Table of contents
(6) Comparison between ansible and other configuration management software
2. Introduction to ansible components
(3) Inventory built-in parameters
(5) Introduction to frequently used modules
① Frequently used module parameters
②Example: Copy the file to the test host
③Example: backup before copying
④Example: Copy the directory to the past
⑤ often use parameter return value
③Example 2:
①The cron module is used to manage scheduled tasks.
① Use rsync to synchronize files.
3. Core module playbook introduction
1. Introduction to Ansible
(1) Introduction
1. Ansible is a configuration management and configuration tool. It uses SSH to connect to the server and run the configured tasks. You only need to open ssh on the server, and all the work is handed over to ansible on the client side.
2. When we need to deploy in batches, we can write scripts ourselves, but Ansible is more recommended. Using Ansible requires no coding and only needs to configure yaml files, and Ansible has built-in functions such as idempotency and concurrency control, which greatly reduces the workload of batch deployment.
3. Ansible is a new automated operation and maintenance tool. Based on Python development, it integrates the advantages of many operation and maintenance tools (puppet, cfengine, chef, func, fabric), and realizes batch system configuration, batch program deployment, and batch operation commands. Function.
4. Ansible works based on modules, and it does not have the ability to deploy in batches. What really has batch deployment is the modules run by ansible, and ansible just provides a framework. mainly include:
(1), link plug-in connection plugins: responsible for communicating with the monitored terminal;
(2), host inventory: The host for the specified operation is a host defined in a configuration file for monitoring;
(3), various modules core module, command module, custom module;
(4), with the help of plug-ins to complete functions such as recording log emails;
(5), playbook: When the script executes multiple tasks, it is not necessary to allow the node to run multiple tasks at one time.
GitHub address: https://github.com/ansible/ansible/
Official website address: https://docs.ansible.com
Online playbook sharing platform: https://galaxy.ansible.com
(2) Features
1. no agents: no client needs to be installed on the controlled host;
2. no server: no server, just run the command directly when using it;
3. modules in any languages: Based on the module work, modules can be developed in any language;
4. yaml, not code: use yaml language to customize the script playbook;
5. ssh by default: work based on SSH;
6. Strong multi-tier solution: It can realize multi-level command.
(3) Advantages
1. Lightweight, there is no need to install an agent on the client side. When updating, only one update is required on the operating machine;
2. Batch task execution can be written into scripts, and can be executed without distributing to remote;
3. It is written in python, which is easier to maintain, and the syntax of ruby is too complicated;
4. Support sudo.
(4) Basic structure
1. Core engine: ansible
2. Core modules:
These are modules that come with ansible, and ansible module resources are distributed to remote nodes to perform specific tasks or match a specific state.
3. Custom modules:
If the core module is not enough to complete a certain function, you can add a custom module.
4. Plug-ins:
Completing the supplement of module functions, with the help of plug-ins to complete functions such as recording logs and emails
5. Playbook:
The configuration file that defines the ansible task can define multiple tasks in a script, which is automatically executed by ansible. The script execution supports multiple tasks, and the control host can run multiple tasks and manage multiple remote hosts at the same time.
6. Playbook is ansible's configuration, deployment and orchestration language, which can describe a remote system execution strategy you want, or the usual process of a set of steps. If the ansible module is your studio tool, the playbook is the design solution. At a basic level, playbooks can be used to manage configuration and deploy to remote machines. In more advanced applications, multi-tier applications and rolling updates can be sequenced, and actions can be delegated to other hosts, interacting with monitoring servers and load balancers.
7. Connection plugins:
Ansible is linked to each host based on the link plug-in, and is responsible for communicating with the managed nodes. Although ansible uses ssh to connect to each managed node, it also supports other connection methods, so a connection plug-in is required.
8. Host inventory:
Define the host policy managed by ansible. By default, the managed node is defined in the hosts configuration file of ansible. It also supports customizing the dynamic host list and specifying the configuration file path.
9. Ansible uses the paramiko protocol library (Fabric also uses this), and connects to the host through ssh or ZeroMQ. Ansible pushes the ansible module to the managed node through the ssh protocol (or Kerberos, LDAP) on the control host for execution, and automatically deletes it after execution. The control host and the managed node support three link methods: local, SSH, and ZeroMQ, and the link based on SSH is used by default. Using the ZeroMQ connection method in a large-scale situation will significantly improve the execution speed.
(5) Task Execution Mode
1. The ansible system can be divided into two types by the control host to operate the managed nodes, namely ad-hoc and playbook.
2. The ad-hoc mode uses a single module and supports batch execution of single commands.
3. The playbook mode is the main management method of ansible. A type of function is completed through a collection of multiple tasks, which can be simply understood as a configuration file that combines multiple ad-hoc operations.
(6) Comparison between ansible and other configuration management software
Comparison of technical characteristics:
project | Puppet | Salt stack | Ansible |
Development language | Ruby | Python | Python |
Is there a client | yes | yes | no |
Whether to support secondary development | not support | support | support |
Whether the server and the remote machine authenticate each other | yes | yes | yes |
Whether the communication between the server and the remote machine is encrypted | Yes, standard SSL protocol | Yes, use AES encryption | Yes, using OpenSSH |
Whether to provide WEB UI | supply | supply | Provided, but commercial version |
Configuration file format | Ruby syntax | YAML | YAML |
command line execution | Not supported, but can be implemented through the configuration module | support | support |
2. Introduction to ansible components
(一)ansible inventory
In large-scale configuration management work, we need to manage machines of different businesses. The information of these machines is stored in the inventory component of ansible. In our work, the host for configuration and deployment must be stored in the inventory first, so that ansible can be used to operate it. The default ansible inventory is a static ini file /etc/ansible/hosts. It can also be specified through the ANSIBLE_HOSTS environment variable or temporarily set with the -i parameter when the command is run.
(2) Reference example
Define hosts and host groups
1、100.0.0.1 ansible_ssh_pass='123456'
2、100.0.0.2 ansible_ssh_pass='123456'
3、[docker]
4、100.0.0.1[1:3]
5、[docker:vars]
6、ansible_ssh_pass='123456'
7、[ansible:children]
8、docker
Lines 1 and 2 define a host and specify the ssh login password
Line 3 defines a group called docker
Line 4 defines the four hosts under the docker group from 100.0.0.11-100.0.0.13
Lines 5 and 6 define the ssh login password of the docker group
Lines 7 and 8 define the ansible group, which contains the docker group
(3) Inventory built-in parameters
reference | explain | example |
ansible_ssh_host | The name of the remote host to be connected. If it is different from the alias of the host you want to set, it can be set through this variable. | ansible_ssh_host=192.169.1.123 |
ansible_ssh_port | ssh port number. If it is not the default port number, set it through this variable. | ansible_ssh_port=5000 |
ansible_ssh_user | default ssh username | ansible_ssh_user=cxpadmin |
ansible_ssh_pass | ssh password (this method is not secure, we strongly recommend using --ask-pass or SSH key) | ansible_ssh_pass=’123456’ |
ansible_sudo_pass | sudo password (this method is not safe, we strongly recommend using --ask-sudo-pass) | ansible_sudo_pass=’123456’ |
ansible_sudo_exe | sudo command path (for 1.8 and above) | ansible_sudo_exe=/usr/bin/sudo |
ansible_connection | The connection type with the host. For example: local, ssh or paramiko. Before Ansible 1.2, paramiko was used by default. After 1.2, 'smart' is used by default. The 'smart' method will judge whether the 'ssh' method is feasible according to whether it supports ControlPersist. | ansible_connection=local |
ansible_ssh_private_key_file | The private key file used by ssh. It is suitable for situations where there are multiple keys and you don't want to use SSH agent. | ansible_ssh_private_key_file=/root/key |
ansible_shell_type | The shell type of the target system. By default, the execution of the command uses the 'sh' syntax, which can be set to 'csh' or 'fish'. | ansible_shell_type=zsh |
ansible_python_interpreter | The python path of the target host. Applicable situations: There are multiple Pythons in the system, or the command path is not "/usr/bin/python", such as \*BSD, or /usr/bin/python is not a 2.X version of Python .We don't use the "/usr/bin/env" mechanism, because it requires the path of the remote user to be set correctly, and the name of the "python" executable program cannot be a name other than python (the actual name may be python26). |
ansible_python_interpreter=/usr/bin/python2.6 |
ansible_*_interpreter | Define the rest of the language interpreters | ansible_*_interpreter=/usr/bin/ruby |
ansible_sudo | Define sudo user | ansible_sudo=cxpadmin |
Note: Starting from ansible2.0, ansible_ssh_user, ansible_ssh_host, ansible_ssh_port have been changed to ansible_user, ansible_host, ansible_port.
For details, refer to the official website http://docs.ansible.com/ansible/latest/intro_inventory.html
(4) ansible ad-hoc command
We often use the ansible module through the command line. Ansible comes with many modules, which can be used directly. At present, ansible has built-in 200+ modules, we can use ansible-doc -l to display all built-in modules, and also use ansible-doc module name to view the introduction and case of the module. It should be noted that if you use the ad-hoc command, some plug-in functions of ansible cannot be used, such as the loop facts function.
Command usage: ansible <host-pattern> [options]
(5) Introduction to frequently used modules
1. ping module
The role of the ping module is the same as its name, that is, to judge whether the network of the remote host is unblocked
Example: ansible cluster_hosts -m ping
2. copy module
The role of the copy module in ansible is to copy the files on the ansible execution machine to the remote node. The opposite operation to the fetch module.
① Frequently used module parameters
parameter name | Is it necessary | Defaults | options | illustrate |
src | no | It is used to locate the file on the machine where ansible is executed, and an absolute path is required. If the copy is a folder, then the folder will be copied as a whole, if the end is "/", then only the contents of the folder will be tested. Everything feels a lot like rsync | ||
content | no | Used to replace src, used to copy the content of the specified file to the remote file | ||
dest | yes | For locating files on remote nodes, absolute paths are required. If src points to a folder, this parameter must also point to a folder | ||
backup | no | no | yes/no | Back up the original files on the remote node, before copying. If something unexpected happens, the original file can still be used. |
directory_mode | no | This parameter can only be used when copying a folder. After this setting, the newly created files in the folder will be copied. and the old ones are not copied | ||
follow | no | no | yes/no | When there is a link in the copied folder, the copied folder will also have a link |
force | no | yes | yes/no | The default is yes, which will overwrite remote files with different content (maybe the same file name). If it is no, the file will not be copied, if there is this file remotely |
group | no | Set a group to have permission to copy files to remote nodes | ||
mode | no | Equivalent to chmod, the parameter can be "u+rwx or u=rw,g=r,o=r" | ||
owner | no | 设定一个用户拥有拷贝到远程节点的文件权限 |
②示例:将文件copy到测试主机
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
[root@node1 ansible]# ansible testservers -m copy -a 'src=/root/install.log dest=/tmp/install.log owner=testuser group=testgroup' 192.168.100.131 | success >> { "changed": true, "checksum": "7b3626c84bb02d12472c03d2ece878fdc4756c94", "dest": "/tmp/install.log", "gid": 1100, "group": "testgroup", "md5sum": "c7d8a01a077940859e773b7770d2e07e", "mode": "0644", "owner": "testuser", "size": 9458, "src": "/root/.ansible/tmp/ansible-tmp-1456387213.94-229503410500766/source", "state": "file", "uid": 1000 } 192.168.100.132 | success >> { "changed": true, "checksum": "7b3626c84bb02d12472c03d2ece878fdc4756c94", "dest": "/tmp/install.log", "gid": 1100, "group": "testgroup", "md5sum": "c7d8a01a077940859e773b7770d2e07e", "mode": "0644", "owner": "testuser", "size": 9458, "src": "/root/.ansible/tmp/ansible-tmp-1456387213.94-186055595812050/source", "state": "file", "uid": 1000 } |
③示例:copy 前先备份
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
[root@node1 ansible]# echo "test " >> /root/install.log [root@node1 ansible]# ansible testservers -m copy -a 'src=/root/install.log dest=/tmp/install.log owner=testuser group=testgroup backup=yes' 192.168.100.132 | success >> { "backup_file": "/tmp/install.log.2016-02-25@16:01:26~", "changed": true, "checksum": "b5da7af32ad02eb98f77395b28f281a965b4c1f5", "dest": "/tmp/install.log", "gid": 1100, "group": "testgroup", "md5sum": "d39956add30a18019cb5ad2381a0cd43", "mode": "0644", "owner": "testuser", "size": 9464, "src": "/root/.ansible/tmp/ansible-tmp-1456387285.87-128685659798967/source", "state": "file", "uid": 1000 } 192.168.100.131 | success >> { "backup_file": "/tmp/install.log.2016-02-25@16:01:26~", "changed": true, "checksum": "b5da7af32ad02eb98f77395b28f281a965b4c1f5", "dest": "/tmp/install.log", "gid": 1100, "group": "testgroup", "md5sum": "d39956add30a18019cb5ad2381a0cd43", "mode": "0644", "owner": "testuser", "size": 9464, "src": "/root/.ansible/tmp/ansible-tmp-1456387285.86-134452201968647/source", "state": "file", "uid": 1000 } [root@node1 ansible]# ansible testservers -m raw -a 'ls -lrth /tmp/install*' 192.168.100.131 | success | rc=0 >> -rw-r--r-- 1 root root 9.3K 2 25 16:00 /tmp/install.log.2016-02-25@16:01:26~ -rw-r--r-- 1 testuser testgroup 9.3K 2 25 16:01 /tmp/install.log 192.168.100.132 | success | rc=0 >> -rw-r--r-- 1 root root 9.3K 2 25 16:00 /tmp/install.log.2016-02-25@16:01:26~ -rw-r--r-- 1 testuser testgroup 9.3K 2 25 16:01 /tmp/install.log |
④示例:将目录copy过去
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
[root@node1 ansible]# tree testdir testdir ├── a │ ├── e │ │ └── ansible.cfg │ ├── f │ └── g ├── b │ ├── e │ ├── f │ └── g └── c ├── ansible.cfg ├── e ├── f └── g [root@node1 ansible]# ansible testservers -m copy -a 'src=/etc/ansible/testdir dest=/tmp/ owner=testuser group=testgroup backup=yes' 192.168.100.131 | success >> { "changed": true, "dest": "/tmp/", "src": "/etc/ansible/testdir" } 192.168.100.132 | success >> { "changed": true, "dest": "/tmp/", "src": "/etc/ansible/testdir" } [root@node1 ansible]# ansible testservers -m command -a 'tree /tmp/testdir' 192.168.100.131 | success | rc=0 >> /tmp/testdir |-- a | `-- e | `-- ansible.cfg |-- b | `-- e | `-- hosts `-- c `-- ansible.cfg 5 directories, 3 files 192.168.100.132 | success | rc=0 >> /tmp/testdir |-- a | `-- e | `-- ansible.cfg |-- b | `-- e | `-- hosts `-- c `-- ansible.cfg 5 directories, 3 files |
注意:发现有文件的目录copy成功,空的目录没有copy过去
⑤经常使用参数返回值
参数名 | 参数说明 | 返回值 | 返回值类型 | 样例 |
src | 位于ansible执行机上的位置 | changed | string | /home/httpd/.ansible/tmp/ansible-tmp-1423796390.97-147729857856000/source |
backup_file | 将原文件备份 | changed and if backup=yes | string | /path/to/file.txt.2015-02-12@22:09~ |
uid | 在执行后,拥有者的ID | success | int | 100 |
dest | 远程节点的目标目录或文件 | success | string | /path/to/file.txt |
checksum | 拷贝文件后的checksum值 | success | string | 6e642bb8dd5c2e027bf21dd923337cbb4214f827 |
md5sum | 拷贝文件后的md5 checksum值 | when supported | string | 2a5aeecc61dc98c4d780b14b330e3282 |
state | 执行后的状态 | success | string | file |
gid | 执行后拥有文件夹、文件的群组ID | success | int | 100 |
mode | 执行后文件的权限 | success | string | 0644 |
owner | 执行后文件全部者的名字 | success | string | httpd |
group | 执行后文件全部群组的名字 | success | string | httpd |
size | 执行后文件大小 | success | int | 1220 |
3、shell模块
它负责在被ansible控制的节点(服务器)执行命令行。shell 模块是经过/bin/sh进行执行,因此shell 模块能够执行任何命令,就像在本机执行同样。
①经常使用参数
参数 | 是否必须 | 默认值 | 选项 | 说明 |
chdir | no | 跟command同样的,运行shell以前cd到某个目录 | ||
creates | no | 跟command同样的,若是某个文件存在则不运行shell | ||
removes | no | 跟command同样的,若是某个文件不存在则不运行shell |
②示例1:
让全部节点运行somescript.sh并把log输出到somelog.txt。
$ ansible -i hosts all -m shell -a "sh somescript.sh >> somelog.txt"
③示例2:
先进入somedir/ ,再在somedir/目录下让全部节点运行somescript.sh并把log输出到somelog.txt。
$ ansible -i hosts all -m shell -a "somescript.sh >> somelog.txt" chdir=somedir/
④示例3:
先cd到某个须要编译的目录,执行condifgure而后,编译,而后安装。
$ ansible -i hosts all -m shell -a "./configure && make && make insatll" chdir=/xxx/yyy/
4、command模块
command 模块用于运行系统命令。不支持管道符和变量等("<", ">", "|", and "&"等),若是要使用这些,那么可使用shell模块。在使用ansible中的时候,默认的模块是-m command,从而模块的参数不须要填写,直接使用便可。
①经常使用参数
参数 | 是否必须 | 默认值 | 选项 | 说明 |
chdir | no | 运行command命令前先cd到这个目录 | ||
creates | no | 若是这个参数对应的文件存在,就不运行command | ||
executable | no | 将shell切换为command执行,这里的全部命令须要使用绝对路径 | ||
removes | no | 若是这个参数对应的文件不存在,就不运行command |
②示例1:
#ansible 命令调用command: ansible -i hosts all -m command -a "/sbin/shutdown -t now"
ansible命令行调用-m command模块 -a表示使用参数 “”内的为执行的command命令,该命令为关机。
那么对应的节点(192.168.10.12,127.152.112.13)都会执行关机。
③示例2:
# Run the command if the specified file does not exist. ansible -i hosts all -m command -a "/usr/bin/make_database.sh arg1 arg2 creates=/path/to/database"
利用creates参数,判断/path/to/database这个文件是否存在,存在就跳过command命令,不存在就执行command命令。
5、raw模块
raw模块的功能与shell和command相似。但raw模块运行时不须要在远程主机上配置python环境。
示例:
在10.1.1.113节点上运行hostname命令
ansible 10.1.1.113 -m raw-a 'hostname|tee'
6、fetch模块
文件拉取模块主要是将远程主机中的文件拷贝到本机中,和copy模块的做用刚刚相反,而且在保存的时候使用hostname来进行保存,当文件不存在的时候,会出现错误,除非设置了选项fail_on_missing为yes
①经常使用参数
参数 | 必填 | 默认值 | 选项 | 说明 |
Dest | Yes | 用来存放文件的目录,例如存放目录为backup,源文件名称为/etc/profile在主机pythonserver中,那么保存为/backup/pythonserver/etc/profile | ||
Fail_on_missing | No | No | Yes/no | 当源文件不存在的时候,标识为失败 |
Flat | No | 容许覆盖默认行为从hostname/path到/file的,若是dest以/结尾,它将使用源文件的基础名称 | ||
Src | Yes | 在远程拉取的文件,而且必须是一个file,不能是目录 | ||
Validate_checksum | No | Yes | Yes/no | 当文件fetch以后进行md5检查 |
②示例1
fetch一个文件保存,src表示为远程主机上须要传送的文件路径,dest表示为本机上的路径,在传送过来的文件,是按照IP地址进行分类,而后路径是源文件的路径。在拉取文件的时候,必须拉取的是文件,不能拉取文件夹。
[root@ansibleserver ~]# ansible pythonserver -m fetch -a "src=/root/123 dest=/root"
SSH password:
192.168.1.60 | success >> {
"changed": true,
"dest": "/root/192.168.1.60/root/123",
"md5sum": "31be5a34915d52fe0a433d9278e99cac",
"remote_md5sum": "31be5a34915d52fe0a433d9278e99cac"
}
③示例2:
指定路径目录进行保存。在使用参数为flat的时候,若是dest的后缀名为/,那么就会保存在目录中,而后直接保存为文件名;当dest后缀不为/的时候,那么就会直接保存为kel的文件。主要是在于dest是否已/结尾,从而来区分这是个目录仍是路径。
[root@ansibleserver ~]# ansible pythonserver -m fetch -a "src=/root/Ssh.py dest=/root/kel/ flat=yes"
SSH password:
192.168.1.60 | success >> {
"changed": true,
"dest": "/root/kel/Ssh.py",
"md5sum": "63f8a200d1d52d41f6258b41d7f8432c",
"remote_md5sum": "63f8a200d1d52d41f6258b41d7f8432c"
}
7、file模块
主要用来设置文件、连接、目录的属性,或者移除文件、连接、目录,不少其余的模块也会包含这种做用,例如copy,assemble和template。
①经常使用参数
参数 | 必填 | 默认 | 选项 | 说明 |
Follow | No | No | Yes/no | 这个标识说明这是系统连接文件,若是存在,应该遵循 |
Force | No | No | Yes/no | 强制建立连接在两种状况下:源文件不存在(过会会存在);目标存在可是是文件(建立连接文件替代) |
Group | No | 文件所属用户组 | ||
Mode | No | 文件所属权限 | ||
Owner | No | 文件所属用户 | ||
Path | Yes | 要控制文件的路径 | ||
Recurse | No | No | Yes/no | 当文件为目录时,是否进行递归设置权限 |
Src | No | 文件连接路径,只有状态为link的时候,才会设置,能够是绝对相对不存在的路径 | ||
State | No | File | File/link Directory Hard/touch Absent |
若是是目录不存在,那么会建立目录;若是是文件不存在,那么不会建立文件;若是是link,那么软连接会被建立或者修改;若是是absent,那么目录下的全部文件都会被删除,若是是touch,会建立不存在的目录和文件 |
②示例1:
设置文件属性。文件路径为path,表示文件路径,设定所属用户和所属用户组,权限为0644。文件路径为path,使用文件夹进行递归修改权限,使用的参数为recurse表示为递归。
[root@ansibleserver ~]# ansible pythonserver -m file -a "path=/root/123 owner=kel group=kel mode=0644"
SSH password:
192.168.1.60 | success >> {
"changed": true,
"gid": 500,
"group": "kel",
"mode": "0644",
"owner": "kel",
"path": "/root/123",
"size": 294,
"state": "file",
"uid": 500
}
[root@ansibleserver ~]# ansible pythonserver -m file -a "path=/tmp/kel/ owner=kel group=kel mode=0644 recurse=yes"
SSH password:
192.168.1.60 | success >> {
"changed": true,
"gid": 500,
"group": "kel",
"mode": "0644",
"owner": "kel",
"path": "/tmp/kel/",
"size": 4096,
"state": "directory",
"uid": 500
}
③示例2:
建立目录。建立目录,使用的参数主要是state为directory。
[root@ansibleserver ~]# ansible pythonserver -m file -a "path=/tmp/kel state=directory mode=0755"
SSH password:
192.168.1.60 | success >> {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/kel",
"size": 4096,
"state": "directory",
"uid": 0
}
④示例3:
修改权限。直接使用mode来进行修改权限。
[root@ansibleserver ~]# ansible pythonserver -m file -a "path=/tmp/kel mode=0444"
SSH password:
192.168.1.60 | success >> {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0444",
"owner": "root",
"path": "/tmp/kel",
"size": 4096,
"state": "directory",
"uid": 0
}
⑤示例4:
建立软链接。 src表示已经存在的文件,dest表示建立的软链接的文件名,最后的state状态为link。
root@ansibleserver tmp]# ansible pythonserver -m file -a "src=/tmp/1 dest=/tmp/2 owner=kel state=link"
SSH password:
192.168.1.60 | success >> {
"changed": true,
"dest": "/tmp/2",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "kel",
"size": 6,
"src": "/tmp/1",
"state": "link",
"uid": 500
}
8、yum模块
Yum(全称为 Yellow dog Updater, Modified)是一个在Fedora和RedHat以及CentOS中的Shell前端软件包管理器。即安装包管理模块。
①经常使用参数
参数名 | 是否必须 | 默认值 | 选项值 | 参数说明 |
conf_file | no | 设定远程yum执行时所依赖的yum配置文件 | ||
disable_gpg_check | no | No | Yes/No | 在安装包前检查包,只会影响state参数为present或者latest的时候 |
list | No | 只能由ansible调用,不支持playbook,这个干啥的你们都懂 | ||
name | Yes | 你须要安装的包的名字,也能如此使用name=python=2.7安装python2.7 | ||
state | no | present | present/latest/absent | 用于描述安装包最终状态,present/latest用于安装包,absent用于remove安装包 |
update_cache | no | no | yes/no | 用于安装包前执行更新list,只会影响state参数为present/latest的时候 |
②示例1:
安装httpd包
ansible host31 -m yum -a “name=httpd”
host31 | SUCCESS => {
“changed”: true,
“msg”: “”,
“rc”: 0,
“results”: [ xxxxx ]
③示例2:
删除httpd包
ansible host31 -m yum -a "name=httpd state=absent" host31 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ xxxx ]
9、service模块
service模块其实就是linux下的service命令。用于service服务管理。
①经常使用参数
参数名 | 是否必须 | 默认值 | 选项 | 说明 |
enabled | no | yes/no | 启动os后启动对应service的选项。使用service模块的时候,enabled和state至少要有一个被定义 | |
name | yes | 须要进行操做的service名字 | ||
state | no | stared/stoped/restarted/reloaded | service最终操做后的状态。 |
②示例1:
启动服务。
ansible host31 -m service -a "name=httpd state=started" host31 | SUCCESS => { "changed": true, "name": "httpd", "state": "started" }
③示例2:
中止服务。
ansible host31 -m service -a "name=httpd state=stopped" host31 | SUCCESS => { "changed": true, "name": "httpd", "state": "stopped" }
④示例3:
设置服务开机自启动。
[root@host31 ~]# ansible host31 -m service -a "name=httpd enabled=yes state=restarted" host31 | SUCCESS => { "changed": true, "enabled": true, "name": "httpd", "state": "started" }
10、cron模块
①cron模块用于管理计划任务。
参数名 | 是否必须 | 默认值 | 选项 | 说明 |
backup | 对远程主机上的原任务计划内容修改以前作备份 | |||
cron_file | 若是指定该选项,则用该文件替换远程主机上的cron.d目录下的用户的任务计划 | |||
day | 日(1-31,*,*/2,……) | |||
hour | 小时(0-23,*,*/2,……) | |||
minute | 分钟(0-59,*,*/2,……) | |||
month | 月(1-12,*,*/2,……) | |||
weekday | 周(0-7,*,……) | |||
job | 要执行的任务,依赖于state=present | |||
name | 该任务的描述 | |||
special_time | 指定何时执行,参数:reboot,yearly,annually,monthly,weekly,daily,hourly | |||
state | 确认该任务计划是建立仍是删除 | |||
user | 以哪一个用户的身份执行 |
②示例:
ansible test -m cron -a 'name="a job for reboot" special_time=reboot job="/some/job.sh"'
ansible test -m cron -a 'name="yum autoupdate" weekday="2" minute=0 hour=12 user="root
ansible test -m cron -a 'backup="True" name="test" minute="0" hour="5,2" job="ls -alh > /dev/null"'
ansilbe test -m cron -a 'cron_file=ansible_yum-autoupdate state=absent'
11、user模块
user模块是请求的是useradd, userdel, usermod三个指令。
①经常使用参数
参数名 | 是否必须 | 默认值 | 选项 | 说明 |
home | 指定用户的家目录,须要与createhome配合使 | |||
groups | 指定用户的属组 | |||
uid | 指定用的uid | |||
password | 指定用户的密码 | |||
name | 指定用户名 | |||
createhome | 是否建立家目录 yes|no | |||
system | 是否为系统用户 | |||
remove | 当state=absent时,remove=yes则表示连同家目录一块儿删除,等价于userdel -r | |||
state | 是建立仍是删除 | |||
shell | 指定用户的shell环境 |
指定password参数时,不能使用明文密码,由于后面这一串密码会被直接传送到被管理主机的/etc/shadow文件中,因此须要先将密码字符串进行加密处理。而后将获得的字符串放到password中便可。不一样的发行版默认使用的加密方式可能会有区别,具体能够查看/etc/login.defs文件确认,centos 6.5版本使用的是SHA512加密算法。
②示例1:
目的:在指定节点上建立一个用户名为nolinux,组为nolinux的用户
命令:ansible 10.1.1.113 -m user -a 'name=nolinux groups=nolinux state=present'
③示例2:
删除用户
命令:ansible 10.1.1.113 -m user -a 'name=nolinux groups=nolinux state=absent remove=yes'
12、group模块
goup模块请求的是groupadd, groupdel, groupmod 三个指令。
参数参考ansible-hoc group
示例:
目的:在全部节点上建立一个组名为nolinux,gid为2014的组
命令:ansible all -m group -a 'gid=2014 name=nolinux'
13、script模块
script模块将控制节点的脚本执行在被控节点上。
示例:
[root@host31 ~]# ansible host32 -m script -a /tmp/hello.sh host32 | SUCCESS => { "changed": true, "rc": 0, "stderr": "", "stdout": "this is test from host32\r\n", "stdout_lines": [ "this is test from host32" ->执行结果 ] }
14、get_url模块
该模块主要用于从http、ftp、https服务器上下载文件(相似于wget)
①经常使用参数
参数名 | 是否必须 | 默认值 | 选项 | 说明 |
sha256sum | 下载完成后进行sha256 check; | |||
timeout | 下载超时时间,默认10s | |||
url | 下载的URL | |||
url_password、url_username | 主要用于须要用户名密码进行验证的状况 | |||
use_proxy | 是事使用代理,代理需事先在环境变动中定义 |
②示例:
目的:将 http://10.1.1.116/favicon.ico文件下载到指定节点的/tmp目录下
命令:ansible 10.1.1.113 -m get_url -a 'url= http://10.1.1.116/favicon.ico dest=/tmp'
15、synchronize模块
①使用rsync同步文件。
参数名 | 是否必须 | 默认值 | 选项 | 说明 |
archive | 归档,至关于同时开启recursive(递归)、links、perms、times、owner、group、-D选项都为yes ,默认该项为开启 | |||
checksum | 跳过检测sum值,默认关闭 | |||
compress | 是否开启压缩 | |||
copy_links | 复制连接文件,默认为no ,注意后面还有一个links参数 | |||
delete | 删除不存在的文件,默认no | |||
dest | 目录路径 | |||
dest_port | dest_port:默认目录主机上的端口 ,默认是22,走的ssh协议 | |||
dirs | 传速目录不进行递归,默认为no,即进行目录递归 | |||
rsync_opts | rsync参数部分 | |||
set_remote_user | 主要用于/etc/ansible/hosts中定义或默认使用的用户与rsync使用的用户不一样的状况 | |||
mode | push或pull 模块,push模的话,通常用于从本机向远程主机上传文件,pull 模式用于从远程主机上取文件 |
②示例1:
目的:将主控方/root/a目录推送到指定节点的/tmp目录下
命令:ansible 10.1.1.113 -m synchronize -a 'src=/root/a dest=/tmp/ compress=yes'
delete=yes 使两边的内容同样(即以推送方为主)
compress=yes 开启压缩,默认为开启
--exclude=. Git 忽略同步. git结尾的文件
因为模块,默认都是推送push。所以,若是你在使用拉取pull功能的时候,能够参考以下来实现
mode=pull 更改推送模式为拉取模式
③示例2:
目的:将10.1.1.113节点的/tmp/a目录拉取到主控节点的/root目录下
命令:ansible 10.1.1.113 -m synchronize -a 'mode=pull src=/tmp/a dest=/root/'
④示例3:
因为模块默认启用了archive参数,该参数默认开启了recursive, links, perms, times, owner,group和-D参数。若是你将该参数设置为no,那么你将中止不少参数,好比会致使以下目的递归失败,致使没法拉取
16、其余模块:
mount模块:配置挂载点
unarchive模块:解压文件模块
三、核心模块playbook介绍
ansible的playbook的文件格式为YAML格式,因此但愿你们在学习playbook以前先对YAML语法有必定的了解,不然在运行playbook的过程当中会常常碰到莫名其妙的语法错误。
这边以一个例子简单介绍一下playbook。
示例目的:指定一个主机名,对这个主机进行配置操做。
先展现目录结构
config-ansible
|___config_hosts.yml
|___roles
|___config_hosts
|___tasks
|___main.yml
|___config.yml
总共3个YAML文件,其中config_hosts.yml为总入口,在这个文件里调用roles/config_hosts/tasks目录下的脚本。执行命令ansible-playbook config_hosts.yml 运行剧本。
config_hosts.yml内容为
1. ---
2. - hosts: node1
3. roles:
4. - config_hosts
第1行表示该文件是YAML文件,非必须。
第2行定义该playbook针对的目标主机。
第三、4行指定角色目录,具体操做在角色中定义。
main.yml的内容为
1. ---
2. - include: config.yml
第2行指定此roles要导入的task文件。
config.yml的内容为
1. ---
2. - name: copy test.file
3. copy:
4. src: /home/test.file
5. dest: /home/test.file
6. owner: root
7. group: root
8. mode: 0777
9. force: yes
10.
11. - name: exec hello world script
12. script: /home/helloworld.sh
13.
14.- name: rm test.file
15. file: path=/home/test.file state=absent
config.yml文件内的代码才是真正执行的任务代码。总共有3个任务,第一个把/home目录的test.file文件拷贝到目标主机的相同路径下,第二个在目标主机执行/home目录下的helloworld.sh,helloworld.sh的内容就是打印一条helloworld信息,第三个任务是使用file模块把目标主机的/home/test.file文件删除。
其实playbook就是各个模块的组装,此处只是抛砖引玉,其余模块在playbook中的使用可自行学习,就再也不介绍循环、条件判断等功能的实现了。