1、 ansible-doc
[root@zxw63 ~]# ansible-doc -s raw - name: Executes a low-down and dirty SSH command raw: executable: # change the shell used to execute the command. Should be an absolute path to the executable. when using privilege escalation (`become'), a default shell will be assigned if one is not provided as privilege escalation requires a shell. free_form: # (required) the raw module takes a free form command to run. There is no parameter actually named 'free form'; see the examples! [root@zxw63 ~]# ansible-doc -s shell - name: Execute commands in nodes. shell: chdir: # cd into this directory before running the command creates: # a filename, when it already exists, this step will *not* be run. executable: # change the shell used to execute the command. Should be an absolute path to the executable. free_form: # (required) The shell module takes a free form command to run, as a string. There's not an actual option named "free form". See the examples! removes: # a filename, when it does not exist, this step will *not* be run. stdin: # Set the stdin of the command directly to the specified value. warn: # if command warnings are on in ansible.cfg, do not warn about this particular line if set to no/false. [root@zxw63 ~]# ansible-doc command > COMMAND (/usr/lib/python2.7/site-packages/ansible/modules/commands/command.py) The `command' module takes the command name followed by a list of space-delimited arguments. The given command will be executed on all selected nodes. It will not be processed through the shell, so variables like `$HOME' and operations like `"<"', `">"', `"|"', `";"' and `"&"' will not work (use the [shell] module if you need these features). For Windows targets, use the [win_command] module instead. OPTIONS (= is mandatory): - chdir Change into this directory before running the command. [Default: (null)] version_added: 0.6 - creates A filename or (since 2.0) glob pattern, when it already exists, this step will *not* be run. [Default: (null)] = free_form The command module takes a free form command to run. There is no parameter actually named 'free form'. See the examples! - removes A filename or (since 2.0) glob pattern, when it does not exist, this step will *not* be run. [Default: (null)] version_added: 0.8 - stdin Set the stdin of the command directly to the specified value. [Default: None] version_added: 2.4 - warn If command_warnings are on in ansible.cfg, do not warn about this particular line if set to `no'. [Default: yes] type: bool version_added: 1.8 NOTES: * If you want to run a command through the shell (say you are using `<', `>', `|', etc), you actually want the [shell] module instead. The `command' module is much more secure as it's not affected by the user's environment. * `creates', `removes', and `chdir' can be specified after the command. For instance, if you only want to run a command if a certain file does not exist, use this. * The `executable' parameter is removed since version 2.4. If you have a need for this parameter, use the [shell] module instead. * For Windows targets, use the [win_command] module instead. AUTHOR: Ansible Core Team, Michael DeHaan METADATA: status: - stableinterface supported_by: core EXAMPLES: - name: return motd to registered var command: cat /etc/motd register: mymotd - name: Run the command if the specified file does not exist. command: /usr/bin/make_database.sh arg1 arg2 creates=/path/to/database # You can also use the 'args' form to provide the options. - name: This command will change the working directory to somedir/ and will only run when /path/to/database doesn't exist. command: /usr/bin/make_database.sh arg1 arg2 args: chdir: somedir/ creates: /path/to/database - name: safely use templated variable to run command. Always use the quote filter to avoid injection issues. command: cat {{ myfile|quote }} register: myoutput
2、shell、raw、shell、script
使用模块 command或者shell或者raw都能调用对象机器上的某条指令或者某个可执行文
- command模块,执行远程命令
- script模块 ,在远程主机执行主控端的shell/python脚本
- shell模块 ,执行远程主机的shell/python脚本
- raw模块 ,类似于command模块、支持管道传递
1、直接运行脚本
[root@zxw63 ~]# ansible webservers -m raw -a "/tmp/test.sh" 192.168.100.66 | SUCCESS | rc=0 >> this is test shell-script Shared connection to 192.168.100.66 closed. 192.168.100.128 | SUCCESS | rc=0 >> this is test shell-script Shared connection to 192.168.100.128 closed. [root@zxw63 ~]# ansible webservers -m shell -a "/tmp/test.sh" 192.168.100.66 | SUCCESS | rc=0 >> this is test shell-script 192.168.100.128 | SUCCESS | rc=0 >> this is test shell-script [root@zxw63 ~]# ansible webservers -m command -a "/tmp/test.sh" 192.168.100.66 | FAILED | rc=8 >> [Errno 8] Exec format error 192.168.100.128 | FAILED | rc=8 >> [Errno 8] 可执行文件格式错误 [root@zxw63 ~]# ansible webservers -m command -a "sh /tmp/test.sh" 192.168.100.66 | SUCCESS | rc=0 >> this is test shell-script 192.168.100.128 | SUCCESS | rc=0 >> this is test shell-script
2、是否支持管道
- shell、raw支持管道
- command支持管道
[root@zxw63 ~]# ansible webservers -m shell -a "ls -ltr /etc | wc -l" 192.168.100.128 | SUCCESS | rc=0 >> 217 192.168.100.66 | SUCCESS | rc=0 >> 218 [root@zxw63 ~]# ansible webservers -m raw -a "ls -ltr /etc | wc -l" 192.168.100.66 | SUCCESS | rc=0 >> 218 Shared connection to 192.168.100.66 closed. 192.168.100.128 | SUCCESS | rc=0 >> 217 Shared connection to 192.168.100.128 closed. [root@zxw63 ~]# ansible webservers -m command -a "ls -ltr /etc | wc -l" 192.168.100.66 | FAILED | rc=2 >> /etc: total 1820 -rw-r--r--. 1 root root 662 Aug 29 2007 logrotate.conf -rw-r--r--. 1 root root 220 Oct 13 2008 quotagrpadmins -rw-r--r--. 1 root root 148 May 14 2009 asound.conf
3、command不支持通配符
[root@zxw63 ~]# ansible webservers -m shell -a "ls -ltr /tmp/*.sh" 192.168.100.66 | SUCCESS | rc=0 >> -rwxrwxrwx. 1 root root 33 Jul 12 02:14 /tmp/test.sh 192.168.100.128 | SUCCESS | rc=0 >> -rwxrwxrwx. 1 root root 33 7月 12 02:14 /tmp/test.sh [root@zxw63 ~]# ansible webservers -m raw -a "ls -ltr /tmp/*.sh" 192.168.100.66 | SUCCESS | rc=0 >> -rwxrwxrwx. 1 root root 33 Jul 12 02:14 /tmp/test.sh Shared connection to 192.168.100.66 closed. 192.168.100.128 | SUCCESS | rc=0 >> -rwxrwxrwx. 1 root root 33 7月 12 02:14 /tmp/test.sh Shared connection to 192.168.100.128 closed.
4、script模块实现了将主控节点的脚本复制到远程节点,然后在远程节点执行脚本
[root@zxw63 ~]# ansible webservers -m command -a 'ls -ltr /tmp/test.sh' 192.168.100.66 | SUCCESS | rc=0 >> -rwxrwxrwx. 1 root root 33 Jul 12 02:14 /tmp/test.sh 192.168.100.128 | SUCCESS | rc=0 >> -rwxrwxrwx. 1 root root 33 7月 12 02:14 /tmp/test.sh [root@zxw63 ~]# ansible webservers -m command -a 'ls -ltr /root/test.sh' 192.168.100.66 | FAILED | rc=2 >> ls: cannot access /root/test.sh: No such file or directorynon-zero return code 192.168.100.128 | FAILED | rc=2 >> ls: 无法访问/root/test.sh: 没有那个文件或目录non-zero return code [root@zxw63 ~]# ansible webservers -m script -a '/root/test.sh' 192.168.100.66 | SUCCESS => { "changed": true, "rc": 0, "stderr": "Shared connection to 192.168.100.66 closed. ", "stdout": "this is test shell-script ", "stdout_lines": [ "this is test shell-script" ] } 192.168.100.128 | SUCCESS => { "changed": true, "rc": 0, "stderr": "Shared connection to 192.168.100.128 closed. ", "stdout": "this is test shell-script ", "stdout_lines": [ "this is test shell-script" ] }
3、copy
使用copy模块,可以实现向目标机器进行远程copy的能力。
参数 说明
- src 被复制到远程主机的本地对象文件或者文件夹,可以是绝对路径,也可以是相对路径。
- dest 被复制到远程主机的本地对象文件或者文件夹
- mode 复制对象的设定权限
- backup 在文件存在的时候可以选择覆盖之前,将源文件备份.设定值:yes/no 缺省为yes
- force 是否强制覆盖.设定值:yes/no 缺省为yes
default的情况下,force是yes的,所以什么都不写,文件存在的情况是会被覆盖的
[root@zxw63 try]# ansible webservers -m copy -a "src=/root/try/copyFile.txt dest=/tmp mode=744 backup=no force=yes" 192.168.100.66 | SUCCESS => { "changed": true, "checksum": "6cc815c3530217381d3e5f24ba5c3c03f51daf24", "dest": "/tmp/copyFile.txt", "gid": 0, "group": "root", "md5sum": "e90687bdaf32d8ebab3b266f36ba5f5a", "mode": "0744", "owner": "root", "secontext": "system_u:object_r:admin_home_t:s0", "size": 15, "src": "/root/.ansible/tmp/ansible-tmp-1563420953.31-119685260559482/source", "state": "file", "uid": 0 } 192.168.100.128 | SUCCESS => { "changed": true, "checksum": "6cc815c3530217381d3e5f24ba5c3c03f51daf24", "dest": "/tmp/copyFile.txt", "gid": 0, "group": "root", "md5sum": "e90687bdaf32d8ebab3b266f36ba5f5a", "mode": "0744", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 15, "src": "/root/.ansible/tmp/ansible-tmp-1563420953.31-281173963286018/source", "state": "file", "uid": 0 }
4、setup
不加参数,打印出所有的系统参数
ansible webservers -m setup
setup常用参数:fileter
[root@zxw63 try]# ansible webservers -m setup -a "filter=ansible_env" 192.168.100.66 | SUCCESS => { "ansible_facts": { "ansible_env": { "G_BROKEN_FILENAMES": "1", "HOME": "/root", "LANG": "en_US.UTF-8", "LESSOPEN": "|/usr/bin/lesspipe.sh %s", "LOGNAME": "root", "MAIL": "/var/mail/root", "PATH": "/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/ssh8/bin", "PWD": "/root", "SHELL": "/bin/bash", "SHLVL": "2", "SSH_ASKPASS": "/usr/libexec/openssh/gnome-ssh-askpass", "SSH_CLIENT": "192.168.100.132 52130 22", "SSH_CONNECTION": "192.168.100.132 52130 192.168.100.66 22", "SSH_TTY": "/dev/pts/1", "TERM": "xterm-256color", "USER": "root", "_": "/usr/bin/python" } }, "changed": false } 192.168.100.128 | SUCCESS => { "ansible_facts": { "ansible_env": { "G_BROKEN_FILENAMES": "1", "HOME": "/root", "LANG": "zh_CN.UTF-8", "LESSOPEN": "|/usr/bin/lesspipe.sh %s", "LOGNAME": "root", "MAIL": "/var/mail/root", "PATH": "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", "PWD": "/root", "SELINUX_LEVEL_REQUESTED": "", "SELINUX_ROLE_REQUESTED": "", "SELINUX_USE_CURRENT_RANGE": "", "SHELL": "/bin/bash", "SHLVL": "2", "SSH_ASKPASS": "/usr/libexec/openssh/gnome-ssh-askpass", "SSH_CLIENT": "192.168.100.132 58094 22", "SSH_CONNECTION": "192.168.100.132 58094 192.168.100.128 22", "SSH_TTY": "/dev/pts/1", "TERM": "xterm-256color", "USER": "root", "_": "/usr/bin/python" } }, "changed": false }
5、user/group模块
user模块
[root@zxw63 ansible]# ansible db -m command -a "id test01" db2 | FAILED | rc=1 >> id: test01:无此用户non-zero return code db1 | FAILED | rc=1 >> id: test01: No such usernon-zero return code [root@zxw63 ansible]# ansible db -m user -a "name=test01 group=root" db2 | SUCCESS => { "changed": true, "comment": "", "createhome": true, "group": 0, "home": "/home/test01", "name": "test01", "shell": "/bin/bash", "state": "present", "system": false, "uid": 501 } db1 | SUCCESS => { "changed": true, "comment": "", "createhome": true, "group": 0, "home": "/home/test01", "name": "test01", "shell": "/bin/bash", "state": "present", "system": false, "uid": 501 } [root@zxw63 ansible]# ansible db -m command -a "id test01" db2 | SUCCESS | rc=0 >> uid=501(test01) gid=0(root) 组=0(root) db1 | SUCCESS | rc=0 >> uid=501(test01) gid=0(root) groups=0(root) [root@zxw63 ansible]# ansible db -m user -a "name=test01 remove=yes" db2 | SUCCESS => { "append": false, "changed": false, "comment": "", "group": 0, "home": "/home/test01", "move_home": false, "name": "test01", "shell": "/bin/bash", "state": "present", "uid": 501 } db1 | SUCCESS => { "append": false, "changed": false, "comment": "", "group": 0, "home": "/home/test01", "move_home": false, "name": "test01", "shell": "/bin/bash", "state": "present", "uid": 501 } [root@zxw63 ansible]# ansible db -m command -a "id test01" db2 | SUCCESS | rc=0 >> uid=501(test01) gid=0(root) 组=0(root) db1 | SUCCESS | rc=0 >> uid=501(test01) gid=0(root) groups=0(root) [root@zxw63 ansible]# ansible db -m user -a "name=test01 state=absent remove=yes" db2 | SUCCESS => { "changed": true, "force": false, "name": "test01", "remove": true, "state": "absent" } db1 | SUCCESS => { "changed": true, "force": false, "name": "test01", "remove": true, "state": "absent" } [root@zxw63 ansible]# ansible db -m command -a "id test01" db2 | FAILED | rc=1 >> id: test01:无此用户non-zero return code db1 | FAILED | rc=1 >> id: test01: No such usernon-zero return code
无参数state=absent时,用户没有真正的删除。
group模块
[root@zxw63 ansible]# ansible db -m group -a "name=testgrp01" db2 | SUCCESS => { "changed": true, "gid": 501, "name": "testgrp01", "state": "present", "system": false } db1 | SUCCESS => { "changed": true, "gid": 501, "name": "testgrp01", "state": "present", "system": false } [root@zxw63 ansible]# ansible db -m shell -a "cat /etc/group | grep testgrp01" db2 | SUCCESS | rc=0 >> testgrp01:x:501: db1 | SUCCESS | rc=0 >> testgrp01:x:501: [root@zxw63 ansible]# ansible db -m group -a "name=testgrp01 state=absent" db2 | SUCCESS => { "changed": true, "name": "testgrp01", "state": "absent" } db1 | SUCCESS => { "changed": true, "name": "testgrp01", "state": "absent" } [root@zxw63 ansible]# ansible db -m shell -a "cat /etc/group | grep testgrp01 " db2 | FAILED | rc=1 >> non-zero return code db1 | FAILED | rc=1 >> non-zero return code
6、yum模块
使用yum包管理器来管理软件包,其选项有:
name:要进行操作的软件包的名字,也可以传递一个url或者一个本地的rpm包的路径
state:状态(present-已安装,absent-未安装(卸载),latest-最新的)
安装vsftpd
ansible db -m yum -a "name=vsftpd state=present"
vsfpd卸载
- 卸载有absent和removed两种方式
1、state=absent
ansible db -m yum -a "name=vsftpd state=absent"
2、state=removed
ansible db -m yum -a "name=vsftpd state=removed"
7、service模块
service模块用于管理服务
enabled:是否开机启动 yes|no
name:必选项,服务名称
state:对当前服务执行启动,停止、重启、重新加载等操作(started,stopped,restarted,reloaded)
#启动服务 ansible db -m service -a "name=vsftpd state=started"
#停止服务 ansible db -m service -a "name=vsftpd state=stopped"
#重起服务 ansible db -m service -a "name=vsftpd state=restarted"
#重载服务 ansible db -m service -a "name=vsftpd state=reloaded"
8、cron模块
cron模块用于管理计划任务
backup:对远程主机上的原任务计划内容修改之前做备份
cron_file:如果指定该选项,则用该文件替换远程主机上的cron.d目录下的用户的任务计划
day:日(1-31,,/2,……)
hour:小时(0-23,,/2,……)
minute:分钟(0-59,,/2,……)
month:月(1-12,,/2,……)
weekday:周(0-7,*,……)
job:要执行的任务,依赖于state=present
name:该任务的描述
special_time:指定什么时候执行,参数:reboot,yearly,annually,monthly,weekly,daily,hourly
state:确认该任务计划是创建还是删除
user:以哪个用户的身份执行
可以参看:https://blog.csdn.net/dylloveyou/article/details/80875132
- 任务添加
ansible db -m cron -a "name='check dirs' hour='5,2' job='ls -alh > /dev/null'"
- 任务删除
ansible db -m cron -a "name='check dirs' hour='5,2' state=absent"
