常用模块
file 模块 管理被控端文件
回显为绿色则,未变更,符合要求
黄色则改变
红色则报错
因为默认值为file,那么文件不存在,报错
改为touch则创建
将state改为directory变成创建目录(默认可以递归)
创建软链接或硬链接
[root@workstation modules]# ansible servera -m file -a 'path=/tmp/redhat1 state=absent'
absent删除文件
[root@workstation modules]# ansible servera -m file -a 'path=/tmp/file mode=755 owner=ansible'
servera | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "ansible",
"path": "/tmp/file",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 0,
"state": "file",
"uid": 1001
}
更改已经存在的目录 可以加state=touch 也可以不加效果一样
[root@workstation modules]# ansible servera -m file -a 'src=/tmp/file2 dest=/tmp/file33 state=link force=yes'
[WARNING]: Cannot set fs attributes on a non-existent symlink target. follow should be set to False to avoid
this.
servera | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/tmp/file33",
"src": "/tmp/file2"
}
强制创建不存在源文件的链接文件
源文件不同则覆盖(不加force也可以)
根据红色报错来决定加不加force更合理
copy模块 将主控端文件给被控端
[root@workstation maosible]# ansible servera -m copy -a 'src=hosts dest=/tmp/dir01'
servera | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "e7a86fde02d85341de7f8a7c1544a3943e6aff9a",
"dest": "/tmp/dir01",
"gid": 0,
"group": "root",
"md5sum": "46d0842e39f0fb11629b1b07653420e0",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:user_home_t:s0",
"size": 16,
"src": "/home/ansible/.ansible/tmp/ansible-tmp-1662013817.618654-7648-138526025113835/source",
"state": "file",
"uid": 0
}
一个致命的小细节
[root@workstation maosible]# ln -s /important/ ./abca
[root@workstation maosible]# rm -f abca/
rm: cannot remove 'abca/': Is a directory
[root@workstation maosible]# rm -f abca
[root@workstation maosible]#
这个小小的/区别很大。一定要注意,哪些位置需要加/
[root@workstation maosible]# ansible servera -m copy -a 'content="hello world\n" dest=/tmp/file2'
copy也可以写文件(相当于重定向>)
backup 在覆盖之前将原文件备份。备份包含时间信息
force=no 防止覆盖
remote_src 复制被控端到被控端 默认no
validate 测试文件的语法如果测试不通过,则不执行
[root@workstation maosible]# cat /etc/sudoers.d/kk
xiaomao ALL=(ALL) NOPASSWD:ALL
[root@workstation maosible]# ansible servera -m copy -a "src=/etc/sudoers.d/kk dest=/etc/sudoers.d/user1 validate='visudo -cf %s'"
servera | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "276588c6d80f03f87e149fb9cf406f7589b12299",
"dest": "/etc/sudoers.d/user1",
"gid": 0,
"group": "root",
"md5sum": "c647cd86fe29f8aae9ced2c5e4ce4063",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:etc_t:s0",
"size": 31,
"src": "/home/ansible/.ansible/tmp/ansible-tmp-1662016144.5676467-8325-177579230721100/source",
"state": "file",
"uid": 0
}
检查文件格式并发送,不正确不发
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html
更多参考文档
user模块 管理用户
查帮助
ansible-doc -l 列出所有模块
ansible-doc user 查user的帮助
[root@workstation maosible]# ansible servera -m user -a 'name=user1 uid=1100 state=present'
幂等性的缘故,所以可以重复执行命令达到想要的效果
[root@workstation maosible]# ansible servera -m user -a 'name=user1 uid=1100 group=ansible shell=/sbin/nologin state=present'
[root@workstation maosible]# ansible servera -m user -a 'name=user1 remove=yes state=absent'
连带家目录一起删除
设置密码
[root@workstation maosible]# ansible all -i localhost, -m debug -a "msg={{ 'redhat' | password_hash('sha512', 'mysecretsalt') }}"
localhost | SUCCESS => {
"msg": "$6$mysecretsalt$GcajIATSXc4CUJ.uOMrH.oB7A7dch4KSuaNfL12kfmhFZz7hH9gcttplfRfmk4rQ.sQnZieSBxqi6xPDFBGRC0"
}
来自官方文档的指引
[root@workstation maosible]# ansible servera -m user -a 'name=user1 uid=1101 state=present password="$6$mysecretsalt$GcajIATSXc4CUJ.uOMrH.oB7A7dch4KSuaNfL12kfmhFZz7hH9gcttplfRfmk4rQ.sQnZieSBxqi6xPDFBGRC0"'
ansible localhost -m debug -a "msg={{ 'redhat' | password_hash('sha512', 'mysecretsalt') }}"
直接在ansible节点输出就好了
一次做完
[root@workstation maosible]# ansible servera -m user -a "name=user1 uid=1101 state=present password={{ '2redhat' | password_hash('sha512', 'mysecretsalt') }}"
将密码管道给password_hash(‘sha512’, ‘mysecretsalt’) 因为里面有变量所以 {{}}
group 模块
[root@workstation maosible]# ansible servera -m group -a 'name=it1 state=present'
[root@workstation maosible]# ansible servera -m user -a 'name=bob group=it1 state=present'
[root@workstation maosible]# ansible servera -m user -a 'name=bob group=it1 groups=root,ansible state=present'
name group groups这些参数没有次序,想怎么放就怎么放
创建用户并指定组,并添加附加组
yum 模块
可以查ansible-doc
- name: Add multiple repositories into the same file (2/2)
yum_repository:
name: rpmforge
description: RPMforge YUM repo
file: external_repos
baseurl: http://apt.sw.be/redhat/el7/en/$basearch/rpmforge
mirrorlist: http://mirrorlist.repoforge.org/el7/mirrors-rpmforge
enabled: no
[root@workstation maosible]# ansible servera -m yum_repository -a 'baseurl=file:///mnt enabled=yes description=abc file=abc gpgcheck=no name=dvd'
配仓库
[root@workstation maosible]# ansible all -m yum -a 'name=tree state=present'
装包
[root@workstation maosible]# ansible all -m yum -a 'name="@Development tools" state=present'
装包组
[root@workstation maosible]# ansible servera -m yum -a 'name=* state=present'
相当于servera yum update -y
更新
ansible命令发到被控端是不好撤回的 ctrl+c不是很有用
package模块封装了yum与apt
service 模块
[root@workstation maosible]# ansible servera -m service -a 'name=sshd state=started enabled=yes'
systemd 模块
当 需要deamon-reload得需要systemd
cron 模块
[root@workstation maosible]# ansible servera -m cron -a 'hour=05 user=user1 job="echo hello" name=fox'
servera | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"envs": [],
"jobs": [
"fox"
]
}
[root@workstation maosible]# ssh root@servera
Last login: Fri Sep 2 21:14:14 2022 from 192.168.230.164
[root@servera ~]# crontab -l -u user1
#Ansible: fox
* 05 * * * echo hello
[root@servera ~]#
加name,ansible需要一个cron标识
[root@workstation maosible]# ansible servera -m cron -a 'hour=05 user=user1 job="echo hellwwo" name=fox cron_file=/etc/cron.d/cronmqy'
servera | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"cron_file": "/etc/cron.d/cronmqy",
"envs": [],
"jobs": [
"fox"
]
}
[root@workstation maosible]# ansible servera -m cron -a 'hour=05 user=root job="echo he2llwwo" name=fox cron_file=/etc/crontab'
servera | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"cron_file": "/etc/crontab",
"envs": [
"SHELL",
"PATH",
"MAILTO"
],
"jobs": [
"fox"
]
}
[root@servera cron.d]# cat cronmqy
#Ansible: fox
* 05 * * * user1 echo hellwwo
[root@servera cron.d]# cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
For details see man 4 crontabs
Example of job definition:
.---------------- minute (0 - 59)
| .------------- hour (0 - 23)
| | .---------- day of month (1 - 31)
| | | .------- month (1 - 12) OR jan,feb,mar,apr ...
| | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
| | | | |
* * * * * user-name command to be executed
#Ansible: fox
* 05 * * * root echo he2llwwo
[root@servera cron.d]#
这里name必须都不一样才好。我这里偷懒了
这里主要是显示出ansible的计划任务可以写进文件
cron.d下面自定义文件很方便。名字随便取
synchronize 同步
ansible servera -m synchronize -a ‘src=/root/ansible/ dest=/tmp/data archive=no rsync_opts=-tr’
根据时间戳同步目录
-tro o为拥有人
Original: https://www.cnblogs.com/supermao12/p/16649725.html
Author: supermao12
Title: ansible 003 常用模块
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/576958/
转载文章受原作者版权保护。转载请注明原作者出处!