建用户
    [root@ansible ~]#ansible websrvs -m user -a 'name=nginx comment=nginx uid=88 group=root groups="bin,daemon" shell=/sbin/nologin system=yes home=/data/nginx non_unique=yes'
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "comment": "nginx", 
        "create_home": true, 
        "group": 0, 
        "groups": "bin,daemon", 
        "home": "/data/nginx", 
        "name": "nginx", 
        "shell": "/sbin/nologin", 
        "state": "present", 
        "system": true, 
        "uid": 88
    }
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "comment": "nginx", 
        "create_home": true, 
        "group": 0, 
        "groups": "bin,daemon", 
        "home": "/data/nginx", 
        "name": "nginx", 
        "shell": "/sbin/nologin", 
        "state": "present", 
        "system": true, 
        "uid": 88
    }
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "comment": "nginx", 
        "create_home": true, 
        "group": 0, 
        "groups": "bin,daemon", 
        "home": "/data/nginx", 
        "name": "nginx", 
        "shell": "/sbin/nologin", 
        "state": "present", 
        "system": true, 
        "uid": 88
    }
    [root@ansible ~]#ansible websrvs -a 'grep nginx /etc/passwd'
    192.168.39.47 | CHANGED | rc=0 >>
    nginx:x:88:0:nginx:/data/nginx:/sbin/nologin
    
    192.168.39.37 | CHANGED | rc=0 >>
    nginx:x:88:0:nginx:/data/nginx:/sbin/nologin
    
    192.168.39.27 | CHANGED | rc=0 >>
    nginx:x:88:0:nginx:/data/nginx:/sbin/nologin
    
    
    • 删除用户
    [root@ansible ~]#ansible websrvs -m user -a 'name=nginx state=absent remove=yes'
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "force": false, 
        "name": "nginx", 
        "remove": true, 
        "state": "absent", 
        "stderr": "userdel: nginx mail spool (/var/spool/mail/nginx) not found
    ", 
        "stderr_lines": [
            "userdel: nginx mail spool (/var/spool/mail/nginx) not found"
        ]
    }
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "force": false, 
        "name": "nginx", 
        "remove": true, 
        "state": "absent", 
        "stderr": "userdel: nginx mail spool (/var/spool/mail/nginx) not found
    ", 
        "stderr_lines": [
            "userdel: nginx mail spool (/var/spool/mail/nginx) not found"
        ]
    }
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "force": false, 
        "name": "nginx", 
        "remove": true, 
        "state": "absent", 
        "stderr": "userdel: nginx mail spool (/var/spool/mail/nginx) not found
    ", 
        "stderr_lines": [
            "userdel: nginx mail spool (/var/spool/mail/nginx) not found"
        ]
    }
    [root@ansible ~]#ansible websrvs -a 'grep nginx /etc/passwd'
    192.168.39.37 | FAILED | rc=1 >>
    non-zero return code
    
    192.168.39.47 | FAILED | rc=1 >>
    non-zero return code
    
    192.168.39.27 | FAILED | rc=1 >>
    non-zero return code
    
    
    • 创建用户不创建家目录(create_home=no)
    [root@ansible ~]#ansible websrvs -m user -a 'name=nginx comment=nginx uid=88 group=root groups="bin,daemon" shell=/sbin/nologin system=yes create_home=no home=/data/nginx non_unique=yes'
    

    Group模块

    功能:管理组
    
    • 模块简介
    [root@ansible ~]#ansible-doc -s group
    - name: Add or remove groups
      group:
          gid:                   # Optional `GID' to set for the group.
          local:                 # Forces the use of "local" command alternatives
                                   on platforms that
                                   implement it.
                                   This is useful in
                                   environments that
                                   use centralized
                                   authentication
                                   when you want to
                                   manipulate the
                                   local groups.
                                   (e.g. it uses
                                   `lgroupadd'
                                   instead of
                                   `groupadd'). This
                                   requires that
                                   these commands
                                   exist on the
                                   targeted host,
                                   otherwise it will
                                   be a fatal error.
          name:                  # (required) Name of the group to manage.
          non_unique:            # This option allows to change the group ID to a
                                   non-unique value.
                                   Requires `gid'.
                                   Not supported on
                                   macOS or BusyBox
                                   distributions.
          state:                 # Whether the group should be present or not on
                                   the remote host.
          system:                # If `yes', indicates that the group created is 
                                   system group.
    
    • 创建组
    [root@ansible ~]#ansible websrvs -m group -a 'name=nginx gid=88 system=yes'
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "gid": 88, 
        "name": "nginx", 
        "state": "present", 
        "system": true
    }
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "gid": 88, 
        "name": "nginx", 
        "state": "present", 
        "system": true
    }
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "gid": 88, 
        "name": "nginx", 
        "state": "present", 
        "system": true
    }
    [root@ansible ~]#ansible websrvs -a 'grep nginx /etc/passwd'
    192.168.39.27 | CHANGED | rc=0 >>
    nginx:x:88:0:nginx:/data/nginx:/sbin/nologin
    
    192.168.39.47 | CHANGED | rc=0 >>
    nginx:x:88:0:nginx:/data/nginx:/sbin/nologin
    
    192.168.39.37 | CHANGED | rc=0 >>
    nginx:x:88:0:nginx:/data/nginx:/sbin/nologin
    
    • 删除组(删除组之前先删除账号)
    [root@ansible ~]#ansible websrvs -m user -a 'name=nginx state=absent'
    192.168.39.47 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "force": false, 
        "name": "nginx", 
        "remove": false, 
        "state": "absent"
    }
    192.168.39.27 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "force": false, 
        "name": "nginx", 
        "remove": false, 
        "state": "absent"
    }
    192.168.39.37 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "force": false, 
        "name": "nginx", 
        "remove": false, 
        "state": "absent"
    }
    [root@ansible ~]#ansible websrvs -a 'grep nginx /etc/passwd'  # 如果组和用户同名都会一起删掉
    192.168.39.47 | FAILED | rc=1 >>
    non-zero return code
    
    192.168.39.27 | FAILED | rc=1 >>
    non-zero return code
    
    192.168.39.37 | FAILED | rc=1 >>
    non-zero return code
    
    # 组删除命令
    [root@ansible ~]#ansible websrvs -m group -a 'name=nginx state=absent'
    
    

    setup模块

    功能:得到远程主机的信息
    
    • 模块简介
    [root@ansible ~]#ansible-doc -s setup
    - name: Gathers facts about remote hosts
      setup:
          fact_path:             # Path used for local ansible facts (`*.fact') -
                                   files in this dir
                                   will be run (if
                                   executable) and
                                   their results be
                                   added to
                                   `ansible_local'
                                   facts if a file
                                   is not executable
                                   it is read. Check
                                   notes for Windows
                                   options. (from
                                   2.1 on)
                                   File/results
                                   format can be
                                   JSON or INI-
                                   format. The
                                   default
                                   `fact_path' can
                                   be specified in
                                   `ansible.cfg' for
                                   when setup is
                                   automatically
                                   called as part of
                                   `gather_facts'.
          filter:                # If supplied, only return facts that match this
                                   shell-style
                                   (fnmatch)
                                   wildcard.
          gather_subset:         # If supplied, restrict the additional facts
                                   collected to the
                                   given subset.
                                   Possible values:
                                   `all', `min',
                                   `hardware',
                                   `network',
                                   `virtual',
    
    
    • 查找指定主机信息
    [root@ansible ~]#ansible 192.168.39.27 -m setup
    192.168.39.27 | SUCCESS => {
        "ansible_facts": {
            "ansible_all_ipv4_addresses": [
                "192.168.39.27", 
                "192.168.122.1"
            ], 
            "ansible_all_ipv6_addresses": [
                "fe80::20c:29ff:fe35:12eb"
            ], 
            "ansible_apparmor": {
                "status": "disabled"
            }, 
            "ansible_architecture": "x86_64", 
            "ansible_bios_date": "04/13/2018", 
            "ansible_bios_version": "6.00", 
            "ansible_cmdline": {
                "BOOT_IMAGE": "/vmlinuz-3.10.0-957.el7.x86_64", 
                "LANG": "en_US.UTF-8", 
                "quiet": true, 
                "rhgb": true, 
                "ro": true, 
                "root": "UUID=71131d8c-e6d0-4104-b270-dcb8d5ae959a"
            }, 
            "ansible_date_time": {
                "date": "2019-12-06", 
                "day": "06", 
                "epoch": "1575633554", 
                "hour": "19", 
                "iso8601": "2019-12-06T11:59:14Z", 
                "iso8601_basic": "20191206T195914616794", 
                "iso8601_basic_short": "20191206T195914", 
                "iso8601_micro": "2019-12-06T11:59:14.616858Z", 
                "minute": "59", 
                "month": "12", 
                "second": "14", 
                "time": "19:59:14", 
    ....(省略太多了)
    
    
    • 指定信息过略查找
    [root@ansible ~]#ansible 192.168.39.27 -m setup -a 'filter="ansible_distribution_file_variety"'
    192.168.39.27 | SUCCESS => {
        "ansible_facts": {
            "ansible_distribution_file_variety": "RedHat", 
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false
    }
    
    这个模块配合playbook使用
    

    比较有用的几个信息以后可以配合使用
    在这里插入图片描述

  • 相关阅读:
    html 入门 "地表最强"干货 你值得拥有
    python信号量
    死锁 与 递归锁
    互斥锁
    进程之间的通讯
    进程与多道技术
    进程对象常用属性
    开启子进程的方式2
    牛客多校赛2K Keyboard Free
    省选刷题小记 (06~10)
  • 原文地址:https://www.cnblogs.com/www233ii/p/11997368.html
Copyright © 2011-2022 走看看