Ansible模块

最新推荐文章于 2024-08-21 20:25:15 发布

原创最新推荐文章于 2024-08-21 20:25:15 发布 · 256 阅读

1 ·

CC 4.0 BY-SA版权

文章标签：

#linux

本文详细介绍了Ansible的常用模块，包括ping、command、raw、shell、script、template、yum、copy、group、user、service、lineinfile和firewalld等。每个模块的功能、参数及适用场景进行了说明，例如shell模块适用于执行shell命令，而command模块不支持bash环境变量，firewalld模块则用于管理防火墙规则。

Ansible常用模块

Ansible常用模块详情

Ansible常用模块

模块类别	模块
文件模块	copy：将本地文件复制到受管主机 file：设置文件的权限和其他属性 lineinfile：确保特定行是否在文件中 synchronize：使用rsync同步内容
软件包模块	package：使用操作系统本地的自动检测软件包管理器管理软件包 yum：使用yum管理软件包 apt：使用apt管理软件包 dnf：使用dnf管理软件包 gem：管理Ruby gem pip：从PyPI管理Python软件包
系统模块	firewalld：使用firewalld管理防火墙 reboot：重启计算机 service：管理服务 user：添加、删除和管理用户账户
Net Tools模块	get_url：通过HTTP、HTTPS或FTP下载文件 nmcli：管理网络 uri：与Web服务交互

大部分模块会取用参数。可在模块的文档中找到可用于该模块的参数列表。临时命令可以通过-a选项向模块传递参数。无需参数时，可从临时命令中省略-a选项。如果需要指定多个参数，请以引号括起的空格分隔列表形式提供.

大多数模块为idempotent，这表示它们可以安全地多次运行；如果系统已处于正确的状态，它们不会进行任何操作.

Ansible常用模块raw 、command、shell的区别：

shell模块调用的/bin/sh指令执行
command模块不是调用shell的指令，所以没有bash的环境变量
raw很多地方和shell类似，更多的地方建议使用shell和command模块。但是如果是使用老版本python，需要用到raw，又或者是客户端是路由器，因为没有安装python模块，那就需要使用raw模块了

ping模块

ping模块用于检查指定节点机器是否连通，用法很简单，不涉及参数，主机如果在线，则回复pong

[root@client ansible]# ansible all -m ping
192.168.8.128 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

command模块

command模块用于在远程主机上执行命令，ansible默认就是使用command模块。

command模块有一个缺陷就是不能使用管道符和重定向功能。

[root@client ansible]# ansible all -a 'touch ABC '  #在受控主机上创建一个ABC文本
[WARNING]: Consider using the file module with state=touch rather than running 'touch'.  If
you need to use command because file is insufficient you can add 'warn: false' to this
command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.8.128 | CHANGED | rc=0 >>

[root@server ~]# ls
ABC 

[root@client ansible]# ansible all -a 'ls /tmp ' #查看tmp下的文件
192.168.8.128 | CHANGED | rc=0 >>
ansible_command_payload_bxsqD7
systemd-private-0abda06828bb4579896592d2e11303f2-chronyd.service-ldz1vF
systemd-private-160925912258467f8c047cf4d957683c-chronyd.service-I5E0AH
systemd-private-4ca9094627204f61a8dd097f19fe0dc6-chronyd.service-5Wmoa4
systemd-private-6655dc7e05e841e498e3765c0fc090e5-chronyd.service-hAcWlb
systemd-private-68ccb21190d048e2a95da866d8a61de4-chronyd.service-WikD43
systemd-private-74ee60f5aab04988ac6520aadade4c91-chronyd.service-gXyLOr
systemd-private-879534aa1cb9447f83329fb95a7f2dfb-chronyd.service-O4eqFs
systemd-private-a1cae32ba9d1405bbc05095f856c5228-chronyd.service-z6qvrc
systemd-private-cbc17a6a68ef4a26979cd2c884de7210-chronyd.service-raG4xX
systemd-private-d5022c141ed241b9ab0bb376b8fe07fb-chronyd.service-Qe7seW
systemd-private-df5c9a525c1446399ba9978ed290b7ca-chronyd.service-k9mYfm
systemd-private-ee8bb682721047a98a892d74bb1a44a1-chronyd.service-ojrRaK
systemd-private-f316a1884e6f451a8773d805ab044fac-chronyd.service-mJtwHR
systemd-private-f6f86a0176e740dd87d0c974d633d5d4-chronyd.service-Mla1in
systemd-private-f8217ff86f384241b3f3d1189d769644-chronyd.service-6FJ45s
vmware-root

//command模块不支持管道符和重定向
[root@client ansible]# ansible all -a 'echo "hello" > /ABC'
192.168.8.128 | CHANGED | rc=0 >>
hello > ABC
[root@client ansible]# ansible all -a 'cat ABC'
192.168.8.128 | CHANGED | rc=0 >>

[root@client ansible]# ansible all -a 'ps -ef |grep vsftpd'
192.168.8.128 | FAILED | rc=1 >>
error: garbage option

Usage:
 ps [options]

 Try 'ps --help <simple|list|output|threads|misc|all>'
  or 'ps --help <s|l|o|t|m|a>'
 for additional help text.

For more details see ps(1).non-zero return code

raw模块

raw模块用于在远程主机上执行命令，其支持管道符与重定向

[root@client ansible]# ansible all -m raw -a " echo 'hello' > ABC"
192.168.8.128 | CHANGED | rc=0 >>
Shared connection to 192.168.8.128 closed.

[root@client ansible]# ansible all -m raw -a " cat ABC"
192.168.8.128 | CHANGED | rc=0 >>
hello
Shared connection to 192.168.8.128 closed.

[root@client ansible]# ansible all -m raw -a 'ps -ef |grep vsftpd'
192.168.8.128 | CHANGED | rc=0 >>
root       2054   1832  0 19:27 pts/1    00:00:00 bash -c ps -ef |grep vsftpd
root       2066   2054  0 19:27 pts/1    00:00:00 grep vsftpd
Shared connection to 192.168.8.128 closed.

shell模块

shell模块用于在受控机上执行受控机上的脚本，亦可直接在受控机上执行命令。
shell模块亦支持管道与重定向

[root@client ansible]# ansible all -m shell -a "/bin/bash /root/test.sh &> /root/abcd"
192.168.8.128 | CHANGED | rc=0 >>

[root@client ansible]# ansible all -a " cat abcd"
192.168.8.128 | CHANGED | rc=0 >>
hello

script模块

script模块用于在受控主机上执行主控机上的脚本

[root@client ansible]# ansible all -m script -a "/root/test.sh"
192.168.8.128 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 192.168.8.128 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 192.168.8.128 closed."
    ],
    "stdout": "",
    "stdout_lines": []
}
[root@client ansible]# ansible all  -a "cat /opt/haha"
192.168.8.128 | CHANGED | rc=0 >>
123456

template模块

template模块用于生成一个模块，并可将其传输至远程主机上

[root@client ansible]# ansible all -m template -a "src=/root/initial-setup-ks.cfg dest=/tmp/haha"
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "checksum": "0d7d1ff527132176c754e8a84aec3d061783413b",
    "dest": "/tmp/haha",
    "gid": 0,
    "group": "root",
    "md5sum": "78f5c37421f7295fb49440878e7fe0f4",
    "mode": "0644",
    "owner": "root",
    "secontext": "unconfined_u:object_r:admin_home_t:s0",
    "size": 1375,
    "src": "/root/.ansible/tmp/ansible-tmp-1626487935.4883926-2838-233091174119543/source",
    "state": "file",
    "uid": 0
}
[root@client ansible]# ansible all -a "head -3 /tmp/haha"
192.168.8.128 | CHANGED | rc=0 >>
#version=RHEL8
# X Window System configuration information
xconfig  --startxonboot

yum模块

yum模块用于指定节点机器上通过yum管理软件，其支持的参数主要有两个

name：要管理的包名
state：要进行的操作

state常用的值

latest：安装软件
installed：安装软件
present：安装软件
removed：卸载软件
absent：卸载软件

[root@server ~]# rpm -qa | grep vsftpd		#查看受控主机上是否安装vsftpd
[root@server ~]#

#使用yum模块安装vsftpd
[root@client ansible]# ansible all -m yum -a "name=vsftpd state=present"  
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "changes": {
        "installed": [
            "vsftpd"
        ]
    },
    "msg": "",
    "rc": 0,
    "results": [

[root@server ~]# rpm -qa | grep vsftpd
vsftpd-3.0.2-29.el7_9.x86_64

copy模块

copy模块用于复制文件至远程受控机

[root@client ansible]# ansible all -m copy -a "src=/etc/ansible/inventory dest=/tmp/boot"
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "checksum": "0b08e3f08b32f42bf7f61432bf7d47efb27addc6",
    "dest": "/tmp/boot",
    "gid": 0,
    "group": "root",
    "md5sum": "a1e63f50f9a027bf563f23d578254b86",
    "mode": "0644",
    "owner": "root",
    "secontext": "unconfined_u:object_r:admin_home_t:s0",
    "size": 27,
    "src": "/root/.ansible/tmp/ansible-tmp-1626488593.2474375-3005-208879250756978/source",
    "state": "file",
    "uid": 0
}
[root@client ansible]# ansible all -a " ls /tmp"
192.168.8.128 | CHANGED | rc=0 >>
ansible_command_payload_gkkJ3w
boot

group模块

group模块用于在受控机上添加或删除组。

#在受控主机上添加一个系统组 
[root@client ansible]# ansible all -m group -a "name=jake gid=1030 state=present"
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "gid": 1030,
    "name": "jake",
    "state": "present",
    "system": false
}
[root@client ansible]# ansible all -m shell -a "grep jake /etc/group"
192.168.8.128 | CHANGED | rc=0 >>
jake:x:1030:

#删除受控主机上的jake组
[root@client ansible]# ansible all -m group -a "name=jake state=absent "
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "name": "jake",
    "state": "absent"
}
[root@client ansible]# ansible all -m shell -a "grep jake /etc/group"
192.168.8.128 | FAILED | rc=1 >>
non-zero return code

user模块

user模块用于管理受控机的用户账号

#在受控机上添加一个系统用户
[root@client ansible]# ansible all -m user -a "name=mike system=yes create_home=no shell=/sbin/nologin state=present"
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "comment": "",
    "create_home": false,
    "group": 995,
    "home": "/home/mike",
    "name": "mike",
    "shell": "/sbin/nologin",
    "state": "present",
    "system": true,
    "uid": 997
}

[root@client ansible]# ansible all -m shell -a "grep mike /etc/passwd"
192.168.8.128 | CHANGED | rc=0 >>
mike:x:997:995::/home/mike:/sbin/nologin

[root@client ansible]# ansible all -m shell -a "ls /home"
192.168.8.128 | CHANGED | rc=0 >>
tom

#修改mike用户uid为995
[root@client ansible]# ansible all -m user -a "name=mike uid=995"
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "append": false,
    "changed": true,
    "comment": "",
    "group": 995,
    "home": "/home/mike",
    "move_home": false,
    "name": "mike",
    "shell": "/sbin/nologin",
    "state": "present",
    "uid": 995
}

#删除mike用户
[root@client ansible]# ansible all -m user -a "name=mike state=absent"
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "force": false,
    "name": "mike",
    "remove": false,
    "state": "absent"
}
[root@client ansible]# ansible all -m shell -a "grep mike /etc/passwd"
192.168.8.128 | FAILED | rc=1 >>
non-zero return code

service模块

service模块用于管理受控主机上的服务

#查看受控机上的vsfptd服务是否自启
[root@client ansible]# ansible all -m shell -a "systemctl is-active vsftpd"
192.168.8.128 | FAILED | rc=3 >>
unknownnon-zero return code

#启动受控机上的vsfptd服务
[root@client ansible]# ansible all -m service -a " name=vsftpd state=started"
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "name": "vsftpd",
    "state": "started",

#查看受控机上的vsftpd服务是否启动
[root@client ansible]# ansible all -m shell -a "systemctl is-active vsftpd"
192.168.8.128 | CHANGED | rc=0 >>
active

#查看受控机上的vsftpd服务是否开机自动启动
[root@client ansible]# ansible all -m shell -a "systemctl is-enabled vsftpd"
192.168.8.128 | FAILED | rc=1 >>
disablednon-zero return code
#设置受控机上的vsftpd服务开机自动启动
[root@client ansible]# ansible all -m service -a " name=vsftpd enabled=yes"
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "enabled": true,
    "name": "vsftpd",

#查看受控机上的vsftpd服务是否开机自动启动
[root@client ansible]# ansible all -m shell -a "systemctl is-enabled vsftpd"
192.168.8.128 | CHANGED | rc=0 >>
enabled

#停止受控机上的vsftpd服务
[root@client ansible]# ansible all -m service -a "name=vsftpd state=stopped"
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "name": "vsftpd",
    "state": "stopped"
[root@client ansible]# ansible all -m shell -a "systemctl is-active vsftpd"
192.168.8.128 | FAILED | rc=3 >>
inactivenon-zero return code

lineinfile模块

lineinfile模块用于确定特定行是否在存在

# regexp：过滤指定内容
[root@client ansible]# ansible all -m lineinfile -a "path=/etc/selinux/config regexp='^SELINUX=' line='SELINUX=disabled'"	
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "backup": "",
    "changed": true,
    "msg": "line replaced"
}
[root@client ansible]# ansible all -m shell -a "cat /etc/selinux/config"
192.168.8.128 | CHANGED | rc=0 >>

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled

// 不带regexp时，在文件尾添加内容
[root@client ansible]# ansible all -m lineinfile -a "path=/etc/selinux/config  line=SELINUX=enforcing"
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "backup": "",
    "changed": true,
    "msg": "line added"
}
[root@client ansible]# ansible all -m shell -a "cat /etc/selinux/config"
192.168.8.128 | CHANGED | rc=0 >>

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

SELINUX=enforcing

#删除内容
[root@client ansible]# ansible all -m lineinfile -a "path=/opt/haha state=absent regexp='xixi'"
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "backup": "",
    "changed": true,
    "found": 2,
    "msg": "2 line(s) removed"
}

[root@server opt]# cat haha 
123456
xxx

#insertafter 插入内容
[root@client ansible]# ansible all -m lineinfile -a "path=/opt/haha insertafter='123456' line='runtime'"
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "backup": "",
    "changed": true,
    "msg": "line added"
}
[root@client ansible]# ansible all -m shell -a 'cat /opt/haha'
192.168.8.128 | CHANGED | rc=0 >>
123456
runtime
xxx

lineinfile其他用法参考 https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html

firewalld模块

firewalld模块用于管理防火墙规则

[root@client ansible]# ansible all -m firewalld -a "service=ftp permanent=yes state=enabled immediate=yes zone=public"
192.168.8.128 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "msg": "Permanent and Non-Permanent(immediate) operation"
}
[root@server ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: ssh dhcpv6-client ftp
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
  
[root@client ansible]# ansible all -m firewalld -a 'rich_rule="rule family=ipv4 source address=0.0.0.0/0 service name=ftp accept" permanent=yes state=enabled immediate=yes'
192.168.8.128 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "msg": "Permanent and Non-Permanent(immediate) operation, Changed rich_rule rule family=ipv4 source address=0.0.0.0/0 service name=ftp accept to enabled"
}

[root@server ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: ssh dhcpv6-client ftp
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
	rule family="ipv4" source address="0.0.0.0/0" service name="ftp" accept