ansible模块有很多,具体模块的使用方法可以使用 ansible-doc 命令可以详细的查看,最下面给的还有实例,很是方便。
ansible-doc service # 查看模块 service 的使用方法 less 436 Copyright (C) 1984-2009 Mark Nudelman less comes with NO WARRANTY, to the extent permitted by law. For information about the terms of redistribution, see the file named README in the less distribution. Homepage: http://www.greenwoodsoftware.com/less > SERVICE Controls services on remote hosts. Supported init systems include BSD init, OpenRC, SysV, Solaris SMF, systemd, upstart. Options (= is mandatory): - arguments Additional arguments provided on the command line ....... ....... EXAMPLES: # 下面给的一些实例,很是实用 # Example action to start service httpd, if not running - service: name=httpd state=started # Example action to stop service httpd, if running - service: name=httpd state=stopped ... ...
下面我自己罗列的一写常用的模块使用方法,便于以后查找使用。
copy 复制本地文件到远程(类似scp命令)
- copy: src=/srv/myfiles/foo.conf dest=/etc/foo.conf owner=foo group=foo mode=0644 - copy: src=/srv/myfiles/foo.conf dest=/etc/foo.conf owner=foo group=foo mode="u=rw,g=r,o=r" - copy: src=/srv/myfiles/foo.conf dest=/etc/foo.conf owner=foo group=foo mode="u+rw,g-wx,o-rwx" - copy: src=/mine/ntp.conf dest=/etc/ntp.conf owner=root group=root mode=644 backup=yes - copy: src=/mine/sudoers dest=/etc/sudoers validate='visudo -cf %s' ansible test -m copy -a 'src=/tmp/test.txt dest=/tmp/t.txt' # 将本地'/tmp/test.txt'文件复制到test主机并重命名'/tmp/t.txt' ansible test -m copy -a 'src=/tmp/dir dest=/tmp/' # 将本地'/tmp/dir'目录复制到test主机'/tmp/'目录下
fetch 远程文件copy到本地
- fetch: src=/tmp/somefile dest=/tmp/fetched
- fetch: src=/tmp/somefile dest=/tmp/prefix-{{ ansible_hostname }} flat=yes
- fetch: src=/tmp/uniquefile dest=/tmp/special/ flat=yes
- fetch: src=/tmp/uniquefile dest=special/prefix-{{ ansible_hostname }} flat=yesreplace 替换(类似sed命令)
ansible test -m replace -a "dest=/etc/hosts regexp='Old' replace='New' backeup=yes"
authorized_key 添加互信
- authorized_key: user=test state=present key=\"{{ lookup('file', '/home/test/.ssh/id_rsa.pub') }}\" # 添加test互信
- authorized_key: user=test # 远程用户
state=present # 新建,absent删除
key=\"{{ lookup('file', '/home/test/.ssh/id_rsa.pub') }}\" # 本地公钥
path='/data/test/.ssh/authorized_keys' # 额外指定远程用户权限文件,默认是远程用户的家目录下/$HOMEDIR/.ssh/authorized_keys
manage_dir=no # 根据path指定的路径创建远程用户权限文件authorized_keys
ansible all -m authorized_key -a "user=root state=present key=\"{{ lookup('file', '/root/.ssh/id_rsa.pub') }}\"" -k # 将本地root的公钥导入到远程用户root的authorized_keys里
ansible all -m authorized_key -a "user=root state=present key=\"{{ lookup('file', '/home/test/.ssh/id_rsa.pub') }}\"" -k # 将本地test的公钥导入到远程用户root的authorized_keys里synchronize 同步(类似rsync命令)
src=/some/relative/path dest=/some/absolute/path dest_port=22 # 指定远程端口 delete=yes # 使两边的内容一样(即以推送方为主) compress=yes # 开启压缩,默认为开启 --exclude=.git # 忽略同步.git结尾的文件 recursive=yes # 递归 checksum=yes # 默认 no archive=no links=yes times=no - synchronize: src=/tmp/helloworld dest=/var/www/helloword rsync_opts=--no-motd,--exclude=.gi dest_port=22 - synchronize: src=/tmp/dir dest=/tmp/ dest_port=2020 delete=yes recursive=yes rsync_opts=--no-motd,--exclude=.log # 通过2020端口拷贝目录/tmp/dir到远程/tmp/下面,保持和源目录结构一致,忽略 .log文件 - synchronize: src=/tmp/dir dest=/tmp/ dest_port=2020 delete=yes recursive=yes rsync_opts=--exclude-from=/tmp/ex # 通过2020端口拷贝目录/tmp/dir到远程/tmp/下面,保持和源目录结构一致并且过滤/tmp/ex文件里的内容
lineinfile 行替换
- lineinfile: dest=/etc/selinux/config regexp=^SELINUX= line=SELINUX=enforcing # 将以“SELINUX”开头的行换成 “SELINUX=enforcing” - lineinfile: dest=/etc/sudoers state=absent regexp="^%wheel" # 将以 %wheel 开头的行删除 - lineinfile: dest=/etc/hosts regexp='^127\.0\.0\.1' line='127.0.0.1 localhost' owner=root group=root mode=0644 - lineinfile: dest=/etc/httpd/conf/httpd.conf regexp="^Listen " insertafter="^#Listen " line="Listen 8080" # 将以 #Listen 开头行的下面的 以Listen开头的行换成 Listen 8080 - lineinfile: dest=/etc/httpd/conf/httpd.conf insertafter="^#Listen " line="Listen 8080" # 在 #Listen 开头行的下面的 添加 Listen 8080 新行 - lineinfile: dest=/etc/httpd/conf/httpd.conf regexp="^Listen " insertbefore="^#Listen " line="Listen 8080" # 将以 #Listen 开头行的上面的 以Listen开头的行换成 Listen 8080 - lineinfile: dest=/tmp/testfile line="192.168.1.99 foo.lab.net foo" # 添加一个新行
unarchive 解压缩
src copy yes|no # yes:默认,压缩包在本地,src=本地压缩包路径,dest=解压到远程路径;no远程主机已存在压缩包,src=远程压缩包路径,dest=解压到远程路径 creates # 创建文件目录,当文件存在就不执行 dest group mode owner - unarchive: src=foo.tgz dest=/var/lib/foo - unarchive: src=/tmp/foo.zip dest=/usr/local/bin copy=no - unarchive: src=/tmp/test.tar.gz dest=/opt/tmp/ creates=/opt/tmp/ copy=no
mysql_relication mysql的主从复制
- mysql_replication: mode=stopslave - mysql_replication: mode=changemaster master_host=192.168.1.1 master_log_file=mysql-bin.000009 master_log_pos=4578 - mysql_replication: mode=getslave login_host=ansible.example.com login_port=3308
mysql_user mysql的用户授权
- mysql_user: name=bob password=12345 priv=*.*:ALL state=present # 所以权限 - mysql_user: name=bob password=12345 priv=*.*:ALL,GRANT state=present # 所以权限包括 with grant option - mysql_user: name=bob append_privs=true priv=*.*:REQUIRESSL state=present - mysql_user: login_user=root login_password=123456 name=sally state=absent # 删除用户 - mysql_user: name=replication password=12345 priv=*.*:"REPLICATION CLIENT" state=present # 创建从用户