Ansible命令模块
1.command模块
[root@m01 ~]# ansible web_group -m command -a 'free -m'
web02 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 972 97 759 7 115 732
Swap: 1023 0 1023
web01 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 972 97 758 7 115 731
Swap: 1023 0 1023
2.shell模块
[root@m01 ~]# ansible web_group -m shell -a 'ps -ef | grep nginx'
web02 | CHANGED | rc=0 >>
root 7167 7166 0 16:43 pts/1 00:00:00 /bin/sh -c ps -ef | grep nginx
root 7169 7167 0 16:43 pts/1 00:00:00 /bin/sh -c ps -ef | grep nginx
web01 | CHANGED | rc=0 >>
root 7176 7175 0 16:43 pts/1 00:00:00 /bin/sh -c ps -ef | grep nginx
root 7178 7176 0 16:43 pts/1 00:00:00 /bin/sh -c ps -ef | grep nginx
#command与shell的区别:
1.commond不识别特殊符号
2.shell识别特殊符号
3.如果不加-m参数,默认是command模块
3.script模块
[root@m01 ~]# ansible web_group -m script -a '/root/mkdir.sh'
web01 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to web01 closed.\r\n",
"stderr_lines": [
"Shared connection to web01 closed."
],
"stdout": "",
"stdout_lines": []
}
web02 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to web02 closed.\r\n",
"stderr_lines": [
"Shared connection to web02 closed."
],
"stdout": "",
"stdout_lines": []
}
[root@m01 ~]# ansible web_group -m shell -a 'ls -l /tmp'
web01 | CHANGED | rc=0 >>
total 0
drwx------ 2 root root 41 Jan 9 16:46 ansible_command_payload_8YXgy5
drwxr-xr-x 2 root root 6 Jan 9 16:45 test
drwx------ 2 root root 6 Jan 7 01:29 vmware-root_6290-725715238
drwx------ 2 root root 6 Jan 9 16:30 vmware-root_6296-700616362
web02 | CHANGED | rc=0 >>
total 0
drwx------ 2 root root 41 Jan 9 16:46 ansible_command_payload_51mlXb
drwxr-xr-x 2 root root 6 Jan 9 16:45 test
drwx------ 2 root root 6 Jan 9 16:30 vmware-root_6282-726370616
drwx------ 2 root root 6 Jan 7 01:29 vmware-root_6295-1681199997
[root@m01 ~]#
Ansible软件管理模块
1.yum模块
- name: install the latest version of Apache
yum:
name: httpd
state: latest
name
httpd #指定要安装的软件包名称
file:// #指定本地安装路径(yum localinstall 本地rpm包)
http:// #指定yum源(从远程仓库获取rpm包)
state #指定使用yum的方法
installed,present #安装软件包
removed,absent #移除软件包
latest #安装最新软件包
#安装httpd 相当于 yum install -y httpd
[root@m01 ~]# ansible web_group -m yum -a 'name=httpd state=present'
#安装服务 相当于 yum install -y http://test.driverzeng.com/Zabbix_File/percona-release-0.1-3.noarch.rpm
[root@m01 ~]# ansible web_group -m yum -a 'name=http://test.driverzeng.com/Zabbix_File/percona-release-0.1-3.noarch.rpm state=present'
#安装nginx 相当于 yum localinstall -y /root/nginx-1.16.1-1.el7.ngx.x86_64.rpm
[root@m01 ~]# ansible web_group -m yum -a 'name=file:///root/nginx-1.16.1-1.el7.ngx.x86_64.rpm state=present'
2.yum_repository
- name: Add repository
yum_repository:
name: epel
description: EPEL YUM repo
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
file: external_repos
gpgcheck: no
mirrorlist: http://mirrorlist.repoforge.org/el7/mirrors-rpmforge
state: present
enabled: yes
#配置yum源
ansible web_group -m yum_repository -a "name=nginx description='nginx repo' baseurl=http://nginx.org/packages/centos/7/\$basearch/ gpgcheck=no enabled=yes file=nginx state=present"
#被控端验证
[root@web01 yum.repos.d]# cat nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
name #yum源里面[]的内容
description #yum源里面的name
file #yum源的名字
Ansible文件管理模块
1.copy模块
- name: Copy file with owner and permissions
copy:
src: /srv/myfiles/foo.conf
dest: /etc/foo.conf
owner: foo
group: foo
mode: '0644'
backup: yes
validate: /usr/sbin/visudo -csf %s
follow: yes
content:
#推送站点文件
[root@m01 ~]# ansible web_group -m copy -a 'src=/root/index.html dest=/var/www/html'
#推送并备份文件,授权
[root@m01 ~]# ansible web_group -m copy -a 'src=/root/index.html dest=/var/www/html owner=root group=root mode=0644 backup=yes'
#将指定内容写到指定文件
[root@m01 ~]# ansible web_group -m copy -a "content='/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)' dest=/etc/exports"
content: #写入指定内容到指定文件
src: /srv/myfiles/foo.conf #源文件
dest: /etc/foo.conf #目标文件
owner: www #文件属主
group: www #文件属组
mode: '0644' #文件权限
backup: #文件备份
yes
no
validate: /usr/sbin/visudo -csf %s #认证文件会否变化,发生变化就不能推送
follow: yes #是否识别软链接
2.file模块
- name: Change file ownership, group and permissions
file:
path: /etc/foo.conf
state:
directory
touch
absent
link
owner: foo
group: foo
mode: '0644'
recurse:
yes
no
#创建一个目录 mkdir /service
[root@m01 ~]# ansible web_group -m file -a 'path=/service state=directory'
#指定目录权限 chown root.root /service chmod 644 /service
[root@m01 ~]# ansible web_group -m file -a 'path=/service state=directory owner=root group=root mode=0644'
#创建文件 touch /service/lhd.txt 授权
[root@m01 ~]# ansible web_group -m file -a 'path=/service/lhd.txt state=touch owner=root group=root mode=0644'
#递归创建目录 mkdir /service/lhd/mysql/111 -p
[root@m01 ~]# ansible web_group -m file -a 'path=/service/lhd/mysql/111 state=directory'
#给文件做软连接 ln -s /data/mysql/database /data/database.ori
[root@m01 ~]# ansible web_group -m file -a 'src=/data/mysql/database dest=/data/database.ori state=link'
#递归授权目录 chown -R adm.adm /service
[root@m01 ~]# ansible web_group -m file -a 'path=/data/mysql/database state=directory owner=adm group=adm mode=0644 recurse=yes'
#注意:
1.当目录本身不存在时,递归创建就会递归授权
2.当目录存在时,递归授权只授权你指定的目录下面的所有内容
path: #要创建的文件或目录
state:
directory #创建的是目录
touch #创建的是文件
absent #删除文件
link #创建软链接
owner: foo #文件属主
group: foo #文件属组
mode: '0644' #文件权限
recurse: #是否递归
yes
no
3.get_url模块
- name: Download foo.conf
get_url:
url: http://example.com/path/file.conf
dest: /etc/foo.conf
mode: '0440'
checksum: md5:2c6912dfe8300f4c0c433a576d108c7f
#下载文件
[root@m01 ~]# ansible web_group -m get_url -a 'url=https://www.mumusir.com/file.txt dest=/tmp mode=777'
#验证文件是否准确,再下载
[root@m01 ~]# ansible web_group -m get_url -a 'url=https://www.mumusir.com/file.txt dest=/tmp mode=777 checksum=md5:2c6912dfe8300f4c0c433a576d108c7f'
url: #下载的文件地址
dest: #下载到哪个目录
mode: #文件权限
checksum: #验证文件的MD5或者sha256值
Ansible服务管理模块
1.service/systemd模块
- name: Start service httpd, if not started
service:
name: httpd
state: started
enabled: yes
#停止服务
[root@m01 ~]# ansible web_group -m service -a 'name=httpd state=stopped'
#启动服务
[root@m01 ~]# ansible web_group -m service -a 'name=httpd state=started'
#重启服务
[root@m01 ~]# ansible web_group -m service -a 'name=httpd state=restarted'
#重载服务
[root@m01 ~]# ansible web_group -m service -a 'name=httpd state=reloaded'
#服务开机自启
[root@m01 ~]# ansible web_group -m service -a 'name=httpd state=started enabled=yes'
name: httpd #服务
state:
started #启动
stopped #停止
reloaded #重载
restarted #重启
enabled:
yes #开机自启
no #开机不自启
Ansible用户管理模块
1.group模块
- name: Ensure group "somegroup" exists
group:
name: somegroup
state: present
gid:666
#创建用户组
[root@m01 ~]# ansible web_group -m group -a 'name=www gid=666 state=present'
name: #组名
state:
present #创建
absent #删除
gid: #指定gid
2.user模块
- name: Add the user 'johnd' with a specific uid and a primary group of 'admin'
user:
name: johnd
comment: John Doe
uid: 1040
group: admin
groups: admins,developers
shell: /bin/zsh
create_home: true
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: .ssh/id_rsa
#创建用户,不需要登录,不创建家目录
[root@m01 ~]# ansible web_group -m user -a 'name=www group=www uid=666 create_home=false shell=/sbin/nologin'
#修改用户id
[root@m01 ~]# ansible web_group -m user -a 'name=www group=www uid=777 create_home=false shell=/sbin/nologin'
[root@m01 ~]# ansible web_group -m group -a 'name=www gid=777 state=present
#创建用户的同时创建密钥对
[root@m01 ~]# ansible web_group -m user -a 'name=www group=www uid=666 generate_ssh_key=yes ssh_key_bits=1024 ssh_key_file=.ssh/id_rsa'
name: #用户名
comment: #用户备注
uid: #用户uid
group: #指定用户属组
groups: #附加组
shell: #用户登录的脚本
create_home:
true #创建家目录(默认)
false #不创建家目录
generate_ssh_key: #用户创建密钥对
ssh_key_bits: #秘钥长度
ssh_key_file: #密钥文件位置和名称
state:
absent #删除用户
present
Ansible定时任务模块
cron模块
- name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null"
cron:
name: "check dirs"
minute: "0"
hour: "5,2"
day: *
mouth: *
weekday: *
job: "ls -alh > /dev/null"
# 使用ansible添加一条定时任务,每分钟执行一次(创建时不指定name会警告)
[root@m01 ~]# ansible web_group -m cron -a "minute=* hour=* day=* month=* weekday=* job='/bin/sh /server/scripts/test.sh'"
[root@m01 ~]# ansible web_group -m cron -a "job='/bin/sh /server/scripts/test.sh'"
# 设置定时任务注释信息,防止重复,name设定
[root@m01 ~]# ansible web_group -m cron -a "name='cron01' job='/bin/sh /server/scripts/test.sh'"
# 删除相应定时任务(删除时必须指定name)
[root@m01 ~]# ansible web_group -m cron -a "name='ansible cron02' minute=0 hour=0 job='/bin/sh /server/scripts/test.sh' state=absent"
# 注释相应定时任务,使定时任务失效
[root@m01 scripts]# ansible web_group -m cron -a "name='ansible cron01' minute=0 hour=0 job='/bin/sh /server/scripts/test.sh' disabled=yes"
name: #脚本注释
minute: #分钟
hour: #小时
day: #天
mouth: #月
weekday: #周
job: #执行的动作
state:
present
absent #删除定时任务
disabled:
yes #注释定时任务
no #不注释
Ansible磁盘挂载模块
mount模块
- name: Mount DVD read-only
mount:
path: /mnt/dvd
src: /dev/sr0
fstype: iso9660
opts: ro,noauto
state: present
[root@m01 ~]# ansible web_group -m mount -a "src=172.16.1.31:/data path=/data fstype=nfs opts=defaults state=present"
[root@m01 ~]# ansible web01 -m mount -a "src=172.16.1.31:/data path=/data fstype=nfs opts=defaults state=mounted"
[root@m01 ~]# ansible web02 -m mount -a "src=172. 16.1.31:/data path=/data fstype=nfs opts=defaults state=unmounted"
[root@m01 ~]# ansible web -m mount -a "src=172.16.1.31:/data path=/data fstype=nfs opts=defaults state=absent"
path: #本地要挂载的目录
src: #远端挂载点目录
fstype: #挂载类型(nfs)
opts: #/etc/fstab参数
state:
present # 开机才挂载,仅将挂载配置写入/etc/fstab
mounted # 挂载设备,并将配置写入/etc/fstab
unmounted # 卸载设备,不会清除/etc/fstab写入的配置
absent # 卸载设备,会清理/etc/fstab写入的配置
Ansible防火墙模块
1.selinux
- name: Enable SELinux
selinux:
policy: targeted
state: disabled
[root@m01 ~]# ansible web_group -m selinux -a 'state=disabled'
#临时关闭
[root@m01 ~]# ansible web_group -m shell -a 'setenforce 0'
web02 | CHANGED | rc=0 >>
web01 | CHANGED | rc=0 >>
[root@m01 ~]# ansible web_group -m shell -a 'getenforce'
web02 | CHANGED | rc=0 >>
Permissive
web01 | CHANGED | rc=0 >>
Permissive
2.firewalld模块
- firewalld:
service: https
permanent: yes
state: enabled
[root@m01 ~]# ansible web_group -m firewalld -a 'service=http permanent=yes state=enabled'
[root@m01 ~]# ansible web_group -m firewalld -a "service=http immediate=yes permanent=yes state=enabled"
[root@m01 ~]# ansible web_group -m firewalld -a "port=8080-8090/tcp immediate=yes permanent=yes state=enabled"
#开启防火墙,允许http服务访问
[root@m01 ~]# ansible web_group -m firewalld -a 'service=http state=enabled'
#开启防火墙,禁止http服务访问
[root@m01 ~]# ansible web_group -m firewalld -a 'service=http state=disabled'
#开启防火墙,允许80端口访问
[root@m01 ~]# ansible web_group -m firewalld -a 'port=80/tcp state=enabled'
#开启防火墙,永久允许80端口访问(永久配置需要手动重启,或者ansible重启firewalld)
[root@m01 ~]# ansible web_group -m firewalld -a 'port=80/tcp state=enabled permanent=yes'
service #指定开放或关闭的服务名称
port #指定开放或关闭的端口
permanent #是否添加永久生效
state #开启或者关闭
enabled
disabled
zone #指定配置某个区域
rich_rule #配置辅规则
masquerade #开启地址伪装
immediate #临时生效
source #指定来源IP
Ansible解压和压缩模块
1.unarchive解压模块
- name: Unarchive a file that is already on the remote machine
unarchive:
src: /tmp/foo.zip
dest: /usr/local/bin
remote_src: yes
#解压包到远端机器
[root@m01 ~]# ansible web_group -m unarchive -a 'src=/root/php.tar.gz dest=/tmp'
#解压远端机器上的包到远端机器
[root@m01 ~]# ansible web_group -m unarchive -a 'src=/tmp/php.tar.gz dest=/tmp remote_src=yes'
src: #本地文件
dest: #远端目录
remote_src:
yes #如果是yes src代表远端服务器上的包
no #如果是no src代表控制端服务器上的包
2.archive压缩模块
- name: Compress directory /path/to/foo/ into /path/to/foo.tgz
archive:
path: /path/to/foo
dest: /path/to/foo.tgz
#打包文件
[root@m01 ~]# ansible web_group -m archive -a 'path=/data dest=/data/data.tar.gz'
path: #要打包的内容
dest: #包放在哪里
exclude_path: #排除哪些包