Ansible常用模組介紹及使用(二)--技術流ken
Ansible模組
在上一篇部落格《Ansible基礎認識及安裝使用詳解(一)--技術流ken》中以及簡單的介紹了一下ansible的模組。ansible是基於模組工作的,所以我們必須掌握幾個常用的模組以便能夠從容應對日常的工作。
相信大家在看完上一篇部落格之後應該也已經知道可以使用ansible-doc -s 模組名,可以獲取到模組的使用幫助,在本篇部落格中就不再贅述。
Ansible常用模組介紹
ansible常用模組主要有如下12個:
ping 模組: 嘗試連線主機,如果測試成功會返回‘pong’ command模組: 在遠端節點執行命令 yum模組: 使用yum軟體包管理工具管理軟體包 shell模組: 和command模組類似,執行命令,支援變數等符號 cron模組 : 管理定時任務 service模組: 管理程式服務 file模組: 設定檔案屬性 copy模組: 複製本地檔案到遠端主機 script模組: 傳送本地的一個指令碼並在遠端主機上執行
setup模組: 獲取遠端主機的引數資訊 user模組: 管理使用者賬戶 group模組: 新增或者刪除使用者組
Ansible常用模組使用詳解
下面就針對每個模組的使用進行一一演示
(一)command模組
command的模組是在遠端主機執行命令。預設使用此模組,所以可以省略
例:獲取遠端主機的ip資訊
[[email protected] ~]# ansible all -m command -a "ip a" 10.220.5.138 | SUCCESS | rc=0 >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaultqlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000link/ether 00:0c:29:a9:90:16 brd ff:ff:ff:ff:ff:ff inet 10.220.5.138/24 brd 10.220.5.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fea9:9016/64 scope link valid_lft forever preferred_lft forever 10.220.5.139 | SUCCESS | rc=0 >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000 link/ether 00:0c:29:65:31:ad brd ff:ff:ff:ff:ff:ff inet 10.220.5.139/24 brd 10.220.5.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe65:31ad/64 scope link valid_lft forever preferred_lft forever
(二)cron模組
cron模組是管理定時任務
例:在遠端節點每隔5分鐘往、/tmp/ken.txt輸入111
[[email protected] ~]# ansible all -m cron -a "minute=*/5 job='echo 111>/tmp/ken.txt' state=present" 10.220.5.139 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "None", "None" ] } 10.220.5.138 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "None", "None" ] }
可以檢視是否已經設定成功。可以看到已經安裝成功
[[email protected] ~]# ansible all -a "crontab -l" 10.220.5.138 | SUCCESS | rc=0 >> #Ansible: None */5 * * * * echo 111>/tmp/ken.txt 10.220.5.139 | SUCCESS | rc=0 >> #Ansible: None */5 * * * * echo 111>/tmp/ken.txt
移除計劃任務
[[email protected] ~]# ansible all -a "crontab -r" 10.220.5.138 | SUCCESS | rc=0 >> 10.220.5.139 | SUCCESS | rc=0 >> [[email protected] ~]# ansible all -a "crontab -l" 10.220.5.139 | FAILED | rc=1 >> no crontab for rootnon-zero return code 10.220.5.138 | FAILED | rc=1 >> no crontab for rootnon-zero return code
(三)copy模組
copy模組是複製本機檔案到遠端節點之上
例:複製本機/tmp/ken.sh 到遠端節點上的/tmp下
[[email protected] ~]# ansible all -m copy -a "src=/tmp/ken.sh dest=/tmp" 10.220.5.138 | SUCCESS => { "changed": true, "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "dest": "/tmp/ken.sh", "gid": 0, "group": "root", "md5sum": "d41d8cd98f00b204e9800998ecf8427e", "mode": "0644", "owner": "root", "size": 0, "src": "/root/.ansible/tmp/ansible-tmp-1542373625.27-167828199145082/source", "state": "file", "uid": 0 } 10.220.5.139 | SUCCESS => { "changed": true, "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "dest": "/tmp/ken.sh", "gid": 0, "group": "root", "md5sum": "d41d8cd98f00b204e9800998ecf8427e", "mode": "0644", "owner": "root", "size": 0, "src": "/root/.ansible/tmp/ansible-tmp-1542373625.3-279713897725048/source", "state": "file", "uid": 0 }
檢視是否已經真的傳送過去了。發現在遠端主機的/tmp目錄下面已經有個剛剛我們傳送過去的檔案了
[[email protected] ~]# ansible all -m shell -a "ls /tmp | grep ken.sh" 10.220.5.138 | SUCCESS | rc=0 >> ken.sh 10.220.5.139 | SUCCESS | rc=0 >> ken.sh
(四)yum模組
yum模組是用來管理遠端安裝包的
例:在遠端節點下載httpd服務
[[email protected] ~]# ansible all -m yum -a "name=httpd state=present" 10.220.5.138 | SUCCESS => { "changed": true, "msg": "file:///mnt/repodata/repomd.xml: [Errno 14] curl#37 - \"Couldn't open file /mnt/repodata/repomd.xml\"\nTrying other mirror.\n", "rc": 0, "results": [ "Loaded plugins: fastestmirror, langpacks\nLoading mirror speeds from cached hostfile\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-80.el7.centos.1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n httpd x86_64 2.4.6-80.el7.centos.1 updates 2.7 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 2.7 M\nInstalled size: 9.4 M\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : httpd-2.4.6-80.el7.centos.1.x86_64 1/1 \n Verifying : httpd-2.4.6-80.el7.centos.1.x86_64 1/1 \n\nInstalled:\n httpd.x86_64 0:2.4.6-80.el7.centos.1 \n\nComplete!\n" ] } 10.220.5.139 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror, langpacks\nLoading mirror speeds from cached hostfile\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-80.el7.centos.1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n httpd x86_64 2.4.6-80.el7.centos.1 updates 2.7 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 2.7 M\nInstalled size: 9.4 M\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : httpd-2.4.6-80.el7.centos.1.x86_64 1/1 \n Verifying : httpd-2.4.6-80.el7.centos.1.x86_64 1/1 \n\nInstalled:\n httpd.x86_64 0:2.4.6-80.el7.centos.1 \n\nComplete!\n" ] }
檢視是否已經安裝成功
[[email protected] ~]# ansible all -m yum -a "list=httpd" 10.220.5.138 | SUCCESS => { "changed": false, "results": [ { "arch": "x86_64", "envra": "0:httpd-2.4.6-80.el7.centos.1.x86_64", "epoch": "0", "name": "httpd", "release": "80.el7.centos.1", "repo": "installed", "version": "2.4.6", "yumstate": "installed" }, { "arch": "x86_64", "envra": "0:httpd-2.4.6-80.el7.centos.1.x86_64", "epoch": "0", "name": "httpd", "release": "80.el7.centos.1", "repo": "updates", "version": "2.4.6", "yumstate": "available" }, { "arch": "x86_64", "envra": "0:httpd-2.4.6-80.el7.centos.x86_64", "epoch": "0", "name": "httpd", "release": "80.el7.centos", "repo": "centos7", "version": "2.4.6", "yumstate": "available" }, { "arch": "x86_64", "envra": "0:httpd-2.4.6-80.el7.centos.x86_64", "epoch": "0", "name": "httpd", "release": "80.el7.centos", "repo": "ken", "version": "2.4.6", "yumstate": "available" } ] } 10.220.5.139 | SUCCESS => { "changed": false, "results": [ { "arch": "x86_64", "envra": "0:httpd-2.4.6-80.el7.centos.1.x86_64", "epoch": "0", "name": "httpd", "release": "80.el7.centos.1", "repo": "installed", "version": "2.4.6", "yumstate": "installed" }, { "arch": "x86_64", "envra": "0:httpd-2.4.6-80.el7.centos.1.x86_64", "epoch": "0", "name": "httpd", "release": "80.el7.centos.1", "repo": "updates", "version": "2.4.6", "yumstate": "available" }, { "arch": "x86_64", "envra": "0:httpd-2.4.6-80.el7.centos.x86_64", "epoch": "0", "name": "httpd", "release": "80.el7.centos", "repo": "centos7", "version": "2.4.6", "yumstate": "available" } ] }
(五)service模組
service模組是用來管理服務程式的
例:啟動遠端節點的httpd服務
[[email protected] ~]# ansible all -m service -a "name=httpd state=restarted" 10.220.5.138 | SUCCESS => { "changed": true, "name": "httpd", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "nss-lookup.target systemd-journald.socket network.target tmp.mount system.slice remote-fs.target -.mount basic.target", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", ....
輸出資訊很長,我就省略了。現在檢視是否已經啟動成功
[[email protected] ~]# ansible all -m shell -a "ss -tnl | grep 80" 10.220.5.139 | SUCCESS | rc=0 >> LISTEN 0 128 :::80 :::* 10.220.5.138 | SUCCESS | rc=0 >> LISTEN 0 128 :::80 :::*
(六)file模組
file模組是用來設定檔案屬性的
例:在遠端節點的/tmp下建立一個test.txt檔案
[[email protected] ~]# ansible all -m file -a "state=touch path=/tmp/test.txt" 10.220.5.139 | SUCCESS => { "changed": true, "dest": "/tmp/test.txt", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "size": 0, "state": "file", "uid": 0 } 10.220.5.138 | SUCCESS => { "changed": true, "dest": "/tmp/test.txt", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "size": 0, "state": "file", "uid": 0 }
檢視檔案是否已經建立成功
[[email protected] ~]# ansible all -m shell -a "ls /tmp | grep test.txt" 10.220.5.138 | SUCCESS | rc=0 >> test.txt 10.220.5.139 | SUCCESS | rc=0 >> test.txt
(七)shell模組
shell模組和command模組類似即遠端執行命令
但是比command更強大
例如:統計遠端節點/tmp目錄下有多少檔案
我們首先使用command看下效果
[[email protected] ~]# ansible all -a "ls /tmp | wc -l" 10.220.5.139 | FAILED | rc=2 >> /tmp: total 4 drwx------ 2 root root 65 Nov 17 05:25 ansible_aIMVHi -rw-r--r-- 1 root root 0 Nov 17 05:07 ken.sh -rw-r--r-- 1 root root 0 Nov 17 05:00 ken.txt drwx------ 3 root root 17 Nov 7 16:04 systemd-private-2e376cd91398450f85a81bc060207ef8-chronyd.service-TxdhUO drwx------ 3 root root 17 Nov 7 16:05 systemd-private-2e376cd91398450f85a81bc060207ef8-httpd.service-k8IZOZ drwx------ 3 root root 17 Nov 15 15:58 systemd-private-5c9f32d6cff64520b10075e086d943ab-chronyd.service-iAH3c0 drwx------ 3 root root 17 Nov 15 15:58 systemd-private-5c9f32d6cff64520b10075e086d943ab-httpd.service-dsAqeg drwx------ 3 root root 17 Nov 14 15:56 systemd-private-65ded84926e64a90b0a201a805f752ca-chronyd.service-eSj3iR drwx------ 3 root root 17 Nov 16 16:00 systemd-private-6706ba5361284cd4a0c91f3c8b68c606-chronyd.service-sLgAei drwx------ 3 root root 17 Nov 17 05:17 systemd-private-6706ba5361284cd4a0c91f3c8b68c606-httpd.service-u6vla7 -rw-r--r-- 1 root root 0 Nov 17 05:22 test.txt drwx------ 2 root root 6 Nov 15 15:58 vmware-root -rw------- 1 root root 467 Nov 15 16:02 yum_save_tx.2018-11-15.16-02.KHC9kd.yumtxls: cannot access |: No such file or directory ls: cannot access wc: No such file or directorynon-zero return code 10.220.5.138 | FAILED | rc=2 >> /tmp: total 0 drwx------ 2 root root 65 Nov 16 21:25 ansible_v4MF1q drwxr-xr-x 2 root root 19 Nov 7 09:35 hsperfdata_root drwxr-xr-x 2 zabbix zabbix 19 Nov 7 08:48 hsperfdata_zabbix ...
可以看到命令執行失敗
現在我們再使用shell執行相同的操作看下效果
可以發現這次獲取到了我們所需要的資訊
[[email protected] ~]# ansible all -m shell -a "ls /tmp | wc -l" 10.220.5.138 | SUCCESS | rc=0 >> 13 10.220.5.139 | SUCCESS | rc=0 >> 13
(八)ping模組
ping模組可以探測遠端主機
不用加任何的引數資訊
獲取成功就會返回pong
[[email protected] ~]# ansible all -m ping 10.220.5.139 | SUCCESS => { "changed": false, "ping": "pong" } 10.220.5.138 | SUCCESS => { "changed": false, "ping": "pong" }
接下來還有四個常用模組,因為我換了自己的電腦,所以IP地址不再是上面的那些。
(九)setup模組
setup模組用來獲取節點的引數資訊
獲取到的資訊很詳細,大家如果感興趣可以研究一下
[[email protected] ~]# ansible all -m setup 192.168.43.176 | SUCCESS => { "ansible_facts": { "ansible_all_ipv4_addresses": [ "192.168.11.5", "192.168.43.176" ], "ansible_all_ipv6_addresses": [ "fe80::20c:29ff:fea5:e9ae", "2408:84f4:83:54f1:20c:29ff:fea5:e9a4", "fe80::20c:29ff:fea5:e9a4" ], "ansible_apparmor": { "status": "disabled" }, "ansible_architecture": "x86_64", "ansible_bios_date": "07/02/2015", "ansible_bios_version": "6.00", "ansible_cmdline": { "BOOT_IMAGE": "/vmlinuz-3.10.0-862.el7.x86_64", "biosdevname": "0", "crashkernel": "auto", "net.ifnames": "0", "quiet": true, "rd.lvm.lv": "centos/swap", "rhgb": true, "ro": true, "root": "/dev/mapper/centos-root" }, "ansible_date_time": { "date": "2018-11-16", "day": "16", "epoch": "1542378922", "hour": "22", "iso8601": "2018-11-16T14:35:22Z", "iso8601_basic": "20181116T223522739565", "iso8601_basic_short": "20181116T223522", "iso8601_micro": "2018-11-16T14:35:22.739656Z", "minute": "35", "month": "11", "second": "22", "time": "22:35:22", "tz": "CST", "tz_offset": "+0800", "weekday": "Friday", "weekday_number": "5", "weeknumber": "46", "year": "2018" }, ...
(十)script模組
作用是將本地的一個指令碼傳送至遠端主機上面並執行
無需加多餘引數,只需要在-a後面加上本地指令碼路徑即可
[[email protected] ~]# ansible all -m script -a /tmp/test.sh 192.168.43.175 | CHANGED => { "changed": true, "rc": 0, "stderr": "Shared connection to 192.168.43.175 closed.\r\n", "stderr_lines": [ "Shared connection to 192.168.43.175 closed." ], "stdout": "server\r\n", "stdout_lines": [ "server" ] } 192.168.43.176 | CHANGED => { "changed": true, "rc": 0, "stderr": "Shared connection to 192.168.43.176 closed.\r\n", "stderr_lines": [ "Shared connection to 192.168.43.176 closed." ], "stdout": "agent\r\n", "stdout_lines": [ "agent" ] }
(十一)user模組
user模組是請求的是useradd, userdel, usermod三個指令
如下的命令含義是建立一個ken使用者,shell型別為/sbin/nologin,uid號為454,系統使用者
[[email protected] ~]# ansible all -m user -a "name=ken shell=/sbin/nologin uid=454 state=present" 192.168.43.176 | FAILED! => { "changed": false, "msg": "useradd: UID 454 is not unique\n", "name": "ken", "rc": 4 } 192.168.43.175 | CHANGED => { "changed": true, "comment": "", "create_home": true, "group": 100, "home": "/home/ken", "name": "ken", "shell": "/sbin/nologin", "state": "present", "system": false, "uid": 454 }
從上面的執行結果來看192.168.43.176執行失敗了,根據提示可知uid454的使用者可能已經存在,讓我們來看一下是否真的存在
命令返回結果顯示uid454為nginx使用者
[[email protected] ~]# ansible 192.168.43.176 -a "grep 454 /etc/passwd" 192.168.43.176 | CHANGED | rc=0 >> nginx:x:454:454:Nginx web server:/var/lib/nginx:/sbin/nologin
再來看一下192.168.43.175執行成功的
[[email protected] ~]# ansible 192.168.43.175 -a "tail -1 /etc/passwd" 192.168.43.175 | CHANGED | rc=0 >> ken:x:454:100::/home/ken:/sbin/nologin
(十二)group模組
goup模組請求的是groupadd, groupdel, groupmod 三個指令
如下命令含義是建立一個名為test1的組,gid為1122,在遠端主機可用
[[email protected] ~]# ansible all -m group -a "name=test1 gid=1122 state=present" 192.168.43.176 | CHANGED => { "changed": true, "gid": 1122, "name": "test1", "state": "present", "system": false } 192.168.43.175 | CHANGED => { "changed": true, "gid": 1122, "name": "test1", "state": "present", "system": false }