Ansible常见模块与使用方法

Ansible常见模块与使用方法

安装

使用extras仓库里面的最新的ansible包

ansible-2.4.1.0-1.el7.noarch

/etc/ansible #配置文件目录

/etc/ansible/ansible.cfg #主配置文件

/etc/ansible/hosts #定义被管理的客户端

/etc/ansible/roles #

主程序:

ansible

ansible-playbook

ansible-doc

vim /etc/ansible/hosts

## [webservers] #定义组名

## alpha.example.org

## beta.example.org

## 192.168.1.100

## 192.168.1.110

## www[001:006].example.com #如果组类拥有同样的命名规范,我们还可以展开

例子

[webserver]

172.18.25.51

172.18.25.52

[dbserver]

172.18.25.52

172.18.25.53

我们这里可以是所有被管控的机器都使用一样的密钥

[ root@node1 ~ ]# ssh-kengen -t rsa -P ”

[ root@node1 ~ ]# for i in 51 52 53 ;do ssh-copy-id -i ~/.ssh/id_rsa.pub

root@172.18.25.$i; done

然后手动尝试连接验证一下

ansible的简单使用格式:

ansible HOST-PATTERN -m MOD_NAME -a MOD_ARGS -f FORKS -C -u USERNAME -c CONNECTION

ansible的常用模块:

获取模块列表:

ansible-doc -l

command模块:在远程主机运行命令;

chdir=:执行命令前切换工作目录至指定的位置;

creates=/PATH/TO/SOMEFILE_OR_DIR:如果此处给定的文件或目录存在,则不执行命令;

removes=/PATH/TO/SOMEFILE_OR_DIR:如果此处给定的文件或目录不存在,则不执行命令;

意为:令此处给定的文件或目录存在时方执行命令;

例子:

[ root@node1 ~ ]# ansible webserver -m command -a “useradd ygl”

172.18.25.51 | SUCCESS | rc=0 >>

172.18.25.52 | SUCCESS | rc=0 >>

shell模块:在远程主机在shell进程下运行命令,支持shell特性,如管道等;

chdir=:执行命令前切换工作目录至指定的位置;

creates=/PATH/TO/SOMEFILE_OR_DIR:如果此处给定的文件或目录存在,则不执行命令;

removes=/PATH/TO/SOMEFILE_OR_DIR:如果此处给定的文件或目录不存在,则不执行命令;

意为:令此处给定的文件或目录存在时方执行命令;

executable=/PATH/TO/SHELL:指定运行命令使用的shell解释器;

例子:

[ root@node1 ~ ]# ansible webserver -m shell -a “echo 123 | passwd –stdin ygl”

172.18.25.51 | SUCCESS | rc=0 >>

更改用户 ygl 的密码 。

passwd:所有的身份验证令牌已经成功更新。

172.18.25.52 | SUCCESS | rc=0 >>

更改用户 ygl 的密码 。

passwd:所有的身份验证令牌已经成功更新。

group模块:管理组账号

*name=

state= #present 创建 #absent 删除

system= #是否是系统账号

gid=

例子:

[ root@node1 ~ ]# ansible webserver -m group -a “name=haproxy system=yes state=present”

172.18.25.52 | SUCCESS => {

“changed”: true,

“failed”: false,

“gid”: 993,

“name”: “haproxy”,

“state”: “present”,

“system”: true

}

172.18.25.51 | SUCCESS => {

“changed”: true,

“failed”: false,

“gid”: 993,

“name”: “haproxy”,

“state”: “present”,

“system”: true

}

[ root@node1 ~ ]# ansible webserver -m group -a “name=haproxy system=yes state=absent”

172.18.25.52 | SUCCESS => {

“changed”: true,

“failed”: false,

“name”: “haproxy”,

“state”: “absent”

}

172.18.25.51 | SUCCESS => {

“changed”: true,

“failed”: false,

“name”: “haproxy”,

“state”: “absent”

}

user模块:管理用户账号

[ root@node1 ~ ]# ansible-doc -s user

如果后面接受里面有(required)表示必须要写的,不可省略。

*name=

system=

uid=

shell=

group=

groups= #附加主

comment= #注释

home=

generate_ssh_key= ture/false#是否生成一个ssh_key密钥

local=

例子:

#创建tom用户,同名所属组,附加组为haproxy,uid为3000

shell是tcsh,并且生成ss_key.

[ root@node1 ~ ]# ansible webserver -m user -a “name=tom groups=haproxy state=present uid=3000 shell=/bin/tcsh generate_ssh_key=true”

172.18.25.51 | SUCCESS => {

“changed”: true,

“comment”: “”,

“createhome”: true,

“failed”: false,

“group”: 3000,

“groups”: “haproxy”,

“home”: “/home/tom”,

“name”: “tom”,

“shell”: “/bin/tcsh”,

“ssh_fingerprint”: “2048 58:f3:82:5f:c6:cb:c4:e0:96:0e:61:9c:63:5f:5f:2d ansible-generated on node1 (RSA)”,

“ssh_key_file”: “/home/tom/.ssh/id_rsa”,

“ssh_public_key”: “ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo9QnI4Q2S5WNjJ7Spj5jwYeLtH8v3JNiG+y1Oj+Qsnbc/AR6hs3tAMEDUW8MkUXqJT8QUwhAxugB5jdl2y4Yc4Y/s2tQ5PS+N2h6/N56xMQyrVqh26RF+yTEHc3LJhUM/cdHEJrnBFvV9h+S6IaxEOHL/mCzXJ46tPTvorIpkPWyvkfjqdGwyac4GGbcFmPa2GXiO0WuIADdK/GTFHTAyq+r3SisYTNDuGFWMl0HCXKujbQhsEwrPvlHfPH9nnuKp5C+4c7mZ8BMyk3MQgbu/0eI3y51YOC3yi/4eVdEYc6AxE8ifcHkjjTSGudifF7vhlBIoYvzbvey8wf4Tct5D ansible-generated on node1”,

“state”: “present”,

“system”: false,

“uid”: 3000

}

172.18.25.52 | SUCCESS => {

“changed”: true,

“comment”: “”,

“createhome”: true,

“failed”: false,

“group”: 3000,

“groups”: “haproxy”,

“home”: “/home/tom”,

“name”: “tom”,

“shell”: “/bin/tcsh”,

“ssh_fingerprint”: “2048 97:0f:72:fd:fc:13:38:4a:fc:28:63:02:c4:f6:29:53 ansible-generated on node2 (RSA)”,

“ssh_key_file”: “/home/tom/.ssh/id_rsa”,

“ssh_public_key”: “ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXS6KtT6zPnFceO1TNLd1jVssT2419VdbL/2OC3LnALoqS0Dyb7ZSJEIocSgoGAVGmSg0JJTKgBf7aBM6agH44ZrZfTEn24C/4t83uRusVA9N8rnGhqOrTLn0U/Hrjdew7wXfnZaJmuoAyh2lQOESKrYflxWmA3z+RJwq5yQELTGGFpJq5cUYhXW13ItI2cxeDq5l9NJx/lOceNkjGXMtMLjtU0vKhaRudKaeXpLoxdHerVYdVVOvyjfHdRMycQRyfgLl+OivbmyfCx8far7JTWf4W+sSVTx/gh6nK2E/5jIGvrInDZWsvq/cePBGvU6S0Fv/MuW979b6VLaS8Te3 ansible-generated on node2”,

“state”: “present”,

“system”: false,

“uid”: 3000

}

修改的话,比如把uid改成4000,

但是像ssh_key这种已经生成了的,把true改成false的话,是不能删除掉之前的密钥的。

copy模块: Copies files to remote locations.

用法:

(1) src= dest=

(2) content= dest=

owner, group, mode

例子:使用用法(1)

[ root@node1 ~ ]# ansible all -m copy -a “src=test.txt dest=/tmp/ owner=daemon group=nobody mode=644”

172.18.25.52 | SUCCESS => {

“changed”: true,

“checksum”: “909b3eb9cf443e1fe007b9940910c1b5370157b6”,

“dest”: “/tmp/test.txt”,

“failed”: false,

“gid”: 99,

“group”: “nobody”,

“md5sum”: “b5ab68405ea7f38841f44964cac71a3a”,

“mode”: “0644”,

“owner”: “daemon”,

“size”: 31,

“src”: “/root/.ansible/tmp/ansible-tmp-1511897155.3-203125776259926/source”,

“state”: “file”,

“uid”: 2

}

172.18.25.51 | SUCCESS => {

“changed”: true,

“checksum”: “909b3eb9cf443e1fe007b9940910c1b5370157b6”,

“dest”: “/tmp/test.txt”,

“failed”: false,

“gid”: 99,

“group”: “nobody”,

“md5sum”: “b5ab68405ea7f38841f44964cac71a3a”,

“mode”: “0644”,

“owner”: “daemon”,

“size”: 31,

“src”: “/root/.ansible/tmp/ansible-tmp-1511897155.29-136104449376316/source”,

“state”: “file”,

“uid”: 2

}

172.18.25.53 | SUCCESS => {

“changed”: true,

“checksum”: “909b3eb9cf443e1fe007b9940910c1b5370157b6”,

“dest”: “/tmp/test.txt”,

“failed”: false,

“gid”: 99,

“group”: “nobody”,

“md5sum”: “b5ab68405ea7f38841f44964cac71a3a”,

“mode”: “0644”,

“owner”: “daemon”,

“size”: 31,

“src”: “/root/.ansible/tmp/ansible-tmp-1511897155.38-10083863563401/source”,

“state”: “file”,

“uid”: 2

}

使用用法(2)直接生成一些内容

[ root@node1 ~ ]# ansible all -m copy -a “content=’hello there \nhow are you’ dest=/tmp/test2.txt owner=daemon group=nobody mode=644”

172.18.25.53 | SUCCESS => {

“changed”: true,

“checksum”: “48ac9867d3152d279d7409b994356818ce61b54e”,

“dest”: “/tmp/test2.txt”,

“failed”: false,

“gid”: 99,

“group”: “nobody”,

“md5sum”: “65b97a6f52bed5bf307dd96ba01dfae0”,

“mode”: “0644”,

“owner”: “daemon”,

“size”: 24,

“src”: “/root/.ansible/tmp/ansible-tmp-1511897535.05-274804325591646/source”,

“state”: “file”,

“uid”: 2

}

172.18.25.52 | SUCCESS => {

“changed”: true,

“checksum”: “48ac9867d3152d279d7409b994356818ce61b54e”,

“dest”: “/tmp/test2.txt”,

“failed”: false,

“gid”: 99,

“group”: “nobody”,

“md5sum”: “65b97a6f52bed5bf307dd96ba01dfae0”,

“mode”: “0644”,

“owner”: “daemon”,

“size”: 24,

“src”: “/root/.ansible/tmp/ansible-tmp-1511897535.05-210909367052491/source”,

“state”: “file”,

“uid”: 2

}

172.18.25.51 | SUCCESS => {

“changed”: true,

“checksum”: “48ac9867d3152d279d7409b994356818ce61b54e”,

“dest”: “/tmp/test2.txt”,

“failed”: false,

“gid”: 99,

“group”: “nobody”,

“md5sum”: “65b97a6f52bed5bf307dd96ba01dfae0”,

“mode”: “0644”,

“owner”: “daemon”,

“size”: 24,

“src”: “/root/.ansible/tmp/ansible-tmp-1511897535.04-149048632090006/source”,

“state”: “file”,

“uid”: 2

}

fetch模块:Fetches a file from remote nodes

file模块: Sets attributes of files

用法:

(1) 创建链接文件:*path= src= state=link

(2) 修改属性:path= owner= mode= group=

(3) 创建目录:path= state=directory

注意:state属性的可用值

file, #表示必须是一个文件

directory, #表示不过不存在就创建一个目录

link, #表示是一个链接

hard, #表示是一个硬链接

touch, #表示不存在就创建一个空文件

absent #表示删除

例子:创建目录

[ root@node1 ~ ]# ansible all -m file -a “path=/tmp/hidir state=directory owner=nobody mode=777”

172.18.25.52 | SUCCESS => {

“changed”: true,

“failed”: false,

“gid”: 0,

“group”: “root”,

“mode”: “0777”,

“owner”: “nobody”,

“path”: “/tmp/hidir”,

“size”: 6,

“state”: “directory”,

“uid”: 99

}

172.18.25.53 | SUCCESS => {

“changed”: true,

“failed”: false,

“gid”: 0,

“group”: “root”,

“mode”: “0777”,

“owner”: “nobody”,

“path”: “/tmp/hidir”,

“size”: 6,

“state”: “directory”,

“uid”: 99

}

172.18.25.51 | SUCCESS => {

“changed”: true,

“failed”: false,

“gid”: 0,

“group”: “root”,

“mode”: “0777”,

“owner”: “nobody”,

“path”: “/tmp/hidir”,

“size”: 6,

“state”: “directory”,

“uid”: 99

}

例子:创建空文件

[ root@node1 ~ ]# ansible all -m file -a “path=/tmp/hifile state=touch owner=nobody mode=777”

172.18.25.51 | SUCCESS => {

“changed”: true,

“dest”: “/tmp/hifile”,

“failed”: false,

“gid”: 0,

“group”: “root”,

“mode”: “0777”,

“owner”: “nobody”,

“size”: 0,

“state”: “file”,

“uid”: 99

}

172.18.25.52 | SUCCESS => {

“changed”: true,

“dest”: “/tmp/hifile”,

“failed”: false,

“gid”: 0,

“group”: “root”,

“mode”: “0777”,

“owner”: “nobody”,

“size”: 0,

“state”: “file”,

“uid”: 99

}

172.18.25.53 | SUCCESS => {

“changed”: true,

“dest”: “/tmp/hifile”,

“failed”: false,

“gid”: 0,

“group”: “root”,

“mode”: “0777”,

“owner”: “nobody”,

“size”: 0,

“state”: “file”,

“uid”: 99

}

例子:创建一个链接,注意这个源文件是指的目标服务器上的源文件。

[ root@node1 ~ ]# ansible all -m file -a “path=/tmp/mytest.txt src=/tmp/test2.txt state=link”

172.18.25.52 | SUCCESS => {

“changed”: true,

“dest”: “/tmp/mytest.txt”,

“failed”: false,

“gid”: 0,

“group”: “root”,

“mode”: “0777”,

“owner”: “root”,

“size”: 14,

“src”: “/tmp/test2.txt”,

“state”: “link”,

“uid”: 0

}

172.18.25.53 | SUCCESS => {

“changed”: true,

“dest”: “/tmp/mytest.txt”,

“failed”: false,

“gid”: 0,

“group”: “root”,

“mode”: “0777”,

“owner”: “root”,

“size”: 14,

“src”: “/tmp/test2.txt”,

“state”: “link”,

“uid”: 0

}

172.18.25.51 | SUCCESS => {

“changed”: true,

“dest”: “/tmp/mytest.txt”,

“failed”: false,

“gid”: 0,

“group”: “root”,

“mode”: “0777”,

“owner”: “root”,

“size”: 14,

“src”: “/tmp/test2.txt”,

“state”: “link”,

“uid”: 0

}

删除符号链接

[ root@node1 ~ ]# ansible all -m file -a “path=/tmp/mytest.txt state=absent”

172.18.25.52 | SUCCESS => {

“changed”: true,

“failed”: false,

“path”: “/tmp/mytest.txt”,

“state”: “absent”

}

172.18.25.53 | SUCCESS => {

“changed”: true,

“failed”: false,

“path”: “/tmp/mytest.txt”,

“state”: “absent”

}

172.18.25.51 | SUCCESS => {

“changed”: true,

“failed”: false,

“path”: “/tmp/mytest.txt”,

“state”: “absent”

}

get_url模块: Downloads files from HTTP, HTTPS, or FTP to node

*url=

*dest=

sha256sum=

owner, group, mode

例子: 然三个主机都下载redis并放在/tmp/目录下

[ root@node1 ~ ]# ansible all -m get_url -a

“url=http://download.redis.io/releases/redis-4.0.2.tar.gz dest=/tmp/”

172.18.25.51 | SUCCESS => {

“changed”: true,

“checksum_dest”: null,

“checksum_src”: “d2588569a35531fcdf03ff05cf0e16e381bc278f”,

“dest”: “/tmp/redis-4.0.2.tar.gz”,

“failed”: false,

“gid”: 0,

“group”: “root”,

“md5sum”: “f0497cc1311cd10dfdf215e9e6fd7416”,

“mode”: “0644”,

“msg”: “OK (1713990 bytes)”,

“owner”: “root”,

“size”: 1713990,

“src”: “/tmp/tmpSYXHve”,

“state”: “file”,

“status_code”: 200,

“uid”: 0,

“url”: “http://download.redis.io/releases/redis-4.0.2.tar.gz”

}

172.18.25.53 | SUCCESS => {

“changed”: true,

“checksum_dest”: null,

“checksum_src”: “d2588569a35531fcdf03ff05cf0e16e381bc278f”,

“dest”: “/tmp/redis-4.0.2.tar.gz”,

“failed”: false,

“gid”: 0,

“group”: “root”,

“md5sum”: “f0497cc1311cd10dfdf215e9e6fd7416”,

“mode”: “0644”,

“msg”: “OK (1713990 bytes)”,

“owner”: “root”,

“size”: 1713990,

“src”: “/tmp/tmp4EF_zu”,

“state”: “file”,

“status_code”: 200,

“uid”: 0,

“url”: “http://download.redis.io/releases/redis-4.0.2.tar.gz”

}

172.18.25.52 | SUCCESS => {

“changed”: true,

“checksum_dest”: null,

“checksum_src”: “d2588569a35531fcdf03ff05cf0e16e381bc278f”,

“dest”: “/tmp/redis-4.0.2.tar.gz”,

“failed”: false,

“gid”: 0,

“group”: “root”,

“md5sum”: “f0497cc1311cd10dfdf215e9e6fd7416”,

“mode”: “0644”,

“msg”: “OK (1713990 bytes)”,

“owner”: “root”,

“size”: 1713990,

“src”: “/tmp/tmpKb1mA2”,

“state”: “file”,

“status_code”: 200,

“uid”: 0,

“url”: “http://download.redis.io/releases/redis-4.0.2.tar.gz”

}

git模块:Deploy software (or files) from git checkouts

repo= #仓库路径

dest= #克隆后目标存放路径

version= #获取是选取哪个版本,默认是最新的

例子:首先在webserver上面安装git,然后在github上面下载fastdfs并放在/tmp/下

[ root@node1 ~ ]# ansible webserver -m yum -a “name=git state=latest”

[ root@node1 ~ ]# ansible webserver -m git -a”repo=https://github.com/happyfish100/fastdfs.git dest=/tmp/fastdfs”

deploy_helper模块:Manages some of the steps common in deploying projects.

haproxy模块:Enable, disable, and set weights for HAProxy backend servers using socket commands.

backend=

host=

state=

weight=

cron 模块:Manage cron.d and crontab entries.

minute=

day=

month=

weekday=

hour=

job=

*name=

state=

present:创建

absent:删除

例子:每隔五分钟所有机器都去172..18.0.1上面同步一次时间。

[ root@node1 ~ ]# ansible all -m cron -a “name=’timesync’ job=’/usr/sbin/ntpdate 172.18.0.1 &> /dev/null’ minute=’*/5′”

172.18.25.53 | SUCCESS => {

“changed”: true,

“envs”: [],

“failed”: false,

“jobs”: [

“timesync”

]

}

172.18.25.52 | SUCCESS => {

“changed”: true,

“envs”: [],

“failed”: false,

“jobs”: [

“timesync”

]

}

172.18.25.51 | SUCCESS => {

“changed”: true,

“envs”: [],

“failed”: false,

“jobs”: [

“timesync”

]

}

[ root@node1 ~ ]# crontab -l

#Ansible: timesync

*/5 * * * * /usr/sbin/ntpdate 172.18.0.1 &> /dev/null

删除定义的计划任务

[ root@node1 ~ ]# ansible all -m cron -a “name=’timesync’ job=’/usr/sbin/ntpdate 172.18.0.1 &> /dev/null’ minute=’*/5′ state=absent”

172.18.25.52 | SUCCESS => {

“changed”: true,

“envs”: [],

“failed”: false,

“jobs”: []

}

172.18.25.53 | SUCCESS => {

“changed”: true,

“envs”: [],

“failed”: false,

“jobs”: []

}

172.18.25.51 | SUCCESS => {

“changed”: true,

“envs”: [],

“failed”: false,

“jobs”: []

}

创建计划任务,但是不启用,也就是被注释的

[ root@node1 ~ ]# ansible all -m cron -a “name=’timesync’ job=’/usr/sbin/ntpdate 172.18.0.1 &> /dev/null’ minute=’*/5′ state=present disabled=true”

172.18.25.52 | SUCCESS => {

“changed”: true,

“envs”: [],

“failed”: false,

“jobs”: [

“timesync”

]

}

172.18.25.53 | SUCCESS => {

“changed”: true,

“envs”: [],

“failed”: false,

“jobs”: [

“timesync”

]

}

172.18.25.51 | SUCCESS => {

“changed”: true,

“envs”: [],

“failed”: false,

“jobs”: [

“timesync”

]

}

[ root@node1 ~ ]# crontab -l

#Ansible: timesync

#*/5 * * * * /usr/sbin/ntpdate 172.18.0.1 &> /dev/null

hostname模块:Manage hostname

name=

pip模块:Manages Python library dependencies. #管理python库依赖关系

name=

state=

version=

npm模块:Manage node.js packages with npm #用npm管理node.js包

name=

state=

version=

yum模块:Manages packages with the `yum’ package manager

name=:程序包名称,可以带版本号;

state=

present,

latest, #最新的

installed

absent,

removed

其它的包管理工具:apt(debian), zypper(suse), dnf(fedora), rpm, dpkg, …

例子:都yum安装 nginx

[ root@node1 ~ ]# ansible webserver -m yum -a “name=nginx state=latest”

[ root@node1 ~ ]# ansible webserver -m yum -a “list=nginx”

172.18.25.51 | SUCCESS => {

“changed”: false,

“failed”: false,

“results”: [

{

“arch”: “x86_64”,

“envra”: “1:nginx-1.10.2-1.el7.x86_64”,

“epoch”: “1”,

“name”: “nginx”,

“release”: “1.el7”,

“repo”: “epel”,

“version”: “1.10.2”,

“yumstate”: “available”

},

{

“arch”: “x86_64”,

“envra”: “1:nginx-1.10.2-1.el7.x86_64”,

“epoch”: “1”,

“name”: “nginx”,

“release”: “1.el7”,

“repo”: “installed”,

“version”: “1.10.2”,

“yumstate”: “installed”

}

]

}

172.18.25.52 | SUCCESS => {

“changed”: false,

“failed”: false,

“results”: [

{

“arch”: “x86_64”,

“envra”: “1:nginx-1.10.2-1.el7.x86_64”,

“epoch”: “1”,

“name”: “nginx”,

“release”: “1.el7”,

“repo”: “epel”,

“version”: “1.10.2”,

“yumstate”: “available”

},

{

“arch”: “x86_64”,

“envra”: “1:nginx-1.10.2-1.el7.x86_64”,

“epoch”: “1”,

“name”: “nginx”,

“release”: “1.el7”,

“repo”: “installed”,

“version”: “1.10.2”,

“yumstate”: “installed”

}

]

}

service模块:管理服务

*name=

state=

started

stopped

restarted

enabled=

runlevel= #运行级别

例子:启动之前使用ansible批量安装的ngixn

[ root@node1 ~ ]# ansible webserver -m service -a “name=nginx enabled=true state=started”

172.18.25.51 | SUCCESS => {

“changed”: true,

“enabled”: true,

“failed”: false,

“name”: “nginx”,

“state”: “started”,

“status”: {

}

}

172.18.25.52 | SUCCESS => {

“changed”: true,

“enabled”: true,

“failed”: false,

“name”: “nginx”,

“state”: “started”,

“status”: {

}

}

本文版权归 飞翔沫沫情 作者所有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出 原文链接 如有问题, 可发送邮件咨询,转贴请注明出处:https://www.fxkjnj.com/317/

发表评论

登录后才能评论