模块一: 测试目标主机是否在线:ping模块
主机如果在线,则回复pong
[root@Node3 ~]# ansible all -m ping //测试主机是否在线
172.17.21.206 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.17.21.207 | SUCCESS => {
"changed": false,
"ping": "pong"
}
模块二:command模块和shell
作用:用于在各被管理节点运行指定的命令
shell和command的区别:shell模块可以特殊字符,而command是不支持
[root@Node3 ~]# ansible all -m command -a 'date' //显示各节点的日期172.17.21.207 | SUCCESS | rc=0 >> Mon Jan 22 15:55:16 CST 2018 172.17.21.206 | SUCCESS | rc=0 >> Mon Jan 22 15:55:16 CST 2018 [root@Node3 ~]# ansible all -m command -a 'ntpdate 172.17.21.208' //同步各节点时间172.17.21.207 | SUCCESS | rc=0 >> 22 Jan 16:03:39 ntpdate[5287]: adjust time server 172.17.21.208 offset 0.008589 sec 172.17.21.206 | SUCCESS | rc=0 >> 22 Jan 16:03:39 ntpdate[2650]: adjust time server 172.17.21.208 offset 0.017052 sec [root@Node3 ~]# ansible all -m shell -a 'echo mageedu | passwd --stdin tony' //修改各节点账号的密码172.17.21.206 | SUCCESS | rc=0 >> Changing password for user tony. passwd: all authentication tokens updated successfully. 172.17.21.207 | SUCCESS | rc=0 >> Changing password for user tony. passwd: all authentication tokens updated successfully.
模块三:user模块:管理用户的模块
模块参数详解:
name:指定用户名
password:设定用户密码,password参数需要接受md5加密后的值
state:用户状态,默认为present
present:表示添加用户
absent:表示删除用户
update_password:修改用户密码
always:新密码和旧密码不同时进行修改
on_create:为新创建的用户指定密码
createhome:创建家目录
yes:默认项,即创建用户默认是有家目录的
no:创建用户时不创建家目录
remove:
yes:删除用户家目录,需要指定此参数
no:默认项,删除用户时默认不删除用户的家目录
system:
yes:默认创建为普通用户,而非系统用户
如果不指定默认生成的选项有:
home:创建家目录
shell:创建默认的shell为/bin/bash
system:默认创建为普通用户,而非系统用户,指定是用yes
[root@Node3 ~]# ansible-doc -s user //查看user模块帮助信息 [root@Node3 ~]# echo Mageedu | openssl passwd -1 -stdin //对密码进行加密 [root@Node3 ~]# ansible all -m user -a 'name=webadmin system=yes password=$1$8218uq3N$yT28kYDpAvtE6/7x9m./a0 state=present' //增加webadmin用户172.17.21.206 | SUCCESS => { "changed": true, "comment": "", "createhome": true, "group": 983, "home": "/home/webadmin", "name": "webadmin", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": true, "uid": 988 } 172.17.21.207 | SUCCESS => { "changed": true, "comment": "", "createhome": true, "group": 984, "home": "/home/webadmin", "name": "webadmin", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": true, "uid": 989 } [root@Node3 ~]# ansible all -m user -a 'name=tom remove=yes state=absent' //删除tom用户172.17.21.206 | SUCCESS => { "changed": true, "force": false, "name": "tom", "remove": true, "state": "absent", "stderr": "userdel: tom mail spool (/var/spool/mail/tom) not found ", "stderr_lines": [ "userdel: tom mail spool (/var/spool/mail/tom) not found" ] } 172.17.21.207 | SUCCESS => { "changed": true, "force": false, "name": "tom", "remove": true, "state": "absent", "stderr": "userdel: tom mail spool (/var/spool/mail/tom) not found ", "stderr_lines": [ "userdel: tom mail spool (/var/spool/mail/tom) not found" ] } [root@Node3 ~]# echo cloudos | openssl passwd -1 -stdin $1$kwsnVwr5$PDT4oolqmhbKx9bL21HX/0 [root@Node3 ~]# ansible all -m user -a 'name=webadmin update_password=always password=$1$kwsnVwr5$PDT4oolqmhbKx9bL21HX/0' //修改webadmin用户的密码
172.17.21.206 | SUCCESS => { "append": false, "changed": true, "comment": "", "group": 983, "home": "/home/webadmin", "move_home": false, "name": "webadmin", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "uid": 988 } 172.17.21.207 | SUCCESS => { "append": false, "changed": true, "comment": "", "group": 984, "home": "/home/webadmin", "move_home": false, "name": "webadmin", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "uid": 989 }
[root@Node3 ~]# ssh webadmin@node1 //验证账号是否能登录
webadmin@node1's password:
[webadmin@Node1 ~]$ id
uid=988(webadmin) gid=983(webadmin) groups=983(webadmin)
[webadmin@Node1 ~]$
模块四:group模块:管理组的模块
[root@Node3 ~]# ansible all -m group -a 'gid=1009 name=mygrp state=present system=no' //新增mygrp组,GID为1009,不属于系统组 172.17.21.207 | SUCCESS => { "changed": true, "gid": 1009, "name": "mygrp", "state": "present", "system": false } 172.17.21.206 | SUCCESS => { "changed": true, "gid": 1009, "name": "mygrp", "state": "present", "system": false } [root@Node3 ~]# ansible all -m group -a 'name=mygrp state=absent' //删除mygrp组 172.17.21.207 | SUCCESS => { "changed": true, "name": "mygrp", "state": "absent" } 172.17.21.206 | SUCCESS => { "changed": true, "name": "mygrp", "state": "absent" }
模块五:远程复制备份模块:copy
获取帮助:ansible-doc -s copy
模块参数详解:
src:指定源文件路径,可以是相对路径,也可以是绝对路径,可以是目录(并非是必须的,可以使用content,直接生成文件内容)
dest=:指定目标文件路径,只能是绝对路径,如果src是目录,此项必须是目录
owner:指定属主
group:指定属组
mode:指定权限,可以以数字指定比如0644
content:代替src,直接往dest文件中写内容,可以引用变量,也可以直接使用inventory中的主机变量
backup:在覆盖之前将原文件备份,备份文件包含时间信息。有两个选项:yes|no
force:
yes:默认项,如果目标主机包含该文件,但内容不同,则强制覆盖
no:则只有当目标主机的目标位置不存在该文件时,才复制
directory_mode:递归的设定目录的权限,默认为系统默认权限
[root@Node3 tmp]# ansible all -m copy -a 'src=/tmp/note.txt dest=/tmp/ backup=yes' //复制本地文件到远程主机并对原文件进行备份172.17.21.207 | SUCCESS => { "changed": true, "checksum": "9955cad1e88e697be0ee40142b4d365725aa6c4e", "dest": "/tmp/note.txt", "gid": 0, "group": "root", "md5sum": "dd968c136dce42f6f225411a7225d0db", "mode": "0644", "owner": "root", "size": 6, "src": "/root/.ansible/tmp/ansible-tmp-1516612236.52-246176770078243/source", "state": "file", "uid": 0 } 172.17.21.206 | SUCCESS => { "changed": true, "checksum": "9955cad1e88e697be0ee40142b4d365725aa6c4e", "dest": "/tmp/note.txt", "gid": 0, "group": "root", "md5sum": "dd968c136dce42f6f225411a7225d0db", "mode": "0644", "owner": "root", "size": 6, "src": "/root/.ansible/tmp/ansible-tmp-1516612236.53-164774507851707/source", "state": "file", "uid": 0 } [root@Node1 ~]# cat /tmp/note.txt //node1节点查看文件内容 Node3 [root@Node3 tmp]# ansible all -m copy -a 'content="Ansible " dest=/tmp/note.txt' //向远程主机的文件中写内容,会把原内容覆盖掉172.17.21.207 | SUCCESS => { "changed": true, "checksum": "9fd79766f87c26f3a81e2622a577ca3864251949", "dest": "/tmp/note.txt", "gid": 0, "group": "root", "md5sum": "a46e0c84ae99c51a342c5b0dd51032ea", "mode": "0644", "owner": "root", "size": 8, "src": "/root/.ansible/tmp/ansible-tmp-1516612880.68-129445105756732/source", "state": "file", "uid": 0 } 172.17.21.206 | SUCCESS => { "changed": true, "checksum": "9fd79766f87c26f3a81e2622a577ca3864251949", "dest": "/tmp/note.txt", "gid": 0, "group": "root", "md5sum": "a46e0c84ae99c51a342c5b0dd51032ea", "mode": "0644", "owner": "root", "size": 8, "src": "/root/.ansible/tmp/ansible-tmp-1516612880.66-133496485275706/source", "state": "file", "uid": 0 } [root@Node1 ~]# cat /tmp/note.txt //node1节点查看文件内容 Ansible [root@Node3 tmp]# ansible all -m copy -a 'src=/etc/pam.d/ dest=/tmp/' //带有斜扛/,表示复制目录下所有文件至远程主机/tmp目录下 172.17.21.207 | SUCCESS => { "changed": true, "dest": "/tmp/", "src": "/etc/pam.d/" } 172.17.21.206 | SUCCESS => { "changed": true, "dest": "/tmp/", "src": "/etc/pam.d/" [root@Node3 tmp]# ansible all -m copy -a 'src=/etc/pam.d dest=/tmp/' //不带斜扛/,表明复制pam.d目录至远程主机/tmp目录下 172.17.21.206 | SUCCESS => { "changed": true, "dest": "/tmp/", "src": "/etc/pam.d" } 172.17.21.207 | SUCCESS => { "changed": true, "dest": "/tmp/", "src": "/etc/pam.d" }
[root@Node3 tmp]# ansible all -m copy -a 'src=/etc/fstab dest=/tmp/fstab.ansible mode=600 owner=tony group=webadmin' //复制文件至/tmp目录下,同时改变属主与属组及权限
172.17.21.206 | SUCCESS => {
"changed": true,
"checksum": "ae2e6cc8d564afbfacf4243c13c06820ed6428f1",
"gid": 983,
"group": "webadmin",
"mode": "0600",
"owner": "tony",
"path": "/tmp/fstab.ansible",
"size": 883,
"state": "file",
"uid": 1000
}
172.17.21.207 | SUCCESS => {
"changed": true,
"checksum": "ae2e6cc8d564afbfacf4243c13c06820ed6428f1",
"gid": 984,
"group": "webadmin",
"mode": "0600",
"owner": "tony",
"path": "/tmp/fstab.ansible",
"size": 883,
"state": "file",
"uid": 1000
}
[root@Node1 tmp]# ll /tmp/fstab.ansible //查看文件属性,进行验证
-rw------- 1 tony webadmin 883 Jan 22 17:37 /tmp/fstab.ansible
模块六:对远程文件管理的模块:file
获取帮助:ansible-doc -s file
模块参数详解:
owner:修改属主
group:修改属组
mode:修改权限
path=:要修改文件的路径
recurse:递归的设置文件的属性,只对目录有效
yes:表示使用递归设置
state:
touch:创建一个新的空文件
directory:创建一个新的目录,当目录存在时不会进行修改
link:创建软连接,结果src一起使用此选项才生效
hard:创建硬连接
absent:删除文件,目录,软连接
src:当state=link时,要被连接文件的源路径
[root@Node3 tmp]# ansible all -m file -a 'path=/tmp/tony.txt state=touch' //创建一个文件
172.17.21.206 | SUCCESS => {
"changed": true,
"dest": "/tmp/tony.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
172.17.21.207 | SUCCESS => {
"changed": true,
"dest": "/tmp/tony.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
[root@Node3 tmp]# ansible all -m file -a 'path=/tmp/tony.dir state=directory' //创建一个目录
172.17.21.206 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/tony.dir",
"size": 6,
"state": "directory",
"uid": 0
}
172.17.21.207 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/tony.dir",
"size": 6,
"state": "directory",
"uid": 0
}
[root@Node3 tmp]# ansible all -m file -a 'path=/tmp/tony.txt state=absent' //删除文件
172.17.21.207 | SUCCESS => {
"changed": true,
"path": "/tmp/tony.txt",
"state": "absent"
}
172.17.21.206 | SUCCESS => {
"changed": true,
"path": "/tmp/tony.txt",
"state": "absent"
}
[root@Node3 tmp]# ansible all -m file -a 'path=/tmp/tony.dir owner=tony group=tony recurse=yes' //递归改变目录的属主与属组
172.17.21.206 | SUCCESS => {
"changed": true,
"gid": 1000,
"group": "tony",
"mode": "0755",
"owner": "tony",
"path": "/tmp/tony.dir",
"size": 6,
"state": "directory",
"uid": 1000
}
172.17.21.207 | SUCCESS => {
"changed": true,
"gid": 1000,
"group": "tony",
"mode": "0755",
"owner": "tony",
"path": "/tmp/tony.dir",
"size": 6,
"state": "directory",
"uid": 1000
}
[root@Node3 tmp]# ansible all -m file -a 'src=/tmp/note.txt path=/tmp/notepad.txt state=link' //设置软连接
172.17.21.207 | SUCCESS => {
"changed": true,
"dest": "/tmp/notepad.txt",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 13,
"src": "/tmp/note.txt",
"state": "link",
"uid": 0
}
172.17.21.206 | SUCCESS => {
"changed": true,
"dest": "/tmp/notepad.txt",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 13,
"src": "/tmp/note.txt",
"state": "link",
"uid": 0
}
模块七:任务计划模块:cron
获取帮助:ansibe-doc -s cron
模块参数详解:
state:
present:创建任务
absent:删除任务
backup:对远程主机上的原任务计划内容修改之前做备份
job:要执行的任务
name:该任务的描述(必须项)
user:以哪个用户的身份运行
minute:分钟(0-59,*,*/2,……),不写默认为*
hour:小时(0-23,*,*/2,……),不写默认为*
day:日(1-31,*,*/2,……),不写默认为*
month:月(1-12,*,*/2,……),不写默认为*
weekday:周(0-7,*,……),不写默认为*
[root@Node3 ~]# ansible all -m cron -a 'name="sync time from ntpserver" minute=*/10 job="/usr/sbin/ntpdate edu.ntp.org.cn &> /dev/null"' //每十分钟同步一下时间 172.17.21.207 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "sync time from ntpserver" ] } 172.17.21.206 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "sync time from ntpserver" ] }
模块八:收集远程主机的信息:setup
收集可用的facts,收集每个节点的相关信息:架构信息,IP,时间,域名,网卡,MAC,主机名,CPU等信息。
这些收集的信息,可以作为变量
[root@Node3 ~]# ansible all -m setup [root@Node3 ~]# ansible all -m setup -a 'filter=ansible_*_mb' //获取内存信息 [root@Node3 ~]# ansible all -m setup -a 'filter=ansible_kernel' //获取内核信息 [root@Node3 ~]# ansible all -m setup -a 'filter=ansible_all_ipv4_addresses' //获取IPV4地址信息 [root@Node3 ~]# ansible all -m setup -a 'filter=ansible_nodename' //获取节点主机信息
模块九:在远程主机执行本地脚本:script
[root@Node3 tmp]# ansible all -m script -a '/tmp/test.sh' //向各节点执行脚本 172.17.21.206 | SUCCESS => { "changed": true, "rc": 0, "stderr": "Shared connection to 172.17.21.206 closed. ", "stdout": "", "stdout_lines": [] } 172.17.21.207 | SUCCESS => { "changed": true, "rc": 0, "stderr": "Shared connection to 172.17.21.207 closed. ", "stdout": "", "stdout_lines": []
[root@Node1 ~]# cat /tmp/test.txt //验证结果
Ansible to File
[root@Node1 ~]#
模块十:安装模块:yum
模块参数详解:
name:表示要安装软件包的名字,默认最新的程序包,指明要安装的程序包,可以带上版本号
state:表示是安装还卸载
present:默认的,表示为安装
latest:安装为最新的版本
absent:表示删除
[root@Node3 tmp]# ansible all -m yum -a 'name=httpd state=present' //安装httpd服务
[root@Node3 tmp]# ansible all -m yum -a 'name=httpd state=absent' //卸载httpd服
模块十一:服务模块:service
模块参数详解:
enabled:表示设置服务开机是否启动,取值为true或者false;enabled=yes
name=:表示要控制哪一个服务
state:
started:表示现在就启动此服务
stopped:表示现在关闭此服务
restarted:表示重启此服务
sleep:如果执行了restarted,在stop和start之间沉睡几秒
runlevel:定义在哪些级别可以自启动
arguments:表示向命令行传递的参数
[root@Node3 tmp]# ansible Webservers -m service -a 'enabled=on name=httpd state=started' //远程Web服务器安装httpd服务 [root@Node1 ~]# rpm -q nginx nginx-1.12.2-1.el7.x86_64 [root@Node1 ~]# systemctl list-unit-files | grep httpd //查看httpd服务是否开机自启动 httpd.service enabled [root@Node1 ~]# systemctl status nginx.service ● nginx.service - The nginx HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled) Active: inactive (dead) since Tue 2018-01-23 10:38:58 CST; 51s ago Main PID: 1355 (code=exited, status=0/SUCCESS) Jan 18 19:16:15 Node1.contoso.com systemd[1]: Starting The nginx HTTP and reverse proxy server... Jan 18 19:16:15 Node1.contoso.com nginx[1350]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok Jan 18 19:16:15 Node1.contoso.com nginx[1350]: nginx: configuration file /etc/nginx/nginx.conf test is successful Jan 18 19:16:16 Node1.contoso.com systemd[1]: Started The nginx HTTP and reverse proxy server. Jan 23 10:38:58 Node1.contoso.com systemd[1]: Stopping The nginx HTTP and reverse proxy server... Jan 23 10:38:58 Node1.contoso.com systemd[1]: Stopped The nginx HTTP and reverse proxy server. [root@Node1 ~]#
模块十二:获取远程文件信息: stat
stat 模块(获取远程文件状态信息,atime/ctime/mtime/md5/uid/gid 等信息)
[root@Node3 ~]# ansible all -m stat -a 'path=/etc/passwd'
stat 模块(获取远程文件状态信息,atime/ctime/mtime/md5/uid/gid 等信息)