[Ansible专栏]Ansible常用模块介绍和使用
admin
2024-02-28 18:58:06
微信公众号:运维开发故事,作者:姜总
一、简介
前面我们介绍了,ansible能作为自动化配置管理,其实是由ansible的多种多样的模块来实现的。截止目前,ansible的模块已经高达3000+之多。但是个人在日常工作中,比较常见的大约20多个。下面我就大概介绍一些常见常用的模块。
二、invenroty清单文件
# cat /etc/ansible/hosts
[websrvs]
10.10.108.[30:33][dbsrvs]
10.10.108.30[appsrvs]
10.10.108.[30:33]三、常用模块
3.1 ping 模块
ping模块执行成功后,会给你返回绿色的消息,并且有一个pong响应。all代表所有被管理的主机。
[root@ayunw ansible-example]# ansible dbsrvs -m ping
10.10.108.30 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"ping": "pong"
}[root@ayunw ansible-example]# ansible all -m ping
10.10.108.30 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"ping": "pong"
}
10.10.108.32 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"ping": "pong"
}
10.10.108.31 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"ping": "pong"
}
10.10.108.33 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"ping": "pong"
}3.2 command 模块
因为ansible的默认模块是command,所以这里可以使用 -m 指定模块名 command,也可以直接省略。
[root@ayunw ansible-example]# ansible dbsrvs -m command -a "free -m"
10.10.108.30 | CHANGED | rc=0 >>total used free shared buff/cache available
Mem: 7821 395 7110 16 314 7179
Swap: 4095 0 4095[root@ayunw ansible-example]# ansible dbsrvs -a "free -m"
10.10.108.30 | CHANGED | rc=0 >>total used free shared buff/cache available
Mem: 7821 395 7111 16 314 7179
Swap: 4095 0 40953.3 shell模块
shell模块和command模块比较类似,但是shell被大家称为万能模块,很多操作command不支持,但是shell却支持。注意最后一种情况shell模块也是不支持的。但是可以将命令写在一个脚本,将脚本拷贝到远端执行,然后执行shell模块获取结果。
[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "touch /tmp/a.txt"
[WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is insufficient you can add 'warn: false' to
this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
10.10.108.30 | CHANGED | rc=0 >>[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "ls -al /tmp/ | grep 'a.txt'"
10.10.108.30 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 0 Aug 9 09:37 a.txt[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "ls -al /tmp/ | grep "a.txt""
10.10.108.30 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 0 Aug 9 09:37 a.txt# 会报错,shell万能模块也不支持这种方式
[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "cat /etc/passwd |awk -F ':' '{print $1,$3}' >> /tmp/pwd.txt"
10.10.108.30 | FAILED | rc=1 >>
awk: cmd. line:1: {print ,}
awk: cmd. line:1: ^ syntax error
awk: cmd. line:1: {print ,}
awk: cmd. line:1: ^ syntax error
awk: cmd. line:1: {print ,}
awk: cmd. line:1: ^ unexpected newline or end of stringnon-zero return code注意: 你可能会注意到上面出现了WARNING警告。这不是报错,它只是告诉你,应该选择file模块进行创建文件的操作会更好,而不是使用shell模块操作。当然它还告诉你可以在ansible.cfg配置文件中设置command_warnings=False以关闭警告。
3.4 copy 模块
从ansible管理节点拷贝文件到远程主机。
[root@ayunw ansible-example]# cat getPasswd.sh
#!/bin/bash
# -*- Author -*- : ayunwcat /etc/passwd |awk -F ':' '{print $1}'[root@ayunw ansible-example]# ansible dbsrvs -m copy -a "src=getPasswd.sh dest=/usr/local/src/ mode=0755 owner=root group=root"
10.10.108.30 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": true,"checksum": "ce9c09f15cb6f62b550f819276d06b0e6cd59110","dest": "/usr/local/src/getPasswd.sh","gid": 0,"group": "root","mode": "0755","owner": "root","path": "/usr/local/src/getPasswd.sh","secontext": "system_u:object_r:usr_t:s0","size": 54,"state": "file","uid": 0
}# 默认目标节点存在文件会覆盖,所以最好设置 backup=yes
[root@ayunw ansible-example]# ansible dbsrvs -m copy -a "src=getPasswd.sh dest=/usr/local/src/ mode=0755 owner=root group=root backup=yes"[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "ls -al /tmp/ | grep 'getPasswd.sh'"
10.10.108.30 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 54 Aug 9 09:50 getPasswd.sh[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "cat /tmp/getPasswd.sh"
10.10.108.30 | CHANGED | rc=0 >>
#!/bin/bashcat /etc/passwd |awk -F ':' '{print $1}'[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "bash /usr/local/src/getPasswd.sh"
10.10.108.30 | CHANGED | rc=0 >>
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
operator
games
ftp
nobody
systemd-network
dbus
polkitd
sshd
postfix# 拷贝目录下所有文件到远程,不包括目录本身。文件多了以后,速度会非常慢
[root@ayunw ansible-example]# ansible dbsrvs -m copy -a "src=/etc/ansible/ dest=/opt/"
10.10.108.30 | CHANGED => {"changed": true,"dest": "/opt/","src": "/etc/ansible/"
}3.5 fetch 模块
从远程主机获取文件到ansible管理节点,但是不支持目录操作
[root@ayunw ansible-example]# ansible dbsrvs -m fetch -a "src=/etc/yum.repos.d/epel.repo dest=/usr/local/src"
10.10.108.30 | CHANGED => {"changed": true,"checksum": "2feedd589b72617f03d75c4b8a6e328cc1aad918","dest": "/usr/local/src/10.10.108.30/etc/yum.repos.d/epel.repo","md5sum": "bddf35db56cf6be9190fdabeae71c801","remote_checksum": "2feedd589b72617f03d75c4b8a6e328cc1aad918","remote_md5sum": null
}[root@ayunw ansible-example]# ls -al /usr/local/src/10.10.108.30/etc/yum.repos.d/
total 4
drwxr-xr-x. 2 root root 23 Aug 11 15:05 .
drwxr-xr-x. 3 root root 25 Aug 11 15:05 ..
-rw-r--r--. 1 root root 664 Aug 11 15:05 epel.repo3.6 file 模块
# 创建软连接
[root@ayunw ansible-example]# ansible test -m file -a 'src=/etc/passwd path=/tmp/passwd.link state=link'# 查看刚创建的/tmp下的软连接
[root@ayunw ansible-example]# ansible all -m shell -a 'ls -l /tmp/passwd.link'# 创建文件。如果文件已经存在,则会更新文件的时间戳
[root@ayunw ansible-example]# ansible all -m file -a 'name=d.txt state=touch'# 删除文件
[root@ayunw ansible-example]# ansible test -m file -a 'path=/tmp/cc.txt state=absent'# 创建目录(可以递归创建,直接加上文件名即可)
# 如果state=directory,那么如果目录不存在,那么所有的子目录将被创建(而且提供权限的创建),如果目录# 已经存在,则不进行任何操作。如果state=file,文件将不会被创建
[root@ayunw ansible-example]# ansible test -m file -a 'path=/tmp/bj state=directory'# 删除目录(可以递归删除,无需任何参数,直接加上)
[root@ayunw ansible-example]# ansible test -m file -a 'path=/tmp/bj state=absent'# 修改文件权限等属性
[root@ayunw ansible-example]# ansible test -m file -a 'path=/tmp/bb.txt mode=700 owner=root group=root'# 递归授权目录权限
ansible dbsrvs -m file -a "path=/data owner=bgx group=bgx recurse=yes"3.7 hostname 模块
管理远程主机上的主机名
# 查看主机名
[root@ayunw ansible-example]# ansible test -m shell -a 'hostname'# 更改主机名
[root@ayunw ansible-example]# ansible test -m hostname -a 'name=master'3.8 yum 模块
# 安装一个httpd服务,默认安装最新版
# 使用state=present来安装,多个包用','分割
[root@ansible-server ~]# ansible dbsrvs -m yum -a 'name=httpd'[root@ayunw ansible-example]# ansible test -m yum -a 'name=httpd state=present'# 检查是否安装成功
[root@ansible-server ~]# ansible dbsrvs -a 'rpm -qi httpd'3.9 cron 模块
# 创建计划任务
[root@ayunw ansible-example]# ansible test -m cron -a 'minute=*/5 name=Ajob job="/usr/sbin/ntpdate 172.16.8.100 &> /dev/null" state=present'
[root@ayunw ansible-example]# ansible dbsrvs -m cron -a "minute=* hour=* day=* month=* weekday=* job='/bin/sh test.sh'"
[root@ayunw ansible-example]# ansible dbsrvs -m cron -a "job='/bin/sh /server/scripts/test.sh'"# 设置定时任务注释信息,防止重复,name设定
ansible dbsrvs -m cron -a "name='cron01' job='/bin/sh /server/scripts/test.sh'"# 注释相应定时任务,使定时任务失效
ansible dbsrvs -m cron -a "name='ansible cron01' minute=0 hour=0 job='/bin/sh test.sh' disabled=yes"# 删除相应定时任务(怎么创建的就要怎么删除)
[root@ayunw ansible-example]# ansible test -m cron -a 'minute=*/5 name=Ajob job="/usr/sbin/ntpdate 172.16.8.100 &> /dev/null state=absent"'# 查看计划任务
[root@ayunw ansible-example]# ansible test -m shell -a "crontab -l"
172.16.20.115 | SUCCESS | rc=0 >>
#Ansible: Ajob
*/5 * * * * /usr/sbin/ntpdate 172.16.8.100 &> /dev/null # 删除任务计划
[root@ayunw ansible-example]# ansible test -m shell -a "crontab -r"3.10 service 模块
用来管理服务器上的服务
# 利用ansible的yum模块安装一个nginx
[root@ayunw ansible-example]# ansible test -m yum -a 'name=nginx state=present'# 启动nginx
[root@ayunw ansible-example]# ansible test -m shell -a '/etc/init.d/nginx start'# 或者利用ansible的service模块(推荐)
[root@ayunw ansible-example]# ansible test -m service -a 'name=nginx state=started'# 查看状态
[root@ayunw ansible-example]# ansible test -m shell -a 'service nginx status'[WARNING]: Consider using service module rather than running service# 停止nginx服务
[root@ayunw ansible-example]# ansible test -m service -a 'name=nginx state=stopped'
[root@ayunw ansible-example]# ansible test -m shell -a 'service nginx status'[WARNING]: Consider using service module rather than running service[root@ayunw ansible-example]# ansible test -m service -a 'name=nginx state=started enabled=yes runlevel=2345'[root@ayunw ansible-example]# ansible test -m shell -a 'chkconfig --list nginx'3.11 group 模块
用于添加远程主机上的组
[root@ayunw ansible-example]# ansible test -m group -a 'name=hr gid=2000 state=present'3.12 user 模块
管理远程主机上的用户的账号
# 创建用户指定uid和gid,不创建家目录也不允许登陆
ansible dbsrvs -m user -a "name=ayunw uid=888 group=888 shell=/sbin/nologin create_home=no"
[root@ayunw ansible-example]# ansible dbsrvs -m user -a 'name=martin group=hr groups=root uid=500 shell=/bin/bash home=/home/martin comment="martin user"'# 删除用户
[root@ayunw ansible-example]# ansible dbsrvs -m user -a 'name=martin state=absent remove=yes'# 给新创建的用户生成ssh密钥对
ansible dbsrvs -m user -a "name=oo uid=6677 group=adm generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa" -i ./hosts# 将明文密码进行hash加密,然后进行用户创建
ansible dbsrvs -m debug -a "msg={{ '123456' | password_hash('sha512', 'salt') }}"3.13 setup 模块
可收集远程主机的facts变量的信息,相当于收集了目标主机的相关信息(如内核版本、操作系统信息、cpu、…),保存在ansible的内置变量中,之后我们有需要用到时,直接调用变量即可.这在ansible-playbook 中很有用。
[root@ayunw ansible-example]# ansible dbsrvs -m setup# 使用setup获取ip地址以及主机名使用filter过滤
ansible dbsrvs -m setup -a 'filter=ansible_default_ipv4'
# 获取内存信息
ansible dbsrvs -m setup -a 'filter=ansible_memory_mb'# 获取主机名
ansible dbsrvs -m setup -a 'filter=ansible_nodename'# 仅显示与ansible相关的内存信息
ansible dbsrvs -m setup -a 'filter=ansible_*_mb'3.14 authorized_key模块
为特定的用户账号添加或删除 SSH authorized keys
# 方法一
ansible web -m authorized_key -a "user=root key='{{lookup('file','/root/.ssh/id_rsa.pub')}}' path=/root/.ssh/authorized_keys manage_dir=no"# 方法二、vim pub_ssh_key.yml
---
- hosts: websremote_user: osmgrbecome: yesbecome_user: rootbecome_method: sudotasks:- name: deliver authorized_keysauthorized_key: user: osmgrkey: "{{ lookup('file', '/home/osmgr/.ssh/id_rsa.pub') }}"state: presentansible-playbook pub_ssh_key.yml3.15 synchronize 模块
使用rsync 模块,系统必须安装rsync 包,否则无法使用这个模块
ansible dbsrvs -m shell -a 'yum -y install rsync'ansible web -m synchronize -a 'src=time.sh dest=/tmp/'3.16 lineinfile 模块
正则匹配,更改某个关键参数值。比如这里修改SELINUX的值
ansible dbsrvs -a 'cat /etc/selinux/config | grep ^SELINUX=' ansible dbsrvs -m shell -a 'cat /etc/selinux/config|grep "^SELINUX="'
10.10.108.30 | CHANGED | rc=0 >>
SELINUX=enforcing# 通过lineinfifle模块修改SELinux的配置信息,改为disable
ansible dbsrvs -m lineinfile -a "path=/etc/selinux/config regexp='^SELINUX=' line='SELINUX=disabled'"# 或者是使用ansible-playbook
vim set_selinux_disable.yml
---
- hosts: dbsrvstasks:- name: seline modify enforcinglineinfile:dest: /etc/selinux/configregexp: '^SELINUX='line: 'SELINUX=enforcing'# 删除/etc/fstab文件中以#号开头的行
ansible dbsrvs -m lineinfile -a "dest=/etc/fstab state=absent regexp='^#'"3.17 replace 模块
和 sed 命令比较类似,用于正则匹配和替换
# 查看远端节点的 /etc/fstab 源文件
[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "cat /etc/fstab"
10.10.108.30 | CHANGED | rc=0 >>#
# /etc/fstab
# Created by anaconda on Tue Jul 5 14:09:37 2022
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=c47c20e8-8ed5-4d86-9209-f0e8876bb9e6 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0# 使用replace模块
[root@ayunw ansible-example]# ansible dbsrvs -m replace -a "path=/etc/fstab regexp=^(UUID.*) replace='#\1'"
10.10.108.30 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": true,"msg": "1 replacements made"
}# 查看结果
[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "cat /etc/fstab"
10.10.108.30 | CHANGED | rc=0 >>#
# /etc/fstab
# Created by anaconda on Tue Jul 5 14:09:37 2022
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
#UUID=c47c20e8-8ed5-4d86-9209-f0e8876bb9e6 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0# 将注释的UUID信息恢复
ansible dbsrvs -m replace -a "path=/etc/fstab regexp='^#(.*)' replace='\1'"[root@ayunw ansible-example]# ansible dbsrvs -m shell -a "cat /etc/fstab"
10.10.108.30 | CHANGED | rc=0 >>/etc/fstabCreated by anaconda on Tue Jul 5 14:09:37 2022Accessible filesystems, by reference, are maintained under '/dev/disk'See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info/dev/mapper/centos-root / xfs defaults 0 0
UUID=c47c20e8-8ed5-4d86-9209-f0e8876bb9e6 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0参数说明:
- \1:表示引用前面的小括号内容
温馨提示
一名常年穿梭于Google、阿里、百度、腾讯的一线运维从业者。是<<运维开发故事>>公众号的成员之一。不定期分享技术干货和对技术的理解与感悟。
上一篇:Go语言 映射(Map)
相关内容
热门资讯
U23国足获亚洲杯亚军 现场球...
央广网北京1月25日消息(记者王昆鹏)北京时间1月24日23时,2026年亚足联U23亚洲杯决赛在沙...
福州“一网通办”再升级 政务服...
福州市政务服务中心多举措服务市场主体 “一网通办”再升级 政务服务提效能 一网通办、并联快办,让...
兰州大学有哪些专业和学院及院系...
兰州大学有哪些专业和学院及院系排名经济学类经济学国际经济与贸易统计学金融学理学类应用气象学信息与计算...
兰州大学大一新生怎么转换专业及...
兰州大学大一新生怎么转换专业及入学考试兰州大学本科人才培养基地招生简介一、人才培养基地基本情况为了加...
材料化学专业就业前景,就业方向...
材料化学专业就业方向与就业前景分析 材料化学是材料学的一个分支,研究新型材料在制备,生产,应用...