ansible基础-模块-playbook-roles角色

Posted goonxiaoqi

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ansible基础-模块-playbook-roles角色相关的知识,希望对你有一定的参考价值。

1、安装:

 wget https://mirrors.aliyun.com/centos/7/os/x86_64/Packages/yum-metadata-parser-1.1.4-10.el7.x86_64.rpm

 rpm -ivh *.rpm  --nodeps --force 这里我选择强制安装不考虑依赖 (线上注意处理掉依赖问题

 yum -y install epel-release

 yum -y install ansible

 ansible --version #测试如果显示版本 既安装成功

密钥小插曲:

????非交互式传公钥

 ssh-keygen -f /root/.ssh/id_rsa -N ""

 -f 指定私钥存放路径

 -N "" 新密码设置 “为空” 

[root@ansible .ssh]# sshpass -p123123 ssh-copy-id -i /root/.ssh/id_rsa.pub "root@192.168.31.102 -o StrictHostKeyChecking=no" 
Warning: Permanently added ‘192.168.31.102‘ (RSA) to the list of known hosts.
Now try logging into the machine, with "ssh ‘root@192.168.31.102 -o StrictHostKeyChecking=no‘", and check in:

  .ssh/authorized_keys

to make sure we haven‘t added extra keys that you weren‘t expecting.

 测试:

[root@ansible .ssh]# for ip in `seq 101 104`;do    
> ssh root@192.168.31.$ip "hostname"
> done
node1
node4
node2
node3

2、主机清单(inventory)

??Inventory主机清单

ansible的主要功能用于批量主机操作,为了便捷地使用其中的部分主机,可以在inventory file中将其分组命名

??默认的inventory file为/etc/ansible/hosts

??inventory file 可以有多个,且也可以通过Dynamic(动态) Inventory 来动态生成

 可以设置分组 /etc/ansible/hosts  

[testhost] #组1
192.168.1.4:222   #为了服务器安全问题 可能会修改端口号 配置文件中这么定义
192.168.1.6
192.168.1.8

[gamedb] #组2
192.168.1.5
192.168.1.11

[gameserver] #组3
192.168.1.[0:254] #整个网段

[logdb] #组4
db-[a:f].example.com #a-f 所有的主机

 例子:

[root@ansible .ssh]# ansible testhost -m ping
192.168.1.6 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.1.8 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.1.4 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

 ansible配置文件

 /etc/ansible/ansible.cfg  说一下默认配置

[defaults]

# some basic default values...

#inventory      = /etc/ansible/hosts  #主机清单
#library        = /usr/share/my_modules/  #库
#module_utils   = /usr/share/my_module_utils/  #模块路径
#remote_tmp     = ~/.ansible/tmp  #临时py命令文件存放在远程主机目录
#local_tmp      = ~/.ansible/tmp  #本地的临时命令执行目录
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml #插件配置文件
#forks          = 5   #同时执行5个命令
#poll_interval  = 15  #15秒拉一起数据
#sudo_user      = root  #链接到对象可以切换到root 用sudo命令
#ask_sudo_pass = True    #sudo口令
#ask_pass      = True    #是否支持用户口令
#transport      = smart    #传输 用的不多
#remote_port    = 22      #默认22
#module_lang    = C      #语言
#module_set_locale = False 
#host_key_checking = Fales  #检查对应服务器的host_key,建议取消注视
#log_pah = /var/log/ansible.log  #日志文件 建议取消注视

3、ansible系列命令

??ansible-doc :显示模块帮助

  ansible-doc[options][module...]

  -a    显示所有模块的文档  #很多 很慢

  -l,--list  列出可用模块  #很多 还行

  -s,--snippet 显示指定模块的playbook片段

例子

[root@ansible log]# ansible-doc -s ping #ansible -a 还有ansible -l 就不展示了 太长了
- name: Try to connect to host, verify a usable python and return `pong‘ on success
  ping:
      data:                  # Data to return for the `ping‘ return value. If this
                               parameter is set to
                               `crash‘, the module will
                               cause an exception.
[root@ansible log]# 

??ansible通过ssh实现配 置管理、应用部署、任务执行等功能,建议配置ansible端能基于密钥认证的方式联系各被管理节点

ansible <host-pattern> [-m module_name] [-a args]

  --version 版本信息

  m moule模块,默认为command

  -v 详细过程 -vv -vvv更详细

  --list-host 显示主机列表,可简写--list

  -k,--ask-pass 提示输入ssh链接密码 默认Kay验证

  -K,--ask-become-pass 提示输入sudo时口令

  -C,--check  检查并不执行

  -T,--timeout=TIMEOUT  执行命令的超时时间,默认10s

  -u, --user=REMOTE_USER  执行远程执行得用户

  -b,--become    代替旧版的sudo切换

例子:

[root@ansible log]# ansible all -u ygcn -bKk -m command -a "ls /root" 
SSH password:  #ygcn密码
SUDO password[defaults to SSH password]: # sudo密码
192.168.1.6 | SUCCESS | rc=0 >>
anaconda-ks.cfg
apache-tomcat-8.0.48.tar.gz
install.log
install.log.syslog
jdk-8u25-linux-x64.rpm

192.168.1.8 | SUCCESS | rc=0 >>
anaconda-ks.cfg
install.log
install.log.syslog

192.168.1.4 | SUCCESS | rc=0 >>
anaconda-ks.cfg
install.log
install.log.syslog
[root@ansible log]#
各位如果执行失败,权限问题。ygcn没有sudo的权限
命令:visudo 
## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL #取消本行注视

usermod -aG wheel ygcn #把用户加入组中

 ??小技巧:如果visudo或者vim 没有颜色  执行下面两条即可 

  echo export EDITOR=vim >> /etc/profile.d/env.sh

   . /etc/profile.d/env.sh 

4、ansible的Host-pattern(ansible主机模式)

1、ALL :表示所有Inventory中的所有主机

  例子:ansible all -m ping

[root@ansible ~]# cat /etc/ansible/hosts |tail -n 8
[webserver]
192.168.1.10
192.168.1.6
[dbserver]
192.168.1.8
192.168.1.6
[root@ansible ~]# ansible all -m ping 
192.168.1.8 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.1.10 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.1.6 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
} 

2、*   :通配符

  例子:ansible  "*" -m ping   #匹配所有

[root@ansible ~]# cat /etc/ansible/hosts |tail -n 8
[webserver]
192.168.1.10
192.168.1.6
[dbserver]
192.168.1.8
192.168.1.6
[root@ansible ~]# ansible "*" -m ping 
192.168.1.8 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.1.6 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.1.10 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

3、 或关系

  例子:ansible "webservs:appsrvs" -m ping

     ansible "192.168.1.10:192.168.1.20" -m ping

[root@ansible ~]# cat /etc/ansible/hosts |tail -n 8
[webserver]
192.168.1.10
192.168.1.6
[dbserver]
192.168.1.8
192.168.1.6
[root@ansible ~]# ansible "webserver:dbserver" -m ping 
192.168.1.8 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.1.6 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.1.10 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

4、逻辑与

  例子:ansible "webservs:&dservs" -m ping  # 在webservs组并且在dbservs中的主机  两台机器同时拥有的

[root@ansible ~]# cat /etc/ansible/hosts |tail -n 8
[webserver]
192.168.1.10
192.168.1.6
[dbserver]
192.168.1.8
192.168.1.6
[root@ansible ~]# ansible "webserver:&dbserver" -m ping  #可以理解为交集
192.168.1.6 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}  

5、逻辑非

  例子:ansible ‘webservs:!dservs‘ -m ping # 在sebsrvs组,但是不在dbservs组中的主机 #注意:此处为单引号

[root@ansible ~]# cat /etc/ansible/hosts |tail -n 8
[webserver]
192.168.1.10
192.168.1.6
[dbserver]
192.168.1.8
192.168.1.6
[root@ansible ~]# ansible ‘webserver:!dbserver‘ -m ping  #注意单引号
192.168.1.10 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

6、综合逻辑

  例子:ansible ‘webservs:dbservs:&appsrvs:!ftpsrvs‘ -m ping

      webservs或者dbservs并且appsrvs而且还不能在ftpsrvs

      比较复杂一般生产中不会这么用

7、正则表达式

  例子:ansible "websrvs:&dbsrvs" -m ping

     ansible "~(web|db).*.magedu.com" -m ping 

      匹配 web或者db 已magede和.com结尾的

[root@ansible ~]# cat /etc/ansible/hosts |tail -n 8
[webserver]
192.168.1.10
192.168.1.6
[dbserver]
192.168.1.8
192.168.1.6
[root@ansible ~]# ansible ‘~(web|db)server‘ -m ping 
192.168.1.6 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.1.10 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.1.8 | SUCCESS => {
    "changed": false, 
    "ping": "pong"

5、ansible 命令执行过程

??ansible命令执行过程

 1.加载自己的配置文件 默认/etc/ansible/ansible.cfg

 2.加载自己对应的模块文件 如command

 3.通过ansible将模块或命令生成对应的临时py文件,并将该文件传输至远程服务器的对应执行用户$HOME/.ansible/tmp/ansible-tmp-数字/xxx.py文件

   4.给文件加执行权限 执行

   5.执行并返回结果

   6.删除临时py文件,sleep 0 推出

??执行状态:

  1.绿色:执行成功并且不需要做改变的操作

  2.黄色:执行成功并且对目标主机做变更

  3.红色:执行失败

6、ansible 常用模块

ansible支持的模块很多,我们并不需要把每个模块都记住,而需要熟悉一些常见的模块,其他的模块在需要用到时在查询即可。

ansible用法:

  ansible 机器 -m 模块 -a ‘模块参数

  基本格式:ansible 操作的机器名或组 -m 模块名字 -a ‘参数1=值1 参数2=值2 ......

??hostname模块

 ansible 192.168.31.101 -m hostname -a ‘name=tyschool_node1

 修改机器31.101 hostname设置为tyschool_node1

[root@ansible .ssh]# ansible 192.168.31.101 -m hostname -a ‘name=tyschool_node1‘
192.168.31.101 | SUCCESS => {
    "ansible_facts": {
        "ansible_domain": "", 
        "ansible_fqdn": "tyschool_node1", 
        "ansible_hostname": "tyschool_node1", 
        "ansible_nodename": "tyschool_node1"
    }, 
    "changed": true, 
    "name": "tyschool_node1"
}

??file(重点)模块

file模块用于对文件或文件夹相关的操作,主要用来设置文件、链接、目录的属性,或者移除文件、链接、目录,很多其他的模块也会包含这种作用。如copyassemble emplate

path

文件路径

state

操作(touch文件新建、absent删除、link软连接、hard硬链接、directory目录创建)

owner

设置所有者

group

设置所属的组

mode

权限 0000

recurse

递归 yes or no

创建文件:ansible all -m file -a ‘path=/opt/ytschool state=touch‘

192.168.31.101 | SUCCESS => {
    "changed": true, 
    "dest": "/opt/ytschool", 
    "gid": 0, 
    "group": "root", 
    "mode": "0644", 
    "owner": "root", 
    "size": 0, 
    "state": "file", 
    "uid": 0
}

 删除文件:ansible all -m file -a ‘path=/opt/ytschool state=absent‘

[root@ansible .ssh]# ansible all -m file -a ‘path=/opt/ytschool state=absent‘
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "path": "/opt/ytschool", 
    "state": "absent"
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "path": "/opt/ytschool", 
    "state": "absent"
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "path": "/opt/ytschool", 
    "state": "absent"
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "path": "/opt/ytschool", 
    "state": "absent"
}

文件权限:ansible all -m file -a ‘path=/opt/ytschool owner=ygcn group=nobody mode=0600‘

[root@ansible .ssh]# ansible all -m file -a ‘path=/opt/ytschool owner=ygcn group=nobody mode=0600‘
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "gid": 99, 
    "group": "nobody", 
    "mode": "0600", 
    "owner": "ygcn", 
    "path": "/opt/ytschool", 
    "size": 0, 
    "state": "file", 
    "uid": 500
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "gid": 99, 
    "group": "nobody", 
    "mode": "0600", 
    "owner": "ygcn", 
    "path": "/opt/ytschool", 
    "size": 0, 
    "state": "file", 
    "uid": 500
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "gid": 99, 
    "group": "nobody", 
    "mode": "0600", 
    "owner": "ygcn", 
    "path": "/opt/ytschool", 
    "size": 0, 
    "state": "file", 
    "uid": 500
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "gid": 99, 
    "group": "nobody", 
    "mode": "0600", 
    "owner": "ygcn", 
    "path": "/opt/ytschool", 
    "size": 0, 
    "state": "file", 
    "uid": 500
}

创建链接文件[软硬]: ansible all -m file -a ‘src=/opt/ytschool path=/opt/tmp_school state=link‘

            ansible all -m file -a ‘src=/opt/ytschool path=/opt/tmp_school_ying state=hard‘

[root@ansible .ssh]# ansible all -m file -a ‘src=/opt/ytschool path=/opt/tmp_school state=link‘
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "dest": "/opt/tmp_school", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "size": 13, 
    "src": "/opt/ytschool", 
    "state": "link", 
    "uid": 0
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "dest": "/opt/tmp_school", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "size": 13, 
    "src": "/opt/ytschool", 
    "state": "link", 
    "uid": 0
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "dest": "/opt/tmp_school", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "size": 13, 
    "src": "/opt/ytschool", 
    "state": "link", 
    "uid": 0
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "dest": "/opt/tmp_school", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "size": 13, 
    "src": "/opt/ytschool", 
    "state": "link", 
    "uid": 0
}
[root@ansible .ssh]# ansible all -m file -a ‘src=/opt/ytschool path=/opt/tmp_school_ying state=hard‘
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "dest": "/opt/tmp_school_ying", 
    "gid": 99, 
    "group": "nobody", 
    "mode": "0600", 
    "owner": "ygcn", 
    "size": 0, 
    "src": "/opt/ytschool", 
    "state": "hard", 
    "uid": 500
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "dest": "/opt/tmp_school_ying", 
    "gid": 99, 
    "group": "nobody", 
    "mode": "0600", 
    "owner": "ygcn", 
    "size": 0, 
    "src": "/opt/ytschool", 
    "state": "hard", 
    "uid": 500
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "dest": "/opt/tmp_school_ying", 
    "gid": 99, 
    "group": "nobody", 
    "mode": "0600", 
    "owner": "ygcn", 
    "size": 0, 
    "src": "/opt/ytschool", 
    "state": "hard", 
    "uid": 500
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "dest": "/opt/tmp_school_ying", 
    "gid": 99, 
    "group": "nobody", 
    "mode": "0600", 
    "owner": "ygcn", 
    "size": 0, 
    "src": "/opt/ytschool", 
    "state": "hard", 
    "uid": 500
}

创建目录:ansible all -m file -a ‘path=/tmp/tyschool123 state=directory‘

[root@ansible .ssh]# ansible all -m file -a ‘path=/tmp/tyschool123 state=directory‘
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0755", 
    "owner": "root", 
    "path": "/tmp/tyschool123", 
    "size": 4096, 
    "state": "directory", 
    "uid": 0
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0755", 
    "owner": "root", 
    "path": "/tmp/tyschool123", 
    "size": 4096, 
    "state": "directory", 
    "uid": 0
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0755", 
    "owner": "root", 
    "path": "/tmp/tyschool123", 
    "size": 4096, 
    "state": "directory", 
    "uid": 0
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0755", 
    "owner": "root", 
    "path": "/tmp/tyschool123", 
    "size": 4096, 
    "state": "directory", 
    "uid": 0
}

修改目录及子文件权限:ansible all -m file -a ‘path=/tmp/tyschool123 mode=2755 owner=ygcn recurse=yes‘

[root@ansible .ssh]# ansible all -m file -a ‘path=/tmp/tyschool123 mode=2755 owner=ygcn recurse=yes‘ 192.168.31.102 | SUCCESS => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "02755", 
    "owner": "ygcn", 
    "path": "/tmp/tyschool123", 
    "size": 4096, 
    "state": "directory", 
    "uid": 500
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "02755", 
    "owner": "ygcn", 
    "path": "/tmp/tyschool123", 
    "size": 4096, 
    "state": "directory", 
    "uid": 500
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "02755", 
    "owner": "ygcn", 
    "path": "/tmp/tyschool123", 
    "size": 4096, 
    "state": "directory", 
    "uid": 500
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "02755", 
    "owner": "ygcn", 
    "path": "/tmp/tyschool123", 
    "size": 4096, 
    "state": "directory", 
    "uid": 500
}

删除一个目录[包括子文件全部删除]: ansible all -m file -a ‘path=/tmp/tyschool123 state=absent‘

[root@ansible .ssh]# ansible all -m file -a ‘path=/tmp/tyschool123 state=absent‘
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "path": "/tmp/tyschool123", 
    "state": "absent"
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "path": "/tmp/tyschool123", 
    "state": "absent"
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "path": "/tmp/tyschool123", 
    "state": "absent"
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "path": "/tmp/tyschool123", 
    "state": "absent"
}

??copy模块(重点)

copy模块用于对文件的远程拷贝操作(如把本地的文件拷贝远程的机器上)

参数

说明

src

文件源路径

dest

目标路径

content

往目标文件输入内容

force

强制 yes or no

backup

是否备份有冲突的源文件[文件名相同,内容不同] yes or no

checksum

拷?完整性校验,使用sha1sum生成校验码

owner

目标文件所有者

group

目标文件所属组

mode

目标文件权限

需求:拷贝31.101机器/root/os_init.sh文件到所有机器上

  1.要求娇艳完整性 注意[checksum 是根据sha1算法做校验的]

  2.所有者、所属组都是ygcn

  3.权限0400

计算os_init.sh的chechsum值

[root@ansible ~]# sha1sum os_init.sh 
a08951cd15d03bc5b5f4d19fca3d9107be34570a  os_init.sh

ansible all -m copy -a ‘src=/root/os_init.sh dest=/opt checksum="a08951cd15d03bc5b5f4d19fca3d9107be34570a" owner=ygcn group=ygcn mode=0400‘

[root@ansible ~]# ansible all -m copy -a ‘src=/root/os_init.sh dest=/opt checksum="a08951cd15d03bc5b5f4d19fca3d9107be34570a" owner=ygcn group=ygcn mode=0400‘
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "dest": "/opt/os_init.sh", 
    "gid": 500, 
    "group": "ygcn", 
    "md5sum": "1392e1e418ecc8d45d79334b49409f26", 
    "mode": "0400", 
    "owner": "ygcn", 
    "size": 25, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571761618.02-247686853591230/source", 
    "state": "file", 
    "uid": 500
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "dest": "/opt/os_init.sh", 
    "gid": 500, 
    "group": "ygcn", 
    "md5sum": "1392e1e418ecc8d45d79334b49409f26", 
    "mode": "0400", 
    "owner": "ygcn", 
    "size": 25, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571761617.97-121365959656855/source", 
    "state": "file", 
    "uid": 500
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "dest": "/opt/os_init.sh", 
    "gid": 500, 
    "group": "ygcn", 
    "md5sum": "1392e1e418ecc8d45d79334b49409f26", 
    "mode": "0400", 
    "owner": "ygcn", 
    "size": 25, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571761617.99-38426809639146/source", 
    "state": "file", 
    "uid": 500
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "dest": "/opt/os_init.sh", 
    "gid": 500, 
    "group": "ygcn", 
    "md5sum": "1392e1e418ecc8d45d79334b49409f26", 
    "mode": "0400", 
    "owner": "ygcn", 
    "size": 25, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571761618.04-15003391334498/source", 
    "state": "file", 
    "uid": 500
}

copy 模块拷贝时要注意拷贝目录后面是否带"/"符号

/etc/yum.repos.d后面不带/符号,则表示把/etc/yum.repos.d整个目录拷?到/tmp/目录下 

[root@manage01 ~]# ansible group1 -m copy -a ‘src=/etc/yum.repos.d dest=/tmp/‘ 

 

/etc/yum.repos.d/后面带/符号,则表示把/etc/yum.repos.d/目录里的所有文件拷?到/tmp/目录  

[root@manage01 ~]# ansible group1 -m copy -a ‘src=/etc/yum.repos.d/ dest=/tmp/‘

 

使用content参数直接往远程文件里写内容(会覆盖原内容)

命令:ansible all -m copy -a ‘content="baism hello word " dest=/tmp/xiaoqi‘

[root@ansible ~]# ansible all -m copy -a ‘content="baism
hello word
" dest=/tmp/xiaoqi‘
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "checksum": "f7cd12ede8f57da4a07cd3b6ea4ee6423191296f", 
    "dest": "/tmp/xiaoqi", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "13996fcf5862fc24a33a535c07425c09", 
    "mode": "0644", 
    "owner": "root", 
    "size": 17, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571762483.62-142731307928961/source", 
    "state": "file", 
    "uid": 0
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "checksum": "f7cd12ede8f57da4a07cd3b6ea4ee6423191296f", 
    "dest": "/tmp/xiaoqi", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "13996fcf5862fc24a33a535c07425c09", 
    "mode": "0644", 
    "owner": "root", 
    "size": 17, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571762483.6-23358853914686/source", 
    "state": "file", 
    "uid": 0
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "checksum": "f7cd12ede8f57da4a07cd3b6ea4ee6423191296f", 
    "dest": "/tmp/xiaoqi", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "13996fcf5862fc24a33a535c07425c09", 
    "mode": "0644", 
    "owner": "root", 
    "size": 17, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571762483.55-262472950495567/source", 
    "state": "file", 
    "uid": 0
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "checksum": "f7cd12ede8f57da4a07cd3b6ea4ee6423191296f", 
    "dest": "/tmp/xiaoqi", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "13996fcf5862fc24a33a535c07425c09", 
    "mode": "0644", 
    "owner": "root", 
    "size": 17, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571762483.59-252720846448780/source", 
    "state": "file", 
    "uid": 0
}

使用force参数控制是否强制覆盖

 ansible all -m copy -a ‘src=/root/os_init.sh dest=/opt/os_init.sh force=no‘  如果文件存在 则不覆盖

 ansible all -m copy -a ‘src=/root/anaconda-ks.cfg  dest=/opt/os_init.sh force=yes‘ 如果文件存在  强制覆盖原文件

[root@ansible ~]# ansible all -m copy -a ‘src=/root/os_init.sh dest=/opt/os_init.sh force=no‘ 
192.168.31.102 | SUCCESS => {
    "changed": false, 
    "dest": "/opt/os_init.sh", 
    "src": "/root/os_init.sh"
}
192.168.31.101 | SUCCESS => {
    "changed": false, 
    "dest": "/opt/os_init.sh", 
    "src": "/root/os_init.sh"
}
192.168.31.103 | SUCCESS => {
    "changed": false, 
    "dest": "/opt/os_init.sh", 
    "src": "/root/os_init.sh"
}
192.168.31.104 | SUCCESS => {
    "changed": false, 
    "dest": "/opt/os_init.sh", 
    "src": "/root/os_init.sh"
}
[root@ansible ~]# ansible all -m copy -a ‘src=/root/anaconda-ks.cfg  dest=/opt/os_init.sh force=yes‘ 
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "checksum": "915bf7dcdab20170ad3e84b0fdb5c6a6a44b2b02", 
    "dest": "/opt/os_init.sh", 
    "gid": 500, 
    "group": "ygcn", 
    "md5sum": "d406672afee7d3ee8f1b1c6f1e476631", 
    "mode": "0400", 
    "owner": "ygcn", 
    "size": 1141, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571762932.25-8685616463152/source", 
    "state": "file", 
    "uid": 500
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "checksum": "915bf7dcdab20170ad3e84b0fdb5c6a6a44b2b02", 
    "dest": "/opt/os_init.sh", 
    "gid": 500, 
    "group": "ygcn", 
    "md5sum": "d406672afee7d3ee8f1b1c6f1e476631", 
    "mode": "0400", 
    "owner": "ygcn", 
    "size": 1141, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571762932.22-227546680774041/source", 
    "state": "file", 
    "uid": 500
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "checksum": "915bf7dcdab20170ad3e84b0fdb5c6a6a44b2b02", 
    "dest": "/opt/os_init.sh", 
    "gid": 500, 
    "group": "ygcn", 
    "md5sum": "d406672afee7d3ee8f1b1c6f1e476631", 
    "mode": "0400", 
    "owner": "ygcn", 
    "size": 1141, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571762932.29-53132209654764/source", 
    "state": "file", 
    "uid": 500
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "checksum": "915bf7dcdab20170ad3e84b0fdb5c6a6a44b2b02", 
    "dest": "/opt/os_init.sh", 
    "gid": 500, 
    "group": "ygcn", 
    "md5sum": "d406672afee7d3ee8f1b1c6f1e476631", 
    "mode": "0400", 
    "owner": "ygcn", 
    "size": 1141, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571762932.21-73508510381906/source", 
    "state": "file", 
    "uid": 500
}

使用backup参数控制是否备份文件

ansible all -m copy -a ‘src=/root/os_init.sh dest=/opt/os_init.sh backup=yes‘

[root@ansible ~]# ansible all -m copy -a ‘src=/root/os_init.sh dest=/opt/os_init.sh backup=yes‘
192.168.31.101 | SUCCESS => {
    "backup_file": "/opt/os_init.sh.2987.2019-10-23@00:55:30~", 
    "changed": true, 
    "checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "dest": "/opt/os_init.sh", 
    "gid": 500, 
    "group": "ygcn", 
    "md5sum": "1392e1e418ecc8d45d79334b49409f26", 
    "mode": "0400", 
    "owner": "ygcn", 
    "size": 25, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571763322.29-17697671205104/source", 
    "state": "file", 
    "uid": 500
}
192.168.31.103 | SUCCESS => {
    "backup_file": "/opt/os_init.sh.5759.2019-10-23@00:55:38~", 
    "changed": true, 
    "checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "dest": "/opt/os_init.sh", 
    "gid": 500, 
    "group": "ygcn", 
    "md5sum": "1392e1e418ecc8d45d79334b49409f26", 
    "mode": "0400", 
    "owner": "ygcn", 
    "size": 25, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571763322.33-67682277495262/source", 
    "state": "file", 
    "uid": 500
}
192.168.31.104 | SUCCESS => {
    "backup_file": "/opt/os_init.sh.6015.2019-10-23@00:55:39~", 
    "changed": true, 
    "checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "dest": "/opt/os_init.sh", 
    "gid": 500, 
    "group": "ygcn", 
    "md5sum": "1392e1e418ecc8d45d79334b49409f26", 
    "mode": "0400", 
    "owner": "ygcn", 
    "size": 25, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571763322.35-276842656771704/source", 
    "state": "file", 
    "uid": 500
}
192.168.31.102 | SUCCESS => {
    "backup_file": "/opt/os_init.sh.6075.2019-10-23@00:55:32~", 
    "changed": true, 
    "checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "dest": "/opt/os_init.sh", 
    "gid": 500, 
    "group": "ygcn", 
    "md5sum": "1392e1e418ecc8d45d79334b49409f26", 
    "mode": "0400", 
    "owner": "ygcn", 
    "size": 25, 
    "src": "/root/.ansible/tmp/ansible-tmp-1571763322.3-1829570936631/source", 
    "state": "file", 
    "uid": 500
}

??fetch模块

fetch模块与copy模块类似,但作用相反。用于把远程机器的文件拷?到本地。 

 

将机器组的机器/opt/os_init.sh 拷?到ansible主机/opt目录 注意:不管是拷?多个机器还是一个机器的文件,在管理机本地目录都会按照IP/路径/文件名的方式命名,防止冲突 

ansible all -m fetch -a ‘src=/opt/os_init.sh dest=/opt‘

[root@ansible ~]# ansible all -m fetch -a ‘src=/opt/os_init.sh dest=/opt‘
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "dest": "/opt/192.168.31.101/opt/os_init.sh", 
    "md5sum": "1392e1e418ecc8d45d79334b49409f26", 
    "remote_checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "remote_md5sum": null
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "dest": "/opt/192.168.31.103/opt/os_init.sh", 
    "md5sum": "1392e1e418ecc8d45d79334b49409f26", 
    "remote_checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "remote_md5sum": null
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "dest": "/opt/192.168.31.104/opt/os_init.sh", 
    "md5sum": "1392e1e418ecc8d45d79334b49409f26", 
    "remote_checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "remote_md5sum": null
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "dest": "/opt/192.168.31.102/opt/os_init.sh", 
    "md5sum": "1392e1e418ecc8d45d79334b49409f26", 
    "remote_checksum": "a08951cd15d03bc5b5f4d19fca3d9107be34570a", 
    "remote_md5sum": null
}

??user模块

user模块用于管理用户账号和用户组。

用户的管理:创建删除

常用参数
name=""    指定用户名
password=""  指定密码,必须是密文
state=    absent | present  删除|创建 
system=   yes|no    是否为系统用户
shell=""      指定登陆shell 
generate_ssh_key=   yes|no  是否创建秘钥对
uid=           指定用户的uid
create_home= yes|no 是否建立家目录
remove=   yes|no  删除家目录

 需求:

  1.创建一个用户postgres 密码123

  2.要求是系统用户

  3.非交互登陆

  4.生成自己的密钥对

[root@ansible ~]# echo 123|openssl passwd -1 -stdin     #先把明文的密码转换一下,生成md5密文

$1$Y9F5h6YT$2qVdZ4Hhpc8EFQvihAlm60

ansible all -m user -a ‘name=postgres password="$1$Y9F5h6YT$2qVdZ4Hhpc8EFQvihAlm60" shell=/sbin/nologin generate_ssh_key=yes‘

[root@ansible ~]# echo 123|openssl passwd -1 -stdin
$1$Y9F5h6YT$2qVdZ4Hhpc8EFQvihAlm60
[root@ansible ~]# ansible all -m user -a ‘name=postgres password="$1$Y9F5h6YT$2qVdZ4Hhpc8EFQvihAlm60" shell=/sbin/nologin generate_ssh_key=yes‘
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 501, 
    "home": "/home/postgres", 
    "name": "postgres", 
    "password": "NOT_LOGGING_PASSWORD", 
    "shell": "/sbin/nologin", 
    "ssh_fingerprint": "2048 8a:ce:cf:9c:7c:7b:a1:64:3b:13:5d:40:86:cd:9e:8e /home/postgres/.ssh/id_rsa.pub (RSA)", 
    "ssh_key_file": "/home/postgres/.ssh/id_rsa", 
    "ssh_public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5aPShDf9OTpewm++qtbvEQQhUioaophmTqUzM/HGm3fpxDiae/iHt4zuNjD7VE4OIC7le29JSM/jsnl1tzGXi3Q09+Q7pa4MDqe7kncse8Rgig5Ltxb1q5B1ixtOh3UnC7SldW2NaQier8p6aG0Wk5JMXhqJCbaCcfHY/6U7QctNYl1lY+VOo69zfmh97xajPfKs3dUc0A61v1zJHH94z5FJNaZj3+nt0eko5d8IVR2T60meo0MYRRemw/16YBOef/LjwKQ2IPM+vsmeVAyydo5xIoa1G2csckJc1eJCE48PbEis0u+MF8C+eoej213XIzL7RGO0pStMoa1paKUhaQ== ansible-generated on node2", 
    "state": "present", 
    "system": false, 
    "uid": 501
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 501, 
    "home": "/home/postgres", 
    "name": "postgres", 
    "password": "NOT_LOGGING_PASSWORD", 
    "shell": "/sbin/nologin", 
    "ssh_fingerprint": "2048 96:11:77:ae:ad:29:d8:75:b8:21:83:09:7d:77:4f:1c /home/postgres/.ssh/id_rsa.pub (RSA)", 
    "ssh_key_file": "/home/postgres/.ssh/id_rsa", 
    "ssh_public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtb1vGuOXf6EPTR7vynnzv8xmX6pG8HG15AIyRNf527BVxaNvekwg0jm/KEYJiT8CSoM5Ot7MvmTi6i2Sr13n7c8XO/46xZeIZrL1NP0E6sgyVYqmHsiG9KcoUEpBpAAY8CqQ1XPfP5PzD7UuSqdeSuM5XrVxHlaJ22Ebq7DFjfYMUeDEEQYqetXwIchYcBg+Rj640XBiJiJ24WtokLWLl+dr51G4AKuk3Wce+l+tew4QW8KdhGTM4md31qr4LswEI5UQE0rFm4JwXsuWIB6IqIXgkssAI4cI+yvf51l8LR+wwEVQ6cAASt70hU/ww1ebWSJWZL5epz7wu/Yo437z5Q== ansible-generated on node3", 
    "state": "present", 
    "system": false, 
    "uid": 501
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 501, 
    "home": "/home/postgres", 
    "name": "postgres", 
    "password": "NOT_LOGGING_PASSWORD", 
    "shell": "/sbin/nologin", 
    "ssh_fingerprint": "2048 aa:cc:de:21:a7:cf:a3:69:cb:1b:ca:f5:4d:c6:ea:ed /home/postgres/.ssh/id_rsa.pub (RSA)", 
    "ssh_key_file": "/home/postgres/.ssh/id_rsa", 
    "ssh_public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtHQeWY0B96hL0DUZpmZmGG1+gIg/hFCRWilFpdLrND0FY3zQFuyNoRcAa55RO22/Hv7GDixvEsXg3SBH/sHJYXRkeM6IiLAMxJxo8C99yVjz+M6vjlwujqsbn+6yUSElqMesI3HrfekhXB0sBT2Cp9U/K5czzudZHAtO+TasdqonaS5SONXwzNwsatEP3N0Z/B90TtyTZFbEbYsyKsnZJYbccGbmJ5XBSo27w6Ydu5GP+hA/o+2D0dZRbLSlE+nfgljo23hw5SvtShheU/gd0eqoy/lFRDSyhyiqagV6w69dg8q88U+kiAg4nHfWzFVgcPYhC1ZJyZ/MXgE3ql6j0Q== ansible-generated on node1", 
    "state": "present", 
    "system": false, 
    "uid": 501
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 501, 
    "home": "/home/postgres", 
    "name": "postgres", 
    "password": "NOT_LOGGING_PASSWORD", 
    "shell": "/sbin/nologin", 
    "ssh_fingerprint": "2048 82:f3:56:64:70:4f:17:1d:5a:61:e9:d5:0c:ad:71:e5 /home/postgres/.ssh/id_rsa.pub (RSA)", 
    "ssh_key_file": "/home/postgres/.ssh/id_rsa", 
    "ssh_public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAywcUkk1+F4UIRQCSDHYcK5OktByBHzTb79FzGNHGhT6YYlPV+PpMTfShyOos8nl43IBcLdjVvuM63JqMbXUQOcImsUYtTp69nUMJtib2Q+SbIuUSHMbUzAQUUJrRWlPhqdqd9PfA5OvtE/79whGnNyK6HUg8kHrGBrezewzM+JDnPgEANzHqoMnD7gB4Vj5+t4UZ95vHB7UE3LsqTmwNRO6jS+L9RtJ1frAK8fPo/D1UrILj4l6iqZWoCA4n2skUvD+mM+Uf1uScInmfeCk+3e7AS26Dh9p6FbvCKlKmc/gVNn2Z0dEzNGGElU7FEZ3TOhN3jcaE8Yqyc4PvJLau4w== ansible-generated on node4", 
    "state": "present", 
    "system": false, 
    "uid": 501
}

删除目录

 ansible all -m user -a ‘name=postgres state=absent remove=yes‘

[root@ansible ~]# ansible all -m user -a ‘name=postgres state=absent remove=yes‘
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "force": false, 
    "name": "postgres", 
    "remove": true, 
    "state": "absent"
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "force": false, 
    "name": "postgres", 
    "remove": true, 
    "state": "absent"
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "force": false, 
    "name": "postgres", 
    "remove": true, 
    "state": "absent"
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "force": false, 
    "name": "postgres", 
    "remove": true, 
    "state": "absent"
}

??group模块

模块用于管理用户组和用户组属性。

组创建: ansible all -m group -a ‘name=admin gid=4444 state=present‘

[root@ansible ~]# ansible all -m group -a ‘name=admin gid=4444 state=present‘
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "gid": 4444, 
    "name": "admin", 
    "state": "present", 
    "system": false
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "gid": 4444, 
    "name": "admin", 
    "state": "present", 
    "system": false
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "gid": 4444, 
    "name": "admin", 
    "state": "present", 
    "system": false
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "gid": 4444, 
    "name": "admin", 
    "state": "present", 
    "system": false
}

删除组:ansible all -m group -a ‘name=admin state=absent‘

[root@ansible ~]# ansible all -m group -a ‘name=admin state=absent‘
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "name": "admin", 
    "state": "absent"
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "name": "admin", 
    "state": "absent"
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "name": "admin", 
    "state": "absent"
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "name": "admin", 
    "state": "absent"
} 

??cron模块

 cron模块用于管理周期性时间任务

创建一个cron任务,不指定user的话,默认就是root(我这里就是用root操作)如果minute、hour、day、month、week不指定的话,默认都为*

需求:每天12:23分执行echo “haha”

 ansible all -m cron -a ‘name=tes_cront user=root job="echo haha>/tmp/test" minute=23 hour=12‘ 

[root@ansible ~]# ansible all -m cron -a ‘name=tes_cront user=root job="echo haha>/tmp/test" minute=23 hour=12‘ 
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "tes_cront"
    ]
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "tes_cront"
    ]
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "tes_cront"
    ]
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "tes_cront"
    ]
}

删除cron任务: ansible all -m cron -a "name=tes_cront state=absent"

[root@ansible ~]# ansible all -m cron -a "name=tes_cront state=absent"
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": []
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": []
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": []
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": []
}

??yum_repository模块

 yum_repository模块用于配置yum仓库

需求:增加一个/etc/yum.repo.d/dvd.repo配置文件

首先:用于上述shell模块挂载查看成功与否

[root@ansible ~]# ansible all -m shell -a " mount /dev/cdrom /mnt/"
 [WARNING]: Consider using the mount module rather than running mount.  If you need to use command
because mount is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.

192.168.31.101 | SUCCESS | rc=0 >>
mount: block device /dev/sr0 is write-protected, mounting read-only

192.168.31.104 | SUCCESS | rc=0 >>
mount: block device /dev/sr0 is write-protected, mounting read-only

192.168.31.103 | SUCCESS | rc=0 >>
mount: block device /dev/sr0 is write-protected, mounting read-only

192.168.31.102 | SUCCESS | rc=0 >>
mount: block device /dev/sr0 is write-protected, mounting read-only

[root@ansible ~]# ansible all -m shell -a "df -h"                  
192.168.31.101 | SUCCESS | rc=0 >>
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root
                       18G  1.1G   16G   7% /
tmpfs                 491M     0  491M   0% /dev/shm
/dev/sda1             477M   33M  419M   8% /boot
/dev/sr0              3.7G  3.7G     0 100% /mnt

192.168.31.104 | SUCCESS | rc=0 >>
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root
                       18G  1.1G   16G   7% /
tmpfs                 491M     0  491M   0% /dev/shm
/dev/sda1             477M   33M  419M   8% /boot
/dev/sr0              3.7G  3.7G     0 100% /mnt

192.168.31.102 | SUCCESS | rc=0 >>
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root
                       18G  1.5G   15G  10% /
tmpfs                 491M     0  491M   0% /dev/shm
/dev/sda1             477M   33M  419M   8% /boot
/dev/sr0              3.7G  3.7G     0 100% /mnt

192.168.31.103 | SUCCESS | rc=0 >>
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root
                       18G  1.2G   16G   7% /
tmpfs                 491M     0  491M   0% /dev/shm
/dev/sda1             477M   33M  419M   8% /boot
/dev/sr0              3.7G  3.7G     0 100% /mnt

ansible all -m yum_repository -a ‘name=dvd description=BaseOS baseurl=file:///mnt gpgcheck=0 enabled=yes‘   # description 描述

[root@ansible ~]# ansible all -m yum_repository -a ‘name=dvd description=BaseOS baseurl=file:///mnt gpgcheck=0 enabled=yes‘         
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "repo": "dvd", 
    "state": "present"
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "repo": "dvd", 
    "state": "present"
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "repo": "dvd", 
    "state": "present"
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "repo": "dvd", 
    "state": "present"
}

删除yum源

ansible all -m yum_repository -a ‘name=dvd state=absent‘ 

[root@ansible ~]# ansible all -m yum_repository -a ‘name=dvd state=absent‘
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "repo": "dvd", 
    "state": "absent"
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "repo": "dvd", 
    "state": "absent"
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "repo": "dvd", 
    "state": "absent"
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "repo": "dvd", 
    "state": "absent"
}

??yum模块

 yum模块用于使用yum命令来实现软件包的安装与卸载

相关命令参数

name:     #需要安装软件包名称

list : installed   #列出已安装

     updates    #需要更新

     available   #可获得的

     repos      #yum源

state: absent      #删除

     removed      #删除

     installed    #安装确认

     present    安装确认

     latest    #安装最新版本

list:列出包信息

 ansible  all -m yum -a ‘list=repos‘

 

[root@ansible ~]# ansible  all -m yum -a ‘list=repos‘
192.168.31.101 | SUCCESS => {
    "changed": false, 
    "results": [
        {
            "repoid": "dvd", 
            "state": "enabled"
        }
    ]
}
192.168.31.104 | SUCCESS => {
    "changed": false, 
    "results": [
        {
            "repoid": "dvd", 
            "state": "enabled"
        }
    ]
}
192.168.31.103 | SUCCESS => {
    "changed": false, 
    "results": [
        {
            "repoid": "dvd", 
            "state": "enabled"
        }
    ]
}
192.168.31.102 | SUCCESS => {
    "changed": false, 
    "results": [
        {
            "repoid": "dvd", 
            "state": "enabled"
        }
    ]
}

使用yum安装一个软件(提前定义好yum源 所有node-节点)

ansible all -m yum -a "name=vsftpd"  #安装一个vsftpd服务

[root@ansible ~]# ansible all -m yum -a "name=vsftpd"
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:2.2.2-21.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package          Arch             Version                  Repository     Size
================================================================================
Installing:
 vsftpd           x86_64           2.2.2-21.el6             dvd           155 k

Transaction Summary
================================================================================
Install       1 Package(s)

Total download size: 155 k
Installed size: 340 k
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction

  Installing : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

  Verifying  : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

Installed:
  vsftpd.x86_64 0:2.2.2-21.el6                                                  

Complete!
"
    ]
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:2.2.2-21.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package          Arch             Version                  Repository     Size
================================================================================
Installing:
 vsftpd           x86_64           2.2.2-21.el6             dvd           155 k

Transaction Summary
================================================================================
Install       1 Package(s)

Total download size: 155 k
Installed size: 340 k
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction

  Installing : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

  Verifying  : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

Installed:
  vsftpd.x86_64 0:2.2.2-21.el6                                                  

Complete!
"
    ]
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:2.2.2-21.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package          Arch             Version                  Repository     Size
================================================================================
Installing:
 vsftpd           x86_64           2.2.2-21.el6             dvd           155 k

Transaction Summary
================================================================================
Install       1 Package(s)

Total download size: 155 k
Installed size: 340 k
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction

  Installing : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

  Verifying  : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

Installed:
  vsftpd.x86_64 0:2.2.2-21.el6                                                  

Complete!
"
    ]
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:2.2.2-21.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package          Arch             Version                  Repository     Size
================================================================================
Installing:
 vsftpd           x86_64           2.2.2-21.el6             dvd           155 k

Transaction Summary
================================================================================
Install       1 Package(s)

Total download size: 155 k
Installed size: 340 k
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction

  Installing : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

  Verifying  : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

Installed:
  vsftpd.x86_64 0:2.2.2-21.el6                                                  

Complete!
"
    ]
}

删除软件包

 ansible all -m yum -a ‘name=vsftpd state=absent‘

[root@ansible ~]# ansible all -m yum -a ‘name=vsftpd state=absent‘
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "已加载插件:fastestmirror
设置移除进程
解决依赖关系
--> 执行事务检查
---> Package vsftpd.x86_64 0:2.2.2-21.el6 will be 删除
--> 完成依赖关系计算

依赖关系解决

================================================================================
 软件包           架构             版本                    仓库            大小
================================================================================
正在删除:
 vsftpd           x86_64           2.2.2-21.el6            @dvd           340 k

事务概要
================================================================================
Remove        1 Package(s)

Installed size: 340 k
下载软件包:
运行 rpm_check_debug 
执行事务测试
事务测试成功
执行事务

  正在删除   : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

  Verifying  : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

删除:
  vsftpd.x86_64 0:2.2.2-21.el6                                                  

完毕!
"
    ]
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "已加载插件:fastestmirror
设置移除进程
解决依赖关系
--> 执行事务检查
---> Package vsftpd.x86_64 0:2.2.2-21.el6 will be 删除
--> 完成依赖关系计算

依赖关系解决

================================================================================
 软件包           架构             版本                    仓库            大小
================================================================================
正在删除:
 vsftpd           x86_64           2.2.2-21.el6            @dvd           340 k

事务概要
================================================================================
Remove        1 Package(s)

Installed size: 340 k
下载软件包:
运行 rpm_check_debug 
执行事务测试
事务测试成功
执行事务

  正在删除   : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

  Verifying  : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

删除:
  vsftpd.x86_64 0:2.2.2-21.el6                                                  

完毕!
"
    ]
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "已加载插件:fastestmirror
设置移除进程
解决依赖关系
--> 执行事务检查
---> Package vsftpd.x86_64 0:2.2.2-21.el6 will be 删除
--> 完成依赖关系计算

依赖关系解决

================================================================================
 软件包           架构             版本                    仓库            大小
================================================================================
正在删除:
 vsftpd           x86_64           2.2.2-21.el6            @dvd           340 k

事务概要
================================================================================
Remove        1 Package(s)

Installed size: 340 k
下载软件包:
运行 rpm_check_debug 
执行事务测试
事务测试成功
执行事务

  正在删除   : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

  Verifying  : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

删除:
  vsftpd.x86_64 0:2.2.2-21.el6                                                  

完毕!
"
    ]
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "已加载插件:fastestmirror
设置移除进程
解决依赖关系
--> 执行事务检查
---> Package vsftpd.x86_64 0:2.2.2-21.el6 will be 删除
--> 完成依赖关系计算

依赖关系解决

================================================================================
 软件包           架构             版本                    仓库            大小
================================================================================
正在删除:
 vsftpd           x86_64           2.2.2-21.el6            @dvd           340 k

事务概要
================================================================================
Remove        1 Package(s)

Installed size: 340 k
下载软件包:
运行 rpm_check_debug 
执行事务测试
事务测试成功
执行事务

  正在删除   : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

  Verifying  : vsftpd-2.2.2-21.el6.x86_64                                   1/1 

删除:
  vsftpd.x86_64 0:2.2.2-21.el6                                                  

完毕!
"
    ]
} 

??service模块

service模块用于控制服务的启动、关闭、开机自启动等。

常用参数:

name : 服务名称

state:reloaded 、restarted、started、stopped (运维没有不知道的把 不多描述)

enabled: yes|no  开机是否启动

开启ftp服务:ansible all -m service -a ‘name=vsftpd state=started enabled=yes‘

[root@ansible ~]# ansible all -m service -a ‘name=vsftpd state=started enabled=yes‘
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "enabled": true, 
    "name": "vsftpd", 
    "state": "started"
}
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "enabled": true, 
    "name": "vsftpd", 
    "state": "started"
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "enabled": true, 
    "name": "vsftpd", 
    "state": "started"
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "enabled": true, 
    "name": "vsftpd", 
    "state": "started"
}

关闭ftp服务: ansible all -m service -a ‘name=vsftpd state=stopped enabled=no‘

[root@ansible ~]# ansible all -m service -a ‘name=vsftpd state=stopped enabled=no‘
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "enabled": false, 
    "name": "vsftpd", 
    "state": "stopped"
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "enabled": false, 
    "name": "vsftpd", 
    "state": "stopped"
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "enabled": false, 
    "name": "vsftpd", 
    "state": "stopped"
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "enabled": false, 
    "name": "vsftpd", 
    "state": "stopped"
}

??script模块

  script模块用于在远程机器上执行本地脚本

 本地有个脚本如下

[root@ansible ~]# pwd
/root
[root@ansible ~]# cat os_init.sh 
#!/bin/bash

echo "haha" > /opt/haha.txt

 执行:ansible all -m script -a ‘/root/os_init.sh

[root@ansible ~]# ansible all -m script -a ‘/root/os_init.sh‘
192.168.31.103 | SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.31.103 closed.
", 
    "stderr_lines": [
        "Shared connection to 192.168.31.103 closed."
    ], 
    "stdout": "", 
    "stdout_lines": []
}
192.168.31.101 | SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.31.101 closed.
", 
    "stderr_lines": [
        "Shared connection to 192.168.31.101 closed."
    ], 
    "stdout": "", 
    "stdout_lines": []
}
192.168.31.104 | SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.31.104 closed.
", 
    "stderr_lines": [
        "Shared connection to 192.168.31.104 closed."
    ], 
    "stdout": "", 
    "stdout_lines": []
}
192.168.31.102 | SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.31.102 closed.
", 
    "stderr_lines": [
        "Shared connection to 192.168.31.102 closed."
    ], 
    "stdout": "", 
    "stdout_lines": []
}

??command模块

  在远程主机执行命令,默认模块,可忽略-m选项

  1. ansible dbserver -m command -a ‘service crond start‘

  2. ansible webserver -m command -a ‘echo magedu |passwd --stdin ygcn‘ 不成功的 并没有修改成

[root@ansible ~]# ansible all -m command -a  "echo xiaoqi|passwd --stdin ygcn"
192.168.1.8 | SUCCESS | rc=0 >>
xiaoqi|passwd --stdin ygcn

192.168.1.6 | SUCCESS | rc=0 >>
xiaoqi|passwd --stdin ygcn

192.168.1.10 | SUCCESS | rc=0 >>
xiaoqi|passwd --stdin ygcn

  3.此命令不支持 $VARNAME < > | ; & 等 ,用shell模块实现

??shell模块(常用)

  和command相似,用shell执行命令

  1. ansible all -m shell -a "echo xiaoqi|passwd --stdin ygcn"

[root@ansible ~]# ansible all -m shell -a "echo xiaoqi|passwd --stdin ygcn"
192.168.1.10 | SUCCESS | rc=0 >>
更改用户 ygcn 的密码 。
passwd: 所有的身份验证令牌已经成功更新。

192.168.1.8 | SUCCESS | rc=0 >>
更改用户 ygcn 的密码 。
passwd: 所有的身份验证令牌已经成功更新。

192.168.1.6 | SUCCESS | rc=0 >>
更改用户 ygcn 的密码 。
passwd: 所有的身份验证令牌已经成功更新。

  2. 调用bash执行命令类似 cat /tmp/stanley.md |awk -F ‘|‘ ‘{print $1,$2}‘ &>/tmp/example.txt 这些复杂命令,即使使用shell也可能会失败,解决办法:写到脚本时,copy到远程,执行,在把需要的结果啦回执行命令的机器

??setup模块(扩展)

 setup模块用于收集远程主机的基本信息(如操作系统类型,主机名,ip,cpu信息,内存信息等)

参数 filter= ‘ansible_processor‘    

其它常?的过滤条件 

ansible_all_ipv4_addresses:显示ipv4的信息。 

ansible_devices:显示磁盘设备信息。

 ansible_distribution_major_version:显示是系统主版本。 

ansible_distribution_version:仅显示系统版本。 

ansible_machine:显示系统类型,例:32位,还是64位。 

ansible_lvm:显示lvm相关信息。 

ansible_memtotal_mb:显示系统总内存。 

ansible_memfree_mb:显示可用系统内存。 

ansible_memory_mb:详细显示内存情况。 

ansible_swaptotal_mb:显示总的swap内存。 

ansible_swapfree_mb:显示swap内存的可用内存。 

ansible_mounts:显示系统磁盘挂载情况。 

ansible_processor:显示cpu个数(具体显示每个cpu的型号)。 

ansible_processor_vcpus:显示cpu个数(只显示总的个数)。 

 

ansible all -m setup -a ‘filter=ansible_processor‘  #打印cpu信息的
[root@ansible ~]# ansible all -m setup -a ‘filter=ansible_processor‘ 
192.168.31.102 | SUCCESS => {
    "ansible_facts": {
        "ansible_processor": [
            "0", 
            "GenuineIntel", 
            "Intel(R) Core(TM) i7-4770HQ CPU @ 2.20GHz"
        ]
    }, 
    "changed": false
}
192.168.31.103 | SUCCESS => {
    "ansible_facts": {
        "ansible_processor": [
            "0", 
            "GenuineIntel", 
            "Intel(R) Core(TM) i7-4770HQ CPU @ 2.20GHz"
        ]
    }, 
    "changed": false
}
192.168.31.104 | SUCCESS => {
    "ansible_facts": {
        "ansible_processor": [
            "0", 
            "GenuineIntel", 
            "Intel(R) Core(TM) i7-4770HQ CPU @ 2.20GHz"
        ]
    }, 
    "changed": false
}
192.168.31.101 | SUCCESS => {
    "ansible_facts": {
        "ansible_processor": [
            "0", 
            "GenuineIntel", 
            "Intel(R) Core(TM) i7-4770HQ CPU @ 2.20GHz"
        ]
    }, 
    "changed": false
}

??stat模块(了解)

 stat模块类似linux的stat命令,用于获取文件的状态信息。

ansible all -m stat -a ‘path=/etc/fstab‘  

[root@ansible ~]# ansible all -m stat -a ‘path=/etc/fstab‘      
192.168.31.104 | SUCCESS => {
    "changed": false, 
    "stat": {
        "atime": 1570702486.1744049, 
        "attr_flags": "e", 
        "attributes": [
            "extents"
        ], 
        "block_size": 4096, 
        "blocks": 8, 
        "charset": "us-ascii", 
        "checksum": "b06f425f903a91d26c07bfe9a9dca7a080189da0", 
        "ctime": 1568824684.1169999, 
        "dev": 64768, 
        "device_type": 0, 
        "executable": false, 
        "exists": true, 
        "gid": 0, 
        "gr_name": "root", 
        "inode": 130824, 
        "isblk": false, 
        "ischr": false, 
        "isdir": false, 
        "isfifo": false, 
        "isgid": false, 
        "islnk": false, 
        "isreg": true, 
        "issock": false, 
        "isuid": false, 
        "mimetype": "text/plain", 
        "mode": "0644", 
        "mtime": 1568824511.8080001, 
        "nlink": 1, 
        "path": "/etc/fstab", 
        "pw_name": "root", 
        "readable": true, 
        "rgrp": true, 
        "roth": true, 
        "rusr": true, 
        "size": 779, 
        "uid": 0, 
        "version": "482864498", 
        "wgrp": false, 
        "woth": false, 
        "writeable": true, 
        "wusr": true, 
        "xgrp": false, 
        "xoth": false, 
        "xusr": false
    }
}
192.168.31.102 | SUCCESS => {
    "changed": false, 
    "stat": {
        "atime": 1569235590.9143467, 
        "attr_flags": "e", 
        "attributes": [
            "extents"
        ], 
        "block_size": 4096, 
        "blocks": 8, 
        "charset": "us-ascii", 
        "checksum": "b06f425f903a91d26c07bfe9a9dca7a080189da0", 
        "ctime": 1568824684.1169999, 
        "dev": 64768, 
        "device_type": 0, 
        "executable": false, 
        "exists": true, 
        "gid": 0, 
        "gr_name": "root", 
        "inode": 130824, 
        "isblk": false, 
        "ischr": false, 
        "isdir": false, 
        "isfifo": false, 
        "isgid": false, 
        "islnk": false, 
        "isreg": true, 
        "issock": false, 
        "isuid": false, 
        "mimetype": "text/plain", 
        "mode": "0644", 
        "mtime": 1568824511.8080001, 
        "nlink": 1, 
        "path": "/etc/fstab", 
        "pw_name": "root", 
        "readable": true, 
        "rgrp": true, 
        "roth": true, 
        "rusr": true, 
        "size": 779, 
        "uid": 0, 
        "version": "482864498", 
        "wgrp": false, 
        "woth": false, 
        "writeable": true, 
        "wusr": true, 
        "xgrp": false, 
        "xoth": false, 
        "xusr": false
    }
}
192.168.31.103 | SUCCESS => {
    "changed": false, 
    "stat": {
        "atime": 1569649326.9078345, 
        "attr_flags": "e", 
        "attributes": [
            "extents"
        ], 
        "block_size": 4096, 
        "blocks": 8, 
        "charset": "us-ascii", 
        "checksum": "b06f425f903a91d26c07bfe9a9dca7a080189da0", 
        "ctime": 1568824684.1169999, 
        "dev": 64768, 
        "device_type": 0, 
        "executable": false, 
        "exists": true, 
        "gid": 0, 
        "gr_name": "root", 
        "inode": 130824, 
        "isblk": false, 
        "ischr": false, 
        "isdir": false, 
        "isfifo": false, 
        "isgid": false, 
        "islnk": false, 
        "isreg": true, 
        "issock": false, 
        "isuid": false, 
        "mimetype": "text/plain", 
        "mode": "0644", 
        "mtime": 1568824511.8080001, 
        "nlink": 1, 
        "path": "/etc/fstab", 
        "pw_name": "root", 
        "readable": true, 
        "rgrp": true, 
        "roth": true, 
        "rusr": true, 
        "size": 779, 
        "uid": 0, 
        "version": "482864498", 
        "wgrp": false, 
        "woth": false, 
        "writeable": true, 
        "wusr": true, 
        "xgrp": false, 
        "xoth": false, 
        "xusr": false
    }
}
192.168.31.101 | SUCCESS => {
    "changed": false, 
    "stat": {
        "atime": 1571747604.7209976, 
        "attr_flags": "e", 
        "attributes": [
            "extents"
        ], 
        "block_size": 4096, 
        "blocks": 8, 
        "charset": "us-ascii", 
        "checksum": "b06f425f903a91d26c07bfe9a9dca7a080189da0", 
        "ctime": 1568824684.1169999, 
        "dev": 64768, 
        "device_type": 0, 
        "executable": false, 
        "exists": true, 
        "gid": 0, 
        "gr_name": "root", 
        "inode": 130824, 
        "isblk": false, 
        "ischr": false, 
        "isdir": false, 
        "isfifo": false, 
        "isgid": false, 
        "islnk": false, 
        "isreg": true, 
        "issock": false, 
        "isuid": false, 
        "mimetype": "text/plain", 
        "mode": "0644", 
        "mtime": 1568824511.8080001, 
        "nlink": 1, 
        "path": "/etc/fstab", 
        "pw_name": "root", 
        "readable": true, 
        "rgrp": true, 
        "roth": true, 
        "rusr": true, 
        "size": 779, 
        "uid": 0, 
        "version": "482864498", 
        "wgrp": false, 
        "woth": false, 
        "writeable": true, 
        "wusr": true, 
        "xgrp": false, 
        "xoth": false, 
        "xusr": false
    }
}

7、ansible playbook(剧本)

playbook(剧本):是ansible用于配置,部署,和管理被控节点的剧本

使用的格式为yaml格式 (saltstack、elk、docker等也会用到yaml格式)

我认为palybook格式的脚本 就是执行的操作按照ansible编程的语法,放入文件中执行。

  完全可以用shell脚本完成操作

      还可以ansible + shell 脚本 使用script模块

??YAML格式规则

1.文件的第一行以 “---” 开始,表明YMAL文件的开始

2.以#号开头为注视

3.列表中所有成员都开始于相同的缩进级别,并且使用一个“- ”作为开头 #此处注意 是一个杠+一个空格

4.一个字典是由一个简单的 键值对 组成 #键值对就是 键: 值 冒号后面也有空格

5.注意写这种文件 不要使用 tab键 都使用空格 (不然老刺激

??playbook实例

第一步:创建一个存放playbook的目录

  mkdir -p playbook/web

第二步:找一份httpd配置文件,并修改成自己想要需求

  [root@ansible web]# ll httpd.conf
  -rw-r--r-- 1 root root 34421 10月 23 11:57 httpd.conf

第三步:写一个palybook文件(后缀为.yml或者.yaml)

  root@ansible web]# ll apache.yaml 

  -rw-r--r-- 1 root root 464 10月 23 12:17 apache.yaml

实例如下:

*仔细看*

[root@ansible web]# cat apache.yaml 
---
- hosts: all    #机器组 我这里是全部
  remote_user: root  #那个用户执行
  vars:         #定义变量
    - user: tyschool    #定义变量名字name=tyschool
  tasks:
    - name: create user user variable  #描述
    #ansible all -m user -a "user=tyschool state=present" 与下面那条一样 user: user=tyschool state=present
#user: user= {{user}} state=present 这是一种加入变量的方法

- name: install http server #描述
    #ansible all -m yum -a "name=http state=latest(最新的)"
      yum: name=httpd state=latest name=httpd-manual state=latest

    - name: copy httpd.conf to all server:/etc/httpd/conf #描述
      copy: src=/etc/ansible/playbook/web/httpd.conf dest=/etc/httpd/conf

    - name: start httpd #描述
      service: name=httpd state=started enabled=yes 

??playbook常见语法

hosts:用于指定要执行任务的主机,其可以是一个或多个由冒号分隔主机组。

remote_user:用于指定主机上的执行任务的用户

tasks:任务列表,按顺序执行任务 (如果host执行tasks失败,整个tasks都会回滚,修正playbook中的错误,然后重新执行即可。)

handlers:类似task 但是需要使用notify通知调用,实现按需调用。

  (不管有多少个通知者进行了notify,等到play中的所有task执行完成之后,handlers也只会被执行一次 ) 

  (heandlers最佳的应用场景使用来重启服务,或者接触系统重启操作,除此以外很少用了)

注意:handlers 需要notify调用,他和tasks不同的是 tasks每次都会调用,handlers触发才会调用,比如配置文件修改了,在执行playbook的时候,就会将管理机上的新改的copy到被管理机,那么就会触发handlers重启服务,否则不会执行handlers

with_items: 迭代列表:其使用格式为将需要迭代的内容定义为item变量饮用,并通过with_items语句指明迭代的元素列表即可

实例如下

[root@ansible web]# cat apache.yaml     
---
- hosts: all
  remote_user: root
  vars: 
    - user: tyschool123
  tasks:
    - name: create user user variable
      user: user={{user}} state=present

    - name: install http server
      #yum: name=httpd state=latest name=httpd-manual state=latest
      yum: name={{item}} state=latest  #变量
      with_items:    #循环 三个软件包名称带入上边的变量
      - httpd
      - httpd-devel
      - httpd-manual

    - name: copy httpd.conf to all server:/etc/httpd/conf
      copy: src=/etc/ansible/playbook/web/httpd.conf dest=/etc/httpd/conf
      notify:  #触发 如果上边的文件传过去了 那么就触发 文件修改才会被传过去
        - restat httpd service   #handlers name写什么这里写什么

    - name: start httpd
      service: name=httpd state=started enabled=yes


  handlers:  #定义触发做的动作
    - name: restat httpd service  #描述
      service: name=httpd state=restarted    

 如果有警告 WARNING 并且伴有 deprecation_warnings=False 关键参数 可修改配置文件 ansible.cfg 将参数修改成False即可

8、roles(难点)

roles(?色): 就是通过分别将variables, tasks及handlers等放置于单独的目录中,并可以便捷地调用它们 的一种机制。

假设我们要写一个playbook来安装管理lamp环境,那么这个playbook就会写很?。
所以我们希望把这 个很大的文件分成多个功能拆分, 分成apache管理,php管理,mysql管理,然后在需要使用的时候直接调 用就可以了,以免重复写。就类似编程里的模块化的概念,以达到代码复用的效果。

??创建roles的目录结构

files: 用来存放由copy模块或script模块调用的文件。
tasks: 至少有一个main.yml文件,定义各tasks。
handlers: 有一个main.yml文件,定义各handlers。
templates: 用来存放jinjia2模板。
vars: 有一个main.yml文件,定义变量。
meta: 有一个main.yml文件,定义此?色的特殊设定及其依赖关系。

注意: 在每个?色的目录中分别创建files, tasks,handlers,templates,vars和meta目录,用不到的目录可 以创建为空目录.

??案例:

  通过roles实现lamp

  分析:需要订制三个角色分别为:httpd,mysql,php 

      创建roles目录及文件,并确认目录结构

[root@manage01 ansible]# mkdir -p roles/{httpd,mysql,php}/{files,tasks,handlers,templates,vars,meta}
[root@manage01 ansible]# touch roles/{httpd,mysql,php}/{tasks,handlers,vars,meta}/main.yml
[root@manage01 ansible]# tree roles/ 
# 安装以上命令创建即可

?? 准备httpd服务器的主?文件,php测试?和配置文件等 #如下

[root@manage01 files]# ls
httpd.conf  phpinfo.php

??编写httpd?色的main.yml文件

[root@manage01 roles]# cat httpd/tasks/main.yml
- name: httpd httpd-devel httpd-manual软件包安装
  yum: name={{item}} state=latest
  with_items:
    - httpd
    - httpd-devel
    - httpd-manual
- name: 创建apache管理用户 www
  user: name={{user}} state=present
- name: 设置apache开机启动,并启动服务
  service: name=httpd enabled=yes state=started
- name: 拷?配置文件,初始化业务
  copy: src=/etc/ansible/roles/httpd/files/httpd.conf dest=/etc/httpd/conf/httpd.conf
#定义通知调用,当配置文件更新,需要重启服务 notify:
- restart apache - name: 拷?php测试?面
  copy: src=/etc/ansible/roles/httpd/files/phpinfo.php dest=/var/www/html/
[root@manage01 roles]# cat httpd/vars/main.yml user: www
[root@manage01 roles]# cat httpd/handlers/main.yml - name: restart apache service: name=httpd state=restarted

??编写mysql角色的main.yaml文件

 [root@manage01 ansible]# ls roles/php/files/
www.conf
[root@manage01 roles]# cat mysql/tasks/main.yml
- name: mysql 用户创建
  user: name={{user}} state=present
- name: mysql 软件安装
  yum: name={{item}} state=latest with_items:
    - mariadb
    - mariadb-server
- name: 启动服务,并设置开机启动
  service: name=mariadb enabled=yes state=started
- name: 改变mysql文件的所有者为mysql
  file: path=‘/usr/lib/mysql‘ owner={{user}} group={{user}} recurse=yes

[root@manage01 roles]# cat mysql/vars/main.yml
user: mysql

??编写php角色的main.yaml文件

 
[root@manage01 ansible]# cat roles/php/tasks/main.yml 
- name: 安装php yum: name={{item}} state=latest with_items: - php - php-mysqlnd - php-gd - php-ldap - php-odbc - php-pear - php-xml - php-xmlrpc - php-mbstring - php-snmp - php-soap - curl - curl-devel - php-bcmath - php-fpm - name: copy www.conf to /etc/php-fpm.d copy: src=/etc/ansible/roles/php/files/www.conf dest=/etc/php-fpm.d force=yes notify: - restart php-fpm [root@manage01 ansible]# cat roles/php/handlers/main.yml - name: restart php-fpm service: name=php-fpm state=restarted

??编写lamp的playbook文件调用前面定义好的三个?色

 [root@manage01 yaml]# cat lamp.yml
---
- hosts: group1
  remote_user: root
  roles:
  - httpd
  - mysql
  - php
 
测试业务机器

*此文章编写参考白树明老师资料编写如老师看到此文章请谅解* 

以上是关于ansible基础-模块-playbook-roles角色的主要内容,如果未能解决你的问题,请参考以下文章

二ansible基础模块介绍

Ansible系列-基础篇-Ansible 常见模块的使用

自动化运维之Ansible应用基础模块(超详细)

ansible命令应用基础

Ansible:命令应用基础

ansible模块的基础使用