1. 命令行參數
-v,–verbose 詳細模式,如果命令執行成功,輸出詳細的結果(-vv –vvv -vvvv) -i PATH,–inventory=PATH 指定host文件的路徑,默認是在/etc/ansible/hosts(生產環境經常用到) -f NUM,–forks=NU NUM是指定一個整數,默認是5,指定fork開啟同步進程的個數。 -m NAME,–module-name=NAME 指定使用的module名稱,默認是command -m DIRECTORY,–module-path=DIRECTORY 指定module的目錄來加載module,默認是/usr/share/ansible, -a,MODULE_ARGS 指定module模塊的參數 -k,-ask-pass 提示輸入ssh的密碼,而不是使用基於ssh的密鑰認證 -sudo 指定使用sudo獲得root權限(生產環境經常用到) -K,-ask-sudo-pass 提示輸入sudo密碼,與–sudo一起使用 (生產環境經常用到) -u USERNAME,-user=USERNAME 指定移動端的執行用戶 -C,-check 測試此命令執行會改變什么內容,不會真正的去執行
2. command模塊測試環境
[root@temp01 ~]# ansible all -a "pwd" 192.168.3.70 | SUCCESS | rc=0 >> /root 192.168.3.60 | SUCCESS | rc=0 >> /root
[root@temp01 ~]# ansible all -m command -a "pwd" #-m command 原來是可以省略的,ansible 默認模塊就是command
192.168.3.70 | SUCCESS | rc=0 >>
/root
192.168.3.60 | SUCCESS | rc=0 >>
/root
3. 再用ping模塊
#-f 參數用法
[root@temp01 ~]# ansible all -m ping -f 1 #all 表示hosts里面所有主機 -m 調用模塊 -f 指定同步進程數 192.168.3.60 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.3.70 | SUCCESS => { "changed": false, "ping": "pong" }
#-C參數用法 [root@temp01 ~]# ansible all -m ping -f 1 -C 192.168.3.60 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.3.70 | SUCCESS => { "changed": false, "ping": "pong" }
4. user模塊
[root@temp01 ~]# ansible db -m user -a 'name=DBA uid=505 home=/home/dba shell=/sbin/nologin' 192.168.3.70 | SUCCESS => { "changed": true, "comment": "", "createhome": true, "group": 505, "home": "/home/dba", "name": "DBA", "shell": "/sbin/nologin", "state": "present", "system": false, "uid": 505 } [root@temp01 ~]# ansible db -m user -a 'name=DBA state=absent' #state屬性有:present表示添加,absend表示刪除,state屬性默認是present 192.168.3.70 | SUCCESS => { "changed": true, "force": false, "name": "DBA", "remove": false, "state": "absent" }
修改用戶密碼
[root@temp01 ansible_playbook]# ansible all -m shell -a 'echo "123456" | passwd foo --stdin' 192.168.3.60 | SUCCESS | rc=0 >> Changing password for user foo. passwd: all authentication tokens updated successfully. 192.168.3.70 | SUCCESS | rc=0 >> Changing password for user foo. passwd: all authentication tokens updated successfully.
5. 看看下面這個坑
[root@temp01 ~]# ansible all -m cron -a "name=cat minute='*/1' job='ls /root'" 192.168.3.70 | FAILED! => { "changed": false, "failed": true, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!" } 192.168.3.60 | FAILED! => { "changed": false, "failed": true, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!" }
[root@temp01 ~]# ansible all -m copy -a "src=/etc/ansible/hosts dest=/root mode=600" 192.168.3.60 | FAILED! => { "changed": false, "checksum": "8add7a4e56ae6f7a1c6d0218ce757510d195bb3c", "failed": true, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!" } 192.168.3.70 | FAILED! => { "changed": false, "checksum": "8add7a4e56ae6f7a1c6d0218ce757510d195bb3c", "failed": true, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!" }
需要在客戶端安裝libselinux-python庫
方法如下,隨便介紹下yum模塊,哈哈
[root@temp01 ~]# ansible all -m yum -a 'name=libselinux-python state=present' 192.168.3.70 | SUCCESS => { "changed": true, "msg": "warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY\nImporting GPG key 0xC105B9DE:\n Userid : CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>\n Package: centos-release-6-5.el6.centos.11.1.x86_64 (@anaconda-CentOS-201311272149.x86_64/6.5)\n From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6\n", "rc": 0, "results": [ "Loaded plugins: fastestmirror, security\nLoading mirror speeds from cached hostfile\n * base: mirrors.zju.edu.cn\n * extras: centos.ustc.edu.cn\n * updates: mirrors.zju.edu.cn\nSetting up Install Process\nResolving Dependencies\n--> Running transaction check\n---> Package libselinux-python.x86_64 0:2.0.94-7.el6 will be installed\n--> Processing Dependency: libselinux = 2.0.94-7.el6 for package: libselinux-python-2.0.94-7.el6.x86_64\n--> Running transaction check\n---> Package libselinux.x86_64 0:2.0.94-5.3.el6_4.1 will be updated\n--> Processing Dependency: libselinux = 2.0.94-5.3.el6_4.1 for package: libselinux-utils-2.0.94-5.3.el6_4.1.x86_64\n---> Package libselinux.x86_64 0:2.0.94-7.el6 will be an update\n--> Running transaction check\n---> Package libselinux-utils.x86_64 0:2.0.94-5.3.el6_4.1 will be updated\n---> Package libselinux-utils.x86_64 0:2.0.94-7.el6 will be an update\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n libselinux-python x86_64 2.0.94-7.el6 base 203 k\nUpdating for dependencies:\n libselinux x86_64 2.0.94-7.el6 base 109 k\n libselinux-utils x86_64 2.0.94-7.el6 base 82 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\nUpgrade 2 Package(s)\n\nTotal download size: 394 k\nDownloading Packages:\n--------------------------------------------------------------------------------\nTotal 210 kB/s | 394 kB 00:01 \nRetrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Updating : libselinux-2.0.94-7.el6.x86_64 1/5 \n\r Installing : libselinux-python-2.0.94-7.el6.x86_64 2/5 \n\r Updating : libselinux-utils-2.0.94-7.el6.x86_64 3/5 \n\r Cleanup : libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 4/5 \n\rCleanup : libselinux-2.0.94-5.3.el6_4.1.x86_64 5/5 \n\r Verifying : libselinux-python-2.0.94-7.el6.x86_64 1/5 \n\r Verifying : libselinux-utils-2.0.94-7.el6.x86_64 2/5 \n\r Verifying : libselinux-2.0.94-7.el6.x86_64 3/5 \n\r Verifying : libselinux-2.0.94-5.3.el6_4.1.x86_64 4/5 \n\r Verifying : libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 5/5 \n\nInstalled:\n libselinux-python.x86_64 0:2.0.94-7.el6 \n\nDependency Updated:\n libselinux.x86_64 0:2.0.94-7.el6 libselinux-utils.x86_64 0:2.0.94-7.el6 \n\nComplete!\n" ] } 192.168.3.60 | SUCCESS => { "changed": true, "msg": "warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY\nImporting GPG key 0xC105B9DE:\n Userid : CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>\n Package: centos-release-6-5.el6.centos.11.1.x86_64 (@anaconda-CentOS-201311272149.x86_64/6.5)\n From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6\n", "rc": 0, "results": [ "Loaded plugins: fastestmirror, security\nLoading mirror speeds from cached hostfile\n * base: mirrors.cn99.com\n * extras: mirrors.cn99.com\n * updates: mirrors.cn99.com\nSetting up Install Process\nResolving Dependencies\n--> Running transaction check\n---> Package libselinux-python.x86_64 0:2.0.94-7.el6 will be installed\n--> Processing Dependency: libselinux = 2.0.94-7.el6 for package: libselinux-python-2.0.94-7.el6.x86_64\n--> Running transaction check\n--->Package libselinux.x86_64 0:2.0.94-5.3.el6_4.1 will be updated\n--> Processing Dependency: libselinux = 2.0.94-5.3.el6_4.1 for package: libselinux-utils-2.0.94-5.3.el6_4.1.x86_64\n---> Package libselinux.x86_64 0:2.0.94-7.el6 will be an update\n--> Running transaction check\n---> Package libselinux-utils.x86_64 0:2.0.94-5.3.el6_4.1 will be updated\n---> Package libselinux-utils.x86_64 0:2.0.94-7.el6 will be an update\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n libselinux-python x86_64 2.0.94-7.el6 base 203 k\nUpdatingfor dependencies:\n libselinux x86_64 2.0.94-7.el6 base 109 k\n libselinux-utils x86_64 2.0.94-7.el6 base 82 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\nUpgrade 2 Package(s)\n\nTotal download size: 394 k\nDownloading Packages:\n--------------------------------------------------------------------------------\nTotal 70 kB/s | 394 kB 00:05 \nRetrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Updating : libselinux-2.0.94-7.el6.x86_64 1/5 \n\r Installing : libselinux-python-2.0.94-7.el6.x86_64 2/5 \n\r Updating : libselinux-utils-2.0.94-7.el6.x86_64 3/5 \n\r Cleanup : libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 4/5 \n\r Cleanup : libselinux-2.0.94-5.3.el6_4.1.x86_64 5/5 \n\r Verifying : libselinux-python-2.0.94-7.el6.x86_64 1/5 \n\r Verifying : libselinux-utils-2.0.94-7.el6.x86_64 2/5 \n\r Verifying : libselinux-2.0.94-7.el6.x86_64 3/5 \n\r Verifying : libselinux-2.0.94-5.3.el6_4.1.x86_64 4/5 \n\r Verifying : libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 5/5 \n\nInstalled:\n libselinux-python.x86_64 0:2.0.94-7.el6 \n\nDependency Updated:\n libselinux.x86_64 0:2.0.94-7.el6 libselinux-utils.x86_64 0:2.0.94-7.el6 \n\nComplete!\n" ] }
6. service 模塊
[root@temp01 ~]# ansible all -m service -a 'name=sshd state=restarted' #state屬性有running,started,stopped,restarted,reloaded 192.168.3.60 | SUCCESS => { "changed": true, "name": "sshd", "state": "started" } 192.168.3.70 | SUCCESS => { "changed": true, "name": "sshd", "state": "started" }
7. yum模塊還是介紹下
[root@temp01 ~]# ansible all -m yum -a 'name=ntp state=present' #state屬性有absent,present,installed,removed,latest 192.168.3.70 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "ntp-4.2.6p5-1.el6.centos.x86_64 providing ntp is already installed" ] } 192.168.3.60 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "ntp-4.2.6p5-1.el6.centos.x86_64 providing ntp is already installed" ] }
8. script模塊 遠程執行腳本
[root@temp01 ~]# cat ansible.sh #腳本內容 #!/bin/bash echo "Hello world" >>/root/ansible.log [root@temp01 ~]# ansible all -m script -a 'ansible.sh' 192.168.3.70 | SUCCESS => { "changed": true, "rc": 0, "stderr": "", "stdout": "", "stdout_lines": [] } 192.168.3.60 | SUCCESS => { "changed": true, "rc": 0, "stderr": "", "stdout": "", "stdout_lines": [] } [root@example_02 ~]# pwd #跳轉到客戶端驗證 /root [root@example_02 ~]# cat ansible.log Hello world
9. 忘了一個重要的模塊shell模塊
shell 模塊與command模塊區別 ,shell支持管道符和變更,下面這個例子說明問題
[root@temp01 ~]# ansible all -m mommand -a 'cat /etc/passwd | grep root' ERROR! this task 'mommand' has extra params, which is only allowed in the following modules: command, win_command, shell, win_shell, script, include, include_vars, add_host, group_by, set_fact, raw, meta [root@temp01 ~]# ansible all -m shell -a 'cat /etc/passwd | grep root' 192.168.3.70 | SUCCESS | rc=0 >> root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin 192.168.3.60 | SUCCESS | rc=0 >> root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin
10. file模塊
(1)修改文件屬性
[root@temp01 ~]# ansible all -m file -a 'path=/root/ansible.log owner=root mode=777 group=root' #修改文件屬性 192.168.3.60 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/root/ansible.log", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 12, "state": "file", "uid": 0 } 192.168.3.70 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/root/ansible.log", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 12, "state": "file", "uid": 0 }
(2)新建目錄:類 mkdir -p
[root@temp01 ~]# ansible all -m file -a 'dest=/root/1/2/3/4/ mode=755 owner=root group=root state=directory' 192.168.3.60 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/root/1/2/3/4/", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 4096, "state": "directory", "uid": 0 } 192.168.3.70 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/root/1/2/3/4/", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 4096, "state": "directory", "uid": 0 } [root@example_02 ~]# ll total 48 -rw-------. 1 root root 1106 Jul 11 05:26 anaconda-ks.cfg -rwxrwxrwx. 1 root root 12 Dec 30 02:53 ansible.log -rw-------. 1 root root 1052 Dec 30 01:09 hosts -rw-r--r--. 1 root root 23089 Jul 11 05:26 install.log -rw-r--r--. 1 root root 6240 Jul 11 05:24 install.log.syslog [root@example_02 ~]# cd 1/2/3/4/ #轉到客戶端驗證 You have new mail in /var/spool/mail/root [root@example_02 4]# pwd /root/1/2/3/4
(3)刪除目錄文件
[root@temp01 ~]# ansible all -m file -a 'dest=/root/1/2/3/4/ state=absent' 192.168.3.60 | SUCCESS => { "changed": true, "path": "/root/1/2/3/4/", "state": "absent" } 192.168.3.70 | SUCCESS => { "changed": true, "path": "/root/1/2/3/4/", "state": "absent" } [root@example_02 ~]# cd 1/2/3/4 #跳轉驗證 -bash: cd: 1/2/3/4: No such file or directory [root@example_02 ~]#