技術文章 » ansible 003 常用模組

ansible 003 常用模組

2022-09-02 15:02:05

常用模組

file 模組 管理被控端檔案

回顯為綠色則,未變更,符合要求
黃色則改變
紅色則報錯

因為預設值為file,那麼檔案不存在,報錯

改為touch則建立
將state改為directory變成建立目錄(預設可以遞迴)

建立軟連結或硬連結

[root@workstation modules]# ansible servera  -m file  -a  'path=/tmp/redhat1 state=absent'
absent刪除檔案

[root@workstation modules]# ansible servera -m file  -a 'path=/tmp/file  mode=755  owner=ansible'
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "gid": 0,
    "group": "root",
    "mode": "0755",
    "owner": "ansible",
    "path": "/tmp/file",
    "secontext": "unconfined_u:object_r:user_tmp_t:s0",
    "size": 0,
    "state": "file",
    "uid": 1001
}
更改已經存在的目錄  可以加state=touch  也可以不加效果一樣

[root@workstation modules]# ansible   servera  -m  file  -a 'src=/tmp/file2  dest=/tmp/file33  state=link force=yes'
[WARNING]: Cannot set fs attributes on a non-existent symlink target. follow should be set to False to avoid
this.
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "dest": "/tmp/file33",
    "src": "/tmp/file2"
}

強制建立不存在原始檔的連結檔案
原始檔不同則覆蓋(不加force也可以)
根據紅色報錯來決定加不加force更合理

copy模組 將主控端檔案給被控端

[root@workstation maosible]# ansible  servera -m  copy -a 'src=hosts  dest=/tmp/dir01'
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "e7a86fde02d85341de7f8a7c1544a3943e6aff9a",
    "dest": "/tmp/dir01",
    "gid": 0,
    "group": "root",
    "md5sum": "46d0842e39f0fb11629b1b07653420e0",
    "mode": "0644",
    "owner": "root",
    "secontext": "unconfined_u:object_r:user_home_t:s0",
    "size": 16,
    "src": "/home/ansible/.ansible/tmp/ansible-tmp-1662013817.618654-7648-138526025113835/source",
    "state": "file",
    "uid": 0
}

一個致命的小細節

[root@workstation maosible]# ln -s /important/  ./abca
[root@workstation maosible]# rm -f abca/
rm: cannot remove 'abca/': Is a directory
[root@workstation maosible]# rm -f abca
[root@workstation maosible]#

這個小小的/區別很大。一定要注意,哪些位置需要加/

[root@workstation maosible]# ansible servera -m copy -a 'content="hello world\n" dest=/tmp/file2'

copy也可以寫檔案(相當於重定向>)

backup 在覆蓋之前將原檔案備份。備份包含時間資訊
force=no 防止覆蓋
remote_src 複製被控端到被控端 預設no
validate 測試檔案的語法如果測試不通過,則不執行

[root@workstation maosible]# cat /etc/sudoers.d/kk 
xiaomao ALL=(ALL) NOPASSWD:ALL
[root@workstation maosible]# ansible  servera  -m copy -a "src=/etc/sudoers.d/kk  dest=/etc/sudoers.d/user1  validate='visudo -cf %s'"
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "276588c6d80f03f87e149fb9cf406f7589b12299",
    "dest": "/etc/sudoers.d/user1",
    "gid": 0,
    "group": "root",
    "md5sum": "c647cd86fe29f8aae9ced2c5e4ce4063",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:etc_t:s0",
    "size": 31,
    "src": "/home/ansible/.ansible/tmp/ansible-tmp-1662016144.5676467-8325-177579230721100/source",
    "state": "file",
    "uid": 0
}

檢查檔案格式並行送,不正確不發

https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html
更多參考檔案

user模組 管理使用者

查幫助
ansible-doc -l 列出所有模組
ansible-doc user 查user的幫助

[root@workstation maosible]#  ansible  servera -m user -a 'name=user1 uid=1100 state=present'

冪等性的緣故,所以可以重複執行命令達到想要的效果

[root@workstation maosible]#  ansible  servera -m user -a 'name=user1 uid=1100  group=ansible shell=/sbin/nologin state=present'

[root@workstation maosible]#  ansible  servera -m user -a 'name=user1 remove=yes state=absent'
連帶家目錄一起刪除

設定密碼

[root@workstation maosible]# ansible all -i localhost, -m debug -a "msg={{ 'redhat' | password_hash('sha512', 'mysecretsalt') }}"
localhost | SUCCESS => {
    "msg": "$6$mysecretsalt$GcajIATSXc4CUJ.uOMrH.oB7A7dch4KSuaNfL12kfmhFZz7hH9gcttplfRfmk4rQ.sQnZieSBxqi6xPDFBGRC0"
}

來自官方檔案的指引

[root@workstation maosible]# ansible  servera  -m user -a 'name=user1 uid=1101 state=present password="$6$mysecretsalt$GcajIATSXc4CUJ.uOMrH.oB7A7dch4KSuaNfL12kfmhFZz7hH9gcttplfRfmk4rQ.sQnZieSBxqi6xPDFBGRC0"'

 ansible localhost -m debug -a "msg={{ 'redhat' | password_hash('sha512', 'mysecretsalt') }}"
直接在ansible節點輸出就好了

一次做完

[root@workstation maosible]# ansible servera -m user -a "name=user1 uid=1101 state=present password={{ '2redhat' | password_hash('sha512', 'mysecretsalt') }}"

將密碼管道給password_hash('sha512', 'mysecretsalt') 因為裡面有變數所以 {{}}

group 模組

[root@workstation maosible]# ansible servera -m group -a 'name=it1  state=present'

[root@workstation maosible]# ansible servera  -m user -a 'name=bob group=it1 state=present'

[root@workstation maosible]# ansible servera  -m user -a 'name=bob group=it1 groups=root,ansible state=present'
name  group  groups這些引數沒有次序,想怎麼放就怎麼放
建立使用者並指定組,並新增附加組

yum 模組

可以查ansible-doc
- name: Add multiple repositories into the same file (2/2)
yum_repository:
name: rpmforge
description: RPMforge YUM repo
file: external_repos
baseurl: http://apt.sw.be/redhat/el7/en/$basearch/rpmforge
mirrorlist: http://mirrorlist.repoforge.org/el7/mirrors-rpmforge
enabled: no

[root@workstation maosible]# ansible   servera -m yum_repository -a 'baseurl=file:///mnt enabled=yes description=abc  file=abc gpgcheck=no name=dvd'

配倉庫

[root@workstation maosible]# ansible all -m  yum  -a 'name=tree state=present'

裝包

 [root@workstation maosible]# ansible all -m  yum  -a 'name="@Development tools" state=present'

裝包組

[root@workstation maosible]# ansible servera -m yum -a 'name=* state=present'  
相當於servera   yum update -y

更新

ansible命令發到被控端是不好撤回的  ctrl+c不是很有用

package模組封裝了yum與apt

service 模組

[root@workstation maosible]# ansible servera -m service -a 'name=sshd state=started enabled=yes'

systemd 模組

當 需要deamon-reload得需要systemd

cron 模組

[root@workstation maosible]# ansible  servera -m cron -a 'hour=05  user=user1 job="echo hello" name=fox'
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "envs": [],
    "jobs": [
        "fox"
    ]
}
[root@workstation maosible]# ssh root@servera
Last login: Fri Sep  2 21:14:14 2022 from 192.168.230.164
[root@servera ~]# crontab -l -u user1
#Ansible: fox
* 05 * * * echo hello
[root@servera ~]#

加name,ansible需要一個cron標識

[root@workstation maosible]# ansible  servera -m cron -a 'hour=05  user=user1 job="echo hellwwo" name=fox cron_file=/etc/cron.d/cronmqy'
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "cron_file": "/etc/cron.d/cronmqy",
    "envs": [],
    "jobs": [
        "fox"
    ]
}
[root@workstation maosible]# ansible  servera -m cron -a 'hour=05  user=root job="echo he2llwwo" name=fox cron_file=/etc/crontab'
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "cron_file": "/etc/crontab",
    "envs": [
        "SHELL",
        "PATH",
        "MAILTO"
    ],
    "jobs": [
        "fox"
    ]
}


[root@servera cron.d]# cat cronmqy 
#Ansible: fox
* 05 * * * user1 echo hellwwo
[root@servera cron.d]# cat /etc/crontab 
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed

#Ansible: fox
* 05 * * * root echo he2llwwo
[root@servera cron.d]#

這裡name必須都不一樣才好。我這裡偷懶了
這裡主要是顯示出ansible的計劃任務可以寫進檔案

cron.d下面自定義檔案很方便。名字隨便取

synchronize 同步

ansible servera -m synchronize -a 'src=/root/ansible/ dest=/tmp/data archive=no rsync_opts=-tr'
根據時間戳同步目錄
-tro o為擁有人