一、ansible詳解
ansible是新出現的自動化運維工具,基於Python開發,集合了衆多運維工具(puppet、cfengine、chef、func、fabric)的優點,實現了批量系統配置、批量程序部署、批量運行命令等功能。ansible是基於模塊工作的,本身沒有批量部署的能力。 ansible是基於 paramiko 開發的,並且基於模塊化工作,本身沒有批量部署的能力。真正具有批量部署的是ansible所運行的模塊,ansible只是提供一種框架。ansible不需要在遠程主機上安裝client/agents,因爲它們是基於ssh來和遠程主機通訊的。且真正具有批量部署的是ansible所運行的模塊,ansible只是提供一種框架。主要包括:如下:
- 連接插件connection plugins:負責和被監控端實現通信;
- host inventory:指定操作的主機,是一個配置文件裏面定義監控的主機;
- 各種模塊核心模塊、command模塊、自定義模塊;
- 藉助於插件完成記錄日誌郵件等功能;
- playbook:劇本執行多個任務時,非必需可以讓節點一次性運行多個任務。
- ansible目前已經已經被紅帽官方收購,是自動化運維工具中大家認可度最高的,並且上手容易,學習簡單。是每位運維工程師必須掌握的技能之一。
- 部署簡單,只需在主控端部署Ansible環境,被控端無需做任何操作;
- 默認使用SSH協議對設備進行管理;(ansible和遠程主機有連接是因爲ssh協議 ansible要對遠程主機進行免密登錄 ssh–22)
- 有大量常規運維操作模塊,可實現日常絕大部分操作;
- 配置簡單、功能強大、擴展性強;
- 支持API及自定義模塊,可通過Python輕鬆擴展;
- 通過Playbooks來定製強大的配置、狀態管理;
- 輕量級,無需在客戶端安裝agent,更新時,只需在操作機上進行一次更新即可;
- 提供一個功能強大、操作性強的Web管理界面和REST API接口——AWX平臺。
- 如上圖所見 ansible常用模塊如下列所示:
- ansible core : ansible 自身核心模塊
- host inventory: 主機庫,定義可管控的主機列表
- connection plugins: 連接插件,一般默認基於 ssh 協議連接
- modules:core modules (自帶模塊 核心) custom modules (自定義模塊)
playbooks :劇本,按照所設定編排的順序執行完成安排任務
ansible任務執行模式:
Ansible 系統由控制主機對被管節點的操作方式可分爲兩類,即adhoc和playbook:
- ad-hoc模式(點對點模式): 使用單個模塊,支持批量執行單條命令。ad-hoc 命令是一種可以快速輸入的命令,而且不需要保存起來的命令。就相當於bash中的一句話shell。
- playbook模式(劇本模式): 是Ansible主要管理方式,也是Ansible功能強大的關鍵所在。playbook通過多個task集合完成一類功能,如Web服務的安裝部署、數據庫服務器的批量備份等。可以簡單地把playbook理解爲通過組合多條ad-hoc操作的配置文件。
ansible執行流程:
是Ansible主要管理方式,也是Ansible功能強大的關鍵所在。playbook通過多個task集合完成一類功能,如Web服務的安裝部署、數據庫服務器的批量備份等。可以簡單地把playbook理解爲通過組合多條ad-hoc操作的配置文件。
- ansible hosts(主機清單) -m module_name(模塊名) -a job(對後端主機進行的操作)
- -M 指定模塊路徑
- -m 使用模塊,默認 command 模塊
- -a or –args 模塊參數
- -i inventory 文件路徑,或可執行腳本
- -k 使用交互式登錄密碼
- -e 定義變量
- -v 詳細信息,-vvvv 開啓 debug 模式
- ansible的執行結果:
- ansible的執行結果
- 綠色 執行成功
- 紅色 執行失敗
- 黃色 執行成功 並且對後端的主機進行了修改
- 紫色 警告
二、環境部署及實操
所需安裝包從這裏獲取:
鏈接:https://pan.baidu.com/s/122DrPPev90Q3cVEN6uCEbw
提取碼:ozal
服務 | IP |
---|---|
ansible | 192.168.20.10 |
客戶端01 | 192.168.20.20 |
客戶端02 | 192.168.20.30 |
先展示脫網安裝在做聯網安裝
-
- 把所需的安裝包拖進ansible服務器新建的文件夾ansibleapp內
[root@lpj1 ~]# createrepo /root/app
Directory /root/app must exist
[root@lpj1 ~]# createrepo /root/ansibleapp
Spawning worker 0 with 11 pkgs
Workers Finished
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete
[root@lpj1 ~]# ls /root/ansibleapp/
ansible-2.4.2.0-2.el7.noarch.rpm
libyaml-0.1.4-11.el7_0.x86_64.rpm
python2-jmespath-0.9.0-3.el7.noarch.rpm
python-babel-0.9.6-8.el7.noarch.rpm
python-httplib2-0.9.2-1.el7.noarch.rpm
python-jinja2-2.7.2-2.el7.noarch.rpm
python-markupsafe-0.11-10.el7.x86_64.rpm
python-paramiko-2.1.1-2.el7.noarch.rpm
python-passlib-1.6.5-2.el7.noarch.rpm
PyYAML-3.10-11.el7.x86_64.rpm
repodata
sshpass-1.06-2.el7.x86_64.rpm
- 新做一個yum源
[root@lpj1 ~]# cd /etc/yum.repos.d/
[root@lpj1 yum.repos.d]# vim ansible.repo
[root@lpj1 yum.repos.d]# cat ansible.repo
[ansible]
name=ansible
baseurl=file:///root/ansibleapp
enabled=1
gpgcheck=0
- 進行安裝及查看版本
[root@lpj1 yum.repos.d]# yum -y install ansible
[root@lpj1 yum.repos.d]# ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
聯網安裝如下:(能夠ping通baidu)
[root@lpj2 ~]# cd /etc/yum.repos.d/
[root@lpj2 yum.repos.d]# wget http://mirrors.aliyun.com/repo/Centos-7.repo
--2020-06-10 16:17:47-- http://mirrors.aliyun.com/repo/Centos-7.repo
正在解析主機 mirrors.aliyun.com (mirrors.aliyun.com)... 60.221.72.241, 60.221.72.243, 124.165.216.248, ...
正在連接 mirrors.aliyun.com (mirrors.aliyun.com)|60.221.72.241|:80... 已連接。
已發出 HTTP 請求,正在等待迴應... 200 OK
長度:2523 (2.5K) [application/octet-stream]
正在保存至: “Centos-7.repo.1”
100%[==================================>] 2,523 --.-K/s 用時 0s
2020-06-10 16:17:47 (311 MB/s) - 已保存 “Centos-7.repo.1” [2523/2523])
[root@lpj2 yum.repos.d]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
--2020-06-10 16:15:29-- http://mirrors.aliyun.com/repo/epel-7.repo
正在解析主機 mirrors.aliyun.com (mirrors.aliyun.com)... 124.165.216.238, 139.170.154.152, 116.177.243.231, ...
正在連接 mirrors.aliyun.com (mirrors.aliyun.com)|124.165.216.238|:80... 已連接。
已發出 HTTP 請求,正在等待迴應... 200 OK
長度:664 [application/octet-stream]
正在保存至: “/etc/yum.repos.d/epel.repo”
100%[==================================>] 664 --.-K/s 用時 0s
2020-06-10 16:15:29 (152 MB/s) - 已保存 “/etc/yum.repos.d/epel.repo” [664/664])
2020-06-10 16:11:41 (352 MB/s) - 已保存 “Centos-7.repo” [2523/2523])
[root@lpj2 yum.repos.d]# yum -y install ansible
查看版本
[root@lpj2 yum.repos.d]# ansible --version
ansible 2.9.9
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
主控端生成祕鑰
[root@lpj1 ~]# ssh-keygen ## 4次回車
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:wed2LJ4toiiTfH49BaIzfkoZqedj7lH5J7Fil3OdziY root@lpj1
The key's randomart image is:
+---[RSA 2048]----+
| |
| . |
| o . |
| ....+ . |
| o.o.S.+ o |
| .++ . *.* . |
| ..o=oo.O.* + |
| =+=+o+o*E+. |
| OB=. . oo |
+----[SHA256]-----+
[root@lpj1 ~]# cd /root/.ssh/
[root@lpj1 .ssh]# ls
id_rsa id_rsa.pub
id_rsa私鑰 id_rsa.pub公鑰
公鑰傳遞到遠程主機上
[root@lpj1 .ssh]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.20.20 (192.168.20.20)' can't be established.
ECDSA key fingerprint is SHA256:toHBDUUac+V6dbIrzsgiZfD38kR35IwY6NsDfkEwyXE.
ECDSA key fingerprint is MD5:4c:9f:c4:1b:d8:1e:bf:97:80:e6:55:f6:68:f1:56:1e.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 輸入所遠程連接主機的用戶密碼
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
遠程連接第二臺
[root@lpj1 .ssh]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.20.30 (192.168.20.30)' can't be established.
ECDSA key fingerprint is SHA256:bEN7HssU4h/61Fs5KCK9FM4iZCBIa76702eEBpGHHPU.
ECDSA key fingerprint is MD5:05:0d:46:30:8d:1b:4d:aa:6f:28:b2:64:2b:94:e6:23.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
查看遠程主機上的公鑰
第一臺
[root@lpj2 ~]# cd /root/.ssh/
[root@lpj2 .ssh]# ls
authorized_keys
第二臺
[root@lpj3 ~]# cd /root/.ssh/
[root@lpj3 .ssh]# ls
authorized_keys
[root@lpj3 .ssh]#
回到ansible服務器上 遠程連接客戶端 看是否連接成功
[root@lpj1 .ssh]# ssh [email protected]
Last login: Wed Jun 10 16:25:33 2020 from 192.168.20.1
[root@lpj2 ~]# exit
logout
Connection to 192.168.20.20 closed.
[root@lpj1 .ssh]# ssh [email protected]
Last login: Wed Jun 10 15:57:21 2020 from 192.168.20.1
[root@lpj3 ~]# exit
logout
Connection to 192.168.20.30 closed.
[root@lpj1 .ssh]#
-- 列出ansible所有的模塊 ## -l 列出
[root@lpj1 ansible]# ansible-doc -l
a10_server Manage A10 Networks AX/SoftAX/Thu.
a10_server_axapi3 Manage A10 Networks AX/SoftAX/Thu.
a10_service_group Manage A10 Networks AX/SoftAX/Thu.
a10_virtual_server Manage A10 Networks AX/SoftAX/Thu.
accelerate Enable accelerated mode on remote.
aci_aep Manage attachable Access Entity P.
aci_ap Manage top level Application Prof.
aci_bd Manage Bridge Domains (BD) on Cis.
aci_bd_subnet Manage Subnets on Cisco ACI fabri.
aci_bd_to_l3out Bind Bridge Domain to L3 Out on C.
aci_config_rollback Provides rollback and rollback pr.
aci_config_snapshot Manage Config Snapshots on Cisco .
aci_contract Manage contract resources on Cisc.
aci_contract_subject Manage initial Contract Subjects .
aci_contract_subject_to_filter Bind Contract Subjects to Filters.
aci_epg Manage End Point Groups (EPG) on .
aci_epg_monitoring_policy Manage monitoring policies on Cis.
aci_epg_to_contract Bind EPGs to Contracts on Cisco A.
aci_epg_to_domain Bind EPGs to Domains on Cisco ACI.
: ##使用q退出 如果死機 終端關掉就可以了
-- 查看模塊的幫助信息 ##-s 加載模塊名
[root@lpj1 ansible]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on
ping:
data: # Data to return for the `ping' return value. I
this parameter is
set to `crash',
the module will
cause an
exception.
ansible常用模塊之 ping 測試主控端和遠程主機是否能夠連通 ssh
[root@lpj1 .ssh]# cd /etc/ansible/
[root@lpj1 ansible]# vim hosts ## 主機清單
[peng] ##清單名稱
192.168.20.20 ##遠程主機的IP
192.168.20.30
[jie]
192.168.20.20
[root@lpj1 ansible]# ansible peng -m ping
192.168.20.20 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.20.30 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@lpj1 ansible]# ansible jie -m ping
192.168.20.20 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@lpj1 ansible]# ansible all -m ping ##all所有主機清單中的所有主機
192.168.20.30 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.20.20 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@lpj1 ansible]# ansible 192.168.20.30 -m ping ## 通過IP測試
192.168.20.30 | SUCCESS => {
"changed": false,
"ping": "pong"
}
ansible常用模塊之 command : command 模塊用於在遠程主機上執行命令,
ansible默認就是使用 command 模塊。
command 模塊有一個缺點的缺陷是不能用特殊符號 例如| > >>
[root@lpj1 ansible]# ansible all -m command -a "ls /home"
192.168.20.30 | SUCCESS | rc=0 >>
peng
192.168.20.20 | SUCCESS | rc=0 >>
peng
## 參數 chdir 切換目錄
## creates 當指定文件存在時,命令不執行 當指定文件不存在時,命令執行
##removes 當指定的文件存在時,命令執行 當指定文件不存在時 命令不執行
chdir演示如下 :
[root@lpj1 ansible]# ansible all -m command -a "chdir=/home ls"
192.168.20.20 | SUCCESS | rc=0 >>
peng
zs
192.168.20.30 | SUCCESS | rc=0 >>
ls
peng
creates演示如下 :
[root@lpj1 ansible]# ansible all -m command -a "creates=/etc/fstab ls /home" ##存在時
192.168.20.30 | SUCCESS | rc=0 >>
skipped, since /etc/fstab exists
192.168.20.20 | SUCCESS | rc=0 >>
skipped, since /etc/fstab exists
[root@lpj1 ansible]# ansible all -m command -a "creates=/etc/fstabbbbbb ls /home" ##不存在時候
192.168.20.30 | SUCCESS | rc=0 >>
ls
peng
192.168.20.20 | SUCCESS | rc=0 >>
peng
zs
removes演示如下 :
[root@lpj1 ansible]# ansible all -m command -a "removes=/etc/fstab ls /home" ##存在時
192.168.20.30 | SUCCESS | rc=0 >>
ls
peng
192.168.20.20 | SUCCESS | rc=0 >>
peng
zs
[root@lpj1 ansible]# ansible all -m command -a "removes=/etc/fstabdfsfsdf ls /home" ## 不存在時
192.168.20.30 | SUCCESS | rc=0 >>
skipped, since /etc/fstabdfsfsdf does not exist
192.168.20.20 | SUCCESS | rc=0 >>
skipped, since /etc/fstabdfsfsdf does not exist
ansible常用的模塊之 : shell:shell模塊用於在受控主機上執行受控主機上的腳本,也可以直接在受控主機上執行命令,是萬能模塊
[root@lpj1 ansible]# ansible all -m shell -a "touch /home/aa"
[WARNING]: Consider using file module with state=touch rather than running touch
192.168.20.20 | SUCCESS | rc=0 >>
192.168.20.30 | SUCCESS | rc=0 >>
[root@lpj1 ansible]# ansible all -m shell -a "ls /home | grep aa"
192.168.20.30 | SUCCESS | rc=0 >>
aa
192.168.20.20 | SUCCESS | rc=0 >>
aa
[root@lpj1 ansible]# ansible all -m shell -a "echo '123' > /home/aa "
192.168.20.20 | SUCCESS | rc=0 >>
192.168.20.30 | SUCCESS | rc=0 >>
[root@lpj1 ansible]# ansible all -m shell -a "cat /home/aa "
192.168.20.30 | SUCCESS | rc=0 >>
123
192.168.20.20 | SUCCESS | rc=0 >>
123
ansible常用命令 user : 管理或者創建遠程主機上的用戶
參數 :參數: name 指定用戶名 如果用戶不存在 則創建該用戶
[root@lpj1 ansible]# ansible all -m user -a "name=aa"
192.168.20.20 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 1002,
"home": "/home/aa",
"name": "aa",
"shell": "/bin/bash",
"state": "present",
"stderr": "useradd: warning: the home directory already exists.\nNot copying any file from skel directory into it.\n",
"stderr_lines": [
"useradd: warning: the home directory already exists.",
"Not copying any file from skel directory into it."
],
"system": false,
"uid": 1002
}
192.168.20.30 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 1002,
"home": "/home/aa",
"name": "aa",
"shell": "/bin/bash",
"state": "present",
"stderr": "useradd: warning: the home directory already exists.\nNot copying any file from skel directory into it.\n",
"stderr_lines": [
"useradd: warning: the home directory already exists.",
"Not copying any file from skel directory into it."
],
"system": false,
"uid": 1002
}
[root@lpj1 ansible]# ansible all -m shell -a "tail -1 /etc/passwd" ##password 給用戶添加密碼 修改密碼 添加密碼的時候只能識別加密後的字符
192.168.20.30 | SUCCESS | rc=0 >>
aa:x:1002:1002::/home/aa:/bin/bash
192.168.20.20 | SUCCESS | rc=0 >>
aa:x:1002:1002::/home/aa:/bin/bash
[root@lpj1 ansible]# yum -y install openssl-devel
[root@lpj1 ansible]# openssl passwd -1 123.com
$1$xNp3AQv9$UnFy1fpdc0m4/TuUJsqmj/
[root@lpj1 ansible]# ansible all -m user -a 'name=aa password=$1$xNp3AQv9$UnFy1fpdc0m4/TuUJsqmj/ '
192.168.20.20 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 1002,
"home": "/home/aa",
"move_home": false,
"name": "aa",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 1002
}
192.168.20.30 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 1002,
"home": "/home/aa",
"move_home": false,
"name": "aa",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 1002
} ## 這裏要單引號 雙引號不行
遠程主機上進行驗證
[peng@lpj2 ~]$ su aa
密碼:123.com
bash: /home/aa/.bashrc: 不是目錄
bash-4.2$
參數:
exit 返回到root用戶
uid 指定用戶的uid
group 指定用戶的基本組
groups 指定用戶的附加組
append=yes 增量增加附加組 相當於把用戶添加到另一個附加組中
append=no 全量添加附加組 相當於只設置一個附加組
指定uid
[root@lpj1 ansible]# ansible all -m user -a "uid=1030 name=test"
192.168.20.30 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 1030,
"home": "/home/test",
"name": "test",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1030
}
192.168.20.20 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 1030,
"home": "/home/test",
"name": "test",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1030
}
[root@lpj1 ansible]# ansible all -m shell -a "tail -2 /etc/passwd"
192.168.20.30 | SUCCESS | rc=0 >>
aa:x:1002:1002::/home/aa:/bin/bash
test:x:1030:1030::/home/test:/bin/bash
192.168.20.20 | SUCCESS | rc=0 >>
aa:x:1002:1002::/home/aa:/bin/bash
test:x:1030:1030::/home/test:/bin/bash
指定用戶的基本組
[root@lpj1 ansible]# ansible all -m user -a"name=test group=aa"
192.168.20.30 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 1002,
"home": "/home/test",
"move_home": false,
"name": "test",
"shell": "/bin/bash",
"state": "present",
"uid": 1030
}
192.168.20.20 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 1002,
"home": "/home/test",
"move_home": false,
"name": "test",
"shell": "/bin/bash",
"state": "present",
"uid": 1030
}
[root@lpj1 ansible]# ansible all -m shell -a "tail -2 /etc/passwd"
192.168.20.30 | SUCCESS | rc=0 >>
aa:x:1002:1002::/home/aa:/bin/bash
test:x:1030:1002::/home/test:/bin/bash
192.168.20.20 | SUCCESS | rc=0 >>
aa:x:1002:1002::/home/aa:/bin/bash
test:x:1030:1002::/home/test:/bin/bash
附加組
[root@lpj1 ansible]# ansible all -m user -a "name=test groups=test"
192.168.20.20 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 1002,
"groups": "test",
"home": "/home/test",
"move_home": false,
"name": "test",
"shell": "/bin/bash",
"state": "present",
"uid": 1030
}
192.168.20.30 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 1002,
"groups": "test",
"home": "/home/test",
"move_home": false,
"name": "test",
"shell": "/bin/bash",
"state": "present",
"uid": 1030
}
[root@lpj1 ansible]# ansible all -m user -a "name=test groups=test"
192.168.20.20 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 1002,
"groups": "test",
"home": "/home/test",
"move_home": false,
"name": "test",
"shell": "/bin/bash",
"state": "present",
"uid": 1030
}
192.168.20.30 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 1002,
"groups": "test",
"home": "/home/test",
"move_home": false,
"name": "test",
"shell": "/bin/bash",
"state": "present",
"uid": 1030
}
[root@lpj1 ansible]# ansible all -m shell -a "tail -2 /etc/group"
192.168.20.20 | SUCCESS | rc=0 >>
aa:x:1002:
test:x:1030:test
增量添加
[root@lpj1 ansible]# ansible all -m shell -a "groupadd one"
192.168.20.20 | SUCCESS | rc=0 >>
192.168.20.30 | SUCCESS | rc=0 >>
[root@lpj1 ansible]# ansible all -m user -a "name=test groups=one append=yes"
192.168.20.20 | SUCCESS => {
"append": true,
"changed": true,
"comment": "",
"group": 1002,
"groups": "one",
"home": "/home/test",
"move_home": false,
"name": "test",
"shell": "/bin/bash",
"state": "present",
"uid": 1030
}
192.168.20.30 | SUCCESS => {
"append": true,
"changed": true,
"comment": "",
"group": 1002,
"groups": "one",
"home": "/home/test",
"move_home": false,
"name": "test",
"shell": "/bin/bash",
"state": "present",
"uid": 1030
}
[root@lpj1 ansible]# ansible all -m shell -a "tail -3 /etc/group"
192.168.20.20 | SUCCESS | rc=0 >>
aa:x:1002:
test:x:1030:test
one:x:1031:test
192.168.20.30 | SUCCESS | rc=0 >>
aa:x:1002:
test:x:1030:test
one:x:1031:test
全量添加
[root@lpj1 ansible]# ansible all -m user -a "name=test groups=one append=no"
192.168.20.20 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 1002,
"groups": "one",
"home": "/home/test",
"move_home": false,
"name": "test",
"shell": "/bin/bash",
"state": "present",
"uid": 1030
}
192.168.20.30 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 1002,
"groups": "one",
"home": "/home/test",
"move_home": false,
"name": "test",
"shell": "/bin/bash",
"state": "present",
"uid": 1030
}
[root@lpj1 ansible]# ansible all -m shell -a "tail -3 /etc/group"
192.168.20.20 | SUCCESS | rc=0 >>
aa:x:1002:
test:x:1030:
one:x:1031:test
192.168.20.30 | SUCCESS | rc=0 >>
aa:x:1002:
test:x:1030:
one:x:1031:test
state=absent 刪除用戶 默認不刪除家目錄
remove=yes 刪除用戶的同時刪除掉家目錄
state=absent 演示如下
[root@lpj1 ansible]# ansible all -m user -a "name=test state=absent remove=yes"
192.168.20.20 | SUCCESS => {
"changed": true,
"force": false,
"name": "test",
"remove": true,
"state": "absent",
"stderr": "userdel: group test not removed because it is not the primary group of user test.\n",
"stderr_lines": [
"userdel: group test not removed because it is not the primary group of user test."
]
}
192.168.20.30 | SUCCESS => {
"changed": true,
"force": false,
"name": "test",
"remove": true,
"state": "absent",
"stderr": "userdel: group test not removed because it is not the primary group of user test.\n",
"stderr_lines": [
"userdel: group test not removed because it is not the primary group of user test."
]
}
[root@lpj1 ansible]# ansible all -m shell -a "tail -1 /etc/passwd"
192.168.20.20 | SUCCESS | rc=0 >>
aa:x:1002:1002::/home/aa:/bin/bash
192.168.20.30 | SUCCESS | rc=0 >>
aa:x:1002:1002::/home/aa:/bin/bash
[root@lpj1 ansible]# ansible all -m shell -a "ls /home"
192.168.20.30 | SUCCESS | rc=0 >>
aa
ls
peng
192.168.20.20 | SUCCESS | rc=0 >>
aa
peng
zs