模块介绍:
a:command模块
默认情况下使用的模块为command,该模块的作用是执行命令使用,但是不支持管道和变量。需要注意。
1 ansible -i ip.list host -m command -a "date" -u root -k
2 SSH password:
3 192.168.31.167 | success | rc=0 >>
4 Sun Nov 6 02:27:06 PST 2016
5
6 127.0.0.1 | success | rc=0 >>
7 Sat Nov 5 19:27:05 PDT 2016
有可以省略-m参数。但是模块的参数必须要有。
1 ansible -i ip.list host -a "date" -u root -k
2 SSH password:
3 192.168.31.167 | success | rc=0 >>
4 Sun Nov 6 02:27:39 PST 2016
5
6 127.0.0.1 | success | rc=0 >>
7 Sat Nov 5 19:27:39 PDT 2016
b:cron模块
我们来看下介绍:
执行模块的时候必须要有name参数。
state:有2个,present 生效 absent 删除。表示添加一条contable还是删除一条crontab。
job:执行的shell命令。
user:给那个用户添加crontab
例子:
1 # ansible -i ip.list host -l 192.168.31.167 -m cron -a "name='test cron' minute='*/2' job='echo ok' state='present'" -k -u root
2 SSH password:
3 192.168.31.167 | success >> {
4 "changed": true,
5 "jobs": [
6 "test cron"
7 ]
8 }
其中changed:表示主机是否做了修改,返回True表示成功修改反之没做修改。
c:user模块:
主要参数:
name:指定创建或者移除的用户名字。
system:是否是系统用户,参数是yes 默认是no。系统用户就是否可登陆
group:指定用户的所在组。
shell:指定shell。
remove:当使用state=present的时候 使用remove=yes 连同 用户的家目录也删除。
password:指定用户的密码,但是需要加密才可以。未解决。可以分2步1:创建用户 2:改密码:echo "123" | passwd oo1 --stdin
官方给的方法:
1 mkpasswd工具在大多数linux系统上都可以使用,是一个不错的选项
2
3 mkpasswd –method=SHA-512
4 如果这个工具在你系统上面没安装,你可以简单的通过 Python 生成密码。首先确保 Passlib 密码哈西库已经安装了。
5
6 pip install passlib
7 一旦库准备好了,SHA512密码值可以被生成通过下面命令生成。
8
9 python -c “from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())”
1 # ansible -i ip.list host -m user -a 'name=loop state=present' -u root -k
2 SSH password:
3 192.168.31.167 | success >> {
4 "changed": true,
5 "comment": "",
6 "createhome": true,
7 "group": 501,
8 "home": "/home/loop",
9 "name": "loop",
10 "shell": "/bin/bash",
11 "state": "present",
12 "system": false,
13 "uid": 501
14 }
删除用户:
1 ansible -i ip.list host -m user -a 'name=loop state=absent remove=yes' -u root -k
2 SSH password:
3 192.168.31.167 | success >> {
4 "changed": true,
5 "force": false,
6 "name": "loop",
7 "remove": true,
8 "state": "absent"
9 }
d:group 模块:
创建用户组:
gid:指定用户组gid
name=:用户的组名
state:创建还是删除
system:创建系统组。
1 # ansible -i ip.list host -m group -a 'name=evil gid=400' -k -u root
2 SSH password:
3 192.168.31.167 | success >> {
4 "changed": true,
5 "gid": 400,
6 "name": "evil",
7 "state": "present",
8 "system": false
9 }
1 # tail -n 1 /etc/group
2 evil:x:400:
e:copy模块
将文件或者目录复制到远程主机。src可以是相对或者绝对目录,但是dest必须是绝对目录。
1 # ansible -i ip.list host -m copy -a "src=/etc/fstab dest=/tmp/ansible.fstab owner=root group=root mode=644" -u root -k
2 SSH password:
3 192.168.31.167 | success >> {
4 "changed": true,
5 "checksum": "016eed899caf81854a48591a249ef8ae96e04b33",
6 "dest": "/tmp/ansible.fstab",
7 "gid": 0,
8 "group": "root",
9 "md5sum": "924a45aa8c1db8b46773f709bd457a94",
10 "mode": "0644",
11 "owner": "root",
12 "secontext": "unconfined_u:object_r:admin_home_t:s0",
13 "size": 805,
14 "src": "/root/.ansible/tmp/ansible-tmp-1478411344.14-247284140379476/source",
15 "state": "file",
16 "uid": 0
17 }
查看:
1 # ansible -i ip.list host -l 192.168.31.167 -a 'ls -l /tmp' -u root -k
2 SSH password:
3 192.168.31.167 | success | rc=0 >>
4 total 52
5 -rw-r--r--. 1 root root 805 Nov 6 05:49 ansible.fstab
可以用content替换src 在远程生成内容:
1 # ansible -i ip.list host -m copy -a 'content="OK\n byebye\n" dest=/tmp/test_ansible' -u root -k
2 SSH password:
3 192.168.31.167 | success >> {
4 "changed": true,
5 "checksum": "c392a994288e415e1e7260b73b7af3f08445f14d",
6 "dest": "/tmp/test_ansible",
7 "gid": 0,
8 "group": "root",
9 "md5sum": "c19d7730ff34cca678c5ec23e978115e",
10 "mode": "0644",
11 "owner": "root",
12 "secontext": "unconfined_u:object_r:admin_home_t:s0",
13 "size": 11,
14 "src": "/root/.ansible/tmp/ansible-tmp-1478411746.5-128763439388811/source",
15 "state": "file",
16 "uid": 0
17 }
1 # ansible -i ip.list host -l 192.168.31.167 -a "cat /tmp/test_ansible" -u root -k
2 SSH password:
3 192.168.31.167 | success | rc=0 >>
4 OK
5 byebye
f:file模块:
用来设定文件属性,或者创建软连接
1 # ansible -i ip.list host -l 192.168.31.167 -a "ls -l /tmp/test_ansible" -u root -k
2 SSH password:
3 192.168.31.167 | success | rc=0 >>
4 -rw-r--r--. 1 root root 11 Nov 6 05:55 /tmp/test_ansible
1 # ansible -i ip.list host -l 192.168.31.167 -m file -a 'mode=777 owner=loop path=/tmp/test_ansible' -u root -k
2 SSH password:
3 192.168.31.167 | success >> {
4 "changed": true,
5 "gid": 0,
6 "group": "root",
7 "mode": "0777",
8 "owner": "loop",
9 "path": "/tmp/test_ansible",
10 "secontext": "unconfined_u:object_r:admin_home_t:s0",
11 "size": 11,
12 "state": "file",
13 "uid": 501
14 }
1 # ansible -i ip.list host -l 192.168.31.167 -a "ls -l /tmp/test_ansible" -u root -k
2 SSH password:
3 192.168.31.167 | success | rc=0 >>
4 -rwxrwxrwx. 1 loop root 11 Nov 6 05:55 /tmp/test_ansible
可以创建软连接:
1 # ansible -i ip.list host -l 192.168.31.167 -m file -a 'src=/tmp/test_ansible path=/tmp/fstab state=link' -u root -k
2 SSH password:
3 192.168.31.167 | success >> {
4 "changed": true,
5 "dest": "/tmp/fstab",
6 "gid": 0,
7 "group": "root",
8 "mode": "0777",
9 "owner": "root",
10 "secontext": "unconfined_u:object_r:user_tmp_t:s0",
11 "size": 17,
12 "src": "/tmp/test_ansible",
13 "state": "link",
14 "uid": 0
15 }
16
17 [root@MiWiFi-R1CM-srv data]# ansible -i ip.list host -l 192.168.31.167 -a 'ls -l /tmp/' -u root -k
18 SSH password:
19 192.168.31.167 | success | rc=0 >>
20 total 56
21 -rw-r--r--. 1 root root 805 Nov 6 05:49 ansible.fstab
22 lrwxrwxrwx. 1 root root 17 Nov 6 06:11 fstab -> /tmp/test_ansible
src:是把那个文件链接到哪 path是指:连接后文件的名字 path可以用dest和name来代替:path to the file being managed. Aliases: `dest', `name'
g:ping模块:
测试远程主机连通同性:成功(连通性没问题)返回:pong
1 # ansible -i ip.list host -m ping -u root -k
2 SSH password:
3 192.168.31.167 | success >> {
4 "changed": false,
5 "ping": "pong"
6 }
7
8 127.0.0.1 | success >> {
9 "changed": false,
10 "ping": "pong"
11 }
h:service模块
指定某个服务是运行状态。
enabled:取值为:true or false:表示服务开机是否自启动。
name=:服务的名称,一般是在/etc/init.d/ 下面的服务。
state:取值:started 、 stopped、restarted。
runnlevel:运行级别 没测试出来。
1 [root@MiWiFi-R1CM-srv data]# ansible -i ip.list host -a 'service httpd status' -u root -k
2 SSH password:
3 192.168.31.167 | FAILED | rc=3 >>
4 httpd is stopped
5
6 127.0.0.1 | FAILED | rc=3 >>
7 httpd is stopped
8
9 [root@MiWiFi-R1CM-srv data]# ansible -i ip.list host -m service -a 'name=httpd state=started' -u root -k
10 SSH password:
11 192.168.31.167 | success >> {
12 "changed": true,
13 "name": "httpd",
14 "state": "started"
15 }
16
17 127.0.0.1 | success >> {
18 "changed": true,
19 "name": "httpd",
20 "state": "started"
21 }
22
23 [root@MiWiFi-R1CM-srv data]# ansible -i ip.list host -a 'service httpd status' -u root -k
24 SSH password:
25 192.168.31.167 | success | rc=0 >>
26 httpd (pid 40597) is running...
27
28 127.0.0.1 | success | rc=0 >>
29 httpd (pid 5884) is running..
1 ansible -i ip.list host -m service -a 'name=httpd enabled=True state=stopped' -u root -k
2
3 ansible -i ip.list host -a 'chkconfig --list httpd' -u root -k
4 SSH password:
5 192.168.31.167 | success | rc=0 >>
6 httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
I:shell模块:
在远程主机上执行命令,区别去command的模块,command模块不支持复杂的shell ,不支持管道和变量,多命令分号等。
command:
1 ansible -i ip.list host -m command -a 'echo "123" | passwd oo1 --stdin' -u root -k
2 SSH password:
3 192.168.31.167 | success | rc=0 >>
4 123 | passwd oo1 --stdin
5
6 127.0.0.1 | success | rc=0 >>
7 123 | passwd oo1 --stdin
shell:
1 # ansible -i ip.list host -m shell -a 'echo "123" | passwd oo1 --stdin' -u root -k
2 SSH password:
3 127.0.0.1 | success | rc=0 >>
4 Changing password for user oo1.
5 passwd: all authentication tokens updated successfully.
6
7 192.168.31.167 | success | rc=0 >>
8 Changing password for user oo1.
9 passwd: all authentication tokens updated successfully.
j:script模块:
将本地脚本放在远程主机执行。
需要注意的是:执行的时候相对路径 不可以是绝对路径。
1 ansible -i ip.list host -m script -a 'test.script.sh' -u root -k
1 # ansible -i ip.list host -m shell -a 'tail -n 1 /etc/passwd;cat /tmp/script.ansible' -u root -k
2 SSH password:
3 192.168.31.167 | success | rc=0 >>
4 tom:x:508:508::/home/tom:/bin/bash
5 just test
k:yum模块
给远程主机安装后者卸载软件包。
参数:
name=:表示安装的软件包名称,可以指定软件包的版本号。
state=:present or latest 表示安装,默认安装最新的版本包,absent 卸载软件包。
1 # rpm -qa httpd
2 httpd-2.2.15-54.el6.centos.x86_64
卸载:
1 ansible -i ip.list host -m yum -a "name=httpd state=absent" -u root -k
2 SSH password:
3 192.168.31.167 | success >> {
4 "changed": true,
5 "msg": "",
6 "rc": 0,
1 # rpm -ql httpd
2 package httpd is not installed
l:setup模块:
收集远程主机的facts。
ansible 主机在执行我们给定的命令或者任务的时候,会搜集远程主机的信息,并返回给远程的ansible主机,比如:ip、操作系统版本等信息。
ansible -i ip.list host -m setup -u root -k
SSH password:
192.168.31.167 | success >> {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.31.167"
],
"ansible_all_ipv6_addresses": [
"fe80::20c:29ff:fea2:10cb"
],
其中:ansible_all_ipv4_addresses 等 为facts的变量。比如说:我们在给nginx定义workprocess的时候,他的值等于所有核心的-1或者-2
所以我们可以根据变量:ansible_processor_cores和ansible_processor_count 在template上给不同的主机定义nginx的wokrprocess的线程数。
学习是一种态度,坚持是质变的利器!