Ansible 常见模块介绍
ansible-doc
命令,可以查看当前ansible有哪些已安装的模块并且可以使用
ansible-doc -s MODULE_NAME
可以查看该模块的使用说明
常用模块介绍
模块名 | 说明 |
---|---|
at | 定义at 任务 |
cron | 定义定时任务 |
copy | 复制文件 |
command | 默认模块,运行命令 |
shell | 执行复杂命令 |
yum | 管理yum安装卸载 |
user | 管理用户 |
group | 管理组 |
Ansible 基本语法
基础语法:ansible
- hosts-pattern : 表示对那些主机生效的,可以使单个主机ip,也可以是在Inverteroy文件中定义的组名。
- -f fors : 表示一次性处理多少个主机,也就是并发数量
- -m module_name : 指定使用哪个模块
- -a args : 表示需要给使用的模块传递的参数
command 模块
在远程的主机上执行特定的命令
首先查看一下帮助
[root@node01 ansible]# ansible-doc -s command
- name: Executes a command on a remote node
command:
argv: # Allows the user to provide the command as a list vs. a string. Only the string or the list form can be provided, not both. One or the other must be
provided.
chdir: # Change into this directory before running the command.
creates: # A filename or (since 2.0) glob pattern. If it already exists, this step *won't* be run.
free_form: # (required) The command module takes a free form command to run. There is no parameter actually named 'free form'. See the examples!
removes: # A filename or (since 2.0) glob pattern. If it already exists, this step *will* be run.
stdin: # Set the stdin of the command directly to the specified value.
warn: # If command_warnings are on in ansible.cfg, do not warn about this particular line if set to `no'.
演示
直接操控某个主机
[root@node01 ansible]# ansible 10.0.0.65 -m command -a 'ls -ld /root'
10.0.0.65 | CHANGED | rc=0 >>
dr-xr-x---. 5 root root 168 Oct 15 13:28 /root
# 操控Inventory中定义的组名对应的主机
[root@node01 ansible]# ansible webservs -m command -a 'ls -ld /root'
10.0.0.65 | CHANGED | rc=0 >>
dr-xr-x---. 5 root root 168 Oct 15 13:28 /root
有一个默认的组all
,Inventory中定义的所有主机都需要执行
[root@node01 ansible]# ansible all -m command -a 'ls -ld /root'
10.0.0.66 | CHANGED | rc=0 >>
dr-xr-x---. 5 root root 191 Oct 15 13:28 /root
10.0.0.65 | CHANGED | rc=0 >>
dr-xr-x---. 5 root root 168 Oct 15 13:28 /root
cron 模块
管理远程主机的定时任务
首先查看一下帮助
扫描二维码关注公众号,回复:
3593105 查看本文章
[root@node01 ansible]# ansible-doc -s cron
- name: Manage cron.d and crontab entries
cron:
backup: # If set, create a backup of the crontab before it is modified. The location of the backup is returned in the `backup_file' variable by this module.
cron_file: # If specified, uses this file instead of an individual user's crontab. If this is a relative path, it is interpreted with respect to /etc/cron.d. (If it is
absolute, it will typically be /etc/crontab). Many linux distros expect (and some require) the filename portion to consist
solely of upper- and lower-case letters, digits, underscores, and hyphens. To use the `cron_file' parameter you must specify
the `user' as well.
day: # Day of the month the job should run ( 1-31, *, */2, etc )
disabled: # If the job should be disabled (commented out) in the crontab. Only has effect if `state=present'.
env: # If set, manages a crontab's environment variable. New variables are added on top of crontab. "name" and "value" parameters are the name and the value of
environment variable.
hour: # Hour when the job should run ( 0-23, *, */2, etc )
insertafter: # Used with `state=present' and `env'. If specified, the environment variable will be inserted after the declaration of specified environment variable.
insertbefore: # Used with `state=present' and `env'. If specified, the environment variable will be inserted before the declaration of specified environment variable.
job: # The command to execute or, if env is set, the value of environment variable. The command should not contain line breaks. Required if state=present.
minute: # Minute when the job should run ( 0-59, *, */2, etc )
month: # Month of the year the job should run ( 1-12, *, */2, etc )
name: # Description of a crontab entry or, if env is set, the name of environment variable. Required if state=absent. Note that if name is not set and state=present,
then a new crontab entry will always be created, regardless of existing ones.
reboot: # If the job should be run at reboot. This option is deprecated. Users should use special_time.
special_time: # Special time specification nickname.
state: # Whether to ensure the job or environment variable is present or absent.
user: # The specific user whose crontab should be modified.
weekday: # Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc )
特别说明:state参数,表示是增加present
,还是删除absent
.
演示添加
下面在
webservs
组中,创建一个定时任务,每十分钟,echo 一个hello
到/tmp/test.ans
.
[root@node01 ansible]# ansible webservs -m cron -a 'minute="*/10" job="/bin/echo hello >> /tmp/test.ans" name="test cron job" state=present'
10.0.0.65 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"test cron job"
]
}
[root@node01 ansible]# ansible webservs -m command -a 'crontab -l'
10.0.0.65 | CHANGED | rc=0 >>
#Ansible: test cron job
*/10 * * * * /bin/echo hello > /tmp/test.ans
说明:
name
参数是给这个定时任务起一个名字,相当于是个注释,解释该定时任务的含义- 定时任务中
分时日月周
中,如果是*
号,则可以不用增加参数 - 如果是添加,
state=present
参数可以不用添加,如果是删除,则需要加入state=absent
参数
演示删除
[root@node01 ansible]# ansible webservs -m cron -a 'minute="*/10" job="/bin/echo hello >> /tmp/test.ans" name="test cron job" state=absent'
10.0.0.65 | CHANGED => {
"changed": true,
"envs": [],
"jobs": []
}
[root@node01 ansible]# ansible webservs -m command -a 'crontab -l'
10.0.0.65 | CHANGED | rc=0 >>
[root@node01 ansible]#
user 模块
管理远程主机的用户
查看帮助
[root@node01 ansible]# ansible-doc -s user
- name: Manage user accounts
user:
append: # If `yes', add the user to the groups specified in `groups'. If `no', user will only be added to the groups specified in `groups', removing them from all
other groups.
comment: # Optionally sets the description (aka `GECOS') of user account.
create_home: # Unless set to `no', a home directory will be made for the user when the account is created or if the home directory does not exist. Changed from `createhome'
to `create_home' in version 2.5.
expires: # An expiry time for the user in epoch, it will be ignored on platforms that do not support this. Currently supported on GNU/Linux, FreeBSD, and DragonFlyBSD.
Since version 2.6 you can remove the expiry time specify a negative value. Currently supported on GNU/Linux and FreeBSD.
force: # This only affects `state=absent', it forces removal of the user and associated directories on supported platforms. The behavior is the same as `userdel
--force', check the man page for `userdel' on your system for details and support.
generate_ssh_key: # Whether to generate a SSH key for the user in question. This will *not* overwrite an existing SSH key.
group: # Optionally sets the user's primary group (takes a group name).
groups: # List of groups user will be added to. When set to an empty string `''', `null', or `~', the user is removed from all groups except the primary group. (`~'
means `null' in YAML) Before version 2.3, the only input format allowed was a comma separated string. Now this parameter
accepts a list as well as a comma separated string.
hidden: # macOS only, optionally hide the user from the login window and system preferences. The default will be 'True' if the `system' option is used.
home: # Optionally set the user's home directory.
local: # Forces the use of "local" command alternatives on platforms that implement it. This is useful in environments that use centralized authentification when you
want to manipulate the local users. I.E. it uses `luseradd` instead of `useradd`. This requires that these commands exist on
the targeted host, otherwise it will be a fatal error.
login_class: # Optionally sets the user's login class, a feature of most BSD OSs.
move_home: # If set to `yes' when used with `home=', attempt to move the user's old home directory to the specified directory if it isn't there already and the old home
exists.
name: # (required) Name of the user to create, remove or modify.
non_unique: # Optionally when used with the -u option, this option allows to change the user ID to a non-unique value.
password: # Optionally set the user's password to this crypted value. On macOS systems, this value has to be cleartext. Beware of security issues. See
https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module for details on various ways
to generate these password values.
password_lock: # Lock the password (usermod -L, pw lock, usermod -C). BUT implementation differs on different platforms, this option does not always mean the user cannot
login via other methods. This option does not disable the user, only lock the password. Do not change the password in the same
task. Currently supported on Linux, FreeBSD, DragonFlyBSD, NetBSD.
remove: # This only affects `state=absent', it attempts to remove directories associated with the user. The behavior is the same as `userdel --remove', check the man
page for details and support.
seuser: # Optionally sets the seuser type (user_u) on selinux enabled systems.
shell: # Optionally set the user's shell. On macOS, before version 2.5, the default shell for non-system users was /usr/bin/false. Since 2.5, the default shell for
non-system users on macOS is /bin/bash.
skeleton: # Optionally set a home skeleton directory. Requires create_home option!
ssh_key_bits: # Optionally specify number of bits in SSH key to create.
ssh_key_comment: # Optionally define the comment for the SSH key.
ssh_key_file: # Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory.
ssh_key_passphrase: # Set a passphrase for the SSH key. If no passphrase is provided, the SSH key will default to having no passphrase.
ssh_key_type: # Optionally specify the type of SSH key to generate. Available SSH key types will depend on implementation present on target host.
state: # Whether the account should exist or not, taking action if the state is different from what is stated.
system: # When creating an account `state=present', setting this to `yes' makes the user a system account. This setting cannot be changed on existing users.
uid: # Optionally sets the `UID' of the user.
update_password: # `always' will update passwords if they differ. `on_create' will only set the password for newly created users.
演示