ansible-1 參數經常使用模塊

一、 ansible-doc

[root@zxw63 ~]# ansible-doc -s raw
- name: Executes a low-down and dirty SSH command
  raw:
      executable:            # change the shell used to execute the command. Should be an absolute path to the executable. when using privilege escalation (`become'), a default shell will be assigned if one is
                               not provided as privilege escalation requires a shell.
      free_form:             # (required) the raw module takes a free form command to run. There is no parameter actually named 'free form'; see the examples!
[root@zxw63 ~]# ansible-doc -s shell
- name: Execute commands in nodes.
  shell:
      chdir:                 # cd into this directory before running the command
      creates:               # a filename, when it already exists, this step will *not* be run.
      executable:            # change the shell used to execute the command. Should be an absolute path to the executable.
      free_form:             # (required) The shell module takes a free form command to run, as a string.  There's not an actual option named "free form".  See the examples!
      removes:               # a filename, when it does not exist, this step will *not* be run.
      stdin:                 # Set the stdin of the command directly to the specified value.
      warn:                  # if command warnings are on in ansible.cfg, do not warn about this particular line if set to no/false.
[root@zxw63 ~]# ansible-doc command
> COMMAND    (/usr/lib/python2.7/site-packages/ansible/modules/commands/command.py)

        The `command' module takes the command name followed by a list of space-delimited arguments. The given command will be executed on all selected nodes. It will
        not be processed through the shell, so variables like `$HOME' and operations like `"<"', `">"', `"|"', `";"' and `"&"' will not work (use the [shell] module if
        you need these features). For Windows targets, use the [win_command] module instead.

OPTIONS (= is mandatory):

- chdir
        Change into this directory before running the command.
        [Default: (null)]
        version_added: 0.6

- creates
        A filename or (since 2.0) glob pattern, when it already exists, this step will *not* be run.
        [Default: (null)]

= free_form
        The command module takes a free form command to run.  There is no parameter actually named 'free form'. See the examples!


- removes
        A filename or (since 2.0) glob pattern, when it does not exist, this step will *not* be run.
        [Default: (null)]
        version_added: 0.8

- stdin
        Set the stdin of the command directly to the specified value.
        [Default: None]
        version_added: 2.4

- warn
        If command_warnings are on in ansible.cfg, do not warn about this particular line if set to `no'.
        [Default: yes]
        type: bool
        version_added: 1.8


NOTES:
      * If you want to run a command through the shell (say you are using `<', `>', `|', etc), you actually want the [shell] module instead. The `command' module
        is much more secure as it's not affected by the user's environment.
      *  `creates', `removes', and `chdir' can be specified after the command. For instance, if you only want to run a command if a certain file does not exist,
        use this.
      * The `executable' parameter is removed since version 2.4. If you have a need for this parameter, use the [shell] module instead.
      * For Windows targets, use the [win_command] module instead.

AUTHOR: Ansible Core Team, Michael DeHaan
        METADATA:
          status:
          - stableinterface
          supported_by: core
        

EXAMPLES:
- name: return motd to registered var
  command: cat /etc/motd
  register: mymotd

- name: Run the command if the specified file does not exist.
  command: /usr/bin/make_database.sh arg1 arg2 creates=/path/to/database

# You can also use the 'args' form to provide the options.
- name: This command will change the working directory to somedir/ and will only run when /path/to/database doesn't exist.
  command: /usr/bin/make_database.sh arg1 arg2
  args:
    chdir: somedir/
    creates: /path/to/database

- name: safely use templated variable to run command. Always use the quote filter to avoid injection issues.
  command: cat {{ myfile|quote }}
  register: myoutput

 

二、shell、raw、shell、script

使用模塊 command或者shell或者raw都能調用對象機器上的某條指令或者某個可執行文

1.     command模塊，執行遠程命令
2.     script模塊 ，在遠程主機執行主控端的shell/python腳本
3.     shell模塊 ，執行遠程主機的shell/python腳本
4.     raw模塊 ，相似於command模塊、支持管道傳遞

　　一、直接運行腳本

[root@zxw63 ~]# ansible webservers -m raw -a "/tmp/test.sh"
192.168.100.66 | SUCCESS | rc=0 >>
this is test shell-script
Shared connection to 192.168.100.66 closed.


192.168.100.128 | SUCCESS | rc=0 >>
this is test shell-script
Shared connection to 192.168.100.128 closed.


[root@zxw63 ~]# ansible webservers -m shell -a "/tmp/test.sh"
192.168.100.66 | SUCCESS | rc=0 >>
this is test shell-script

192.168.100.128 | SUCCESS | rc=0 >>
this is test shell-script

[root@zxw63 ~]# ansible webservers -m command -a "/tmp/test.sh"
192.168.100.66 | FAILED | rc=8 >>
[Errno 8] Exec format error

192.168.100.128 | FAILED | rc=8 >>
[Errno 8] 可執行文件格式錯誤

[root@zxw63 ~]# ansible webservers -m command -a "sh /tmp/test.sh"
192.168.100.66 | SUCCESS | rc=0 >>
this is test shell-script

192.168.100.128 | SUCCESS | rc=0 >>
this is test shell-script

　　二、是否支持管道

1. 　　shell、raw支持管道
2. 　　command支持管道

[root@zxw63 ~]# ansible webservers -m shell -a "ls -ltr /etc | wc -l"
192.168.100.128 | SUCCESS | rc=0 >>
217

192.168.100.66 | SUCCESS | rc=0 >>
218

[root@zxw63 ~]# ansible webservers -m raw -a "ls -ltr /etc | wc -l"
192.168.100.66 | SUCCESS | rc=0 >>
218
Shared connection to 192.168.100.66 closed.


192.168.100.128 | SUCCESS | rc=0 >>
217
Shared connection to 192.168.100.128 closed.


[root@zxw63 ~]# ansible webservers -m command -a "ls -ltr /etc | wc -l"
192.168.100.66 | FAILED | rc=2 >>
/etc:
total 1820
-rw-r--r--.  1 root root    662 Aug 29  2007 logrotate.conf
-rw-r--r--.  1 root root    220 Oct 13  2008 quotagrpadmins
-rw-r--r--.  1 root root    148 May 14  2009 asound.conf

 　　三、command不支持通配符

[root@zxw63 ~]# ansible webservers -m shell -a "ls -ltr /tmp/*.sh"
192.168.100.66 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 root root 33 Jul 12 02:14 /tmp/test.sh

192.168.100.128 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 root root 33 7月  12 02:14 /tmp/test.sh

[root@zxw63 ~]# ansible webservers -m raw -a "ls -ltr /tmp/*.sh"
192.168.100.66 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 root root 33 Jul 12 02:14 /tmp/test.sh
Shared connection to 192.168.100.66 closed.


192.168.100.128 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 root root 33 7月  12 02:14 /tmp/test.sh
Shared connection to 192.168.100.128 closed.

　　四、script模塊實現了將主控節點的腳本複製到遠程節點，而後在遠程節點執行腳本

　　

[root@zxw63 ~]# ansible webservers -m command -a 'ls -ltr  /tmp/test.sh'
192.168.100.66 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 root root 33 Jul 12 02:14 /tmp/test.sh

192.168.100.128 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 root root 33 7月  12 02:14 /tmp/test.sh

[root@zxw63 ~]# ansible webservers -m command -a 'ls -ltr  /root/test.sh'
192.168.100.66 | FAILED | rc=2 >>
ls: cannot access /root/test.sh: No such file or directorynon-zero return code

192.168.100.128 | FAILED | rc=2 >>
ls: 沒法訪問/root/test.sh: 沒有那個文件或目錄non-zero return code


[root@zxw63 ~]# ansible webservers -m script -a '/root/test.sh'
192.168.100.66 | SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.100.66 closed.\r\n", 
    "stdout": "this is test shell-script\r\n", 
    "stdout_lines": [
        "this is test shell-script"
    ]
}
192.168.100.128 | SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.100.128 closed.\r\n", 
    "stdout": "this is test shell-script\r\n", 
    "stdout_lines": [
        "this is test shell-script"
    ]
}

 

三、copy

使用copy模塊，能夠實現向目標機器進行遠程copy的能力。

        參數      說明

• src         被複制到遠程主機的本地對象文件或者文件夾，能夠是絕對路徑，也能夠是相對路徑。
• dest       被複制到遠程主機的本地對象文件或者文件夾
• mode     複製對象的設定權限
• backup  在文件存在的時候能夠選擇覆蓋以前，將源文件備份.設定值：yes/no 缺省爲yes
• force      是否強制覆蓋.設定值：yes/no 缺省爲yes

default的狀況下，force是yes的，因此什麼都不寫，文件存在的狀況是會被覆蓋的

[root@zxw63 try]# ansible webservers -m copy -a "src=/root/try/copyFile.txt dest=/tmp mode=744 backup=no force=yes"
192.168.100.66 | SUCCESS => {
    "changed": true, 
    "checksum": "6cc815c3530217381d3e5f24ba5c3c03f51daf24", 
    "dest": "/tmp/copyFile.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "e90687bdaf32d8ebab3b266f36ba5f5a", 
    "mode": "0744", 
    "owner": "root", 
    "secontext": "system_u:object_r:admin_home_t:s0", 
    "size": 15, 
    "src": "/root/.ansible/tmp/ansible-tmp-1563420953.31-119685260559482/source", 
    "state": "file", 
    "uid": 0
}
192.168.100.128 | SUCCESS => {
    "changed": true, 
    "checksum": "6cc815c3530217381d3e5f24ba5c3c03f51daf24", 
    "dest": "/tmp/copyFile.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "e90687bdaf32d8ebab3b266f36ba5f5a", 
    "mode": "0744", 
    "owner": "root", 
    "secontext": "unconfined_u:object_r:admin_home_t:s0", 
    "size": 15, 
    "src": "/root/.ansible/tmp/ansible-tmp-1563420953.31-281173963286018/source", 
    "state": "file", 
    "uid": 0
}

 

四、setup

不加參數，打印出全部的系統參數

ansible webservers -m setup　

setup經常使用參數:fileter

[root@zxw63 try]# ansible webservers -m setup -a "filter=ansible_env"
192.168.100.66 | SUCCESS => {
    "ansible_facts": {
        "ansible_env": {
            "G_BROKEN_FILENAMES": "1", 
            "HOME": "/root", 
            "LANG": "en_US.UTF-8", 
            "LESSOPEN": "|/usr/bin/lesspipe.sh %s", 
            "LOGNAME": "root", 
            "MAIL": "/var/mail/root", 
            "PATH": "/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/ssh8/bin", 
            "PWD": "/root", 
            "SHELL": "/bin/bash", 
            "SHLVL": "2", 
            "SSH_ASKPASS": "/usr/libexec/openssh/gnome-ssh-askpass", 
            "SSH_CLIENT": "192.168.100.132 52130 22", 
            "SSH_CONNECTION": "192.168.100.132 52130 192.168.100.66 22", 
            "SSH_TTY": "/dev/pts/1", 
            "TERM": "xterm-256color", 
            "USER": "root", 
            "_": "/usr/bin/python"
        }
    }, 
    "changed": false
}
192.168.100.128 | SUCCESS => {
    "ansible_facts": {
        "ansible_env": {
            "G_BROKEN_FILENAMES": "1", 
            "HOME": "/root", 
            "LANG": "zh_CN.UTF-8", 
            "LESSOPEN": "|/usr/bin/lesspipe.sh %s", 
            "LOGNAME": "root", 
            "MAIL": "/var/mail/root", 
            "PATH": "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 
            "PWD": "/root", 
            "SELINUX_LEVEL_REQUESTED": "", 
            "SELINUX_ROLE_REQUESTED": "", 
            "SELINUX_USE_CURRENT_RANGE": "", 
            "SHELL": "/bin/bash", 
            "SHLVL": "2", 
            "SSH_ASKPASS": "/usr/libexec/openssh/gnome-ssh-askpass", 
            "SSH_CLIENT": "192.168.100.132 58094 22", 
            "SSH_CONNECTION": "192.168.100.132 58094 192.168.100.128 22", 
            "SSH_TTY": "/dev/pts/1", 
            "TERM": "xterm-256color", 
            "USER": "root", 
            "_": "/usr/bin/python"
        }
    }, 
    "changed": false
}

 

五、user/group模塊

　　user模塊

[root@zxw63 ansible]# ansible db -m command -a "id test01"
db2 | FAILED | rc=1 >>
id: test01：無此用戶non-zero return code

db1 | FAILED | rc=1 >>
id: test01: No such usernon-zero return code

[root@zxw63 ansible]# ansible db -m user  -a "name=test01 group=root"
db2 | SUCCESS => {
    "changed": true, 
    "comment": "", 
    "createhome": true, 
    "group": 0, 
    "home": "/home/test01", 
    "name": "test01", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 501
}
db1 | SUCCESS => {
    "changed": true, 
    "comment": "", 
    "createhome": true, 
    "group": 0, 
    "home": "/home/test01", 
    "name": "test01", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 501
}
[root@zxw63 ansible]# ansible db -m command -a "id test01"
db2 | SUCCESS | rc=0 >>
uid=501(test01) gid=0(root) 組=0(root)

db1 | SUCCESS | rc=0 >>
uid=501(test01) gid=0(root) groups=0(root)

[root@zxw63 ansible]# ansible db -m user  -a "name=test01 remove=yes"
db2 | SUCCESS => {
    "append": false, 
    "changed": false, 
    "comment": "", 
    "group": 0, 
    "home": "/home/test01", 
    "move_home": false, 
    "name": "test01", 
    "shell": "/bin/bash", 
    "state": "present", 
    "uid": 501
}
db1 | SUCCESS => {
    "append": false, 
    "changed": false, 
    "comment": "", 
    "group": 0, 
    "home": "/home/test01", 
    "move_home": false, 
    "name": "test01", 
    "shell": "/bin/bash", 
    "state": "present", 
    "uid": 501
}
[root@zxw63 ansible]# ansible db -m command -a "id test01"
db2 | SUCCESS | rc=0 >>
uid=501(test01) gid=0(root) 組=0(root)

db1 | SUCCESS | rc=0 >>
uid=501(test01) gid=0(root) groups=0(root)

[root@zxw63 ansible]# ansible db -m user  -a "name=test01 state=absent remove=yes"
db2 | SUCCESS => {
    "changed": true, 
    "force": false, 
    "name": "test01", 
    "remove": true, 
    "state": "absent"
}
db1 | SUCCESS => {
    "changed": true, 
    "force": false, 
    "name": "test01", 
    "remove": true, 
    "state": "absent"
}
[root@zxw63 ansible]# ansible db -m command -a "id test01"
db2 | FAILED | rc=1 >>
id: test01：無此用戶non-zero return code

db1 | FAILED | rc=1 >>
id: test01: No such usernon-zero return code

　　　無參數state=absent時，用戶沒有真正的刪除。

 

　　group模塊

[root@zxw63 ansible]# ansible db -m group  -a "name=testgrp01"
db2 | SUCCESS => {
    "changed": true, 
    "gid": 501, 
    "name": "testgrp01", 
    "state": "present", 
    "system": false
}
db1 | SUCCESS => {
    "changed": true, 
    "gid": 501, 
    "name": "testgrp01", 
    "state": "present", 
    "system": false
}
[root@zxw63 ansible]# ansible db -m shell -a "cat /etc/group | grep testgrp01"
db2 | SUCCESS | rc=0 >>
testgrp01:x:501:

db1 | SUCCESS | rc=0 >>
testgrp01:x:501:

[root@zxw63 ansible]# ansible db -m group  -a "name=testgrp01 state=absent"
db2 | SUCCESS => {
    "changed": true, 
    "name": "testgrp01", 
    "state": "absent"
}
db1 | SUCCESS => {
    "changed": true, 
    "name": "testgrp01", 
    "state": "absent"
}
[root@zxw63 ansible]# ansible db -m shell -a "cat /etc/group | grep testgrp01 "
db2 | FAILED | rc=1 >>
non-zero return code

db1 | FAILED | rc=1 >>
non-zero return code

 

六、yum模塊

使用yum包管理器來管理軟件包，其選項有：
　　name：要進行操做的軟件包的名字，也能夠傳遞一個url或者一個本地的rpm包的路徑
　　state：狀態（present-已安裝，absent-未安裝（卸載），latest-最新的）

　　安裝vsftpd

ansible db -m yum -a "name=vsftpd state=present"

vsfpd卸載

• 卸載有absent和removed兩種方式

一、state=absent

ansible db -m yum -a "name=vsftpd state=absent"

 

二、state=removed

ansible db -m yum -a "name=vsftpd state=removed"

 

七、service模塊

service模塊用於管理服務
　　enabled：是否開機啓動 yes|no
　　name：必選項，服務名稱
　　state：對當前服務執行啓動，中止、重啓、從新加載等操做（started,stopped,restarted,reloaded）

#啓動服務
ansible db -m service -a "name=vsftpd state=started"

#中止服務
ansible db -m service -a "name=vsftpd state=stopped"

#重起服務
ansible db -m service -a "name=vsftpd state=restarted"

#重載服務
ansible db -m service -a "name=vsftpd state=reloaded"

 

八、cron模塊

cron模塊用於管理計劃任務
backup：對遠程主機上的原任務計劃內容修改以前作備份
cron_file：若是指定該選項，則用該文件替換遠程主機上的cron.d目錄下的用戶的任務計劃
day：日（1-31，，/2,……）
hour：小時（0-23，，/2，……）
minute：分鐘（0-59，，/2，……）
month：月（1-12，，/2，……）
weekday：周（0-7，*，……）
job：要執行的任務，依賴於state=present
name：該任務的描述
special_time：指定何時執行，參數：reboot,yearly,annually,monthly,weekly,daily,hourly
state：確認該任務計劃是建立仍是刪除
user：以哪一個用戶的身份執行

能夠參看：https://blog.csdn.net/dylloveyou/article/details/80875132

 

• 任務添加

ansible db -m cron -a "name='check dirs' hour='5,2' job='ls -alh > /dev/null'"

 

• 任務刪除

ansible db -m cron -a "name='check dirs' hour='5,2' state=absent"