一、setup模塊
主要用於獲取主機信息,在playbooks里面經常給會用到的一個參數gether_facts就與該模塊相關。setup模塊下經常使用的一個參數是filter參數。 每個被管理節點在接收並運行管理命令之前,會將自己主機相關信息(如系統版本,主機ip地址)告知ansible管理主機 --tree:將所有主機的輸出信息保存到指定目錄下,以/etc/ansible/hosts里的主機名為文件名 ansible all -m setup -a ‘filter=ansible_default_ipv4’ --tree /tmp/
filter:過濾關鍵字:
[root@localhost ansible]# ansible 127.0.0.1 -m setup -a 'filter=ansible_default_ipv4'
gather_subset:按子集收集信息,值有all,main,bardware,network,virtual,ohai,facter,不包含使用!號,如,!network
filter參數:
ansible_nodename #節點名字
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_nodename'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_nodename": "ansible"
},
"changed": false
}
ansible_fqdb #fqdn名
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_fqdn'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_fqdn": "ansible"
},
"changed": false
}
ansible_hostname #主機短名稱
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_hostname'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_hostname": "ansible"
},
"changed": false
}
ansible_domain #主機域名后綴
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_domain'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_domain": ""
},
"changed": false
}
ansible_memtotal_mb #總物理內存
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_memtotal_mb'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_memtotal_mb": 976
},
"changed": false
}
ansible_swaptotal_mb #swap總大小
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_swaptotal_mb'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_swaptotal_mb": 2047
},
"changed": false
}
ansible_processor #cpu信息
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_processor'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_processor": [
"0",
"GenuineIntel",
"Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz"
]
},
"changed": false
}
ansible_process_cores #cpu核心數量
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_processor_cores'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_processor_cores": 1
},
"changed": false
}
ansible_processor_vcpus #cpu邏輯核心數量
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_processor_vcpus'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_processor_vcpus": 1
},
"changed": false
}
ansible_all_ipv4_addresses #所有ipv4地址
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_all_ipv4_addresses'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.100.120"
]
},
"changed": false
}
ansible_all_ipv6_addresses #所有ipv6地址
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_all_ipv6_addresses'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv6_addresses": [
"fe80::e010:cb1a:204a:861d"
]
},
"changed": false
}
ansible_default_ipv4 #默認網關的網卡配置信息
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_default_ipv4'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_default_ipv4": {
"address": "192.168.100.120",
"alias": "ens33",
"broadcast": "192.168.100.255",
"gateway": "192.168.100.2",
"interface": "ens33",
"macaddress": "00:0c:29:73:fd:2e",
"mtu": 1500,
"netmask": "255.255.255.0",
"network": "192.168.100.0",
"type": "ether"
}
},
"changed": false
}
ansible_ens33 #具體某張網卡信息
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_ens33'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_ens33": {
"active": true,
"device": "ens33",
"features": {
"busy_poll": "off [fixed]",
"fcoe_mtu": "off [fixed]",
"generic_receive_offload": "on",
"generic_segmentation_offload": "on",
"highdma": "off [fixed]",
"hw_tc_offload": "off [fixed]",
"l2_fwd_offload": "off [fixed]",
"large_receive_offload": "off [fixed]",
"loopback": "off [fixed]",
"netns_local": "off [fixed]",
"ntuple_filters": "off [fixed]",
"receive_hashing": "off [fixed]",
"rx_all": "off",
"rx_checksumming": "off",
"rx_fcs": "off",
"rx_vlan_filter": "on [fixed]",
"rx_vlan_offload": "on",
"rx_vlan_stag_filter": "off [fixed]",
"rx_vlan_stag_hw_parse": "off [fixed]",
"scatter_gather": "on",
"tcp_segmentation_offload": "on",
"tx_checksum_fcoe_crc": "off [fixed]",
"tx_checksum_ip_generic": "on",
"tx_checksum_ipv4": "off [fixed]",
"tx_checksum_ipv6": "off [fixed]",
"tx_checksum_sctp": "off [fixed]",
"tx_checksumming": "on",
"tx_fcoe_segmentation": "off [fixed]",
"tx_gre_csum_segmentation": "off [fixed]",
"tx_gre_segmentation": "off [fixed]",
"tx_gso_partial": "off [fixed]",
"tx_gso_robust": "off [fixed]",
"tx_ipip_segmentation": "off [fixed]",
"tx_lockless": "off [fixed]",
"tx_mpls_segmentation": "off [fixed]",
"tx_nocache_copy": "off",
"tx_scatter_gather": "on",
"tx_scatter_gather_fraglist": "off [fixed]",
"tx_sctp_segmentation": "off [fixed]",
"tx_sit_segmentation": "off [fixed]",
"tx_tcp6_segmentation": "off [fixed]",
"tx_tcp_ecn_segmentation": "off [fixed]",
"tx_tcp_mangleid_segmentation": "off",
"tx_tcp_segmentation": "on",
"tx_udp_tnl_csum_segmentation": "off [fixed]",
"tx_udp_tnl_segmentation": "off [fixed]",
"tx_vlan_offload": "on [fixed]",
"tx_vlan_stag_hw_insert": "off [fixed]",
"udp_fragmentation_offload": "off [fixed]",
"vlan_challenged": "off [fixed]"
},
"hw_timestamp_filters": [],
"ipv4": {
"address": "192.168.100.120",
"broadcast": "192.168.100.255",
"netmask": "255.255.255.0",
"network": "192.168.100.0"
},
"ipv6": [
{
"address": "fe80::e010:cb1a:204a:861d",
"prefix": "64",
"scope": "link"
}
],
"macaddress": "00:0c:29:73:fd:2e",
"module": "e1000",
"mtu": 1500,
"pciid": "0000:02:01.0",
"promisc": false,
"speed": 1000,
"timestamping": [
"tx_software",
"rx_software",
"software"
],
"type": "ether"
}
},
"changed": false
}
ansible_dns #網卡dns信息
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_dns'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_dns": {
"nameservers": [
"192.168.100.2",
"114.114.114.114"
]
}
},
"changed": false
}
ansible_architecture #系統架構
x86_64
ansible_machine #主機類型
x86_64
ansible_kernel #內核版本
2.6.32-696.el6.x86_64
ansible_distribution #發行版本
centos
ansible_distribution_release #發行版名稱
final
ansible_distribution_major_version #操作系統主版本號
6
ansible_distribution_release #發行版本名稱
Final
ansible_distribution_version #完整版本號
7.4.1708
ansible_pkg_mgr #軟件包管理方式
yum
ansible_service-mgr #進行服務方式
systemd
ansible_os_family #家族系列
RedHat
ansible_cmdline #內核啟動參數
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_cmdline'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_cmdline": {
"BOOT_IMAGE": "/vmlinuz-3.10.0-693.el7.x86_64",
"LANG": "zh_CN.UTF-8",
"crashkernel": "auto",
"quiet": true,
"rd.lvm.lv": "centos/swap",
"rhgb": true,
"ro": true,
"root": "/dev/mapper/centos-root"
}
},
"changed": false
}
ansible_selinux #SElinux狀態
disbled
ansible_env #當前環境變量參數
ansible_data_time #時間相關
ansible_python_version #python版本
2.7.5
ansible_lvm #lvm卷相關信息
ansible_mounts #所有掛載點
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_mounts'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_mounts": [
{
"block_available": 4130338,
"block_size": 4096,
"block_total": 4452864,
"block_used": 322526,
"device": "/dev/mapper/centos-root",
"fstype": "xfs",
"inode_available": 8863332,
"inode_total": 8910848,
"inode_used": 47516,
"mount": "/",
"options": "rw,relatime,attr2,inode64,noquota",
"size_available": 16917864448,
"size_total": 18238930944,
"uuid": "282c72d5-8cf6-4ac2-9e6a-64d19ebe2998"
},
{
"block_available": 227195,
"block_size": 4096,
"block_total": 259584,
"block_used": 32389,
"device": "/dev/sda1",
"fstype": "xfs",
"inode_available": 523961,
"inode_total": 524288,
"inode_used": 327,
"mount": "/boot",
"options": "rw,relatime,attr2,inode64,noquota",
"size_available": 930590720,
"size_total": 1063256064,
"uuid": "700f5755-18e9-45b5-ab39-9c699eb0f636"
}
]
},
"changed": false
}
ansible_device_links #所有掛在的設備uuid和卷標名
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_device_links'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_device_links": {
"ids": {
"dm-0": [
"dm-name-centos-root",
"dm-uuid-LVM-rdlock3VAHcB3dNwwyYLym2uGO9gVYLylUjawiCM9Ei01XfqxeDCwuFZGm5GKTN4"
],
"dm-1": [
"dm-name-centos-swap",
"dm-uuid-LVM-rdlock3VAHcB3dNwwyYLym2uGO9gVYLye5ByMZPoe3dex42T2VCoRo0C2Rd4riqf"
],
"sda2": [
"lvm-pv-uuid-f3IVfS-XHtK-6UjN-ZyOj-s1GO-1NdX-ZIh8UN"
]
},
"labels": {},
"masters": {
"sda2": [
"dm-0",
"dm-1"
]
},
"uuids": {
"dm-0": [
"282c72d5-8cf6-4ac2-9e6a-64d19ebe2998"
],
"dm-1": [
"c351d02a-6ffa-41b1-b108-9129dbcac1a2"
],
"sda1": [
"700f5755-18e9-45b5-ab39-9c699eb0f636"
]
}
}
},
"changed": false
}
ansible_devices #所有/dev/下的正在使用的設備信息
[root@ansible ~]# ansible test -m setup -a 'filter=ansible_devices'
192.168.100.120 | SUCCESS => {
"ansible_facts": {
"ansible_devices": {
"dm-0": {
"holders": [],
"host": "",
"links": {
"ids": [
"dm-name-centos-root",
"dm-uuid-LVM-rdlock3VAHcB3dNwwyYLym2uGO9gVYLylUjawiCM9Ei01XfqxeDCwuFZGm5GKTN4"
],
"labels": [],
"masters": [],
"uuids": [
"282c72d5-8cf6-4ac2-9e6a-64d19ebe2998"
]
},
"model": null,
"partitions": {},
"removable": "0",
"rotational": "1",
"sas_address": null,
"sas_device_handle": null,
"scheduler_mode": "",
"sectors": "35643392",
"sectorsize": "512",
"size": "17.00 GB",
"support_discard": "0",
"vendor": null,
"virtual": 1
},
"dm-1": {
"holders": [],
"host": "",
"links": {
"ids": [
"dm-name-centos-swap",
"dm-uuid-LVM-rdlock3VAHcB3dNwwyYLym2uGO9gVYLye5ByMZPoe3dex42T2VCoRo0C2Rd4riqf"
],
"labels": [],
"masters": [],
"uuids": [
"c351d02a-6ffa-41b1-b108-9129dbcac1a2"
]
},
"model": null,
"partitions": {},
"removable": "0",
"rotational": "1",
"sas_address": null,
"sas_device_handle": null,
"scheduler_mode": "",
"sectors": "4194304",
"sectorsize": "512",
"size": "2.00 GB",
"support_discard": "0",
"vendor": null,
"virtual": 1
},
"sda": {
"holders": [],
"host": "SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 01)",
"links": {
"ids": [],
"labels": [],
"masters": [],
"uuids": []
},
"model": "VMware Virtual S",
"partitions": {
"sda1": {
"holders": [],
"links": {
"ids": [],
"labels": [],
"masters": [],
"uuids": [
"700f5755-18e9-45b5-ab39-9c699eb0f636"
]
},
"sectors": "2097152",
"sectorsize": 512,
"size": "1.00 GB",
"start": "2048",
"uuid": "700f5755-18e9-45b5-ab39-9c699eb0f636"
},
"sda2": {
"holders": [
"centos-root",
"centos-swap"
],
"links": {
"ids": [
"lvm-pv-uuid-f3IVfS-XHtK-6UjN-ZyOj-s1GO-1NdX-ZIh8UN"
],
"labels": [],
"masters": [
"dm-0",
"dm-1"
],
"uuids": []
},
"sectors": "39843840",
"sectorsize": 512,
"size": "19.00 GB",
"start": "2099200",
"uuid": null
}
},
"removable": "0",
"rotational": "1",
"sas_address": null,
"sas_device_handle": null,
"scheduler_mode": "deadline",
"sectors": "41943040",
"sectorsize": "512",
"size": "20.00 GB",
"support_discard": "0",
"vendor": "VMware,",
"virtual": 1
}
}
},
"changed": false
}
ansible_user_dir #執行用戶的家目錄
root
ansible_user_gecos #執行用戶的描述信息
the root
ansible_user_gid #執行用戶的gid
0
ansible_user_id #執行用戶的用戶名
root
ansible_user_shell #執行用戶的shell類型
/bin/bash
ansible_user_uid #執行用戶的uid
0
二、command模塊
介紹
command命令模塊,默認模塊,用於在遠程執行命令(不能使用變量)
參數:
creates:一個文件名,該文件存在,則該命令不執行
free_from:要執行的linux指令
chdir:在執行指令之前,先切換到該指定的目錄
removes:一個文件名,當該文件不存在,則該選項不執行
executable:切換shell來執行指令,該執行路徑必須是一個絕對路徑
三、cron定時任務模塊
1、backup:對遠程主機上的原計划任務內容修改之前做備份
2、cron_file:如果指定該選項。則用該文件替換遠程主機上的cron.d目錄下的用戶的任務計划
3、day:日(1-31,*,*、2,....)
4、hours:小時(0-23,*,*、2,....)
5、minute:分鍾
6、month:月
7、weekday:周
8、job:要執行的任務,依賴state=present
9、name:該任務的描述
10、special_time:指定什么時候執行,參數:reboot,yearly,annually,monthly,weekly
11、state:確認該任務計划是創建還是刪除
12、user:以哪個用戶的身份執行
[root@ansible tmp]# ansible test -m cron -a 'minute="*/10" job="/bin/date" name="test cron job" state="present"'
192.168.100.120 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test cron job"
]
}
注意:
1、定時設置指定值的寫入即可,沒有設置的可以不寫(默認是*)
2、name必須寫
3、state有兩個狀態:present(添加(默認值))或 absent(移除)
[root@ansible tmp]# ansible test -a 'crontab -l'
192.168.100.120 | SUCCESS | rc=0 >>
#Ansible: test cron job
*/10 * * * * /bin/date
#######刪除計划任務
[root@ansible tmp]# ansible test -m cron -a 'minute="*/10" job="/bin/date" name="test cron job" state="absent"'
192.168.100.120 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": []
}
#####查詢計划任務
[root@ansible tmp]# ansible test -a "crontab -l"
192.168.100.120 | SUCCESS | rc=0 >>
四、user/group模塊
user模塊是請求的是useradd、userdel、usermod,group請求的是groupadd、groupdel、groupdel
參數介紹:
groups:指定用戶的屬組
uid:指定用的uid
password:為用戶設置密碼登錄,此密碼是銘文密碼,輸入的是加密后的密碼
update_password:always/on_create
always:只有當密碼不相同時才會更新密碼(默認)
on_create:只為新用戶設置密碼
name:指定用戶名
createhome:是否創建家目錄 yes|no(默認是yes)
system:是否為系統用戶
remove:當state=absent時,remove=yes則表示連同家目錄一起刪除,等價於userdel -r(默認是no)
state:是創建還是刪除present(添加 默認值)or absent(移除)
shell:指定用戶的shell環境
append:yes/no
yes:增量添加group
no:全量變更group,只設置groups指定group組(默認)
expires:設置用戶的過期時間,值是一個時間戳
注意事項:指定password參數時,不能使用后面這遺傳密碼會被直接傳送到被管理主機的/etc/shadow文件中,所以需要先將密碼字符串進行加密處理。然后將得到的字符串放到password中即可
范例:
- user: name=johnd comment="John Doe" uid=1040 group=admin - user: name=james shell=/bin/bash groups=admins,developers append=yes - user: name=johnd state=absent remove=yes - user: name=james18 shell=/bin/zsh groups=developers expires=1422403387 #生成密鑰時,只會生成公鑰文件和私鑰文件,和直接使用ssh-keygen指令效果相同,不會生成authorized_keys文件。 - user: name=test generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
生成加密的密碼:
1、安裝python-pip,安裝加密函數庫-passlib
yum -y install python-pip pip install --upgrade pip pip install passlib
2、使用加密函數庫,獲取密文密碼
# python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))" Password: $6$0lwTSmqKOkL.ktgl$OnBexXC7haBf0FRHVMIZM2edDeFWBbpKJ2r9cxVwNvY.vh3IIUzwFz8n7jFglc0CrtQSY12ziDonVL6e71Og2.
3、創建用戶,指定用戶密碼
ansible test -m user -a 'name="testops" password="$6$0lwTSmqKOkL.ktgl$OnBexXC7haBf0FRHVMIZM2edDeFWBbpKJ2r9cxVwNvY.vh3IIUzwFz8n7jFglc0CrtQSY12ziDonVL6e71Og2."'
4、用戶刪除:
[root@ansible ~]# ansible test -m user -a 'name="test" state="absent" remove="yes"'
192.168.100.120 | SUCCESS => {
"changed": true,
"force": false,
"name": "test",
"remove": true,
"state": "absent"
}
五、copy模塊
復制文件
參數介紹: 1、backup:在覆蓋之前的源文件備份,備份文件包含時間信息,有兩個選項:yes|no 2、content:用於代替“src”,可以直接設定指定文件的值 3、desc:必選項,要將源文件復制到遠程主機的絕對路徑,如果源文件是一個目錄,那么該路徑也必須是一個目錄 4、directory_mode:遞歸的設定目錄的權限,默認為系統默認權限 5、force:如果目標主機包含該文件,但內容不同,如果設置為yes,則強制覆蓋,如果為no,則只有當目標位置不存在該文件時,才復制,默認為yes
6、others:所有的file模塊里選項都可以在這里使用
7、src:要復制到遠程主機的文件在本地的地址,可以是絕對路徑,也可以是相對路徑。如果路徑是一個目錄,它將遞歸復制,在這種情況下,如果路徑使用“/”來結尾,則只復制目錄里的內容,如果沒有使用“/”來結尾,則包含目錄在內的整個內容全部復制,雷士rsync