Linux 7 Ansible初学之配置被控制机器的 YUM 源
新建一个shell脚本,通过 ansible 的 yum_repository 模块,给每台被控制机器配置 YUM 源
[student@workstation ansible]$ cat yum_repo.sh #!/bin/bash ansible all -m yum_repository -a 'name="add_repository" description="YUM REPO" baseurl="http://classroom.example.com/content/rhel7.6/x86_64/dvd/" enabled=yes gpgkey="http://classroom.example.com/content/rhel7.6/x86_64/dvd/RPM-GPG-KEY-redhat-release" gpgcheck=yes file=example' [student@workstation ansible]$
执行shell脚本
[student@workstation ansible]$ ./yum_repo.sh servera | CHANGED => { "changed": true, "repo": "add_repository", "state": "present" } serverb | CHANGED => { "changed": true, "repo": "add_repository", "state": "present" } serverc | CHANGED => { "changed": true, "repo": "add_repository", "state": "present" } serverd | CHANGED => { "changed": true, "repo": "add_repository", "state": "present" }
查看执行的结果
[student@workstation ansible]$ ansible all -m shell -a 'cat /etc/yum.repos.d/example.repo' servera | CHANGED | rc=0 >> [add_repository] baseurl = http://classroom.example.com/content/rhel7.6/x86_64/dvd/ enabled = 1 gpgcheck = 1 gpgkey = http://classroom.example.com/content/rhel7.6/x86_64/dvd/RPM-GPG-KEY-redhat-release name = YUM REPO serverb | CHANGED | rc=0 >> [add_repository] baseurl = http://classroom.example.com/content/rhel7.6/x86_64/dvd/ enabled = 1 gpgcheck = 1 gpgkey = http://classroom.example.com/content/rhel7.6/x86_64/dvd/RPM-GPG-KEY-redhat-release name = YUM REPO serverd | CHANGED | rc=0 >> [add_repository] baseurl = http://classroom.example.com/content/rhel7.6/x86_64/dvd/ enabled = 1 gpgcheck = 1 gpgkey = http://classroom.example.com/content/rhel7.6/x86_64/dvd/RPM-GPG-KEY-redhat-release name = YUM REPO serverc | CHANGED | rc=0 >> [add_repository] baseurl = http://classroom.example.com/content/rhel7.6/x86_64/dvd/ enabled = 1 gpgcheck = 1 gpgkey = http://classroom.example.com/content/rhel7.6/x86_64/dvd/RPM-GPG-KEY-redhat-release name = YUM REPO
对于不熟悉模块 yum_repository 可以通过查询如下帮助
[student@workstation ansible]$ ansible-doc yum_repository > YUM_REPOSITORY (/usr/lib/python2.7/site-packages/ansible/modules/packaging/ Add or remove YUM repositories in RPM-based Linux distributions. If you wish to update an existing repository definition use [ini_file] instead. OPTIONS (= is mandatory): - async If set to `yes' Yum will download packages and metadata from this repo in parallel, if possible. [Default: yes] type: bool - attributes Attributes the file or directory should have. To get supported flags look at the man page for `chattr' on the target system. This string should contain the attributes in the same order as the one displayed by `lsattr'. `=' operator is assumed as default, otherwise `+' or `-' operators need to be included in the string. (Aliases: attr)[Default: (null)] version_added: 2.3 - bandwidth Maximum available network bandwidth in bytes/second. Used with the `throttle' option. If `throttle' is a percentage and bandwidth is `0' then bandwidth throttling will be disabled. If `throttle' is expressed as a data rate (bytes/sec) then this option is ignored. Default is `0' (no bandwidth throttling). [Default: 0] - baseurl URL to the directory where the yum repository's 'repodata' directory lives. It can also be a list of multiple URLs. This, the `metalink' or `mirrorlist' parameters are required if `state' is set to `present'. [Default: (null)] - cost Relative cost of accessing this repository. Useful for weighing one repo's packages as greater/less than any other. [Default: 1000] - deltarpm_metadata_percentage When the relative size of deltarpm metadata vs pkgs is larger than this, deltarpm metadata is not downloaded from the repo. Note that you can give values over `100', so `200' means that the metadata is required to be half the size of the packages. Use `0' to turn off this check, and always download metadata. [Default: 100] - deltarpm_percentage When the relative size of delta vs pkg is larger than this, delta is not used. Use `0' to turn off delta rpm processing. Local repositories (with file:// `baseurl') have delta rpms turned off by default. [Default: 75] - description A human readable string describing the repository. This option corresponds to the "name" property in the repo file. This parameter is only required if `state' is set to `present'. [Default: (null)] - enabled This tells yum whether or not use this repository. [Default: yes] type: bool - enablegroups Determines whether yum will allow the use of package groups for this repository. [Default: yes] type: bool - exclude List of packages to exclude from updates or installs. This should be a space separated list. Shell globs using wildcards (eg. `*' and `?') are allowed. The list can also be a regular YAML array. [Default: (null)] - failovermethod `roundrobin' randomly selects a URL out of the list of URLs to start with and proceeds through each of them as it encounters a failure contacting the host. `priority' starts from the first `baseurl' listed and reads through them sequentially. (Choices: roundrobin, priority)[Default: roundrobin] - file File name without the `.repo' extension to save the repo in. Defaults to the value of `name'. [Default: (null)] - gpgcakey A URL pointing to the ASCII-armored CA key file for the repository. [Default: (null)] - gpgcheck Tells yum whether or not it should perform a GPG signature check on packages. [Default: (null)] type: bool - gpgkey A URL pointing to the ASCII-armored GPG key file for the repository. It can also be a list of multiple URLs. [Default: (null)] - group Name of the group that should own the file/directory, as would be fed to `chown'. [Default: (null)] - http_caching Determines how upstream HTTP caches are instructed to handle any HTTP downloads that Yum does. `all' means that all HTTP downloads should be cached. `packages' means that only RPM package downloads should be cached (but not repository metadata downloads). `none' means that no HTTP downloads should be cached. (Choices: all, packages, none)[Default: all] - include Include external configuration file. Both, local path and URL is supported. Configuration file will be inserted at the position of the `include=' line. Included files may contain further include lines. Yum will abort with an error if an inclusion loop is detected. [Default: (null)] - includepkgs List of packages you want to only use from a repository. This should be a space separated list. Shell globs using wildcards (eg. `*' and `?') are allowed. Substitution variables (e.g. `$releasever') are honored here. The list can also be a regular YAML array. [Default: (null)] - ip_resolve Determines how yum resolves host names. `4' or `IPv4' - resolve to IPv4 addresses only. `6' or `IPv6' - resolve to IPv6 addresses only. (Choices: 4, 6, IPv4, IPv6, whatever)[Default: whatever] - keepalive This tells yum whether or not HTTP/1.1 keepalive should be used with this repository. This can improve transfer speeds by using one connection when downloading multiple files from a repository. [Default: no] type: bool - keepcache Either `1' or `0'. Determines whether or not yum keeps the cache of headers and packages after successful installation. (Choices: 0, 1)[Default: 1] - metadata_expire Time (in seconds) after which the metadata will expire. Default value is 6 hours. [Default: 21600] - metadata_expire_filter Filter the `metadata_expire' time, allowing a trade of speed for accuracy if a command doesn't require it. Each yum command can specify that it requires a certain level of timeliness quality from the remote repos. from "I'm about to install/upgrade, so this better be current" to "Anything that's available is good enough". `never' - Nothing is filtered, always obey `metadata_expire'. `read-only:past' - Commands that only care about past information are filtered from metadata expiring. Eg. `yum history' info (if history needs to lookup anything about a previous transaction, then by definition the remote package was available in the past). `read-only:present' - Commands that are balanced between past and future. Eg. `yum list yum'. `read-only:future' - Commands that are likely to result in running other commands which will require the latest metadata. Eg. `yum check-update'. Note that this option does not override "yum clean expire- cache". (Choices: never, read-only:past, read-only:present, read- only:future)[Default: read-only:present] - metalink Specifies a URL to a metalink file for the repomd.xml, a list of mirrors for the entire repository are generated by converting the mirrors for the repomd.xml file to a `baseurl'. This, the `baseurl' or `mirrorlist' parameters are required if `state' is set to `present'. [Default: (null)] - mirrorlist Specifies a URL to a file containing a list of baseurls. This, the `baseurl' or `metalink' parameters are required if `state' is set to `present'. [Default: (null)] - mirrorlist_expire Time (in seconds) after which the mirrorlist locally cached will expire. Default value is 6 hours. [Default: 21600] - mode Mode the file or directory should be. For those used to `/usr/bin/chmod' remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like `0644' or `01777') or quote it (like `'644'' or `'1777'') so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results. As of version 1.8, the mode may be specified as a symbolic mode (for example, `u+rwx' or `u=rw,g=r,o=r'). [Default: (null)] = name Unique repository ID. This option builds the section name of the repository in the repo file. This parameter is only required if `state' is set to `present' or `absent'. - owner Name of the user that should own the file/directory, as would be fed to `chown'. [Default: (null)] - password Password to use with the username for basic authentication. [Default: (null)] - priority Enforce ordered protection of repositories. The value is an integer from 1 to 99. This option only works if the YUM Priorities plugin is installed. [Default: 99] - protect Protect packages from updates from other repositories. [Default: no] type: bool - proxy URL to the proxy server that yum should use. Set to `_none_' to disable the global proxy setting. [Default: (null)] - proxy_password Username to use for proxy. [Default: (null)] - proxy_username Password for this proxy. [Default: (null)] - repo_gpgcheck This tells yum whether or not it should perform a GPG signature check on the repodata from this repository. [Default: no] type: bool - reposdir Directory where the `.repo' files will be stored. [Default: /etc/yum.repos.d] - retries Set the number of times any attempt to retrieve a file should retry before returning an error. Setting this to `0' makes yum try forever. [Default: 10] - s3_enabled Enables support for S3 repositories. This option only works if the YUM S3 plugin is installed. [Default: no] type: bool - selevel Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the `range'. `_default' feature works as for `seuser'. [Default: s0] - serole Role part of SELinux file context, `_default' feature works as for `seuser'. [Default: (null)] - setype Type part of SELinux file context, `_default' feature works as for `seuser'. [Default: (null)] - seuser User part of SELinux file context. Will default to system policy, if applicable. If set to `_default', it will use the `user' portion of the policy if available. [Default: (null)] - skip_if_unavailable If set to `yes' yum will continue running if this repository cannot be contacted for any reason. This should be set carefully as all repos are consulted for any given command. [Default: no] type: bool - ssl_check_cert_permissions Whether yum should check the permissions on the paths for the certificates on the repository (both remote and local). If we can't read any of the files then yum will force `skip_if_unavailable' to be `yes'. This is most useful for non-root processes which use yum on repos that have client cert files which are readable only by root. [Default: no] type: bool - sslcacert Path to the directory containing the databases of the certificate authorities yum should use to verify SSL certificates. [Default: (null)] - sslclientcert Path to the SSL client certificate yum should use to connect to repos/remote sites. [Default: (null)] - sslclientkey Path to the SSL client key yum should use to connect to repos/remote sites. [Default: (null)] - sslverify Defines whether yum should verify SSL certificates/hosts at all. [Default: yes] type: bool - state State of the repo file. (Choices: absent, present)[Default: present] - throttle Enable bandwidth throttling for downloads. This option can be expressed as a absolute data rate in bytes/sec. An SI prefix (k, M or G) may be appended to the bandwidth value. [Default: (null)] - timeout Number of seconds to wait for a connection before timing out. [Default: 30] - ui_repoid_vars When a repository id is displayed, append these yum variables to the string if they are used in the `baseurl'/etc. Variables are appended in the order listed (and found). [Default: releasever basearch] - unsafe_writes By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target files, but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted files, which cannot be updated atomically from inside the container and can only be written in an unsafe manner. This option allows Ansible to fall back to unsafe methods of updating files when atomic operations fail (however, it doesn't force Ansible to perform unsafe writes). IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption. [Default: no] type: bool version_added: 2.2 - username Username to use for basic authentication to a repo or really any url. [Default: (null)] NOTES: * All comments will be removed if modifying an existing repo file. * Section order is preserved in an existing repo file. * Parameters in a section are ordered alphabetically in an existing repo file. * The repo file will be automatically deleted if it contains no repository. * When removing a repository, beware that the metadata cache may still remain on disk until you run `yum clean all'. Use a notification handler for this. * The `params' parameter was removed in Ansible 2.5 due to circumventing Ansible's parameter handling AUTHOR: Jiri Tyr (@jtyr) METADATA: status: - stableinterface supported_by: core EXAMPLES: - name: Add repository yum_repository: name: epel description: EPEL YUM repo baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/ - name: Add multiple repositories into the same file (1/2) yum_repository: name: epel description: EPEL YUM repo file: external_repos baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/ gpgcheck: no - name: Add multiple repositories into the same file (2/2) yum_repository: name: rpmforge description: RPMforge YUM repo file: external_repos baseurl: http://apt.sw.be/redhat/el7/en/$basearch/rpmforge mirrorlist: http://mirrorlist.repoforge.org/el7/mirrors-rpmforge enabled: no # Handler showing how to clean yum metadata cache - name: yum-clean-metadata command: yum clean metadata args: warn: no # Example removing a repository and cleaning up metadata cache - name: Remove repository (and clean up left-over metadata) yum_repository: name: epel state: absent notify: yum-clean-metadata - name: Remove repository from a specific repo file yum_repository: name: epel file: external_repos state: absent RETURN VALUES: repo: description: repository name returned: success type: string sample: "epel" state: description: state of the target, after execution returned: success type: string sample: "present" (END)