启动:
source ./hacking/env-setup查看是否能ping通:
ansible all -m ping
ansible all -m ping -k(输入密码,最好事先建立免密登录)
查看用法:
ansible-doc -l
ansible-doc -ping
…
列举host组:
ansible webservers --list
使用其他用户登录:
ansible webservers -u root -m shell -a “ls /root”
#其他用户登录执行(需要先在各个节点设置kxq用户,并设置sudo,最好设置免密)
ansible webservers -u kxq -k -m shell -a “ls /root” -b -K
-u 用户名
-k 用户名密码
-m 模块
-a 命令
-b root用户
-K root用户密码
编辑添加颜色:echo export EDITOR=vim >> /etc/profile.d/env.sh
将免密登录推送到目标主机: ssh-copy-id IP
逻辑与注意需要加双引号""
逻辑非 单引号
command模块:
removes:
A filename or (since 2.0) glob pattern. If a matching file exists, this step *will* be run.例如:ansible all -a “removes=/etc free -h”
有/etc才会执行后面的
- creates:
A filename or (since 2.0) glob pattern. If a matching file already exists, this step *won't* be run.例如: ansible all -a “creates=/test free -h”
没有/test才会执行
- chdir:
Change into this directory before running the command.例如:ansible all -a “chdir=/root ls”
切换到/root目录后执行
ansible 192.168.10.32 -a "chdir=/home/xqkang ./print.sh"执行./print.sh
shell模块:
例子:新添用户并设置密码:
ansible all -a "useradd joe"
ansible all -a "getent passwd joe"#检查是否有此用户
ansible all -m shell -a "echo 123456 | passwd --stdin joe" #不能用command命令 需要用shell命令
ansible all -m shell -a 'echo $HOSTNAME' #需要用单引号,
script模块:
执行ansible主机上的脚本,不用把脚本复制到各个节点
例如:
脚本:
[root@localhost ansible]# cat /qj/script/print.sh
#!/bin/bash
hostname命令:
ansible all -m script -a '/qj/script/print.sh'copy模块:
查看命令使用方法:
ansible-doc -s copy例子:
ansible all -m copy -a 'src=/qj/script/print.sh dest=/qj/script/ backup=yes'src:原文件
dest:各节点存储路径
backup=yes:如果有源文件进行备份,如果和源文件一模一样,不会执行成功,不会备份
mode:赋予权限
mode:Name of the user that should own the file/directory, as would be fed to `chown’.
content:编写内容 然后复制
例子:
ansible all -m copy -a 'content="hello\n world\n" dest=/data/f2 backup=yes'
fetch模块:
从各节点拉取文件
src: # (required) The file on the remote system to fetch. This `must' be a file, not a directory. Recursive fetching may be supported in a later release.必须是单个文件
dest: # (required) A directory to save the file into. For example, if the `dest' directory is `/backup' a `src' file named `/etc/profile' on host `host.example.com',
would be saved into `/backup/host.example.com/etc/profile'. The host name is based on the inventory name.例子:
ansible all -m fetch -a 'src=/var/log/messages dest=/data'如果想抓取多个文件,可以先打包
例如:
打包:
ansible all -m shell -a 'tar -jcf log.tar.xz /var/log/*.log'查看:
ansible all -a "ls"拉取文件:
ansible all -m fetch -a 'scr=/root/log.tar.xz dest=/data/'tar tvf (预览)
解压模块:
unarchive’ module
打包模块
archive.
file模块:
path: # (required) Path to the file being managed 相同:“name”、“dest”
state:
touch (建新文件)
absent (原意:缺席,这里是删除文件、文件夹)
directory: 建文件夹
link: 软连接
例子:
建空文件:
ansible all -m file -a “name=/data/f3 state=touch”
删除文件:
ansible all -m file -a “name=/data/f3 state=absent”
建文件夹:
ansible all -m file -a “name=/data/dir1 state=directory”
删文件夹:
ansible all -m file -a “name=/data/dir1 state=absent”
软连接:
ansible all -m dile -a "src= name= state=link "
hostname模块:
ansible 192.168.10.207 -m hostname -a ‘hostname’
/etc/hostname 会跟着改
/etc/hosts不会改
cron模块:
创建定时任务:
ansible 192.168.10.207 -m cron -a 'minute=* weekday=2,4,6 job="/bin/bash /qj/script/print.sh >>/tmp/print.log 2>&1" name=print_job'取消定时任务:(必须制定job ,指定name 使用参数disabled=true 时间也必须添加,否则会被修改,同时disabled支持yes和no)
ansible 192.168.10.207 -m cron -a 'disabled=true job="/bin/bash /qj/script/print.sh >>/tmp/print.log 2>&1"'解开定时任务:
ansible 192.168.10.207 -m cron -a 'disabled=false job="/bin/bash /qj/script/print.sh >>/tmp/print.log 2>&1"'删除定时任务:
ansible 192.168.10.207 -m cron -a 'disabled=false job="/bin/bash /qj/script/print.sh >>/tmp/print.log 2>&1"'
yum模块:
state
Whether to install (`present' or `installed', `latest'), or remove (`absent' or `removed') a package.
`present' and `installed' will simply ensure that a desired package is installed.
`latest' will update the specified package if it's not of the latest available version.
`absent' and `removed' will remove the specified package.
Default is `None', however in effect the default action is `present' unless the `autoremove' option is enabled for this module, then `absent' is
inferred.
(Choices: absent, installed, latest, present, removed)[Default: (null)]
- list
Package name to run the equivalent of yum list --show-duplicates <package> against. In addition to listing packages, use can also list the
following: `installed', `updates', `available' and `repos'.
This parameter is mutually exclusive with `name'.
[Default: (null)]例子:
安装:
ansible webservers -m yum -a 'name=vsftpd'卸载:
ansible webservers -m yum -a 'name=vsftpd state=absent'list:
ansible webservers -m yum -a 'list=installed'安装多个:
ansible webservers -m yum -a 'name=vsftpd,memcached,httpd'安装包安装,
ansible 192.168.10.207 -m yum -a 'name=/路径/安装包'安装时忽略key的检查:
ansible 192.168.10.207 -m yum -a 'name=/路径/安装包 disabled_gpg_check=yes'
启动:
source ./hacking/env-setup链接:
ansible all -m ping
ansible all -m ping -k(输入密码,最好事先建立免密登录)
查看用法:
ansible-doc -l
ansible-doc -ping…
列举host组:
ansible webservers --list模块:
ansible webservers -u root -m shell -a "ls /root"#其他用户登录执行(需要先在各个节点设置kxq用户,并设置sudo,最好设置免密)
ansible webservers -u kxq -k -m shell -a “ls /root” -b -K
-u 用户名
-k 用户名密码
-m 模块
-a 命令
-b root用户
-K root用户密码
(编辑添加颜色:echo export EDITOR=vim >> /etc/profile.d/env.sh)
ssh-copy-id IP
逻辑与注意需要加双引号""
逻辑非 单引号’’
command模块:
removes:
A filename or (since 2.0) glob pattern. If a matching file exists, this step will be run.
例如:ansible all -a “removes=/etc free -h”
有/etc才会执行后面的
- creates:
A filename or (since 2.0) glob pattern. If a matching file already exists, this step won’t be run.
例如: ansible all -a “creates=/test free -h”
没有/test才会执行
- chdir:
Change into this directory before running the command.
例如:ansible all -a “chdir=/root ls”
切换到/root目录后执行
ansible 192.168.10.32 -a “chdir=/home/xqkang ./print.sh”
执行./print.sh
shell模块:
例子:新添用户并设置密码:
ansible all -a “useradd joe”
ansible all -a “getent passwd joe”#检查是否有此用户
ansible all -m shell -a “echo 123456 | passwd --stdin joe” #不能用command命令 需要用shell命令
ansible all -m shell -a ‘echo $HOSTNAME’ #需要用单引号,
script模块:
执行ansible主机上的脚本,不用把脚本复制到各个节点
例如:
脚本:
[root@localhost ansible]# cat /qj/script/print.sh
#!/bin/bash
hostname命令:
ansible all -m script -a '/qj/script/print.sh'copy模块:
查看命令使用方法:
ansible-doc -s copy
例子:
ansible all -m copy -a ‘src=/qj/script/print.sh dest=/qj/script/ backup=yes’
src:原文件
dest:各节点存储路径
backup=yes:如果有源文件进行备份,如果和源文件一模一样,不会执行成功,不会备份
mode:赋予权限
mode:Name of the user that should own the file/directory, as would be fed to `chown’.
content:编写内容 然后复制
例子:
ansible all -m copy -a 'content="hello\n world\n" dest=/data/f2 backup=yes'
fetch模块:
从各节点拉取文件
src: # (required) The file on the remote system to fetch. This `must' be a file, not a directory. Recursive fetching may be supported in a later release.必须是单个文件
dest: # (required) A directory to save the file into. For example, if the `dest' directory is `/backup' a `src' file named `/etc/profile' on host `host.example.com',
would be saved into `/backup/host.example.com/etc/profile'. The host name is based on the inventory name.例子:
ansible all -m fetch -a 'src=/var/log/messages dest=/data'如果想抓取多个文件,可以先打包
例如:
打包:
ansible all -m shell -a 'tar -jcf log.tar.xz /var/log/*.log'查看:
ansible all -a “ls”
拉取文件:
ansible all -m fetch -a 'scr=/root/log.tar.xz dest=/data/'tar tvf (预览)
解压模块:
unarchive’ module
打包模块
archive.
file模块:
path: # (required) Path to the file being managed 相同:“name”、“dest”
state:
touch (建新文件)
absent (原意:缺席,这里是删除文件、文件夹)
directory: 建文件夹
link: 软连接
例子:
建空文件:
ansible all -m file -a "name=/data/f3 state=touch"删除文件:
ansible all -m file -a "name=/data/f3 state=absent"建文件夹:
ansible all -m file -a "name=/data/dir1 state=directory"删文件夹:
ansible all -m file -a "name=/data/dir1 state=absent"软连接:
ansible all -m dile -a "src= name= state=link "hostname模块:
ansible 192.168.10.207 -m hostname -a 'hostname'/etc/hostname 会跟着改
/etc/hosts不会改
cron模块:
创建定时任务:
ansible 192.168.10.207 -m cron -a 'minute=* weekday=2,4,6 job="/bin/bash /qj/script/print.sh >>/tmp/print.log 2>&1" name=print_job'取消定时任务:(必须制定job ,指定name 使用参数disabled=true 时间也必须添加,否则会被修改,同时disabled支持yes和no)
ansible 192.168.10.207 -m cron -a 'disabled=true job="/bin/bash /qj/script/print.sh >>/tmp/print.log 2>&1"'解开定时任务:
ansible 192.168.10.207 -m cron -a 'disabled=false job="/bin/bash /qj/script/print.sh >>/tmp/print.log 2>&1"'删除定时任务:
ansible 192.168.10.207 -m cron -a 'disabled=false job="/bin/bash /qj/script/print.sh >>/tmp/print.log 2>&1"'
service模块:
enabled: # Whether the service should start on boot. *At least one of state and enabled are required.*
state: # `started'/`stopped' are idempotent actions that will not run commands unless necessary. `restarted' will always bounce the service. `reloaded' will always
reload. *At least one of state and enabled are required.* Note that reloaded will start the service if it is not already
started, even if your chosen init system wouldn't normally.例子:
启动:
ansible 192.168.10.169 -m service -a 'name=vsftpd state=started enabled=yes重启:
ansible 192.168.10.169 -m service -a 'name=vsftpd state=restarted'停止:
ansible 192.168.10.169 -m service -a 'name=vsftpd state=stopped'user模块:
name: 用于指定操作的 user,必须项。
group: 参数用于指定用户 主组。默认值为空,为空时创建的用户组名跟用户名一致。
groups: 参数用于指定用户属组,可以在创建用户时指定用户属组,也可以管理已经存在的用户属组。
state: 参数用于指定用户是否存在于远程主机中。可选值有 present、absent,默认值为 present。
home: 参数用于指定用户home目录,值为路径
create_home: 在用户创建时或home目录不存在时为用户创建home目录,布尔类型,默认值为 true
comment: 参数用于指定用户注释信息
shell: 参数用于指定用户默认shell
system: 参数用于指定用户是否是系统用户
passwd: 参数用于指定用户密码,但是这个密码不能是明文密码,而是一个对明文密码加密后的字符串,默认为空
创建用户:
ansible webservers -m user -a 'name=nginx shell=/sbin/nologin system=yes home=/var/nginx groups=root,bin uid=80 comment="nginx service"'检查是否存在此用户:
ansible webservers -a 'getent passwd nginx'删除用户:
ansible webservers -m user -a 'name=nginx state=absent remove=true'rmove 删除家目录
group模块:
- name: Add or remove groups
group:
gid: # OptionalGID' to set for the group. local: # Forces the use of "local" command alternatives on platforms that implement it. This is useful in environments that use centralized authentication when you want to manipulate the local groups. (e.g. it useslgroupadd’ instead ofgroupadd'). This requires that these commands exist on the targeted host, otherwise it will be a fatal error. name: # (required) Name of the group to manage. non_unique: # This option allows to change the group ID to a non-unique value. Requiresgid’. Not supported on macOS or BusyBox distributions.
state: # Whether the group should be present or not on the remote host.
system: # If `yes’, indicates that the group created is a system group.
创建组:
ansible webservers -m group -a 'name=nginx system=yes gid=80'检查是否创建:
ansible webservers -a 'getent group nginx'删除组:
ansible webservers -m group -a 'name=nginx state=absent'
