大家好,我是早九晚十二,目前是做运维相关的工作。写博客是为了积累,希望大家一起进步!
我的主页:早九晚十二
专栏名称:Ansible从入门到精通 立志成为ansible大佬
文章目录
- ansible常用命令
- ansible
- ansible-doc命令
- ansible-playbook
- ansible-vault
- ansible-console
- ansible-galaxy
- ansible的Host-pattern格式
- ansible的命令执行过程
- ansible的模块使用
- Command
- shell模块
- Script模块
- copy模块
- fetch模块
- file模块
- hostname
- cron
- yum
- service
- user
- group
今天主要是ansible的基本命令学习,ansible内置了1000+模块,每个模块都可以看做成是一个命令,而且参数各不相同,导致ansible的使用方法多种多样。
我们主要是学习一些常用的命令。
ansible常用命令
ansible
ansible命令是最主要的命令,我们在使用ansible执行任务时都需要这个指令。通过ssh实现配置管理、应用部署、任务执行等功能,建议配置ansible端能基于密钥认证的方式联系各被管理节点。
ansible <host-pattern> [-m module_name] [-a args]
--version 显示版本
-m module 指定模块,默认为command
-v 详细过程 -vv -vVV更详细
--list-hosts 显示主机列表,可简写-list
-k,--ask-pass提示输入ssh连接密码,默认Key验证-K,--ask-become-pass 提示输入sudo时的口令
-C,--check 检查,并不执行
-T,--timeout=TIMEOUT 执行命令的超时时间,默认10s
-u,--user=REMOTE_USER 执行远程执行的用户
-b,--become 代替日版的sudo 切换
示例
#例如,使用ansible调用ping命令联通测试机
#all代表所有主机,也可以单独指定主机分组,或者ip,主机名等
[root@0033 .ssh]# ansible all -m ping
192.168.0.226 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
#查看测试机的/boot目录
[root@0033 .ssh]# ansible all -m command -a "ls /boot"
192.168.0.226 | CHANGED | rc=0 >>
config-3.10.0-1160.90.1.el7.x86_64
config-3.10.0-1160.el7.x86_64
efi
grub
grub2
initramfs-0-rescue-98b448c3b99a45858a2edfd7aab282fb.img
initramfs-3.10.0-1160.90.1.el7.x86_64.img
initramfs-3.10.0-1160.90.1.el7.x86_64kdump.img
initramfs-3.10.0-1160.el7.x86_64.img
initramfs-3.10.0-1160.el7.x86_64kdump.img
symvers-3.10.0-1160.90.1.el7.x86_64.gz
symvers-3.10.0-1160.el7.x86_64.gz
System.map-3.10.0-1160.90.1.el7.x86_64
System.map-3.10.0-1160.el7.x86_64
vmlinuz-0-rescue-98b448c3b99a45858a2edfd7aab282fb
vmlinuz-3.10.0-1160.90.1.el7.x86_64
vmlinuz-3.10.0-1160.el7.x86_64
#查看ansible版本
[root@0033 .ssh]# ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 16 2020, 22:23:17) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
#使用详细信息查看执行结果 -v -vv -vvv
[root@0033 .ssh]# ansible all -m command -a "ls /boot" -v
Using /etc/ansible/ansible.cfg as config file
192.168.0.226 | CHANGED | rc=0 >>
config-3.10.0-1160.90.1.el7.x86_64
config-3.10.0-1160.el7.x86_64
efi
grub
grub2
initramfs-0-rescue-98b448c3b99a45858a2edfd7aab282fb.img
initramfs-3.10.0-1160.90.1.el7.x86_64.img
initramfs-3.10.0-1160.90.1.el7.x86_64kdump.img
initramfs-3.10.0-1160.el7.x86_64.img
initramfs-3.10.0-1160.el7.x86_64kdump.img
symvers-3.10.0-1160.90.1.el7.x86_64.gz
symvers-3.10.0-1160.el7.x86_64.gz
System.map-3.10.0-1160.90.1.el7.x86_64
System.map-3.10.0-1160.el7.x86_64
vmlinuz-0-rescue-98b448c3b99a45858a2edfd7aab282fb
vmlinuz-3.10.0-1160.90.1.el7.x86_64
vmlinuz-3.10.0-1160.el7.x86_64
[root@0033 .ssh]# ansible all -m command -a "ls /boot" -vv
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 16 2020, 22:23:17) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
Using /etc/ansible/ansible.cfg as config file
Skipping callback 'actionable', as we already have a stdout callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Skipping callback 'json', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'null', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Skipping callback 'selective', as we already have a stdout callback.
Skipping callback 'skippy', as we already have a stdout callback.
Skipping callback 'stderr', as we already have a stdout callback.
Skipping callback 'unixy', as we already have a stdout callback.
Skipping callback 'yaml', as we already have a stdout callback.
META: ran handlers
192.168.0.226 | CHANGED | rc=0 >>
config-3.10.0-1160.90.1.el7.x86_64
config-3.10.0-1160.el7.x86_64
efi
grub
grub2
initramfs-0-rescue-98b448c3b99a45858a2edfd7aab282fb.img
initramfs-3.10.0-1160.90.1.el7.x86_64.img
initramfs-3.10.0-1160.90.1.el7.x86_64kdump.img
initramfs-3.10.0-1160.el7.x86_64.img
initramfs-3.10.0-1160.el7.x86_64kdump.img
symvers-3.10.0-1160.90.1.el7.x86_64.gz
symvers-3.10.0-1160.el7.x86_64.gz
System.map-3.10.0-1160.90.1.el7.x86_64
System.map-3.10.0-1160.el7.x86_64
vmlinuz-0-rescue-98b448c3b99a45858a2edfd7aab282fb
vmlinuz-3.10.0-1160.90.1.el7.x86_64
vmlinuz-3.10.0-1160.el7.x86_64
META: ran handlers
META: ran handlers
ansible-doc命令
ansible-doc命令等于linux中的man命令,主要是查看各个模块的使用方法。该命令是按页展示,支持左右方向键翻看。
ansible-doc [options] [module....]
-a 显示所有模块的文档
-l, --list列出可用模块
-s,--snippet显示指定模块的playbook片段
示例:
ansible-doc -1 列出所有模块
ansible-doc ping 查看指定模块帮助用法
ansible-doc-s ping 查看指定模块帮助用法
示例
[root@0033 .ssh]# ansible-doc ping
> PING (/usr/lib/python2.7/site-packages/ansible/modules/system/ping.py)
A trivial test module, this module always returns `pong' on successful contact. It does not make sense in playbooks, but it is
useful from `/usr/bin/ansible' to verify the ability to login and that a usable Python is configured. This is NOT ICMP ping,
this is just a trivial test module that requires Python on the remote-node. For Windows targets, use the [win_ping] module
instead. For Network targets, use the [net_ping] module instead.
* This module is maintained by The Ansible Core Team
OPTIONS (= is mandatory):
- data
Data to return for the `ping' return value.
If this parameter is set to `crash', the module will cause an exception.
[Default: pong]
type: str
SEE ALSO:
* Module net_ping
The official documentation on the net_ping module.
https://docs.ansible.com/ansible/2.9/modules/net_ping_module.html
* Module win_ping
The official documentation on the win_ping module.
https://docs.ansible.com/ansible/2.9/modules/win_ping_module.html
AUTHOR: Ansible Core Team, Michael DeHaan
METADATA:
status:
- stableinterface
supported_by: core
:
#查看简易说明
[root@0033 ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
ping:
data: # Data to return for the `ping' return value. If this parameter is set to `crash', the module will cause an exception.
ansible-playbook
ansible-playbook是执行ansible剧本的命令,这个会在后面学习。
ansible-vault
文件加密工具,主要是保证主机名密码等隐私信息的安全。
ansible-console
基于Console界面与用户交互的执行工具
ansible-galaxy
下载/上传优秀代码或Roles模块的官网平台
ansible的Host-pattern格式
ansible的执行支持*通配符,例如
[root@0033 ~]# ansible 192.168.0.* -m ping
192.168.0.226 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@0033 ~]# ansible "*" -m ping
192.168.0.226 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@0033 ~]# ansible "t*" -m ping
192.168.0.226 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
支持或与运算
ansible “websrvs;appsrvs” -m ping
ansible “192.168.1.10:192.168.1.20”-m ping
ansible的命令执行过程
1.加载自己的配置文件 默认/etc/ansible/ansible.cfg
2.加载自己对应的模块文件,如command
3.通过ansible将模块或命令生成对应的临时py文件,并将该 文件传输至远程服务器的对应执行用户SHOME/.ansible/tmp/ansible-tmp-数字/XXX.PY文件
4.给文件+x执行
5.执行并返回结果
6.删除临时py文件,sleep o退出
执行状态 :
绿色: 执行成功并且不需要做改变的操作
黄色: 执行成功并且对目标主机做变更
红色: 执行失败
ansible的模块使用
Command
:在远程主机执行命令,默认模块,可忽略-m选项,如上面测试的ping指令
[root@0033 ~]# ansible "*" -m ping
192.168.0.226 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
但是command并不支持复杂运算, 如SVARNAME< > | ;& 等;
参考以下指令,command模块会将echo执行成输出指令。
[root@0033 ~]# ansible all -m command -a 'echo test lpasswd --stdin wang'
192.168.0.226 | CHANGED | rc=0 >>
testlpasswd --stdin wang
shell模块
支持复杂运算,比command更高级,但是更为复杂的指令还是适用性不太好
[root@0033 ~]# ansible all -m shell -a 'echo test lpasswd --stdin wang'
192.168.0.226 | CHANGED | rc=0 >>
test lpasswd --stdin wang
Script模块
调用bash执行命令类似 cat /tmp/stanley.md|awk -F’print S1,S2&>/tmp/example.txt 这些复杂命令,即使使用shell也可能会失败,解决办法: 写到脚本时,copy到远程,执行,再把需要的结果拉回执行命令的机器
Script : 运行脚本(自动复制脚本到其他机器)
[root@0033 ~]# ansible all -m script -a './name.sh'
192.168.0.226 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.0.226 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.0.226 closed."
],
"stdout": "0037\r\n",
"stdout_lines": [
"0037"
]
}
copy模块
将文件复制到其他机器上(开启备份功能)
[root@0033 ~]# ansible all -m copy -a 'src=/root/1.sh dest=/root backup=yes'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "f8615eade69d89da6d00670ff9b1b9085bd0054f",
"dest": "/root/1.sh",
"gid": 0,
"group": "root",
"md5sum": "ccdc5a05c6d775679b93ee275980a58f",
"mode": "0644",
"owner": "root",
"size": 112,
"src": "/root/.ansible/tmp/ansible-tmp-1685071112.05-21576-269891096851158/source",
"state": "file",
"uid": 0
}
查看测试机是否有这个文件
[root@0033 ~]# ansible all -a 'ls /root/1.sh'
192.168.0.226 | CHANGED | rc=0 >>
/root/1.sh
fetch模块
从目标服务器抓取文件到主控机上
[root@0033 ~]# ansible all -m fetch -a 'src=/root/2.txt dest=/root'
192.168.0.226 | CHANGED => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/root/192.168.0.226/root/2.txt",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
[root@0033 ~]# ll 192.168.0.226/root/2.txt
-rw-r--r-- 1 root root 0 May 26 11:33 192.168.0.226/root/2.txt
[root@0033 ~]# ansible all -m fetch -a 'src=/root/2.txt dest=/root'
192.168.0.226 | CHANGED => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/root/192.168.0.226/root/2.txt",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
[root@0033 ~]# ls
111.sh 192.168.0.226 1.sh grafana-8.2.0-1.x86_64.rpm grafana-8.3.0-1.x86_64.rpm name.sh
[root@0033 ~]# ll 192.168.0.226/root/2.txt
-rw-r--r-- 1 root root 0 May 26 11:33 192.168.0.226/root/2.txt
#fetch目前只能支持单一文件,如果需要多个文件需要压缩
[root@0033 ~]# ansible all -m shell -a 'tar Jcf log.tar.xz /var/log/*.log'
[WARNING]: Consider using the unarchive module rather than running 'tar'. If you need to use command because unarchive is insufficient you can add 'warn: false' to this
command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.0.226 | CHANGED | rc=0 >>
tar: Removing leading `/' from member names
[root@0033 ~]# ansible all -m shell -a 'ls /root'
192.168.0.226 | CHANGED | rc=0 >>
1.sh
2.txt
log.tar.xz
[root@0033 ~]# ansible all -m shell -a 'du -sh /root/log.tar.xz'
192.168.0.226 | CHANGED | rc=0 >>
12K /root/log.tar.xz
file模块
对文件夹或者文件进行操作
文件操作
#创建一个test2文件
[root@0033 ~]# ansible all -m file -a 'name=/root/test1 state=touch'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/root/test1",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
[root@0033 ~]# ansible all -a 'ls -l /root/test1'
192.168.0.226 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 May 26 13:59 /root/test
#删除test2文件
[root@0033 ~]# ansible all -m file -a 'name=/root/test1 state=absent'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/root/test1",
"state": "absent"
}
[root@0033 ~]# ansible all -a 'ls -l /root/test1'
192.168.0.226 | FAILED | rc=2 >>
ls: cannot access /root/test1: No such file or directorynon-zero return code
文件夹操作
#创建dir文件夹
[root@0033 ~]# ansible all -m file -a 'name=/root/dir1 state=directory'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/root/dir1",
"size": 4096,
"state": "directory",
"uid": 0
}
[root@0033 ~]# ansible all -a 'ls -l /root/'
192.168.0.226 | CHANGED | rc=0 >>
total 20
-rw-r--r-- 1 root root 112 May 26 11:18 1.sh
-rw-r--r-- 1 root root 0 May 26 11:32 2.txt
drwxr-xr-x 2 root root 4096 May 26 14:02 dir1
-rw-r--r-- 1 root root 11508 May 26 12:01 log.tar.xz
#删除dir1文件夹
[root@0033 ~]# ansible all -m file -a 'name=/root/dir1 state=absent'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/root/dir1",
"state": "absent"
}
[root@0033 ~]# ansible all -a 'ls -l /root/'
192.168.0.226 | CHANGED | rc=0 >>
total 16
-rw-r--r-- 1 root root 112 May 26 11:18 1.sh
-rw-r--r-- 1 root root 0 May 26 11:32 2.txt
-rw-r--r-- 1 root root 11508 May 26 12:01 log.tar.xz
软连接操作
#创建
[root@0033 ~]# ansible all -m file -a 'src=/etc/fstab dest=/root/fstab.link state=link'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/root/fstab.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/etc/fstab",
"state": "link",
"uid": 0
}
[root@0033 ~]# ansible all -a 'ls -l /root/'
192.168.0.226 | CHANGED | rc=0 >>
total 16
-rw-r--r-- 1 root root 112 May 26 11:18 1.sh
-rw-r--r-- 1 root root 0 May 26 11:32 2.txt
lrwxrwxrwx 1 root root 10 May 26 14:06 fstab.link -> /etc/fstab
-rw-r--r-- 1 root root 11508 May 26 12:01 log.tar.xz
#删除
[root@0033 ~]# ansible all -m file -a 'dest=/root/fstab.link state=absent'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/root/fstab.link",
"state": "absent"
}
[root@0033 ~]# ansible all -a 'ls -l /root/'
192.168.0.226 | CHANGED | rc=0 >>
total 16
-rw-r--r-- 1 root root 112 May 26 11:18 1.sh
-rw-r--r-- 1 root root 0 May 26 11:32 2.txt
-rw-r--r-- 1 root root 11508 May 26 12:01 log.tar.xz
hostname
管理主机名
[root@0033 ~]# ansible 192.168.0.226 -m hostname -a 'name=test'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"ansible_domain": "",
"ansible_fqdn": "test",
"ansible_hostname": "test",
"ansible_nodename": "test",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "test"
}
[root@0033 ~]# ansible 192.168.0.226 -a 'hostname'
192.168.0.226 | CHANGED | rc=0 >>
test
cron
计划任务模块
创建一个计划任务
[root@0033 ~]# ansible all -m cron -a 'minute=* weekday=1,3,5 job="/usr/bin/wall warning" name=warningcron'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"warningcron"
]
}
[root@0033 ~]# ansible all -a 'crontab -l'
192.168.0.226 | CHANGED | rc=0 >>
#Ansible: warningcron
* * * * 1,3,5 /usr/bin/wall warning
[root@0033 ~]#
禁用计划任务(如果开启将disabled改为false即可,yes、no也可)
[root@0033 ~]# ansible all -m cron -a 'disabled=true job="/usr/bin/wall warning" name=warningcron'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"warningcron"
]
}
[root@0033 ~]# ansible all -a 'crontab -l'
192.168.0.226 | CHANGED | rc=0 >>
#Ansible: warningcron
#* * * * * /usr/bin/wall warnin
删除一个计划任务
[root@0033 ~]# ansible all -m cron -a 'job="/usr/bin/wall warning" name=warningcron state=absent'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
[root@0033 ~]# ansible all -a 'crontab -l'
192.168.0.226 | CHANGED | rc=0 >>
yum
yum在线安装模块
[root@0033 ~]# ansible all -m yum -a 'name=vsftpd'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"vsftpd"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\nResolving Dependencies\n--> Running transaction check\n---> Package vsftpd.x86_64 0:3.0.2-29.el7_9 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n vsftpd x86_64 3.0.2-29.el7_9 updates 173 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 173 k\nInstalled size: 353 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : vsftpd-3.0.2-29.el7_9.x86_64 1/1 \n Verifying : vsftpd-3.0.2-29.el7_9.x86_64 1/1 \n\nInstalled:\n vsftpd.x86_64 0:3.0.2-29.el7_9 \n\nComplete!\n"
]
}
[root@0033 ~]# ansible all -m shell -a 'rpm -qa|grep vsftpd'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If you need to use command because yum, dnf or zypper is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.0.226 | CHANGED | rc=0 >>
vsftpd-3.0.2-29.el7_9.x86_64
查看所有安装的包
[root@0033 ~]# ansible all -m yum -a 'list=installed'
卸载一个模块
[root@0033 ~]# ansible all -m yum -a 'name=vsftpd state=removed'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"removed": [
"vsftpd"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nResolving Dependencies\n--> Running transaction check\n---> Package vsftpd.x86_64 0:3.0.2-29.el7_9 will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n vsftpd x86_64 3.0.2-29.el7_9 @updates 353 k\n\nTransaction Summary\n================================================================================\nRemove 1 Package\n\nInstalled size: 353 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Erasing : vsftpd-3.0.2-29.el7_9.x86_64 1/1 \n Verifying : vsftpd-3.0.2-29.el7_9.x86_64 1/1 \n\nRemoved:\n vsftpd.x86_64 0:3.0.2-29.el7_9 \n\nComplete!\n"
]
}
[root@0033 ~]# ansible all -m shell -a 'rpm -qa|grep vsftpd'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If you need to use command because yum, dnf or zypper is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.0.226 | FAILED | rc=1 >>
non-zero return code
安装多个包
[root@0033 ~]# ansible all -m yum -a 'name=vsftpd,nginx,httpd'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"vsftpd",
"nginx",
"httpd"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-98.el7.centos.7 will be installed\n--> Processing Dependency: httpd-tools = 2.4.6-98.el7.centos.7 for package: httpd-2.4.6-98.el7.centos.7.x86_64\n--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-98.el7.centos.7.x86_64\n--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-98.el7.centos.7.x86_64\n--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-98.el7.centos.7.x86_64\n---> Package nginx.x86_64 1:1.20.1-10.el7 will be installed\n--> Processing Dependency: nginx-filesystem = 1:1.20.1-10.el7 for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_0)(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_1)(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: nginx-filesystem for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: redhat-indexhtml for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: libcrypto.so.1.1()(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: libprofiler.so.0()(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64\n--> Processing Dependency: libssl.so.1.1()(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64\n---> Package vsftpd.x86_64 0:3.0.2-29.el7_9 will be installed\n--> Running transaction check\n---> Package apr.x86_64 0:1.4.8-7.el7 will be installed\n---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed\n---> Package centos-indexhtml.noarch 0:7-9.el7.centos will be installed\n---> Package gperftools-libs.x86_64 0:2.6.1-1.el7 will be installed\n---> Package httpd-tools.x86_64 0:2.4.6-98.el7.centos.7 will be installed\n---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed\n---> Package nginx-filesystem.noarch 1:1.20.1-10.el7 will be installed\n---> Package openssl11-libs.x86_64 1:1.1.1k-5.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n httpd x86_64 2.4.6-98.el7.centos.7 updates 2.7 M\n nginx x86_64 1:1.20.1-10.el7 epel 588 k\n vsftpd x86_64 3.0.2-29.el7_9 updates 173 k\nInstalling for dependencies:\n apr x86_64 1.4.8-7.el7 base 104 k\n apr-util x86_64 1.5.2-6.el7 base 92 k\n centos-indexhtml noarch 7-9.el7.centos base 92 k\n gperftools-libs x86_64 2.6.1-1.el7 base 272 k\n httpd-tools x86_64 2.4.6-98.el7.centos.7 updates 94 k\n mailcap noarch 2.1.41-2.el7 base 31 k\n nginx-filesystem noarch 1:1.20.1-10.el7 epel 24 k\n openssl11-libs x86_64 1:1.1.1k-5.el7 epel 1.5 M\n\nTransaction Summary\n================================================================================\nInstall 3 Packages (+8 Dependent packages)\n\nTotal download size: 5.6 M\nInstalled size: 17 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 11 MB/s | 5.6 MB 00:00 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : apr-1.4.8-7.el7.x86_64 1/11 \n Installing : apr-util-1.5.2-6.el7.x86_64 2/11 \n Installing : httpd-tools-2.4.6-98.el7.centos.7.x86_64 3/11 \n Installing : 1:openssl11-libs-1.1.1k-5.el7.x86_64 4/11 \n Installing : 1:nginx-filesystem-1.20.1-10.el7.noarch 5/11 \n Installing : gperftools-libs-2.6.1-1.el7.x86_64 6/11 \n Installing : mailcap-2.1.41-2.el7.noarch 7/11 \n Installing : centos-indexhtml-7-9.el7.centos.noarch 8/11 \n Installing : 1:nginx-1.20.1-10.el7.x86_64 9/11 \n Installing : httpd-2.4.6-98.el7.centos.7.x86_64 10/11 \n Installing : vsftpd-3.0.2-29.el7_9.x86_64 11/11 \n Verifying : httpd-tools-2.4.6-98.el7.centos.7.x86_64 1/11 \n Verifying : centos-indexhtml-7-9.el7.centos.noarch 2/11 \n Verifying : mailcap-2.1.41-2.el7.noarch 3/11 \n Verifying : apr-1.4.8-7.el7.x86_64 4/11 \n Verifying : apr-util-1.5.2-6.el7.x86_64 5/11 \n Verifying : gperftools-libs-2.6.1-1.el7.x86_64 6/11 \n Verifying : 1:nginx-filesystem-1.20.1-10.el7.noarch 7/11 \n Verifying : vsftpd-3.0.2-29.el7_9.x86_64 8/11 \n Verifying : httpd-2.4.6-98.el7.centos.7.x86_64 9/11 \n Verifying : 1:openssl11-libs-1.1.1k-5.el7.x86_64 10/11 \n Verifying : 1:nginx-1.20.1-10.el7.x86_64 11/11 \n\nInstalled:\n httpd.x86_64 0:2.4.6-98.el7.centos.7 nginx.x86_64 1:1.20.1-10.el7 \n vsftpd.x86_64 0:3.0.2-29.el7_9 \n\nDependency Installed:\n apr.x86_64 0:1.4.8-7.el7 \n apr-util.x86_64 0:1.5.2-6.el7 \n centos-indexhtml.noarch 0:7-9.el7.centos \n gperftools-libs.x86_64 0:2.6.1-1.el7 \n httpd-tools.x86_64 0:2.4.6-98.el7.centos.7 \n mailcap.noarch 0:2.1.41-2.el7 \n nginx-filesystem.noarch 1:1.20.1-10.el7 \n openssl11-libs.x86_64 1:1.1.1k-5.el7 \n\nComplete!\n"
]
}
卸载多个服务
[root@0033 ~]# ansible all -m yum -a 'name=vsftpd,nginx,httpd state=removed'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"removed": [
"vsftpd",
"nginx",
"httpd"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-98.el7.centos.7 will be erased\n---> Package nginx.x86_64 1:1.20.1-10.el7 will be erased\n---> Package vsftpd.x86_64 0:3.0.2-29.el7_9 will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n httpd x86_64 2.4.6-98.el7.centos.7 @updates 9.4 M\n nginx x86_64 1:1.20.1-10.el7 @epel 1.7 M\n vsftpd x86_64 3.0.2-29.el7_9 @updates 353 k\n\nTransaction Summary\n================================================================================\nRemove 3 Packages\n\nInstalled size: 11 M\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Erasing : httpd-2.4.6-98.el7.centos.7.x86_64 1/3 \n Erasing : 1:nginx-1.20.1-10.el7.x86_64 2/3 \n Erasing : vsftpd-3.0.2-29.el7_9.x86_64 3/3 \n Verifying : vsftpd-3.0.2-29.el7_9.x86_64 1/3 \n Verifying : httpd-2.4.6-98.el7.centos.7.x86_64 2/3 \n Verifying : 1:nginx-1.20.1-10.el7.x86_64 3/3 \n\nRemoved:\n httpd.x86_64 0:2.4.6-98.el7.centos.7 nginx.x86_64 1:1.20.1-10.el7 \n vsftpd.x86_64 0:3.0.2-29.el7_9 \n\nComplete!\n"
]
}
如果是本地的rpm文件,可以先使用copy模块拷贝到其他机器,在使用yum模块指定name=rpm路径,即可
service
服务管理
启动vsftpd并且设置为开机自启动
[root@0033 ~]# ansible all -m service -a 'name=vsftpd state=started enabled=yes'
192.168.0.226 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"enabled": true,
"name": "vsftpd",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Fri 2023-05-26 15:47:33 CST",
"ActiveEnterTimestampMonotonic": "21333382495",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "basic.target systemd-journald.socket network.target system.slice",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "yes",
"AssertTimestamp": "Fri 2023-05-26 15:47:33 CST",
"AssertTimestampMonotonic": "21333379437",
"Before": "multi-user.target shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "no",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Fri 2023-05-26 15:47:33 CST",
"ConditionTimestampMonotonic": "21333379437",
"Conflicts": "shutdown.target",
"ControlGroup": "/system.slice/vsftpd.service",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "Vsftpd ftp daemon",
"DevicePolicy": "auto",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "26430",
"ExecMainStartTimestamp": "Fri 2023-05-26 15:47:33 CST",
"ExecMainStartTimestampMonotonic": "21333382475",
"ExecMainStatus": "0",
"ExecStart": "{ path=/usr/sbin/vsftpd ; argv[]=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf ; ignore_errors=no ; start_time=[Fri 2023-05-26 15:47:33 CST] ; stop_time=[Fri 2023-05-26 15:47:33 CST] ; pid=26429 ; code=exited ; status=0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/vsftpd.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "vsftpd.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestamp": "Fri 2023-05-26 15:47:33 CST",
"InactiveExitTimestampMonotonic": "21333379806",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "4096",
"LimitNPROC": "63453",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "63453",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "26430",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "vsftpd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "basic.target system.slice",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "running",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "18446744073709551615",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "enabled",
"WantedBy": "multi-user.target",
"WatchdogTimestamp": "Fri 2023-05-26 15:47:33 CST",
"WatchdogTimestampMonotonic": "21333382486",
"WatchdogUSec": "0"
}
}
[root@0033 ~]# ansible all -m shell -a 'systemctl is-enabled vsftpd'
192.168.0.226 | CHANGED | rc=0 >>
enabled
同理,重启或者停止等,可以将state字段修改为reloaded, restarted, started, stopped等等,关闭自启动可以将enabled改为false或者no
user
用户管理
创建一个haha账号
#system表示是否为系统用户,home指定家目录,groups为附加组
[root@0033 ~]# ansible all -m user -a 'name=haha shell=/sbin/nologin system=yes home=/root/haha groups=root'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": true,
"comment": "",
"group": 1000,
"groups": "root",
"home": "/root/haha",
"move_home": false,
"name": "haha",
"shell": "/sbin/nologin",
"state": "present",
"uid": 1000
}
[root@0033 ~]# ansible all -a 'getent passwd haha'
192.168.0.226 | CHANGED | rc=0 >>
haha:x:1000:1000::/root/haha:/sbin/nologin
[root@0033 ~]# ansible all -a 'ls -l /root'
192.168.0.226 | CHANGED | rc=0 >>
total 20
-rw-r--r-- 1 root root 112 May 26 11:18 1.sh
-rw-r--r-- 1 root root 0 May 26 11:32 2.txt
drwx------ 2 haha haha 4096 May 10 14:30 haha
-rw-r--r-- 1 root root 11508 May 26 12:01 log.tar.xz
删除haha账号与haha的家目录
[root@0033 ~]# ansible all -m user -a 'name=haha state=absent remove=yes'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
}, `在这里插入代码片`
"changed": true,
"force": false,
"name": "haha",
"remove": true,
"state": "absent"
}
[root@0033 ~]# ansible all -a 'ls -l /root'
192.168.0.226 | CHANGED | rc=0 >>
total 16
-rw-r--r-- 1 root root 112 May 26 11:18 1.sh
-rw-r--r-- 1 root root 0 May 26 11:32 2.txt
-rw-r--r-- 1 root root 11508 May 26 12:01 log.tar.xz
[root@0033 ~]# ansible all -a 'getent passwd haha'
192.168.0.226 | FAILED | rc=2 >>
non-zero return code
group
组管理
创建哈哈的组
[root@0033 ~]# ansible all -m group -a 'name=haha system=yes gid=80'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 80,
"name": "haha",
"state": "present",
"system": true
}
[root@0033 ~]# ansible all -a 'getent group haha'
192.168.0.226 | CHANGED | rc=0 >>
haha:x:80:
删除组
[root@0033 ~]# ansible all -m group -a 'name=haha state=absent'
192.168.0.226 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "haha",
"state": "absent"
}
[root@0033 ~]# ansible all -a 'getent group haha'
192.168.0.226 | FAILED | rc=2 >>
non-zero return code
码字不易。如果文章对您有希望的话,请三连支持一波。
如有问题,欢迎留言,一起探讨,感谢。
也可关注下方公众号,看到留言后会第一时间回复。
