Ansible Plugins 模块介绍
介绍
# ansible-doc: plugin documentation tool
ansible-doc [-h]
# List available plugins
ansible-doc -l
# 查看 fech 的帮助信息
ansible-doc -s fetch
# 调用 plugins
ansible all -m ping [-a "参数"]
说明:
-m
指定 Plugins
-a
Plugin 参数
fetch
- Fetch files from remote nodes,从节点拉取文档到 ansible 主机
# 查看帮助
$ ansible-doc -s fetch
# 将所有主机组中 /etc/fstab 文件拉取到本地
$ ansible all -m fetch -a "src=/etc/fstab dest=/tmp/ansible"
172.17.0.3 | CHANGED => {
"changed": true,
"checksum": "f193bbf6259f8cfb149994e928b6aa6f30b58d39",
"dest": "/tmp/ansible/172.17.0.3/etc/fstab",
"md5sum": "4215f4b77571603bee82ef427ea0ef84",
"remote_checksum": "f193bbf6259f8cfb149994e928b6aa6f30b58d39",
"remote_md5sum": null
}
...
$ tree /tmp/ansible/
/tmp/ansible/
|-- 172.17.0.3
| `-- etc
| `-- fstab
|-- 172.17.0.4
| `-- etc
| `-- fstab
`-- 172.17.0.5
`-- etc
`-- fstab
6 directories, 3 files
说明:
CHANGED
表示已经有变更,即从远端获取文件
SUCCESS
重复执行时,显示 SUCCESS
,因为已经获取了文件,没有任何变更。即重复执行不影响结果(幂等性
)
copy
- Copy files to remote locations,复制文件到远端主机
$ ansible-doc -s copy
- name: Copy files to remote locations
copy:
attributes: # The attributes the resulting filesystem object should have. To get sut1orted flags look
# at the man page for `chattr' on the target system. This
# string should contain the attributes in the same order as
# the one displayed by `lsattr'. The `=' operator is
# assumed as default, otherwise `+' or `-' operators need
# to be included in the string.
backup: # Create a backup file including the timestamp information so you can get the original
# file back if you somehow clobbered it incorrectly.
checksum: # SHA1 checksum of the file being transferred. Used to validate that the copy of the file
# was successful. If this is not provided, ansible will use
# the local calculated checksum of the src file.
content: # When used instead of `src', sets the contents of a file directly to the specified valu>
# Works only when `dest' is a file. Creates the file if it
# does not exist. For advanced formatting or if `content'
# contains a variable, use the [ansible.builtin.template]
# module.
decrypt: # This option controls the autodecryption of source files using vault.
dest: # (required) Remote absolute path where the file should be copied to. If `src' is a
# directory, this must be a directory too. If `dest' is a
# non-existent path and if either `dest' ends with "/" or
# `src' is a directory, `dest' is created. If `dest' is a
# relative path, the starting directory is determined by
# the remote host. If `src' and `dest' are files, the
# parent directory of `dest' is not created and the task
$ echo "hello wrold!" > /tmp/copytest
# 将 ansible 主机的 /tmp/copytest 文件复制到远程主机的 /tmp 目录下
$ ansible all -m copy -a "src=/tmp/copytest dest=/tmp/"
172.17.0.3 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": true,
"checksum": "e6f6ab11b745bed3464e26162f745bec3732a122",
"dest": "/tmp/copytest",
"gid": 0,
"group": "root",
"md5sum": "914f2364c42266075b490c79e97edfd6",
"mode": "0644",
"owner": "root",
"size": 13,
"src": "/root/.ansible/tmp/ansible-tmp-1694358264.738314-1514-22788246519056/source",
"state": "file",
"uid": 0
}
...
# 若目标文件和新copy来的文件,不一致,会自动备份原文件,名字为原文件+时间
$ ansible all -m copy -a "src=/tmp/copytest dest=/tmp/ backup=yes"
# 使用 content 指定文件
$ ansible all -m copy -a "content='abc' dest=/tmp/copytest"
file
创建文件或目录、删除文件或目录、修改文件权限等
$ ansible all -m file -a "path=/tmp/newcreate state=touch"
172.17.0.5 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": true,
"dest": "/tmp/newcreate",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
...
$ ansible all -m file -a "path=/tmp/a state=touch owner=root group=root mode=0644"
# 递归创建目录
$ ansible all -m file -a "path=/tmp/newdir/a/b/c/ state=directory recurse=yes"
# 创建link
$ ansible all -m file -a "path=/tmp/link state=link src=/tmp/newcreate"
# 删除文件
$ ansible all -m file -a "path=/tmp/link state=absent"
lineinfile
确保文件中存在 某一行文本
,或者确保从文件中删除指定的文本
,或使用正则表达式,替换某一行文本
# 若不存在,在文件末尾添加
$ ansible all -m lineinfile -a 'path=/tmp/newcreate line="test test"'
# 表示以line开头的行,替换为test test
$ ansible all -m lineinfile -a 'path=/tmp/newcreate regexp="^line" line="test test"'
# 删除所有匹配到的行
$ ansible all -m lineinfile -a 'path=/tmp/newcreate regexp="^line" state=absent'
blockinfile
在指定的文件中插入被标记的 一段文本
$ ansible all -m blockinfile -a 'path=/tmp/copytest block="systemctl start mariadb\nsystemctl start nginx"'
# BEGIN ANSIBLE MANAGED BLOCK
systemctl start mariadb
systemctl start nginx
# END ANSIBLE MANAGED BLOCK
# 指定标记
$ ansible all -m blockinfile -a 'path=/tmp/copytest block="systemctl start mariadb\nsystemctl start nginx" marker="#{mark} service to start"'
#BEGIN service to start
systemctl start mariadb
systemctl start nginx
#END service to start
$ ansible all -m blockinfile -a 'path=/tmp/copytest block="systemctl start mariadb" marker="#{mark} service to start"'
# 删除
$ ansible all -m blockinfile -a 'path=/tmp/copytest marker="#{mark} service to start" state=absent'
# 指定位置 BOF = Begin Of File
$ ansible all -m blockinfile -a 'path=/tmp/copytest block="#######blockinfile test#####" marker="#{mark} test" insertbefore=BOF'
# EOF = End Of File
$ ansible all -m blockinfile -a 'path=/tmp/copytest block="#######blockinfile test#####" marker="#{mark} test" insertafter=EOF'
# 指定代码后
$ ansible all -m blockinfile -a 'path=/tmp/copytest block="#######blockinfile test#####" marker="#{mark} test" insertafter="^#!/bin/bash"'
# 备份文件
$ ansible all -m blockinfile -a 'path=/tmp/copytest block="#######blockinfile test#####test ####" marker="#{mark} test" insertafter="^#!/bin/bash" backup=yes'
# 如果指定的文件不存在,则创建
$ ansible all -m blockinfile -a 'path=/tmp/test block="###test!!!!" marker="#{mark} test" create=yes'
find
在远程主机中查找符合条件的文件,同 find 命令
$ ansible all -m find -a 'paths=/testdir contains=".*abc.*"'
$ ansible all -m find -a 'paths=/testdir contains=".*abc.*" recurse=yes'
$ ansible all -m find -a 'paths=/testdir patterns="*.sh" hidden=yes'
$ ansible all -m find -a 'paths=/testdir patterns="*.sh" file_type=any hidden=yes'
$ ansible all -m find -a 'paths=/testdir patterns=".*\.sh" use_regex=yes file_type=any hidden=yes'
$ ansible all -m find -a 'paths=/testdir age=-2w age_stamp=atime recurse=yes'
$ ansible all -m find -a 'paths=/testdir size=2g recurse=yes'
$ ansible all -m find -a 'paths=/testdir patterns=*.sh get_checksum=yes recurse=yes hidden=yes'
replace
指定的正则表达式替换文件中的字符串,文件中所有被正则匹配到的字符串都会被替换
$ ansible all -m replace -a 'path=/tmp/newcreate regexp="HELLO" replace=hello'
$ ansible all -m replace -a 'path=/tmp/newcreate regexp="hello" replace='HELLO' backup=yes'
command
在远程主机上执行命令
$ ansible all -m command -a "ls"
$ ansible all -m command -a "chdir=/testdir ls"
# 文件 /testdir/test 如果存在于远程主机中,则不执行命令;如果不存在,则执行
$ ansible all -m command -a "creates=/testdir/test echo redhat-test"
# 文件 /testdir/test 如果不存在于远程主机中,则不执行命令;如果存在,则执行
$ ansible all -m command -a "removes=/testdir/test echo redhat-test"
shell
在远程主机中执行命令时,会经过远程主机上的 /bin/sh
程序处理
$ ansible all -m shell -a "chdir=/testdir echo test > test"
$ ansible all -m shell -a 'executable=/bin/csh @ Num=666 ; echo $Num > /testdir/NumFile'
script
在远程主机上执行 ansible 主机上的脚本,即脚本在 ansible主机本地,不需要手动拷贝到远程主机后再执行
$ ansible all -m script -a "chdir=/opt /testdir/redhat-test.sh"
# 若文件 /tmp/flag 文件已经存在,则不执行;否则执行
$ ansible all -m script -a "creates=/tmp/flag /testdir/redhat-test.sh"
# 若文件 /tmp/flag 不存在,则执行;反之则执行
$ ansible all -m script -a "removes=/tmp/flag /testdir/redhat-test.sh"
cron
cron
用来管理远程主机中的计划任务,通过 Linux 的 crontab 实现
apt install -y systemd-cron
$ ansible all -m cron -a " name='test crontab' minute=5 hour=1 job='echo test' "
$ crontab -l
#Ansible: test crontab
5 1 * * * echo test
ansible all -m cron -a " name='crontab day test' minute=1 hour=1 day=*/3 job='echo test' "
ansible all -m cron -a " name='test special time' special_time=reboot job='echo test' "
# 修改并备份到 /tmp/crontabxxxx
ansible all -m cron -a " name='test special time' special_time=reboot job='echo test' backup=yes"
ansible all -m cron -a " name='test special time' state=absent backup=yes "
# 指定用户
ansible all -m cron -a " user=root name='special_test_cl' special_time=hourly job='echo test' "
# 注释
ansible all -m cron -a " name='crontab day test' minute=1 hour=1 day=*/3 job='echo test' disabled=yes backup=yes"
$ crontab -l
#Ansible: crontab day test
#1 1 */3 * * echo test
service
service 模块用来管理远程主机上的服务
- state 限定
started
、stot1ed
、restarted
、reloaded
# 启动,类似于 systemctl start nginx
ansible all -m service -a "name=nginx state=started"
# 停止
ansible all -m service -a "name=nginx state=stot1ed"
# 开机启动
ansible all -m service -a "name=nginx enabled=yes"
user
user
模块用来管理远程主机上的用户,比如创建用户、修改用户、删除用户、为用户创建密钥对等操作
# 创建用户
ansible all -m user -a "name=t1"
ansible all -m user -a "name=t1 shell=/bin/csh"
ansible all -m user -a "name=t1 uid=10002"
ansible all -m user -a "name=t1 expires=1666666000"
ansible all -m user -a "name=t1 comment="www.xiexianbin.cn""
# 生成密码
$ python
>>> import crypt
>>> crypt.crypt('666666')
xxx
# 指定密码
$ ansible all -m user -a 'name=t1 password="xxx"'
$ ansible all -m user -a 'name=t1 password="xxx" update_password=on_create'
# 生成 ssh key
ansible all -m user -a "name=t1 generate_ssh_key=yes"
ansible all -m user -a "name=t1 generate_ssh_key=yes ssh_key_file=/tmp/id_rsa"
ansible all -m user -a 'name=t1 generate_ssh_key=yes ssh_key_comment="xiexianbin.cn"'
ansible all -m user -a 'name=t1 generate_ssh_key=yes ssh_key_passphrase="123456"'
ansible all -m user -a 'name=t1 generate_ssh_key=yes ssh_key_type=dsa'
# 删除用户
ansible all -m user -a "name=t1 state=absent remove=yes"
# 指定用户组
ansible all -m user -a "name=t1 group=aaa"
# 从组删除
ansible all -m user -a "name=t1 groups=aaa at1end=yes"
# 加入过个组
ansible all -m user -a "name=t1 groups=aaa,bbb at1end=yes"
group
group模块用来管理远程主机上的组
# 创建
ansible all -m group -a "name=aaa gid=10001"
# 删除
ansible all -m group -a "name=aaa state=absent"
yum_repository
yum_repository
模块用来管理远程主机上的yum仓库
ansible all -m yum_repository -a 'name=rhel7.3 description="rhel7.3" baseurl=http://172.17.0.5/iso gpgcheck=no enabled=yes'
ansible all -m yum_repository -a 'name=local baseurl=file:///media description="local cd yum" enabled=no'
ansible all -m yum_repository -a 'name=local baseurl=file:///media description="local cd yum" gpgcheck=yes gpgcakey=file:///media/RPM-GPG-KEY-CentOS-7'
ansible all -m yum_repository -a 'name=rhel7.3 description="rhel7.3" baseurl=http://172.17.0.5/iso gpgcheck=no enabled=yes state=absent'
yum
yum模块用来在远程主机上使用yum源管理软件包
ansible all -m yum -a 'name=nginx disable_gpg_check=yes'
ansible all -m yum -a 'name=nginx state=present disable_gpg_check=yes disablerepo=local'
ansible all -m yum -a 'name=nginx state=installed disable_gpg_check=yes enablerepo=local'
ansible all -m yum -a 'name=nginx state=absent'
ansible all -m yum -a 'name=nginx state=removed'