ansible常用模块及配置(二)

第1章 ansible常用模块

模块名 作用
command(重要) 执行命令模块,ansible命令执行默认模块
copy(重要) 文件拷贝模块,把本地文件发送到远端
shell(重要) 执行shell脚本模块
script(重要) 执行shell脚本模块,脚本不需要上传到客户端
yum yum软件包安装管理模块
service 系统服务管理模块
file 设定文件属性模块
cron 计划任务管理模块
synchronize 使用rsync同步文件模块
user 用户管理模块
unarchive 压缩、解压缩模块
make 编译模块
lineinfile 文件修改模块
mount 挂载模块
sysctl 内核参数管理模块
modprobe 内核模块管理模块
iptables 防火墙管理模块
debug 调试模块
  • ansible命令输出信息中颜色的意义:
  1. 绿色表示查询,或者没有发生任何改变时
  2. 红色表示执行命令操作出现异常
  3. 黄色表示执行命令后,对受控主机产生了影响,发生了配置改变

1.1 command模块

command模块作为默认模块,在不指定使用的模块时即是采用command模块。

1.1.1 command常用参数信息表

选项参数 选项说明
chdir 执行command指定的命令前切换到chdir指定的目录
creates 一个文件名字或全局模式,当它已经存在时,这一步将不会执行
removes 一个文件名字或全局模式,当它不存在时,这一步将不会执行
  • 执行ping命令,测试主机是否已经连通
[root@m01 ~]# ansible test -m ping
172.16.1.31 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
172.16.1.41 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
172.16.1.8 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
  • 命令说明:
  1. 简单的测试模块,这个模块在成功连接时总是返回”pong”,在剧本中没有意义,但是能够使用ansible命令验证登录能力和用于python的配置。
  2. 这个并不是传统的ICMP ping,而是先检查能否通过ssh登录节点,再检查python版本能否满足要求,能满足要求再返回pong。
  • 获取所有主机的w信息
[root@m01 ~]# ansible all -m command -a "w"
172.16.1.31 | SUCCESS | rc=0 >>
 14:26:32 up  6:11,  1 user,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    172.16.1.61      14:26    0.00s  0.10s  0.00s /bin/sh -c /usr

172.16.1.8 | SUCCESS | rc=0 >>
 14:26:32 up 2 days,  3:41,  1 user,  load average: 0.02, 0.01, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    172.16.1.61      14:26    0.00s  0.10s  0.00s /bin/sh -c /usr

172.16.1.41 | SUCCESS | rc=0 >>
 14:26:32 up 3 days, 14:34,  2 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    10.0.0.253       13:11    1:06m  0.20s  0.20s -bash
root     pts/1    172.16.1.61      14:26    0.00s  0.08s  0.00s /bin/sh -c /usr
  • 命令说明:
  1. all:代表所有主机
  2. -m command:使用命令模块
  3. -a “w”:执行w命令

1.2 copy模块

1.2.1 copy常用参数信息表

选项参数 选项说明
backup 在覆盖远端服务器文件之前,将远端服务器源文件备份,备份文件包含时间信息,有两个选项:yes或no
content 用于替代”src”,可以直接设定指定文件的内容,等价于echo
dest 复制的目标目录或文件,如果不存在则直接创建目录,若最后为文件名且和源文件的文件名不同,则源文件复制更名为新的文件名
directory_mode 递归设定目录的权限,默认为系统默认权限
force 如果目标主机包含该文件,但内容不同,如果设置为yes,则强制覆盖,如果为no,则只有当目标主机的目标位置不存在该文件时才复制,默认为yes
others 所有的file模块里的选项都可以在这里使用
src 被复制到远程主机的本地文件,可以是绝对路径或相对路径,如果路径是一个目录,则将会递归复制。这种情况下,如果路径使用”/”来结尾,则只复制目录里的内容,否则将整个目录复制过去,类似于rsync
mode 设置远程拷贝文件后文件的属性,如mode=0644
owner 设置远程拷贝文件/目录后,文件/目录的属主,同chown
group 设置远程拷贝文件/目录后,文件/目录的属组,同chown
remote_src

(2.0版本+)

如果是no,则src使用的是本地主机文件/目录的路径;如果是yes,则src使用的是远程主机的文件/目录路径(此时copy不能递归拷贝远程主机的目录)。默认是no
  • 复制文件到被控端
[root@m01 ~]# ansible test -m copy -a "src=/etc/hosts dest=/tmp/a/b/c/ mode=0644 owner=test group=test backup=yes "
172.16.1.41 | SUCCESS => {
    "changed": true,
    "checksum": "545f587595b5c60d66243fca48e052ed34eed782",
    "dest": "/tmp/a/b/c/hosts",
    "gid": 500,
    "group": "test",
    "md5sum": "fe08440ffebed54cab7a9b4cb3c3beda",
    "mode": "0644",
    "owner": "test",
    "size": 371,
    "src": "/root/.ansible/tmp/ansible-tmp-1504766308.84-256601164662636/source",
    "state": "file",
    "uid": 500
}
172.16.1.8 | SUCCESS => {
    "changed": true,
    "checksum": "545f587595b5c60d66243fca48e052ed34eed782",
    "dest": "/tmp/a/b/c/hosts",
    "gid": 500,
    "group": "test",
    "md5sum": "fe08440ffebed54cab7a9b4cb3c3beda",
    "mode": "0644",
    "owner": "test",
    "size": 371,
    "src": "/root/.ansible/tmp/ansible-tmp-1504766308.84-23673833853730/source",
    "state": "file",
    "uid": 500
}
172.16.1.31 | SUCCESS => {
    "changed": true,
    "checksum": "545f587595b5c60d66243fca48e052ed34eed782",
    "dest": "/tmp/a/b/c/hosts",
    "gid": 500,
    "group": "test",
    "md5sum": "fe08440ffebed54cab7a9b4cb3c3beda",
    "mode": "0644",
    "owner": "test",
    "size": 371,
    "src": "/root/.ansible/tmp/ansible-tmp-1504766308.83-6065661728339/source",
    "state": "file",
    "uid": 500
}
[root@backup ~]# ll /tmp
total 644
-rw------- 1 test test    371 Sep  7 09:11 hosts
-rw-r--r-- 1 root   root      376 Sep  7 09:03 hosts.37479.2017-09-07@09:11:17~
  • 命令说明:
  1. test:名为test的主机组
  2. -m copy:使用ansible的copy模块
  3. src=/etc/hosts:远程拷贝的源文件
  4. dest=/tmp/a/b/c/:远程拷贝的目的地址或文件名,
  5. 如果指定的目标目录不存在系统会自动创建,否则源目录会放到目标目录下面去
  6. 如果拷贝的是文件,dest指定的名字和源文件不同,相当于将源文件拷贝过去后重命名为指定的文件名
  7. mode=0644:设定文件的权限为0644
  8. owner=test group=test:设定文件的属主和属组为test,且设定的用户和组必须已经存在
  9. backup=yes:如果源目录下有同名的文件,则将该文件备份后再拷贝过去

注意:dest路径的写法,若是不存在的目录,结尾要加斜线(/server/scripts/),否则默认不会创建目标目录。

  • 直接向被控端的文件添加内容
[root@m01 ~]# ansible test -m copy -a "content='test\n' dest=/tmp/test.txt mode=600 owner=test group=test backup=yes"
172.16.1.8 | SUCCESS => {
    "changed": true,
    "checksum": "2da56cf055c5967072d0d14b3289358702a09693",
    "dest": "/tmp/test.txt",
    "gid": 500,
    "group": "test",
    "md5sum": "dece2039fc7eb6703d58cd2ebd252c15",
    "mode": "0600",
    "owner": "test",
    "size": 16,
    "src": "/root/.ansible/tmp/ansible-tmp-1504768245.3-175979924453302/source",
    "state": "file",
    "uid": 500
}
172.16.1.31 | SUCCESS => {
    "changed": true,
    "checksum": "2da56cf055c5967072d0d14b3289358702a09693",
    "dest": "/tmp/test.txt",
    "gid": 500,
    "group": "test",
    "md5sum": "dece2039fc7eb6703d58cd2ebd252c15",
    "mode": "0600",
    "owner": "test",
    "size": 16,
    "src": "/root/.ansible/tmp/ansible-tmp-1504768245.35-218174756177240/source",
    "state": "file",
    "uid": 500
}
172.16.1.41 | SUCCESS => {
    "changed": true,
    "checksum": "2da56cf055c5967072d0d14b3289358702a09693",
    "dest": "/tmp/test.txt",
    "gid": 500,
    "group": "test",
    "md5sum": "dece2039fc7eb6703d58cd2ebd252c15",
    "mode": "0600",
    "owner": "test",
    "size": 16,
    "src": "/root/.ansible/tmp/ansible-tmp-1504768245.32-181864009853964/source",
    "state": "file",
    "uid": 500
}
[root@backup ~]# cat /tmp/test.txt
test
  • 命令说明:
  1. content=’test\n’:追加的内容
  2. dest=/tmp/test.txt:要追加文件名,如果不存在则直接创建该文件

提示:

1、copy模块,如果复制的对方主机路径下没有目录,那么会递归创建

2、ansible的部分模块不支持

1)管道符 “|”

2)重定向 “> < >> <<”

3)类似top,tail -f这种不能即刻返回明确信息的命令

4)*

  • 使用remote_src=yes参数在远程主机拷贝目录时会报错
[root@m02 ~]# ansible m02 -m copy -a "src=/root/test dest=/temp/ remote_src=yes"
172.16.1.12 | FAILED! => {
    "changed": false,
    "failed": true,
    "msg": "Remote copy does not support recursive copy of directory: /root/test"
}

1.3 shell模块

1.3.1 shell常用参数信息表

选项参数 选项说明
chdir 执行shell指定的命令前切换到chdir指定的目录
creates 一个文件名字,当它已经存在时,这一步将不会执行
removes 一个文件名字,当它不存在时,这一步将不会执行
  • 调用shell模块执行命令
[root@m01 ~]# ansible test -m shell -a "cat /etc/hosts > /tmp/test.txt"
172.16.1.41 | SUCCESS | rc=0 >>

172.16.1.31 | SUCCESS | rc=0 >>

172.16.1.8 | SUCCESS | rc=0 >>

[root@backup ~]# cat /tmp/test.txt
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 backup
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 backup
172.16.1.5      lb01
172.16.1.6      lb02
172.16.1.7      web02
172.16.1.8      web01
172.16.1.9      web03
172.16.1.51     db01 db01.etiantian.org
172.16.1.31     nfs01
172.16.1.41     backup
172.16.1.61     m01
  • 调用shell模块远程执行脚本
[root@m01 ~]# cat /server/scripts/yum.sh
#!/bin/bash

yum install -y htop
[root@m01 ~]# ansible test -m copy -a "src=/server/scripts/yum.sh dest=/server/scripts/ backup=yes"
172.16.1.41 | SUCCESS => {
    "changed": true,
    "checksum": "a0a346d61d513cc0a77e7a269a1269f47b5a1b11",
    "dest": "/server/scripts/yum.sh",
    "gid": 0,
    "group": "root",
    "md5sum": "e69c76a6befb2281dcc294c3ea2a59cf",
    "mode": "0644",
    "owner": "root",
    "size": 33,
    "src": "/root/.ansible/tmp/ansible-tmp-1504769465.16-19688128569582/source",
    "state": "file",
    "uid": 0
}
172.16.1.8 | SUCCESS => {
    "changed": true,
    "checksum": "a0a346d61d513cc0a77e7a269a1269f47b5a1b11",
    "dest": "/server/scripts/yum.sh",
    "gid": 0,
    "group": "root",
    "md5sum": "e69c76a6befb2281dcc294c3ea2a59cf",
    "mode": "0644",
    "owner": "root",
    "size": 33,
    "src": "/root/.ansible/tmp/ansible-tmp-1504769465.14-157928759677414/source",
    "state": "file",
    "uid": 0
}
172.16.1.31 | SUCCESS => {
    "changed": true,
    "checksum": "a0a346d61d513cc0a77e7a269a1269f47b5a1b11",
    "dest": "/server/scripts/yum.sh",
    "gid": 0,
    "group": "root",
    "md5sum": "e69c76a6befb2281dcc294c3ea2a59cf",
    "mode": "0644",
    "owner": "root",
    "size": 33,
    "src": "/root/.ansible/tmp/ansible-tmp-1504769465.15-277374574050129/source",
    "state": "file",
    "uid": 0
}
[root@m01 ~]# ansible 172.16.1.31 -m shell -a "/bin/sh /server/scripts/yum.sh"
172.16.1.31 | SUCCESS | rc=0 >>
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * epel: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package htop.x86_64 0:1.0.3-1.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package         Arch              Version                Repository       Size
================================================================================
Installing:
 htop            x86_64            1.0.3-1.el6            epel             83 k

Transaction Summary
================================================================================
Install       1 Package(s)

Total download size: 83 k
Installed size: 178 k
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : htop-1.0.3-1.el6.x86_64                                      1/1
  Verifying  : htop-1.0.3-1.el6.x86_64                                      1/1

Installed:
  htop.x86_64 0:1.0.3-1.el6                                                    

Complete!

1.4 script模块

1.4.1 script常用参数信息表

选项参数 选项说明
chdir 执行script指定的命令前切换到chdir指定的目录
creates 一个文件名字,当它已经存在时,这一步将不会执行
removes 一个文件名字,当它不存在时,这一步将不会执行
  • 远程直接执行脚本
[root@m01 ~]# cat /server/scripts/w.sh
#!/bin/bash

w
[root@m01 ~]# ansible test -m script -a "/server/scripts/w.sh"
172.16.1.8 | SUCCESS => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 172.16.1.8 closed.\r\n",
    "stdout": " 15:37:43 up 2 days,  4:52,  1 user,  load average: 0.00, 0.00, 0.00\r\nUSER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT\r\nroot     pts/0    172.16.1.61      15:37    0.00s  0.00s  0.00s /bin/sh -c  /ro\r\n",
    "stdout_lines": [
        " 15:37:43 up 2 days,  4:52,  1 user,  load average: 0.00, 0.00, 0.00",
        "USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT",
        "root     pts/0    172.16.1.61      15:37    0.00s  0.00s  0.00s /bin/sh -c  /ro"
    ]
}
172.16.1.41 | SUCCESS => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 172.16.1.41 closed.\r\n",
    "stdout": " 15:37:43 up 3 days, 15:45,  2 users,  load average: 0.00, 0.00, 0.00\r\nUSER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT\r\nroot     pts/0    10.0.0.253       13:11    6:56   0.31s  0.31s -bash\r\nroot     pts/1    172.16.1.61      15:37    0.00s  0.00s  0.00s /bin/sh -c  /ro\r\n",
    "stdout_lines": [
        " 15:37:43 up 3 days, 15:45,  2 users,  load average: 0.00, 0.00, 0.00",
        "USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT",
        "root     pts/0    10.0.0.253       13:11    6:56   0.31s  0.31s -bash",
        "root     pts/1    172.16.1.61      15:37    0.00s  0.00s  0.00s /bin/sh -c  /ro"
    ]
}
172.16.1.31 | SUCCESS => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 172.16.1.31 closed.\r\n",
    "stdout": " 15:37:43 up  7:23,  1 user,  load average: 0.00, 0.00, 0.00\r\nUSER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT\r\nroot     pts/0    172.16.1.61      15:37    0.00s  0.00s  0.00s /bin/sh -c  /ro\r\n",
    "stdout_lines": [
        " 15:37:43 up  7:23,  1 user,  load average: 0.00, 0.00, 0.00",
        "USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT",
        "root     pts/0    172.16.1.61      15:37    0.00s  0.00s  0.00s /bin/sh -c  /ro"
    ]
}
  • shell模块和script模块区别:
  1. shell:需要将脚本文件复制到远程服务端,然后执行远程服务器的脚本
  2. script:不需要将脚本文件复制到远程服务端,实质就是将脚本执行过程在远程服务器上执行

1.5 yum模块

1.5.1 yum常用参数信息表

选项参数 选项说明
name yum安装的软件名称
state 指定安装(present/installed/latest)或移除(absent/removed)软件
  • 批量安装namp软件
[root@m01 ~]# ansible test -m yum -a "name=nmap state=installed"
172.16.1.41 | SUCCESS => {
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "nmap-2:5.51-6.el6.x86_64 providing nmap is already installed"
    ]
}
172.16.1.31 | SUCCESS => {
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "nmap-2:5.51-6.el6.x86_64 providing nmap is already installed"
    ]
}
172.16.1.8 | SUCCESS => {
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "nmap-2:5.51-6.el6.x86_64 providing nmap is already installed"
    ]
}
  • 命令说明:
  1. name=nmap:安装的软件名称
  2. state=installed:执行安装操作,若已经安装则不再执行安装

1.6 service模块

1.6.1 service常用参数信息表

选项参数 选项说明
arguments 通过命令行指定额外的参数
enabled 指定服务是否开机自启动
name 指定要管理的服务名称
runlevel 设置在什么运行级别上自启动
sleep 如果服务重启,设置停止和启动之间的睡眠时间
state 指定服务的启动方式:启动(started)、停止(stopped)、重启(restarted)、平滑重启(reloaded)
  • 通过service模块管理软件服务
[root@m01 ~]# ansible test -m service -a "name=crond state=stopped enabled=yes"
172.16.1.31 | SUCCESS => {
    "changed": true,
    "enabled": true,
    "name": "crond",
    "state": "stopped"
}
172.16.1.8 | SUCCESS => {
    "changed": true,
    "enabled": true,
    "name": "crond",
    "state": "stopped"
}
172.16.1.41 | SUCCESS => {
    "changed": true,
    "enabled": true,
    "name": "crond",
    "state": "stopped"
}
[root@backup ~]# service crond status
crond is stopped
[root@backup ~]# chkconfig --list crond
crond          0:off   1:off   2:on    3:on    4:on    5:on    6:off
  • 命令说明:
  1. name=crond:服务名称
  2. state=stopped:服务状态:启动:startd,结束:stopped,重启:restartd
  3. enabled=yes:是否开机自启动:yes:自启动,no:不自启动

1.7 file模块

1.7.1 ansible设置文件的属性信息表

选项参数 选项说明
src 源文件/目录
dest 目的文件/目录
force 需要在两种情况下强制创建软链接:yes或no

1、 源文件不存在,但之后会建立

2、 目标软链接已经存在,需要先取消之前的软链接,然后创建新的软链接

group 定义文件/目录/的属组
mode 定义文件/目录/的权限
owner 定义文件/目录/的属主组
path 必选项,定义文件/目录/的路径
recurse 递归设置文件的属性,只对目录有效
state 1、 directory:如果目录不存在就创建目录

2、 file:即使文件不存在也不会被创建,可以查看文件属性信息用

3、 link:创建软链接

4、 hard:创建硬链接

5、 touch:如果文件不存在则会创建一个新的文件,如果文件或目录已存在则更新其最后的修改时间

6、 absent:删除目录/文件或者取消链接文件

  • file模块测试
[root@m01 ~]# ansible test -m file -a "src=/etc/hosts dest=/tmp/hosts_link state=link"
172.16.1.31 | SUCCESS => {
    "changed": true,
    "dest": "/tmp/hosts_link",
    "gid": 0,
    "group": "root",
    "mode": "0777",
    "owner": "root",
    "size": 10,
    "src": "/etc/hosts",
    "state": "link",
    "uid": 0
}
172.16.1.8 | SUCCESS => {
    "changed": true,
    "dest": "/tmp/hosts_link",
    "gid": 0,
    "group": "root",
    "mode": "0777",
    "owner": "root",
    "size": 10,
    "src": "/etc/hosts",
    "state": "link",
    "uid": 0
}
172.16.1.41 | SUCCESS => {
    "changed": true,
    "dest": "/tmp/hosts_link",
    "gid": 0,
    "group": "root",
    "mode": "0777",
    "owner": "root",
    "size": 10,
    "src": "/etc/hosts",
    "state": "link",
    "uid": 0
}
[root@backup ~]# ll /tmp/hosts_link
lrwxrwxrwx 1 root root 10 Sep  7 16:01 /tmp/hosts_link -> /etc/hosts
  • 查看文件属性信息
[root@m01 ~]# ansible test -m file -a "path=/tmp/hosts state=file"
172.16.1.41 | SUCCESS => {          #查看文件属性信息
    "changed": false,
    "gid": 500,
    "group": "test",
    "mode": "0600",
    "owner": "test",
    "path": "/tmp/hosts",
    "size": 371,
    "state": "file",
    "uid": 500
}
172.16.1.31 | FAILED! => {          #不存在则报错,不创建文件
    "changed": false,
    "failed": true,
    "msg": "file (/tmp/hosts) is absent, cannot continue",
    "path": "/tmp/hosts",
    "state": "absent"
}
172.16.1.8 | SUCCESS => {
    "changed": false,
    "gid": 500,
    "group": "test",
    "mode": "0600",
    "owner": "test",
    "path": "/tmp/hosts",
    "size": 371,
    "state": "file",
    "uid": 500
}

1.8 cron模块

1.8.1 系统定时任务编写格式与ansible定时任务对比表

系统定时任务
命令格式 编写注释信息 #crontab info
执行操作
命令举例 */5 * * * * /usr/sbin/ntpdate time.nist.gov
实际条目 #crond-id-001:time sync

*/5 * * * * /usr/sbin/ntpdate time.nist.gov &>/dev/null

ansible定时任务
命令格式 name定义定时任务注释内容
执行操作
命令举例 minute hour day month weekday job
实际条目 ansible 172.16.1.8 -m cron -a “name=’time rsync’ minute=*/5 job=’/usr/sbin/ntpdate time.nist.gov &>/dev/null'”

1.8.2 cron模块常用参数信息说明表

模块参数 参数描述
minute Minute when the job should run ( 0-59, *, */2, etc )

运行job任务的分钟时间信息(编写方式0-59, *, */2,等)

hour Hour when the job should run ( 0-23, *, */2, etc )

运行job任务的小时时间信息(编写方式0-23, *, */2,等)

day Day of the month the job should run ( 1-31, *, */2, etc )

运行job任务的日期时间信息(编写方式1-31, *, */2,等)

month Month of the year the job should run ( 1-12, *, */2, etc )

运行job任务的月份时间信息(编写方式1-12, *, */2,等)

weekday Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc )

运行job任务的星期时间信息(编写方式0-6表示周日到周六, *,等)

job The command to execute or, if env is set, the value of environment variable.Required if state=present.

执行相应的命令,如果env被设置,将作为环境变量的值,但前提是state=present

定时任务所要完成的工作

name Description of a crontab entry or, if env is set, the name of environment variable. Required if state=absent. Note that if name is not set and state=present, then a new crontab entry will always be created, regardless of existing ones.

定时任务条目的描述信息,如果env被设定了,描述信息将为环境变量信息,前提示定时任务状态为关闭状态

注意:如果名称没有被指定并且定时任务状态为开启,那么新的定时任务将总被创建,不管这个定时任务是否存在

设定是任务描述信息,如果不设定会创建默认描述,但默认描述任务会重复创建多个,不会去重

stat Whether to ensure the job or environment variable is present or absent.

确认job或环境变量时开启或是关闭,即创建定时任务或删除定时任务

disabled If the job should be disabled (commented out) in the crontab. Only has effect if state=present

如果job应该关闭(被注释掉),只能影响开启状态的定时任务条目

user The specific user whose crontab should be modified.

指定修改与编写定时任务的用户信息

  • 创建定时任务
[root@m01 ~]# ansible test -m cron -a "name=test minute=*/5 job='/usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1'"
172.16.1.8 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": [
        "test"
    ]
}
172.16.1.31 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": [
        "test"
    ]
}
172.16.1.41 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": [
        "test"
    ]
}
[root@backup ~]# crontab -l
#crond-id-001:time sync by test   #若有相同的定时任务则会覆盖
#Ansible: test
*/5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1

说明:如果利用ansible进行批量管理设置定时任务时如果和原有手工设置的定时任务一致,手工设置的任务会被ansible定时任务覆盖掉。

  • 注释定时任务
[root@m01 ~]# ansible test -m cron -a "name=test minute=*/5 job='/usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1' disabled=yes"
172.16.1.8 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": [
        "test"
    ]
}
172.16.1.41 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": [
        "test"
    ]
}
172.16.1.31 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": [
        "test"
    ]
}
[root@backup ~]# crontab -l
#crond-id-001:time sync by test
#Ansible: test
#*/5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1
  • 删除定时任务
[root@m01 ~]# ansible test -m cron -a "name=test minute=*/5 job='/usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1' state=absent"    #慎用
172.16.1.41 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": []
}
172.16.1.8 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": []
}
172.16.1.31 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": []
}
[root@backup ~]# crontab -l
#crond-id-001:time sync by test

1.9 rsnchronize模块

1.9.1 rsnchronize常用参数信息表

模块参数 参数描述
src rsync同步时的源主机路径,可以是绝对路径或相对路径
dest rsync同步时的目的主机路径,可以是绝对路径或相对路径
delete rsync无差异同步参数,使用此参数时需指定recursive=yes,默认值是no
recursive 对目录进行递归操作,默认值是no
mode 指定rsync推(push)拉(pull)模式,默认值是push
copy_links 同步符号链接指向的实际文件/目录,而不是符号链接,默认值是no

注意:同步的源主机和目的主机不能同时都是远程主机,且要同步的本地路径必须存在。

  • yum源同步示例
[root@m02 ~]# ansible yum -m synchronize -a "src=rsync://mirrors.ustc.edu.cn/centos/6/os/x86_64
/RELEASE-NOTES-en-US.html dest=/yum/centos/6/os/x86_64/ mode=pull"
172.16.1.13 | SUCCESS => {
    "changed": true,
    "cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --out-format=<<CHANGED>>%i %n%L rsync://mirrors.ustc.edu.cn/centos/6/os/x86_64/RELEASE-NOTES-en-US.html /yum/centos/6/os/x86_64/",
    "msg": " _______________________________________________________________\n|         University of Science and Technology of China         |\n|           Open Source Mirror  (mirrors.ustc.edu.cn)           |\n|===============================================================|\n|                                                               |\n| Debian primary mirror in China mainland (ftp.cn.debian.org),  |\n|     also mirroring a great many OSS projects & Linux distros. |\n|                                                               |\n| Currently we don't limit speed. To prevent overload, Each IP  |\n| is only allowed to start upto 2 concurrent rsync connections. |\n|                                                               |\n| This site also provides http/https/ftp access.                |\n|                                                               |\n| Supported by USTC Network Information Center                  |\n|          and USTC Linux User Group (http://lug.ustc.edu.cn/). |\n|                                                               |\n|    Sync Status:  https://mirrors.ustc.edu.cn/status/          |\n|           News:  https://servers.ustclug.org/                 |\n|        Contact:  lug@ustc.edu.cn                              |\n|                                                               |\n|_______________________________________________________________|\n\n\n>f+++++++++ RELEASE-NOTES-en-US.html\n",
    "rc": 0,
    "stdout_lines": [
        " _______________________________________________________________",
        "|         University of Science and Technology of China         |",
        "|           Open Source Mirror  (mirrors.ustc.edu.cn)           |",
        "|===============================================================|",
        "|                                                               |",
        "| Debian primary mirror in China mainland (ftp.cn.debian.org),  |",
        "|     also mirroring a great many OSS projects & Linux distros. |",
        "|                                                               |",
        "| Currently we don't limit speed. To prevent overload, Each IP  |",
        "| is only allowed to start upto 2 concurrent rsync connections. |",
        "|                                                               |",
        "| This site also provides http/https/ftp access.                |",
        "|                                                               |",
        "| Supported by USTC Network Information Center                  |",
        "|          and USTC Linux User Group (http://lug.ustc.edu.cn/). |",
        "|                                                               |",
        "|    Sync Status:  https://mirrors.ustc.edu.cn/status/          |",
        "|           News:  https://servers.ustclug.org/                 |",
        "|        Contact:  lug@ustc.edu.cn                              |",
        "|                                                               |",
        "|_______________________________________________________________|",
        ">f+++++++++ RELEASE-NOTES-en-US.html"
    ]
}

1.10 user模块

1.10.1 user常用参数信息表

模块参数 参数描述
createhome 是否创建用户的家目录,默认值是yes
force 当使用state=absent参数时,相当于userdel –force命令,默认值是no
remove 当使用state=absent参数时,相当于userdel –remove命令,默认值是no
group 指定新增用户的属组,组名必须已经存在
groups 指定用户属组的组列表(多个组),如果设置的是空值(”groups=”),此时用户将从除主组外的其他组移出
home 指定用户的家目录
move_home 当使用了home参数后且move_home的值为yes时,如果旧的用户家目录和home指定的新路径不同,则会改变用户家目录为home指定的新目录
name 指定要添加、删除、修改的用户名
password 设置用户的密码。(注:此时设置的字符串为加密后的密码,不是登录密码)
shell 指定用户使用的shell类型
state 设置添加/修改用户(present)或者删除用户(absent),默认值是present
system 当创建了一个账户后,通过设置值为yes来标识这个账户是系统账户,这个参数不能设置不存在的用户账户,默认值是no
uid 指定用户的UID值
update_password(1.3版本+) 值为always时如果密码不同将会更新成新的密码,值为no_create时将会只给新增的用户创建密码,默认值是always
  • 创建服务的虚拟用户
[root@m02 ~]# ansible m02 -m user -a "name=nginx createhome=no shell=/sbin/nologin"
172.16.1.12 | SUCCESS => {
    "append": false,
    "changed": true,
    "comment": "",
    "group": 501,
    "home": "/home/nginx",
    "move_home": false,
    "name": "nginx",
    "shell": "/sbin/nologin",
    "state": "present",
    "uid": 501
}
  • 创建普通用户
[root@m02 ~]# ansible m02 -m user -a "name=liyang password=123456"  # 无法使用123456的密码登录用户
172.16.1.12 | SUCCESS => {
    "changed": true,
    "comment": "",
    "createhome": true,
    "group": 504,
    "home": "/home/liyang",
    "name": "liyang",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/bash",
    "state": "present",
    "system": false,
    "uid": 504
}

1.11 unarchive模块

1.11.1 unarchive常用参数信息表

模块参数 参数描述
copy 如果值为yes,文件将从本地解压后拷贝到目标主机上,否则将在目标主机上寻找源压缩包文件,这个参数已经被remote_src参数代替并且和remote_src参数互斥,默认值是yes
creates 一个文件名称,当它已经存在时,这一步将不会运行
dest 指定解压后文件在远程主机上的绝对路径
mode 指定解压后文件/目录的权限
owner 指定解压后文件/目录的属主
group 指定解压后文件/目录的属组
remote_src 值为yes时表示压缩包文件在远程主机上,和copy参数互斥,默认值是no
src 如果remote_src=no(默认值),文件在src指定的本地路径下解压后复制到目标主机(可以是绝对路径或相对路径);如果remote_src=no,文件会在src指定的目标主机的路径下进行解压文件

如果remote_src=yes并且src的值中包含://,远程主机会先从指定的URL下载文件,这只适合简单的情况,如果想使用完整的下载功能可以使用get_url模块

  • 将本地压缩包文件解压后拷贝到远程主机上
[root@m02 ~]# ansible m01 -m unarchive -a "src=tools/memadmin-1.0.12.tar.gz dest=/root/"
172.16.1.11 | SUCCESS => {
    "changed": true,
    "dest": "/root/",
    "extract_results": {
        "cmd": [
            "/bin/gtar",
            "--extract",
            "-C",
            "/root/",
            "-z",
            "-f",
            "/root/.ansible/tmp/ansible-tmp-1506655236.93-74981415677354/source"
        ],
        "err": "",
        "out": "",
        "rc": 0
    },
    "gid": 0,
    "group": "root",
    "handler": "TgzArchive",
    "mode": "0550",
    "owner": "root",
    "size": 4096,
    "src": "/root/.ansible/tmp/ansible-tmp-1506655236.93-74981415677354/source",
    "state": "directory",
    "uid": 0
}

1.12 make模块

1.12.1 make常用参数信息表

模块参数 参数描述
chdir 运行make命令前切换到指定的目录中
params 编译文件时额外指定的编译参数
  • 编译软件
[root@m02 ~]# ansible m01 -m make -a " chdir=/server/tools/nginx-1.10.3"
  • 使用剧本时完整的配置编译安装过程
  - name: configure nginx
    command: 'chdir={{softwareDir}}nginx-1.10.3 {{ item }}'
    with_items:
      - ./configure --prefix=/usr/local/nginx-1.10.3 --user={{webUser}} --group={{webUser}} --with-http_stub_status_module --with-http_ssl_module
  - name: make nginx
    make: chdir={{softwareDir}}nginx-1.10.3
  - name: make install nginx
    command: chdir={{softwareDir}}nginx-1.10.3 make install

1.13 lineinfile模块

1.13.1 lineinfile常用参数信息表

模块参数 参数描述
backup 指定更改文件之前是否对文件做备份,默认值是no
backrefs backrefs为no时,如果没有匹配,则添加一行line;如果匹配了,则把匹配内容替被换为line内容

backrefs为yes时,如果没有匹配,则文件保持不变;如果匹配了,把匹配内容替被换为line内容

create 使用state=present参数时,如果指定值为yes,则文件如果不存在会自动创建新文件,否则如果文件不存在会运行失败,默认值是no
insertafter 使用state=present参数时,指定的行会被插入到文件中被regep正则表达式匹配的最后一行(如果有多行被匹配的时候)之后;如果指定的值是EOF或没有匹配到正则表达式内容的时候,则指定的行会被插入到文件最后
insertbefore 使用state=present参数时,指定的行会被插入到文件中被regep正则表达式匹配的最后一行(如果有多行被匹配的时候)之前;如果指定的值是EOF,则指定的行会被插入到文件最前面;如果没有匹配到正则表达式内容的时候,则指定的行会被插入到文件最后
line 指定要插入或替换的行信息
mode 指定修改文件/目录的权限
owner 指定修改文件/目录的属主
group 指定修改文件/目录的属组
path 指定要修改的文件,别名:dest、destfile、name
regexp 指定要匹配内容的正则表达式
state 设置添加/修改文件内容(present)或者删除文件内容(absent),默认值是present
  • 修改配置文件内容
[root@m02 ~]# ansible m01 -m lineinfile -a "dest=/etc/ppp/ip-up regexp='ifconfig ppp0 mtu 1472' insertbefore='^exit 0' line='ifconfig ppp0 mtu 1472\n' backup=yes"
172.16.1.11 | SUCCESS => {
    "backup": "",
    "changed": false,
    "msg": ""
}

1.14 mount模块

1.14.1 mount常用参数信息表

模块参数 参数描述
boot 指定是否在开机时自动挂载,默认为yes
fstype 指定挂载磁盘的文件系统类型,state必须为present或mounted
opts 指定挂载时的参数信息
path 指定挂载点,别名:name
src 指定要挂载的路径信息,state必须为present或mounted
state 如果指定值为mounted,设备会被挂载并且添加到磁盘挂载文件fstab中,如果指定的挂载点路径不存在,则会自动创建挂载点路径;

如果指定值为unmounted,设备会被卸载,不改变fstab文件;

absent和present值只适用于fstab文件,不会影响当前的挂载情况,如果指定的值为absent,则将会删除挂载点路径

  • 挂载磁盘
[root@m02 ~]# ansible m01 -m mount -a "src=172.16.1.31:/data/blog path=/usr/local/nginx/html/blog/
wp-content/uploads/ fstype=nfs state=mounted"

1.15 sysctl模块

1.15.1 sysctl常用参数信息表

模块参数 参数描述
ignoreerrors 忽略由于未知的键值产生的错误,默认值为no
name 指定内核参数的名称
reload 指定更改完/etc/sysctl.conf文件后是否重载,相当于sysctl -p,默认值为yes
state 指定添加/修改(present)内核参数或者删除内核参数(absent),默认值为present
sysctl_file 指定内核信息文件,默认为/etc/sysctl.conf
value 指定内核参数的值,别名:val
  • 开启内核转发功能
[root@m02 ~]# ansible m01 -m sysctl -a "name=net.ipv4.ip_forward value=1 sysctl_set=yes ignoreerrors=yes"
172.16.1.11 | SUCCESS => {
    "changed": false
}
  • 使内核支持虚拟IP
[root@m02 ~]# ansible m01 -m sysctl -a "name=net.ipv4.ip_nonlocal_bind value=1 sysctl_set=yes ignoreerrors=yes"
172.16.1.11 | SUCCESS => {
    "changed": true
}

1.16 modprobe模块

1.16.1 modprobe常用参数信息表

模块参数 参数描述
name 指定要加载的内核名称
params 指定加载的内核模块参数
state 指定添加/修改(present)内核模块或者删除内核模块(absent),默认值为present
  • 添加iptable_nat内核模块
[root@m02 ~]# ansible m01 -m modprobe -a "name=iptable_nat"
172.16.1.11 | SUCCESS => {
    "changed": true,
    "failed": false,
    "name": "iptable_nat",
    "params": "",
    "state": "present"
}

1.17 iptables模块

1.17.1 iptables常用参数信息表

模块参数 参数描述
chain 指定防火墙的链状态:’INPUT’, ‘FORWARD’, ‘OUTPUT’, ‘PREROUTING’, ‘POSTROUTING’, ‘SECMARK’, ‘CONNSECMARK’
ctstate 匹配conntrack模块的连接状态的表:’INVALID’, ‘NEW’, ‘ESTABLISHED’, ‘RELATED’, ‘UNTRACKED’, ‘SNAT’, ‘DNAT’
destination 指定目的地址,地址信息可以是网络名称、主机名称、网络IP地址或普通IP地址
destination_port 指定目的地址端口号
flush 刷新防火墙规则和相应的表
jump 跳转规则
source 源IP地址
state 指定添加/修改(present)防火墙信息或者删除防火墙信息(absent),默认值为present
table filter

nat

mangle

raw

security

  • 开启防火墙NAT地址转换
[root@m02 ~]# ansible m01 -m iptables -a "table=nat chain=POSTROUTING source=172.16.1.0/24 jump=MASQUERADE"
172.16.1.11 | SUCCESS => {
    "chain": "POSTROUTING",
    "changed": true,
    "failed": false,
    "flush": false,
    "ip_version": "ipv4",
    "rule": "-s 172.16.1.0/24 -j MASQUERADE",
    "state": "present",
    "table": "nat"
}

1.18 debug模块

1.18.1 debug常用参数信息表

模块参数 参数描述
msg 自定义打印的信息,如果忽略则打印一条通用信息
var 调试的变量名称,与msg参数互斥
verbosity 指定调试信息打印的完整程度级别,如果指定为3,则相当于-vvv或以上级别
  • 打印IP地址信息
[root@m02 ~]# ansible m01 -m debug -a "var=ansible_all_ipv4_addresses"

第2章 Ansible的帮助信息

1.1 查看所有的模块:ansible-doc -l

[root@m01 ~]# ansible-doc -l | wc -l
1039
[root@m01 ~]# ansible-doc -l
a10_server                         Manage A10 Networks AX/SoftAX/Thunder/vThunder devic...
a10_server_axapi3                  Manage A10 Networks AX/SoftAX/Thunder/vThunder devic...
a10_service_group                  Manage A10 Networks AX/SoftAX/Thunder/vThunder devic...
a10_virtual_server                 Manage A10 Networks AX/SoftAX/Thunder/vThunder devic...
accelerate                         Enable accelerated mode on remote node             
acl                                Sets and retrieves file ACL information.           
add_host                           add a host (and alternatively a group) to the ansibl...
airbrake_deployment                Notify airbrake about app deployments              
aix_inittab                        Manages the inittab on AIX.                        
alternatives                       Manages alternative programs for common commands   
aos_asn_pool                       Manage AOS ASN Pool                                
aos_blueprint                      Manage AOS blueprint instance                      
aos_blueprint_param                Manage AOS blueprint parameter values          
aos_blueprint_virtnet              Manage AOS blueprint parameter values              
aos_device                         Manage Devices on AOS Server                       
aos_external_router                Manage AOS External Router                     
aos_ip_pool                        Manage AOS IP Pool                                 
aos_logical_device                 Manage AOS Logical Device
...省略...

注意:CentOS6.8使用ansible-doc -l会报错,解决办法:

sed -i ‘s@#deprecation_warnings=True@deprecation_warnings=False@g’ /etc/ansible/ansible.cfg

mv /sur/lib/python2.6/sit-packages/ansible/modules/extras/cloud/misc/rhevm.py /tmp/

1.2 查看指定模块用法:ansible-doc -s 模块

[root@m01 ~]# ansible-doc -s command
- name: Executes a command on a remote node
  action: command
      chdir                  # cd into this directory before running the command
      creates                # a filename or (since 2.0) glob pattern, when it already
                               exists, this step will *not*
                               be run.
      executable             # change the shell used to execute the command. Should be an
                               absolute path to the
                               executable.
      free_form=             # the command module takes a free form command to run.  There
                               is no parameter actually
                               named 'free form'. See the
                               examples!
      removes                # a filename or (since 2.0) glob pattern, when it does not
                               exist, this step will *not*
                               be run.
      warn                   # if command warnings are on in ansible.cfg, do not warn about
                               this particular line if set
...省略...

1.3 ansible官方手册

温馨提示:本文最后更新于2022-12-20 20:57:41,已超过431天没有更新。某些文章具有时效性,若文章内容或图片资源有错误或已失效,请联系站长。谢谢!
转载请注明本文链接:https://blog.leonshadow.cn/763482/1932.html
© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享