Ansible Ad-Hoc 组件详解
- 前言
- 一、命令执行
- 1、shell
- 2、command
- 3、remove
- 二、包管理
- 1、yum_repository
- 2、yum
- 三、服务管理模块
- 1、service
- 四、用户管理
- 1、group
- 2、user
- 五、计划任务
- 1、cron
- 六、文件操作
- 1、file
- 2、copy
- 3、fetch
- 4、lineinfile
- 5、synchronize
- 6、unarchive
- 七、防火墙管理
- 八、网络工具
- 1、get_url
- 九、磁盘管理
- 1、parted
- 2、lvg
- 3、lvol
- 4、filesystem
- 5、mount
- 总结
前言
在 Ansible 中有 8 个主要的 Ansible 管理工具, 每个管理工具都是一系列的模块 、 参数支持。 随时可获取的帮助信息对了解掌握 Ansible 系统非常重要。 对于Ansible 每个工具, 都可以简单地在命令后面加上 -h 或-help 直接获取帮助。
提示:本篇文章所使用的环境为centos-8.2基于ansible-2.8.0 搭建
具体环境搭建,请参考:ansible-2.8.0 搭建链接
ansible是指令核心部分,其主要用于执行ad-hoc命令,即单条命令。默认后面需要跟主机和选项部分,默认不指定模块时,使用的是command模块。
注意, 如果使用 Ad-hoc 命令, Ansible 的一些插件功能就无法使用, 比如 loop、facts 功能等
一、命令执行
1、shell
shell 模块用法和command一样,不过的是其是通过/bin/sh进行执行,所以shell 模块可以执行任何命令,就像在本机执行一样,“ It is almost exactly like the command module but runs the command through a shell (/bin/sh) on the remote node.”
注解:shell模块调用的/bin/sh指令执行
#获取所有受控节点主机名
[student@ansible-server ansible]$ ansible all -m shell -a 'hostname' -o
node04 | CHANGED | rc=0 | (stdout) Ansible-node04
node03 | CHANGED | rc=0 | (stdout) Ansible-node03
node02 | CHANGED | rc=0 | (stdout) Ansible-node02
node01 | CHANGED | rc=0 | (stdout) Ansible-node01
#查看所有受控节点交换分区的使用情况
[student@ansible-server ansible]$ ansible all -m shell -a 'free | grep Swap' -o
node04 | CHANGED | rc=0 | (stdout) Swap: 2097148 0 2097148
node02 | CHANGED | rc=0 | (stdout) Swap: 2097148 0 2097148
node03 | CHANGED | rc=0 | (stdout) Swap: 2097148 0 2097148
node01 | CHANGED | rc=0 | (stdout) Swap: 2097148 0 2097148
#切换到指定目录,执行重定向操作
[student@ansible-server ansible]$ ansible all -m shell -a 'chdir=/opt date > data.txt' -o
node04 | CHANGED | rc=0 | (stdout)
node01 | CHANGED | rc=0 | (stdout)
node03 | CHANGED | rc=0 | (stdout)
node02 | CHANGED | rc=0 | (stdout)
[student@ansible-server ansible]$ ansible all -m shell -a 'cat /opt/data.txt' -o
node04 | CHANGED | rc=0 | (stdout) Thu Sep 24 20:50:17 CST 2020
node02 | CHANGED | rc=0 | (stdout) Thu Sep 24 20:50:17 CST 2020
node03 | CHANGED | rc=0 | (stdout) Thu Sep 24 20:50:17 CST 2020
node01 | CHANGED | rc=0 | (stdout) Thu Sep 24 20:50:17 CST 2020
#creates
[student@ansible-server ansible]$ ansible all -m shell -a 'chdir=/tmp creates=/opt/data.txt pwd' -o
node04 | SUCCESS | rc=0 | (stdout) skipped, since /opt/data.txt exists
node03 | SUCCESS | rc=0 | (stdout) skipped, since /opt/data.txt exists
node02 | SUCCESS | rc=0 | (stdout) skipped, since /opt/data.txt exists
node01 | SUCCESS | rc=0 | (stdout) skipped, since /opt/data.txt exists
#remove
[student@ansible-server ansible]$ ansible all -m shell -a 'chdir=/tmp removes=/opt/data.txt pwd' -o
node02 | CHANGED | rc=0 | (stdout) /tmp
node03 | CHANGED | rc=0 | (stdout) /tmp
node04 | CHANGED | rc=0 | (stdout) /tmp
node01 | CHANGED | rc=0 | (stdout) /tmp
2、command
command 模块通过-a跟上要执行的命令可以直接执行,不过命令里如果有带有如下字符部分则执行不成功 “
so variables like $HOME and operations like “<”, “>”, “|”, and “&” will not work (use the shell module if you need these features).”
[student@ansible-server ansible]$ ansible all -a 'free' -o
node01 | CHANGED | rc=0 | (stdout) total used free shared buff/cache available\nMem: 810492 235692 326508 5756 248292 440280\nSwap: 2097148 0 2097148
node04 | CHANGED | rc=0 | (stdout) total used free shared buff/cache available\nMem: 810492 233220 323904 5756 253368 442568\nSwap: 2097148 0 2097148
node03 | CHANGED | rc=0 | (stdout) total used free shared buff/cache available\nMem: 810492 238436 323520 5764 248536 437580\nSwap: 2097148 0 2097148
node02 | CHANGED | rc=0 | (stdout) total used free shared buff/cache available\nMem: 810492 238860 329300 5756 242332 437112\nSwap: 2097148 0 2097148
3、remove
remove 模块用法和shell 模块一样 ,其也可以执行任意命令,就像在本机执行一样,“Executes a low-down and dirty SSH command, not going through the module subsystem. There is no change handler support for this module. This module does not require python on the remote system”
[student@ansible-server ansible]$ ansible all -m raw -a 'date' -o
node03 | CHANGED | rc=0 | (stdout) Thu Sep 24 21:21:13 CST 2020\r\n (stderr) Shared connection to node03 closed.\r\n
node02 | CHANGED | rc=0 | (stdout) Thu Sep 24 21:21:13 CST 2020\r\n (stderr) Shared connection to node02 closed.\r\n
node04 | CHANGED | rc=0 | (stdout) Thu Sep 24 21:21:13 CST 2020\r\n (stderr) Shared connection to node04 closed.\r\n
node01 | CHANGED | rc=0 | (stdout) Thu Sep 24 21:21:13 CST 2020\r\n (stderr) Shared connection to node01 closed.\r\n
注:" " 中接受shell命令
PS:三个模块的区别
shell:几乎支持Linux所有的命令
command:除了输入、输出、管道以及后台操作命令,和 shell 模块类似
raw:和 shell 模块类似,但这种模块带有的参数较少
二、包管理
1、yum_repository
#为受控节点主机配置yum源
[student@ansible-server ansible]$ ansible all -m yum_repository -a 'name=ansible-2.8.0 description=ansible-2.8.0 baseurl=http://192.168.5.3/ansible/Packages/ gpgcheck=no enabled=yes'
#检测配置的yum源
[student@ansible-server ansible]$ ansible all -m shell -a 'yum repolist' -o
node02 | CHANGED | rc=0 | (stdout) repo id repo name\nAppStream CentOS-8 - AppStream\nBaseOS CentOS-8 - Base\nansible-2.8.0 ansible-2.8.0\nextras CentOS-8 - Extras
node01 | CHANGED | rc=0 | (stdout) repo id repo name\nAppStream CentOS-8 - AppStream\nBaseOS CentOS-8 - Base\nansible-2.8.0 ansible-2.8.0\nextras CentOS-8 - Extras
node03 | CHANGED | rc=0 | (stdout) repo id repo name\nAppStream CentOS-8 - AppStream\nBaseOS CentOS-8 - Base\nansible-2.8.0 ansible-2.8.0\nextras CentOS-8 - Extras
node04 | CHANGED | rc=0 | (stdout) repo id repo name\nAppStream CentOS-8 - AppStream\nBaseOS CentOS-8 - Base\nansible-2.8.0 ansible-2.8.0\nextras CentOS-8 - Extras
#移除配置的yum源
[student@ansible-server ansible]$ ansible all -m yum_repository -a 'name=ansible-2.8.0 state=absent' -o
node04 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"},"changed": false,"repo": "ansible-2.8.0","state": "absent"}
node02 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"},"changed": false,"repo": "ansible-2.8.0","state": "absent"}
node03 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"},"changed": false,"repo": "ansible-2.8.0","state": "absent"}
node01 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"},"changed": false,"repo": "ansible-2.8.0","state": "absent"}
#再次检测yum源
[student@ansible-server ansible]$ ansible all -m shell -a 'yum list | grep ansible' -o
node02 | CHANGED | rc=0 | (stdout) ansible-freeipa.noarch 0.1.8-3.el8 AppStream \ncentos-release-ansible-29.noarch 1-2.el8 extras
node03 | CHANGED | rc=0 | (stdout) ansible-freeipa.noarch 0.1.8-3.el8 AppStream \ncentos-release-ansible-29.noarch 1-2.el8 extras
node04 | CHANGED | rc=0 | (stdout) ansible-freeipa.noarch 0.1.8-3.el8 AppStream \ncentos-release-ansible-29.noarch 1-2.el8 extras
node01 | CHANGED | rc=0 | (stdout) ansible-freeipa.noarch 0.1.8-3.el8 AppStream \ncentos-release-ansible-29.noarch 1-2.el8 extras
2、yum
yum、dnf 都是软连接,用法一致(仅掌握一种用法即可,此处介绍yum方式的用法)
[student@ansible-server ansible]$ ll `which yum`
lrwxrwxrwx. 1 root root 5 Apr 25 03:57 /usr/bin/yum -> dnf-3
[student@ansible-server ansible]$ ll `which dnf`
lrwxrwxrwx. 1 root root 5 Apr 25 03:57 /usr/bin/dnf -> dnf-3
#为所有节点安装软件包
[student@ansible-server ansible]$ ansible all -m yum -a 'name=nginx state=present'
#为所有节点安装最新的软件包
[student@ansible-server ansible]$ ansible all -m yum -a 'name=nginx state=latest'
#为所有节点卸载软件包
[student@ansible-server ansible]$ ansible all -m yum -a 'name=nginx state=absent'
#升级test组主机所有到软件到最新版本
[student@Ansible-Server ansible]$ ansible test -m yum -a 'name=* state=latest'
#安装本地或者外部提供的软件包
[student@Ansible-Server ansible]$ ansible all -m yum -a 'name=http://rpmfind.net/linux/epel/8/Everything/x86_64/Packages/s/sl-5.02-1.el8.x86_64.rpm'
三、服务管理模块
1、service
#启动所有受控节点nginx服务
[student@Ansible-Server ansible]$ ansible all -m service -a 'name=nginx state=started'
#检查受控节点服务运行状况
[student@Ansible-Server ansible]$ ansible all -m shell -a 'systemctl is-active nginx' -o
node03 | CHANGED | rc=0 | (stdout) active
node01 | CHANGED | rc=0 | (stdout) active
node02 | CHANGED | rc=0 | (stdout) active
node04 | CHANGED | rc=0 | (stdout) active
#设置nginx服务开机自启
[student@Ansible-Server ansible]$ ansible all -m service -a 'name=nginx enabled=yes'
#查看nginx服务是否开机自启
[student@Ansible-Server ansible]$ ansible all -m shell -a 'systemctl is-enabled nginx' -o
#关闭nginx服务开机自启、停止服务的运行
[student@Ansible-Server ansible]$ ansible all -m service -a 'name=nginx enabled=no state=stopped'
四、用户管理
1、group
#创建一个uid 666的组
[student@Ansible-Server ansible]$ ansible all -m group -a 'name=it gid=666 system=yes state=present'
#查看所创建的组
[student@Ansible-Server ansible]$ ansible all -m shell -a 'grep ^it /etc/group' -o
node01 | CHANGED | rc=0 | (stdout) it:x:666:
node02 | CHANGED | rc=0 | (stdout) it:x:666:
node03 | CHANGED | rc=0 | (stdout) it:x:666:
node04 | CHANGED | rc=0 | (stdout) it:x:666:
注:state 可以不用写,默认state的值是present,即若不存在则创建
2、user
- 使用python 环境生成用户登录密码
[root@Ansible-Server ~]# python3
Python 3.8.0 (default, May 7 2020, 02:49:39)
[GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt
>>> crypt.crypt('123')
'$6$6V5NpO.zFaFQgygP$fE/lkbdXCGnv2TgtoO9Q66KqheRtnFRYIPoQnYC.KKpzJ8Yyle.KKjxedmIs0hqrnKybpO3jMOKu4q5PiyMHR0'
- 用户管理操作
#在所有被控节点主机上常见tom用户,所属组-it,
[student@Ansible-Server ansible]$ ansible all -m user -a "name=tom group=it password='$6$6V5NpO.zFaFQgygP$fE/lkbdXCGnv2TgtoO9Q66KqheRtnFRYIPoQnYC.KKpzJ8Yyle.KKjxedmIs0hqrnKybpO3jMOKu4q5PiyMHR0'"
#查看创建的tom 用户
[student@Ansible-Server ansible]$ ansible all -m shell -a 'tail -1 /etc/passwd' -o
node03 | CHANGED | rc=0 | (stdout) tom:x:1002:666::/home/tom:/bin/bash
node01 | CHANGED | rc=0 | (stdout) tom:x:1002:666::/home/tom:/bin/bash
node04 | CHANGED | rc=0 | (stdout) tom:x:1002:666::/home/tom:/bin/bash
node02 | CHANGED | rc=0 | (stdout) tom:x:1002:666::/home/tom:/bin/bash
#创建bob用户,添加所属附加组-it
[student@Ansible-Server ansible]$ ansible all -m user -a 'name=bob groups=it'
#查看创建结果
[student@Ansible-Server ansible]$ ansible all -m shell -a 'groupmems -g it -l' -o
node01 | CHANGED | rc=0 | (stdout) bob
node03 | CHANGED | rc=0 | (stdout) bob
node02 | CHANGED | rc=0 | (stdout) bob
node04 | CHANGED | rc=0 | (stdout) bob
#为bob用户生成秘钥对
[student@ansible-server ansible]$ ansible all -m user -a 'name=bob generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=./ssh/id_rsa'
#查看所生产的秘钥对
[student@ansible-server ansible]$ ansible all -m shell -a 'ls -la ~bob/ssh'
node02 | CHANGED | rc=0 >>
total 8
drwx------. 2 bob bob 38 Sep 25 22:55 .
drwx------. 3 bob bob 87 Sep 25 22:55 ..
-rw-------. 1 bob bob 1843 Sep 25 22:55 id_rsa
-rw-r--r--. 1 bob bob 409 Sep 25 22:55 id_rsa.pub
node04 | CHANGED | rc=0 >>
total 8
drwx------. 2 bob bob 38 Sep 25 22:55 .
drwx------. 3 bob bob 87 Sep 25 22:55 ..
-rw-------. 1 bob bob 1856 Sep 25 22:55 id_rsa
-rw-r--r--. 1 bob bob 417 Sep 25 22:55 id_rsa.pub
node01 | CHANGED | rc=0 >>
total 8
drwx------. 2 bob bob 38 Sep 25 22:55 .
drwx------. 3 bob bob 87 Sep 25 22:55 ..
-rw-------. 1 bob bob 1856 Sep 25 22:55 id_rsa
-rw-r--r--. 1 bob bob 417 Sep 25 22:55 id_rsa.pub
node03 | CHANGED | rc=0 >>
total 8
drwx------. 2 bob bob 38 Sep 25 22:55 .
drwx------. 3 bob bob 87 Sep 25 22:55 ..
-rw-------. 1 bob bob 1843 Sep 25 22:55 id_rsa
-rw-r--r--. 1 bob bob 417 Sep 25 22:55 id_rsa.pub
五、计划任务
1、cron
#ansible 配置计划任务--凌晨每天2:30 备份nginx网页文件
[student@ansible-server ansible]$ ansible all -m cron -a "name=backup-web minute=30 hour=2 job='[ -d /bak ] || mkdir /bak; tar czf /bak/web.tar.gz /usr/share/nginx/html'"
#查看计划任务是否生效
[student@ansible-server ansible]$ ansible all -m shell -a 'crontab -l' -o
node02 | CHANGED | rc=0 | (stdout) #Ansible: backup-web\n30 2 * * * [ -d /bak ] || mkdir /bak; tar czf /bak/web.tar.gz /usr/share/nginx/html
node03 | CHANGED | rc=0 | (stdout) #Ansible: backup-web\n30 2 * * * [ -d /bak ] || mkdir /bak; tar czf /bak/web.tar.gz /usr/share/nginx/html
node04 | CHANGED | rc=0 | (stdout) #Ansible: backup-web\n30 2 * * * [ -d /bak ] || mkdir /bak; tar czf /bak/web.tar.gz /usr/share/nginx/html
node01 | CHANGED | rc=0 | (stdout) #Ansible: backup-web\n30 2 * * * [ -d /bak ] || mkdir /bak; tar czf /bak/web.tar.gz /usr/share/nginx/html
#任意节点主机查看备份数据
[root@node04 ~]# ll /bak/
total 8
-rw-r--r--. 1 root root 6629 Sep 25 02:30 web.tar.gz
#删除计划任务
[student@ansible-server ansible]$ ansible all -m cron -a 'name=backup-web state=absent'
查看计划任务列表
[student@ansible-server ansible]$ ansible all -m shell -a 'crontab -l' -o
node04 | CHANGED | rc=0 | (stdout)
node02 | CHANGED | rc=0 | (stdout)
node01 | CHANGED | rc=0 | (stdout)
node03 | CHANGED | rc=0 | (stdout)
六、文件操作
1、file
- 普通文件
创建普通文件text_file1(若该文件已经存在,则会更新文件的时间戳)
[student@Ansible-Server ansible]$ ansible prod -m file -a 'path=/tmp/text_file1 state=touch'
查看所创建的文件
[student@Ansible-Server ansible]$ ansible prod -m shell -a 'ls -l /tmp'
node03 | CHANGED | rc=0 >>
total 0
drwx------. 3 root root 79 Sep 25 23:55 ansible_command_payload_tp7jw4l1
drwx------. 3 root root 79 Sep 26 05:50 ansible_command_payload_xt0pfnid
drwx------. 3 root root 17 Sep 25 22:34 systemd-private-3a7c95ba85514ef5b133d601540a5b4f-chronyd.service-rHr9Vg
-rw-r--r--. 1 root root 0 Sep 26 05:49 text_file1
node04 | CHANGED | rc=0 >>
total 0
drwx------. 3 root root 79 Sep 25 08:56 ansible_command_payload_8n6tgcwg
drwx------. 3 root root 79 Sep 25 03:02 ansible_command_payload_9wf6y6y2
drwx------. 3 root root 17 Sep 25 07:25 systemd-private-637d5b5606b54349b7082a8048554080-chronyd.service-eEQNbp
-rw-r--r--. 1 root root 0 Sep 25 08:55 text_file1
#为text_file1创建软链接文件
[student@Ansible-Server ansible]$ ansible prod -m file -a 'src=/tmp/text_file1 path=/tmp/soft_link_text_file1 state=link'
#三、四号节点主机查看链接文件
[root@Ansible-node03 ~]# ll /tmp/soft_link_text_file1
lrwxrwxrwx. 1 root root 15 Sep 26 05:58 /tmp/soft_link_text_file1 -> /tmp/text_file1
[root@Ansible-node04 ~]# ll /tmp/soft_link_text_file1
lrwxrwxrwx. 1 root root 15 Sep 25 09:04 /tmp/soft_link_text_file1 -> /tmp/text_file1
#删除软连接
[student@Ansible-Server ansible]$ ansible prod -m file -a 'path=/tmp/soft_link_text_file1 state=link state=absent'
#查看结果
[root@Ansible-node03 ~]# ll /tmp/soft_link_text_file1
ls: cannot access '/tmp/soft_link_text_file1': No such file or directory
[root@Ansible-node04 ~]# ll /tmp/soft_link_text_file1
ls: cannot access '/tmp/soft_link_text_file1': No such file or directory
- 目录文件
#创建目录文件(若该文件存在,则不做任何操作)
[student@Ansible-Server ansible]$ ansible node04 -m file -a 'path=/opt/dir1 state=directory'
#递归创建目录文件
[student@Ansible-Server ansible]$ ansible node04 -m file -a 'path=/opt/dir2/dir22 state=directory recurse=yes'
#查看创建结果
[root@Ansible-node04 ~]# tree /opt/
/opt/
├── dir1
└── dir2
└── dir22
#删除目录文件
[student@Ansible-Server ansible]$ ansible node04 -m file -a 'path=/opt/dir2/dir22 state=absent '
[student@Ansible-Server ansible]$ ansible node04 -m file -a 'path=/opt/dir2/ state=absent '
#查看结果
[root@Ansible-node04 ~]# tree /opt/
/opt/
└── dir1
2、copy
#复制文件 a.txt 到远端节点主机
[student@Ansible-Server ansible]$ ansible node04 -m copy -a 'src=/home/student/ansible/a.txt dest=/opt mode=755'
#查看复制结果
[root@Ansible-node04 ~]# ll /opt/
total 0
-rwxr-xr-x. 1 root root 0 Sep 25 10:41 a.txt
drwxr-xr-x. 2 root root 6 Sep 25 09:21 dir1
#更改nginx服务网页文件内容为 "hello wlecome to nginx_web_server"
[student@Ansible-Server ansible]$ ansible node01 -m copy -a "content='hello wlecome to nginx_web_server\n' dest=/usr/share/nginx/html/index.html"
#测试结果
[root@Ansible-node01 html]# curl http://192.168.5.4
hello wlecome to nginx_web_server
3、fetch
#复制被控节点主机文件到控制端主机,主机名/IP以目录的形式作为层级结构拷贝
[student@Ansible-Server ansible]$ ansible all -m fetch -a 'src=/etc/hosts dest=.'
#查看复制结果
[student@Ansible-Server ansible]$ ll
total 8
-rw-rw-r--. 1 student student 188 Sep 24 16:21 ansible.cfg
-rw-rw-r--. 1 student student 0 Sep 26 07:22 a.txt
-rw-rw-r--. 1 student student 93 Sep 24 15:46 inventory
drwxrwxr-x. 3 student student 17 Sep 26 08:16 node01
drwxrwxr-x. 3 student student 17 Sep 26 08:16 node02
drwxrwxr-x. 3 student student 17 Sep 26 08:16 node03
drwxrwxr-x. 3 student student 17 Sep 26 08:16 node04
drwxrwxr-x. 2 student student 6 Sep 24 15:56 roles
[student@Ansible-Server ansible]$ more node01/etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.5.3 ansible-server
192.168.5.4 node01
192.168.5.5 node02
192.168.5.6 node03
192.168.5.7 node04
4、lineinfile
#修改selinux配置文件中参数SELINUX为disable
[student@Ansible-Server ansible]$ ansible node01 -m lineinfile -a 'path=/etc/selinux/config regexp="^SELINUX=" line=SELINUX=disabled'
#查看修改结果
[root@Ansible-node01 html]# grep ^SELINUX= /etc/selinux/config
SELINUX=disabled
#执行删除操作
[student@Ansible-Server ansible]$ ansible node01 -m lineinfile -a 'path=/etc/selinux/config regexp="^#" state=absent'
#查看执行结果
[root@Ansible-node01 html]# more /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
#在特定位置插入字符
[student@Ansible-Server ansible]$ ansible node01 -m lineinfile -a 'path=/root/anaconda-ks.cfg regexp="^#ver" insertbefore="^ver" line="###"'
#查看修改结果
[root@Ansible-node01 ~]# head -1 anaconda-ks.cfg
###
#在特定行前插入字符
[student@Ansible-Server ansible]$ ansible node01 -m lineinfile -a 'path=/root/file insertbefore="^=" line=hello'
#在特定行后插入字符
[student@Ansible-Server ansible]$ ansible node01 -m lineinfile -a 'path=/root/file insertafter="^=" line=hi'
查看修改结果
[root@Ansible-node01 ~]# more file
hello
=
hi
#删除指定的行
[student@Ansible-Server ansible]$ ansible node01 -m lineinfile -a 'path=/root/file regexp="=" state=absent'
#查看修改结果
[root@Ansible-node01 ~]# more file
hello
hi
5、synchronize
#所有主机安装rsync软件
[student@Ansible-Server ansible]$ ansible all -m yum -a 'name=rsync state=present'
[student@Ansible-Server ansible]$ sudo dnf install rsync -y
#将本地file文件推向被控节点主机
[student@Ansible-Server ansible]$ ansible node03 -m synchronize -a 'src=file dest=/tmp'
#查看结果
[root@Ansible-node03 ~]# ll /tmp/file
-rw-rw-r--. 1 student student 15 Sep 26 09:29 /tmp/file
#将远端主机文件拉取主控节点
[student@Ansible-Server ansible]$ ansible node03 -m synchronize -a 'src=/tmp/file dest=/tmp mode=pull'
#查看拉取的文件
[student@Ansible-Server ansible]$ ll /tmp/file
-rw-rw-r--. 1 student student 25 Sep 26 10:46 /tmp/file
6、unarchive
- unarchive模块用来解压文件
- 选项:
- copy:在解压文件之前,是否先将文件复制到远程主机,默认为yes。>若为no,则要求目标主机上压缩包必须存在
- creates:指定一个文件名,当该文件存在时,则解压指令不执行
- dest:远程主机上的一个路径,即文件解压的绝对路径。
- group:解压后的目录或文件的属组
- mode:解压后文件的权限
- src:如果copy为yes,则需要指定压缩文件的源路径
- owner:解压后文件或目录的属主
#将Ansible管理主机上的nginx包解压至被管理机器/opt目录
[student@Ansible-Server ansible]$ ansible all -m unarchive -a 'src=/tmp/nginx-1.16.1-2.fc32.x86_64.rpm.tar.gz dest=/opt copy=yes'
#查看压缩结果
[student@Ansible-Server ansible]$ ansible all -m shell -a 'ls -l /opt' -o
node01 | CHANGED | rc=0 | (stdout) total 568\n-rw-r--r--. 1 root root 581238 Jan 30 2020 nginx-1.16.1-2.fc32.x86_64.rpm
node02 | CHANGED | rc=0 | (stdout) total 568\n-rw-r--r--. 1 root root 581238 Jan 30 2020 nginx-1.16.1-2.fc32.x86_64.rpm
node04 | CHANGED | rc=0 | (stdout) total 568\n-rw-r--r--. 1 root root 581238 Jan 30 2020 nginx-1.16.1-2.fc32.x86_64.rpm
node03 | CHANGED | rc=0 | (stdout) total 568\n-rw-r--r--. 1 root root 581238 Jan 30 2020 nginx-1.16.1-2.fc32.x86_64.rpm
七、防火墙管理
用途:用于将文件或软件通过http、https或者ftp下载到本地节点上
#开启防火墙
[student@Ansible-Server ansible]$ ansible node04 -m service -a 'name=firewalld state=started enabled=true'
#允许http服务--基于服务
[student@Ansible-Server ansible]$ ansible node04 -m firewalld -a 'service=http permanent=true immediate=true state=enabled'
#允许http服务--基于端口
[student@Ansible-Server ansible]$ ansible node04 -m firewalld -a 'port=443/tcp permanent=true immediate=true state=enabled'
#查看防火墙规则列表
[root@Ansible-node04 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: cockpit dhcpv6-client http ssh
ports: 443/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
#添加添加富规则
[student@Ansible-Server ansible]$ ansible node04 -m firewalld -a 'rich_rule="rule family=ipv4 source address=192.168.5.0/24 service name=http accept" permanent=true immediate=true state=enabled'
#配置端口转发
[student@Ansible-Server ansible]$ ansible node04 -m firewalld -a 'rich_rule="rule family=ipv4 forward-port port=443 protocol=tcp to-port=888" permanent=true immediate=true state=enabled'
#配置地址伪装
[student@Ansible-Server ansible]$ ansible node04 -m firewalld -a 'masquerade=yes state=enabled permanent=yes immediate=yes'
#查看防火墙规则列表--(拨号上网)
[root@Ansible-node04 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: cockpit dhcpv6-client http ssh
ports: 443/tcp
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="192.168.5.0/24" service name="http" accept
rule family="ipv4" forward-port port="443" protocol="tcp" to-port="888"
八、网络工具
1、get_url
#下载本地passwd文件到/opt目录下
[student@Ansible-Server ansible]$ ansible node04 -m get_url -a 'url=file:///etc/passwd dest=/opt'
#查看结果
[student@Ansible-Server ansible]$ ansible node04 -m shell -a 'ls -l /opt'
node04 | CHANGED | rc=0 >>
total 4
-rwxr-xr-x. 1 root root 0 Sep 25 10:41 a.txt
drwxr-xr-x. 2 root root 6 Sep 25 09:21 dir1
-rw-r--r--. 1 root root 1681 Sep 25 15:46 passwd
#下载互联网上的ls软件到指定目录下
[student@Ansible-Server ansible]$ ansible node04 -m get_url -a 'url=http://rpmfind.net/linux/epel/8/Everything/x86_64/Packages/s/sl-5.02-1.el8.x86_64.rpm dest=/opt'
#查看结果
[student@Ansible-Server ansible]$ ansible node04 -m shell -a 'ls -l /opt'
node04 | CHANGED | rc=0 >>
total 24
-rwxr-xr-x. 1 root root 0 Sep 25 10:41 a.txt
drwxr-xr-x. 2 root root 6 Sep 25 09:21 dir1
-rw-r--r--. 1 root root 1681 Sep 25 15:46 passwd
-rw-r--r--. 1 root root 16564 Sep 25 15:52 sl-5.02-1.el8.x86_64.rpm
九、磁盘管理
1、parted
#新添加一块10G的磁盘
[root@Ansible-node02 ~]# lsblk | grep sdb
sdb 8:16 0 10G 0 disk
#添加第一块分区
[student@Ansible-Server ansible]$ ansible node02 -m parted -a 'device=/dev/sdb number=1 part_end=1GiB state=present'
#查看创建分区
[root@Ansible-node02 ~]# parted /dev/sdb
GNU Parted 3.2
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
Model: VMware, VMware Virtual S (scsi)
Disk /dev/sdb: 10.7GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
1 1049kB 1074MB 1073MB primary
#删除分区
[student@Ansible-Server ansible]$ ansible node02 -m parted -a 'device=/dev/sdb number=1 state=absent'
#添加大下3G的lvm分区
[student@Ansible-Server ansible]$ ansible node02 -m parted -a 'device=/dev/sdb number=1 flags=lvm part_end=3GiB state=present'
#查看分区
[root@Ansible-node02 ~]# parted /dev/sdb
GNU Parted 3.2
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
Model: VMware, VMware Virtual S (scsi)
Disk /dev/sdb: 10.7GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
1 1049kB 3221MB 3220MB primary lvm
2、lvg
#添加vg
[student@Ansible-Server ansible]$ ansible node02 -m lvg -a 'pvs=/dev/sdb1 vg=my_vg'
注:此步骤,直接通过分区创建vg,对应的分区会自动被加入到对应的pv组中
#查看结果
[root@Ansible-node02 ~]# vgs
VG #PV #LV #SN Attr VSize VFree
cl 1 2 0 wz--n- <19.00g 0
my_vg 1 0 0 wz--n- <3.00g <3.00g
#添加两个分区,sdb1,sdb2,为my_vg扩容
[root@Ansible-node02 ~]# lsblk | grep sdb
sdb 8:16 0 10G 0 disk
├─sdb1 8:17 0 3G 0 part
├─sdb2 8:18 0 2G 0 part
└─sdb3 8:19 0 1G 0 part
[root@Ansible-node02 ~]# vgs
VG #PV #LV #SN Attr VSize VFree
cl 1 2 0 wz--n- <19.00g 0
my_vg 1 0 0 wz--n- <3.00g <3.00g
#扩容操作
[student@Ansible-Server ansible]$ ansible node02 -m lvg -a 'pvs=/dev/sdb1,/dev/sdb2,/dev/sdb3 vg=my_vg'
#查看结果
[root@Ansible-node02 ~]# vgs
VG #PV #LV #SN Attr VSize VFree
cl 1 2 0 wz--n- <19.00g 0
my_vg 3 0 0 wz--n- <5.99g <5.99g
3、lvol
#创建5000M的lv
[student@Ansible-Server ansible]$ ansible node02 -m lvol -a 'vg=my_vg lv=lv1 size=5000'
#查看结果
[root@Ansible-node02 ~]# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
root cl -wi-ao---- <17.00g
swap cl -wi-ao---- 2.00g
lv1 my_vg -wi-a----- 4.88g
4、filesystem
#格式化lv1
[student@Ansible-Server ansible]$ ansible node02 -m filesystem -a 'dev=/dev/my_vg/lv1 fstype=xfs'
5、mount
#创建挂载点目录
[student@Ansible-Server ansible]$ ansible node02 -m file -a 'path=/dir1 state=directory'
#配置挂载
--重启后生效,并且永久性生效
[student@Ansible-Server ansible]$ ansible node02 -m mount -a 'src=/dev/my_vg/lv1 path=/dir1 fstype=xfs state=present'
--当前生效,并永久生效
[student@Ansible-Server ansible]$ ansible node02 -m mount -a 'src=/dev/my_vg/lv1 path=/dir1 fstype=xfs state=mounted'
#查看挂载
[root@Ansible-node02 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 380M 0 380M 0% /dev
tmpfs 396M 0 396M 0% /dev/shm
tmpfs 396M 5.7M 391M 2% /run
tmpfs 396M 0 396M 0% /sys/fs/cgroup
/dev/mapper/cl-root 17G 2.0G 16G 12% /
/dev/sda1 976M 185M 724M 21% /boot
tmpfs 80M 0 80M 0% /run/user/0
/dev/mapper/my_vg-lv1 4.9G 68M 4.9G 2% /dir1
#取消挂载
[student@Ansible-Server ansible]$ ansible node02 -m mount -a 'path=/dir1 state=unmounted'
后续内容正在更新… …
总结
学完 Ansible Ad-Hoc 组件的内容,能够熟练掌握相关模块基础操作 接下来,我们可以结合剧本的方式,将ansible指令,通过yml格式编写,再次执行...
