Linux 7 Ansible 初学 配置被控制机器的 YUM 源

Posted Josh_Xie

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux 7 Ansible 初学 配置被控制机器的 YUM 源相关的知识,希望对你有一定的参考价值。

Linux 7 Ansible初学之配置被控制机器的 YUM 源

新建一个shell脚本,通过 ansible 的  yum_repository 模块,给每台被控制机器配置 YUM 源

[student@workstation ansible]$ cat yum_repo.sh 
#!/bin/bash

ansible all -m yum_repository -a name="add_repository" description="YUM REPO" baseurl="http://classroom.example.com/content/rhel7.6/x86_64/dvd/" enabled=yes gpgkey="http://classroom.example.com/content/rhel7.6/x86_64/dvd/RPM-GPG-KEY-redhat-release" gpgcheck=yes file=example
[student@workstation ansible]$ 

执行shell脚本

[student@workstation ansible]$ ./yum_repo.sh 
servera | CHANGED => {
    "changed": true, 
    "repo": "add_repository", 
    "state": "present"
}
serverb | CHANGED => {
    "changed": true, 
    "repo": "add_repository", 
    "state": "present"
}
serverc | CHANGED => {
    "changed": true, 
    "repo": "add_repository", 
    "state": "present"
}
serverd | CHANGED => {
    "changed": true, 
    "repo": "add_repository", 
    "state": "present"
}

查看执行的结果

[student@workstation ansible]$ ansible all -m shell -a cat /etc/yum.repos.d/example.repo
servera | CHANGED | rc=0 >>
[add_repository]
baseurl = http://classroom.example.com/content/rhel7.6/x86_64/dvd/
enabled = 1
gpgcheck = 1
gpgkey = http://classroom.example.com/content/rhel7.6/x86_64/dvd/RPM-GPG-KEY-redhat-release
name = YUM REPO

serverb | CHANGED | rc=0 >>
[add_repository]
baseurl = http://classroom.example.com/content/rhel7.6/x86_64/dvd/
enabled = 1
gpgcheck = 1
gpgkey = http://classroom.example.com/content/rhel7.6/x86_64/dvd/RPM-GPG-KEY-redhat-release
name = YUM REPO

serverd | CHANGED | rc=0 >>
[add_repository]
baseurl = http://classroom.example.com/content/rhel7.6/x86_64/dvd/
enabled = 1
gpgcheck = 1
gpgkey = http://classroom.example.com/content/rhel7.6/x86_64/dvd/RPM-GPG-KEY-redhat-release
name = YUM REPO

serverc | CHANGED | rc=0 >>
[add_repository]
baseurl = http://classroom.example.com/content/rhel7.6/x86_64/dvd/
enabled = 1
gpgcheck = 1
gpgkey = http://classroom.example.com/content/rhel7.6/x86_64/dvd/RPM-GPG-KEY-redhat-release
name = YUM REPO

对于不熟悉模块 yum_repository 可以通过查询如下帮助

[student@workstation ansible]$ ansible-doc yum_repository
> YUM_REPOSITORY    (/usr/lib/python2.7/site-packages/ansible/modules/packaging/

        Add or remove YUM repositories in RPM-based Linux
        distributions. If you wish to update an existing repository
        definition use [ini_file] instead.

OPTIONS (= is mandatory):

- async
        If set to `yes Yum will download packages and metadata from
        this repo in parallel, if possible.
        [Default: yes]
        type: bool

- attributes
        Attributes the file or directory should have. To get supported
        flags look at the man page for `chattr on the target system.
        This string should contain the attributes in the same order as
        the one displayed by `lsattr.
        `= operator is assumed as default, otherwise `+ or `-        operators need to be included in the string.
        (Aliases: attr)[Default: (null)]
        version_added: 2.3

- bandwidth
        Maximum available network bandwidth in bytes/second. Used with
        the `throttle option.
        If `throttle is a percentage and bandwidth is `0 then
        bandwidth throttling will be disabled. If `throttle is
        expressed as a data rate (bytes/sec) then this option is
        ignored. Default is `0 (no bandwidth throttling).
        [Default: 0]

- baseurl
        URL to the directory where the yum repositorys repodata        directory lives.
        It can also be a list of multiple URLs.
        This, the `metalink or `mirrorlist parameters are required
        if `state is set to `present.
        [Default: (null)]

- cost
        Relative cost of accessing this repository. Useful for
        weighing one repos packages as greater/less than any other.
        [Default: 1000]

- deltarpm_metadata_percentage
        When the relative size of deltarpm metadata vs pkgs is larger
        than this, deltarpm metadata is not downloaded from the repo.
        Note that you can give values over `100, so `200 means that
        the metadata is required to be half the size of the packages.
        Use `0 to turn off this check, and always download metadata.
        [Default: 100]

- deltarpm_percentage
        When the relative size of delta vs pkg is larger than this,
        delta is not used. Use `0 to turn off delta rpm processing.
        Local repositories (with file:// `baseurl‘) have delta rpms
        turned off by default.
        [Default: 75]

- description
        A human readable string describing the repository. This option
        corresponds to the "name" property in the repo file.
        This parameter is only required if `state is set to
        `present.
        [Default: (null)]

- enabled
        This tells yum whether or not use this repository.
        [Default: yes]
        type: bool

- enablegroups
        Determines whether yum will allow the use of package groups
        for this repository.
        [Default: yes]
        type: bool

- exclude
        List of packages to exclude from updates or installs. This
        should be a space separated list. Shell globs using wildcards
        (eg. `* and `?) are allowed.
        The list can also be a regular YAML array.
        [Default: (null)]

- failovermethod
        `roundrobin randomly selects a URL out of the list of URLs to
        start with and proceeds through each of them as it encounters
        a failure contacting the host.
        `priority starts from the first `baseurl listed and reads
        through them sequentially.
        (Choices: roundrobin, priority)[Default: roundrobin]

- file
        File name without the `.repo extension to save the repo in.
        Defaults to the value of `name.
        [Default: (null)]

- gpgcakey
        A URL pointing to the ASCII-armored CA key file for the
        repository.
        [Default: (null)]

- gpgcheck
        Tells yum whether or not it should perform a GPG signature
        check on packages.
        [Default: (null)]
        type: bool

- gpgkey
        A URL pointing to the ASCII-armored GPG key file for the
        repository.
        It can also be a list of multiple URLs.
        [Default: (null)]

- group
        Name of the group that should own the file/directory, as would
        be fed to `chown.
        [Default: (null)]

- http_caching
        Determines how upstream HTTP caches are instructed to handle
        any HTTP downloads that Yum does.
        `all means that all HTTP downloads should be cached.
        `packages means that only RPM package downloads should be
        cached (but not repository metadata downloads).
        `none means that no HTTP downloads should be cached.
        (Choices: all, packages, none)[Default: all]

- include
        Include external configuration file. Both, local path and URL
        is supported. Configuration file will be inserted at the
        position of the `include= line. Included files may contain
        further include lines. Yum will abort with an error if an
        inclusion loop is detected.
        [Default: (null)]

- includepkgs
        List of packages you want to only use from a repository. This
        should be a space separated list. Shell globs using wildcards
        (eg. `* and `?) are allowed. Substitution variables (e.g.
        `$releasever) are honored here.
        The list can also be a regular YAML array.
        [Default: (null)]

- ip_resolve
        Determines how yum resolves host names.
        `4 or `IPv4 - resolve to IPv4 addresses only.
        `6 or `IPv6 - resolve to IPv6 addresses only.
        (Choices: 4, 6, IPv4, IPv6, whatever)[Default: whatever]

- keepalive
        This tells yum whether or not HTTP/1.1 keepalive should be
        used with this repository. This can improve transfer speeds by
        using one connection when downloading multiple files from a
        repository.
        [Default: no]
        type: bool

- keepcache
        Either `1 or `0. Determines whether or not yum keeps the
        cache of headers and packages after successful installation.
        (Choices: 0, 1)[Default: 1]

- metadata_expire
        Time (in seconds) after which the metadata will expire.
        Default value is 6 hours.
        [Default: 21600]

- metadata_expire_filter
        Filter the `metadata_expire time, allowing a trade of speed
        for accuracy if a command doesnt require it. Each yum command
        can specify that it requires a certain level of timeliness
        quality from the remote repos. from "I‘m about to
        install/upgrade, so this better be current" to "Anything
        thats available is good enough".
        `never - Nothing is filtered, always obey `metadata_expire.
        `read-only:past - Commands that only care about past
        information are filtered from metadata expiring. Eg. `yum
        history info (if history needs to lookup anything about a
        previous transaction, then by definition the remote package
        was available in the past).
        `read-only:present - Commands that are balanced between past
        and future. Eg. `yum list yum.
        `read-only:future - Commands that are likely to result in
        running other commands which will require the latest metadata.
        Eg. `yum check-update.
        Note that this option does not override "yum clean expire-
        cache".
        (Choices: never, read-only:past, read-only:present, read-
        only:future)[Default: read-only:present]

- metalink
        Specifies a URL to a metalink file for the repomd.xml, a list
        of mirrors for the entire repository are generated by
        converting the mirrors for the repomd.xml file to a `baseurl.
        This, the `baseurl or `mirrorlist parameters are required if
        `state is set to `present.
        [Default: (null)]

- mirrorlist
        Specifies a URL to a file containing a list of baseurls.
        This, the `baseurl or `metalink parameters are required if
        `state is set to `present.
        [Default: (null)]

- mirrorlist_expire
        Time (in seconds) after which the mirrorlist locally cached
        will expire.
        Default value is 6 hours.
        [Default: 21600]

- mode
        Mode the file or directory should be. For those used to
        `/usr/bin/chmod remember that modes are actually octal
        numbers. You must either add a leading zero so that Ansibles
        YAML parser knows it is an octal number (like `0644 or
        `01777) or quote it (like `644‘‘ or `1777‘‘) so Ansible
        receives a string and can do its own conversion from string
        into number.  Giving Ansible a number without following one of
        these rules will end up with a decimal number which will have
        unexpected results. As of version 1.8, the mode may be
        specified as a symbolic mode (for example, `u+rwx or
        `u=rw,g=r,o=r).
        [Default: (null)]

= name
        Unique repository ID. This option builds the section name of
        the repository in the repo file.
        This parameter is only required if `state is set to `present
        or `absent.


- owner
        Name of the user that should own the file/directory, as would
        be fed to `chown.
        [Default: (null)]

- password
        Password to use with the username for basic authentication.
        [Default: (null)]

- priority
        Enforce ordered protection of repositories. The value is an
        integer from 1 to 99.
        This option only works if the YUM Priorities plugin is
        installed.
        [Default: 99]

- protect
        Protect packages from updates from other repositories.
        [Default: no]
        type: bool

- proxy
        URL to the proxy server that yum should use. Set to `_none_        to disable the global proxy setting.
        [Default: (null)]

- proxy_password
        Username to use for proxy.
        [Default: (null)]

- proxy_username
        Password for this proxy.
        [Default: (null)]

- repo_gpgcheck
        This tells yum whether or not it should perform a GPG
        signature check on the repodata from this repository.
        [Default: no]
        type: bool

- reposdir
        Directory where the `.repo files will be stored.
        [Default: /etc/yum.repos.d]

- retries
        Set the number of times any attempt to retrieve a file should
        retry before returning an error. Setting this to `0 makes yum
        try forever.
        [Default: 10]

- s3_enabled
        Enables support for S3 repositories.
        This option only works if the YUM S3 plugin is installed.
        [Default: no]
        type: bool

- selevel
        Level part of the SELinux file context. This is the MLS/MCS
        attribute, sometimes known as the `range. `_default feature
        works as for `seuser.
        [Default: s0]

- serole
        Role part of SELinux file context, `_default feature works as
        for `seuser.
        [Default: (null)]

- setype
        Type part of SELinux file context, `_default feature works as
        for `seuser.
        [Default: (null)]

- seuser
        User part of SELinux file context. Will default to system
        policy, if applicable. If set to `_default, it will use the
        `user portion of the policy if available.
        [Default: (null)]

- skip_if_unavailable
        If set to `yes yum will continue running if this repository
        cannot be contacted for any reason. This should be set
        carefully as all repos are consulted for any given command.
        [Default: no]
        type: bool

- ssl_check_cert_permissions
        Whether yum should check the permissions on the paths for the
        certificates on the repository (both remote and local).
        If we cant read any of the files then yum will force
        `skip_if_unavailable to be `yes. This is most useful for
        non-root processes which use yum on repos that have client
        cert files which are readable only by root.
        [Default: no]
        type: bool

- sslcacert
        Path to the directory containing the databases of the
        certificate authorities yum should use to verify SSL
        certificates.
        [Default: (null)]

- sslclientcert
        Path to the SSL client certificate yum should use to connect
        to repos/remote sites.
        [Default: (null)]

- sslclientkey
        Path to the SSL client key yum should use to connect to
        repos/remote sites.
        [Default: (null)]

- sslverify
        Defines whether yum should verify SSL certificates/hosts at
        all.
        [Default: yes]
        type: bool

- state
        State of the repo file.
        (Choices: absent, present)[Default: present]

- throttle
        Enable bandwidth throttling for downloads.
        This option can be expressed as a absolute data rate in
        bytes/sec. An SI prefix (k, M or G) may be appended to the
        bandwidth value.
        [Default: (null)]

- timeout
        Number of seconds to wait for a connection before timing out.
        [Default: 30]

- ui_repoid_vars
        When a repository id is displayed, append these yum variables
        to the string if they are used in the `baseurl/etc. Variables
        are appended in the order listed (and found).
        [Default: releasever basearch]

- unsafe_writes
        By default this module uses atomic operations to prevent data
        corruption or inconsistent reads from the target files, but
        sometimes systems are configured or just broken in ways that
        prevent this. One example is docker mounted files, which
        cannot be updated atomically from inside the container and can
        only be written in an unsafe manner.
        This option allows Ansible to fall back to unsafe methods of
        updating files when atomic operations fail (however, it
        doesnt force Ansible to perform unsafe writes). IMPORTANT!
        Unsafe writes are subject to race conditions and can lead to
        data corruption.
        [Default: no]
        type: bool
        version_added: 2.2

- username
        Username to use for basic authentication to a repo or really
        any url.
        [Default: (null)]


NOTES:
      * All comments will be removed if modifying an existing
        repo file.
      * Section order is preserved in an existing repo file.
      * Parameters in a section are ordered alphabetically in an
        existing repo file.
      * The repo file will be automatically deleted if it
        contains no repository.
      * When removing a repository, beware that the metadata
        cache may still remain on disk until you run `yum clean
        all. Use a notification handler for this.
      * The `params parameter was removed in Ansible 2.5 due to
        circumventing Ansibles parameter handling

AUTHOR: Jiri Tyr (@jtyr)
        METADATA:
          status:
          - stableinterface
          supported_by: core
        

EXAMPLES:
- name: Add repository
  yum_repository:
    name: epel
    description: EPEL YUM repo
    baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/

- name: Add multiple repositories into the same file (1/2)
  yum_repository:
    name: epel
    description: EPEL YUM repo
    file: external_repos
    baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
    gpgcheck: no

- name: Add multiple repositories into the same file (2/2)
  yum_repository:
    name: rpmforge
    description: RPMforge YUM repo
    file: external_repos
    baseurl: http://apt.sw.be/redhat/el7/en/$basearch/rpmforge
    mirrorlist: http://mirrorlist.repoforge.org/el7/mirrors-rpmforge
    enabled: no

# Handler showing how to clean yum metadata cache
- name: yum-clean-metadata
  command: yum clean metadata
  args:
    warn: no

# Example removing a repository and cleaning up metadata cache
- name: Remove repository (and clean up left-over metadata)
  yum_repository:
    name: epel
    state: absent
  notify: yum-clean-metadata

- name: Remove repository from a specific repo file
  yum_repository:
    name: epel
    file: external_repos
    state: absent

RETURN VALUES:


repo:
    description: repository name
    returned: success
    type: string
    sample: "epel"
state:
    description: state of the target, after execution
    returned: success
    type: string
    sample: "present"

(END)

 

以上是关于Linux 7 Ansible 初学 配置被控制机器的 YUM 源的主要内容,如果未能解决你的问题,请参考以下文章

linux下配置ansible

Ansible架构介绍及部署

初学ANSIBLE

Ansible系列-基础篇-Ansible 的安装、配置和基本使用

自动化工具Ansible

linux系统ansible一键完成三大服务器基础配置(剧本)