ansible 003 常用模块

常用模块

file 模块 管理被控端文件

回显为绿色则，未变更，符合要求
黄色则改变
红色则报错

因为默认值为file，那么文件不存在，报错

改为touch则创建
将state改为directory变成创建目录（默认可以递归）

创建软链接或硬链接

[root@workstation modules]# ansible servera  -m file  -a  'path=/tmp/redhat1 state=absent'
absent删除文件

[root@workstation modules]# ansible servera -m file  -a 'path=/tmp/file  mode=755  owner=ansible'
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "gid": 0,
    "group": "root",
    "mode": "0755",
    "owner": "ansible",
    "path": "/tmp/file",
    "secontext": "unconfined_u:object_r:user_tmp_t:s0",
    "size": 0,
    "state": "file",
    "uid": 1001
}
更改已经存在的目录  可以加state=touch  也可以不加效果一样

[root@workstation modules]# ansible   servera  -m  file  -a 'src=/tmp/file2  dest=/tmp/file33  state=link force=yes'
[WARNING]: Cannot set fs attributes on a non-existent symlink target. follow should be set to False to avoid
this.
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "dest": "/tmp/file33",
    "src": "/tmp/file2"
}

强制创建不存在源文件的链接文件
源文件不同则覆盖（不加force也可以）
根据红色报错来决定加不加force更合理

copy模块 将主控端文件给被控端

[root@workstation maosible]# ansible  servera -m  copy -a 'src=hosts  dest=/tmp/dir01'
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "e7a86fde02d85341de7f8a7c1544a3943e6aff9a",
    "dest": "/tmp/dir01",
    "gid": 0,
    "group": "root",
    "md5sum": "46d0842e39f0fb11629b1b07653420e0",
    "mode": "0644",
    "owner": "root",
    "secontext": "unconfined_u:object_r:user_home_t:s0",
    "size": 16,
    "src": "/home/ansible/.ansible/tmp/ansible-tmp-1662013817.618654-7648-138526025113835/source",
    "state": "file",
    "uid": 0
}

一个致命的小细节

[root@workstation maosible]# ln -s /important/  ./abca
[root@workstation maosible]# rm -f abca/
rm: cannot remove 'abca/': Is a directory
[root@workstation maosible]# rm -f abca
[root@workstation maosible]# 

这个小小的/区别很大。一定要注意，哪些位置需要加/

[root@workstation maosible]# ansible servera -m copy -a 'content="hello world\n" dest=/tmp/file2'

copy也可以写文件(相当于重定向>)

backup 在覆盖之前将原文件备份。备份包含时间信息
force=no 防止覆盖
remote_src 复制被控端到被控端 默认no
validate 测试文件的语法如果测试不通过，则不执行

[root@workstation maosible]# cat /etc/sudoers.d/kk 
xiaomao ALL=(ALL) NOPASSWD:ALL
[root@workstation maosible]# ansible  servera  -m copy -a "src=/etc/sudoers.d/kk  dest=/etc/sudoers.d/user1  validate='visudo -cf %s'"
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "276588c6d80f03f87e149fb9cf406f7589b12299",
    "dest": "/etc/sudoers.d/user1",
    "gid": 0,
    "group": "root",
    "md5sum": "c647cd86fe29f8aae9ced2c5e4ce4063",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:etc_t:s0",
    "size": 31,
    "src": "/home/ansible/.ansible/tmp/ansible-tmp-1662016144.5676467-8325-177579230721100/source",
    "state": "file",
    "uid": 0
}

检查文件格式并发送，不正确不发

https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html
更多参考文档

user模块 管理用户

查帮助
ansible-doc -l 列出所有模块
ansible-doc user 查user的帮助

[root@workstation maosible]#  ansible  servera -m user -a 'name=user1 uid=1100 state=present'

幂等性的缘故，所以可以重复执行命令达到想要的效果

[root@workstation maosible]#  ansible  servera -m user -a 'name=user1 uid=1100  group=ansible shell=/sbin/nologin state=present'

[root@workstation maosible]#  ansible  servera -m user -a 'name=user1 remove=yes state=absent'
连带家目录一起删除

设置密码

[root@workstation maosible]# ansible all -i localhost, -m debug -a "msg={{ 'redhat' | password_hash('sha512', 'mysecretsalt') }}"
localhost | SUCCESS => {
    "msg": "$6$mysecretsalt$GcajIATSXc4CUJ.uOMrH.oB7A7dch4KSuaNfL12kfmhFZz7hH9gcttplfRfmk4rQ.sQnZieSBxqi6xPDFBGRC0"
}

来自官方文档的指引

[root@workstation maosible]# ansible  servera  -m user -a 'name=user1 uid=1101 state=present password="$6$mysecretsalt$GcajIATSXc4CUJ.uOMrH.oB7A7dch4KSuaNfL12kfmhFZz7hH9gcttplfRfmk4rQ.sQnZieSBxqi6xPDFBGRC0"'

 ansible localhost -m debug -a "msg={{ 'redhat' | password_hash('sha512', 'mysecretsalt') }}"
直接在ansible节点输出就好了

一次做完

[root@workstation maosible]# ansible servera -m user -a "name=user1 uid=1101 state=present password={{ '2redhat' | password_hash('sha512', 'mysecretsalt') }}"

将密码管道给password_hash('sha512', 'mysecretsalt') 因为里面有变量所以 {{}}

group 模块

[root@workstation maosible]# ansible servera -m group -a 'name=it1  state=present'

[root@workstation maosible]# ansible servera  -m user -a 'name=bob group=it1 state=present'

[root@workstation maosible]# ansible servera  -m user -a 'name=bob group=it1 groups=root,ansible state=present'
name  group  groups这些参数没有次序，想怎么放就怎么放
创建用户并指定组，并添加附加组

yum 模块

可以查ansible-doc
- name: Add multiple repositories into the same file (2/2)
yum_repository:
name: rpmforge
description: RPMforge YUM repo
file: external_repos
baseurl: http://apt.sw.be/redhat/el7/en/$basearch/rpmforge
mirrorlist: http://mirrorlist.repoforge.org/el7/mirrors-rpmforge
enabled: no

[root@workstation maosible]# ansible   servera -m yum_repository -a 'baseurl=file:///mnt enabled=yes description=abc  file=abc gpgcheck=no name=dvd'

配仓库

[root@workstation maosible]# ansible all -m  yum  -a 'name=tree state=present'

装包

 [root@workstation maosible]# ansible all -m  yum  -a 'name="@Development tools" state=present'

装包组

[root@workstation maosible]# ansible servera -m yum -a 'name=* state=present'  
相当于servera   yum update -y

更新

ansible命令发到被控端是不好撤回的  ctrl+c不是很有用

package模块封装了yum与apt

service 模块

[root@workstation maosible]# ansible servera -m service -a 'name=sshd state=started enabled=yes' 

systemd 模块

当 需要deamon-reload得需要systemd

cron 模块

[root@workstation maosible]# ansible  servera -m cron -a 'hour=05  user=user1 job="echo hello" name=fox'
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "envs": [],
    "jobs": [
        "fox"
    ]
}
[root@workstation maosible]# ssh root@servera
Last login: Fri Sep  2 21:14:14 2022 from 192.168.230.164
[root@servera ~]# crontab -l -u user1
#Ansible: fox
* 05 * * * echo hello
[root@servera ~]# 

加name，ansible需要一个cron标识

[root@workstation maosible]# ansible  servera -m cron -a 'hour=05  user=user1 job="echo hellwwo" name=fox cron_file=/etc/cron.d/cronmqy'
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "cron_file": "/etc/cron.d/cronmqy",
    "envs": [],
    "jobs": [
        "fox"
    ]
}
[root@workstation maosible]# ansible  servera -m cron -a 'hour=05  user=root job="echo he2llwwo" name=fox cron_file=/etc/crontab'
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "cron_file": "/etc/crontab",
    "envs": [
        "SHELL",
        "PATH",
        "MAILTO"
    ],
    "jobs": [
        "fox"
    ]
}


[root@servera cron.d]# cat cronmqy 
#Ansible: fox
* 05 * * * user1 echo hellwwo
[root@servera cron.d]# cat /etc/crontab 
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed

#Ansible: fox
* 05 * * * root echo he2llwwo
[root@servera cron.d]# 

这里name必须都不一样才好。我这里偷懒了
这里主要是显示出ansible的计划任务可以写进文件

cron.d下面自定义文件很方便。名字随便取

synchronize 同步

ansible servera -m synchronize -a 'src=/root/ansible/ dest=/tmp/data archive=no rsync_opts=-tr'
根据时间戳同步目录
-tro o为拥有人