ansible的常見模塊用法

配置文件詳解：

1，主配置文件：/etc/asiable/ansiable.cfg

module_name =command   ##ansible的默認模塊是command模塊，可是在使用的時候很是的有侷限性，建議改爲shell模塊

host_key_checking = False  ##檢查對應要控制主機的的host_key，建議取消註釋，以減輕管理時須要輸入的密碼

log_path = /var/log/ansible.log  ##ansible的登陸日誌文件所在的位置

executable = /bin/sh  ##默認登陸到對方用戶下面使用的shell版本

2，被管理主機的配置文件：/etc/ansible/hosts

green.example.com  ##定義單個被管理的主機，能夠是FQDN，也能夠是IP地址

[webservers]  ##把被管理的主機放在一個組中
alpha.example.org

www[001:006].example.com  ##支持相似通配符寫法，此項表明從www001.ex ample.com到www006.ex ample.com
之間的全部主機

ansible的使用用法：

前提：

因爲ansible默認是基於ssh服務來管理主機的，因此首先要在管理的主機上生成公鑰文件，並傳遞給要管理的主機
之上，才能實現基於密鑰的管理

1，在管理者的主機上生成公鑰文件

[root@localhost ~] ssh-keygen -t rsa  ##生成對稱密鑰，出現提示選擇默認便可
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:06qoPmoSy7UGkKie95RnHn6bPOFEnusk/B0m+/+g8C0 root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|..               |
|+        o       |
|o       S o      |
|o. .  o  B       |
|oo+ .o *++oo .   |
|o=.+..=.*=OE+ .  |
|+o=oo..ooB+=oo.. |
+----[SHA256]-----+

2，把公鑰傳遞給被管理的主機上

[root@localhost ~] ssh-copy-id -i 192.168.1.20  ##傳遞到遠程的主機上進行管理
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.20 (192.168.1.20)' can't be established.
ECDSA key fingerprint is SHA256:htIQABZZdudyHVZbppjWeY2d/pQQ0km8k+i/39SZ04Q.
ECDSA key fingerprint is MD5:78:6e:b3:3d:fc:29:b2:b0:fc:2f:6d:d6:ff:3c:63:1a.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.20's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.1.20'"
and check to make sure that only the key(s) you wanted were added.

3，把被管理的主機加入到/etc/ansible/hosts文件中

[web]  ##給被管理的主機進行分組
192.168.1.19
192.168.1.20
[db]
192.168.1.21

基於模塊的使用方法：

1，ping模塊：查看被管理主機的模塊是否處於在線狀態、

[root@localhost ~] ansible db -m ping  ##查看db組中被管理的主機是否在線

192.168.1.21 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

[root@localhost ~] ansible all -m ping  ##all表明全部被管理的主機
192.168.1.21 | SUCCESS => {
    "changed": false, 
    "ping": "pong"  ##若是處於在線狀態，會放回一個pong的提示
}
192.168.1.19 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.1.20 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

2，user模塊：在遠程主機上建立用戶

[root@localhost ~] ansible db -m user -a 'name=mysql state=present'  ##present表示創建，建立一個用戶名爲mysql
的用戶
192.168.1.21 | CHANGED => {
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1000, 
    "home": "/home/mysql", 
    "name": "mysql", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 1000
}

[root@localhost ~] ansible db -m user -a 'name=mariadb state=present system=yes'  ##建立一個用戶名爲mariadb的
系統用戶
192.168.1.21 | CHANGED => {
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 994, 
    "home": "/home/mariadb", 
    "name": "mariadb", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": true, 
    "uid": 997
}

[root@localhost ~] ansible db -m user -a 'name=mysql state=absent' ##absent表明移除，刪除用戶名爲mysql的用戶
192.168.1.21 | CHANGED => {
    "changed": true, 
    "force": false, 
    "name": "mysql", 
    "remove": false, 
    "state": "absent"
}

3，group模塊：在遠程主機上建立用戶組

[root@localhost ~] ansible db -m group -a 'name=tomcat state=present'  ##建立組和建立用戶的方法差很少，只是用
的模塊上有些差別，此命令爲建立一個普通的用戶組
192.168.1.21 | CHANGED => {
    "changed": true, 
    "gid": 1000, 
    "name": "tomcat", 
    "state": "present", 
    "system": false
}

[root@localhost ~] ansible db -m group -a 'name=tomcat state=absent'  ##移除用戶組
192.168.1.21 | CHANGED => {
    "changed": true, 
    "name": "tomcat", 
    "state": "absent"
}

4，copy模塊：拷貝文件到遠程主機

[root@localhost ~] ansible db -m copy -a 'src=/root/test dest=/root/'  ##拷貝一個test文件到對方主機的root目錄下，src
指定源文件，dest指定目標文件的存放目錄
192.168.1.21 | CHANGED => {
    "changed": true, 
    "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", 
    "dest": "/root/test", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "d41d8cd98f00b204e9800998ecf8427e", 
    "mode": "0644", 
    "owner": "root", 
    "size": 0, 
    "src": "/root/.ansible/tmp/ansible-tmp-1556108167.92-277769296604040/source", 
    "state": "file", 
    "uid": 0
}

5，yum模塊：在遠程主機上安裝軟件（須要在遠程主機上安裝好yum源，纔可以安裝軟件）

[root@localhost ~] ansible db -m yum -a "name=vsftpd"  ##安裝vsftpd
192.168.1.21 | CHANGED => {
    "ansible_facts": {
        "pkg_mgr": "yum"
    }, 
    "changed": true, 
    "msg": "Repository 'cdrom' is missing name in configuration, using id\n", 
"rc": 0, ##rc返回值爲0表明執行成功
......

[root@localhost ~] ansible db -m yum -a 'name=vsftpd state=absent'  ##刪除已安裝的軟件包
192.168.1.21 | CHANGED => {
    "ansible_facts": {
        "pkg_mgr": "yum"
    }, 
    "changed": true, 
    "msg": "Repository 'cdrom' is missing name in configuration, using id\n", 
    "rc": 0, 
    "results": [
        ......

6，shell模塊：能夠在遠程主機上執行shell命令

[root@localhost ~] ansible db -m shell -a 'hostname'  ##在遠程主機上執行hostname命令
192.168.1.21 | CHANGED | rc=0 >>
localhost.localdomain

7，script模塊：在遠程主機上執行shell腳本，不用把腳本傳遞到遠程主機上便可執行

編寫一個test腳本

[root@localhost ~] vim test.sh
#!/bin/bash
wall hello word

不用給建立的腳本執行權限，就可使遠程主機執行腳本

[root@localhost ~] ansible db -m script -a /root/test.sh  ##讓遠程主機執行腳本
192.168.1.21 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.1.21 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to 192.168.1.21 closed."
    ], 
    "stdout": "", 
    "stdout_lines": []
}

8，File：設置文件屬性

[root@localhost ~] ansible db -m file -a 'path=/root/test owner=mariadb mode=700'  ##給遠程主機的文件設置屬主，
和權限
192.168.1.21 | CHANGED => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0700", 
    "owner": "mariadb", 
    "path": "/root/test", 
    "size": 0, 
    "state": "file", 
    "uid": 997
}

[root@localhost ~] ansible db -m file -a 'src=/root/test dest=/root/test-link state=link'
192.168.1.21 | CHANGED => {  ##給文件建立軟連接，固然也能夠建立名爲test-link硬連接，須要把link改爲hard
    "changed": true, 
    "dest": "/root/test-link", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "size": 10, 
    "src": "/root/test", 
    "state": "link", 
    "uid": 0
}

9，Cron：計劃任務

[root@localhost ~] ansible db -m shell -a 'rpm -qa | grep crontabs'  ##查看被管理的主機是否安裝crontabs軟件
[root@localhost ~] ansible db -m shell -a 'systemctl status crond'  ##查看計劃任務服務是否啓動
[root@localhost ~] ansible db -m cron -a 'minute=*/5 job="/usr/bin/wall hello word"' ##設置計劃任務，每五分鐘執行一
次hello word，還能夠指定小時，天，月，星期，若是沒指定，默認是*

在對方主機上執行查看是否有計劃任務

[root@localhost ~] crontab -l 
#Ansible: None
*/5 * * * * /usr/bin/wall hello word

10，service模塊

[root@localhost ~] ansible db -m service  -a 'name=httpd state=started'  #安裝http服務
192.168.1.21 | CHANGED => {
    "changed": true, 
    "name": "httpd", 
    "state": "started", 
    "status": {
        "ActiveEnterTimestampMonotonic": "0", 
        "ActiveExitTimestampMonotonic": "0",
......

[root@localhost ~] ansible db -a 'systemctl status httpd'  #查看http服務是否啓動
192.168.1.21 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2019-04-24 21:54:56 EDT; 42s ago
......

[root@localhost ~] ansible db -m service  -a 'name=httpd state=stopped'  #中止http服務
192.168.1.21 | CHANGED => {
    "changed": true, 
    "name": "httpd", 
    "state": "stopped", 
    "status": {
......