ansible-1 参数经常使用模块

时间 2019-11-13

标签 ansible 参数经常使用模块繁體版

原文原文链接

一、 ansible-doc

[root@zxw63 ~]# ansible-doc -s raw
- name: Executes a low-down and dirty SSH command
  raw:
      executable:            # change the shell used to execute the command. Should be an absolute path to the executable. when using privilege escalation (`become'), a default shell will be assigned if one is
                               not provided as privilege escalation requires a shell.
      free_form:             # (required) the raw module takes a free form command to run. There is no parameter actually named 'free form'; see the examples!
[root@zxw63 ~]# ansible-doc -s shell
- name: Execute commands in nodes.
  shell:
      chdir:                 # cd into this directory before running the command
      creates:               # a filename, when it already exists, this step will *not* be run.
      executable:            # change the shell used to execute the command. Should be an absolute path to the executable.
      free_form:             # (required) The shell module takes a free form command to run, as a string.  There's not an actual option named "free form".  See the examples!
      removes:               # a filename, when it does not exist, this step will *not* be run.
      stdin:                 # Set the stdin of the command directly to the specified value.
      warn:                  # if command warnings are on in ansible.cfg, do not warn about this particular line if set to no/false.
[root@zxw63 ~]# ansible-doc command
> COMMAND    (/usr/lib/python2.7/site-packages/ansible/modules/commands/command.py)

        The `command' module takes the command name followed by a list of space-delimited arguments. The given command will be executed on all selected nodes. It will
        not be processed through the shell, so variables like `$HOME' and operations like `"<"', `">"', `"|"', `";"' and `"&"' will not work (use the [shell] module if
        you need these features). For Windows targets, use the [win_command] module instead.

OPTIONS (= is mandatory):

- chdir
        Change into this directory before running the command.
        [Default: (null)]
        version_added: 0.6

- creates
        A filename or (since 2.0) glob pattern, when it already exists, this step will *not* be run.
        [Default: (null)]

= free_form
        The command module takes a free form command to run.  There is no parameter actually named 'free form'. See the examples!


- removes
        A filename or (since 2.0) glob pattern, when it does not exist, this step will *not* be run.
        [Default: (null)]
        version_added: 0.8

- stdin
        Set the stdin of the command directly to the specified value.
        [Default: None]
        version_added: 2.4

- warn
        If command_warnings are on in ansible.cfg, do not warn about this particular line if set to `no'.
        [Default: yes]
        type: bool
        version_added: 1.8


NOTES:
      * If you want to run a command through the shell (say you are using `<', `>', `|', etc), you actually want the [shell] module instead. The `command' module
        is much more secure as it's not affected by the user's environment.
      *  `creates', `removes', and `chdir' can be specified after the command. For instance, if you only want to run a command if a certain file does not exist,
        use this.
      * The `executable' parameter is removed since version 2.4. If you have a need for this parameter, use the [shell] module instead.
      * For Windows targets, use the [win_command] module instead.

AUTHOR: Ansible Core Team, Michael DeHaan
        METADATA:
          status:
          - stableinterface
          supported_by: core
        

EXAMPLES:
- name: return motd to registered var
  command: cat /etc/motd
  register: mymotd

- name: Run the command if the specified file does not exist.
  command: /usr/bin/make_database.sh arg1 arg2 creates=/path/to/database

# You can also use the 'args' form to provide the options.
- name: This command will change the working directory to somedir/ and will only run when /path/to/database doesn't exist.
  command: /usr/bin/make_database.sh arg1 arg2
  args:
    chdir: somedir/
    creates: /path/to/database

- name: safely use templated variable to run command. Always use the quote filter to avoid injection issues.
  command: cat {{ myfile|quote }}
  register: myoutput

二、shell、raw、shell、script

使用模块 command或者shell或者raw都能调用对象机器上的某条指令或者某个可执行文node

command模块，执行远程命令
script模块，在远程主机执行主控端的shell/python脚本
shell模块，执行远程主机的shell/python脚本
raw模块，相似于command模块、支持管道传递

　　一、直接运行脚本

[root@zxw63 ~]# ansible webservers -m raw -a "/tmp/test.sh"
192.168.100.66 | SUCCESS | rc=0 >>
this is test shell-script
Shared connection to 192.168.100.66 closed.


192.168.100.128 | SUCCESS | rc=0 >>
this is test shell-script
Shared connection to 192.168.100.128 closed.


[root@zxw63 ~]# ansible webservers -m shell -a "/tmp/test.sh"
192.168.100.66 | SUCCESS | rc=0 >>
this is test shell-script

192.168.100.128 | SUCCESS | rc=0 >>
this is test shell-script

[root@zxw63 ~]# ansible webservers -m command -a "/tmp/test.sh"
192.168.100.66 | FAILED | rc=8 >>
[Errno 8] Exec format error

192.168.100.128 | FAILED | rc=8 >>
[Errno 8] 可执行文件格式错误

[root@zxw63 ~]# ansible webservers -m command -a "sh /tmp/test.sh"
192.168.100.66 | SUCCESS | rc=0 >>
this is test shell-script

192.168.100.128 | SUCCESS | rc=0 >>
this is test shell-script

　　二、是否支持管道

　　shell、raw支持管道
　　command支持管道

[root@zxw63 ~]# ansible webservers -m shell -a "ls -ltr /etc | wc -l"
192.168.100.128 | SUCCESS | rc=0 >>
217

192.168.100.66 | SUCCESS | rc=0 >>
218

[root@zxw63 ~]# ansible webservers -m raw -a "ls -ltr /etc | wc -l"
192.168.100.66 | SUCCESS | rc=0 >>
218
Shared connection to 192.168.100.66 closed.


192.168.100.128 | SUCCESS | rc=0 >>
217
Shared connection to 192.168.100.128 closed.


[root@zxw63 ~]# ansible webservers -m command -a "ls -ltr /etc | wc -l"
192.168.100.66 | FAILED | rc=2 >>
/etc:
total 1820
-rw-r--r--.  1 root root    662 Aug 29  2007 logrotate.conf
-rw-r--r--.  1 root root    220 Oct 13  2008 quotagrpadmins
-rw-r--r--.  1 root root    148 May 14  2009 asound.conf

　　三、command不支持通配符

[root@zxw63 ~]# ansible webservers -m shell -a "ls -ltr /tmp/*.sh"
192.168.100.66 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 root root 33 Jul 12 02:14 /tmp/test.sh

192.168.100.128 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 root root 33 7月  12 02:14 /tmp/test.sh

[root@zxw63 ~]# ansible webservers -m raw -a "ls -ltr /tmp/*.sh"
192.168.100.66 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 root root 33 Jul 12 02:14 /tmp/test.sh
Shared connection to 192.168.100.66 closed.


192.168.100.128 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 root root 33 7月  12 02:14 /tmp/test.sh
Shared connection to 192.168.100.128 closed.

　　四、script模块实现了将主控节点的脚本复制到远程节点，而后在远程节点执行脚本python

[root@zxw63 ~]# ansible webservers -m command -a 'ls -ltr  /tmp/test.sh'
192.168.100.66 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 root root 33 Jul 12 02:14 /tmp/test.sh

192.168.100.128 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 root root 33 7月  12 02:14 /tmp/test.sh

[root@zxw63 ~]# ansible webservers -m command -a 'ls -ltr  /root/test.sh'
192.168.100.66 | FAILED | rc=2 >>
ls: cannot access /root/test.sh: No such file or directorynon-zero return code

192.168.100.128 | FAILED | rc=2 >>
ls: 没法访问/root/test.sh: 没有那个文件或目录non-zero return code


[root@zxw63 ~]# ansible webservers -m script -a '/root/test.sh'
192.168.100.66 | SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.100.66 closed.\r\n", 
    "stdout": "this is test shell-script\r\n", 
    "stdout_lines": [
        "this is test shell-script"
    ]
}
192.168.100.128 | SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.100.128 closed.\r\n", 
    "stdout": "this is test shell-script\r\n", 
    "stdout_lines": [
        "this is test shell-script"
    ]
}

三、copy

使用copy模块，能够实现向目标机器进行远程copy的能力。web

参数说明shell

src 被复制到远程主机的本地对象文件或者文件夹，能够是绝对路径，也能够是相对路径。
dest 被复制到远程主机的本地对象文件或者文件夹
mode 复制对象的设定权限
backup 在文件存在的时候能够选择覆盖以前，将源文件备份.设定值：yes/no 缺省为yes
force 是否强制覆盖.设定值：yes/no 缺省为yes

default的状况下，force是yes的，因此什么都不写，文件存在的状况是会被覆盖的 bash

[root@zxw63 try]# ansible webservers -m copy -a "src=/root/try/copyFile.txt dest=/tmp mode=744 backup=no force=yes"
192.168.100.66 | SUCCESS => {
    "changed": true, 
    "checksum": "6cc815c3530217381d3e5f24ba5c3c03f51daf24", 
    "dest": "/tmp/copyFile.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "e90687bdaf32d8ebab3b266f36ba5f5a", 
    "mode": "0744", 
    "owner": "root", 
    "secontext": "system_u:object_r:admin_home_t:s0", 
    "size": 15, 
    "src": "/root/.ansible/tmp/ansible-tmp-1563420953.31-119685260559482/source", 
    "state": "file", 
    "uid": 0
}
192.168.100.128 | SUCCESS => {
    "changed": true, 
    "checksum": "6cc815c3530217381d3e5f24ba5c3c03f51daf24", 
    "dest": "/tmp/copyFile.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "e90687bdaf32d8ebab3b266f36ba5f5a", 
    "mode": "0744", 
    "owner": "root", 
    "secontext": "unconfined_u:object_r:admin_home_t:s0", 
    "size": 15, 
    "src": "/root/.ansible/tmp/ansible-tmp-1563420953.31-281173963286018/source", 
    "state": "file", 
    "uid": 0
}

四、setup

不加参数，打印出全部的系统参数app

ansible webservers -m setup

setup经常使用参数:fileterless

[root@zxw63 try]# ansible webservers -m setup -a "filter=ansible_env"
192.168.100.66 | SUCCESS => {
    "ansible_facts": {
        "ansible_env": {
            "G_BROKEN_FILENAMES": "1", 
            "HOME": "/root", 
            "LANG": "en_US.UTF-8", 
            "LESSOPEN": "|/usr/bin/lesspipe.sh %s", 
            "LOGNAME": "root", 
            "MAIL": "/var/mail/root", 
            "PATH": "/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/ssh8/bin", 
            "PWD": "/root", 
            "SHELL": "/bin/bash", 
            "SHLVL": "2", 
            "SSH_ASKPASS": "/usr/libexec/openssh/gnome-ssh-askpass", 
            "SSH_CLIENT": "192.168.100.132 52130 22", 
            "SSH_CONNECTION": "192.168.100.132 52130 192.168.100.66 22", 
            "SSH_TTY": "/dev/pts/1", 
            "TERM": "xterm-256color", 
            "USER": "root", 
            "_": "/usr/bin/python"
        }
    }, 
    "changed": false
}
192.168.100.128 | SUCCESS => {
    "ansible_facts": {
        "ansible_env": {
            "G_BROKEN_FILENAMES": "1", 
            "HOME": "/root", 
            "LANG": "zh_CN.UTF-8", 
            "LESSOPEN": "|/usr/bin/lesspipe.sh %s", 
            "LOGNAME": "root", 
            "MAIL": "/var/mail/root", 
            "PATH": "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 
            "PWD": "/root", 
            "SELINUX_LEVEL_REQUESTED": "", 
            "SELINUX_ROLE_REQUESTED": "", 
            "SELINUX_USE_CURRENT_RANGE": "", 
            "SHELL": "/bin/bash", 
            "SHLVL": "2", 
            "SSH_ASKPASS": "/usr/libexec/openssh/gnome-ssh-askpass", 
            "SSH_CLIENT": "192.168.100.132 58094 22", 
            "SSH_CONNECTION": "192.168.100.132 58094 192.168.100.128 22", 
            "SSH_TTY": "/dev/pts/1", 
            "TERM": "xterm-256color", 
            "USER": "root", 
            "_": "/usr/bin/python"
        }
    }, 
    "changed": false
}

五、user/group模块

　　user模块ssh

[root@zxw63 ansible]# ansible db -m command -a "id test01"
db2 | FAILED | rc=1 >>
id: test01：无此用户non-zero return code

db1 | FAILED | rc=1 >>
id: test01: No such usernon-zero return code

[root@zxw63 ansible]# ansible db -m user  -a "name=test01 group=root"
db2 | SUCCESS => {
    "changed": true, 
    "comment": "", 
    "createhome": true, 
    "group": 0, 
    "home": "/home/test01", 
    "name": "test01", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 501
}
db1 | SUCCESS => {
    "changed": true, 
    "comment": "", 
    "createhome": true, 
    "group": 0, 
    "home": "/home/test01", 
    "name": "test01", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 501
}
[root@zxw63 ansible]# ansible db -m command -a "id test01"
db2 | SUCCESS | rc=0 >>
uid=501(test01) gid=0(root) 组=0(root)

db1 | SUCCESS | rc=0 >>
uid=501(test01) gid=0(root) groups=0(root)

[root@zxw63 ansible]# ansible db -m user  -a "name=test01 remove=yes"
db2 | SUCCESS => {
    "append": false, 
    "changed": false, 
    "comment": "", 
    "group": 0, 
    "home": "/home/test01", 
    "move_home": false, 
    "name": "test01", 
    "shell": "/bin/bash", 
    "state": "present", 
    "uid": 501
}
db1 | SUCCESS => {
    "append": false, 
    "changed": false, 
    "comment": "", 
    "group": 0, 
    "home": "/home/test01", 
    "move_home": false, 
    "name": "test01", 
    "shell": "/bin/bash", 
    "state": "present", 
    "uid": 501
}
[root@zxw63 ansible]# ansible db -m command -a "id test01"
db2 | SUCCESS | rc=0 >>
uid=501(test01) gid=0(root) 组=0(root)

db1 | SUCCESS | rc=0 >>
uid=501(test01) gid=0(root) groups=0(root)

[root@zxw63 ansible]# ansible db -m user  -a "name=test01 state=absent remove=yes"
db2 | SUCCESS => {
    "changed": true, 
    "force": false, 
    "name": "test01", 
    "remove": true, 
    "state": "absent"
}
db1 | SUCCESS => {
    "changed": true, 
    "force": false, 
    "name": "test01", 
    "remove": true, 
    "state": "absent"
}
[root@zxw63 ansible]# ansible db -m command -a "id test01"
db2 | FAILED | rc=1 >>
id: test01：无此用户non-zero return code

db1 | FAILED | rc=1 >>
id: test01: No such usernon-zero return code

　　　无参数state=absent时，用户没有真正的删除。ide

　　group模块ui

[root@zxw63 ansible]# ansible db -m group  -a "name=testgrp01"
db2 | SUCCESS => {
    "changed": true, 
    "gid": 501, 
    "name": "testgrp01", 
    "state": "present", 
    "system": false
}
db1 | SUCCESS => {
    "changed": true, 
    "gid": 501, 
    "name": "testgrp01", 
    "state": "present", 
    "system": false
}
[root@zxw63 ansible]# ansible db -m shell -a "cat /etc/group | grep testgrp01"
db2 | SUCCESS | rc=0 >>
testgrp01:x:501:

db1 | SUCCESS | rc=0 >>
testgrp01:x:501:

[root@zxw63 ansible]# ansible db -m group  -a "name=testgrp01 state=absent"
db2 | SUCCESS => {
    "changed": true, 
    "name": "testgrp01", 
    "state": "absent"
}
db1 | SUCCESS => {
    "changed": true, 
    "name": "testgrp01", 
    "state": "absent"
}
[root@zxw63 ansible]# ansible db -m shell -a "cat /etc/group | grep testgrp01 "
db2 | FAILED | rc=1 >>
non-zero return code

db1 | FAILED | rc=1 >>
non-zero return code

六、yum模块

使用yum包管理器来管理软件包，其选项有：
　　name：要进行操做的软件包的名字，也能够传递一个url或者一个本地的rpm包的路径
　　state：状态（present-已安装，absent-未安装（卸载），latest-最新的）

　　安装vsftpd

ansible db -m yum -a "name=vsftpd state=present"

vsfpd卸载

卸载有absent和removed两种方式

一、state=absent

ansible db -m yum -a "name=vsftpd state=absent"

二、state=removed

ansible db -m yum -a "name=vsftpd state=removed"

七、service模块

service模块用于管理服务
　　enabled：是否开机启动 yes|no
　　name：必选项，服务名称
　　state：对当前服务执行启动，中止、重启、从新加载等操做（started,stopped,restarted,reloaded）

#启动服务
ansible db -m service -a "name=vsftpd state=started"

#中止服务
ansible db -m service -a "name=vsftpd state=stopped"

#重起服务
ansible db -m service -a "name=vsftpd state=restarted"

#重载服务
ansible db -m service -a "name=vsftpd state=reloaded"

八、cron模块

cron模块用于管理计划任务
backup：对远程主机上的原任务计划内容修改以前作备份
cron_file：若是指定该选项，则用该文件替换远程主机上的cron.d目录下的用户的任务计划
day：日（1-31，，/2,……）
hour：小时（0-23，，/2，……）
minute：分钟（0-59，，/2，……）
month：月（1-12，，/2，……）
weekday：周（0-7，*，……）
job：要执行的任务，依赖于state=present
name：该任务的描述
special_time：指定何时执行，参数：reboot,yearly,annually,monthly,weekly,daily,hourly
state：确认该任务计划是建立仍是删除
user：以哪一个用户的身份执行

能够参看：https://blog.csdn.net/dylloveyou/article/details/80875132

任务添加

ansible db -m cron -a "name='check dirs' hour='5,2' job='ls -alh > /dev/null'"

任务删除

ansible db -m cron -a "name='check dirs' hour='5,2' state=absent"