Ansible基本模块使用 - SRE回忆录

共计 5053 个字符，预计需要花费 13 分钟才能阅读完成。

使用ad-hoc方式记录下一些基础模块使用

命令模块

command

注意：Ad-hoc默认使用该模块command(不支持管道重定向等符号)

 [root@manager ~]# ansible nfs -m command -a 'w'
nfs01 | CHANGED | rc=0 >>
 02:51:03 up  2:22,  2 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    10.0.0.1         00:29    2:00m  0.21s  0.21s -bash
root     pts/1    172.16.1.61      02:51    0.00s  0.12s  0.00s w

shell

注意：比command高级，可支持管道重定向等符号，但遇到$会被解析

 [root@manager ~]# ansible nfs -m shell -a "hostname -I | awk '{print $1}'"
nfs01 | CHANGED | rc=0 >>
10.0.0.31 172.16.1.31 192.168.154.155 
 
[root@manager ~]# ansible nfs -m shell -a "hostname -I | awk '{print \$1}'"
nfs01 | CHANGED | rc=0 >>
10.0.0.31

用户和组模块

user

创建不可登录用户

 [root@manager ~]# ansible nfs -m user -a "name=aaa uid=888 group=www append=yes create_home=no shell=/sbin/nologin"
nfs01 | CHANGED => {
    "changed": true, 
    "comment": "", 
    "create_home": false, 
    "group": 666, 
    "home": "/home/aaa", 
    "name": "aaa", 
    "shell": "/sbin/nologin", 
    "state": "present", 
    "system": false, 
    "uid": 888
}

创建可登录用户

 [root@manager ~]# ansible nfs -m user -a "name=bbb create_home=yes shell=/bin/sh" 
nfs01 | CHANGED => {
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1001, 
    "home": "/home/bbb", 
    "name": "bbb", 
    "shell": "/bin/sh", 
    "state": "present", 
    "system": false, 
    "uid": 1001
}

生成用户密码

 # 生成密码
[root@manager ~]#  ansible all  -i localhost, -m debug -a "msg={{ 'mypassword' | password_hash('sha512', 'mysecretsalt') }}"
localhost | SUCCESS => {
    "msg": "$6$mysecretsalt$qJbapG68nyRab3gxvKWPUcs2g3t0oMHSHMnSKecYNpSi3CuZm.GbBqXO8BE6EI6P1JUefhA0qvD7b5LSh./PU1"
}

设置用户密码

 #修改用户密码
[root@manager ~]# ansible nfs -m user -a 'name=bbb password=$6$mysercretsalt$qF7c7b4aO14EVnPghilcTrsA8tDwGM54aeIDs1ljo3B1yPHDPQKhGddHoPTe.YARL.RBsrmSzgqR3LxgSfuCs0'
nfs01 | CHANGED => {
    "append": false, 
    "changed": true, 
    "comment": "", 
    "group": 1001, 
    "home": "/home/bbb", 
    "move_home": false, 
    "name": "bbb", 
    "password": "NOT_LOGGING_PASSWORD", 
    "shell": "/bin/sh", 
    "state": "present", 
    "uid": 1001
}

group

创建用户组

 [root@manager ~]# ansible nfs -m group -a 'name=hhh state=present'
nfs01 | CHANGED => {
    "changed": true, 
    "gid": 1002, 
    "name": "hhh", 
    "state": "present", 
    "system": false
}

删除用户组

 [root@manager ~]# ansible nfs -m group -a 'name=hhh state=absent'
nfs01 | CHANGED => {
    "changed": true, 
    "name": "hhh", 
    "state": "absent"
}

文件操作模块

file

创建文件

 [root@manager ~]# ansible nfs -m file -a 'path=/tmp/test state=touch owner=root group=root mode=600'
nfs01 | CHANGED => {
    "changed": true, 
    "dest": "/tmp/test", 
    "gid": 0, 
    "group": "root", 
    "mode": "0600", 
    "owner": "root", 
    "size": 0, 
    "state": "file", 
    "uid": 0
}

创建目录

 [root@manager ~]# ansible nfs -m file -a 'path=/tmp/mydir state=directory owner=root group=root mode=755'
nfs01 | CHANGED => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0755", 
    "owner": "root", 
    "path": "/tmp/mydir", 
    "size": 6, 
    "state": "directory", 
    "uid": 0
}

copy

复制主控端文件到客户端节点上

 [root@manager ~]# ansible nfs -m copy -a 'src=/etc/hosts dest=/tmp owner=root group=root mode=600'
nfs01 | CHANGED => {
    "changed": true, 
    "checksum": "bc221e76ab69607d5f5c3153cbd0f2b277b6093a", 
    "dest": "/tmp/hosts", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "bc61c74b4cd4253907a6e142b40bc65b", 
    "mode": "0600", 
    "owner": "root", 
    "size": 347, 
    "src": "/root/.ansible/tmp/ansible-tmp-1545162295.34-119407730773856/source", 
    "state": "file", 
    "uid": 0
}

content

在客户端节点创建文件并生成指定内容

 [root@manager ~]# ansible nfs -m copy -a 'content=hello dest=/tmp/gg mode=600 owner=root group=root'
nfs01 | CHANGED => {
    "changed": true, 
    "checksum": "aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d", 
    "dest": "/tmp/gg", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "5d41402abc4b2a76b9719d911017c592", 
    "mode": "0600", 
    "owner": "root", 
    "size": 5, 
    "src": "/root/.ansible/tmp/ansible-tmp-1545162706.77-72798555539608/source", 
    "state": "file", 
    "uid": 0
}

服务操作模块

service&systemd

开启服务

 # centos 6.x
[root@manager ~]# ansible nfs -m service -a 'name=nfs-server state=started'
 
# centos 7.x
[root@manager ~]# ansible nfs -m systemd -a 'name=nfs-server state=started'

停止服务

 # centos 6.x
[root@manager ~]# ansible nfs -m service -a 'name=nfs-server state=stoped'
 
# centos 7.x
[root@manager ~]# ansible nfs -m systemd -a 'name=nfs-server state=stoped'

重启服务

 # centos 6.x
[root@manager ~]# ansible nfs -m service -a 'name=nfs-server state=restarted'
 
# centos 7.x
[root@manager ~]# ansible nfs -m systemd -a 'name=nfs-server state=restarted'

systemd服务配置reload

 # centos 7.x
[root@manager ~]# ansible nfs -m systemd -a 'name=crond state=restarted daemon_reload=yes'
 
[root@manager ~]# ansible nfs -m systemd -a 'daemon_reload=yes'

mount

 [root@manager ~]# ansible web -m mount -a "src=172.16.1.31:/data path=/data fstype=nfs opts=defaults state=present"
[root@manager ~]# ansible web -m mount -a "src=172.16.1.31:/data path=/data fstype=nfs opts=defaults state=mounted"
[root@manager ~]# ansible web -m mount -a "src=172.16.1.31:/data path=/data fstype=nfs opts=defaults state=unmounted"
[root@manager ~]# ansible web -m mount -a "src=172.16.1.31:/data path=/data fstype=nfs opts=defaults state=absent"

cron

注意：创建定时同步时间任务，名字必须指定，ansible是根据名字来处理定时任务的增删改的

创建定时任务

 [root@manager ~]# ansible nfs -m cron -a 'name="sync time" minute=00 hour=00 weekday=1 job="ntpdate ntp.api.bz &>/dev/null" state=present'
nfs01 | CHANGED => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "sync time"
    ]
}
 
# 在客户端节点上查看
[root@nfs ~]# crontab -l
#Ansible: sync time
00 00 * * 1 ntpdate ntp.api.bz &>/dev/null

删除定时任务

 [root@manager ~]# ansible nfs -m cron -a 'name="sync time" state=absent'
nfs01 | CHANGED => {
    "changed": true, 
    "envs": [], 
    "jobs": []
}

yum

 [root@manager ~]# ansible nfs -m yum -a 'name=nfs-utils state=installed'
nfs01 | SUCCESS => {
    "ansible_facts": {
        "pkg_mgr": "yum"
    }, 
    "changed": false, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "1:nfs-utils-1.3.0-0.61.el7.x86_64 providing nfs-utils is already installed"
    ]
}

	[root@manager ~]# ansible nfs -m command -a 'w'
	nfs01 \| CHANGED \| rc=0 >>
	02:51:03 up 2:22, 2 users, load average: 0.00, 0.01, 0.05
	USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
	root pts/0 10.0.0.1 00:29 2:00m 0.21s 0.21s -bash
	root pts/1 172.16.1.61 02:51 0.00s 0.12s 0.00s w

	[root@manager ~]# ansible nfs -m shell -a "hostname -I \| awk '{print $1}'"
	nfs01 \| CHANGED \| rc=0 >>
	10.0.0.31 172.16.1.31 192.168.154.155

	[root@manager ~]# ansible nfs -m shell -a "hostname -I \| awk '{print \$1}'"
	nfs01 \| CHANGED \| rc=0 >>
	10.0.0.31

	[root@manager ~]# ansible nfs -m user -a "name=aaa uid=888 group=www append=yes create_home=no shell=/sbin/nologin"
	nfs01 \| CHANGED => {
	"changed": true,
	"comment": "",
	"create_home": false,
	"group": 666,
	"home": "/home/aaa",
	"name": "aaa",
	"shell": "/sbin/nologin",
	"state": "present",
	"system": false,
	"uid": 888
	}

	# 生成密码
	[root@manager ~]# ansible all -i localhost, -m debug -a "msg={{ 'mypassword' \| password_hash('sha512', 'mysecretsalt') }}"
	localhost \| SUCCESS => {
	"msg": "$6$mysecretsalt$qJbapG68nyRab3gxvKWPUcs2g3t0oMHSHMnSKecYNpSi3CuZm.GbBqXO8BE6EI6P1JUefhA0qvD7b5LSh./PU1"
	}

	#修改用户密码
	[root@manager ~]# ansible nfs -m user -a 'name=bbb password=$6$mysercretsalt$qF7c7b4aO14EVnPghilcTrsA8tDwGM54aeIDs1ljo3B1yPHDPQKhGddHoPTe.YARL.RBsrmSzgqR3LxgSfuCs0'
	nfs01 \| CHANGED => {
	"append": false,
	"changed": true,
	"comment": "",
	"group": 1001,
	"home": "/home/bbb",
	"move_home": false,
	"name": "bbb",
	"password": "NOT_LOGGING_PASSWORD",
	"shell": "/bin/sh",
	"state": "present",
	"uid": 1001
	}

	[root@manager ~]# ansible nfs -m group -a 'name=hhh state=present'
	nfs01 \| CHANGED => {
	"changed": true,
	"gid": 1002,
	"name": "hhh",
	"state": "present",
	"system": false
	}

	[root@manager ~]# ansible nfs -m file -a 'path=/tmp/test state=touch owner=root group=root mode=600'
	nfs01 \| CHANGED => {
	"changed": true,
	"dest": "/tmp/test",
	"gid": 0,
	"group": "root",
	"mode": "0600",
	"owner": "root",
	"size": 0,
	"state": "file",
	"uid": 0
	}

	[root@manager ~]# ansible nfs -m copy -a 'src=/etc/hosts dest=/tmp owner=root group=root mode=600'
	nfs01 \| CHANGED => {
	"changed": true,
	"checksum": "bc221e76ab69607d5f5c3153cbd0f2b277b6093a",
	"dest": "/tmp/hosts",
	"gid": 0,
	"group": "root",
	"md5sum": "bc61c74b4cd4253907a6e142b40bc65b",
	"mode": "0600",
	"owner": "root",
	"size": 347,
	"src": "/root/.ansible/tmp/ansible-tmp-1545162295.34-119407730773856/source",
	"state": "file",
	"uid": 0
	}

	# centos 6.x
	[root@manager ~]# ansible nfs -m service -a 'name=nfs-server state=started'

	# centos 7.x
	[root@manager ~]# ansible nfs -m systemd -a 'name=nfs-server state=started'

	[root@manager ~]# ansible web -m mount -a "src=172.16.1.31:/data path=/data fstype=nfs opts=defaults state=present"
	[root@manager ~]# ansible web -m mount -a "src=172.16.1.31:/data path=/data fstype=nfs opts=defaults state=mounted"
	[root@manager ~]# ansible web -m mount -a "src=172.16.1.31:/data path=/data fstype=nfs opts=defaults state=unmounted"
	[root@manager ~]# ansible web -m mount -a "src=172.16.1.31:/data path=/data fstype=nfs opts=defaults state=absent"

	[root@manager ~]# ansible nfs -m cron -a 'name="sync time" minute=00 hour=00 weekday=1 job="ntpdate ntp.api.bz &>/dev/null" state=present'
	nfs01 \| CHANGED => {
	"changed": true,
	"envs": [],
	"jobs": [
	"sync time"
	]
	}

	# 在客户端节点上查看
	[root@nfs ~]# crontab -l
	#Ansible: sync time
	00 00 * * 1 ntpdate ntp.api.bz &>/dev/null

	[root@manager ~]# ansible nfs -m yum -a 'name=nfs-utils state=installed'
	nfs01 \| SUCCESS => {
	"ansible_facts": {
	"pkg_mgr": "yum"
	},
	"changed": false,
	"msg": "",
	"rc": 0,
	"results": [
	"1:nfs-utils-1.3.0-0.61.el7.x86_64 providing nfs-utils is already installed"
	]
	}