Linux 7 Ansible 初学 一个简单的 playbook 学习 yum 模块
编写一个简单的 playbook 要求被控制服务器[dev]组,安装 PHP 和 MariaDB Development tools 并更新服务器的所有包到最新版本
[student@workstation ansible]$ vim package.yml [student@workstation ansible]$ cat package.yml --- - name: install package hosts: all tasks: - name: install php and mariaDB yum: name: - php - mariadb state: present when: ansible_hostname in groups[‘dev‘] - name: install the ‘Development tools‘ package group yum: name: "@Development tools" state: present when: ansible_hostname in groups[‘dev‘] - name: upgrade all packages yum: name: "*" state: latest
运行效果
[student@workstation ansible]$ ansible-playbook package.yml PLAY [install package] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [servera] ok: [serverc] ok: [serverb] ok: [serverd] TASK [install php and mariaDB] ************************************************* skipping: [serverd] skipping: [serverc] skipping: [serverb] changed: [servera] TASK [install the ‘Development tools‘ package group] *************************** skipping: [serverc] skipping: [serverd] skipping: [serverb] changed: [servera] TASK [upgrade all packages] **************************************************** ok: [servera] ok: [serverc] ok: [serverb] ok: [serverd] PLAY RECAP ********************************************************************* servera : ok=4 changed=2 unreachable=0 failed=0 serverb : ok=2 changed=0 unreachable=0 failed=0 serverc : ok=2 changed=0 unreachable=0 failed=0 serverd : ok=2 changed=0 unreachable=0 failed=0
对于 yum 模块不熟悉的,可以通过 ansible-doc yum 命令查询帮助
[student@workstation ansible]$ ansible-doc yum > YUM (/usr/lib/python2.7/site-packages/ansible/modules/packaging/os/yum.py) Installs, upgrade, downgrades, removes, and lists packages and groups with the `yum‘ package manager. This module only works on Python 2. If you require Python 3 support see the [dnf] module. * note: This module has a corresponding action plugin. OPTIONS (= is mandatory): - allow_downgrade Specify if the named package and version is allowed to downgrade a maybe already installed higher version of that package. Note that setting allow_downgrade=True can make this module behave in a non-idempotent way. The task could end up with a set of packages that does not match the complete list of specified packages to install (because dependencies between the downgraded package and others can cause changes to the packages which were in the earlier transaction). [Default: no] type: bool version_added: 2.4 - autoremove If `yes‘, removes all "leaf" packages from the system that were originally installed as dependencies of user-installed packages but which are no longer required by any such package. Should be used alone or when state is `absent‘ NOTE: This feature requires yum >= 3.4.3 (RHEL/CentOS 7+) [Default: False] type: bool version_added: 2.7 - bugfix If set to `yes‘, and `state=latest‘ then only installs updates that have been marked bugfix related. [Default: no] version_added: 2.6 - conf_file The remote yum configuration file to use for the transaction. [Default: (null)] version_added: 0.6 - disable_excludes Disable the excludes defined in YUM config files. If set to `all‘, disables all excludes. If set to `main‘, disable excludes defined in [main] in yum.conf. If set to `repoid‘, disable excludes defined for given repo id. [Default: (null)] version_added: 2.7 - disable_gpg_check Whether to disable the GPG checking of signatures of packages being installed. Has an effect only if state is `present‘ or `latest‘. [Default: no] type: bool version_added: 1.2 - disable_plugin `Plugin‘ name to disable for the install/update operation. The disabled plugins will not persist beyond the transaction. [Default: (null)] version_added: 2.5 - disablerepo `Repoid‘ of repositories to disable for the install/update operation. These repos will not persist beyond the transaction. When specifying multiple repos, separate them with a `","‘. As of Ansible 2.7, this can alternatively be a list instead of `","‘ separated string [Default: (null)] version_added: 0.9 - download_only Only download the packages, do not install them. [Default: no] type: bool version_added: 2.7 - enable_plugin `Plugin‘ name to enable for the install/update operation. The enabled plugin will not persist beyond the transaction. [Default: (null)] version_added: 2.5 - enablerepo `Repoid‘ of repositories to enable for the install/update operation. These repos will not persist beyond the transaction. When specifying multiple repos, separate them with a `","‘. As of Ansible 2.7, this can alternatively be a list instead of `","‘ separated string [Default: (null)] version_added: 0.9 - exclude Package name(s) to exclude when state=present, or latest [Default: (null)] version_added: 2.0 - installroot Specifies an alternative installroot, relative to which all packages will be installed. [Default: /] version_added: 2.3 - list Package name to run the equivalent of yum list <package> against. In addition to listing packages, use can also list the following: `installed‘, `updates‘, `available‘ and `repos‘. [Default: (null)] - name A package name or package specifier with version, like `name-1.0‘. If a previous version is specified, the task also needs to turn `allow_downgrade‘ on. See the `allow_downgrade‘ documentation for caveats with downgrading packages. When using state=latest, this can be `‘*‘‘ which means run `yum -y update‘. You can also pass a url or a local path to a rpm file (using state=present). To operate on several packages this can accept a comma separated string of packages or (as of 2.0) a list of packages. (Aliases: pkg)[Default: (null)] - releasever Specifies an alternative release from which all packages will be installed. [Default: None] version_added: 2.7 - security If set to `yes‘, and `state=latest‘ then only installs updates that have been marked security related. [Default: no] type: bool version_added: 2.4 - skip_broken Skip packages with broken dependencies(devsolve) and are causing problems. [Default: no] type: bool version_added: 2.3 - state Whether to install (`present‘ or `installed‘, `latest‘), or remove (`absent‘ or `removed‘) a package. `present‘ and `installed‘ will simply ensure that a desired package is installed. `latest‘ will update the specified package if it‘s not of the latest available version. `absent‘ and `removed‘ will remove the specified package. (Choices: absent, installed, latest, present, removed)[Default: present] - update_cache Force yum to check if cache is out of date and redownload if needed. Has an effect only if state is `present‘ or `latest‘. (Aliases: expire-cache)[Default: no] type: bool version_added: 1.9 - update_only When using latest, only update installed packages. Do not install packages. Has an effect only if state is `latest‘ [Default: no] type: bool version_added: 2.5 - use_backend This module supports `yum‘ (as it always has), this is known as `yum3‘/`YUM3‘/`yum-deprecated‘ by upstream yum developers. As of Ansible 2.7+, this module also supports `YUM4‘, which is the "new yum" and it has an `dnf‘ backend. By default, this module will select the backend based on the `ansible_pkg_mgr‘ fact. (Choices: auto, yum, yum4, dnf)[Default: auto] version_added: 2.7 - validate_certs This only applies if using a https url as the source of the rpm. e.g. for localinstall. If set to `no‘, the SSL certificates will not be validated. This should only set to `no‘ used on personally controlled sites using self-signed certificates as it avoids verifying the source site. Prior to 2.1 the code worked as if this was set to `yes‘. [Default: yes] type: bool version_added: 2.1 NOTES: * When used with a `loop:` each package will be processed individually, it is much more efficient to pass the list directly to the `name` option. * In versions prior to 1.9.2 this module installed and removed each package given to the yum module separately. This caused problems when packages specified by filename or url had to be installed or removed together. In 1.9.2 this was fixed so that packages are installed in one yum transaction. However, if one of the packages adds a new yum repository that the other packages come from (such as epel-release) then that package needs to be installed in a separate task. This mimics yum‘s command line behaviour. * Yum itself has two types of groups. "Package groups" are specified in the rpm itself while "environment groups" are specified in a separate file (usually by the distribution). Unfortunately, this division becomes apparent to ansible users because ansible needs to operate on the group of packages in a single transaction and yum requires groups to be specified in different ways when used in that way. Package groups are specified as "@development-tools" and environment groups are "@^gnome-desktop-environment". Use the "yum group list" command to see which category of group the group you want to install falls into. REQUIREMENTS: yum AUTHOR: Ansible Core Team, Seth Vidal, Eduard Snesarev (@verm666), Berend De Sch METADATA: status: - stableinterface supported_by: core EXAMPLES: - name: install the latest version of Apache yum: name: httpd state: latest - name: ensure a list of packages installed yum: name: "{{ packages }}" vars: packages: - httpd - httpd-tools - name: remove the Apache package yum: name: httpd state: absent - name: install the latest version of Apache from the testing repo yum: name: httpd enablerepo: testing state: present - name: install one specific version of Apache yum: name: httpd-2.2.29-1.4.amzn1 state: present - name: upgrade all packages yum: name: ‘*‘ state: latest - name: upgrade all packages, excluding kernel & foo related packages yum: name: ‘*‘ state: latest exclude: kernel*,foo* - name: install the nginx rpm from a remote repo yum: name: http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6- state: present - name: install nginx rpm from a local file yum: name: /usr/local/src/nginx-release-centos-6-0.el6.ngx.noarch.rpm state: present - name: install the ‘Development tools‘ package group yum: name: "@Development tools" state: present - name: install the ‘Gnome desktop‘ environment group yum: name: "@^gnome-desktop-environment" state: present - name: List ansible packages and register result to print with debug later. yum: list: ansible register: result - name: Install package with multiple repos enabled yum: name: sos enablerepo: "epel,ol7_latest" - name: Install package with multiple repos disabled yum: name: sos disablerepo: "epel,ol7_latest" - name: Install a list of packages yum: name: - nginx - postgresql - postgresql-server state: present - name: Download the nginx package but do not install it yum: name: - nginx state: latest download_only: true (END)