Ansible常用模块
本文已参与「新人创作礼」活动,一起开启掘金创作之路。
1. ping模块
ping模块用于检查指定节点能否连通,主机如果在在线则回复pong
[root@node1 ~]# ansible all -m ping
192.168.100.110 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
2. command模块
command模块适合在受管主机上执行简单的命令
[root@node1 ~]# ansible all -m command -a 'ls'
192.168.100.110 | CHANGED | rc=0 >>
1
2
3
4
5
anaconda-ks.cfg
command不支持管道符和重定向功能
[root@node1 ~]# ansible all -m command -a 'echo "ktm" > /opt/abc'
192.168.100.110 | CHANGED | rc=0 >>
ktm > /opt/abc //这里可以看到已经将ktm写入/opt/abc文件
[root@node1 ~]# ansible all -m command -a 'cat /opt/abc'
192.168.100.110 | FAILED | rc=1 >> cat: /opt/abc: No such file or directorynon-zero return code
//opt下没有生成abc文件,前面的写入也就不生效
3. raw模块
raw模块用于在受管主机上执行命令,支持管道符和重定向功能
//支持重定向
[root@node1 ~]# ansible all -m raw -a 'echo "ktm" > /tmp/test'
192.168.100.110 | CHANGED | rc=0 >>
Shared connection to 192.168.100.110 closed.
[root@node1 ~]# ansible all -a 'cat /tmp/test'
192.168.100.110 | CHANGED | rc=0 >>
ktm
//支持管道符
[root@node1 ~]# ansible all -m raw -a 'ls /tmp | grep test'
192.168.100.110 | CHANGED | rc=0 >>
test
Shared connection to 192.168.100.110 closed.
4. shell模块
shell模块可以在受管主机上执行受管主机上的脚本,也可以直接在受管主机上执行命令
shell模块支持管道符与重定向
[root@node1 ~]# ansible all -a 'ls /opt'
192.168.100.110 | CHANGED | rc=0 >>
1.sh
[root@node1 ~]# ansible all -m shell -a '/bin/bash /opt/1.sh %> /opt/abc'
192.168.100.110 | CHANGED | rc=0 >>
[root@node1 ~]# ansible all -a 'cat /opt/abc'
192.168.100.110 | CHANGED | rc=0 >>
hello
4.1 command、raw、shell模块的区别
| 模块 | 用途 | 特点 |
|---|---|---|
| command | 均用于执行shell模块 | command不可以使用环境变量,也支持变量操作符,相对shell安全一些 |
| raw | 均用于执行shell模块 | 被执行机器上没安装python环境也可以执行,直接使用shell |
| shell | 均用于执行shell模块 | 可以使用环境变量,也可使用管道符和重定向 |
三者均不具备幂等性,如果有可以替代的模块尽量不要使用这三个模块
5. script模块
script模块用于在受管主机上执行ansible主机上的脚本,也就是说脚本一直存在ansible主机本地,不需要手动拷贝到受管主机上去执行
[root@node1 ~]# ls /opt/
test.sh
[root@node1 ~]# ansible all -m script -a '/opt/test.sh &> /tmp/a'
192.168.100.110 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.100.110 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.100.110 closed."
],
"stdout": "",
"stdout_lines": []
}
//查看受管主机上的/tmp/a文件的内容
[root@node1 ~]# ansible all -a 'cat /tmp/a'
192.168.100.110 | CHANGED | rc=0 >>
test
6. template模块
template模块用于生成一个模板,并可将其传输至受管主机上
常用参数:
| 参数名 | 是否必须 | 默认值 | 选项 | 说明 |
|---|---|---|---|---|
| src | yes | 本地jinjia2模板的template文件位置 | ||
| dest | yes | 受管主机上的绝对路径,用于放置template文件 | ||
| group | no | 设置受管主机上的template文件属组 | ||
| owner | no | 设置受管主机上的template文件属主 | ||
| mode | no | 设置受管主机上的template文件权限 | ||
| backup | no | no | yes/no | 建立个包括timestamp在内的文件备份 |
[root@node1 ~]# ansible all -m template -a 'src=~/anaconda-ks.cfg dest=/tmp/hehe'
192.168.100.110 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "86a8c38b7fd4e874c73a8bc8a972f49ba2022649",
"dest": "/tmp/hehe",
"gid": 0,
"group": "root",
"md5sum": "5a256d883af78f577ac59bda06b49dfc",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 1181,
"src": "/root/.ansible/tmp/ansible-tmp-1626579420.3085837-3003-38466019728229/source",
"state": "file",
"uid": 0
}
//在受管主机上查看是否传输成功
[root@node2 ~]# ls /tmp/ |grep hehe
hehe
[root@node2 ~]# head -3 /tmp/hehe
#version=RHEL8
# Use graphical install
graphical
//和ansible主机对比一下看文件内容有没有发生变化
[root@node1 ~]# head -3 ~/anaconda-ks.cfg
#version=RHEL8
# Use graphical install
graphical
7. yum模块
yum模块用于在受管主机上使用yum命令安装软件包
yum模块的常用参数有两个:
- name:要管理的包名
- state:要进行的操作
state参数常用的值:
- latest:安装软件
- installed:安装软件
- present:安装软件
- removed:卸载软件
- absent:卸载软件
使用yum模块前请先确保受管主机上yum源可用
//在受管主机上查看ftp服务是否安装
[root@node2 ~]# rpm -qa |grep vsftpd
[root@node2 ~]#
//在ansible主机上使用yum模块为受管主机安装ftp服务
[root@node1 ~]# ansible all -m yum -a 'name=vsftpd state=present '
192.168.100.110 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-34.el8.x86_64"
]
}
//再次在受管主机上查看ftp服务是否安装
[root@node2 ~]# rpm -qa |grep vsftpd
vsftpd-3.0.3-34.el8.x86_64
8. copy模块
copy模块用于将本地的文件拷贝到受管主机上
常用参数基本与template模块一致
[root@node1 ~]# ansible all -m copy -a 'src=/opt/test.sh dest=/opt/hehe'
192.168.100.110 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "6158b619238055c863a52d12f33466519ba77a86",
"dest": "/opt/hehe",
"gid": 0,
"group": "root",
"md5sum": "d4b29847ed4b828b7a06d8669437fc05",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 25,
"src": "/root/.ansible/tmp/ansible-tmp-1626581518.2205987-3105-158835320440523/source",
"state": "file",
"uid": 0
}
//查看一下是否将文件拷贝到受管主机
[root@node1 ~]# ansible all -a 'cat /opt/hehe'
192.168.100.110 | CHANGED | rc=0 >>
#!/bin/bash
echo "test"
9. group模块
group模块用于管理受管主机上的组
参数
- name:指定组的名称
- stat present|absent:指定组的状态
- gid:指定组的gid
创建一个名为test的组
//创建test组
[root@node1 ~]# ansible all -m group -a 'name=test state=present'
192.168.100.110 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 1001,
"name": "test",
"state": "present",
"system": false
}
//查看test组是否创建成功
[root@node1 ~]# ansible all -m raw -a 'cat /etc/group |grep test'
192.168.100.110 | CHANGED | rc=0 >>
test:x:1001:
Shared connection to 192.168.100.110 closed.
将test组的gid设置为2000
[root@node1 ~]# ansible all -m group -a 'name=test gid=2000'
192.168.100.110 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 2000,
"name": "test",
"state": "present",
"system": false
}
[root@node1 ~]# ansible all -m raw -a 'cat /etc/group |grep test'
192.168.100.110 | CHANGED | rc=0 >>
test:x:2000:
Shared connection to 192.168.100.110 closed.
删除test组
[root@node1 ~]# ansible all -m group -a 'name=test state=absent'
192.168.100.110 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "test",
"state": "absent"
}
[root@node1 ~]# ansible all -m raw -a 'cat /etc/group |grep test'
192.168.100.110 | FAILED | rc=1 >>
Shared connection to 192.168.100.110 closed.
non-zero return code
10. user模块
user模块主要用于远程批量创建用户信息
| 参数 | 选项/默认值 | 释义 |
|---|---|---|
| password | 指定密码 | |
| name | 指定用户名 | |
| uid | 指定用户uid | |
| group | 指定用户主要属于哪个组 | |
| groups | 指定用户属于哪个附加组信息 | |
| shell | /bin/bash 或 /sbin/nologin | 指定是否能够登录 |
| create_home | yes/no | 是否创建家目录信息 |
| home | 指定家目录创建在什么路径 默认/home |
password设置密码时不能使用明文方式,只能使用密文方式
可以给用户设置密码,还可以给用户修改密码
[root@node1 ~]# python3 //这里使用python环境先给密码加密
Python 3.6.8 (default, Dec 3 2020, 18:11:24)
[GCC 8.4.1 20200928 (Red Hat 8.4.1-1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt
>>> crypt.crypt('123456')
'$6$VhH3wY5ue6C.40aL$OzBiBs19nMbQZCnNnKXY5cPemxJSPlt2C1JP.XxAyegC.3Lyn1XnneHE2rJ7iGkaKXBe.8TBKo8KHP4wUSAsH/' //得到加密后的密码
>>> exit()
[root@node1 ~]# ansible all -m user -a 'name=test uid=1234 password="$6$VhH3wY5ue6C.40aL$OzBiBs19nMbQZCnNnKXY5cPemxJSPlt2C1JP.XxAyegC.3Lyn1XnneHE2rJ7iGkaKXBe.8TBKo8KHP4wUSAsH/"' //这里输入加密后的密码
192.168.100.110 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1234,
"home": "/home/test",
"name": "test",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1234
}
[root@node1 ~]#
//在node2中查看是否创建成功
[root@node2 ~]# id test
uid=1234(test) gid=1234(test) groups=1234(test)
11. service模块
service模块可以帮助我们管理受管主机上的服务
常用参数:
- name:用于指定需要操作的服务名称
- state:用于指定服务的状态
- enabled:用于指定是否将服务设置为开机启动项
//查看受管主机上的ftp服务是否启动
[root@node1 ~]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.100.110 | FAILED | rc=3 >>
unknownnon-zero return code
//启动ftp服务
[root@node1 ~]# ansible all -m command -a 'rpm -qa | grep vsftpd'
192.168.100.110 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "vsftpd",
"state": "started",
"status": {
......略
}
//查看受管主机上的ftp服务是否启动
[root@node1 ~]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.100.110 | CHANGED | rc=0 >>
active
12. lineinfile模块
lineinfile模块用于搜索文件中的某一行内容并确保该行存在或不存在
常用参数:
- path:必须参数。指定要操作的文件
- line:使用此参数指定文本内容
- regexp:使用正则表达式匹配对应的行,当替换文本时,如果有多行文本都能被匹配,则只有最后面被匹配到的那行文本才会被替换,当删除文本时,如果有多行文本都能被匹配,那么这些行都会被删除
- insertafter:当regexp不匹配文件中的任何行的时候,会将新行插入到其所指定的正则表达式匹配的行中最后一行的后面
//查看受管主机上/testdir/test文件的内容
[root@node2 ~]# cat /testdir/test
hello world
jjyy
hehe
tom
jerry
//查找tom这一行
[root@node1 ~]# ansible all -m lineinfile -a 'path=/testdir/test line=tom'
192.168.100.110 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": false,
"msg": ""
}
13. firewalld模块
firewalld模块用于在防火墙中添加或删除服务和端口
常用参数:
-
service:向防火墙添加/删除的服务名称,该服务必须在firewall-cmd --get-services可以查询到
-
permanent:保存策略,在下次启动时自动加载
-
state:必须参数,指定防火墙策略状态
- enable表示策略生效
- disable表示策略禁用
- present表示新建策略
- absent表示删除策略
-
port:指定防火墙配置的端口
-
zone:指定配置空间
-
rich_rule:富规则
-
source:指定从防火墙添加/删除的网段
-
interface:添加/删除出入防火墙的接口
允许访问http,永久生效
[root@node1 ~]# ansible all -m firewalld -a 'service=http permanent=yes state=enabled'
192.168.100.110 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Permanent operation, Changed service http to enabled"
}
允许80端口被访问,临时生效
[root@node1 ~]# ansible all -m firewalld -a 'port=80/tcp state=enabled'
192.168.100.110 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Non-permanent operation, Changed port 80/tcp to enabled"
}
