文章目录
- 1.准备环境
- 2.ansible常用的模块
- 1.script模块
- 2.service模块
- 3.user
- 4.hostname
- 5. command模块/shell模块/raw模块的区别
- 6.template(模板)模块
- 7.yum/yum_repository(存储库)模块
- 8.copy模块
- 9.file模块|lineinfile
- 10.blockinfile模块
1.准备环境
设备 | IP地址 | 名称 | 安装 | |
centos8 | 192.168.136.99 | 控制端 | ansible 2.9.23 | |
centos8 | 192.168.136.100 | 受控端 | web | python3.6 |
2.ansible常用的模块
1.script模块
script模块作用于受管主机,执行控制主机上的脚本
#控制主机上写脚本
[root@master ~]# cat scripts/test.sh
#!/bin/bash
useradd -r kkk
echo “哈哈” > /root/file01
[root@master ~]# chmod +x scripts/test.sh #给予执行权限
[root@master ~]# ansible all -m script -a "scripts/test.sh"
192.168.136.129 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.136.129 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.136.129 closed."
],
"stdout": "useradd:用户“kkk”已存在\r\n",
"stdout_lines": [
"useradd:用户“kkk”已存在"
]
}
#受管主机上查看
[root@slave01 ~]# id kkk
uid=973(kkk) gid=972(kkk) 组=972(kkk)
[root@slave01 ~]# cat file01
“哈哈”
2.service模块
enabled:yes|no 开机是否自启
name:必选项,服务名称
state:(started,stopped,restarted,reloaded)启动,停止,启动,重新加载
sleep:停止和启动之间休眠几秒,有助于处理恶劣的init脚本
#查看受管主机httpd状态
[root@centos82 ~]# ansible web -a'systemctl status httpd'
192.168.136.145 | FAILED | rc=3 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd.service(8)non-zero return code
#开启受管主机的httpd服务
[root@centos82 ~]# ansible web -a'systemctl start httpd'
192.168.136.145 | CHANGED | rc=0 >>
#关闭受管主机的httpd服务
[root@centos82 ~]# ansible web -a'systemctl stop httpd'
192.168.136.145 | CHANGED | rc=0 >>
3.user
管理用户账号
-m:user 模块
-a:命令参数
name=xxx 用户名字
shell=/bin/bash|/sbin/nologin 登录的shell(类似-s)
system=yes|no 设置为系统用户,不能在现有用户上更改 (类型-r)
comment=‘描述’ 描述信息(类似-C)
state=absent|present 修改于不修改内容(创建于删除)
remove=yes|no 类似userdel 于state=absent搭配使用,会删除用户的家目录(类似userdel -r)
create_home=yes|no 创建于没有家目录(类型-M)
gid
uid
group模块:
gid
#给受管主机创建一个没有家目录并且不能登录的系统用户mysql,描述为“这是mysql”
[root@master ~]# ansible web -m user -a "name=mysql system=yes create_home=on shell=/sbin/nologin comment='这是mysql用户'"
192.168.136.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"append": false,
"changed": true,
"comment": "这是mysql用户",
"group": 973,
"home": "/home/mysql",
"move_home": false,
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"uid": 974
}
[root@slave01 ~]# cat /etc/passwd|grep mysql
mysql:x:974:973:这是mysql用户:/home/mysql:/sbin/nologin
#删除该用户
root@master ~]# ansible web -m user -a "name=mysql state=absent remove=yes"
192.168.136.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"force": false,
"name": "mysql",
"remove": true,
"state": "absent",
"stderr": "userdel: mysql 邮件池 (/var/spool/mail/mysql) 未找到\n",
"stderr_lines": [
"userdel: mysql 邮件池 (/var/spool/mail/mysql) 未找到"
]
}
#创建组
[root@master ~]# ansible web -m group -a "name=vvv state=present gid=9999"
192.168.136.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 9999,
"name": "vvv",
"state": "present",
"system": false
}
[root@slave01 ~]# cat /etc/group|grep vvv
vvv:x:9999:
#修改组gid
[root@master ~]# ansible web -m group -a "name=vvv gid=99"
192.168.136.129 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"gid": 99,
"name": "vvv",
"state": "present",
"system": false
}
[root@slave01 ~]# cat /etc/group|grep vvv
vvv:x:99:
4.hostname
[root@master ~]# ansible web -m hostname -a "name=slave1"
192.168.136.145 | CHANGED => {
"ansible_facts": {
"ansible_domain": "",
"ansible_fqdn": "slave1",
"ansible_hostname": "slave1",
"ansible_nodename": "slave1",
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "slave1"
}
[root@slave1 ~]# bash
5. command模块/shell模块/raw模块的区别
shell模块调用的是:/bin/bash 支持 “>” “<” “l” “;” and “&”
command模块没有bash环境变量 不支持 “>” “<” “l” “;” and “&”
raw模块,只对老版本如(python2.6),或者客户端是路由器(没有python模块)
一般情况优先使用command模块,特殊情况使用shell和raw模块command和shell模块都要求受管主机安装工作的python,raw模块可以绕过子模块,直接远程shell运行命令
#三者使用方法类似
[root@master ~]# ansible web -m command -a "hostname"
192.168.136.129 | CHANGED | rc=0 >>
slave01
[root@master ~]# ansible web -m shell -a "hostname"
192.168.136.129 | CHANGED | rc=0 >>
slave01
[root@master ~]# ansible web -m raw -a "hostname"
192.168.136.129 | CHANGED | rc=0 >>
slave01
Shared connection to 192.168.136.129 closed.
#command不支持管道符
[root@master ~]# ansible web -m command -a "ps -ef|grep sshd"
192.168.136.129 | FAILED | rc=1 >>
error: unsupported SysV option
Usage:
ps [options]
Try 'ps --help <simple|list|output|threads|misc|all>'
or 'ps --help <s|l|o|t|m|a>'
for additional help text.
For more details see ps(1).non-zero return code
#shell截取内容
[root@master ~]# ansible web -m shell -a "df -h|awk '{print }'"
192.168.136.129 | CHANGED | rc=0 >>
文件系统 容量 已用 可用 已用% 挂载点
devtmpfs 946M 0 946M 0% /dev
tmpfs 976M 0 976M 0% /dev/shm
tmpfs 976M 9.5M 967M 1% /run
tmpfs 976M 0 976M 0% /sys/fs/cgroup
/dev/mapper/cs-root 17G 9.0G 8.1G 53% /
/dev/sda1 1014M 225M 790M 23% /boot
tmpfs 196M 3.5M 192M 2% /run/user/0
/dev/sr0 9.2G 9.2G 0 100% /run/media/root/CentOS-Stream-8-x86_64-dvd
#raw模块过滤ansible
[root@master ~]# ansible web -m raw -a "ps -ef|grep ansible"
192.168.136.129 | CHANGED | rc=0 >>
root 123962 123281 0 21:13 pts/2 00:00:00 bash -c ps -ef|grep ansible
root 123986 123962 0 21:13 pts/2 00:00:00 grep ansible
Shared connection to 192.168.136.129 closed.
6.template(模板)模块
template模块用于生成一个模板,传输至远程主机上。
主要用于模块配置节点设备(playbook会用到),可以改变文件
#控制主机选择一个文件进行发送 src:源位置 dest:目的位置
[root@master ~]# ansible web -m template -a 'src=~/pass dest=test/pass'
192.168.136.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "d3ad2982ae2cd4d5c7e41fc766a49d0bf00b6954",
"dest": "test/pass",
"gid": 0,
"group": "root",
"md5sum": "01096ba2848814b7dfd92636123f064c",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 13,
"src": "/root/.ansible/tmp/ansible-tmp-1626444488.839656-196643-201940329241371/source",
"state": "file",
"uid": 0
}
#受管主机上查看
[root@slave01 ~]# cd test/
[root@slave01 test]# ls
pass
7.yum/yum_repository(存储库)模块
yum:
- name:软件名
- state:absent(卸载),installed(安装),latest(最新安装),present(安装),removed(卸载)
yum_repository:
- enabled:yes|no 是否使用存储库(默认true)
- file 不带.repo扩展名以保存repo的文件名。默认为name的值。
#安装vsftpd包
[root@master ~]# ansible web -m yum -a "name=vsftpd state=present"
192.168.136.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-34.el8.x86_64"
]
}
[root@master ~]# ansible web -m shell -a "rpm -qa|grep vsftpd" #控制机上查看受管主机上包情况
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If you need to use command because yum, dnf or
zypper is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of #警示信息
this message.
192.168.136.129 | CHANGED | rc=0 >>
vsftpd-3.0.3-34.el8.x86_64
#关闭警示信息
[root@master ~]# vim /etc/ansible/ansible.cfg
command_warnings = False #取消注释
#卸载vsftpd包
[root@master ~]# ansible web -m yum -a "name=vsftpd state=absent"
192.168.136.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Removed: vsftpd-3.0.3-34.el8.x86_64"
]
}
[root@master ~]# ansible web -m shell -a "rpm -qa|grep vsftpd"
192.168.136.129 | FAILED | rc=1 >>
non-zero return code(完成)
8.copy模块
copy:复制文件(原封不动发送到)远程主机
[root@master ~]# ansible web -m copy -a 'src=/root/pass dest=test/pass'
192.168.136.129 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"checksum": "d3ad2982ae2cd4d5c7e41fc766a49d0bf00b6954",
"dest": "test/pass",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "test/pass",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 13,
"state": "file",
"uid": 0
}
[root@slave01 test]# cat pass
vaVHdqk2yQ.s
9.file模块|lineinfile
file对文件的基本操作(创建或删除文件或目录,修改文件权限等)
参数:
path(必选)=/某目录(testdir):指定操作的目录或文件,也可以使用src与dest
state=directory(目录)touch(文件)absent(删除)link(软连接)hard(硬连接) #state与path搭配使用
mode:xxxx 权限使用lineinfile
regexp:匹配
line:改变
insertafter:插入新内容并改变
create:yes 没有就创建 搭配line(加换行\n)
#改变文件权限
[root@slave01 tmp]# ll
总用量 4
-rw-r--r--. 1 root root 28 7月 17 19:38 abc
[root@master ~]# ansible all -m file -a 'path=/tmp/abc mode=777'
192.168.136.100 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"path": "/tmp/abc",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 28,
"state": "file",
"uid": 0
}
[root@slave01 tmp]# ll
总用量 4
-rwxrwxrwx. 1 root root 28 7月 17 19:38 abc
#硬连接(只创建不存在的文件)
[root@master ~]# ansible web1 -m file -a "src=tmp/1 dest=tmp/2 state=hard"
#软连接(只能创建不存在的文件)
[root@master ~]# ansible web1 -m file -a "src=tmp/1 dest=tmp/2 state=link"
#修改文件内容 匹配 改变
[root@master ~]# ansible web1 -m lineinfile -a "path=/tmp/1 regexp=^1 line="5=55""
192.168.136.100 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
#删除内容匹配到的内容
[root@master ~]# ansible web1 -m lineinfile -a "path=/tmp/1 regexp=^5 state=absent"
192.168.136.100 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"found": 2,
"msg": "2 line(s) removed"
}
#创建新文件,并加内容
[root@master ~]# ansible web1 -m lineinfile -a 'path=/tmp/abc line="oppo\nvivo\nkkk\nvvv\n" create=yes'
192.168.136.100 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@slave01 tmp]# cat abc
oppo
vivo
kkk
vvv
10.blockinfile模块
blockinfile 模块可以帮助我们在指定的文件中插入”一段文本”,这段文本是被标记过的,也就是,我们在这段文本上做了记号,以便在以后的操作中可以通过”标记”找到这段文本,然后修改或者删除它
参数:
path参数 :必须参数,指定要操作的文件。
block参数 :此参数用于指定我们想要操作的那”一段文本”,此参数有一个别名叫”content”,使用content或block的作用是相同的
marker参数 :假如我们想要在指定文件中插入一段文本,ansible会自动为这段文本添加两个标记,一个开始标记,一个结束标记
state参数 : state参数有两个可选值,present与absent,默认情况下,我们会将指定的一段文本”插入”到文件中,如果对应的文件中已经存在对应标记的文本,默认会更新对应段落,在执行插入操作或更新操作时,state的值为present,默认值就是present,如果对应的文件中已经存在对应标记的文本并且将state的值设置为absent,则表示从文件中删除对应标记的段落。
insertafter参数 :在插入一段文本时,默认会在文件的末尾插入文本,如果你想要将文本插入在某一行的后面,可以使用此参数指定对应的行,也可以使用正则表达式(python正则),表示将文本插入在符合正则表达式的行的后面。如果有多行文本都能够匹配对应的正则表达式,则以最后一个满足正则的行为准,此参数的值还可以设置为EOF,表示将文本插入到文档末尾。
insertbefore参数 :在插入一段文本时,默认会在文件的末尾插入文本,如果你想要将文本插入在某一行的前面,可以使用此参数指定对应的行
backup参数 :是否在修改文件之前对文件进行备份。
create参数 :当要操作的文件并不存在时,是否创建对应的文件。
[root@master ~]# ansible web1 -m blockinfile -a 'path=/tmp/abcdef block="systemctl start php\nsystemctl start httpd" create=yes'
192.168.136.100 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "File created"
}
[root@slave01 tmp]# cat abcdef
# BEGIN ANSIBLE MANAGED BLOCK
systemctl start php
systemctl start httpd
# END ANSIBLE MANAGED BLOCK
[root@slave01 tmp]#