ansible模塊有很多,具體模塊的使用方法可以使用 ansible-doc 命令可以詳細的查看,最下面給的還有實例,很是方便。
ansible-doc service # 查看模塊 service 的使用方法 less 436 Copyright (C) 1984-2009 Mark Nudelman less comes with NO WARRANTY, to the extent permitted by law. For information about the terms of redistribution, see the file named README in the less distribution. Homepage: http://www.greenwoodsoftware.com/less > SERVICE Controls services on remote hosts. Supported init systems include BSD init, OpenRC, SysV, Solaris SMF, systemd, upstart. Options (= is mandatory): - arguments Additional arguments provided on the command line ....... ....... EXAMPLES: # 下面給的一些實例,很是實用 # Example action to start service httpd, if not running - service: name=httpd state=started # Example action to stop service httpd, if running - service: name=httpd state=stopped ... ...
下面我自己羅列的一寫常用的模塊使用方法,便於以後查找使用。
copy 複製本地文件到遠程(類似scp命令)
- copy: src=/srv/myfiles/foo.conf dest=/etc/foo.conf owner=foo group=foo mode=0644 - copy: src=/srv/myfiles/foo.conf dest=/etc/foo.conf owner=foo group=foo mode="u=rw,g=r,o=r" - copy: src=/srv/myfiles/foo.conf dest=/etc/foo.conf owner=foo group=foo mode="u+rw,g-wx,o-rwx" - copy: src=/mine/ntp.conf dest=/etc/ntp.conf owner=root group=root mode=644 backup=yes - copy: src=/mine/sudoers dest=/etc/sudoers validate='visudo -cf %s' ansible test -m copy -a 'src=/tmp/test.txt dest=/tmp/t.txt' # 將本地'/tmp/test.txt'文件複製到test主機並重命名'/tmp/t.txt' ansible test -m copy -a 'src=/tmp/dir dest=/tmp/' # 將本地'/tmp/dir'目錄複製到test主機'/tmp/'目錄下
fetch 遠程文件copy到本地
- fetch: src=/tmp/somefile dest=/tmp/fetched
- fetch: src=/tmp/somefile dest=/tmp/prefix-{{ ansible_hostname }} flat=yes
- fetch: src=/tmp/uniquefile dest=/tmp/special/ flat=yes
- fetch: src=/tmp/uniquefile dest=special/prefix-{{ ansible_hostname }} flat=yesreplace 替換(類似sed命令)
ansible test -m replace -a "dest=/etc/hosts regexp='Old' replace='New' backeup=yes"
authorized_key 添加互信
- authorized_key: user=test state=present key=\"{{ lookup('file', '/home/test/.ssh/id_rsa.pub') }}\" # 添加test互信
- authorized_key: user=test # 遠程用戶
state=present # 新建,absent刪除
key=\"{{ lookup('file', '/home/test/.ssh/id_rsa.pub') }}\" # 本地公鑰
path='/data/test/.ssh/authorized_keys' # 額外指定遠程用戶權限文件,默認是遠程用戶的家目錄下/$HOMEDIR/.ssh/authorized_keys
manage_dir=no # 根據path指定的路徑創建遠程用戶權限文件authorized_keys
ansible all -m authorized_key -a "user=root state=present key=\"{{ lookup('file', '/root/.ssh/id_rsa.pub') }}\"" -k # 將本地root的公鑰導入到遠程用戶root的authorized_keys裏
ansible all -m authorized_key -a "user=root state=present key=\"{{ lookup('file', '/home/test/.ssh/id_rsa.pub') }}\"" -k # 將本地test的公鑰導入到遠程用戶root的authorized_keys裏synchronize 同步(類似rsync命令)
src=/some/relative/path dest=/some/absolute/path dest_port=22 # 指定遠程端口 delete=yes # 使兩邊的內容一樣(即以推送方爲主) compress=yes # 開啓壓縮,默認爲開啓 --exclude=.git # 忽略同步.git結尾的文件 recursive=yes # 遞歸 checksum=yes # 默認 no archive=no links=yes times=no - synchronize: src=/tmp/helloworld dest=/var/www/helloword rsync_opts=--no-motd,--exclude=.gi dest_port=22 - synchronize: src=/tmp/dir dest=/tmp/ dest_port=2020 delete=yes recursive=yes rsync_opts=--no-motd,--exclude=.log # 通過2020端口拷貝目錄/tmp/dir到遠程/tmp/下面,保持和源目錄結構一致,忽略 .log文件 - synchronize: src=/tmp/dir dest=/tmp/ dest_port=2020 delete=yes recursive=yes rsync_opts=--exclude-from=/tmp/ex # 通過2020端口拷貝目錄/tmp/dir到遠程/tmp/下面,保持和源目錄結構一致並且過濾/tmp/ex文件裏的內容
lineinfile 行替換
- lineinfile: dest=/etc/selinux/config regexp=^SELINUX= line=SELINUX=enforcing # 將以“SELINUX”開頭的行換成 “SELINUX=enforcing” - lineinfile: dest=/etc/sudoers state=absent regexp="^%wheel" # 將以 %wheel 開頭的行刪除 - lineinfile: dest=/etc/hosts regexp='^127\.0\.0\.1' line='127.0.0.1 localhost' owner=root group=root mode=0644 - lineinfile: dest=/etc/httpd/conf/httpd.conf regexp="^Listen " insertafter="^#Listen " line="Listen 8080" # 將以 #Listen 開頭行的下面的 以Listen開頭的行換成 Listen 8080 - lineinfile: dest=/etc/httpd/conf/httpd.conf insertafter="^#Listen " line="Listen 8080" # 在 #Listen 開頭行的下面的 添加 Listen 8080 新行 - lineinfile: dest=/etc/httpd/conf/httpd.conf regexp="^Listen " insertbefore="^#Listen " line="Listen 8080" # 將以 #Listen 開頭行的上面的 以Listen開頭的行換成 Listen 8080 - lineinfile: dest=/tmp/testfile line="192.168.1.99 foo.lab.net foo" # 添加一個新行
unarchive 解壓縮
src copy yes|no # yes:默認,壓縮包在本地,src=本地壓縮包路徑,dest=解壓到遠程路徑;no遠程主機已存在壓縮包,src=遠程壓縮包路徑,dest=解壓到遠程路徑 creates # 創建文件目錄,當文件存在就不執行 dest group mode owner - unarchive: src=foo.tgz dest=/var/lib/foo - unarchive: src=/tmp/foo.zip dest=/usr/local/bin copy=no - unarchive: src=/tmp/test.tar.gz dest=/opt/tmp/ creates=/opt/tmp/ copy=no
mysql_relication mysql的主從複製
- mysql_replication: mode=stopslave - mysql_replication: mode=changemaster master_host=192.168.1.1 master_log_file=mysql-bin.000009 master_log_pos=4578 - mysql_replication: mode=getslave login_host=ansible.example.com login_port=3308
mysql_user mysql的用戶授權
- mysql_user: name=bob password=12345 priv=*.*:ALL state=present # 所以權限 - mysql_user: name=bob password=12345 priv=*.*:ALL,GRANT state=present # 所以權限包括 with grant option - mysql_user: name=bob append_privs=true priv=*.*:REQUIRESSL state=present - mysql_user: login_user=root login_password=123456 name=sally state=absent # 刪除用戶 - mysql_user: name=replication password=12345 priv=*.*:"REPLICATION CLIENT" state=present # 創建從用戶