title: Ansible 常用模块详解(3) date: 2018-12-01 15:22:11 tags: Ansible categories: Ansible copyright: true --- Ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、fun
title: Ansible 常用模块详解(3)
date: 2018-12-01 15:22:11
tags:
- Ansible
categories: Ansible
copyright: true
---
Ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能,ansible是基于模块工作的,本身没有批量部署的能力,真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架.
经过前面的介绍,我们已经熟悉了 Ansible 的一些常识性的东西和如何编译安装Ansible,从本章开始我们将全面介绍 Ansible 的各种生产常用模块,这些也是我们使用 Ansible 的过程中必须掌握的重点,本章将介绍和使用 Ansible 中经常使用的一些模块,大体模块分为: 文件操作类,命令执行类,系统管理类,等使我们能对 Ansible 有一个全面的了解.
命令执行模块
◆Command◆
Command模块是Ansible的默认调用模块,它可以帮助我们在远程主机上执行任意命令,但是需要注意的是,使用Command模块执行命令时,如果需要执行的命令是单一的命令那没什么,但如要需要使用含有管道符,重定向,等特殊字符,这些符号我们的Command是不能识别出来的,当你需要使用管道符的时候应该考虑shell模块来实现,如果远程节点是 windows 系统,则需要使用 win_command 模块.
下面来看它的几个常用参数:
首先通过root用户执行一条ls命令,ls默认会打印出/root/家目录下的文件,这是因为ansible默认的执行路径就是自己的家目录.
[[email protected] ~]# ansible all -m command -a "ls" 192.168.10.20 | SUCCESS | rc=0 >>
接下来我们通过chdir选项改变一下工作目录的位置,并再次ls查询一下,你会发现目录变化了,chdir 参数在执行命令前,会先进入到指定的目录中然后执行后续的命令.
[[email protected] ~]# ansible all -m command -a "chdir=/boot ls" 192.168.10.20 | SUCCESS | rc=0 >> config-3.10.0-862.el7.x86_64 efi grub2 initramfs-3.10.0-862.el7.x86_64.img symvers-3.10.0-862.el7.x86_64.gz vmlinuz-3.10.0-862.el7.x86_64
接下来看一下下面的两个参数,creates参数当/root目录不存在则执行echo,而removes则是当文件存在则执行,两个可以形成鲜明的对比啊.
[[email protected] ~]# ansible all -m command -a 'creates=/root echo "check ok"' 192.168.10.20 | SUCCESS | rc=0 >> skipped, since /root exists [[email protected] ~]# ansible all -m command -a 'removes=/root echo "check ok"' 192.168.10.20 | SUCCESS | rc=0 >> check ok
◆Shell◆
shell 模块可以帮助我们在远程主机上执行命令,它与 command 模块不同之处是 shell 模块在远程主机中执行命令时,会运行远程主机上的 /bin/sh 程序处理,也就是说它不是直接执行命令,而是交给了bash来托管执行,这样一来我们的管道符也就被支持了,笔者还是常用shell这个模块的,因为方便.
下面来看它的几个常用参数:
shell 模块中 chdir、creates、removes参数的作用与 command 模块中的作用都是相同的,这里为了节约篇幅只举一个小例子,改变一下它的默认路径.
[[email protected] ~]# ansible all -m shell -a "chdir=/boot ls" 192.168.10.20 | SUCCESS | rc=0 >> config-3.10.0-862.el7.x86_64 efi grub2 initramfs-3.10.0-862.el7.x86_64.img symvers-3.10.0-862.el7.x86_64.gz vmlinuz-3.10.0-862.el7.x86_64
紧接着我们看一下executable这个参数来指定一个默认shell,由于这里没有其他shell我们就用bash来演示一下吧.
[[email protected] ~]# ansible all -m shell -a "executable=/bin/bash uname -r" 192.168.10.20 | SUCCESS | rc=0 >> 3.10.0-862.el7.x86_64 [[email protected] ~]# ansible all -m shell -a "executable=/bin/bash uname -r" -o 192.168.10.20 | SUCCESS | rc=0 | (stdout) 3.10.0-862.el7.x86_64
◆Script◆
script 模块可以帮助我们在远程主机上执行我们编写的管理主机的脚本,也就是说,脚本一直存在于你的管理主机本地,无需手动拷贝到远程主机,你当然也可以使用copy模块将你的脚本拷贝到远程主机,然后执行/bin/bash调用脚本执行,但是这样就太麻烦了,幸好Ansible为我们提供了script管理模块.
下面来看它的几个常用参数:
我们来编写一个打印系统日期的脚本,然后在使用script模块执行,看一下远程主机的执行情况,这里需要注意的是/root/data.sh是本地路径下脚本的保存位置.
[[email protected] ~]# cat data.sh
#!/bin/bash
date
[[email protected] ~]# ansible all -m script -a "/root/data.sh"
192.168.10.20 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.10.20 closed.\r\n",
"stdout": "Tue Dec 4 14:11:34 EST 2018\r\n",
"stdout_lines": [
"Tue Dec 4 14:11:34 EST 2018"
]
}
接下来,我们通过使用creates关键字,先判断/etc/passwd是否存在,如果存在则不执行data.sh这个脚本,否则执行.
[[email protected] ~]# ansible all -m script -a "creates=/etc/passwd /root/data.sh"
192.168.10.20 | SKIPPED
[[email protected] ~]# ansible all -m script -a "removes=/etc/passwd /root/data.sh"
192.168.10.20 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.10.20 closed.\r\n",
"stdout": "Tue Dec 4 14:15:13 EST 2018\r\n",
"stdout_lines": [
"Tue Dec 4 14:15:13 EST 2018"
]
}
文件管理模块
◆File◆
file 模块可以帮助我们完成一些对文件的基本操作,比如,创建文件或目录、删除文件或目录、修改文件权限、修以及软硬链接的创建,文件操作File在实际环境中应用还是很广泛的.
下面来看它的几个常用参数:
1.通过命令给远程主机创建一个名为lyshark.log文件,如果/tmp/lyshark.log文件已存在则更新时间戳,否则创建这个文件.
[[email protected] ~]# ansible all -m file -a "path=/tmp/lyshark.log state=touch"
192.168.10.20 | SUCCESS => {
"changed": true,
"dest": "/tmp/lyshark.log",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
2.在远程主机创建一个名为lyshark的目录,如果/tmp/lyshark这个目录存在,则不进行任何操作.
[[email protected] ~]# ansible all -m file -a "path=/tmp/lyshark state=directory"
192.168.10.20 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/lyshark",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
3.在远程主机给/bin/bash命令,创建一个名为lyshark.link的软链接,文件存在则不进行任何操作.
[[email protected] ~]# ansible all -m file -a "src=/bin/bash path=/tmp/lyshark.link state=link"
192.168.10.20 | SUCCESS => {
"changed": true,
"dest": "/tmp/lyshark.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 9,
"src": "/bin/bash",
"state": "link",
"uid": 0
}
3.在远程主机给/bin/bash命令,创建一个名为lyshark.hard的硬链接,文件存在则不进行任何操作.
[[email protected] ~]# ansible all -m file -a "src=/bin/bash path=/tmp/lyshark.hard state=hard"
192.168.10.20 | SUCCESS => {
"changed": true,
"dest": "/tmp/lyshark.hard",
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"secontext": "system_u:object_r:shell_exec_t:s0",
"size": 964544,
"src": "/bin/bash",
"state": "hard",
"uid": 0
}
4.在远程主机给/bin/bash命令,创建一个名为lyshark.hard的硬链接,若文件存在则强制覆盖一遍.
[[email protected] ~]# ansible all -m file -a "src=/bin/bash path=/tmp/lyshark.hard state=hard force=yes"
192.168.10.20 | SUCCESS => {
"changed": false,
"dest": "/tmp/lyshark.hard",
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"secontext": "system_u:object_r:shell_exec_t:s0",
"size": 964544,
"src": "/bin/bash",
"state": "hard",
"uid": 0
}
5.通过state=absent关键字,删除远程机器上的指定文件或目录,这里我们删除上面的/tmp/lyshark.hard这个硬链接.
[[email protected] ~]# ansible all -m file -a "path=/tmp/lyshark.hard state=absent"
192.168.10.20 | SUCCESS => {
"changed": true,
"path": "/tmp/lyshark.hard",
"state": "absent"
}
6.在创建文件或目录的时候指定属主与属组,或直接修改远程主机上的文件或目录的属主与属组.
[[email protected] ~]# ansible all -m shell -a "rm -fr /tmp/*" -o #清空演示目录
192.168.10.20 | SUCCESS | rc=0 | (stdout)
[[email protected] ~]# ansible all -m shell -a "useradd admin" #创建一个用户与组
192.168.10.20 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible all -m file -a "path=/tmp/lyshark state=directory owner=root group=admin"
192.168.10.20 | SUCCESS => { #创建/tmp/lyshark目录
"changed": true,
"gid": 1001,
"group": "admin", #指定属组为admin
"mode": "0755",
"owner": "root", #指定属主为root
"path": "/tmp/lyshark",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
[[email protected] ~]# ansible all -m file -a "path=/tmp/lyshark mode=777"
192.168.10.20 | SUCCESS => {
"changed": true,
"gid": 1001,
"group": "admin",
"mode": "0777", #修改目录权限为777
"owner": "root",
"path": "/tmp/lyshark",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
7.当操作远程主机中的目录时,同时递归的将/tmp/lyshark目录中的文件的属主属组都设置为admin.
[[email protected] ~]# ansible all -m file -a "path=/tmp/lyshark state=directory owner=admin group=admin mode=777 recurse=yes"
192.168.10.20 | SUCCESS => {
"changed": true,
"gid": 1001,
"group": "admin",
"mode": "0777",
"owner": "admin",
"path": "/tmp/lyshark",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 1001
}
◆Copy◆
文件的复制也是最常用的功能之一,在Ansible中我们可以使用copy模块本模块的作用就是拷贝文件它与fetch模块类似,不过fetch模块是从远程主机中拉取文件到 ansible 管理主机,而 copy 模块是将 ansible 管理主机上的文件拷贝到远程主机中,文件的变化是通过MD5值来判断的.
下面来看它的几个常用参数:
1.将 ansible 管理主机中 /etc/passwd 文件复制到远程主机的 /tmp 目录下.
[[email protected] ~]# ansible all -m copy -a "src=/etc/passwd dest=/tmp"
192.168.10.20 | SUCCESS => {
"changed": true,
"checksum": "368beabb02de303b193dbdc9c10daf8b6a3a8220",
"dest": "/tmp/passwd",
"gid": 0,
"group": "root",
"md5sum": "c4bb3905d05e0e1ebe4582afbd993c62",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 898,
"src": "/root/.ansible/tmp/ansible-tmp-1543954320.59-199213984528293/source",
"state": "file",
"uid": 0
}
#注:如果执行失败,请在被控机上安装 yum install libselinux-python -y
2.通过使用content指定文本数据,覆盖写入远程/tmp/passwd文件里,注意这里只能是目录.
[[email protected] ~]# ansible all -m copy -a 'content="www.mkdirs.com\nby:LyShark\n" dest=/tmp/passwd'
192.168.10.20 | SUCCESS => {
"changed": true,
"checksum": "de467565daf9f6c33a94b646df0e8c30776a565b",
"dest": "/tmp/passwd",
"gid": 0,
"group": "root",
"md5sum": "919b8b7a326ade5b2b12aba512234488",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 26,
"src": "/root/.ansible/tmp/ansible-tmp-1543954542.01-120613474339806/source",
"state": "file",
"uid": 0
}
[[email protected] tmp]# cat passwd ←远程主机文件内容已被更改.
www.mkdirs.com
by:LyShark
3.将ansible主机上的/etc/shadow文件拷贝到远程主机的/tmp/目录下,并指定文件的属组等信息,需要注意,远程主机上必须存在对应的组.
[[email protected] ~]# ansible all -m copy -a 'src=/etc/shadow dest=/tmp/shadow owner=admin group=admin mode=777'
192.168.10.20 | SUCCESS => {
"changed": true,
"checksum": "a343f7209f0243ff02c9ec9c7ede5d8470858de4",
"dest": "/tmp/shadow",
"gid": 1001,
"group": "admin",
"md5sum": "0ebfc482fbc77f326f46a97936b69a10",
"mode": "0777",
"owner": "admin",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 714,
"src": "/root/.ansible/tmp/ansible-tmp-1543954764.54-185568488946158/source",
"state": "file",
"uid": 1001
}
4.将远程主机/bin/bash文件通过feth模块,拉取到本地/root目录下.
[[email protected] ~]# ansible all -m fetch -a "src=/bin/bash dest=/root"
192.168.10.20 | SUCCESS => {
"changed": true,
"checksum": "d4bd3ab2983b6cc0ecfe4391365924841f254b1d",
"dest": "/root/192.168.10.20/bin/bash",
"md5sum": "9127a3b202f7ad0cf4558d93ebb655ae",
"remote_checksum": "d4bd3ab2983b6cc0ecfe4391365924841f254b1d",
"remote_md5sum": null
}
◆Find◆
find命令用来在指定目录下查找文件,任何位于参数之前的字符串都将被视为欲查找的目录名,如果使用该命令时,不设置任何参数,则find命令将在当前目录下查找子目录与文件,并且将查找到的子目录和文件全部进行显示,下面的find 模块也可以帮助我们在被管理主机中查找符合条件的文件,就像 find 命令一样.
下面来看它的几个常用参数:
1.查询远程主机中/etc目录下,包含 passwd 字符串的文件,隐藏文件会被忽略,不会进行递归查找.
[[email protected] ~]# ansible all -m find -a 'paths=/etc contains="*passwd*"'
192.168.10.20 | SUCCESS => {
"changed": false,
"examined": 180,
"files": [],
"matched": 0,
"msg": ""
}
2.查询远程主机中/etc目录以及子目录中,查找文件内容中包含 passwd 字符串的文件,隐藏文件会被忽略.
[[email protected] ~]# ansible all -m find -a 'paths=/etc contains="*passwd*" recurse=yes'
192.168.10.20 | SUCCESS => {
"changed": false,
"examined": 2414,
"files": [],
"matched": 0,
"msg": ""
}
3.查询远程主机中/etc目录下以 .sh 结尾的文件,包括隐藏文件,但是不包括目录或其他文件类型,不会进行递归查找.
[[email protected] ~]# ansible all -m find -a 'paths=/etc patterns="*.sh" file_type=any hidden=yes'
192.168.10.20 | SUCCESS => {
"changed": false,
"examined": 180,
"files": [],
"matched": 0,
"msg": ""
}
4.查询远程主机中/etc目录下以 .sh 结尾的文件,包括隐藏文件,包括所有文件类型,比如文件、目录、或者软链接,但是不会进行递归查找.
[[email protected] ~]# ansible all -m find -a 'paths=/etc patterns="*.sh" file_type=any hidden=yes'
192.168.10.20 | SUCCESS => {
"changed": false,
"examined": 180,
"files": [],
"matched": 0,
"msg": ""
}
5.查询远程主机中/etc目录中以及其子目录中查找 mtime 在1天以内的文件,不包含隐藏文件,不包含目录或软链接文件等文件类型.
[[email protected] ~]# ansible all -m find -a 'paths=/etc age=-1d recurse=yes'
192.168.10.20 | SUCCESS => {
"changed": false,
"examined": 2414,
"files": [
{
"atime": 1544004010.3749297,
"ctime": 1544004009.4279296,
"dev": 64768,
}
]
6.查询远程主机中/etc目录中以及其子目录中查找大于 1m 的文件,不包含隐藏文件,不包含目录或软链接文件等文件类型.
[[email protected] ~]# ansible all -m find -a 'paths=/etc size=1m recurse=yes'
192.168.10.20 | SUCCESS => {
"changed": false,
"examined": 2414,
"files": [
{
"atime": 1543948732.8400002,
"ctime": 1539448763.0409997,
"dev": 64768,
}
]
7.查询远程主机中/etc目录中以及其子目录中查找以 .sh 结尾的文件,并且返回符合条件文件的 sha1 校验码,包括隐藏文件.
[[email protected] ~]# ansible all -m find -a 'paths=/etc patterns=*.sh get_checksum=yes hidden=yes recurse=yes'
192.168.10.20 | SUCCESS => {
"changed": false,
"examined": 2414,
"files": [
{
"atime": 1543948795.1880422,
"checksum": "1e39e9c628803da5b6f5a5d9e77fbe3cfefc996a",
"ctime": 1539448365.4729974,
"dev": 64768,
"gid": 0,
}
]
◆Unarchive◆
unarchive模块的功能是,解压缩,这个模块有两种用法
1.将ansible主机上的压缩包在本地解压缩后传到远程主机上,这种情况下copy=yes
2.将远程主机上的某个压缩包解压缩到指定路径下,这种情况下,需要设置copy=no
下面来看它的几个常用参数:
将ansible控制主机上的/root/lyshark.tar.gz解压缩到远程主机的/tmp/目录下,并设置权限777.
[[email protected] ~]# ansible all -m unarchive -a "src=/root/lyshark.tar.gz dest=/tmp/ mode=777"
192.168.10.20 | SUCCESS => {
"changed": true,
"dest": "/tmp/",
"extract_results": {
"cmd": [
"/usr/bin/gtar",
"--extract",
"-C",
"/tmp/",
"-z",
"-f",
"/root/.ansible/tmp/ansible-tmp-1544005363.57-45479136087498/source"
]
文本修改模块
◆Replace◆
replace 模块可以根据我们指定的正则表达式替换文件中的字符串,文件中所有被匹配到的字符串都会被替换,也就是说它是一种全局替换的工具.
下面来看它的几个常用参数:
1.首先我们创建一个文本文件并传输到远程主机上去.
[[email protected] ~]# vim lyshark.log
[[email protected] ~]# cat lyshark.log
lyshark
www.mkdirs.com
www.wangrui.com
[[email protected] ~]# ansible all -m copy -a "src=./lyshark.log dest=/tmp/"
192.168.10.20 | SUCCESS => {
"changed": true,
"checksum": "8115005c643689fcde3cd1d317a27f75a5748f6f",
"dest": "/tmp/lyshark.log",
"gid": 0,
"group": "root",
"md5sum": "0e6401405e9ff1f17b02b483cb8e303c",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 39,
"src": "/root/.ansible/tmp/ansible-tmp-1544005922.28-230333570888422/source",
"state": "file",
"uid": 0
}
2.接着我们将远程文件的www字段全部替换成wangrui,并且在替换前做备份操作.
[[email protected] ~]# ansible all -m replace -a 'path=/tmp/lyshark.log regexp="www" replace="wangrui" backup=yes'
192.168.10.20 | SUCCESS => {
"changed": true,
"msg": "2 replacements made"
}
◆Lineinfile◆
lineinfile模块相当的重要,在自动化运维中起到了至关重要的目的,他可以通过正则表达式替换指定文本,例如开启一些配置选项等,还可以新加一行文本,或者是删除指定的行,本命令一定认证的掌握下来.
下面来看它的几个常用参数:
1.通过正则匹配查找/etc/selinux/config文本中开头是SELINUX=的行,并替换成SELINUX=disabled.
[[email protected] ~]# ansible all -m lineinfile -a 'path=/etc/selinux/config regexp="^SELINUX=" line="SELINUX=disabled"'
192.168.10.20 | SUCCESS => {
"backup": "",
"changed": true,
"msg": "line replaced"
}
2.通过正则匹配查找/etc/selinux/config文本,并在文本末尾插入一行www.mkdirs.com
[[email protected] ~]# ansible all -m lineinfile -a 'path=/etc/selinux/config regexp="EOF" line="www.mkdirs.com"'
192.168.10.20 | SUCCESS => {
"backup": "",
"changed": true,
"msg": "line added"
}
3.通过正则匹配查找/etc/selinux/config文本,并在文本行首插入一行www.mkdirs.com.
[[email protected] ~]# ansible all -m lineinfile -a 'path=/etc/selinux/config regexp="BOF" line="www.mkdirs.com"'
192.168.10.20 | SUCCESS => {
"backup": "",
"changed": true,
"msg": "line added"
}
4.通过正则匹配查找/etc/selinux/config文本,删除所有的www.mkdirs.com字段.
[[email protected] ~]# ansible all -m lineinfile -a 'path=/etc/selinux/config regexp="^www.mkdirs.com" state=absent'
192.168.10.20 | SUCCESS => {
"backup": "",
"changed": true,
"found": 1,
"msg": "1 line(s) removed"
}
5.通过正则匹配查找/etc/selinux/config文本中在开头是SELINUX=disabled行的行后插入一段话www.mkdirs.com.
[[email protected] ~]# ansible all -m lineinfile -a 'path=/etc/selinux/config insertafter="^SELINUX=" line="www.mkdirs.com"'
192.168.10.20 | SUCCESS => {
"backup": "",
"changed": true,
"msg": "line added"
}
6.通过正则匹配查找/etc/selinux/config文本中在开头是SELINUX=disabled行的行前插入一段话www.mkdirs.com.
[[email protected] ~]# ansible all -m lineinfile -a 'path=/etc/selinux/config insertbefore="^SELINUX=" line="www.mkdirs.com"'
192.168.10.20 | SUCCESS => {
"backup": "",
"changed": true,
"msg": "line added"
}
系统管理模块
◆Setup◆
setup 模块用于收集远程主机的一些基本信息,其可以收集几乎主机上的任何数据,方便我们后期的分析工作.
下面来看它的几个常用参数:
1.通过setup命令获取远程主机的主机信息.
[[email protected] ~]# ansible all -m setup
192.168.10.20 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.10.20"
],
"ansible_all_ipv6_addresses": [
"fe80::897c:d72d:cd95:b9ec"
],
"ansible_apparmor": {
"status": "disabled"
},
].......
2.获取远程主机的 IPV4 地址,或者是IPV6地址.
[[email protected] ~]# ansible all -m setup -a "filter=ansible_all_ipv4_addresses"
192.168.10.20 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.10.20"
]
},
"changed": false
}
[[email protected] ~]# ansible all -m setup -a "filter=ansible_all_ipv6_addresses"
192.168.10.20 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv6_addresses": [
"fe80::897c:d72d:cd95:b9ec"
]
},
"changed": false
}
3.获取远程主机的内存信息列表.
[[email protected] ~]# ansible all -m setup -a "filter=ansible_memory_mb"
192.168.10.20 | SUCCESS => {
"ansible_facts": {
"ansible_memory_mb": {
"nocache": {
"free": 41,
"used": 177
},
"real": {
"free": 5,
"total": 218,
"used": 213
},
"swap": {
"cached": 0,
"free": 2027,
"total": 2047,
"used": 20
}
}
},
"changed": false
}
4.通过通配符实现模糊匹配,比如以"mb"关键字结尾的信息.
[[email protected] ~]# ansible all -m setup -a "filter=*mb"
192.168.10.20 | SUCCESS => {
"ansible_facts": {
"ansible_memfree_mb": 4,
"ansible_memory_mb": {
"nocache": {
"free": 41,
"used": 177
},
"real": {
"free": 4,
"total": 218,
"used": 214
},
"swap": {
"cached": 0,
"free": 2027,
"total": 2047,
"used": 20
}
},
"ansible_memtotal_mb": 218,
"ansible_swapfree_mb": 2027,
"ansible_swaptotal_mb": 2047
},
"changed": false
}
5.查询系统eth0接口相关信息列表.
[[email protected] ~]# ansible all -m setup -a "filter=ansible_ens32"
192.168.10.20 | SUCCESS => {
"ansible_facts": {
"ansible_ens32": {
"active": true,
"device": "ens32",
"features": {
"busy_poll": "off [fixed]",
"vlan_challenged": "off [fixed]"
},
"hw_timestamp_filters": [],
"ipv4": {
"address": "192.168.10.20",
"broadcast": "192.168.10.255",
"netmask": "255.255.255.0",
"network": "192.168.10.0"
},
"ipv6": [
{
"address": "fe80::897c:d72d:cd95:b9ec",
"prefix": "64",
"scope": "link"
}
],
"macaddress": "00:50:56:35:f2:62",
"speed": 1000,
"timestamping": [
"software"
],
"type": "ether"
}
},
"changed": false
}
◆Yum◆
yum 模块可以帮助我们在远程主机上通过yum源管理软件包,软件的安装也是至关重要的,这里我们介绍Yum模块,主要用户批量部署常用组件.yum 模块可以提供的status状态:latest,present,installed:这3个分别代表安装,后面2个是卸载.
下面来看它的几个常用参数:
1.安装软件:通过Yum模块批量的安装httpd服务到指定主机上.
[[email protected] ~]# ansible all -m yum -a "name=httpd state=installed" -o
192.168.10.20 | SUCCESS => {"changed": true, .....}
192.168.10.30 | SUCCESS => {"changed": true, .....}
[[email protected] ~]# ansible all -m shell -a "rpm -qa httpd" -o
192.168.10.30 | SUCCESS | rc=0 | (stdout) httpd-2.4.6-80.el7.x86_64
192.168.10.20 | SUCCESS | rc=0 | (stdout) httpd-2.4.6-80.el7.x86_64
2.卸载软件:通过Yum模块批量的卸载httpd服务主机.
[[email protected] ~]# ansible all -m yum -a "name=httpd state=removed" -o
192.168.10.20 | SUCCESS => {"changed": true, .....}
192.168.10.30 | SUCCESS => {"changed": true, .....}
[[email protected] ~]# ansible all -m shell -a "rpm -qa httpd" -o
192.168.10.30 | SUCCESS | rc=0 | (stdout)
192.168.10.20 | SUCCESS | rc=0 | (stdout)
◆Cron◆
cron 模块可以帮助我们管理远程主机中的计划任务,功能相当于 crontab 命令.
下面来看它的几个常用参数:
1.创建计划任务,任务名称为mkdirs test 任务于每天1点5分,执行输出一段话echo hello lyshark.
[[email protected] ~]# ansible all -m cron -a "name='mkdirs test' minute=5 hour=1 job='echo hello lyshark'"
192.168.10.20 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"mkdirs test"
]
}
2.创建计划任务任务名称为mkdirs test1 任务每3天执行一次,于执行当天的1点1分开始执行,任务内容为输出wangrui字符.
[[email protected] ~]# ansible all -m cron -a "name='mkdirs test1' minute=1 hour=1 day=*/3 job='echo wangrui'"
192.168.10.20 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"mkdirs test",
"mkdirs test1"
]
}
3.删除计划任务mkdirs test1,删除前做好备份.
[[email protected] ~]# ansible all -m cron -a "name='mkdirs test1' state=absent backup=yes"
192.168.10.20 | SUCCESS => {
"backup_file": "/tmp/crontabqzSJZn",
"changed": true,
"envs": [],
"jobs": [
"mkdirs test"
]
}
4.查询远程主机上的任务列表.
[[email protected] ~]# ansible all -m shell -a "crontab -l" -o 192.168.10.20 | SUCCESS | rc=0 | (stdout) #Ansible: mkdirs test\n5 1 * * * echo hello lyshark
5.其他配置过程.
[[email protected] ~]# ansible all -m cron -a "name='test cron' job='/bin/bash /tmp/lyshark.sh' weekday=6" [[email protected] ~]# ansible all -m cron -a "name='test admin' job='/bin/bash /tmp/lyshark.sh' weekday=6 minute=30 hour='*/8'" [[email protected] ~]# ansible all -m cron -a "name='test cron' job='/bin/bash /tmp/lyshark.sh' minute=30 hour='*/8' day='1,10,20' weekday=6"
◆Service◆
service 模块可以帮助我们管理远程主机上的服务,它完全可以替代Linux系统下的,相关操作比如启动服务,设置开机自启动.
下面来看它的几个常用参数:
1.设置服务开机自启动,设置httpd服务开机自启动.
[[email protected] ~]# ansible all -m service -a "name=httpd runlevel=3 state=started enabled=yes"
192.168.10.20 | SUCCESS => {"changed": true, .....}
192.168.10.30 | SUCCESS => {"changed": true, .....}
2.关闭服务开机自启动,关闭httpd服务开机自启动.
[[email protected] ~]# ansible all -m service -a "name=httpd runlevel=3 state=stopped enabled=no"
192.168.10.20 | SUCCESS => {"changed": true, .....}
192.168.10.30 | SUCCESS => {"changed": true, .....}
其他控制模块
◆Get_url◆
get_url模块用于下载指定文件到本地,在生产环境中也是最常用的东西啦.
下面来看它的几个常用参数:
1.下载一个指定文件到远程主机,我这里没有网络,这里只做演示吧.
[[email protected] ~]# ansible all -m get_url -a "url=http://mirrors.aliyun.com/repo/Centos-7.repo dest=/root"
192.168.10.20 | FAILED! => {
"changed": false,
"dest": "/root",
"gid": 0,
"group": "root",
"mode": "0550",
"msg": "Request failed: <urlopen error [Errno -2] Name or service not known>",
"owner": "root",
"secontext": "system_u:object_r:admin_home_t:s0",
"size": 156,
"state": "directory",
"uid": 0,
"url": "http://mirrors.aliyun.com/repo/Centos-7.repo"
}