Ansible常見模塊及使用方法
1.command模塊
command模塊爲ansible默認模塊,不指定-m參數時,使用的就是command模塊;comand模塊比較簡單,常見的命令都可以使用,但其命令的執行不是通過shell執行的。缺點:不支持管道, “<”, “>”, “|”, and "&"這些命令都無法執行,也沒法批量執行命令。
[root@ansible ~]# ansible -m command -a uptime node-servers #檢查ansible節點的運行時間
192.168.3.154 | CHANGED | rc=0 >>
00:16:56 up 1:34, 3 users, load average: 0.00, 0.01, 0.05
192.168.3.155 | CHANGED | rc=0 >>
00:16:55 up 1:34, 3 users, load average: 0.00, 0.03, 0.07
[root@ansible ~]# ansible -m command -a "df -hT" node-servers > a.txtx
[root@ansible ~]# cat a.txtx
192.168.3.154 | CHANGED | rc=0 >>
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 17G 2.3G 15G 13% /
devtmpfs devtmpfs 475M 0 475M 0% /dev
tmpfs tmpfs 487M 0 487M 0% /dev/shm
tmpfs tmpfs 487M 7.7M 479M 2% /run
tmpfs tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sr0 iso9660 3.3G 3.3G 0 100% /mnt
/dev/sda1 xfs 1014M 146M 869M 15% /boot
tmpfs tmpfs 98M 0 98M 0% /run/user/0
192.168.3.155 | CHANGED | rc=0 >>
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 17G 2.2G 15G 13% /
devtmpfs devtmpfs 475M 0 475M 0% /dev
tmpfs tmpfs 487M 0 487M 0% /dev/shm
tmpfs tmpfs 487M 7.7M 479M 2% /run
tmpfs tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sr0 iso9660 4.3G 4.3G 0 100% /mnt
/dev/sda1 xfs 1014M 146M 869M 15% /boot
tmpfs tmpfs 98M 0 98M 0% /run/user/0
[root@ansible ~]#
2.shell模塊
在遠程主機通過/bin/sh來執行命令,也可以執行遠程主機腳本。
[root@ansible ~]# ansible -i /etc/ansible/hosts node-servers -m shell -a "free -m"
192.168.3.154 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 972 280 532 7 159 527
Swap: 2047 0 2047
192.168.3.155 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 972 279 516 7 177 517
Swap: 2047 0 2047
[root@ansible ~]#
注意:我們自己定義在~/.bashrc或/.bash_profile中的環境變量shell模塊由於沒有加載,所以無法識別;如果需要使用自定義的環境變量,就需要在最開始,執行加載自定義腳本的語句。
[root@ansible ~]# ansible -i /etc/ansible/hosts node-servers -m shell -a "source ~/.bash_profile&&ls"
192.168.3.154 | CHANGED | rc=0 >>
afei.sql
mha4mysql-node-0.54-0.el6.noarch.rpm
192.168.3.155 | CHANGED | rc=0 >>
afei2.sql
test.sh
[root@ansible ~]# ansible -i /etc/ansible/hosts node-servers -m shell -a "/root/test.sh" #遠程主機腳本需添加執行權限
192.168.3.154 | FAILED | rc=127 >>
/bin/sh: /root/test.sh: No such file or directorynon-zero return code
192.168.3.155 | CHANGED | rc=0 >>
afei2.sql
test.sh
00:50:19 up 2:07, 3 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.3.1 22:55 1:54m 0.01s 0.01s -bash
root pts/1 192.168.3.1 00:12 11.00s 0.01s 0.01s -bash
root pts/2 192.168.3.156 00:50 0.00s 0.11s 0.00s /bin/bash /root/test.sh
[root@ansible ~]#
使用異步執行功能:
參數:
-P 0 #直接返回job_id;
-P 1 #當-P的參數大於0時,會根據job_id去輪詢查詢;
-f #指定並行進程數量,默認爲5個並行進程;
-B #指定異步運行時間。
[root@ansible ~]# ansible group1 -B 60 -P 0 -m shell -a 'sleep 5;hostname' -f 5 -o
192.168.3.155 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "ansible_job_id": "43147287103.39056", "changed": true, "finished": 0, "results_file": "/root/.ansible_async/43147287103.39056", "started": 1}
192.168.3.156 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "ansible_job_id": "653990043951.40753", "changed": true, "finished": 0, "results_file": "/root/.ansible_async/653990043951.40753", "started": 1}
192.168.3.154 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "ansible_job_id": "986411836435.2136", "changed": true, "finished": 0, "results_file": "/root/.ansible_async/986411836435.2136", "started": 1}
[root@ansible ~]# ansible 192.168.3.154 -m async_status -a 'jid=986411836435.2136' #使用async_status模塊指定主機jid
192.168.3.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"ansible_job_id": "986411836435.2136",
"changed": true,
"cmd": "sleep 5;hostname",
"delta": "0:00:05.007004",
"end": "2020-05-20 06:14:36.236484",
"finished": 1,
"rc": 0,
"start": "2020-05-20 06:14:31.229480",
"stderr": "",
"stderr_lines": [],
"stdout": "node2",
"stdout_lines": [
"node2"
]
}
[root@ansible ~]# ansible group1 -B 10 -P 1 -m shell -a 'sleep 10;hostname' -f 5 -o #輪詢查詢
192.168.3.154 | CHANGED => {"ansible_job_id": "728879409622.2536", "changed": true, "cmd": "sleep 10;hostname", "delta": "0:00:10.003717", "end": "2020-05-20 06:19:12.994710", "finished": 1, "rc": 0, "start": "2020-05-20 06:19:02.990993", "stderr": "", "stderr_lines": [], "stdout": "node2", "stdout_lines": ["node2"]}
192.168.3.155 | CHANGED => {"ansible_job_id": "352639944485.40698", "changed": true, "cmd": "sleep 10;hostname", "delta": "0:00:10.009015", "end": "2020-05-19 22:26:19.986939", "finished": 1, "rc": 0, "start": "2020-05-19 22:26:09.977924", "stderr": "", "stderr_lines": [], "stdout": "node1", "stdout_lines": ["node1"]}
192.168.3.156 | CHANGED => {"ansible_job_id": "669103457065.42742", "changed": true, "cmd": "sleep 10;hostname", "delta": "0:00:10.004482", "end": "2020-05-19 22:26:10.606689", "finished": 1, "rc": 0, "start": "2020-05-19 22:26:00.602207", "stderr": "", "stderr_lines": [], "stdout": "ansible", "stdout_lines": ["ansible"]}
[root@ansible ~]#
3.script模塊
在遠程主機上執行主控端的腳本,相當於scp+shell組合。
[root@ansible ~]# ls
test1.sh
[root@ansible ~]# chmod +x test1.sh
[root@ansible ~]# ansible -i /etc/ansible/hosts node-servers -m script -a "test1.sh"
192.168.3.154 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.3.154 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.3.154 closed."
],
"stdout": "afei.sql mha4mysql-node-0.54-0.el6.noarch.rpm\r\n",
"stdout_lines": [
"afei.sql mha4mysql-node-0.54-0.el6.noarch.rpm"
]
}
192.168.3.155 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.3.155 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.3.155 closed."
],
"stdout": "afei2.sql test.sh\r\n",
"stdout_lines": [
"afei2.sql test.sh"
]
}
[root@ansible ~]#
4.copy模塊
實現主控端向目標主機拷貝文件,類似scp功能。
[root@ansible ~]# ansible node-servers -m copy -a "src=/root/test1.sh dest=/opt/ owner=root group=root mode=0644"
192.168.3.155 | SUCCESS => {
"changed": false,
"checksum": "8d4f8520af439912f67cc2b2ea56aec45045e403",
"dest": "/opt/test1.sh",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/opt/test1.sh",
"secontext": "system_u:object_r:usr_t:s0",
"size": 16,
"state": "file",
"uid": 0
}
192.168.3.154 | CHANGED => {
"changed": true,
"checksum": "8d4f8520af439912f67cc2b2ea56aec45045e403",
"dest": "/opt/test1.sh",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/opt/test1.sh",
"size": 16,
"state": "file",
"uid": 0
}
[root@ansible ~]#
參數解析:
src #主控端文件位置;
dest #被控端目標位置;
owner #文件複製過去後的所有者;
group #文件複製過去後的所屬組;
mode #文件的權限設定。
查看驗證:
[root@ansible ~]# ansible node-servers -m shell -a "ls -la /opt/test1.sh" -f 5 -o
192.168.3.154 | CHANGED | rc=0 | (stdout) -rw-r--r--. 1 root root 50 May 20 12:03 /opt/test1.sh
192.168.3.156 | CHANGED | rc=0 | (stdout) -rw-r--r-- 1 root root 50 May 21 22:26 /opt/test1.sh
192.168.3.155 | CHANGED | rc=0 | (stdout) -rw-r--r-- 1 root root 50 May 20 04:09 /opt/test1.sh
[root@ansible ~]#
5.stat模塊
獲取遠程主機文件的狀態信息,包括atime,ctime,mtime,md5,uid,gid等信息。
[root@ansible ~]# ansible node-servers -m stat -a "path=/etc/selinux"
192.168.3.154 | SUCCESS => {
"changed": false,
"stat": {
"atime": 1540943072.0,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 0,
"charset": "binary",
"ctime": 1555028929.9959326,
"dev": 64768,
"device_type": 0,
"executable": true,
"exists": true,
"gid": 0,
"gr_name": "root",
...
6.yum模塊
主要功能是安裝軟件包
[root@ansible ~]# ansible node-servers -m yum -a "name=httpd state=installed disable_gpg_check=no"
192.168.3.155 | SUCCESS => {
"ansible_facts": {
"pkg_mgr": "yum"
},
"changed": false,
"msg": "",
"rc": 0,
"results": [
"httpd-2.4.6-88.el7.centos.x86_64 providing httpd is already installed"
]
}
...
參數詳解:
name #包名 ;
state #狀態(選項: present, installed, latest, absent,removed)默認是:present ;
disable_gpg_check #禁止gpg檢查 ;
enablerepo #只啓動指定的repo。
查看服務:
[root@ansible ~]# ansible node-servers -m shell -a "netstat -nltup|grep httpd" -f 5 -o
192.168.3.156 | CHANGED | rc=0 | (stdout) tcp6 0 0 :::80 :::* LISTEN 861/httpd
192.168.3.155 | CHANGED | rc=0 | (stdout) tcp6 0 0 :::80 :::* LISTEN 894/httpd
192.168.3.154 | CHANGED | rc=0 | (stdout) tcp6 0 0 :::80 :::* LISTEN 969/httpd
7.cron模塊
配置遠程主機crontab(計劃任務)
[root@ansible ~]# ansible node-servers -m cron -a "name='test' minute='*/10' hour='2' day='1' month='*' weekday='1-5' job='ls -l' user='root'"
192.168.3.154 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"test"
]
}
192.168.3.155 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"test"
]
}
[root@ansible ~]#
在節點上查看:
[root@node1 ~]# crontab -l
#Ansible: test
*/10 2 1 * 1-5 ls -l
[root@node1 ~]#
[root@node2 ~]# crontab -l
#Ansible: test
*/10 2 1 * 1-5 ls -l
[root@node2 ~]#
刪除指定的計劃任務:
[root@ansible ~]# ansible node-servers -m cron -a "name='test' state=absent"
192.168.3.154 | CHANGED => {
"changed": true,
"envs": [],
"jobs": []
}
192.168.3.155 | CHANGED => {
"changed": true,
"envs": [],
"jobs": []
}
[root@ansible ~]#
8.mount模塊
功能:掛載文件系統
[root@ansible ~]# ansible 192.168.3.155 -m mount -a "src=/dev/cdrom path=/mnt/ fstype=iso9660 state=present"
192.168.3.155 | CHANGED => {
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "iso9660",
"name": "/mnt/",
"opts": "defaults",
"passno": "0",
"src": "/dev/cdrom"
}
[root@ansible ~]#
9.service模塊
功能:遠程主機系統服務管理。
[root@ansible ~]# ansible node-servers -m service -a "name=httpd state=started"
192.168.3.155 | CHANGED => {
"changed": true,
"name": "httpd",
"state": "started",
...
參數詳解:
name #指定服務名稱
state #指定服務的狀態(started | stoped | restarted | reloaded)
enable #指定是否將服務設爲開機自啓(yes | no)
10.synchronize模塊
功能:使用rsync同步文件,將ansible服務端目錄推送到指定節點的目錄下。
[root@ansible ~]# ansible node-servers -m synchronize -a "src=/root/test1.sh dest=/root/"
192.168.3.154 | CHANGED => {
"changed": true,
"cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh=/usr/bin/ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --out-format=<<CHANGED>>%i %n%L /root/test1.sh 192.168.3.154:/root/",
"msg": "<f+++++++++ test1.sh\n",
"rc": 0,
"stdout_lines": [
"<f+++++++++ test1.sh"
]
}
參數詳解:
src #需要同步的目錄路徑,路徑可以是絕對的或相對的。如果路徑使用”/”來結尾,則只複製目錄裏的內容,如果沒有使用”/”來結尾,則包含目錄在內的整個內容全部複製;
dest #節點主機指定路徑,將會同步到該目錄下,路徑可以是絕對的或相對的;
delete #刪除不存在的文件,delete=yes 使兩邊的內容一樣(以ansible服務端爲主),默認no;
dest_port #默認目錄主機上的端口 ,默認是22,走的ssh協議;
mode #push或pull,默認push,一般用於從本機向遠程主機上傳文件,pull 模式用於從遠程主機上取文件;
rsync_opts #通過傳遞數組來指定其他rsync選項。
11.template模塊
功能:基於模板方式生成一個文件複製到遠程主機(template使用Jinjia2格式作爲文件模版,進行文檔內變量的替換的模塊。它的每次使用都會被ansible標記爲”changed”狀態。)
[root@ansible ~]# ansible node-servers -m template -a "src=/root/test1.sh dest=/root/ owner=root group=root mode=0644"
192.168.3.154 | CHANGED => {
"changed": true,
"checksum": "8d4f8520af439912f67cc2b2ea56aec45045e403",
"dest": "/root/test1.sh",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/root/test1.sh",
"size": 16,
"state": "file",
"uid": 0
}
...
參數詳解:
src #在ansible控制器上的Jinja2格式化模板的路徑,可以是相對路徑或絕對路徑;
dest #指定複製到遠程主機的路徑;
force #是否強制覆蓋,默認爲yes ;
owner #目標文件屬主 ;
group #目標文件屬組 ;
mode #目標文件的權限模式;
backup #如果原目標文件存在,則先備份目標文件 。
12.get_url模塊
功能:主要用於從http、ftp、https服務器上下載文件(類似於wget)。
[root@ansible ~]# ansible node-servers -m get_url -a "url=https://docs.ansible.com/ansible/latest/index.html dest=/root mode=0644"
192.168.3.154 | CHANGED => {
"changed": true,
"checksum_dest": null,
"checksum_src": "260e2063ae1ebb25e0d56776e7a33bde337a4af1",
"dest": "/root/index.html",
"gid": 0,
"group": "root",
"md5sum": "a90741cc0198bb8566a96fa3bc03b05b",
"mode": "0644",
"msg": "OK (unknown bytes)",
"owner": "root",
"size": 285548,
"src": "/root/.ansible/tmp/ansible-tmp-1555370473.99-183840949465812/tmpF_kWjq",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "https://docs.ansible.com/ansible/latest/index.html"
}
...
參數詳解:
url #下載的URL ;
dest #遠程主機的絕對路徑。如果dest是目錄,則使用服務器提供的文件名,或者如果沒有提供,將使用遠程服務器上的URL的基本名稱;
sha256sum #下載完成後進行sha256 check;
timeout #下載超時時間,默認10s ;
url_password、url_username #主要用於需要用戶名密碼進行驗證的情況 ;
headers #以鍵值對形式(key:value),“key:value”爲請求添加自定義HTTP標頭。
13.file模塊
功能:主要用於遠程主機上的文件操作。
[root@ansible ~]# ansible node-servers -m file -a "path=a.txt owner=root group=root state=touch"
192.168.3.154 | CHANGED => {
"changed": true,
"dest": "a.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
...
參數詳解:
path #必選項,定義文件/目錄的路徑;
group #定義文件/目錄的屬組;
mode #定義文件/目錄的權限;
owner #定義文件/目錄的屬主;
force #需要在兩種情況下強制創建軟鏈接,一種是源文件不存在但之後會建立的情況下;另一種是目標軟鏈接已存在,需要先取消之前的軟鏈,然後創建新的軟鏈,有兩個選項:yes|no;
recurse #遞歸的設置文件的屬性,只對目錄有效;
src #要被鏈接的源文件的路徑,只應用於state=link的情況;
dest #被鏈接到的路徑,只應用於state=link的情況;
state選項:
directory:如果目錄不存在,創建目錄;
file:即使文件不存在,也不會被創建;
link:創建軟鏈接; hard:創建硬鏈接;
touch:如果文件不存在,則會創建一個新的文件,如果文件或目錄已存在,則更新其最後修改時間;
absent:刪除目錄、文件或者取消鏈接文件。
14.user模塊
首先通過openssl生成一個密碼, 因爲ansible的user模塊的password參數需要接受加密後的值。
[root@ansible ~]# echo afei | openssl passwd -1 -stdin #將明文密碼afei生成openssl密文
$1$T0NsxOdw$4MrpM5IWH65dE0HGsEu/g1
[root@ansible ~]# ansible node-servers -m user -a "name=test password='$1$T0NsxOdw$4MrpM5IWH65dE0HGsEu/g1'" -f 5 -o
192.168.3.155 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "comment": "", "create_home": true, "group": 1001, "home": "/home/test", "name": "test", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1001, "warnings": ["The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly."]}
192.168.3.156 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "comment": "", "create_home": true, "group": 1001, "home": "/home/test", "name": "test", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1001, "warnings": ["The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly."]}
192.168.3.154 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "comment": "", "create_home": true, "group": 1000, "home": "/home/test", "name": "test", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1000, "warnings": ["The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly."]}
[root@ansible ~]# ansible node-servers -m shell -a "id test" -f 5 -o
192.168.3.155 | CHANGED | rc=0 | (stdout) uid=1001(test) gid=1001(test) groups=1001(test)
192.168.3.154 | CHANGED | rc=0 | (stdout) uid=1000(test) gid=1000(test) groups=1000(test)
192.168.3.156 | CHANGED | rc=0 | (stdout) uid=1001(test) gid=1001(test) groups=1001(test)
[root@ansible ~]#