RHCE(常用的模块)
下面都是基于ad-hoc编写的
格式:
ansible 主机清单 -m 模块名 -a '命令动作' ansible的选项(-u,-k等)
一:命令模块
1、command模块
系统默认的模块,可以在ansible的配置文件里面去修改
创建一个文件
[root@server ~]# ansible client -m command -a 'touch /opt/qq.txt' [WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. client | CHANGED | rc=0 >> [root@server ~]# ansible client -m command -a 'ls -l /opt/' client | CHANGED | rc=0 >> total 0 -rw-r--r--. 1 root root 0 Mar 24 18:39 qq.txtd
command模块不支持特殊的字符,如< ,>,| ,&还有通配符,*等
[root@server ~]# ansible client -m command -a 'echo qqq > /opt/qq.txt' client | CHANGED | rc=0 >> qqq > /opt/qq.txt [root@server ~]# ansible client -m command -a 'cat /opt/qq.txt' client | CHANGED | rc=0 >> #从输出的结果上就能看到,打印了qqq>/opt/qq.txt
2、shell模块
非常的好用,也就是万能的模块,就是能实现所有的命令,通过shell模块
高级特性,
chdir:执行命令之前,切换到指定的目录下,默认是远程主机的家目录
[root@server ~]# ansible client -m shell -a 'touch ww.txt' [WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. client | CHANGED | rc=0 >> #默认的情况下,工作目录是远程用户的家目录 [root@server ~]# ansible client -m shell -a 'ls -l /home/devops' client | CHANGED | rc=0 >> total 0 -rw-r--r--. 1 root root 0 Mar 24 18:44 ww.txt #使用chdir指定工作目录 [root@server ~]# ansible client -m shell -a 'chdir=/opt touch file1' client | CHANGED | rc=0 >> [root@server ~]# ansible client -m shell -a 'chdir=/opt ls -l ' client | CHANGED | rc=0 >> total 0 -rw-r--r--. 1 root root 0 Mar 24 18:46 file1 -rw-r--r--. 1 root root 0 Mar 24 18:39 qq.txt
creates:一个文件名,当文件存在,则命令不执行,当文件不存在,命令执行
#使用creates,文件存在,命令不执行,反之,文件不存在,命令执行 [root@server ~]# ansible client -m shell -a 'creates=/opt/qq.txt touch /opt/file2' client | SUCCESS | rc=0 >> skipped, since /opt/qq.txt exists [root@server ~]# ansible client -m shell -a 'creates=/opt/file2 touch /opt/file2' client | CHANGED | rc=0 >> [root@server ~]# ansible client -m shell -a 'ls /opt/' client | CHANGED | rc=0 >> file1 file2 qq.txt
与其相反有removes,一个文件名,当文件存在,命令执行;不存在,命令不执行
#文件存在,则执行命令,反之,文件不存在,则不执行命令 root@server ~]# ansible client -m shell -a 'removes=/opt/file2 rm -f /opt/file1' client | CHANGED | rc=0 >> [root@server ~]# ansible client -m shell -a 'ls /opt' client | CHANGED | rc=0 >> file2 qq.txt [root@server ~]# ansible client -m shell -a 'removes=/opt/file3 touch /opt/file3' client | SUCCESS | rc=0 >> skipped, since /opt/file3 does not exist [root@server ~]# ansible client -m shell -a 'ls /opt/' client | CHANGED | rc=0 >> file2 qq.txt
3、raw模块
[root@server ~]# ansible client -m raw -a 'touch /opt/file3' client | CHANGED | rc=0 >> muxclient: master hello exchange failed Shared connection to client closed. [root@server ~]# ansible client -m raw -a 'ls /opt/' client | CHANGED | rc=0 >> file2 file3 qq.txt Shared connection to client closed. #正常的信息,代表这连接结束
4、script模块
就脚本写入到脚本文件中去,然后传送到被控节点上,不需要可执行的权限,因为就是将一行一行的命令传送过去,与crontab一样,所以不需要可执行的权限
[root@server tmp]# vim test.sh
[root@server tmp]# ansible client -m script -a '/tmp/test.sh'
client | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to client closed.\r\n",
"stderr_lines": [
"Shared connection to client closed."
],
"stdout": "rhce\r\n",
"stdout_lines": [
"rhce"
]
}
二:常用模块管理
1、file模块
管理文件的,常用的模块
能够管理,文件的拥有人,权限,selinux文件的标签都能修改等
#查看帮助文档
ansible-doc file
#path这个路径一定要带上
#创建一个文件,动作是state
[root@server tmp]# ansible client -m file -a 'path=/opt/file10 state=touch'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/file10",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
#创建一个目录出来
[root@server tmp]# ansible client -m file -a 'path=/opt/dir1 state=directory'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/opt/dir1",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
#删除一个文件出来
[root@server tmp]# ansible client -m file -a 'path=/opt/dir1 state=absent'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/opt/dir1",
"state": "absent"
}
#创建一个软连接,和硬链接,要写上绝对路径(注意啊是对被控节点进行软连接的操作,源文件和链接文件都是被控节点的)
[root@server tmp]# ansible client -m file -a 'src=/mnt/file1 dest=/mnt/file1-link state=link'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/mnt/file1-link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:mnt_t:s0",
"size": 10,
"src": "/mnt/file1",
"state": "link",
"uid": 0
}
#创建一个硬链接
[root@server tmp]# ansible client -m file -a 'src=/mnt/file1 dest=/mnt/file1-hard state=hard'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/mnt/file1-hard",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:mnt_t:s0",
"size": 0,
"src": "/mnt/file1",
"state": "hard",
"uid": 0
}
2、copy模块
就是将主控节点的文件拷贝到被控节点文件上面去
#将主控节点的文件拷贝到被控节点上面
[root@server tmp]# ansible client -m copy -a 'src=/tmp/test.sh dest=/mnt/test.sh'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "a9783e6f2da2efea6cc7115b22d167455d05189b",
"dest": "/mnt/test.sh",
"gid": 0,
"group": "root",
"md5sum": "aae763c8e1711825827a240b40bdcd90",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:mnt_t:s0",
"size": 24,
"src": "/home/devops/.ansible/tmp/ansible-tmp-1711193299.8891306-277638582411293/source",
"state": "file",
"uid": 0
}
[root@server tmp]# ansible client -m shell -a 'ls /mnt/'
client | CHANGED | rc=0 >>
file1
file1-hard
file1-link
hgfs
qq.txt
test.sh
#可以不使用src,直接使用content自定义被控节点的文件内容
[root@server tmp]# ansible client -m copy -a 'content=rhce dest=/mnt/rrr.txt'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "5295e0ae86f97581d8dada159c335d3072eb0271",
"dest": "/mnt/rrr.txt",
"gid": 0,
"group": "root",
"md5sum": "a2c46c40c2efca614a1fb5c65485c427",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:mnt_t:s0",
"size": 4,
"src": "/home/devops/.ansible/tmp/ansible-tmp-1711193431.2815578-205623201870744/source",
"state": "file",
"uid": 0
}
[root@server tmp]# ansible client -m shell -a 'cat /mnt/rrr.txt'
client | CHANGED | rc=0 >>
rhce
#如果被控节点和主控节点有同名的文件的话,并且文件的内容都不一样的情况下,使用backup进行备份的操作
[root@server tmp]# ansible client -m copy -a 'backup=yes src=/tmp/test.sh dest=/mnt/test.sh'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup_file": "/mnt/test.sh.10318.2024-03-24@19:33:28~",
"changed": true,
"checksum": "a9783e6f2da2efea6cc7115b22d167455d05189b",
"dest": "/mnt/test.sh",
"gid": 0,
"group": "root",
"md5sum": "aae763c8e1711825827a240b40bdcd90",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:mnt_t:s0",
"size": 24,
"src": "/home/devops/.ansible/tmp/ansible-tmp-1711193609.8684103-205978887261860/source",
"state": "file",
"uid": 0
}
使用remote_src就是指定了源文件在被控节点上面,所以的话,就是将被控节点的文件拷贝到被控节点上面
ansible node1 -m copy -a 'remote_src=yes src=/tmp/11.txt dest=/mnt/11.txt'
3、yum_repository模块
编写yum仓库的模块
name:就是文件的名字,默认自带.rpeo结尾的
file:用于设置仓库的名称,没有的话,默认使用name名称
#2个仓库不能都写在一起,这样的话会以最后一个为主
[root@server tmp]# ansible client -m yum_repository -a 'name=dvd description=BaseOS baseurl=file:///media/BaseOS gpgcheck=0 enabled=1'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"repo": "dvd",
"state": "present"
}
[root@server tmp]# ansible client -m yum_repository -a 'name=dvd description=AppSteram baseurl=file:///media/AppStream gpgcheck=0 enabled=1'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"repo": "dvd",
"state": "present"
}
4、yum模块
用来安装软件和包组的
#安装httpd软件
[root@server tmp]# ansible client -m yum -a 'name=httpd state=present'
[WARNING]: Skipping plugin (/usr/local/lib/python3.9/site-packages/ansible-2.9.0-py3.9.egg/ansible/plugins/filter/core.py) as it seems to be
invalid: cannot import name 'environmentfilter' from 'jinja2.filters' (/usr/local/lib/python3.9/site-
packages/Jinja2-3.1.3-py3.9.egg/jinja2/filters.py)
[WARNING]: Skipping plugin (/usr/local/lib/python3.9/site-packages/ansible-2.9.0-py3.9.egg/ansible/plugins/filter/mathstuff.py) as it seems
to be invalid: cannot import name 'environmentfilter' from 'jinja2.filters' (/usr/local/lib/python3.9/site-
packages/Jinja2-3.1.3-py3.9.egg/jinja2/filters.py)
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: httpd",
"Installed: apr-1.7.0-11.el9.x86_64",
"Installed: apr-util-1.6.1-20.el9.x86_64",
"Installed: redhat-logos-httpd-90.4-1.el9.noarch",
"Installed: apr-util-bdb-1.6.1-20.el9.x86_64",
"Installed: mod_http2-1.15.19-2.el9.x86_64",
"Installed: apr-util-openssl-1.6.1-20.el9.x86_64",
"Installed: mod_lua-2.4.51-7.el9_0.x86_64",
"Installed: httpd-2.4.51-7.el9_0.x86_64",
"Installed: httpd-filesystem-2.4.51-7.el9_0.noarch",
"Installed: httpd-tools-2.4.51-7.el9_0.x86_64"
]
}
#安装包组
要使用@包组
[root@server tmp]# ansible client -m yum -a 'name="@System Tools" state=present'
[WARNING]: Skipping plugin (/usr/local/lib/python3.9/site-packages/ansible-2.9.0-py3.9.egg/ansible/plugins/filter/core.py) as it seems to be
invalid: cannot import name 'environmentfilter' from 'jinja2.filters' (/usr/local/lib/python3.9/site-
packages/Jinja2-3.1.3-py3.9.egg/jinja2/filters.py)
[WARNING]: Skipping plugin (/usr/local/lib/python3.9/site-packages/ansible-2.9.0-py3.9.egg/ansible/plugins/filter/mathstuff.py) as it seems
to be invalid: cannot import name 'environmentfilter' from 'jinja2.filters' (/usr/local/lib/python3.9/site-
packages/Jinja2-3.1.3-py3.9.egg/jinja2/filters.py)
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Group system-tools installed.",
"Installed: samba-client-4.15.5-105.el9_0.x86_64",
"Installed: unbound-libs-1.13.1-13.el9_0.x86_64",
"Installed: fltk-1.3.8-1.el9.x86_64",
"Installed: tigervnc-1.11.0-21.el9.x86_64",
"Installed: tigervnc-icons-1.11.0-21.el9.noarch",
"Installed: tigervnc-license-1.11.0-21.el9.noarch",
"Installed: nss-tools-3.71.0-7.el9.x86_64",
"Installed: libreswan-4.6-3.el9.x86_64",
"Installed: nmap-3:7.91-10.el9.x86_64",
"Installed: NetworkManager-libreswan-1.2.14-1.el9.3.x86_64",
"Installed: ldns-1.7.1-10.el9.x86_64"
]
}
5、service模块
服务重启,启动,停止,开启自启等
#开机httpd服务
[root@server tmp]# ansible client -m service -a 'name=httpd state=started'
[WARNING]: Skipping plugin (/usr/local/lib/python3.9/site-packages/ansible-2.9.0-py3.9.egg/ansible/plugins/filter/core.py) as it seems to be
invalid: cannot import name 'environmentfilter' from 'jinja2.filters' (/usr/local/lib/python3.9/site-
packages/Jinja2-3.1.3-py3.9.egg/jinja2/filters.py)
[WARNING]: Skipping plugin (/usr/local/lib/python3.9/site-packages/ansible-2.9.0-py3.9.egg/ansible/plugins/filter/mathstuff.py) as it seems
to be invalid: cannot import name 'environmentfilter' from 'jinja2.filters' (/usr/local/lib/python3.9/site-
packages/Jinja2-3.1.3-py3.9.egg/jinja2/filters.py)
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "systemd-tmpfiles-setup.service system.slice nss-lookup.target -.mount httpd-init.service tmp.mount network.target sysinit.target systemd-journald.socket remote-fs.target basic.target",
"AllowIsolate": "no",
#设置为开启自启
[root@server tmp]# ansible client -m service -a 'name=httpd enabled=yes'
[WARNING]: Skipping plugin (/usr/local/lib/python3.9/site-packages/ansible-2.9.0-py3.9.egg/ansible/plugins/filter/core.py) as it seems to be
invalid: cannot import name 'environmentfilter' from 'jinja2.filters' (/usr/local/lib/python3.9/site-
packages/Jinja2-3.1.3-py3.9.egg/jinja2/filters.py)
[WARNING]: Skipping plugin (/usr/local/lib/python3.9/site-packages/ansible-2.9.0-py3.9.egg/ansible/plugins/filter/mathstuff.py) as it seems
to be invalid: cannot import name 'environmentfilter' from 'jinja2.filters' (/usr/local/lib/python3.9/site-
packages/Jinja2-3.1.3-py3.9.egg/jinja2/filters.py)
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"enabled": true,
"name": "httpd",
"status": {
"ActiveEnterTimestamp": "Sun 2024-03-24 20:04:12 CST",
"ActiveEnterTimestampMonotonic": "6126391955",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
#重新加载
[root@server tmp]# ansible client -m service -a 'name=httpd state=reloaded'
[WARNING]: Skipping plugin (/usr/local/lib/python3.9/site-packages/ansible-2.9.0-py3.9.egg/ansible/plugins/filter/core.py) as it seems to be
invalid: cannot import name 'environmentfilter' from 'jinja2.filters' (/usr/local/lib/python3.9/site-
packages/Jinja2-3.1.3-py3.9.egg/jinja2/filters.py)
[WARNING]: Skipping plugin (/usr/local/lib/python3.9/site-packages/ansible-2.9.0-py3.9.egg/ansible/plugins/filter/mathstuff.py) as it seems
to be invalid: cannot import name 'environmentfilter' from 'jinja2.filters' (/usr/local/lib/python3.9/site-
packages/Jinja2-3.1.3-py3.9.egg/jinja2/filters.py)
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
6、systemd模块
与service模块一样的作用
7、cron模块
注意格式啊
设置计划任务的模块,
name=计划任务的描述信息,
minute=每分钟'/1'
job=计划任务,也就是命令
user=计划任务的拥有人
cron_file=添加到配置文件中,
#用户devops执行,每分钟输出rhce
#格式一定要记住,就是双引号的存在,每个参数的话
#命令就是jos这个参数
[root@server /]# ansible client -m cron -a 'name="c" minute="*\1" job="echo rhce" user=devops'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"c"
]
}
#还有一个点就是添加到配置文件里面去
[root@server /]# ansible client -m cron -a 'name="ccc" job="echo rhce" hour="12" user=root cron_file=/etc/crontab'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"cron_file": "/etc/crontab",
"envs": [
"SHELL",
"PATH",
"MAILTO"
],
"jobs": [
"ccc"
]
}
8、user模块
创建用户的模块,可以做很多的操作关于用户的
其中注意的就是加密用户的密码的这个参数
#添加用户,并且设置密码
[root@server mnt]# ansible client -m user -a 'name=jjjj comment=qqqqq'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "qqqqq",
"create_home": true,
"group": 1002,
"home": "/home/jjjj",
"name": "jjjj",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1002
}
#再来设置密码
[root@server mnt]# openssl passwd -6 redhat
$6$aG8OEYBvb5iCInd6$r5om4yrpNmwwnbgVyyXK6JTLbg2vfH1M1By4.hu34wollzcHe5tQ/nOnDDOuBiD69uCrVkX2jQU2.tTCuZYTV0
[root@server mnt]# ansible client -m shell -a 'echo $6$aG8OEYBvb5iCInd6$r5om4yrpNmwwnbgVyyXK6JTLbg2vfH1M1By4.hu34wollzcHe5tQ/nOnDDOuBiD69uCrVkX2jQU2.tTCuZYTV0 | passwd --stdin jjjj'
client | CHANGED | rc=0 >>
Changing password for user jjjj.
passwd: all authentication tokens updated successfully
对于为什么使用不了 {{}}表示疑惑
彻底删除用户要加上remove=yes,就能彻底的删除
[root@server ~]# ansible client -m user -a 'name=jjjj state=absent remove=yes'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "jjjj",
"remove": true,
"state": "absent"
}
9、group模块
管理用户组的模块
[root@server cron]# ansible client -m group -a 'name=wwwww gid=4000'
client | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 4000,
"name": "wwwww",
"state": "present",
"system": false
}
10、fetch模块
与copy模块相反的,将被控节点的文件拷贝到主控节点上面
#默认情况下flat参数为no
#拷贝文件以被控节点的主机名命名的一个目录
[root@server mnt]# ansible client -m fetch -a 'src=/opt/qq.txt dest=/mnt'
client | CHANGED => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/mnt/client/opt/qq.txt",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
[root@server mnt]# ls
client
[root@server mnt]# cd client/
[root@server client]# ls
opt
[root@server client]# cd opt/
[root@server opt]# ls
qq.txt
#设置flat参数为yes
#就是将被控节点的文件直接拷贝到主控节点上,并且目录要带上/不然的话,会报错
[root@server mnt]# ansible client -m fetch -a 'src=/opt/qq.txt dest=/mnt/ flat=yes'
client | CHANGED => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/mnt/qq.txt",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
[root@server mnt]# ls
qq.txt
#没有带上的后果报错
[root@server mnt]# ansible client -m fetch -a 'src=/opt/qq.txt dest=/mnt flat=yes'
client | FAILED! => {
"changed": false,
"file": "/mnt",
"msg": "dest is an existing directory, use a trailing slash if you want to fetch src into that directory"
}
11:unarchive模块
把本地的压缩的文件解压到被控节点上面的模块
remote_src=yes(默认是no),就是在被控节点进行解压缩的操作,就是被控节点上面的压缩文件拷贝到被控节点上面并且进行解压缩
#默认是no,将主控节点的文件解压缩到被控节点上面 ansible client -m unarchive -a 'src=/tmp/etc.tar.gz dest=/tmp/' #将被控节点的文件解压缩到被控节点上 ansible client -m unarchive -a 'remote_src=yes src=/tmp/etc.tar.gz dest=/opt/'
12:synchronize模块
同步文件的模块,当然还有,sync一些选项,加上不同的参数即可(既能实现)
#主控节点上面有一个file1的文件,将其传送到被控节点上面去,也就是所谓的同步的文件
[root@server tmp]# ansible client -m synchronize -a 'src=/tmp/file1 dest=/tmp/'
client | CHANGED => {
"changed": true,
"cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh=/usr/bin/ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --rsync-path=sudo rsync --out-format=<<CHANGED>>%i %n%L /tmp/file1 devops@client:/tmp/",
"msg": "<f+++++++++ file1\n",
"rc": 0,
"stdout_lines": [
"<f+++++++++ file1"
]
}
#当然还有区分的,就是带有/和没有带上/的区别,带有的话,就是将这个目录下的所有文件都同步到上面去
没有带有的话,就是将这个目录同步过去
[root@server tmp]# ansible client -m synchronize -a 'src=/tmp/ dest=/tmp/'
client | CHANGED => {
"changed": true,
........略
".d..t...... .XIM-unix/",
".d..t...... .font-unix/",
"cd+++++++++ ansible_synchronize_payload_ph5jv1zr/",
"<f+++++++++ ansible_synchronize_payload_ph5jv1zr/ansible_synchronize_payload.zip"
]
}
#没有带/同步目录过去
[root@server tmp]# ansible client -m synchronize -a 'src=/tmp dest=/tmp/'
[root@server tmp]# ansible client -m shell -a 'ls /tmp'
#archive保留同步过去的文件的原属性,默认是开启的
#dest-port ssh端口改变的话,可以使用这个进行同步
#delete=yes 就是删除被控主机多余的文件
就是主控节点和被控节点的目录的对比
[root@server tmp]# ansible client -m synchronize -a 'src=/tmp/ dest=/tmp/ delete=yes'
#查看被控节点的,只有一个file1了,另外一个就是推送的ansible的模块
[root@client tmp]# ls
ansible_synchronize_payload_cwyqw5sa file1
#sync-opt可以使用sync的选项,-vz
[root@server tmp]# ansible client -m synchronize -a 'src=/tmp/file1 dest=/tmp/ rsync_opts=-vz'
#2种工作模式
mode:pull 被控同步到主控节点里上面去
push 主控同步到被控节点上面去
#pull情况下,src就是被控节点,dest就是主控节点
[root@server tmp]# ansible client -m synchronize -a 'mode=pull src=/tmp/file2 dest=/tmp/'
#push情况下,src就是主控节点,dest就是被控节点
[root@server tmp]# ansible client -m synchronize -a 'mode=push src=/tmp/file2 dest=/tmp/'
13:get_url模块
就是在被控节点进行下载的模块
[root@controller tmp]# ansible node1 -m get_url -a 'url=http://www.baidu.com/index.html dest=/tmp/'
14:mount模块
选项:
state:present写入自动挂载,但是实际上没有挂载,需要重启服务器才行
umounted 取消临时挂载,但是没有清理自动挂载
mounted 写入自动挂载,并且直接挂载了(常用的)
absent 取消临时挂载,并且清理自动挂载(常用的)
fstype:挂载的类型
nfs,cifs,iso9660等
#将被控节点的镜像挂载到media目录,并且实现永久的挂载,这个挂载的目录被打上了selinux的标签 ansible node1 -m mount -a 'src=/dev/cdrom path=/media fstype=iso9660 state=mounted' #然后取消自动挂载,并且删除自动挂载,删除后,这个挂载的目录就会被删除, ansible node1 -m mount -a 'src=/dev/cdrom path=/media fstype=iso9660 state=absent' #写入到自动挂载上面,但是实际上是没有挂载的,需要重启才行 ansible node1 -m mount -a 'src=/dev/cdrom path=/media fstype=iso9660 state=present' #取消临时挂载,并且不会删除自动挂载的配置文件 ansible node1 -m mount -a 'src=/dev/cdrom path=/media fstype=iso9660 state=unmounted'
15:firewalld模块
实现防火墙相关的命令,就是关于放行服务等,实现永久放行等操作
参数:
service:服务名称
permanent:是否永久添加
yes:就是永久添加
no:临时添加
没有添加上immediate的话,是不会立即生效的
immediate:防火墙策略是否立即的生效
yes:立即的生效
state:
enabled:策略生效
disable:策略禁用
present:新建策略(区域级别的操作)
abent:删除策略(区域级别的操作)
#永久放行httpd服务
- name: qqq
hosts: node1
tasks:
- name: firewalld
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
#临时放行httpd
#下次开机的话,自动就没有了,会被永久的覆盖
- name: qqq
hosts: node1
tasks:
- name: firewalld
firewalld:
service: http
state: enabled
#永久的禁用httpd服务
- name: qqq
hosts: node1
tasks:
- name: firewalld
firewalld:
service: http
state: diabled
permanent: yes
immediate: yes
16:debug模块
输出变量的的模块
主要有2个参数,msg,var
17:分区相关的模块
parted,lvg,lvol,filesystem,mount
parted模块 (分区)
关键字:
device 指定硬盘设备路径 label 指定分区表的类型 gpt,mbr number 指定分区序号 part_start 分区起始的位置 part_end 分区结束的位置 state 指定操作方式,present创建,absent删除 flage 指定分区类型 , [ lvm ]
Lvg模块(创建卷组)
vg 卷组的名称 state present创建(默认)或者absent删除 force 在删除时使用,yes表示允许删除带逻辑卷的卷组,默认为false pvs 指定物理卷 pesize 设定pe大小,默认为4
Lvol模块
lv 定义逻辑卷名称 vg 逻辑卷的空间来自哪个vg state present创建(默认)或者删除absent size 定义逻辑卷大小,默认为MB force 删除和压缩逻辑卷大小,默认为no,需要时开启,避免磁盘的损失
Filesystem模块
dev 要格式的分区 注意不能带上/报错的 fstype 文件系统类型 force 强制格式化,如果以前分区中有数据的话
mount模块
path 挂载点
src 挂载的文件
fstype 挂载的硬盘类型
opts 传递给mount命令的参数,ro(只读),rw(读写),sync(同步的模式下),remount(重新的挂载)
state present(开机时挂载,仅将配置写入到/etc/fstab)
mounted(挂载设备,并将配置写入到/etc/fstab)
umounted(卸载设备,不会清除/etc/fstab里面的配置)
absent(卸载设备,并清理/etc/fstab里面的配置文件)
#创建一个10G逻辑卷分区,然后创建一个research卷组,然后创建100m的逻辑卷,格式化为ext4,永久的进行挂载/mnt/mydata
- hosts: node1
tasks:
- name: create 10G part
parted:
device: /dev/sda
number: 1
state: present
part_end: 10GiB
flags: [ lvm ]
- name: create vg
lvg:
vg: research
pvs: /dev/sda1
pesize: 4
- name: create data
lvol:
vg: research
lv: data
state: present
size: 100m
- name: filesystem
filesystem:
dev: /dev/research/data
fstype: ext4
- name: mount
mount:
path: /mnt/mydata/
src: /dev/research/data
fstype: ext4
opts: defaults
state: mounted
18:lineinfile模块(修改单行的内容)
对一行内容进行修改
详细的参数:
path:修改的配置文件
regexp:过滤行,可以支持通配符,如果没有匹配到行,则在最末尾添加行的内容
line:对匹配的行的内容进行修改(替换),如果匹配到的行都是一样的,则修改最后一行的内容
insertbefore:在匹配行的前面进行插入
insertafter:在匹配行的后面进行插入
backrefs:yes|no,默认是no,如果没有匹配到行,则在配置文件末尾添加,如果是yes,匹配不到行,则不追加
state:absent,如果是删除的话,会将所有匹配到的内容删除掉
create:yes,默认是no,如果是yes,当文件不存在则生成文件
validate:修改内容之前进行验证文件,使用的是应用程序本身的验证机制,而不是lineinfile模块
例如,httpd服务,使用httpd -t 验证语法
backup:在修改之前进行备份的操作
总的来说可以使用通配符进行很多的事情,来进行匹配
#文件不存在的话,则自动的创建文件
- hosts: node1
tasks:
- lineinfile:
path: /mnt/s1.txt
create: yes
line: hello rhce
#多行的内容的话,默认,是修改末尾的
[root@node1 mnt]# cat s1.txt
hello rhce
hello rhce
hello rhce
hello rhce
hello rhce
hello rhce
- hosts: node1
tasks:
- lineinfile:
path: /mnt/s1.txt
create: yes
regexp: hello rhce
line: rhca
hello rhce
hello rhce
hello rhce
hello rhce
hello rhce
rhca
#没有匹配到行的话,就在末尾添加内容,如果不想添加内容的话,就使用backrefs为yes
- hosts: node1
tasks:
- lineinfile:
path: /mnt/s1.txt
create: yes
regexp: adsdo
line: rhce
#删除的话,就是将匹配到的所有的行进行删除
- hosts: node1
tasks:
- lineinfile:
path: /mnt/s1.txt
create: yes
regexp: hello rhce
state: absent
#使用通配符来进行匹配的行
- hosts: node1
tasks:
- lineinfile:
path: /opt/passwd
regexp: ^root
line: aaaaa
#使用validate,修改内容之前,进行验证文件,使用的是服务本身的验证机制
- hosts: node1
gather_facts: no
tasks:
- lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: "^Listen 80"
line: "Listen 9999"
validate: httpd -t -f %s %s就是path这个路径
#修改之前进行备份文件
- hosts: node1
tasks:
- lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: "^Listen 8888"
line: "Listen 99999"
backup: yes
19:blockinfile模块(修改多行的内容)
对多行内容进行修改,也可以指定一个位置进行插入
参数详解:
block:要插入的文本内容 ,| 这个为标记
marker:指定块标记,不指定的话,默认生成
#不设置marker
- hosts: node1
tasks:
- blockinfile:
path: /opt/111.txt
create: yes
block: |
aaaaa
bbbbb
[root@node1 opt]# cat 111.txt
# BEGIN ANSIBLE MANAGED BLOCK
aaaaa
bbbbb
# END ANSIBLE MANAGED BLOCK
#有marker的标记
- hosts: node1
tasks:
- blockinfile:
path: /opt/111.txt
create: yes
block: |
dddddd
ffffff
marker: "# RHCE {mark} ansible"
[root@node1 opt]# cat 111.txt
# BEGIN ANSIBLE MANAGED BLOCK
aaaaa
bbbbb
# END ANSIBLE MANAGED BLOCK
# RHCE BEGIN ansible
dddddd
ffffff
# RHCE END ansible
#删除指定的marker标记
[root@controller mnt]# cat f2.yaml
- hosts: node1
tasks:
- blockinfile:
path: /opt/111.txt
create: yes
marker: "# RHCE {mark} ansible"
state: absent
[root@node1 opt]# cat 111.txt
# BEGIN ANSIBLE MANAGED BLOCK
aaaaa
bbbbb
# END ANSIBLE MANAGED BLOCK
如果有多个mark标记是一样的话,则删除末尾的mark标记中的内容
#删除指定行的内容,需要配合lineinfile使用
- hosts: node1
tasks:
- lineinfile:
path: /opt/2222.txt
line: "RHCE BEGIN a"
insertbefore: "^a"
- lineinfile:
path: /opt/2222.txt
line: "RHCE END a"
insertafter: "^e"
- blockinfile:
path: /opt/2222.txt
state: absent
marker: "RHCE {mark} a"
浙公网安备 33010602011771号