Teng's blog
Shetengteng
2022-05-13

常用模块

模块文档 https://docs.ansible.com/ansible/latest/modules/modules_by_category.html

# command

在远程主机执行命令,默认模块,可忽略-m选项

# 查看说明

[root@linux101 ~]# ansible-doc command
> COMMAND    (/usr/lib/python2.7/site-packages/ansible/modules/commands/command.py)
...
OPTIONS (= is mandatory):
...
- chdir
        Change into this directory before running the command.
        [Default: (null)]
        type: path
        version_added: 0.6
...
- creates
        A filename or (since 2.0) glob pattern. If it already exists, this step
        *won't* be run.
        [Default: (null)]
        type: path
...
- removes
        A filename or (since 2.0) glob pattern. If it already exists, this step
        *will* be run.
        [Default: (null)]
        type: path
        version_added: 0.8
...
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

**注意:**此命令不支持 $VARNAME 变量名 < > 重定向 | 管道符 ; & 等操作符,需要用shell模块实现

常用参数说明

  • chdir: 进入到被管理主机目录
  • creates: 如果有一个目录是存在,将不会运行命令
  • removes: 如果有一个目录存在,将会执行命令
  • 默认存不存在目录,都执行

参数使用

ansible websrvs -a 'chdir=/data/ ls'
1

# 示例

-a 表示输入的参数,args的简写

示例1

ansible srvs -m command -a 'service vsftpd start'
ansible srvs -m command -a 'echo adong |passwd --stdin 123456'
1
2

示例2 创建并列出文件夹,推荐使用file模块创建文件夹

[root@linux101 ~]# ansible all -a 'mkdir /opt/my-ansible-test'
[WARNING]: Consider using the file module with state=directory rather than running 'mkdir'.  If you need
to use command because file is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.10.103 | CHANGED | rc=0 >>
192.168.10.104 | CHANGED | rc=0 >>
192.168.10.102 | CHANGED | rc=0 >>

[root@linux101 ~]# [root@linux101 ~]# ansible all -a 'removes=/opt/my-ansible-test ls -dl /opt/my-ansible-test'
192.168.10.102 | CHANGED | rc=0 >>
drwxr-xr-x. 2 root root 4096 514 23:19 /opt/my-ansible-test
192.168.10.103 | CHANGED | rc=0 >>
drwxr-xr-x. 2 root root 4096 514 23:19 /opt/my-ansible-test
192.168.10.104 | CHANGED | rc=0 >>
drwxr-xr-x. 2 root root 4096 514 23:19 /opt/my-ansible-test
[root@linux101 ~]# ansible all -a 'removes=/opt/my-ansible-test2 ls -dl /opt/my-ansible-test'
192.168.10.103 | SUCCESS | rc=0 >>
skipped, since /opt/my-ansible-test2 does not exist
192.168.10.102 | SUCCESS | rc=0 >>
skipped, since /opt/my-ansible-test2 does not exist
192.168.10.104 | SUCCESS | rc=0 >>
skipped, since /opt/my-ansible-test2 does not exist
192.168.10.102 | CHANGED | rc=0 >>
drwxr-xr-x. 2 root root 4096 514 23:19 /opt/my-ansible-test
192.168.10.104 | CHANGED | rc=0 >>
drwxr-xr-x. 2 root root 4096 514 23:19 /opt/my-ansible-test
192.168.10.103 | CHANGED | rc=0 >>
drwxr-xr-x. 2 root root 4096 514 23:19 /opt/my-ansible-test
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

目录存在则执行

[root@linux101 ~]# ansible all -a 'removes=/opt/my-ansible-test ls -dl /opt/my-ansible-test'
192.168.10.102 | CHANGED | rc=0 >>
drwxr-xr-x. 2 root root 4096 514 23:19 /opt/my-ansible-test
192.168.10.103 | CHANGED | rc=0 >>
drwxr-xr-x. 2 root root 4096 514 23:19 /opt/my-ansible-test
192.168.10.104 | CHANGED | rc=0 >>
drwxr-xr-x. 2 root root 4096 514 23:19 /opt/my-ansible-test
[root@linux101 ~]# ansible all -a 'removes=/opt/my-ansible-test2 ls -dl /opt/my-ansible-test'
192.168.10.103 | SUCCESS | rc=0 >>
skipped, since /opt/my-ansible-test2 does not exist
192.168.10.102 | SUCCESS | rc=0 >>
skipped, since /opt/my-ansible-test2 does not exist
192.168.10.104 | SUCCESS | rc=0 >>
skipped, since /opt/my-ansible-test2 does not exist
1
2
3
4
5
6
7
8
9
10
11
12
13
14

示例3 查看分区

[root@linux101 ~]# ansible all -a 'df -h'
1

# shell

和command相似,用shell执行命令

使用shell可以执行command模块中不能使用的特殊符号

[root@linux101 ~]# ansible all -m shell -a 'echo $HOSTNAME'
192.168.10.103 | CHANGED | rc=0 >>
linux103
192.168.10.102 | CHANGED | rc=0 >>
linux102
192.168.10.104 | CHANGED | rc=0 >>
linux104
1
2
3
4
5
6
7

调用bash执行命令 类似 cat /tmp/stanley.md | awk -F'|' '{print $1,$2}' &> /tmp/example.txt 这些复杂命令,即使使用shell也可能会失败,解决办法:写到脚本时,copy到远程执行,再把需要的结果拉回执行命令的机器

可以修改ansible的配置文件,使shell作为默认模块

vim /etc/ansible/ansible.cfg
module_name = shell
1
2

示例1

ansible all -m shell  -a 'getenforce'  查看SELINUX状态
ansible all -m shell  -a "sed -i 's/SELINUX=.*/SELINUX=disabled' /etc/selinux/config"
ansible srv -m shell -a 'echo magedu |passwd –stdin wang'
1
2
3

示例2

[root@linux101 ~]# ansible 192.168.10.102 -m shell -a 'ls /opt'
192.168.10.102 | CHANGED | rc=0 >>
apache-zookeeper-3.5.9-bin.tar.gz
jdk-8u212-linux-x64.tar.gz
kafka_2.12-3.0.0.tgz
module
my-ansible-test
rh

[root@linux101 ~]# ansible 192.168.10.102 -m shell -a 'rm -rf  /opt/my-ansible-test'
[WARNING]: Consider using the file module with state=absent rather than running 'rm'.  If you need to use
command because file is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.10.102 | CHANGED | rc=0 >>
1
2
3
4
5
6
7
8
9
10
11
12
13
14

# script

在远程主机上运行ansible服务器上的脚本

使用 ansible-doc script查看使用帮助文档,可参考帮助文档的EXAMPLE

常用参数

  • --some-arguments 给sh脚本传递参数

示例 创建执行脚本

[root@linux101 opt]# vim ansible-test.sh

#!/bin/bash
hostname
[root@linux101 opt]# chmod +x ansible-test.sh
[root@linux101 opt]# sh ansible-test.sh 
linux101
1
2
3
4
5
6
7

使用script执行

[root@linux101 ~]# ansible all -m script -a '/opt/ansible-test.sh'
192.168.10.103 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.10.103 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to 192.168.10.103 closed."
    ], 
    "stdout": "linux103\r\n", 
    "stdout_lines": [
        "linux103"
    ]
}
192.168.10.102 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.10.102 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to 192.168.10.102 closed."
    ], 
    "stdout": "linux102\r\n", 
    "stdout_lines": [
        "linux102"
    ]
}
192.168.10.104 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.10.104 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to 192.168.10.104 closed."
    ], 
    "stdout": "linux104\r\n", 
    "stdout_lines": [
        "linux104"
    ]
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

# copy

从主控端复制文件到远程主机

常用参数

  • src

    • 源文件
    • 指定拷贝文件的本地路径
    • 如果以 / 结尾,则拷贝整个路径下的所有文件

  • dest

    • 指定目标路径

  • mode

    • 设置权限

  • backup

    • 备份源文件,如果文件已经存在,进行备份操作

  • content

    • 代替src
    • 指定本机文件内容,生成目标主机文件

示例:先创建一个txt文件,然后拷贝到其他主机上

[root@linux101 opt]# ansible all -m copy -a 'src=/opt/helloansible.txt dest=/opt/ backup=yes'
192.168.10.102 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "checksum": "8689129d4dd7f38370086412eaca315ae9a45611", 
    "dest": "/opt/helloansible.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "486df049b1cbc6eb9724459369698794", 
    "mode": "0644", 
    "owner": "root", 
    "secontext": "system_u:object_r:usr_t:s0", 
    "size": 14, 
    "src": "/root/.ansible/tmp/ansible-tmp-1652579931.17-21255-124200668103281/source", 
    "state": "file", 
    "uid": 0
}
...
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

示例:如果目标存在,默认覆盖,此处指定先备份,同时可以设置mode和owner

ansible websrvs -m copy -a "src=/root/test1.sh dest=/tmp/test2.sh owner=wang mode=600 backup=yes"
1

示例:指定内容,直接生成目标文件

ansible websrvs -m copy -a "content='test content\nxxx' dest=/tmp/test.txt"
1

# fetch

从远程主机提取文件至主控端,copy相反,目前不支持目录,可以先打包,再提取文件 如抓取日志操作

查看说明 ansible-doc -s fetch

常用参数

  • dest
    • 将抓取的文件放在指定的目录下
    • 如:设置dest为 /backup,远端服务192.168.10.101机器上的/opt/hello.txt文件被抓取,则最终目录是/backup/192.169.10.101/opt/hello.txt
  • src
    • 只能是文件,不能是目录
    • 只能抓取单个文件

示例

[root@linux101 opt]# ansible all -m fetch -a 'src=/opt/helloansible.txt dest=/opt/ansible-fetch'
192.168.10.104 | CHANGED => {
    "changed": true, 
    "checksum": "8689129d4dd7f38370086412eaca315ae9a45611", 
    "dest": "/opt/ansible-fetch/192.168.10.104/opt/helloansible.txt", 
    "md5sum": "486df049b1cbc6eb9724459369698794", 
    "remote_checksum": "8689129d4dd7f38370086412eaca315ae9a45611", 
    "remote_md5sum": null
}
...
# 会生成每个被管理主机不同编号的目录,不会发生文件名冲突
[root@linux101 opt]# tree /opt/ansible-fetch/
/opt/ansible-fetch/
├── 192.168.10.102
│   └── opt
│       └── helloansible.txt
├── 192.168.10.103
│   └── opt
│       └── helloansible.txt
└── 192.168.10.104
    └── opt
        └── helloansible.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

示例:如果远程的文件很多,但是fetch只能抓取一个文件,可以先打包

ansible all -m shell -a 'tar jxvf test.tar.gz /root/test.sh'
ansible all -m fetch -a 'src=/root/test.tar.gz dest=/data/'
1
2

# file

设置文件属性

常用参数

  • path
    • 要管理的文件路径
    • 是dest 和 name的别名
    • 强制添加
  • recurse
    • 递归
    • 文件夹要用递归
  • src
    • 指定源目标
    • 创建硬链接,软链接,需要配合'state=link' 'state=hard'
  • state
    • 状态
    • link,hard,touch(创建文件),directory(创建文件夹),absent(删除操作)

示例:创建文件

[root@linux101 ~]# ansible 192.168.10.102 -m file -a 'path=/opt/file3.txt state=touch'
192.168.10.102 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "dest": "/opt/file3.txt", 
    "gid": 0, 
    "group": "root", 
    "mode": "0644", 
    "owner": "root", 
    "secontext": "unconfined_u:object_r:usr_t:s0", 
    "size": 0, 
    "state": "file", 
    "uid": 0
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

示例:删除文件 注意:在删除文件夹的时候,如果使用 /xx/* ,那么删除不了xx下的文件夹以及文件,直接使用/xx/即可

[root@linux101 ~]# ansible all -m file -a 'path=/opt/file2.txt state=absent'
1

示例:创建文件夹

[root@linux101 ~]# ansible all -m file -a 'path=/opt/file state=directory'
1

示例:设置权限

ansible websrvs -m file -a "path=/root/test.sh owner=wang mode=755"  设置权限755
1

示例:创建软链接

ansible websrvs -m file -a 'src=/data/testfile dest=/data/testfile-link state=link' 创建软链接
1

# hostname

管理主机名

示例:更改一个group的主机名

ansible appsrvs -m hostname -a "name=app.stt.com"
1

示例:更改单个主机名

ansible 192.168.38.103 -m hostname -a "name=app2.stt.com"
1

# cron

计划任务 支持时间:minute,hour,day,month,weekday

示例:创建任务

ansible websrvs -m cron -a 'minute=*/5 job=""/usr/sbin/ntpdate 172.16.0.1 &>/dev/null" name=Synctime'
1

示例:删除任务

ansible websrvs -m cron -a 'state=absent name=Synctime'
1

示例:注释任务,不再生效,必须添加name;如果启用则设置disabled=no,或者disabled=false

ansible websrvs -m cron -a 'minute=*/10 job="/usr/sbin/ntpdate 172.30.0.100" name=synctime disabled=yes'
1

注意:在命令中的job如果包含多个参数,含有空格,那么job=后面需要用双引号括起来

# yum

安装的前提是其他机器都安装了yum以配置了相同的数据源

示例:查看程序列表

# 依据名称查询
ansible websrvs -m yum -a 'list=httpd'
# 依据状态查询
ansible all -m yum -a 'list=installed'
1
2
3
4

示例:安装,state默认present

ansible websrvs -m yum -a 'name=httpd state=present'
1

示例:卸载,可以使用state=absent 或 state=removed

ansible websrvs -m yum -a 'name=httpd state=absent'
1

示例:安装多个包

ansible all -m yum -a 'name=vsftpd,memcached,httpd'
1

示例:卸载多个

ansible all -m yum -a 'name=vsftpd,memcached,httpd state=absent'
1

示例:安装本地的rpm包

ansible all -m yum -a 'name=/root/vsftpd-3.0.2-22.e17.x86_64.rpm'
# 禁用gpg check
ansible all -m yum -a 'name=/root/vsftpd-3.0.2-22.e17.x86_64.rpm disable_gpg_check=yes'
1
2
3

示例:更新某个软件的yum缓存,再安装

ansible all -m yum -a 'name=dstat update_cache=yes'
1

# service

服务管理

常用参数

  • arguments
    • 可选参数
  • enabled
    • 设置是否开机启动
  • name
    • 服务名称
  • state
    • stopped,reloaded,restarted,started

示例:停止服务

ansible all -m service -a 'name=httpd state=stopped'
1

示例:启动服务,并设置为开机启动

ansible all -m service -a 'name=httpd state=started enabled=yes'
1

示例:重新加载

ansible all -m service -a 'name=httpd state=reloaded'
1

示例:重启服务

ansible all -m service -a 'name=httpd state=restarted'
1

# user

管理用户

常用参数

  • home
    • 指定家目录路径
  • system
    • 指定系统账号
  • group
    • 指定组
  • groups
    • 指定辅助组
  • remove
    • 清除账户,删除夹目录
  • shell
    • 指定shell类型
  • comment
    • 描述
  • state
    • 与上诉其他命令一致
    • 默认present,创建

示例:增加用户user1,主组是root,home目录是/app/user1,指定uid

ansible websrvs -m user -a 'name=user1 comment="test user" uid=2048 home=/app/user1 group=root'
1

示例:增加系统用户 system=yes

ansible websrvs -m user -a 'name=sysuser1 system=yes home=/app/sysuser1'
1

示例:清空用户所有数据,包含家目录文件夹数据

ansible websrvs -m user -a 'name=user1 state=absent remove=yes'
1

示例:创建用户

ansible websrvs -m user -a 'name=app uid=88 system=yes home=/app groups=root,bin shell=/sbin/nologin password="$1$zfVojmPy$ZILcvxnXljvTI2PhP2Iqv1"'
1

示例:删除账户,但不删除家目录

ansible websrvs -m user -a 'name=app state=absent'
1

# group

用户组管理

常用参数

  • name
  • state,默认present
  • system,是否是系统组
  • gid,组id

示例:创建组

ansible all -m group -a 'name=testgroup system=yes gid=80'
1

示例:删除组

ansible all -m group -a 'name=testgroup state=absent'
1

# unarchive 解包解压缩

解包解压缩

使用方法

  • 将ansible主机上的压缩包传到远程主机后解压缩至特定目录,设置copy=yes
  • 将远程主机上的某个压缩包解压缩到指定路径下,设置copy=no

常见参数

  • copy

    • 默认yes
    • 当copy=yes时,拷贝的文件是从ansible主机复制到远程主机上
    • 当copy=no时,在远程主机上寻找src源文件

  • src

    • 源路径
    • 是ansible主机上的路径,或者是远程主机上的路径
    • 如果是远程主机上的路径,则需要设置copy=no

  • dest

    • 远程主机上的目标路径

  • mode

    • 设置解压缩后的文件权限

示例:默认copy为yes ,将本机目录文件解压到目标主机对应目录下

ansible websrvs -m unarchive -a 'src=foo.tgz dest=/var/lib/foo'
1

示例:解压被管理主机的foo.zip到data目录下, 并设置权限777

ansible websrvs -m unarchive -a 'src=/tmp/foo.zip dest=/data copy=no mode=0777'
1

示例:从网络上下载并解压,注意copy=no

 ansible websrvs -m unarchive -a 'src=https://example.com/example.zip dest=/data copy=no'
1

# archive 打包压缩

常用参数

  • path,指定路径
  • dest,指定目标文件
  • format,指定打包格式
  • owner,指定所属者
  • mode,设置权限

示例

ansible all -m archive -a 'path=/etc/sysconfig dest=/data/sysconfig.tar.bz2 format=bz2 owner=wang mode=0777'
1
Last Updated: 2022/05/22, 12:42:00
基础命令
简单介绍

简单介绍

Theme by Vdoing | Copyright © 2021-2022 Shetengteng | MIT License