一、setup模块
主要用于获取主机信息,在playbooks里面经常给会用到的一个参数gether_facts就与该模块相关。setup模块下经常使用的一个参数是filter参数。 每个被管理节点在接收并运行管理命令之前,会将自己主机相关信息(如系统版本,主机ip地址)告知ansible管理主机 --tree:将所有主机的输出信息保存到指定目录下,以/etc/ansible/hosts里的主机名为文件名 ansible all -m setup -a ‘filter=ansible_default_ipv4’ --tree /tmp/
filter:过滤关键字:
[root@localhost ansible]# ansible 127.0.0.1 -m setup -a 'filter=ansible_default_ipv4'
gather_subset:按子集收集信息,值有all,main,bardware,network,virtual,ohai,facter,不包含使用!号,如,!network
filter参数:
ansible_nodename #节点名字
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_nodename'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_nodename": "ansible"
},
"changed": false
}
ansible_fqdb #fqdn名
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_fqdn'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_fqdn": "ansible"
},
"changed": false
}
ansible_hostname #主机短名称
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_hostname'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_hostname": "ansible"
},
"changed": false
}
ansible_domain #主机域名后缀
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_domain'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_domain": ""
},
"changed": false
}
ansible_memtotal_mb #总物理内存
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_memtotal_mb'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_memtotal_mb": 976
},
"changed": false
}
ansible_swaptotal_mb #swap总大小
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_swaptotal_mb'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_swaptotal_mb": 2047
},
"changed": false
}
ansible_processor #cpu信息
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_processor'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_processor": [
"0",
"GenuineIntel",
"Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz"
]
},
"changed": false
}
ansible_process_cores #cpu核心数量
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_processor_cores'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_processor_cores": 1
},
"changed": false
}
ansible_processor_vcpus #cpu逻辑核心数量
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_processor_vcpus'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_processor_vcpus": 1
},
"changed": false
}
ansible_all_ipv4_addresses #所有ipv4地址
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_all_ipv4_addresses'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.100.120"
]
},
"changed": false
}
ansible_all_ipv6_addresses #所有ipv6地址
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_all_ipv6_addresses'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv6_addresses": [
"fe80::e010:cb1a:204a:861d"
]
},
"changed": false
}
ansible_default_ipv4 #默认网关的网卡配置信息
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_default_ipv4'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_default_ipv4": {
"address": "192.168.100.120",
"alias": "ens33",
"broadcast": "192.168.100.255",
"gateway": "192.168.100.2",
"interface": "ens33",
"macaddress": "00:0c:29:73:fd:2e",
"mtu": 1500,
"netmask": "255.255.255.0",
"network": "192.168.100.0",
"type": "ether"
}
},
"changed": false
}
ansible_ens33 #具体某张网卡信息
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_ens33'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_ens33": {
"active": true,
"device": "ens33",
"features": {
"busy_poll": "off [fixed]",
"fcoe_mtu": "off [fixed]",
"generic_receive_offload": "on",
"generic_segmentation_offload": "on",
"highdma": "off [fixed]",
"hw_tc_offload": "off [fixed]",
"l2_fwd_offload": "off [fixed]",
"large_receive_offload": "off [fixed]",
"loopback": "off [fixed]",
"netns_local": "off [fixed]",
"ntuple_filters": "off [fixed]",
"receive_hashing": "off [fixed]",
"rx_all": "off",
"rx_checksumming": "off",
"rx_fcs": "off",
"rx_vlan_filter": "on [fixed]",
"rx_vlan_offload": "on",
"rx_vlan_stag_filter": "off [fixed]",
"rx_vlan_stag_hw_parse": "off [fixed]",
"scatter_gather": "on",
"tcp_segmentation_offload": "on",
"tx_checksum_fcoe_crc": "off [fixed]",
"tx_checksum_ip_generic": "on",
"tx_checksum_ipv4": "off [fixed]",
"tx_checksum_ipv6": "off [fixed]",
"tx_checksum_sctp": "off [fixed]",
"tx_checksumming": "on",
"tx_fcoe_segmentation": "off [fixed]",
"tx_gre_csum_segmentation": "off [fixed]",
"tx_gre_segmentation": "off [fixed]",
"tx_gso_partial": "off [fixed]",
"tx_gso_robust": "off [fixed]",
"tx_ipip_segmentation": "off [fixed]",
"tx_lockless": "off [fixed]",
"tx_mpls_segmentation": "off [fixed]",
"tx_nocache_copy": "off",
"tx_scatter_gather": "on",
"tx_scatter_gather_fraglist": "off [fixed]",
"tx_sctp_segmentation": "off [fixed]",
"tx_sit_segmentation": "off [fixed]",
"tx_tcp6_segmentation": "off [fixed]",
"tx_tcp_ecn_segmentation": "off [fixed]",
"tx_tcp_mangleid_segmentation": "off",
"tx_tcp_segmentation": "on",
"tx_udp_tnl_csum_segmentation": "off [fixed]",
"tx_udp_tnl_segmentation": "off [fixed]",
"tx_vlan_offload": "on [fixed]",
"tx_vlan_stag_hw_insert": "off [fixed]",
"udp_fragmentation_offload": "off [fixed]",
"vlan_challenged": "off [fixed]"
},
"hw_timestamp_filters": [],
"ipv4": {
"address": "192.168.100.120",
"broadcast": "192.168.100.255",
"netmask": "255.255.255.0",
"network": "192.168.100.0"
},
"ipv6": [
{
"address": "fe80::e010:cb1a:204a:861d",
"prefix": "64",
"scope": "link"
}
],
"macaddress": "00:0c:29:73:fd:2e",
"module": "e1000",
"mtu": 1500,
"pciid": "0000:02:01.0",
"promisc": false,
"speed": 1000,
"timestamping": [
"tx_software",
"rx_software",
"software"
],
"type": "ether"
}
},
"changed": false
}
ansible_dns #网卡dns信息
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_dns'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_dns": {
"nameservers": [
"192.168.100.2",
"114.114.114.114"
]
}
},
"changed": false
}
ansible_architecture #系统架构
x86_64
ansible_machine #主机类型
x86_64
ansible_kernel #内核版本
2.6.32-696.el6.x86_64
ansible_distribution #发行版本
centos
ansible_distribution_release #发行版名称
final
ansible_distribution_major_version #操作系统主版本号
6
ansible_distribution_release #发行版本名称
Final
ansible_distribution_version #完整版本号
7.4.1708
ansible_pkg_mgr #软件包管理方式
yum
ansible_service-mgr #进行服务方式
systemd
ansible_os_family #家族系列
RedHat
ansible_cmdline #内核启动参数
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_cmdline'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_cmdline": {
"BOOT_IMAGE": "/vmlinuz-3.10.0-693.el7.x86_64",
"LANG": "zh_CN.UTF-8",
"crashkernel": "auto",
"quiet": true,
"rd.lvm.lv": "centos/swap",
"rhgb": true,
"ro": true,
"root": "/dev/mapper/centos-root"
}
},
"changed": false
}
ansible_selinux #SElinux状态
disbled
ansible_env #当前环境变量参数
ansible_data_time #时间相关
ansible_python_version #python版本
2.7.5
ansible_lvm #lvm卷相关信息
ansible_mounts #所有挂载点
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_mounts'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_mounts": [
{
"block_available": 4130338,
"block_size": 4096,
"block_total": 4452864,
"block_used": 322526,
"device": "/dev/mapper/centos-root",
"fstype": "xfs",
"inode_available": 8863332,
"inode_total": 8910848,
"inode_used": 47516,
"mount": "/",
"options": "rw,relatime,attr2,inode64,noquota",
"size_available": 16917864448,
"size_total": 18238930944,
"uuid": "282c72d5-8cf6-4ac2-9e6a-64d19ebe2998"
},
{
"block_available": 227195,
"block_size": 4096,
"block_total": 259584,
"block_used": 32389,
"device": "/dev/sda1",
"fstype": "xfs",
"inode_available": 523961,
"inode_total": 524288,
"inode_used": 327,
"mount": "/boot",
"options": "rw,relatime,attr2,inode64,noquota",
"size_available": 930590720,
"size_total": 1063256064,
"uuid": "700f5755-18e9-45b5-ab39-9c699eb0f636"
}
]
},
"changed": false
}
ansible_device_links #所有挂在的设备uuid和卷标名
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_device_links'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_device_links": {
"ids": {
"dm-0": [
"dm-name-centos-root",
"dm-uuid-LVM-rdlock3VAHcB3dNwwyYLym2uGO9gVYLylUjawiCM9Ei01XfqxeDCwuFZGm5GKTN4"
],
"dm-1": [
"dm-name-centos-swap",
"dm-uuid-LVM-rdlock3VAHcB3dNwwyYLym2uGO9gVYLye5ByMZPoe3dex42T2VCoRo0C2Rd4riqf"
],
"sda2": [
"lvm-pv-uuid-f3IVfS-XHtK-6UjN-ZyOj-s1GO-1NdX-ZIh8UN"
]
},
"labels": {},
"masters": {
"sda2": [
"dm-0",
"dm-1"
]
},
"uuids": {
"dm-0": [
"282c72d5-8cf6-4ac2-9e6a-64d19ebe2998"
],
"dm-1": [
"c351d02a-6ffa-41b1-b108-9129dbcac1a2"
],
"sda1": [
"700f5755-18e9-45b5-ab39-9c699eb0f636"
]
}
}
},
"changed": false
}
ansible_devices #所有/dev/下的正在使用的设备信息
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_devices'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_devices": {
"dm-0": {
"holders": [],
"host": "",
"links": {
"ids": [
"dm-name-centos-root",
"dm-uuid-LVM-rdlock3VAHcB3dNwwyYLym2uGO9gVYLylUjawiCM9Ei01XfqxeDCwuFZGm5GKTN4"
],
"labels": [],
"masters": [],
"uuids": [
"282c72d5-8cf6-4ac2-9e6a-64d19ebe2998"
]
},
"model": null,
"partitions": {},
"removable": "0",
"rotational": "1",
"sas_address": null,
"sas_device_handle": null,
"scheduler_mode": "",
"sectors": "35643392",
"sectorsize": "512",
"size": "17.00 GB",
"support_discard": "0",
"vendor": null,
"virtual": 1
},
"dm-1": {
"holders": [],
"host": "",
"links": {
"ids": [
"dm-name-centos-swap",
"dm-uuid-LVM-rdlock3VAHcB3dNwwyYLym2uGO9gVYLye5ByMZPoe3dex42T2VCoRo0C2Rd4riqf"
],
"labels": [],
"masters": [],
"uuids": [
"c351d02a-6ffa-41b1-b108-9129dbcac1a2"
]
},
"model": null,
"partitions": {},
"removable": "0",
"rotational": "1",
"sas_address": null,
"sas_device_handle": null,
"scheduler_mode": "",
"sectors": "4194304",
"sectorsize": "512",
"size": "2.00 GB",
"support_discard": "0",
"vendor": null,
"virtual": 1
},
"sda": {
"holders": [],
"host": "SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 01)",
"links": {
"ids": [],
"labels": [],
"masters": [],
"uuids": []
},
"model": "VMware Virtual S",
"partitions": {
"sda1": {
"holders": [],
"links": {
"ids": [],
"labels": [],
"masters": [],
"uuids": [
"700f5755-18e9-45b5-ab39-9c699eb0f636"
]
},
"sectors": "2097152",
"sectorsize": 512,
"size": "1.00 GB",
"start": "2048",
"uuid": "700f5755-18e9-45b5-ab39-9c699eb0f636"
},
"sda2": {
"holders": [
"centos-root",
"centos-swap"
],
"links": {
"ids": [
"lvm-pv-uuid-f3IVfS-XHtK-6UjN-ZyOj-s1GO-1NdX-ZIh8UN"
],
"labels": [],
"masters": [
"dm-0",
"dm-1"
],
"uuids": []
},
"sectors": "39843840",
"sectorsize": 512,
"size": "19.00 GB",
"start": "2099200",
"uuid": null
}
},
"removable": "0",
"rotational": "1",
"sas_address": null,
"sas_device_handle": null,
"scheduler_mode": "deadline",
"sectors": "41943040",
"sectorsize": "512",
"size": "20.00 GB",
"support_discard": "0",
"vendor": "VMware,",
"virtual": 1
}
}
},
"changed": false
}
ansible_user_dir #执行用户的家目录
root
ansible_user_gecos #执行用户的描述信息
the root
ansible_user_gid #执行用户的gid
0
ansible_user_id #执行用户的用户名
root
ansible_user_shell #执行用户的shell类型
/bin/bash
ansible_user_uid #执行用户的uid
0
二、command模块
介绍
command命令模块,默认模块,用于在远程执行命令(不能使用变量)
参数:
creates:一个文件名,该文件存在,则该命令不执行
free_from:要执行的linux指令
chdir:在执行指令之前,先切换到该指定的目录
removes:一个文件名,当该文件不存在,则该选项不执行
executable:切换shell来执行指令,该执行路径必须是一个绝对路径
三、cron定时任务模块
1、backup:对远程主机上的原计划任务内容修改之前做备份
2、cron_file:如果指定该选项。则用该文件替换远程主机上的cron.d目录下的用户的任务计划
3、day:日(1-31,*,*、2,....)
4、hours:小时(0-23,*,*、2,....)
5、minute:分钟
6、month:月
7、weekday:周
8、job:要执行的任务,依赖state=present
9、name:该任务的描述
10、special_time:指定什么时候执行,参数:reboot,yearly,annually,monthly,weekly
11、state:确认该任务计划是创建还是删除
12、user:以哪个用户的身份执行
[root@ansible tmp]# ansible test -m cron -a 'minute="*/10" job="/bin/date" name="test cron job" state="present"'
192.168.100.120 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test cron job"
]
}
注意:
1、定时设置指定值的写入即可,没有设置的可以不写(默认是*)
2、name必须写
3、state有两个状态:present(添加(默认值))或 absent(移除)
[root@ansible tmp]# ansible test -a 'crontab -l'
192.168.100.120 | SUCCESS | rc=0 >>
#Ansible: test cron job
*/10 * * * * /bin/date
#######删除计划任务
[root@ansible tmp]# ansible test -m cron -a 'minute="*/10" job="/bin/date" name="test cron job" state="absent"'
192.168.100.120 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": []
}
#####查询计划任务
[root@ansible tmp]# ansible test -a "crontab -l"
192.168.100.120 | SUCCESS | rc=0 >>
四、user/group模块
user模块是请求的是useradd、userdel、usermod,group请求的是groupadd、groupdel、groupdel
参数介绍:
groups:指定用户的属组
uid:指定用的uid
password:为用户设置密码登录,此密码是铭文密码,输入的是加密后的密码
update_password:always/on_create
always:只有当密码不相同时才会更新密码(默认)
on_create:只为新用户设置密码
name:指定用户名
createhome:是否创建家目录 yes|no(默认是yes)
system:是否为系统用户
remove:当state=absent时,remove=yes则表示连同家目录一起删除,等价于userdel -r(默认是no)
state:是创建还是删除present(添加 默认值)or absent(移除)
shell:指定用户的shell环境
append:yes/no
yes:增量添加group
no:全量变更group,只设置groups指定group组(默认)
expires:设置用户的过期时间,值是一个时间戳
注意事项:指定password参数时,不能使用后面这遗传密码会被直接传送到被管理主机的/etc/shadow文件中,所以需要先将密码字符串进行加密处理。然后将得到的字符串放到password中即可
范例:
- user: name=johnd comment="John Doe" uid=1040 group=admin - user: name=james shell=/bin/bash groups=admins,developers append=yes - user: name=johnd state=absent remove=yes - user: name=james18 shell=/bin/zsh groups=developers expires=1422403387 #生成密钥时,只会生成公钥文件和私钥文件,和直接使用ssh-keygen指令效果相同,不会生成authorized_keys文件。 - user: name=test generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
生成加密的密码:
1、安装python-pip,安装加密函数库-passlib
yum -y install python-pip pip install --upgrade pip pip install passlib
2、使用加密函数库,获取密文密码
# python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))" Password: $6$0lwTSmqKOkL.ktgl$OnBexXC7haBf0FRHVMIZM2edDeFWBbpKJ2r9cxVwNvY.vh3IIUzwFz8n7jFglc0CrtQSY12ziDonVL6e71Og2.
3、创建用户,指定用户密码
ansible test -m user -a 'name="testops" password="$6$0lwTSmqKOkL.ktgl$OnBexXC7haBf0FRHVMIZM2edDeFWBbpKJ2r9cxVwNvY.vh3IIUzwFz8n7jFglc0CrtQSY12ziDonVL6e71Og2."'
4、用户删除:
[root@ansible ~]# ansible test -m user -a 'name="test" state="absent" remove="yes"'
192.168.100.120 | SUCCESS => {
"changed": true,
"force": false,
"name": "test",
"remove": true,
"state": "absent"
}
五、copy模块
复制文件
参数介绍: 1、backup:在覆盖之前的源文件备份,备份文件包含时间信息,有两个选项:yes|no 2、content:用于代替“src”,可以直接设定指定文件的值 3、desc:必选项,要将源文件复制到远程主机的绝对路径,如果源文件是一个目录,那么该路径也必须是一个目录 4、directory_mode:递归的设定目录的权限,默认为系统默认权限 5、force:如果目标主机包含该文件,但内容不同,如果设置为yes,则强制覆盖,如果为no,则只有当目标位置不存在该文件时,才复制,默认为yes
6、others:所有的file模块里选项都可以在这里使用
7、src:要复制到远程主机的文件在本地的地址,可以是绝对路径,也可以是相对路径。如果路径是一个目录,它将递归复制,在这种情况下,如果路径使用“/”来结尾,则只复制目录里的内容,如果没有使用“/”来结尾,则包含目录在内的整个内容全部复制,雷士rsync