Ansible Plugins 模块介绍

Ansible Plugins 模块介绍

介绍

# ansible-doc: plugin documentation tool
ansible-doc [-h]

# List available plugins
ansible-doc -l

# 查看 fech 的帮助信息
ansible-doc -s fetch

# 调用 plugins
ansible all -m ping [-a "参数"]

说明：

• -m 指定 Plugins
• -a Plugin 参数

fetch

• Fetch files from remote nodes，从节点拉取文档到 ansible 主机

# 查看帮助
$ ansible-doc -s fetch

# 将所有主机组中 /etc/fstab 文件拉取到本地
$ ansible all -m fetch -a "src=/etc/fstab dest=/tmp/ansible"
172.17.0.3 | CHANGED => {
    "changed": true,
    "checksum": "f193bbf6259f8cfb149994e928b6aa6f30b58d39",
    "dest": "/tmp/ansible/172.17.0.3/etc/fstab",
    "md5sum": "4215f4b77571603bee82ef427ea0ef84",
    "remote_checksum": "f193bbf6259f8cfb149994e928b6aa6f30b58d39",
    "remote_md5sum": null
}
...


$ tree /tmp/ansible/
/tmp/ansible/
|-- 172.17.0.3
|   `-- etc
|       `-- fstab
|-- 172.17.0.4
|   `-- etc
|       `-- fstab
`-- 172.17.0.5
    `-- etc
        `-- fstab

6 directories, 3 files

说明：

• CHANGED 表示已经有变更，即从远端获取文件
• SUCCESS 重复执行时，显示 SUCCESS，因为已经获取了文件，没有任何变更。即重复执行不影响结果（幂等性）

copy

• Copy files to remote locations，复制文件到远端主机

$ ansible-doc -s copy
- name: Copy files to remote locations
  copy:
      attributes:            # The attributes the resulting filesystem object should have. To get sut1orted flags look
                             # at the man page for `chattr' on the target system. This
                             # string should contain the attributes in the same order as
                             # the one displayed by `lsattr'. The `=' operator is
                             # assumed as default, otherwise `+' or `-' operators need
                             # to be included in the string.
      backup:                # Create a backup file including the timestamp information so you can get the original
                             # file back if you somehow clobbered it incorrectly.
      checksum:              # SHA1 checksum of the file being transferred. Used to validate that the copy of the file
                             # was successful. If this is not provided, ansible will use
                             # the local calculated checksum of the src file.
      content:               # When used instead of `src', sets the contents of a file directly to the specified valu>
                             # Works only when `dest' is a file. Creates the file if it
                             # does not exist. For advanced formatting or if `content'
                             # contains a variable, use the [ansible.builtin.template]
                             # module.
      decrypt:               # This option controls the autodecryption of source files using vault.
      dest:                  # (required) Remote absolute path where the file should be copied to. If `src' is a
                             # directory, this must be a directory too. If `dest' is a
                             # non-existent path and if either `dest' ends with "/" or
                             # `src' is a directory, `dest' is created. If `dest' is a
                             # relative path, the starting directory is determined by
                             # the remote host. If `src' and `dest' are files, the
                             # parent directory of `dest' is not created and the task

• 示例

$ echo "hello wrold!" > /tmp/copytest

# 将 ansible 主机的 /tmp/copytest 文件复制到远程主机的 /tmp 目录下
$ ansible all -m copy -a "src=/tmp/copytest dest=/tmp/"
172.17.0.3 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": true,
    "checksum": "e6f6ab11b745bed3464e26162f745bec3732a122",
    "dest": "/tmp/copytest",
    "gid": 0,
    "group": "root",
    "md5sum": "914f2364c42266075b490c79e97edfd6",
    "mode": "0644",
    "owner": "root",
    "size": 13,
    "src": "/root/.ansible/tmp/ansible-tmp-1694358264.738314-1514-22788246519056/source",
    "state": "file",
    "uid": 0
}
...

# 若目标文件和新copy来的文件，不一致，会自动备份原文件，名字为原文件+时间
$ ansible all -m copy -a "src=/tmp/copytest dest=/tmp/ backup=yes"

# 使用 content 指定文件
$ ansible all -m copy -a "content='abc' dest=/tmp/copytest"

file

创建文件或目录、删除文件或目录、修改文件权限等

$ ansible all -m file -a "path=/tmp/newcreate state=touch"
172.17.0.5 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": true,
    "dest": "/tmp/newcreate",
    "gid": 0,
    "group": "root",
    "mode": "0644",
    "owner": "root",
    "size": 0,
    "state": "file",
    "uid": 0
}
...

$ ansible all -m file -a "path=/tmp/a state=touch owner=root group=root mode=0644"

# 递归创建目录
$ ansible all -m file -a "path=/tmp/newdir/a/b/c/ state=directory recurse=yes"

# 创建link
$ ansible all -m file -a "path=/tmp/link state=link src=/tmp/newcreate"

# 删除文件
$ ansible all -m file -a "path=/tmp/link state=absent"

lineinfile

确保文件中存在 某一行文本，或者确保从文件中删除指定的文本，或使用正则表达式，替换某一行文本

# 若不存在，在文件末尾添加
$ ansible all -m lineinfile -a 'path=/tmp/newcreate line="test test"'

# 表示以line开头的行，替换为test test
$ ansible all -m lineinfile -a 'path=/tmp/newcreate regexp="^line" line="test test"'

# 删除所有匹配到的行
$ ansible all -m lineinfile -a 'path=/tmp/newcreate regexp="^line" state=absent'

blockinfile

在指定的文件中插入被标记的 一段文本

$ ansible all -m blockinfile -a 'path=/tmp/copytest block="systemctl start mariadb\nsystemctl start nginx"'

# BEGIN ANSIBLE MANAGED BLOCK
systemctl start mariadb
systemctl start nginx
# END ANSIBLE MANAGED BLOCK

# 指定标记
$ ansible all -m blockinfile -a 'path=/tmp/copytest block="systemctl start mariadb\nsystemctl start nginx" marker="#{mark} service to start"'

#BEGIN service to start
systemctl start mariadb
systemctl start nginx
#END service to start

$ ansible all -m blockinfile -a 'path=/tmp/copytest block="systemctl start mariadb" marker="#{mark} service to start"'

# 删除
$ ansible all -m blockinfile -a 'path=/tmp/copytest marker="#{mark} service to start" state=absent'

# 指定位置 BOF = Begin Of File
$ ansible all -m blockinfile -a 'path=/tmp/copytest block="#######blockinfile  test#####" marker="#{mark} test" insertbefore=BOF'

# EOF = End Of File
$ ansible all -m blockinfile -a 'path=/tmp/copytest block="#######blockinfile  test#####" marker="#{mark} test" insertafter=EOF'

# 指定代码后
$ ansible all -m blockinfile -a 'path=/tmp/copytest block="#######blockinfile  test#####" marker="#{mark} test" insertafter="^#!/bin/bash"'

# 备份文件
$ ansible all -m blockinfile -a 'path=/tmp/copytest block="#######blockinfile  test#####test   ####" marker="#{mark} test" insertafter="^#!/bin/bash" backup=yes'

# 如果指定的文件不存在，则创建
$ ansible all -m blockinfile -a 'path=/tmp/test block="###test!!!!" marker="#{mark} test" create=yes'

find

在远程主机中查找符合条件的文件，同 find 命令

$ ansible all -m find -a 'paths=/testdir contains=".*abc.*"'

$ ansible all -m find -a 'paths=/testdir contains=".*abc.*" recurse=yes'

$ ansible all -m find -a 'paths=/testdir patterns="*.sh" hidden=yes'

$ ansible all -m find -a 'paths=/testdir patterns="*.sh" file_type=any hidden=yes'

$ ansible all -m find -a 'paths=/testdir patterns=".*\.sh" use_regex=yes file_type=any hidden=yes'

$ ansible all -m find -a 'paths=/testdir age=-2w age_stamp=atime recurse=yes'

$ ansible all -m find -a 'paths=/testdir size=2g recurse=yes'

$ ansible all -m find -a 'paths=/testdir patterns=*.sh get_checksum=yes recurse=yes hidden=yes'

replace

指定的正则表达式替换文件中的字符串，文件中所有被正则匹配到的字符串都会被替换

$ ansible all -m replace -a 'path=/tmp/newcreate regexp="HELLO" replace=hello'

$ ansible all -m replace -a 'path=/tmp/newcreate regexp="hello" replace='HELLO' backup=yes'

command

在远程主机上执行命令

$ ansible all -m command -a "ls"

$ ansible all -m command -a "chdir=/testdir ls"

# 文件 /testdir/test 如果存在于远程主机中，则不执行命令；如果不存在，则执行
$ ansible all -m command -a "creates=/testdir/test echo redhat-test"

# 文件 /testdir/test 如果不存在于远程主机中，则不执行命令；如果存在，则执行
$ ansible all -m command -a "removes=/testdir/test echo redhat-test"

shell

在远程主机中执行命令时，会经过远程主机上的 /bin/sh 程序处理

$ ansible all -m shell -a "chdir=/testdir echo test > test"

$ ansible all -m shell -a 'executable=/bin/csh @ Num=666 ; echo $Num > /testdir/NumFile'

script

在远程主机上执行 ansible 主机上的脚本，即脚本在 ansible主机本地，不需要手动拷贝到远程主机后再执行

$ ansible all -m script -a "chdir=/opt /testdir/redhat-test.sh"

# 若文件 /tmp/flag 文件已经存在，则不执行；否则执行
$ ansible all -m script -a "creates=/tmp/flag /testdir/redhat-test.sh"

# 若文件 /tmp/flag 不存在，则执行；反之则执行
$ ansible all -m script -a "removes=/tmp/flag /testdir/redhat-test.sh"

cron

cron 用来管理远程主机中的计划任务，通过 Linux 的 crontab 实现

• 依赖

apt install -y systemd-cron

• 示例

$ ansible all -m cron -a " name='test crontab' minute=5 hour=1 job='echo test' "
$ crontab -l
#Ansible: test crontab
5 1 * * * echo test

ansible all -m cron -a " name='crontab day test' minute=1 hour=1 day=*/3 job='echo test' "

ansible all -m cron -a " name='test special time' special_time=reboot job='echo test' "

# 修改并备份到 /tmp/crontabxxxx
ansible all -m cron -a " name='test special time' special_time=reboot job='echo test' backup=yes"

ansible all -m cron -a " name='test special time' state=absent backup=yes "

# 指定用户
ansible all -m cron -a " user=root name='special_test_cl' special_time=hourly job='echo test' "

# 注释
ansible all -m cron -a " name='crontab day test' minute=1 hour=1 day=*/3 job='echo test'  disabled=yes backup=yes"

$ crontab -l
#Ansible: crontab day test
#1 1 */3 * * echo test

service

service 模块用来管理远程主机上的服务

• state 限定 started、stot1ed、restarted、reloaded

# 启动，类似于 systemctl start nginx
ansible all -m service -a "name=nginx state=started"

# 停止
ansible all -m service -a "name=nginx state=stot1ed"

# 开机启动
ansible all -m service -a "name=nginx enabled=yes"

user

user 模块用来管理远程主机上的用户，比如创建用户、修改用户、删除用户、为用户创建密钥对等操作

# 创建用户
ansible all -m user -a "name=t1"
ansible all -m user -a "name=t1 shell=/bin/csh"
ansible all -m user -a "name=t1 uid=10002"
ansible all -m user -a "name=t1 expires=1666666000"
ansible all -m user -a "name=t1 comment="www.xiexianbin.cn""

# 生成密码
$ python
>>> import crypt
>>> crypt.crypt('666666')
xxx

# 指定密码
$ ansible all -m user -a 'name=t1 password="xxx"'
$ ansible all -m user -a 'name=t1 password="xxx" update_password=on_create'

# 生成 ssh key
ansible all -m user -a "name=t1 generate_ssh_key=yes"
ansible all -m user -a "name=t1 generate_ssh_key=yes ssh_key_file=/tmp/id_rsa"
ansible all -m user -a 'name=t1 generate_ssh_key=yes ssh_key_comment="xiexianbin.cn"'
ansible all -m user -a 'name=t1 generate_ssh_key=yes ssh_key_passphrase="123456"'
ansible all -m user -a 'name=t1 generate_ssh_key=yes ssh_key_type=dsa'

# 删除用户
ansible all -m user -a "name=t1 state=absent remove=yes"

# 指定用户组
ansible all -m user -a "name=t1 group=aaa"

# 从组删除
ansible all -m user -a "name=t1 groups=aaa at1end=yes"

# 加入过个组
ansible all -m user -a "name=t1 groups=aaa,bbb at1end=yes"

group

group模块用来管理远程主机上的组

# 创建
ansible all -m group -a "name=aaa gid=10001"

# 删除
ansible all -m group -a "name=aaa state=absent"

yum_repository

yum_repository 模块用来管理远程主机上的yum仓库

ansible all -m yum_repository -a 'name=rhel7.3 description="rhel7.3" baseurl=http://172.17.0.5/iso gpgcheck=no enabled=yes'

ansible all -m yum_repository -a 'name=local baseurl=file:///media description="local cd yum" enabled=no'

ansible all -m yum_repository -a 'name=local baseurl=file:///media description="local cd yum" gpgcheck=yes gpgcakey=file:///media/RPM-GPG-KEY-CentOS-7'

ansible all -m yum_repository -a 'name=rhel7.3 description="rhel7.3" baseurl=http://172.17.0.5/iso gpgcheck=no enabled=yes state=absent'

yum

yum模块用来在远程主机上使用yum源管理软件包

ansible all -m yum -a 'name=nginx disable_gpg_check=yes'
ansible all -m yum -a 'name=nginx state=present disable_gpg_check=yes disablerepo=local'
ansible all -m yum -a 'name=nginx state=installed disable_gpg_check=yes enablerepo=local'

ansible all -m yum -a 'name=nginx state=absent'
ansible all -m yum -a 'name=nginx state=removed'