ansible常用模块

ansible常用模块

ansible常用模块使用详解

ansible常用模块有:

  • ping
  • yum
  • template
  • copy
  • user
  • group
  • service
  • raw
  • command
  • shell
  • script

ansible常用模块rawcommandshell的区别:

  • shell模块调用的/bin/sh指令执行
  • command模块不是调用的shell的指令,所以没有bash的环境变量
  • raw很多地方和shell类似,更多的地方建议使用shell和command模块。但是如果是使用老版本python,需要用到raw,又或者是客户端是路由器,因为没有安装python模块,那就需要使用raw模块了
//为了方便演示,修改etc下的hosts文件,给134主机写一个映射,命名为a1
[root@cst ~]# vim /etc/hosts

192.168.102.132 a1

//修改inventory文件
[root@cst ~]# vim /etc/ansible/inventory

[phps]
a1

ansible常用模块之ping

ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong

[root@cst ~]# ansible all -m ping
a1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

ansible常用模块之command

command模块用于在远程主机上执行命令,ansible默认就是使用command模块。

command模块有一个缺陷就是不能使用管道符和重定向功能。

//查看受控主机的etc目录下yum.repos.d目录的内容
[root@cst ~]# ansible a1 -m -a 'ls /etc/yum.repos.d/'
a1 | CHANGED | rc=0 >>
CentOS-Base.repo
percona-original-release.repo.bak
redhat.repo
[root@cst ~]# ansible a1 -m command -a 'ls /etc/yum.repos.d/'
a1 | CHANGED | rc=0 >>
CentOS-Base.repo
percona-original-release.repo.bak
redhat.repo

//在受控主机的/opt目录下新建一个文件test
[root@cst ~]# ansible a1 -a 'touch /opt/test'
[WARNING]: Consider using the file module with state=touch rather than running
'touch'.  If you need to use command because file is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
a1 | CHANGED | rc=0 >>

[root@cst ~]# ansible a1 -a 'ls /opt'
a1 | CHANGED | rc=0 >>
mydata
test

//command模块不支持管道符,不支持重定向
尝试将123456写入到刚刚的test文件中,然后查看效果
[root@cst ~]# ansible a1 -a 'echo 123456 > /opt/test'
a1 | CHANGED | rc=0 >>
123456 > /opt/test
[root@cst ~]# ansible a1 -a 'cat /opt/test'
a1 | CHANGED | rc=0 >>

可以看到,看上去写入的命令执行成功了,但查询的时候并没有看到任何内容
同理,让我们查询一下是否安装过vim
[root@cst ~]# ansible a1 -a 'rpm -qa |grep vim'
[WARNING]: Consider using the yum, dnf or zypper module rather than running
'rpm'.  If you need to use command because yum, dnf or zypper is insufficient
you can add 'warn: false' to this command task or set 'command_warnings=False'
in ansible.cfg to get rid of this message.
a1 | CHANGED | rc=0 >>
expat-2.2.5-4.el8.x86_64
python3-syspurpose-1.25.17-1.el8.x86_64
geolite2-city-20180605-1.el8.noarch
pcre-cpp-8.42-4.el8.x86_64
cronie-anacron-1.5.2-4.el8.x86_64
xkeyboard-config-2.24-3.el8.noarch
……

其他输出内容省略,可以看到,管道符后的查询命令没有生效

ansible常用模块之raw

raw模块用于在远程主机上执行命令,其支持管道符与重定向

//将123456写入到刚刚的test文件中,然后查看效果
[root@cst ~]# ansible a1 -m raw -a 'echo 123456 > /opt/test'
a1 | CHANGED | rc=0 >>
Shared connection to a1 closed.

[root@cst ~]# ansible a1 -m raw -a 'cat /opt/test'
a1 | CHANGED | rc=0 >>
123456
Shared connection to a1 closed.

//查询一下是否安装过vim
[root@cst ~]# ansible a1 -m raw -a 'rpm -qa |grep vim'
a1 | CHANGED | rc=0 >>
vim-minimal-8.0.1763-13.el8.x86_64
vim-common-8.0.1763-13.el8.x86_64
vim-X11-8.0.1763-13.el8.x86_64
vim-filesystem-8.0.1763-13.el8.noarch
vim-enhanced-8.0.1763-13.el8.x86_64
Shared connection to a1 closed.

ansible常用模块之shell

shell模块用于在受控机上执行受控机上的脚本,亦可直接在受控机上执行命令。
shell模块亦支持管道与重定向。

//在受控机132上写一个脚本,然后在主控机上执行
[root@132 ~]# mkdir /opt/script
[root@132 ~]# cd /opt/script/
[root@132 script]# vim a.sh

#!/bin/bash

echo abc 123 456 def

[root@cst ~]# ansible a1 -m shell -a '/bin/bash /opt/script/a.sh &> /opt/abc'
a1 | CHANGED | rc=0 >>

[root@cst ~]# ansible a1 -a 'cat /opt/abc'
a1 | CHANGED | rc=0 >>
abc 123 456 def

ansible常用模块之script

script模块用于在受控机上执行主控机上的脚本

//在主控机上写一个脚本
[root@cst ~]# cd /etc/ansible/
[root@cst ansible]# mkdir scripts
[root@cst ansible]# ls
ansible.cfg  hosts  inventory  roles  scripts
[root@cst ansible]# cd scripts/
[root@cst scripts]# vim aa.sh

#!/bin/bash

ip a > /opt/123

//用主控机在受控机上执行后查看效果
[root@cst ~]# ansible a1 -m script -a '/etc/ansible/scripts/aa.sh'
a1 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to a1 closed.\r\n",
    "stderr_lines": [
        "Shared connection to a1 closed."
    ],
    "stdout": "",
    "stdout_lines": []
}
[root@cst ~]# ansible a1 -a 'cat /opt/123'
a1 | CHANGED | rc=0 >>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:f9:49:ea brd ff:ff:ff:ff:ff:ff
    inet 192.168.102.132/24 brd 192.168.102.255 scope global dynamic noprefixroute ens160
       valid_lft 1460sec preferred_lft 1460sec
    inet6 fe80::7dbc:25ce:3e17:2/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

ansible常用模块之template

template模块用于生成一个模板,并可将其传输至远程主机上。

//在主控机上写一个文件传到受控机的opt目录下
[root@cst ~]# echo sdasadas > 6666
[root@cst ~]# ansible a1 -m template -a 'src=6666 dest=/opt'
a1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "147c9ea433282e03286c37f76e46507dbf816179",
    "dest": "/opt/6666",
    "gid": 0,
    "group": "root",
    "md5sum": "26b943f570825b0d7b355eb5a4a322a1",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:usr_t:s0",
    "size": 9,
    "src": "/root/.ansible/tmp/ansible-tmp-1610046444.1653154-2639-78913265354542/source",
    "state": "file",
    "uid": 0
}
[root@cst ~]# ansible a1 -a 'ls /opt'
a1 | CHANGED | rc=0 >>
123
6666
ab
abc
abc.txt
mydata
script
test
[root@cst ~]# ansible a1 -a 'cat /opt/6666'
a1 | CHANGED | rc=0 >>
sdasadas

ansible常用模块之yum/dnf

yum模块用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个

  • name:要管理的包名
  • state:要进行的操作

state常用的值:

  • latest:安装软件
  • installed:安装软件
  • present:安装软件
  • removed:卸载软件
  • absent:卸载软件

若想使用yum来管理软件,请确保受控机上的yum源无异常。

//在受控机上看vsftpd是否安装
[root@132 ~]# rpm -qa |grep zsh
[root@132 ~]# 

//在主控机上使用yum模块在受控机上安装vsftpd
[root@cst ~]# ansible a1 -m dnf -a 'name=vsftpd state=present'
a1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "msg": "Nothing to do",
    "rc": 0,
    "results": []
}

//在受控机上查看
[root@132 ~]# rpm -qa |grep vsftpd
vsftpd-3.0.3-31.el8.x86_64

ansible常用模块之copy

copy模块用于复制文件至远程受控机。

//把主控机上opt目录中1234文件复制到受控机的tmp目录下,并命名为abc
[root@cst opt]# ls
1234  mydata  script
[root@cst opt]# ansible a1 -m copy -a 'src=/opt/1234 dest=/tmp/abc'
a1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
    "dest": "/tmp/abc",
    "gid": 0,
    "group": "root",
    "md5sum": "d41d8cd98f00b204e9800998ecf8427e",
    "mode": "0644",
    "owner": "root",
    "secontext": "unconfined_u:object_r:admin_home_t:s0",
    "size": 0,
    "src": "/root/.ansible/tmp/ansible-tmp-1610047573.6644232-2801-230209187865521/source",
    "state": "file",
    "uid": 0
}
[root@cst opt]# ansible a1 -a 'ls /tmp'
a1 | CHANGED | rc=0 >>
abc
ansible_command_payload_2cp8uwc5
hsperfdata_root
systemd-private-c657a0d0022a4577ae14c162ef0a2f23-mariadb.service-kaK3Sk
vmware-root_954-2722108059
vmware-root_957-3988097346
vmware-root_958-2730693406
vmware-root_959-3979643072
vmware-root_962-2990678749
vmware-root_965-4256676100
vmware-root_968-2965448017
vmware-root_969-4281777807
vmware-root_977-4282171025

ansible常用模块之group

group模块用于在受控机上添加或删除组。

//在主控机上为受控机添加一个组,名为tom,gid为2000
[root@cst ~]# ansible a1 -m group -a 'name=tom gid=2000 state=present'
a1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "gid": 2000,
    "name": "tom",
    "state": "present",
    "system": false
}
[root@cst ~]# ansible a1 -a 'grep tom /etc/group'
a1 | CHANGED | rc=0 >>
tom:x:2000:

//删除该组
[root@cst ~]# ansible a1 -m group -a 'name=tom gid=2000 state=absent'
a1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "name": "tom",
    "state": "absent"
}
[root@cst ~]# ansible a1 -a 'grep tom /etc/group'
a1 | FAILED | rc=1 >>
non-zero return code

ansible常用模块之user

user模块用于管理受控机的用户帐号。

//在受控机上添加一个系统用户,用户名为mysqld,uid为306,设置其shell为/sbin/nologin,无家目录
[root@cst ~]# ansible a1 -m user -a 'name=mysqld uid=306 system=yes create_home=no shell=/sbin/nologin state=present'
a1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "comment": "",
    "create_home": false,
    "group": 306,
    "home": "/home/mysqld",
    "name": "mysqld",
    "shell": "/sbin/nologin",
    "state": "present",
    "system": true,
    "uid": 306
}

[root@cst ~]# ansible a1 -m shell -a 'grep mysqld /etc/passwd'
a1 | CHANGED | rc=0 >>
mysqld:x:306:306::/home/mysqld:/sbin/nologin
[root@cst ~]# ansible a1 -a 'ls /home'
a1 | CHANGED | rc=0 >>
mike

//修改mysqld用户的uid为458
[root@cst ~]# ansible a1 -m user -a 'name=mysqld uid=458'
a1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "append": false,
    "changed": true,
    "comment": "",
    "group": 306,
    "home": "/home/mysqld",
    "move_home": false,
    "name": "mysqld",
    "shell": "/sbin/nologin",
    "state": "present",
    "uid": 458
}
[root@cst ~]# ansible a1 -m shell -a 'grep mysqld /etc/passwd'
a1 | CHANGED | rc=0 >>
mysqld:x:458:306::/home/mysqld:/sbin/nologin

//删除受控机上的mysqld用户
[root@cst ~]# ansible a1 -m user -a 'name=mysqld state=absent'
a1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "force": false,
    "name": "mysqld",
    "remove": false,
    "state": "absent"
}
[root@cst ~]# ansible a1 -m shell -a 'grep mysqld /etc/passwd'
a1 | FAILED | rc=1 >>
non-zero return code

ansible常用模块之service

service模块用于管理受控机上的服务。

//查看受控机上的vsftpd服务是否启动
[root@cst ~]# ansible a1 -a 'systemctl is-active vsftpd'
a1 | FAILED | rc=3 >>
inactivenon-zero return code

//启动受控机上的vsftpd服务
[root@cst ~]#  ansible a1 -m service -a 'name=vsftpd state=started'
a1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "name": "vsftpd",
    "state": "started",
    "status": {
        "ActiveEnterTimestampMonotonic": "0",
……
[root@cst ~]# ansible a1 -a 'systemctl is-active vsftpd'
a1 | CHANGED | rc=0 >>
active

//查看受控机上的vsftpd服务是否开机自动启动
[root@cst ~]# ansible a1 -a 'systemctl is-enabled vsftpd'
a1 | FAILED | rc=1 >>
disablednon-zero return code

//设置受控机上的vsftpd服务开机自动启动
[root@cst ~]# ansible a1 -m service -a 'name=vsftpd enabled=yes'
a1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "enabled": true,
    "name": "vsftpd",
    "status": {
        "ActiveEnterTimestamp": "Thu 2021-01-07 03:50:31 CST",
……
[root@cst ~]# ansible a1 -a 'systemctl is-enabled vsftpd'
a1 | CHANGED | rc=0 >>
enabled

//停止受控机上的vsftpd服务
[root@cst ~]# ansible a1 -m service -a 'name=vsftpd state=stopped'
a1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "name": "vsftpd",
    "state": "stopped",
    "status": {
        "ActiveEnterTimestamp": "Thu 2021-01-07 03:50:31 CST",
……
[root@cst ~]# ansible a1 -a 'systemctl is-active vsftpd'
a1 | FAILED | rc=3 >>
inactivenon-zero return code

上一篇:ansible及常用模块的使用


下一篇:burpsuite简单使用