一、简介
前面我们介绍了,ansible能作为自动化配置管理,其实是由ansible的多种多样的模块来实现的。截止目前,ansible的模块已经高达3000+之多。但是个人在日常工作中,比较常见的大约20多个。下面我就大概介绍一些常见常用的模块。
二、invenroty清单文件
# cat /etc/ansible/hosts
[websrvs]
10.10.108.[30:33]
[dbsrvs]
10.10.108.30
[appsrvs]
10.10.108.[30:33]
三、常用模块
3.1 ping 模块
ping模块执行成功后,会给你返回绿色的消息,并且有一个pong响应。all代表所有被管理的主机。
[root@ayunw ansible-example]# ansible dbsrvs -m ping
10.10.108.30 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@ayunw ansible-example]# ansible all -m ping
10.10.108.30 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.10.108.32 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.10.108.31 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.10.108.33 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
3.2 command 模块
因为ansible的默认模块是command,所以这里可以使用 -m 指定模块名 command,也可以直接省略。
[root@ayunw ansible-example]# ansible dbsrvs -m command -a "free -m"
10.10.108.30 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 7821 395 7110 16 314 7179
Swap: 4095 0 4095
[root@ayunw ansible-example]# ansible dbsrvs -a "free -m"
10.10.108.30 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 7821 395 7111 16 314 7179
Swap: 4095 0 4095
3.3 shell模块
shell模块和command模块比较类似,但是shell被大家称为万能模块,很多操作command不支持,但是shell却支持。注意最后一种情况shell模块也是不支持的。但是可以将命令写在一个脚本,将脚本拷贝到远端执行,然后执行shell模块获取结果。
[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "touch /tmp/a.txt"
[WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is insufficient you can add 'warn: false' to
this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
10.10.108.30 | CHANGED | rc=0 >>
[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "ls -al /tmp/ | grep 'a.txt'"
10.10.108.30 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 0 Aug 9 09:37 a.txt
[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "ls -al /tmp/ | grep "a.txt""
10.10.108.30 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 0 Aug 9 09:37 a.txt
# 会报错,shell万能模块也不支持这种方式
[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "cat /etc/passwd |awk -F ':' '{print $1,$3}' >> /tmp/pwd.txt"
10.10.108.30 | FAILED | rc=1 >>
awk: cmd. line:1: {print ,}
awk: cmd. line:1: ^ syntax error
awk: cmd. line:1: {print ,}
awk: cmd. line:1: ^ syntax error
awk: cmd. line:1: {print ,}
awk: cmd. line:1: ^ unexpected newline or end of stringnon-zero return code
注意: 你可能会注意到上面出现了WARNING警告。这不是报错,它只是告诉你,应该选择file模块进行创建文件的操作会更好,而不是使用shell模块操作。当然它还告诉你可以在ansible.cfg配置文件中设置command_warnings=False以关闭警告。
3.4 copy 模块
从ansible管理节点拷贝文件到远程主机。
[root@ayunw ansible-example]# cat getPasswd.sh
#!/bin/bash
# -*- Author -*- : ayunw
cat /etc/passwd |awk -F ':' '{print $1}'
[root@ayunw ansible-example]# ansible dbsrvs -m copy -a "src=getPasswd.sh dest=/usr/local/src/ mode=0755 owner=root group=root"
10.10.108.30 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "ce9c09f15cb6f62b550f819276d06b0e6cd59110",
"dest": "/usr/local/src/getPasswd.sh",
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/usr/local/src/getPasswd.sh",
"secontext": "system_u:object_r:usr_t:s0",
"size": 54,
"state": "file",
"uid": 0
}
# 默认目标节点存在文件会覆盖,所以最好设置 backup=yes
[root@ayunw ansible-example]# ansible dbsrvs -m copy -a "src=getPasswd.sh dest=/usr/local/src/ mode=0755 owner=root group=root backup=yes"
[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "ls -al /tmp/ | grep 'getPasswd.sh'"
10.10.108.30 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 54 Aug 9 09:50 getPasswd.sh
[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "cat /tmp/getPasswd.sh"
10.10.108.30 | CHANGED | rc=0 >>
#!/bin/bash
cat /etc/passwd |awk -F ':' '{print $1}'
[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "bash /usr/local/src/getPasswd.sh"
10.10.108.30 | CHANGED | rc=0 >>
root
bin
daemon
adm
lp
sync
shutdown
halt
operator
games
ftp
nobody
systemd-network
dbus
polkitd
sshd
postfix
# 拷贝目录下所有文件到远程,不包括目录本身。文件多了以后,速度会非常慢
[root@ayunw ansible-example]# ansible dbsrvs -m copy -a "src=/etc/ansible/ dest=/opt/"
10.10.108.30 | CHANGED => {
"changed": true,
"dest": "/opt/",
"src": "/etc/ansible/"
}
3.5 fetch 模块
从远程主机获取文件到ansible管理节点,但是不支持目录操作
[root@ayunw ansible-example]# ansible dbsrvs -m fetch -a "src=/etc/yum.repos.d/epel.repo dest=/usr/local/src"
10.10.108.30 | CHANGED => {
"changed": true,
"checksum": "2feedd589b72617f03d75c4b8a6e328cc1aad918",
"dest": "/usr/local/src/10.10.108.30/etc/yum.repos.d/epel.repo",
"md5sum": "bddf35db56cf6be9190fdabeae71c801",
"remote_checksum": "2feedd589b72617f03d75c4b8a6e328cc1aad918",
"remote_md5sum": null
}
[root@ayunw ansible-example]# ls -al /usr/local/src/10.10.108.30/etc/yum.repos.d/
total 4
drwxr-xr-x. 2 root root 23 Aug 11 15:05 .
drwxr-xr-x. 3 root root 25 Aug 11 15:05 ..
-rw-r--r--. 1 root root 664 Aug 11 15:05 epel.repo
3.6 file 模块
# 创建软连接
[root@ayunw ansible-example]# ansible test -m file -a 'src=/etc/passwd path=/tmp/passwd.link state=link'
# 查看刚创建的/tmp下的软连接
[root@ayunw ansible-example]# ansible all -m shell -a 'ls -l /tmp/passwd.link'
# 创建文件。如果文件已经存在,则会更新文件的时间戳
[root@ayunw ansible-example]# ansible all -m file -a 'name=d.txt state=touch'
# 删除文件
[root@ayunw ansible-example]# ansible test -m file -a 'path=/tmp/cc.txt state=absent'
# 创建目录(可以递归创建,直接加上文件名即可)
# 如果state=directory,那么如果目录不存在,那么所有的子目录将被创建(而且提供权限的创建),如果目录# 已经存在,则不进行任何操作。如果state=file,文件将不会被创建
[root@ayunw ansible-example]# ansible test -m file -a 'path=/tmp/bj state=directory'
# 删除目录(可以递归删除,无需任何参数,直接加上)
[root@ayunw ansible-example]# ansible test -m file -a 'path=/tmp/bj state=absent'
# 修改文件权限等属性
[root@ayunw ansible-example]# ansible test -m file -a 'path=/tmp/bb.txt mode=700 owner=root group=root'
# 递归授权目录权限
ansible dbsrvs -m file -a "path=/data owner=bgx group=bgx recurse=yes"
3.7 hostname 模块
管理远程主机上的主机名
# 查看主机名
[root@ayunw ansible-example]# ansible test -m shell -a 'hostname'
# 更改主机名
[root@ayunw ansible-example]# ansible test -m hostname -a 'name=master'
3.8 yum 模块
# 安装一个httpd服务,默认安装最新版
# 使用state=present来安装,多个包用','分割
[root@ansible-server ~]# ansible dbsrvs -m yum -a 'name=httpd'
[root@ayunw ansible-example]# ansible test -m yum -a 'name=httpd state=present'
# 检查是否安装成功
[root@ansible-server ~]# ansible dbsrvs -a 'rpm -qi httpd'
3.9 cron 模块
# 创建计划任务
[root@ayunw ansible-example]# ansible test -m cron -a 'minute=*/5 name=Ajob job="/usr/sbin/ntpdate 172.16.8.100 &> /dev/null" state=present'
[root@ayunw ansible-example]# ansible dbsrvs -m cron -a "minute=* hour=* day=* month=* weekday=* job='/bin/sh test.sh'"
[root@ayunw ansible-example]# ansible dbsrvs -m cron -a "job='/bin/sh /server/scripts/test.sh'"
# 设置定时任务注释信息,防止重复,name设定
ansible dbsrvs -m cron -a "name='cron01' job='/bin/sh /server/scripts/test.sh'"
# 注释相应定时任务,使定时任务失效
ansible dbsrvs -m cron -a "name='ansible cron01' minute=0 hour=0 job='/bin/sh test.sh' disabled=yes"
# 删除相应定时任务(怎么创建的就要怎么删除)
[root@ayunw ansible-example]# ansible test -m cron -a 'minute=*/5 name=Ajob job="/usr/sbin/ntpdate 172.16.8.100 &> /dev/null state=absent"'
# 查看计划任务
[root@ayunw ansible-example]# ansible test -m shell -a "crontab -l"
172.16.20.115 | SUCCESS | rc=0 >>
#Ansible: Ajob
*/5 * * * * /usr/sbin/ntpdate 172.16.8.100 &> /dev/null
# 删除任务计划
[root@ayunw ansible-example]# ansible test -m shell -a "crontab -r"
3.10 service 模块
用来管理服务器上的服务
# 利用ansible的yum模块安装一个nginx
[root@ayunw ansible-example]# ansible test -m yum -a 'name=nginx state=present'
# 启动nginx
[root@ayunw ansible-example]# ansible test -m shell -a '/etc/init.d/nginx start'
# 或者利用ansible的service模块(推荐)
[root@ayunw ansible-example]# ansible test -m service -a 'name=nginx state=started'
# 查看状态
[root@ayunw ansible-example]# ansible test -m shell -a 'service nginx status'
[WARNING]: Consider using service module rather than running service
# 停止nginx服务
[root@ayunw ansible-example]# ansible test -m service -a 'name=nginx state=stopped'
[root@ayunw ansible-example]# ansible test -m shell -a 'service nginx status'
[WARNING]: Consider using service module rather than running service
[root@ayunw ansible-example]# ansible test -m service -a 'name=nginx state=started enabled=yes runlevel=2345'
[root@ayunw ansible-example]# ansible test -m shell -a 'chkconfig --list nginx'
3.11 group 模块
用于添加远程主机上的组
[root@ayunw ansible-example]# ansible test -m group -a 'name=hr gid=2000 state=present'
3.12 user 模块
管理远程主机上的用户的账号
# 创建用户指定uid和gid,不创建家目录也不允许登陆
ansible dbsrvs -m user -a "name=ayunw uid=888 group=888 shell=/sbin/nologin create_home=no"
[root@ayunw ansible-example]# ansible dbsrvs -m user -a 'name=martin group=hr groups=root uid=500 shell=/bin/bash home=/home/martin comment="martin user"'
# 删除用户
[root@ayunw ansible-example]# ansible dbsrvs -m user -a 'name=martin state=absent remove=yes'
# 给新创建的用户生成ssh密钥对
ansible dbsrvs -m user -a "name=oo uid=6677 group=adm generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa" -i ./hosts
# 将明文密码进行hash加密,然后进行用户创建
ansible dbsrvs -m debug -a "msg={{ '123456' | password_hash('sha512', 'salt') }}"
3.13 setup 模块
可收集远程主机的facts变量的信息,相当于收集了目标主机的相关信息(如内核版本、操作系统信息、cpu、…),保存在ansible的内置变量中,之后我们有需要用到时,直接调用变量即可.这在ansible-playbook 中很有用。
[root@ayunw ansible-example]# ansible dbsrvs -m setup
# 使用setup获取ip地址以及主机名使用filter过滤
ansible dbsrvs -m setup -a 'filter=ansible_default_ipv4'
# 获取内存信息
ansible dbsrvs -m setup -a 'filter=ansible_memory_mb'
# 获取主机名
ansible dbsrvs -m setup -a 'filter=ansible_nodename'
# 仅显示与ansible相关的内存信息
ansible dbsrvs -m setup -a 'filter=ansible_*_mb'
3.14 authorized_key模块
为特定的用户账号添加或删除 SSH authorized keys
# 方法一
ansible web -m authorized_key -a "user=root key='{{lookup('file','/root/.ssh/id_rsa.pub')}}' path=/root/.ssh/authorized_keys manage_dir=no"
# 方法二、
vim pub_ssh_key.yml
---
- hosts: webs
remote_user: osmgr
become: yes
become_user: root
become_method: sudo
tasks:
- name: deliver authorized_keys
authorized_key:
user: osmgr
key: "{{ lookup('file', '/home/osmgr/.ssh/id_rsa.pub') }}"
state: present
ansible-playbook pub_ssh_key.yml
3.15 synchronize 模块
使用rsync 模块,系统必须安装rsync 包,否则无法使用这个模块
ansible dbsrvs -m shell -a 'yum -y install rsync'
ansible web -m synchronize -a 'src=time.sh dest=/tmp/'
3.16 lineinfile 模块
正则匹配,更改某个关键参数值。比如这里修改SELINUX的值
ansible dbsrvs -a 'cat /etc/selinux/config | grep ^SELINUX='
ansible dbsrvs -m shell -a 'cat /etc/selinux/config|grep "^SELINUX="'
10.10.108.30 | CHANGED | rc=0 >>
SELINUX=enforcing
# 通过lineinfifle模块修改SELinux的配置信息,改为disable
ansible dbsrvs -m lineinfile -a "path=/etc/selinux/config regexp='^SELINUX=' line='SELINUX=disabled'"
# 或者是使用ansible-playbook
vim set_selinux_disable.yml
---
- hosts: dbsrvs
tasks:
- name: seline modify enforcing
lineinfile:
dest: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=enforcing'
# 删除/etc/fstab文件中以#号开头的行
ansible dbsrvs -m lineinfile -a "dest=/etc/fstab state=absent regexp='^#'"
3.17 replace 模块
和 sed 命令比较类似,用于正则匹配和替换
# 查看远端节点的 /etc/fstab 源文件
[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "cat /etc/fstab"
10.10.108.30 | CHANGED | rc=0 >>
#
# /etc/fstab
# Created by anaconda on Tue Jul 5 14:09:37 2022
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=c47c20e8-8ed5-4d86-9209-f0e8876bb9e6 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
# 使用replace模块
[root@ayunw ansible-example]# ansible dbsrvs -m replace -a "path=/etc/fstab regexp=^(UUID.*) replace='#\1'"
10.10.108.30 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "1 replacements made"
}
# 查看结果
[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "cat /etc/fstab"
10.10.108.30 | CHANGED | rc=0 >>
#
# /etc/fstab
# Created by anaconda on Tue Jul 5 14:09:37 2022
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
#UUID=c47c20e8-8ed5-4d86-9209-f0e8876bb9e6 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
# 将注释的UUID信息恢复
ansible dbsrvs -m replace -a "path=/etc/fstab regexp='^#(.*)' replace='\1'"
[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "cat /etc/fstab"
10.10.108.30 | CHANGED | rc=0 >>
/etc/fstab
Created by anaconda on Tue Jul 5 14:09:37 2022
Accessible filesystems, by reference, are maintained under '/dev/disk'
See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
/dev/mapper/centos-root / xfs defaults 0 0
UUID=c47c20e8-8ed5-4d86-9209-f0e8876bb9e6 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
参数说明:
- \1:表示引用前面的小括号内容