天道神诀--ansible常用模块案例

常用模块案例

---

• yum模块
• copy模块
• get_url模块
• file模块
• service模块
• group模块
• user模块
• cron模块
• mount模块
• selinux模块
• firewalld模块

yum模块 (安装present 卸载absent 升级latest 排除exclude 指定仓库enablerepo)

#示例一、安装当前最新的Apache软件，如果存在则更新
# ansible oldboy -m yum -a "name=httpd state=latest" -i hosts

#示例二、安装当前最新的Apache软件，通过epel仓库安装
# ansible oldboy -m yum -a "name=httpd state=latest enablerepo=epel" -i hosts 

#示例三、通过公网URL安装rpm软件
# ansible oldboy -m yum -a "name=https://mirrors.aliyun.com/zabbix/zabbix/4.2/rhel/7/x86_64/zabbix-agent-4.2.3-2.el7.x86_64.rpm state=latest" -i hosts 

#示例五、更新所有的软件包，但排除和kernel相关的
# ansible oldboy -m yum -a "name=* state=latest exclude=kernel*,foo*" -i hosts

#示例六、删除Apache软件
# ansible oldboy -m yum -a "name=httpd state=absent" -i hosts

copy模块

#示例一、将本地的httpd.conf文件Listen端口修改为9999，然后推送到远端服务。
# ansible oldboy -m copy -a "src=./httpd.conf dest=/etc/httpd/conf/httpd.conf owner=root group=root mode=644" -i hosts

#示例二、将本地的httpd.conf文件Listen端口修改为9090，然后推送到远端，检查远端是否存在上一次的备份文件
# ansible oldboy -m copy -a "src=./httpd.conf dest=/etc/httpd/conf/httpd.conf owner=root group=root mode=644 backup=yes" -i hosts

#示例三、往远程的主机文件中写入内容
# ansible oldboy -m copy -a "content=HttpServer... dest=/var/www/html/index.html" -i hosts 

get_url模块

#示例一、下载互联网的软件至本地
url  ==> http  https  ftp 
# ansible oldboy -m get_url -a "url=http://fj.xuliangwei.com/public/ip.txt dest=/var/www/html/" -i hosts

#示例二、下载互联网文件并进行md5校验(了解)
# ansible oldboy -m get_url -a "url=http://fj.xuliangwei.com/public/ip.txt dest=/var/www/html/ checksum=md5:7b86f423757551574a7499f0aae" -i hosts 

file模块

#示例一、创建文件，并设定属主、属组、权限。
# ansible oldboy -m file -a "path=/var/www/html/tt.html state=touch owner=apache group=apache mode=644" -i hosts 

#示例二、创建目录，并设定属主、属组、权限。
# ansible oldboy -m file -a "path=/var/www/html/dd state=directory owner=apache group=apache mode=755" -i hosts

#示例三、递归授权目录的方式。
# ansible oldboy -m file -a "path=/var/www/html/ owner=apache group=apache mode=755" -i hosts 
# ansible oldboy -m file -a "path=/var/www/html/ owner=apache group=apache recurse=yes" -i hosts

service模块

#示例一、启动Httpd服务
[root@ansible ~]# ansible oldboy -m service -a "name=httpd state=started"

#示例二、重载Httpd服务
[root@ansible ~]# ansible oldboy -m service -a "name=httpd state=reloaded"

#示例三、重启Httpd服务
[root@ansible ~]# ansible oldboy -m service -a "name=httpd state=restarted"

#示例四、停止Httpd服务
[root@ansible ~]# ansible oldboy -m service -a "name=httpd state=stopped"

#示例五、启动Httpd服务，并加入开机自启
[root@ansible ~]# ansible oldboy -m service -a "name=httpd state=started enabled=yes"

group模块

#示例一、创建news基本组，指定uid为9999
# ansible oldboy -m group -a "name=news gid=9999 state=present" -i hosts

#示例二、创建http系统组，指定uid为8888
# ansible oldboy -m group -a "name=http gid=8888 system=yes state=present" -i hosts 

#示例三、删除news基本组
# ansible oldboy -m group -a "name=news state=absent" -i hosts

user模块

#示例一、创建joh用户，uid是1040，主要的组是adm
# ansible oldboy -m user -a "name=joh uid=1040 group=adm" -i hosts

#示例二、创建joh用户，登录shell是/sbin/nologin，追加bin、sys两个组
# ansible oldboy -m user -a "name=joh shell=/sbin/nologin groups=bin,sys" -i hosts 

#示例三、创建jsm用户，为其添加123作为登录密码，并且创建家目录
# ansible localhost -m debug -a "msg={{ '123' | password_hash('sha512', 'salt') }}"
$6$salt$jkHSO0tOjmLW0S1NFlw5veSIDRAVsiQQMTrkOKy4xdCCLPNIsHhZkIRlzfzIvKyXeGdOfCBoW1wJZPLyQ9Qx/1

# ansible oldboy -m user -a 'name=jsm password=$6$salt$jkHSO0tOjmLW0S1NFlw5veSIDRAVsiQQMTrkOKy4xdCCLPNIsHhZkIRlzfzIvKyXeGdOfCBoW1wJZPLyQ9Qx/1 create_home=yes'

#示例四、移除joh用户
# ansible oldboy  -m user -a 'name=joh state=absent remove=yes' -i hosts 

#示例五、创建http用户，并为该用户创建2048字节的私钥，存放在~/http/.ssh/id_rsa
# ansible oldboy  -m user -a 'name=http generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa' -i hosts

cron模块

cron 
#示例一、添加定时任务。每分钟执行一次ls  * * * * * ls >/dev/null
# ansible oldboy -m cron -a "name=job1 job='ls >/dev/null'" -i hosts 

#示例二、添加定时任务，    每天的凌晨2点和凌晨5点执行一次ls。"0 5,2 * * ls >/dev/null
# ansible oldboy -m cron -a "name=job2 minute=0 hour=5,2 job='ls >/dev/null'" -i hosts 

#示例三、关闭定时任务，使定时任务失效
# ansible oldboy -m cron -a "name=job2 minute=0 hour=5,2 job='ls >/dev/null' disabled=yes" -i hosts 

mount模块

present	将挂载信息写入/etc/fstab 			unmounted	卸载临时,不会清理/etc/fstab
mounted	先挂载,在将挂载信息/etc/fstab		absent		卸载临时,也会清理/etc/fstab

#环境准备：将172.16.1.61作为nfs服务端，172.16.1.7、172.16.1.8作为nfs客户端挂载
# ansible localhost -m yum -a 'name=nfs-utils state=present'
# ansible localhost -m file -a 'path=/ops state=directory'
# ansible localhost -m copy -a 'content="/ops 172.16.1.0/24(rw,sync)" dest=/etc/exports'
# ansible localhost -m service -a "name=nfs state=restarted"

#示例一、挂载nfs存储至本地的/opt目录，并实现开机自动挂载
# ansible oldboy -m mount -a "src=172.16.1.61:/ops path=/opt fstype=nfs opts=defaults state=mounted"  

#示例三、永久卸载nfs的挂载，会清理/etc/fstab
# ansible webservers -m mount -a "src=172.16.1.61:/ops path=/opt fstype=nfs opts=defaults state=absent"

selinux模块

# ansible oldboy -m selinux -a "state=disabled"  -i hosts

firewalld模块

# ansible oldboy -m service -a "name=firewalld state=started" -i hosts

示例一 永久放行https的流量,只有重启才会生效
# ansible oldboy -m firewalld -a "zone=public service=https permanent=yes state=enabled" -i hosts 

示例一 永久放行8081端口的流量,只有重启才会生效
# ansible oldboy -m firewalld -a "zone=public port=8080/tcp permanent=yes state=enabled" -i hosts 
	
示例一 放行8080-8090的所有tcp端口流量,临时和永久都生效.
# ansible oldboy -m firewalld -a "zone=public port=8080-8090/tcp permanent=yes immediate=yes state=enabled" -i hosts