ansible生产常用十大模块
ansible生产常用十大模块总结注:-a参数后的命令用单引号,单引号,单引号;双引号有可能会出问题,特别是在user模块;
模块一:测试目标主机是否在线:ping模块
主机如果在线,则回复pong
测试主机是否在线
# ansible erp -m ping
192.168.10.6 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.10.7 | SUCCESS => {
"changed": false,
"ping": "pong"
}
模块二:command模块和shell
作用:用于在各被管理节点运行指定的命令
shell和command的区别:shell模块可以特殊字符,而command是不支持
显示各节点的日期
# ansible erp -m command -a 'date'
192.168.10.6 | SUCCESS | rc=0 >>
Tue Feb7 09:20:35 CST 2017
192.168.10.7 | SUCCESS | rc=0 >>
Tue Feb7 09:20:35 CST 2017
删除各节点的/tmp/test目录
# ansible erp -m command -a 'mkdir /tmp/test'
192.168.10.10 | SUCCESS | rc=0 >>
192.168.10.6 | SUCCESS | rc=0 >>
# ansible erp -m shell -a 'rm -rf /tmp/test'
192.168.10.6 | SUCCESS | rc=0 >>
192.168.10.10 | SUCCESS | rc=0 >>
模块三:user模块:管理用户的模块
模块参数详解:
name:指定用户名
password:设定用户密码,password参数需要接受md5加密后的值
state:用户状态,默认为present
present:表示添加用户
absent:表示删除用户
update_password:修改用户密码
always:新密码和旧密码不同时进行修改
on_create:为新创建的用户指定密码
createhome:创建家目录
yes:默认项,即创建用户默认是有家目录的
no:创建用户时不创建家目录
remove:
yes:删除用户家目录,需要指定此参数
no:默认项,删除用户时默认不删除用户的家目录
system:
yes:默认创建为普通用户,而非系统用户
如果不指定默认生成的选项有:
home:创建家目录
shell:创建默认的shell为/bin/bash
system:默认创建为普通用户,而非系统用户,指定是用yes
查看帮助
# ansible-doc -s user
user模块中的password是需要经过md5加密的
# echo 123456 | openssl passwd -1 -stdin
$1$Q0WiDLXN$agpzPdHVa6.LbdMLsUXqI/
增加一个用户
# ansible erp -m user -a 'name=liuwei1 system=yes password=$1$Q0WiDLXN$agpzPdHVa6.LbdMLsUXqI/ state=present'
192.168.10.10 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 496,
"home": "/home/liuwei1",
"name": "liuwei1",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": true,
"uid": 496
}
192.168.10.6 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 496,
"home": "/home/liuwei1",
"name": "liuwei1",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": true,
"uid": 496
}
删除一个用户
# ansible erp -m user -a 'name=liuwei remove=yes state=absent'
192.168.10.10 | SUCCESS => {
"changed": true,
"force": false,
"name": "liuwei",
"remove": true,
"state": "absent"
}
192.168.10.6 | SUCCESS => {
"changed": true,
"force": false,
"name": "liuwei",
"remove": true,
"state": "absent"
}
更新用户的密码
# echo 654321 | openssl passwd -1 -stdin
$1$pfBO1D1D$UfxpHN4OlUbT8dWLe8te7.
# ansible erp -m user -a 'name=liuwei1 update_password=always password=$1$pfBO1D1D$UfxpHN4OlUbT8dWLe8te7.'
192.168.10.10 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 496,
"home": "/home/liuwei1",
"move_home": false,
"name": "liuwei1",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 496
}
192.168.10.6 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 496,
"home": "/home/liuwei1",
"move_home": false,
"name": "liuwei1",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 496
}
模块四:任务计划模块:cron
获取帮助:ansibe-doc -s cron
模块参数详解:
state:
present:创建任务
absent:删除任务
backup:对远程主机上的原任务计划内容修改之前做备份
job:要执行的任务
name:该任务的描述(必须项)
user:以哪个用户的身份运行
minute:分钟(0-59,*,*/2,……),不写默认为*
hour:小时(0-23,*,*/2,……),不写默认为*
day:日(1-31,*,*/2,……),不写默认为*
month:月(1-12,*,*/2,……),不写默认为*
weekday:周(0-7,*,……),不写默认为*
每隔10分钟同步一下时间
#ansible web -m cron -a 'name="sync time from ntpserver" minute=*/10 job="/usr/sbin/ntpdate 3.cn.pool.ntp.org"'
模块五:远程复制备份模块:copy
获取帮助:ansible-doc -s copy
模块参数详解:
src:指定源文件路径,可以是相对路径,也可以是绝对路径,可以是目录(并非是必须的,可以使用content,直接生成文件内容)
dest=:指定目标文件路径,只能是绝对路径,如果src是目录,此项必须是目录
owner:指定属主
group:指定属组
mode:指定权限,可以以数字指定比如0644
content:代替src,直接往dest文件中写内容,可以引用变量,也可以直接使用inventory中的主机变量
backup:在覆盖之前将原文件备份,备份文件包含时间信息。有两个选项:yes|no
force:
yes:默认项,如果目标主机包含该文件,但内容不同,则强制覆盖
no:则只有当目标主机的目标位置不存在该文件时,才复制
directory_mode:递归的设定目录的权限,默认为系统默认权限
复制本地文件到远程主机并对原文件进行备份
# ansible erp -m copy -a 'src=/tmp/abc.txt dest=/tmp/ backup=yes'
192.168.10.10 | SUCCESS => {
"backup_file": "/tmp/abc.txt.2017-02-07@10:55:31~",
"changed": true,
"checksum": "13520f9e1a6f0b2ca9557d85825616c3680b4edc",
"dest": "/tmp/abc.txt",
"gid": 0,
"group": "root",
"md5sum": "baae19d280afe4e2df1799daa37bebba",
"mode": "0644",
"owner": "root",
"size": 18,
"src": "/root/.ansible/tmp/ansible-tmp-1486436129.98-98537282809491/source",
"state": "file",
"uid": 0
}
192.168.10.6 | SUCCESS => {
"backup_file": "/tmp/abc.txt.2017-02-07@10:55:31~",
"changed": true,
"checksum": "13520f9e1a6f0b2ca9557d85825616c3680b4edc",
"dest": "/tmp/abc.txt",
"gid": 0,
"group": "root",
"md5sum": "baae19d280afe4e2df1799daa37bebba",
"mode": "0644",
"owner": "root",
"size": 18,
"src": "/root/.ansible/tmp/ansible-tmp-1486436130.19-187127825454744/source",
"state": "file",
"uid": 0
}
向远程主机的文件中写内容,会把原内容覆盖掉
# ansible erp -m copy -a 'content="\nMy age is 26" dest=/tmp/abc.txt'
192.168.10.6 | SUCCESS => {
"changed": true,
"checksum": "e1cbbec8927a295a767fa44e91dea6eeafa5a4f4",
"dest": "/tmp/abc.txt",
"gid": 0,
"group": "root",
"md5sum": "55ec30ce5102aa8716b75ab5e98163a7",
"mode": "0644",
"owner": "root",
"size": 13,
"src": "/root/.ansible/tmp/ansible-tmp-1486436336.05-254449966786008/source",
"state": "file",
"uid": 0
}
192.168.10.10 | SUCCESS => {
"changed": true,
"checksum": "e1cbbec8927a295a767fa44e91dea6eeafa5a4f4",
"dest": "/tmp/abc.txt",
"gid": 0,
"group": "root",
"md5sum": "55ec30ce5102aa8716b75ab5e98163a7",
"mode": "0644",
"owner": "root",
"size": 13,
"src": "/root/.ansible/tmp/ansible-tmp-1486436348.0-188270058505341/source",
"state": "file",
"uid": 0
}
模块六:对远程文件管理的模块:file
获取帮助:ansible-doc -s file
模块参数详解:
owner:修改属主
group:修改属组
mode:修改权限
path=:要修改文件的路径
recurse:递归的设置文件的属性,只对目录有效
yes:表示使用递归设置
state:
touch:创建一个新的空文件
directory:创建一个新的目录,当目录存在时不会进行修改
link:创建软连接,结果src一起使用此选项才生效
hard:创建硬连接
absent:删除文件,目录,软连接
src:当state=link时,要被连接文件的源路径
新建一个文件
# ansible erp -m file -a 'path=/tmp/liuwei.txt state=touch'
192.168.10.10 | SUCCESS => {
"changed": true,
"dest": "/tmp/liuwei.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
192.168.10.6 | SUCCESS => {
"changed": true,
"dest": "/tmp/liuwei.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
新建一个目录
# ansible erp -m file -a 'path=/tmp/liuwei state=directory'
192.168.10.10 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/liuwei",
"size": 4096,
"state": "directory",
"uid": 0
}
192.168.10.6 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/liuwei",
"size": 4096,
"state": "directory",
"uid": 0
}
删除文件或者目录
# ansible erp -m file -a 'path=/tmp/liuwei.txt state=absent'
192.168.10.10 | SUCCESS => {
"changed": true,
"path": "/tmp/liuwei.txt",
"state": "absent"
}
192.168.10.6 | SUCCESS => {
"changed": true,
"path": "/tmp/liuwei.txt",
"state": "absent"
}
递归设置文件的属主或者属组
# ansible erp -m file -a 'path=/tmp/liuwei owner=root group=root recurse=yes'
192.168.10.10 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/liuwei",
"size": 4096,
"state": "directory",
"uid": 0
}
192.168.10.6 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/liuwei",
"size": 4096,
"state": "directory",
"uid": 0
}
为文件设置软连接
# ansible erp -m file -a 'src=/tmp/liuwei state=link path=/tmp/liuzhengwei'
192.168.10.6 | SUCCESS => {
"changed": true,
"dest": "/tmp/liuzhengwei",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 11,
"src": "/tmp/liuwei",
"state": "link",
"uid": 0
}
192.168.10.10 | SUCCESS => {
"changed": true,
"dest": "/tmp/liuzhengwei",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 11,
"src": "/tmp/liuwei",
"state": "link",
"uid": 0
}
模块七:在远程主机执行本地脚本:script
# ansible erp -m script -a '/tmp/a.sh'
192.168.10.10 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "",
"stdout": "Tue Feb7 11:26:41 CST 2017\r\n",
"stdout_lines": [
"Tue Feb7 11:26:41 CST 2017"
]
}
192.168.10.6 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "",
"stdout": "Tue Feb7 11:26:52 CST 2017\r\n",
"stdout_lines": [
"Tue Feb7 11:26:52 CST 2017"
]
}
模块八:收集远程主机的信息:setup
收集可用的facts,收集每个节点的相关信息:架构信息,IP,时间,域名,网卡,MAC,主机名,CPU等信息。
这些收集的信息,可以作为变量。
# ansible erp -m setup 模块九:安装模块:yum
模块参数详解:
name:表示要安装软件包的名字,默认最新的程序包,指明要安装的程序包,可以带上版本号
state:表示是安装还卸载
present:默认的,表示为安装
lastest:安装为最新的版本
absent:表示删除
模块十:服务模块:service
模块参数详解:
enabled:表示设置服务开机是否启动,取值为true或者false;enabled=yes
name=:表示要控制哪一个服务
state:
started:表示现在就启动此服务
stopped:表示现在关闭此服务
restarted:表示重启此服务
sleep:如果执行了restarted,在stop和start之间沉睡几秒
runlevel:定义在哪些级别可以自启动
arguments:表示向命令行传递的参数
#ansible erp -m service -a 'enabled=on name=httpd state=started' 模块十一:文件编辑模块:lineinfile
模块参数详解:
path:指定要修改的配置文件
regexp:匹配要修改的内容
line:要增加或者修改的内容
state:
absent:表示删除,当匹配到时进行删除
present:表示增加,当匹配到时进行修改,当没有匹配到时在最后增加一行,默认为此项
backrefs:
no:表示如果没有匹配到,则增加line;如果匹配成功,则替换line;
yes:表示如果没有匹配到,则不变line;如果匹配成功,则替换line;
backup:
no:表示如果没有匹配到,则增加line;如果匹配成功,则替换line;不备份原文件
yes:表示如果没有匹配到,则增加line;如果匹配成功,则替换line;备份原文件
insertafter(匹配的是此行):
在匹配到的行之后添加一行
insertbefore(匹配的是此行):
在匹配到的行之前添加一行
修改nginx.conf测试:
# cat modify_nginx.yml
---
- hosts: 192.168.2.111
tasks:
- name: "修改配置文件"
lineinfile:
dest: "/etc/nginx/conf.d/default.conf"
regexp: 'listen 80;'
line: ' listen 8000;'
#backup: yes
backrefs: yes
notify:
- reload nginx
handlers:
- name: reload nginx
service: name=nginx state=reloaded
注:经测试,当不添加backerfs: yes参数时,匹配到后也会进行替换,但当匹配到的内容不存在时,会在最后增加一行;所以当不增加backerfs参数时,要确定匹配到的内容存在;
替换存在的行:
#ansible oms -m lineinfile -a 'path=/etc/sudoers regexp="SYSTEM,SOFTWARE" line="STAPLES_ADMIN ALL=(ROOT) NOPASSWD:NETWORKING,LOCATE,STORAGE,DELEGATING,DRIVERS,SYSTEM,SOFTWARE,SERVICES,PROCESSES,FILE" backrefs=no' 匹配到的行后增加一行:
#ansible oms -m lineinfile -a 'dest=/etc/sudoers insertafter="Cmnd_Alias SYSTEM = /usr/sbin/reboot, /usr/sbin/halt, /usr/bin/ansible, /usr/bin/ssh" line="Cmnd_Alias FILE = /bin/mkdir,/bin/touch,/usr/bin/vim"' 删除匹配到的行:
#ansible oms -m lineinfile -a 'path=/etc/sudoers state=absent regexp="PROCESSES,FILE"'
页:
[1]