第1章 ansible常用模块
模块名 | 作用 |
command(重要) | 执行命令模块,ansible命令执行默认模块 |
copy(重要) | 文件拷贝模块,把本地文件发送到远端 |
shell(重要) | 执行shell脚本模块 |
script(重要) | 执行shell脚本模块,脚本不需要上传到客户端 |
yum | yum软件包安装管理模块 |
service | 系统服务管理模块 |
file | 设定文件属性模块 |
cron | 计划任务管理模块 |
synchronize | 使用rsync同步文件模块 |
user | 用户管理模块 |
unarchive | 压缩、解压缩模块 |
make | 编译模块 |
lineinfile | 文件修改模块 |
mount | 挂载模块 |
sysctl | 内核参数管理模块 |
modprobe | 内核模块管理模块 |
iptables | 防火墙管理模块 |
debug | 调试模块 |
- ansible命令输出信息中颜色的意义:
- 绿色表示查询,或者没有发生任何改变时
- 红色表示执行命令操作出现异常
- 黄色表示执行命令后,对受控主机产生了影响,发生了配置改变
1.1 command模块
command模块作为默认模块,在不指定使用的模块时即是采用command模块。
1.1.1 command常用参数信息表
选项参数 | 选项说明 |
chdir | 执行command指定的命令前切换到chdir指定的目录 |
creates | 一个文件名字或全局模式,当它已经存在时,这一步将不会执行 |
removes | 一个文件名字或全局模式,当它不存在时,这一步将不会执行 |
- 执行ping命令,测试主机是否已经连通
[root@m01 ~]# ansible test -m ping 172.16.1.31 | SUCCESS => { "changed": false, "ping": "pong" } 172.16.1.41 | SUCCESS => { "changed": false, "ping": "pong" } 172.16.1.8 | SUCCESS => { "changed": false, "ping": "pong" }
- 命令说明:
- 简单的测试模块,这个模块在成功连接时总是返回"pong",在剧本中没有意义,但是能够使用ansible命令验证登录能力和用于python的配置。
- 这个并不是传统的ICMP ping,而是先检查能否通过ssh登录节点,再检查python版本能否满足要求,能满足要求再返回pong。
- 获取所有主机的w信息
[root@m01 ~]# ansible all -m command -a "w" 172.16.1.31 | SUCCESS | rc=0 >> 14:26:32 up 6:11, 1 user, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 172.16.1.61 14:26 0.00s 0.10s 0.00s /bin/sh -c /usr 172.16.1.8 | SUCCESS | rc=0 >> 14:26:32 up 2 days, 3:41, 1 user, load average: 0.02, 0.01, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 172.16.1.61 14:26 0.00s 0.10s 0.00s /bin/sh -c /usr 172.16.1.41 | SUCCESS | rc=0 >> 14:26:32 up 3 days, 14:34, 2 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 10.0.0.253 13:11 1:06m 0.20s 0.20s -bash root pts/1 172.16.1.61 14:26 0.00s 0.08s 0.00s /bin/sh -c /usr
- 命令说明:
- all:代表所有主机
- -m command:使用命令模块
- -a "w":执行w命令
1.2 copy模块
1.2.1 copy常用参数信息表
选项参数 | 选项说明 |
backup | 在覆盖远端服务器文件之前,将远端服务器源文件备份,备份文件包含时间信息,有两个选项:yes或no |
content | 用于替代"src",可以直接设定指定文件的内容,等价于echo |
dest | 复制的目标目录或文件,如果不存在则直接创建目录,若最后为文件名且和源文件的文件名不同,则源文件复制更名为新的文件名 |
directory_mode | 递归设定目录的权限,默认为系统默认权限 |
force | 如果目标主机包含该文件,但内容不同,如果设置为yes,则强制覆盖,如果为no,则只有当目标主机的目标位置不存在该文件时才复制,默认为yes |
others | 所有的file模块里的选项都可以在这里使用 |
src | 被复制到远程主机的本地文件,可以是绝对路径或相对路径,如果路径是一个目录,则将会递归复制。这种情况下,如果路径使用"/"来结尾,则只复制目录里的内容,否则将整个目录复制过去,类似于rsync |
mode | 设置远程拷贝文件后文件的属性,如mode=0644 |
owner | 设置远程拷贝文件/目录后,文件/目录的属主,同chown |
group | 设置远程拷贝文件/目录后,文件/目录的属组,同chown |
remote_src
(2.0版本+) |
如果是no,则src使用的是本地主机文件/目录的路径;如果是yes,则src使用的是远程主机的文件/目录路径(此时copy不能递归拷贝远程主机的目录)。默认是no |
- 复制文件到被控端
[root@m01 ~]# ansible test -m copy -a "src=/etc/hosts dest=/tmp/a/b/c/ mode=0644 owner=test group=test backup=yes " 172.16.1.41 | SUCCESS => { "changed": true, "checksum": "545f587595b5c60d66243fca48e052ed34eed782", "dest": "/tmp/a/b/c/hosts", "gid": 500, "group": "test", "md5sum": "fe08440ffebed54cab7a9b4cb3c3beda", "mode": "0644", "owner": "test", "size": 371, "src": "/root/.ansible/tmp/ansible-tmp-1504766308.84-256601164662636/source", "state": "file", "uid": 500 } 172.16.1.8 | SUCCESS => { "changed": true, "checksum": "545f587595b5c60d66243fca48e052ed34eed782", "dest": "/tmp/a/b/c/hosts", "gid": 500, "group": "test", "md5sum": "fe08440ffebed54cab7a9b4cb3c3beda", "mode": "0644", "owner": "test", "size": 371, "src": "/root/.ansible/tmp/ansible-tmp-1504766308.84-23673833853730/source", "state": "file", "uid": 500 } 172.16.1.31 | SUCCESS => { "changed": true, "checksum": "545f587595b5c60d66243fca48e052ed34eed782", "dest": "/tmp/a/b/c/hosts", "gid": 500, "group": "test", "md5sum": "fe08440ffebed54cab7a9b4cb3c3beda", "mode": "0644", "owner": "test", "size": 371, "src": "/root/.ansible/tmp/ansible-tmp-1504766308.83-6065661728339/source", "state": "file", "uid": 500 } [root@backup ~]# ll /tmp total 644 -rw------- 1 test test 371 Sep 7 09:11 hosts -rw-r--r-- 1 root root 376 Sep 7 09:03 hosts.37479.2017-09-07@09:11:17~
- 命令说明:
- test:名为test的主机组
- -m copy:使用ansible的copy模块
- src=/etc/hosts:远程拷贝的源文件
- dest=/tmp/a/b/c/:远程拷贝的目的地址或文件名,
- 如果指定的目标目录不存在系统会自动创建,否则源目录会放到目标目录下面去
- 如果拷贝的是文件,dest指定的名字和源文件不同,相当于将源文件拷贝过去后重命名为指定的文件名
- mode=0644:设定文件的权限为0644
- owner=test group=test:设定文件的属主和属组为test,且设定的用户和组必须已经存在
- backup=yes:如果源目录下有同名的文件,则将该文件备份后再拷贝过去
注意:dest路径的写法,若是不存在的目录,结尾要加斜线(/server/scripts/),否则默认不会创建目标目录。
- 直接向被控端的文件添加内容
[root@m01 ~]# ansible test -m copy -a "content='test\n' dest=/tmp/test.txt mode=600 owner=test group=test backup=yes" 172.16.1.8 | SUCCESS => { "changed": true, "checksum": "2da56cf055c5967072d0d14b3289358702a09693", "dest": "/tmp/test.txt", "gid": 500, "group": "test", "md5sum": "dece2039fc7eb6703d58cd2ebd252c15", "mode": "0600", "owner": "test", "size": 16, "src": "/root/.ansible/tmp/ansible-tmp-1504768245.3-175979924453302/source", "state": "file", "uid": 500 } 172.16.1.31 | SUCCESS => { "changed": true, "checksum": "2da56cf055c5967072d0d14b3289358702a09693", "dest": "/tmp/test.txt", "gid": 500, "group": "test", "md5sum": "dece2039fc7eb6703d58cd2ebd252c15", "mode": "0600", "owner": "test", "size": 16, "src": "/root/.ansible/tmp/ansible-tmp-1504768245.35-218174756177240/source", "state": "file", "uid": 500 } 172.16.1.41 | SUCCESS => { "changed": true, "checksum": "2da56cf055c5967072d0d14b3289358702a09693", "dest": "/tmp/test.txt", "gid": 500, "group": "test", "md5sum": "dece2039fc7eb6703d58cd2ebd252c15", "mode": "0600", "owner": "test", "size": 16, "src": "/root/.ansible/tmp/ansible-tmp-1504768245.32-181864009853964/source", "state": "file", "uid": 500 } [root@backup ~]# cat /tmp/test.txt test
- 命令说明:
- content='test\n':追加的内容
- dest=/tmp/test.txt:要追加文件名,如果不存在则直接创建该文件
提示:
1、copy模块,如果复制的对方主机路径下没有目录,那么会递归创建
2、ansible的部分模块不支持
1)管道符 “|”
2)重定向 “> < >> <<”
3)类似top,tail -f这种不能即刻返回明确信息的命令
4)*
- 使用remote_src=yes参数在远程主机拷贝目录时会报错
[root@m02 ~]# ansible m02 -m copy -a "src=/root/test dest=/temp/ remote_src=yes" 172.16.1.12 | FAILED! => { "changed": false, "failed": true, "msg": "Remote copy does not support recursive copy of directory: /root/test" }
1.3 shell模块
1.3.1 shell常用参数信息表
选项参数 | 选项说明 |
chdir | 执行shell指定的命令前切换到chdir指定的目录 |
creates | 一个文件名字,当它已经存在时,这一步将不会执行 |
removes | 一个文件名字,当它不存在时,这一步将不会执行 |
- 调用shell模块执行命令
[root@m01 ~]# ansible test -m shell -a "cat /etc/hosts > /tmp/test.txt" 172.16.1.41 | SUCCESS | rc=0 >> 172.16.1.31 | SUCCESS | rc=0 >> 172.16.1.8 | SUCCESS | rc=0 >> [root@backup ~]# cat /tmp/test.txt 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 backup ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 backup 172.16.1.5 lb01 172.16.1.6 lb02 172.16.1.7 web02 172.16.1.8 web01 172.16.1.9 web03 172.16.1.51 db01 db01.etiantian.org 172.16.1.31 nfs01 172.16.1.41 backup 172.16.1.61 m01
- 调用shell模块远程执行脚本
[root@m01 ~]# cat /server/scripts/yum.sh #!/bin/bash yum install -y htop [root@m01 ~]# ansible test -m copy -a "src=/server/scripts/yum.sh dest=/server/scripts/ backup=yes" 172.16.1.41 | SUCCESS => { "changed": true, "checksum": "a0a346d61d513cc0a77e7a269a1269f47b5a1b11", "dest": "/server/scripts/yum.sh", "gid": 0, "group": "root", "md5sum": "e69c76a6befb2281dcc294c3ea2a59cf", "mode": "0644", "owner": "root", "size": 33, "src": "/root/.ansible/tmp/ansible-tmp-1504769465.16-19688128569582/source", "state": "file", "uid": 0 } 172.16.1.8 | SUCCESS => { "changed": true, "checksum": "a0a346d61d513cc0a77e7a269a1269f47b5a1b11", "dest": "/server/scripts/yum.sh", "gid": 0, "group": "root", "md5sum": "e69c76a6befb2281dcc294c3ea2a59cf", "mode": "0644", "owner": "root", "size": 33, "src": "/root/.ansible/tmp/ansible-tmp-1504769465.14-157928759677414/source", "state": "file", "uid": 0 } 172.16.1.31 | SUCCESS => { "changed": true, "checksum": "a0a346d61d513cc0a77e7a269a1269f47b5a1b11", "dest": "/server/scripts/yum.sh", "gid": 0, "group": "root", "md5sum": "e69c76a6befb2281dcc294c3ea2a59cf", "mode": "0644", "owner": "root", "size": 33, "src": "/root/.ansible/tmp/ansible-tmp-1504769465.15-277374574050129/source", "state": "file", "uid": 0 } [root@m01 ~]# ansible 172.16.1.31 -m shell -a "/bin/sh /server/scripts/yum.sh" 172.16.1.31 | SUCCESS | rc=0 >> Loaded plugins: fastestmirror, security Setting up Install Process Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * epel: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package htop.x86_64 0:1.0.3-1.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: htop x86_64 1.0.3-1.el6 epel 83 k Transaction Summary ================================================================================ Install 1 Package(s) Total download size: 83 k Installed size: 178 k Downloading Packages: Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : htop-1.0.3-1.el6.x86_64 1/1 Verifying : htop-1.0.3-1.el6.x86_64 1/1 Installed: htop.x86_64 0:1.0.3-1.el6 Complete!
1.4 script模块
1.4.1 script常用参数信息表
选项参数 | 选项说明 |
chdir | 执行script指定的命令前切换到chdir指定的目录 |
creates | 一个文件名字,当它已经存在时,这一步将不会执行 |
removes | 一个文件名字,当它不存在时,这一步将不会执行 |
- 远程直接执行脚本
[root@m01 ~]# cat /server/scripts/w.sh #!/bin/bash w [root@m01 ~]# ansible test -m script -a "/server/scripts/w.sh" 172.16.1.8 | SUCCESS => { "changed": true, "rc": 0, "stderr": "Shared connection to 172.16.1.8 closed.\r\n", "stdout": " 15:37:43 up 2 days, 4:52, 1 user, load average: 0.00, 0.00, 0.00\r\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT\r\nroot pts/0 172.16.1.61 15:37 0.00s 0.00s 0.00s /bin/sh -c /ro\r\n", "stdout_lines": [ " 15:37:43 up 2 days, 4:52, 1 user, load average: 0.00, 0.00, 0.00", "USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT", "root pts/0 172.16.1.61 15:37 0.00s 0.00s 0.00s /bin/sh -c /ro" ] } 172.16.1.41 | SUCCESS => { "changed": true, "rc": 0, "stderr": "Shared connection to 172.16.1.41 closed.\r\n", "stdout": " 15:37:43 up 3 days, 15:45, 2 users, load average: 0.00, 0.00, 0.00\r\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT\r\nroot pts/0 10.0.0.253 13:11 6:56 0.31s 0.31s -bash\r\nroot pts/1 172.16.1.61 15:37 0.00s 0.00s 0.00s /bin/sh -c /ro\r\n", "stdout_lines": [ " 15:37:43 up 3 days, 15:45, 2 users, load average: 0.00, 0.00, 0.00", "USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT", "root pts/0 10.0.0.253 13:11 6:56 0.31s 0.31s -bash", "root pts/1 172.16.1.61 15:37 0.00s 0.00s 0.00s /bin/sh -c /ro" ] } 172.16.1.31 | SUCCESS => { "changed": true, "rc": 0, "stderr": "Shared connection to 172.16.1.31 closed.\r\n", "stdout": " 15:37:43 up 7:23, 1 user, load average: 0.00, 0.00, 0.00\r\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT\r\nroot pts/0 172.16.1.61 15:37 0.00s 0.00s 0.00s /bin/sh -c /ro\r\n", "stdout_lines": [ " 15:37:43 up 7:23, 1 user, load average: 0.00, 0.00, 0.00", "USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT", "root pts/0 172.16.1.61 15:37 0.00s 0.00s 0.00s /bin/sh -c /ro" ] }
- shell模块和script模块区别:
- shell:需要将脚本文件复制到远程服务端,然后执行远程服务器的脚本
- script:不需要将脚本文件复制到远程服务端,实质就是将脚本执行过程在远程服务器上执行
1.5 yum模块
1.5.1 yum常用参数信息表
选项参数 | 选项说明 |
name | yum安装的软件名称 |
state | 指定安装(present/installed/latest)或移除(absent/removed)软件 |
- 批量安装namp软件
[root@m01 ~]# ansible test -m yum -a "name=nmap state=installed" 172.16.1.41 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "nmap-2:5.51-6.el6.x86_64 providing nmap is already installed" ] } 172.16.1.31 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "nmap-2:5.51-6.el6.x86_64 providing nmap is already installed" ] } 172.16.1.8 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "nmap-2:5.51-6.el6.x86_64 providing nmap is already installed" ] }
- 命令说明:
- name=nmap:安装的软件名称
- state=installed:执行安装操作,若已经安装则不再执行安装
1.6 service模块
1.6.1 service常用参数信息表
选项参数 | 选项说明 |
arguments | 通过命令行指定额外的参数 |
enabled | 指定服务是否开机自启动 |
name | 指定要管理的服务名称 |
runlevel | 设置在什么运行级别上自启动 |
sleep | 如果服务重启,设置停止和启动之间的睡眠时间 |
state | 指定服务的启动方式:启动(started)、停止(stopped)、重启(restarted)、平滑重启(reloaded) |
- 通过service模块管理软件服务
[root@m01 ~]# ansible test -m service -a "name=crond state=stopped enabled=yes" 172.16.1.31 | SUCCESS => { "changed": true, "enabled": true, "name": "crond", "state": "stopped" } 172.16.1.8 | SUCCESS => { "changed": true, "enabled": true, "name": "crond", "state": "stopped" } 172.16.1.41 | SUCCESS => { "changed": true, "enabled": true, "name": "crond", "state": "stopped" } [root@backup ~]# service crond status crond is stopped [root@backup ~]# chkconfig --list crond crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
- 命令说明:
- name=crond:服务名称
- state=stopped:服务状态:启动:startd,结束:stopped,重启:restartd
- enabled=yes:是否开机自启动:yes:自启动,no:不自启动
1.7 file模块
1.7.1 ansible设置文件的属性信息表
选项参数 | 选项说明 |
src | 源文件/目录 |
dest | 目的文件/目录 |
force | 需要在两种情况下强制创建软链接:yes或no
1、 源文件不存在,但之后会建立 2、 目标软链接已经存在,需要先取消之前的软链接,然后创建新的软链接 |
group | 定义文件/目录/的属组 |
mode | 定义文件/目录/的权限 |
owner | 定义文件/目录/的属主组 |
path | 必选项,定义文件/目录/的路径 |
recurse | 递归设置文件的属性,只对目录有效 |
state | 1、 directory:如果目录不存在就创建目录
2、 file:即使文件不存在也不会被创建,可以查看文件属性信息用 3、 link:创建软链接 4、 hard:创建硬链接 5、 touch:如果文件不存在则会创建一个新的文件,如果文件或目录已存在则更新其最后的修改时间 6、 absent:删除目录/文件或者取消链接文件 |
- file模块测试
[root@m01 ~]# ansible test -m file -a "src=/etc/hosts dest=/tmp/hosts_link state=link" 172.16.1.31 | SUCCESS => { "changed": true, "dest": "/tmp/hosts_link", "gid": 0, "group": "root", "mode": "0777", "owner": "root", "size": 10, "src": "/etc/hosts", "state": "link", "uid": 0 } 172.16.1.8 | SUCCESS => { "changed": true, "dest": "/tmp/hosts_link", "gid": 0, "group": "root", "mode": "0777", "owner": "root", "size": 10, "src": "/etc/hosts", "state": "link", "uid": 0 } 172.16.1.41 | SUCCESS => { "changed": true, "dest": "/tmp/hosts_link", "gid": 0, "group": "root", "mode": "0777", "owner": "root", "size": 10, "src": "/etc/hosts", "state": "link", "uid": 0 } [root@backup ~]# ll /tmp/hosts_link lrwxrwxrwx 1 root root 10 Sep 7 16:01 /tmp/hosts_link -> /etc/hosts
- 查看文件属性信息
[root@m01 ~]# ansible test -m file -a "path=/tmp/hosts state=file" 172.16.1.41 | SUCCESS => { #查看文件属性信息 "changed": false, "gid": 500, "group": "test", "mode": "0600", "owner": "test", "path": "/tmp/hosts", "size": 371, "state": "file", "uid": 500 } 172.16.1.31 | FAILED! => { #不存在则报错,不创建文件 "changed": false, "failed": true, "msg": "file (/tmp/hosts) is absent, cannot continue", "path": "/tmp/hosts", "state": "absent" } 172.16.1.8 | SUCCESS => { "changed": false, "gid": 500, "group": "test", "mode": "0600", "owner": "test", "path": "/tmp/hosts", "size": 371, "state": "file", "uid": 500 }
1.8 cron模块
1.8.1 系统定时任务编写格式与ansible定时任务对比表
系统定时任务 | ||||||
命令格式 | 编写注释信息 #crontab info | |||||
分 | 时 | 日 | 月 | 周 | 执行操作 | |
命令举例 | */5 | * | * | * | * | /usr/sbin/ntpdate time.nist.gov |
实际条目 | #crond-id-001:time sync
*/5 * * * * /usr/sbin/ntpdate time.nist.gov &>/dev/null |
|||||
ansible定时任务 | ||||||
命令格式 | name定义定时任务注释内容 | |||||
分 | 时 | 日 | 月 | 周 | 执行操作 | |
命令举例 | minute | hour | day | month | weekday | job |
实际条目 | ansible 172.16.1.8 -m cron -a "name='time rsync' minute=*/5 job='/usr/sbin/ntpdate time.nist.gov &>/dev/null'" |
1.8.2 cron模块常用参数信息说明表
模块参数 | 参数描述 |
minute | Minute when the job should run ( 0-59, *, */2, etc )
运行job任务的分钟时间信息(编写方式0-59, *, */2,等) |
hour | Hour when the job should run ( 0-23, *, */2, etc )
运行job任务的小时时间信息(编写方式0-23, *, */2,等) |
day | Day of the month the job should run ( 1-31, *, */2, etc )
运行job任务的日期时间信息(编写方式1-31, *, */2,等) |
month | Month of the year the job should run ( 1-12, *, */2, etc )
运行job任务的月份时间信息(编写方式1-12, *, */2,等) |
weekday | Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc )
运行job任务的星期时间信息(编写方式0-6表示周日到周六, *,等) |
job | The command to execute or, if env is set, the value of environment variable.Required if state=present.
执行相应的命令,如果env被设置,将作为环境变量的值,但前提是state=present 定时任务所要完成的工作 |
name | Description of a crontab entry or, if env is set, the name of environment variable. Required if state=absent. Note that if name is not set and state=present, then a new crontab entry will always be created, regardless of existing ones.
定时任务条目的描述信息,如果env被设定了,描述信息将为环境变量信息,前提示定时任务状态为关闭状态 注意:如果名称没有被指定并且定时任务状态为开启,那么新的定时任务将总被创建,不管这个定时任务是否存在 设定是任务描述信息,如果不设定会创建默认描述,但默认描述任务会重复创建多个,不会去重 |
stat | Whether to ensure the job or environment variable is present or absent.
确认job或环境变量时开启或是关闭,即创建定时任务或删除定时任务 |
disabled | If the job should be disabled (commented out) in the crontab. Only has effect if state=present
如果job应该关闭(被注释掉),只能影响开启状态的定时任务条目 |
user | The specific user whose crontab should be modified.
指定修改与编写定时任务的用户信息 |
- 创建定时任务
[root@m01 ~]# ansible test -m cron -a "name=test minute=*/5 job='/usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1'" 172.16.1.8 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "test" ] } 172.16.1.31 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "test" ] } 172.16.1.41 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "test" ] } [root@backup ~]# crontab -l #crond-id-001:time sync by test #若有相同的定时任务则会覆盖 #Ansible: test */5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1
说明:如果利用ansible进行批量管理设置定时任务时如果和原有手工设置的定时任务一致,手工设置的任务会被ansible定时任务覆盖掉。
- 注释定时任务
[root@m01 ~]# ansible test -m cron -a "name=test minute=*/5 job='/usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1' disabled=yes" 172.16.1.8 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "test" ] } 172.16.1.41 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "test" ] } 172.16.1.31 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "test" ] } [root@backup ~]# crontab -l #crond-id-001:time sync by test #Ansible: test #*/5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1
- 删除定时任务
[root@m01 ~]# ansible test -m cron -a "name=test minute=*/5 job='/usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1' state=absent" #慎用 172.16.1.41 | SUCCESS => { "changed": true, "envs": [], "jobs": [] } 172.16.1.8 | SUCCESS => { "changed": true, "envs": [], "jobs": [] } 172.16.1.31 | SUCCESS => { "changed": true, "envs": [], "jobs": [] } [root@backup ~]# crontab -l #crond-id-001:time sync by test
1.9 rsnchronize模块
1.9.1 rsnchronize常用参数信息表
模块参数 | 参数描述 |
src | rsync同步时的源主机路径,可以是绝对路径或相对路径 |
dest | rsync同步时的目的主机路径,可以是绝对路径或相对路径 |
delete | rsync无差异同步参数,使用此参数时需指定recursive=yes,默认值是no |
recursive | 对目录进行递归操作,默认值是no |
mode | 指定rsync推(push)拉(pull)模式,默认值是push |
copy_links | 同步符号链接指向的实际文件/目录,而不是符号链接,默认值是no |
注意:同步的源主机和目的主机不能同时都是远程主机,且要同步的本地路径必须存在。
- yum源同步示例
[root@m02 ~]# ansible yum -m synchronize -a "src=rsync://mirrors.ustc.edu.cn/centos/6/os/x86_64 /RELEASE-NOTES-en-US.html dest=/yum/centos/6/os/x86_64/ mode=pull" 172.16.1.13 | SUCCESS => { "changed": true, "cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --out-format=<<CHANGED>>%i %n%L rsync://mirrors.ustc.edu.cn/centos/6/os/x86_64/RELEASE-NOTES-en-US.html /yum/centos/6/os/x86_64/", "msg": " _______________________________________________________________\n| University of Science and Technology of China |\n| Open Source Mirror (mirrors.ustc.edu.cn) |\n|===============================================================|\n| |\n| Debian primary mirror in China mainland (ftp.cn.debian.org), |\n| also mirroring a great many OSS projects & Linux distros. |\n| |\n| Currently we don't limit speed. To prevent overload, Each IP |\n| is only allowed to start upto 2 concurrent rsync connections. |\n| |\n| This site also provides http/https/ftp access. |\n| |\n| Supported by USTC Network Information Center |\n| and USTC Linux User Group (http://lug.ustc.edu.cn/). |\n| |\n| Sync Status: https://mirrors.ustc.edu.cn/status/ |\n| News: https://servers.ustclug.org/ |\n| Contact: [email protected] |\n| |\n|_______________________________________________________________|\n\n\n>f+++++++++ RELEASE-NOTES-en-US.html\n", "rc": 0, "stdout_lines": [ " _______________________________________________________________", "| University of Science and Technology of China |", "| Open Source Mirror (mirrors.ustc.edu.cn) |", "|===============================================================|", "| |", "| Debian primary mirror in China mainland (ftp.cn.debian.org), |", "| also mirroring a great many OSS projects & Linux distros. |", "| |", "| Currently we don't limit speed. To prevent overload, Each IP |", "| is only allowed to start upto 2 concurrent rsync connections. |", "| |", "| This site also provides http/https/ftp access. |", "| |", "| Supported by USTC Network Information Center |", "| and USTC Linux User Group (http://lug.ustc.edu.cn/). |", "| |", "| Sync Status: https://mirrors.ustc.edu.cn/status/ |", "| News: https://servers.ustclug.org/ |", "| Contact: [email protected] |", "| |", "|_______________________________________________________________|", ">f+++++++++ RELEASE-NOTES-en-US.html" ] }
1.10 user模块
1.10.1 user常用参数信息表
模块参数 | 参数描述 |
createhome | 是否创建用户的家目录,默认值是yes |
force | 当使用state=absent参数时,相当于userdel --force命令,默认值是no |
remove | 当使用state=absent参数时,相当于userdel --remove命令,默认值是no |
group | 指定新增用户的属组,组名必须已经存在 |
groups | 指定用户属组的组列表(多个组),如果设置的是空值("groups="),此时用户将从除主组外的其他组移出 |
home | 指定用户的家目录 |
move_home | 当使用了home参数后且move_home的值为yes时,如果旧的用户家目录和home指定的新路径不同,则会改变用户家目录为home指定的新目录 |
name | 指定要添加、删除、修改的用户名 |
password | 设置用户的密码。(注:此时设置的字符串为加密后的密码,不是登录密码) |
shell | 指定用户使用的shell类型 |
state | 设置添加/修改用户(present)或者删除用户(absent),默认值是present |
system | 当创建了一个账户后,通过设置值为yes来标识这个账户是系统账户,这个参数不能设置不存在的用户账户,默认值是no |
uid | 指定用户的UID值 |
update_password(1.3版本+) | 值为always时如果密码不同将会更新成新的密码,值为no_create时将会只给新增的用户创建密码,默认值是always |
- 创建服务的虚拟用户
[root@m02 ~]# ansible m02 -m user -a "name=nginx createhome=no shell=/sbin/nologin" 172.16.1.12 | SUCCESS => { "append": false, "changed": true, "comment": "", "group": 501, "home": "/home/nginx", "move_home": false, "name": "nginx", "shell": "/sbin/nologin", "state": "present", "uid": 501 }
- 创建普通用户
[root@m02 ~]# ansible m02 -m user -a "name=liyang password=123456" # 无法使用123456的密码登录用户 172.16.1.12 | SUCCESS => { "changed": true, "comment": "", "createhome": true, "group": 504, "home": "/home/liyang", "name": "liyang", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 504 }
1.11 unarchive模块
1.11.1 unarchive常用参数信息表
模块参数 | 参数描述 |
copy | 如果值为yes,文件将从本地解压后拷贝到目标主机上,否则将在目标主机上寻找源压缩包文件,这个参数已经被remote_src参数代替并且和remote_src参数互斥,默认值是yes |
creates | 一个文件名称,当它已经存在时,这一步将不会运行 |
dest | 指定解压后文件在远程主机上的绝对路径 |
mode | 指定解压后文件/目录的权限 |
owner | 指定解压后文件/目录的属主 |
group | 指定解压后文件/目录的属组 |
remote_src | 值为yes时表示压缩包文件在远程主机上,和copy参数互斥,默认值是no |
src | 如果remote_src=no(默认值),文件在src指定的本地路径下解压后复制到目标主机(可以是绝对路径或相对路径);如果remote_src=no,文件会在src指定的目标主机的路径下进行解压文件
如果remote_src=yes并且src的值中包含://,远程主机会先从指定的URL下载文件,这只适合简单的情况,如果想使用完整的下载功能可以使用get_url模块 |
- 将本地压缩包文件解压后拷贝到远程主机上
[root@m02 ~]# ansible m01 -m unarchive -a "src=tools/memadmin-1.0.12.tar.gz dest=/root/" 172.16.1.11 | SUCCESS => { "changed": true, "dest": "/root/", "extract_results": { "cmd": [ "/bin/gtar", "--extract", "-C", "/root/", "-z", "-f", "/root/.ansible/tmp/ansible-tmp-1506655236.93-74981415677354/source" ], "err": "", "out": "", "rc": 0 }, "gid": 0, "group": "root", "handler": "TgzArchive", "mode": "0550", "owner": "root", "size": 4096, "src": "/root/.ansible/tmp/ansible-tmp-1506655236.93-74981415677354/source", "state": "directory", "uid": 0 }
1.12 make模块
1.12.1 make常用参数信息表
模块参数 | 参数描述 |
chdir | 运行make命令前切换到指定的目录中 |
params | 编译文件时额外指定的编译参数 |
- 编译软件
[root@m02 ~]# ansible m01 -m make -a " chdir=/server/tools/nginx-1.10.3"
- 使用剧本时完整的配置编译安装过程
- name: configure nginx command: 'chdir={{softwareDir}}nginx-1.10.3 {{ item }}' with_items: - ./configure --prefix=/usr/local/nginx-1.10.3 --user={{webUser}} --group={{webUser}} --with-http_stub_status_module --with-http_ssl_module - name: make nginx make: chdir={{softwareDir}}nginx-1.10.3 - name: make install nginx command: chdir={{softwareDir}}nginx-1.10.3 make install
1.13 lineinfile模块
1.13.1 lineinfile常用参数信息表
模块参数 | 参数描述 |
backup | 指定更改文件之前是否对文件做备份,默认值是no |
backrefs | backrefs为no时,如果没有匹配,则添加一行line;如果匹配了,则把匹配内容替被换为line内容
backrefs为yes时,如果没有匹配,则文件保持不变;如果匹配了,把匹配内容替被换为line内容 |
create | 使用state=present参数时,如果指定值为yes,则文件如果不存在会自动创建新文件,否则如果文件不存在会运行失败,默认值是no |
insertafter | 使用state=present参数时,指定的行会被插入到文件中被regep正则表达式匹配的最后一行(如果有多行被匹配的时候)之后;如果指定的值是EOF或没有匹配到正则表达式内容的时候,则指定的行会被插入到文件最后 |
insertbefore | 使用state=present参数时,指定的行会被插入到文件中被regep正则表达式匹配的最后一行(如果有多行被匹配的时候)之前;如果指定的值是EOF,则指定的行会被插入到文件最前面;如果没有匹配到正则表达式内容的时候,则指定的行会被插入到文件最后 |
line | 指定要插入或替换的行信息 |
mode | 指定修改文件/目录的权限 |
owner | 指定修改文件/目录的属主 |
group | 指定修改文件/目录的属组 |
path | 指定要修改的文件,别名:dest、destfile、name |
regexp | 指定要匹配内容的正则表达式 |
state | 设置添加/修改文件内容(present)或者删除文件内容(absent),默认值是present |
- 修改配置文件内容
[root@m02 ~]# ansible m01 -m lineinfile -a "dest=/etc/ppp/ip-up regexp='ifconfig ppp0 mtu 1472' insertbefore='^exit 0' line='ifconfig ppp0 mtu 1472\n' backup=yes" 172.16.1.11 | SUCCESS => { "backup": "", "changed": false, "msg": "" }
1.14 mount模块
1.14.1 mount常用参数信息表
模块参数 | 参数描述 |
boot | 指定是否在开机时自动挂载,默认为yes |
fstype | 指定挂载磁盘的文件系统类型,state必须为present或mounted |
opts | 指定挂载时的参数信息 |
path | 指定挂载点,别名:name |
src | 指定要挂载的路径信息,state必须为present或mounted |
state | 如果指定值为mounted,设备会被挂载并且添加到磁盘挂载文件fstab中,如果指定的挂载点路径不存在,则会自动创建挂载点路径;
如果指定值为unmounted,设备会被卸载,不改变fstab文件; absent和present值只适用于fstab文件,不会影响当前的挂载情况,如果指定的值为absent,则将会删除挂载点路径 |
- 挂载磁盘
[root@m02 ~]# ansible m01 -m mount -a "src=172.16.1.31:/data/blog path=/usr/local/nginx/html/blog/ wp-content/uploads/ fstype=nfs state=mounted"
1.15 sysctl模块
1.15.1 sysctl常用参数信息表
模块参数 | 参数描述 |
ignoreerrors | 忽略由于未知的键值产生的错误,默认值为no |
name | 指定内核参数的名称 |
reload | 指定更改完/etc/sysctl.conf文件后是否重载,相当于sysctl -p,默认值为yes |
state | 指定添加/修改(present)内核参数或者删除内核参数(absent),默认值为present |
sysctl_file | 指定内核信息文件,默认为/etc/sysctl.conf |
value | 指定内核参数的值,别名:val |
- 开启内核转发功能
[root@m02 ~]# ansible m01 -m sysctl -a "name=net.ipv4.ip_forward value=1 sysctl_set=yes ignoreerrors=yes" 172.16.1.11 | SUCCESS => { "changed": false }
- 使内核支持虚拟IP
[root@m02 ~]# ansible m01 -m sysctl -a "name=net.ipv4.ip_nonlocal_bind value=1 sysctl_set=yes ignoreerrors=yes" 172.16.1.11 | SUCCESS => { "changed": true }
1.16 modprobe模块
1.16.1 modprobe常用参数信息表
模块参数 | 参数描述 |
name | 指定要加载的内核名称 |
params | 指定加载的内核模块参数 |
state | 指定添加/修改(present)内核模块或者删除内核模块(absent),默认值为present |
- 添加iptable_nat内核模块
[root@m02 ~]# ansible m01 -m modprobe -a "name=iptable_nat" 172.16.1.11 | SUCCESS => { "changed": true, "failed": false, "name": "iptable_nat", "params": "", "state": "present" }
1.17 iptables模块
1.17.1 iptables常用参数信息表
模块参数 | 参数描述 |
chain | 指定防火墙的链状态:'INPUT', 'FORWARD', 'OUTPUT', 'PREROUTING', 'POSTROUTING', 'SECMARK', 'CONNSECMARK' |
ctstate | 匹配conntrack模块的连接状态的表:'INVALID', 'NEW', 'ESTABLISHED', 'RELATED', 'UNTRACKED', 'SNAT', 'DNAT' |
destination | 指定目的地址,地址信息可以是网络名称、主机名称、网络IP地址或普通IP地址 |
destination_port | 指定目的地址端口号 |
flush | 刷新防火墙规则和相应的表 |
jump | 跳转规则 |
source | 源IP地址 |
state | 指定添加/修改(present)防火墙信息或者删除防火墙信息(absent),默认值为present |
table | filter
nat mangle raw security |
- 开启防火墙NAT地址转换
[root@m02 ~]# ansible m01 -m iptables -a "table=nat chain=POSTROUTING source=172.16.1.0/24 jump=MASQUERADE" 172.16.1.11 | SUCCESS => { "chain": "POSTROUTING", "changed": true, "failed": false, "flush": false, "ip_version": "ipv4", "rule": "-s 172.16.1.0/24 -j MASQUERADE", "state": "present", "table": "nat" }
1.18 debug模块
1.18.1 debug常用参数信息表
模块参数 | 参数描述 |
msg | 自定义打印的信息,如果忽略则打印一条通用信息 |
var | 调试的变量名称,与msg参数互斥 |
verbosity | 指定调试信息打印的完整程度级别,如果指定为3,则相当于-vvv或以上级别 |
- 打印IP地址信息
[root@m02 ~]# ansible m01 -m debug -a "var=ansible_all_ipv4_addresses"
第2章 Ansible的帮助信息
1.1 查看所有的模块:ansible-doc -l
[root@m01 ~]# ansible-doc -l | wc -l 1039 [root@m01 ~]# ansible-doc -l a10_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devic... a10_server_axapi3 Manage A10 Networks AX/SoftAX/Thunder/vThunder devic... a10_service_group Manage A10 Networks AX/SoftAX/Thunder/vThunder devic... a10_virtual_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devic... accelerate Enable accelerated mode on remote node acl Sets and retrieves file ACL information. add_host add a host (and alternatively a group) to the ansibl... airbrake_deployment Notify airbrake about app deployments aix_inittab Manages the inittab on AIX. alternatives Manages alternative programs for common commands aos_asn_pool Manage AOS ASN Pool aos_blueprint Manage AOS blueprint instance aos_blueprint_param Manage AOS blueprint parameter values aos_blueprint_virtnet Manage AOS blueprint parameter values aos_device Manage Devices on AOS Server aos_external_router Manage AOS External Router aos_ip_pool Manage AOS IP Pool aos_logical_device Manage AOS Logical Device ...省略...
注意:CentOS6.8使用ansible-doc -l会报错,解决办法:
sed -i 's@#deprecation_warnings=True@deprecation_warnings=False@g' /etc/ansible/ansible.cfg
mv /sur/lib/python2.6/sit-packages/ansible/modules/extras/cloud/misc/rhevm.py /tmp/
1.2 查看指定模块用法:ansible-doc -s 模块
[root@m01 ~]# ansible-doc -s command - name: Executes a command on a remote node action: command chdir # cd into this directory before running the command creates # a filename or (since 2.0) glob pattern, when it already exists, this step will *not* be run. executable # change the shell used to execute the command. Should be an absolute path to the executable. free_form= # the command module takes a free form command to run. There is no parameter actually named 'free form'. See the examples! removes # a filename or (since 2.0) glob pattern, when it does not exist, this step will *not* be run. warn # if command warnings are on in ansible.cfg, do not warn about this particular line if set ...省略...
1.3 ansible官方手册
