ansible常用模块
ansible常用模块使用详解
ansible常用模块有:
- ping
- yum
- template
- copy
- user
- group
- service
- raw
- command
- shell
- script
ansible常用模块raw
、command
、shell
的区别:
- shell模块调用的/bin/sh指令执行
- command模块不是调用的shell的指令,所以没有bash的环境变量
- raw很多地方和shell类似,更多的地方建议使用shell和command模块。但是如果是使用老版本python,需要用到raw,又或者是客户端是路由器,因为没有安装python模块,那就需要使用raw模块了
//为了方便演示,修改etc下的hosts文件,给134主机写一个映射,命名为a1
[root@cst ~]# vim /etc/hosts
192.168.102.132 a1
//修改inventory文件
[root@cst ~]# vim /etc/ansible/inventory
[phps]
a1
ansible常用模块之ping
ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong
[root@cst ~]# ansible all -m ping
a1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
ansible常用模块之command
command模块用于在远程主机上执行命令,ansible默认就是使用command模块。
command模块有一个缺陷就是不能使用管道符和重定向功能。
//查看受控主机的etc目录下yum.repos.d目录的内容
[root@cst ~]# ansible a1 -m -a 'ls /etc/yum.repos.d/'
a1 | CHANGED | rc=0 >>
CentOS-Base.repo
percona-original-release.repo.bak
redhat.repo
[root@cst ~]# ansible a1 -m command -a 'ls /etc/yum.repos.d/'
a1 | CHANGED | rc=0 >>
CentOS-Base.repo
percona-original-release.repo.bak
redhat.repo
//在受控主机的/opt目录下新建一个文件test
[root@cst ~]# ansible a1 -a 'touch /opt/test'
[WARNING]: Consider using the file module with state=touch rather than running
'touch'. If you need to use command because file is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
a1 | CHANGED | rc=0 >>
[root@cst ~]# ansible a1 -a 'ls /opt'
a1 | CHANGED | rc=0 >>
mydata
test
//command模块不支持管道符,不支持重定向
尝试将123456写入到刚刚的test文件中,然后查看效果
[root@cst ~]# ansible a1 -a 'echo 123456 > /opt/test'
a1 | CHANGED | rc=0 >>
123456 > /opt/test
[root@cst ~]# ansible a1 -a 'cat /opt/test'
a1 | CHANGED | rc=0 >>
可以看到,看上去写入的命令执行成功了,但查询的时候并没有看到任何内容
同理,让我们查询一下是否安装过vim
[root@cst ~]# ansible a1 -a 'rpm -qa |grep vim'
[WARNING]: Consider using the yum, dnf or zypper module rather than running
'rpm'. If you need to use command because yum, dnf or zypper is insufficient
you can add 'warn: false' to this command task or set 'command_warnings=False'
in ansible.cfg to get rid of this message.
a1 | CHANGED | rc=0 >>
expat-2.2.5-4.el8.x86_64
python3-syspurpose-1.25.17-1.el8.x86_64
geolite2-city-20180605-1.el8.noarch
pcre-cpp-8.42-4.el8.x86_64
cronie-anacron-1.5.2-4.el8.x86_64
xkeyboard-config-2.24-3.el8.noarch
……
其他输出内容省略,可以看到,管道符后的查询命令没有生效
ansible常用模块之raw
raw模块用于在远程主机上执行命令,其支持管道符与重定向
//将123456写入到刚刚的test文件中,然后查看效果
[root@cst ~]# ansible a1 -m raw -a 'echo 123456 > /opt/test'
a1 | CHANGED | rc=0 >>
Shared connection to a1 closed.
[root@cst ~]# ansible a1 -m raw -a 'cat /opt/test'
a1 | CHANGED | rc=0 >>
123456
Shared connection to a1 closed.
//查询一下是否安装过vim
[root@cst ~]# ansible a1 -m raw -a 'rpm -qa |grep vim'
a1 | CHANGED | rc=0 >>
vim-minimal-8.0.1763-13.el8.x86_64
vim-common-8.0.1763-13.el8.x86_64
vim-X11-8.0.1763-13.el8.x86_64
vim-filesystem-8.0.1763-13.el8.noarch
vim-enhanced-8.0.1763-13.el8.x86_64
Shared connection to a1 closed.
ansible常用模块之shell
shell模块用于在受控机上执行受控机上的脚本,亦可直接在受控机上执行命令。
shell模块亦支持管道与重定向。
//在受控机132上写一个脚本,然后在主控机上执行
[root@132 ~]# mkdir /opt/script
[root@132 ~]# cd /opt/script/
[root@132 script]# vim a.sh
#!/bin/bash
echo abc 123 456 def
[root@cst ~]# ansible a1 -m shell -a '/bin/bash /opt/script/a.sh &> /opt/abc'
a1 | CHANGED | rc=0 >>
[root@cst ~]# ansible a1 -a 'cat /opt/abc'
a1 | CHANGED | rc=0 >>
abc 123 456 def
ansible常用模块之script
script模块用于在受控机上执行主控机上的脚本
//在主控机上写一个脚本
[root@cst ~]# cd /etc/ansible/
[root@cst ansible]# mkdir scripts
[root@cst ansible]# ls
ansible.cfg hosts inventory roles scripts
[root@cst ansible]# cd scripts/
[root@cst scripts]# vim aa.sh
#!/bin/bash
ip a > /opt/123
//用主控机在受控机上执行后查看效果
[root@cst ~]# ansible a1 -m script -a '/etc/ansible/scripts/aa.sh'
a1 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to a1 closed.\r\n",
"stderr_lines": [
"Shared connection to a1 closed."
],
"stdout": "",
"stdout_lines": []
}
[root@cst ~]# ansible a1 -a 'cat /opt/123'
a1 | CHANGED | rc=0 >>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:49:ea brd ff:ff:ff:ff:ff:ff
inet 192.168.102.132/24 brd 192.168.102.255 scope global dynamic noprefixroute ens160
valid_lft 1460sec preferred_lft 1460sec
inet6 fe80::7dbc:25ce:3e17:2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
ansible常用模块之template
template模块用于生成一个模板,并可将其传输至远程主机上。
//在主控机上写一个文件传到受控机的opt目录下
[root@cst ~]# echo sdasadas > 6666
[root@cst ~]# ansible a1 -m template -a 'src=6666 dest=/opt'
a1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "147c9ea433282e03286c37f76e46507dbf816179",
"dest": "/opt/6666",
"gid": 0,
"group": "root",
"md5sum": "26b943f570825b0d7b355eb5a4a322a1",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 9,
"src": "/root/.ansible/tmp/ansible-tmp-1610046444.1653154-2639-78913265354542/source",
"state": "file",
"uid": 0
}
[root@cst ~]# ansible a1 -a 'ls /opt'
a1 | CHANGED | rc=0 >>
123
6666
ab
abc
abc.txt
mydata
script
test
[root@cst ~]# ansible a1 -a 'cat /opt/6666'
a1 | CHANGED | rc=0 >>
sdasadas
ansible常用模块之yum/dnf
yum模块用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个
- name:要管理的包名
- state:要进行的操作
state常用的值:
- latest:安装软件
- installed:安装软件
- present:安装软件
- removed:卸载软件
- absent:卸载软件
若想使用yum来管理软件,请确保受控机上的yum源无异常。
//在受控机上看vsftpd是否安装
[root@132 ~]# rpm -qa |grep zsh
[root@132 ~]#
//在主控机上使用yum模块在受控机上安装vsftpd
[root@cst ~]# ansible a1 -m dnf -a 'name=vsftpd state=present'
a1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "Nothing to do",
"rc": 0,
"results": []
}
//在受控机上查看
[root@132 ~]# rpm -qa |grep vsftpd
vsftpd-3.0.3-31.el8.x86_64
ansible常用模块之copy
copy模块用于复制文件至远程受控机。
//把主控机上opt目录中1234文件复制到受控机的tmp目录下,并命名为abc
[root@cst opt]# ls
1234 mydata script
[root@cst opt]# ansible a1 -m copy -a 'src=/opt/1234 dest=/tmp/abc'
a1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/abc",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1610047573.6644232-2801-230209187865521/source",
"state": "file",
"uid": 0
}
[root@cst opt]# ansible a1 -a 'ls /tmp'
a1 | CHANGED | rc=0 >>
abc
ansible_command_payload_2cp8uwc5
hsperfdata_root
systemd-private-c657a0d0022a4577ae14c162ef0a2f23-mariadb.service-kaK3Sk
vmware-root_954-2722108059
vmware-root_957-3988097346
vmware-root_958-2730693406
vmware-root_959-3979643072
vmware-root_962-2990678749
vmware-root_965-4256676100
vmware-root_968-2965448017
vmware-root_969-4281777807
vmware-root_977-4282171025
ansible常用模块之group
group模块用于在受控机上添加或删除组。
//在主控机上为受控机添加一个组,名为tom,gid为2000
[root@cst ~]# ansible a1 -m group -a 'name=tom gid=2000 state=present'
a1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 2000,
"name": "tom",
"state": "present",
"system": false
}
[root@cst ~]# ansible a1 -a 'grep tom /etc/group'
a1 | CHANGED | rc=0 >>
tom:x:2000:
//删除该组
[root@cst ~]# ansible a1 -m group -a 'name=tom gid=2000 state=absent'
a1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "tom",
"state": "absent"
}
[root@cst ~]# ansible a1 -a 'grep tom /etc/group'
a1 | FAILED | rc=1 >>
non-zero return code
ansible常用模块之user
user模块用于管理受控机的用户帐号。
//在受控机上添加一个系统用户,用户名为mysqld,uid为306,设置其shell为/sbin/nologin,无家目录
[root@cst ~]# ansible a1 -m user -a 'name=mysqld uid=306 system=yes create_home=no shell=/sbin/nologin state=present'
a1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 306,
"home": "/home/mysqld",
"name": "mysqld",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 306
}
[root@cst ~]# ansible a1 -m shell -a 'grep mysqld /etc/passwd'
a1 | CHANGED | rc=0 >>
mysqld:x:306:306::/home/mysqld:/sbin/nologin
[root@cst ~]# ansible a1 -a 'ls /home'
a1 | CHANGED | rc=0 >>
mike
//修改mysqld用户的uid为458
[root@cst ~]# ansible a1 -m user -a 'name=mysqld uid=458'
a1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"append": false,
"changed": true,
"comment": "",
"group": 306,
"home": "/home/mysqld",
"move_home": false,
"name": "mysqld",
"shell": "/sbin/nologin",
"state": "present",
"uid": 458
}
[root@cst ~]# ansible a1 -m shell -a 'grep mysqld /etc/passwd'
a1 | CHANGED | rc=0 >>
mysqld:x:458:306::/home/mysqld:/sbin/nologin
//删除受控机上的mysqld用户
[root@cst ~]# ansible a1 -m user -a 'name=mysqld state=absent'
a1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"force": false,
"name": "mysqld",
"remove": false,
"state": "absent"
}
[root@cst ~]# ansible a1 -m shell -a 'grep mysqld /etc/passwd'
a1 | FAILED | rc=1 >>
non-zero return code
ansible常用模块之service
service模块用于管理受控机上的服务。
//查看受控机上的vsftpd服务是否启动
[root@cst ~]# ansible a1 -a 'systemctl is-active vsftpd'
a1 | FAILED | rc=3 >>
inactivenon-zero return code
//启动受控机上的vsftpd服务
[root@cst ~]# ansible a1 -m service -a 'name=vsftpd state=started'
a1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "vsftpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
……
[root@cst ~]# ansible a1 -a 'systemctl is-active vsftpd'
a1 | CHANGED | rc=0 >>
active
//查看受控机上的vsftpd服务是否开机自动启动
[root@cst ~]# ansible a1 -a 'systemctl is-enabled vsftpd'
a1 | FAILED | rc=1 >>
disablednon-zero return code
//设置受控机上的vsftpd服务开机自动启动
[root@cst ~]# ansible a1 -m service -a 'name=vsftpd enabled=yes'
a1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "vsftpd",
"status": {
"ActiveEnterTimestamp": "Thu 2021-01-07 03:50:31 CST",
……
[root@cst ~]# ansible a1 -a 'systemctl is-enabled vsftpd'
a1 | CHANGED | rc=0 >>
enabled
//停止受控机上的vsftpd服务
[root@cst ~]# ansible a1 -m service -a 'name=vsftpd state=stopped'
a1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "vsftpd",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "Thu 2021-01-07 03:50:31 CST",
……
[root@cst ~]# ansible a1 -a 'systemctl is-active vsftpd'
a1 | FAILED | rc=3 >>
inactivenon-zero return code