3.3.4 ansible-pull命令
此类工具会推送ansible的命令至远程,效率无限提升,对运维要求较高
3.3.5 ansbile-playbook
此工具用于执行编写好的playbook任务
范例
调用command模块执行了/usr/bin/wall hello world超作
——————
[root@hdss7-11 ~]# vim hello.yml
[root@hdss7-11 ~]# cat hello.yml
---
#hello world yml file
- hosts: websrvs
remote_user: root
tasks:
- name: hello world
command: /usr/bin/wall hello world
[root@hdss7-11 ~]# ansible-playbook hello.yml
PLAY [websrvs] *********************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
ok: [10.4.7.21]
ok: [10.4.7.22]
TASK [hello world] *****************************************************************************************************
changed: [10.4.7.22]
changed: [10.4.7.21]
PLAY RECAP *************************************************************************************************************
10.4.7.21 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
10.4.7.22 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@hdss7-11 ~]#然后到21和22上去看下结果如下,说明脚本执行成功
3.3.6 ansible-vailt
此工具可以用于加密解密yml文件
格式
ansible-vault [create|decrypt|edit|encrypt|rekey|view]
范例
ansible-vault encrypt hello.yml #加密
ansible-vault decrypt hello.yml #解密
ansible-vault view hello.yml #查看
ansible-vault edit hello.yml #编辑加密文件
ansible-vault rekey hello.yml #修改口令
ansible-vault create new.yml #创建新文件————————
将文件加密
加密后yml文件就不能看了保护了你的创作产权和公司机密信息
加密后的文件是不能在直接执行的,,所以必须解密后才能执行
[root@hdss7-11 ~]# ansible-vault encrypt hello.yml
New Vault password:
Confirm New Vault password:
Encryption successful
[root@hdss7-11 ~]# cat hello.yml
$ANSIBLE_VAULT;1.1;AES256
30663861376639376130323363613634666465373934313536303762643363356362363930313962
6664383966643261306133366463386531343433313439640a366436323265616364303732336462
34316537633331393163616461653530303861353865313766336432343534313866393038326262
3938653762303337390a666339303962323233623032353136373632663532653565333565313264
64306239343566383733303936373066306463613730326438646466306266363133376661646632
34643631333865316634373664353335306438323132393863363761343965663463383937353237
33376137346461643264373235613037623630626130643063393065356261386239366261343162
34343165656135646630663265376361646566356262363763353963323565383933363537653762
31373239353330646538366561356436653739343766396365646130653162343462653666666364
62303138663032623635626266633338313934343463626338306239383034306239353362326465
346431363530323038393362336262616638
[root@hdss7-11 ~]# ansible-playbook hello.yml
ERROR! Attempting to decrypt but no vault secrets found解密
[root@hdss7-11 ~]# ansible-vault decrypt hello.yml
Vault password:
Decryption successful
[root@hdss7-11 ~]# cat hello.yml
---
#hello world yml file
- hosts: websrvs
remote_user: root
tasks:
- name: hello world
command: /usr/bin/wall hello world3.3.7 ansible-console
此工具可以交互执行命令,支持tab,ansible 2.0+新增
提示符格式:
执行用户@当前操作的主机组(当前组的主机数量)[f:并发数]$
常用子命令
* 切换并发数: forks n 例如:forks 10
* 切换组: cd 主机组 例如: cd web
* 列出当前组主机列表: list
* 列出所有的内置命令:?或help
————————
[root@hdss7-11 ~]# ansible-console
Welcome to the ansible console.
Type help or ? to list commands.
root@all (3)[f:5]$ list
10.4.7.12
10.4.7.21
10.4.7.22
root@all (3)[f:5]$ cd appsrvs
root@appsrvs (3)[f:5]$ cd websrvs
root@websrvs (2)[f:5]$ list
10.4.7.21
10.4.7.22
root@websrvs (2)[f:5]$ forks 10
root@websrvs (2)[f:10]$3.4 Ansible常用模块
https://docs.ansible.com/ansible/latest/modules/modules_by_category.html3.4.1 Command 模块
功能:在远程主机执行命令,此为默认模块,可忽略-m选项
注意:此命令不支持$VARNAME < >| ; & 等,用shell模块实现
范例
————————
[root@hdss7-11 ~]# ansible-doc -s command
- name: Execute commands on targets
command:
argv: # Passes the command as a list rather than a string. Use `argv' to avoid quoting values
that would otherwise be interpreted incorrectly (for
example "user name"). Only the string or the list form
can be provided, not both. One or the other must be
provided.
chdir: # Change into this directory before running the command. 执行命令前先进入这个目录
cmd: # The command to run. 命令将运行
creates: # A filename or (since 2.0) glob pattern. If it already exists, this step *won't* be run. 如果文件存在经不运行
free_form: # The command module takes a free form command to run. There is no actual parameter named
'free form'.
removes: # A filename or (since 2.0) glob pattern. If it already exists, this step *will* be run. 如果存在将执行
stdin: # Set the stdin of the command directly to the specified value.
stdin_add_newline: # If set to `yes', append a newline to stdin data.
strip_empty_ends: # Strip empty lines from the end of stdout/stderr in result.
warn: # Enable or disable task warnings.
[root@hdss7-11 ~]#
[root@hdss7-11 ~]# ansible websrvs --list
hosts (2):
10.4.7.21
10.4.7.22
[root@hdss7-11 ~]# ansible websrvs -m command -a 'cat /etc/centos-release'
10.4.7.22 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
10.4.7.21 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
[root@hdss7-11 ~]# ansible websrvs -m command -a 'cd=/etc cat centos-release'
10.4.7.21 | FAILED | rc=2 >>
[Errno 2] 没有那个文件或目录
10.4.7.22 | FAILED | rc=2 >>
[Errno 2] 没有那个文件或目录
[root@hdss7-11 ~]# ansible websrvs -m command -a 'chdir=/etc cat centos-release'
10.4.7.22 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
10.4.7.21 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
[root@hdss7-11 ~]# ansible websrvs -m command -a 'chdir=/etc creates=/data/f1.txt cat centos-release'
10.4.7.21 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
10.4.7.22 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
上面的命令是因为文件不存在所以都执行,然后我去在21上传建了文件mkdir -p /data/f1.txt,然后在执行
[root@hdss7-11 ~]# ^C
[root@hdss7-11 ~]# ansible websrvs -m command -a 'chdir=/etc creates=/data/f1.txt cat centos-release'
10.4.7.22 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
10.4.7.21 | SUCCESS | rc=0 >>
skipped, since /data/f1.txt exists
[root@hdss7-11 ~]# ansible websrvs -m command -a 'chdir=/etc removes=/data/f1.txt cat centos-release'
10.4.7.22 | SUCCESS | rc=0 >>
skipped, since /data/f1.txt does not exist
10.4.7.21 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)command模块是有很多的Linux命令不支持的比如通配符,管道符,等
[root@hdss7-11 ~]# ansible websrvs -m command -a 'ls -rf /data'
10.4.7.21 | CHANGED | rc=0 >>
f1.txt
.
..
10.4.7.22 | FAILED | rc=2 >>
ls: 无法访问/data: 没有那个文件或目录non-zero return code
[root@hdss7-11 ~]# ansible websrvs -m command -a 'rm -rf /data/*'
[WARNING]: Consider using the file module with state=absent rather than running 'rm'. If you need to use command
because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
10.4.7.22 | CHANGED | rc=0 >>
10.4.7.21 | CHANGED | rc=0 >>
[root@hdss7-11 ~]# ansible websrvs -m command -a 'ls -l /data'
10.4.7.22 | FAILED | rc=2 >>
ls: 无法访问/data: 没有那个文件或目录non-zero return code
10.4.7.21 | CHANGED | rc=0 >>
总用量 4
drwxr-xr-x. 2 root root 4096 8月 11 20:44 f1.txt
[root@hdss7-11 ~]# ansible websrvs -m command -a 'rm -rf /data/*'
[WARNING]: Consider using the file module with state=absent rather than running 'rm'. If you need to use command
because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
10.4.7.22 | CHANGED | rc=0 >>
10.4.7.21 | CHANGED | rc=0 >>
[root@hdss7-11 ~]# ansible websrvs -m command -a 'ls -l /data'
10.4.7.22 | FAILED | rc=2 >>
ls: 无法访问/data: 没有那个文件或目录non-zero return code
10.4.7.21 | CHANGED | rc=0 >>
总用量 0
-rw-r--r--. 1 root root 0 8月 11 20:51 f1.txt
[root@hdss7-11 ~]# ansible websrvs -m command -a 'rm -rf /data/'
[WARNING]: Consider using the file module with state=absent rather than running 'rm'. If you need to use command
because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
10.4.7.22 | CHANGED | rc=0 >>
10.4.7.21 | CHANGED | rc=0 >>
[root@hdss7-11 ~]# ansible websrvs -m command -a 'ls -l /data'
10.4.7.22 | FAILED | rc=2 >>
ls: 无法访问/data: 没有那个文件或目录non-zero return code
10.4.7.21 | FAILED | rc=2 >>
ls: 无法访问/data: 没有那个文件或目录non-zero return code
[root@hdss7-11 ~]# ansible websrvs -m command -a 'echo hello > /data/hello.log'
10.4.7.22 | CHANGED | rc=0 >>
hello > /data/hello.log
10.4.7.21 | CHANGED | rc=0 >>
hello > /data/hello.log
[root@hdss7-11 ~]# ansible websrvs -m command -a 'cat /data/hello.log'
10.4.7.22 | FAILED | rc=1 >>
cat: /data/hello.log: 没有那个文件或目录non-zero return code
10.4.7.21 | FAILED | rc=1 >>
cat: /data/hello.log: 没有那个文件或目录non-zero return code
[root@hdss7-11 ~]# ansible websrvs -m command -a 'echo centos | passwd --stdin lai'
10.4.7.22 | CHANGED | rc=0 >>
centos | passwd --stdin lai
10.4.7.21 | CHANGED | rc=0 >>
centos | passwd --stdin lai
[root@hdss7-11 ~]# ansible websrvs -m command -a 'ls -l /etc/shadow' ##下面的时间和当前时间不一样说明没改成功
10.4.7.22 | CHANGED | rc=0 >>
----------. 1 root root 1262 8月 7 05:12 /etc/shadow
10.4.7.21 | CHANGED | rc=0 >>
----------. 1 root root 1262 8月 7 05:13 /etc/shadow
[root@hdss7-11 ~]# ansible websrvs -m command -a 'date'
10.4.7.22 | CHANGED | rc=0 >>
2021年 08月 11日 星期三 20:57:28 CST
10.4.7.21 | CHANGED | rc=0 >>
2021年 08月 11日 星期三 20:57:28 CST3.4.2 shell模块
功能: 和command相似,用shell执行命令
范例
————————
[root@hdss7-11 ~]# ansible-doc -s shell
- name: Execute shell commands on targets
shell:
chdir: # Change into this directory before running the command.
cmd: # The command to run followed by optional arguments.
creates: # A filename, when it already exists, this step will *not* be run.
executable: # Change the shell used to execute the command. This expects an absolute path to the
executable.
free_form: # The shell module takes a free form command to run, as a string. There is no actual
parameter named 'free form'. See the examples on how to
use this module.
removes: # A filename, when it does not exist, this step will *not* be run.
stdin: # Set the stdin of the command directly to the specified value.
stdin_add_newline: # Whether to append a newline to stdin data.
warn: # Whether to enable task warnings.在这里插入代码片[root@hdss7-11 ~]# ansible websrvs -m shell -a 'echo $HOSTNAME'
10.4.7.22 | CHANGED | rc=0 >>
10.4.7.21 | CHANGED | rc=0 >>
localhost.localdomain
[root@hdss7-11 ~]# ansible websrvs -a 'echo $HOSTNAME'
10.4.7.22 | CHANGED | rc=0 >>
$HOSTNAME
10.4.7.21 | CHANGED | rc=0 >>
$HOSTNAME[root@hdss7-11 ~]# ansible websrvs -m shell -a 'echo $HOSTNAME'
10.4.7.22 | CHANGED | rc=0 >>
10.4.7.21 | CHANGED | rc=0 >>
localhost.localdomain
[root@hdss7-11 ~]# ansible websrvs -a 'echo $HOSTNAME'
10.4.7.22 | CHANGED | rc=0 >>
$HOSTNAME
10.4.7.21 | CHANGED | rc=0 >>
$HOSTNAME
[root@hdss7-11 ~]# ^C
[root@hdss7-11 ~]# ansible websrvs -a 'useradd dong'
10.4.7.22 | CHANGED | rc=0 >>
10.4.7.21 | CHANGED | rc=0 >>
[root@hdss7-11 ~]# ansible websrvs -m shell -a 'useradd dong'
10.4.7.22 | FAILED | rc=9 >>
useradd:用户“dong”已存在non-zero return code
10.4.7.21 | FAILED | rc=9 >>
useradd:用户“dong”已存在non-zero return code
[root@hdss7-11 ~]# ansible websrvs -m shell -a 'echo centos |passwd --stdin dong'
10.4.7.22 | CHANGED | rc=0 >>
更改用户 dong 的密码 。
passwd:所有的身份验证令牌已经成功更新。
10.4.7.21 | CHANGED | rc=0 >>
更改用户 dong 的密码 。
passwd:所有的身份验证令牌已经成功更新。
[root@hdss7-11 ~]# ansible websrvs -m shell -a 'ls -l /etc/shadow'
10.4.7.22 | CHANGED | rc=0 >>
---------- 1 root root 1385 8月 11 21:07 /etc/shadow
10.4.7.21 | CHANGED | rc=0 >>
----------. 1 root root 1385 8月 11 21:07 /etc/shadow
[root@hdss7-11 ~]# ansible websrvs -m shell -a 'echo hello > /data/hello.log'
10.4.7.22 | FAILED | rc=1 >>
/bin/sh: /data/hello.log: 没有那个文件或目录non-zero return code
10.4.7.21 | FAILED | rc=1 >>
/bin/sh: /data/hello.log: 没有那个文件或目录non-zero return code
[root@hdss7-11 ~]# ansible websrvs -m shell -a 'mkdir /data'
[WARNING]: Consider using the file module with state=directory rather than running 'mkdir'. If you need to use command
because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
10.4.7.22 | CHANGED | rc=0 >>
10.4.7.21 | CHANGED | rc=0 >>
[root@hdss7-11 ~]# ansible websrvs -m shell -a 'echo hello > /data/hello.log'
10.4.7.21 | CHANGED | rc=0 >>
10.4.7.22 | CHANGED | rc=0 >>
[root@hdss7-11 ~]# ansible websrvs -m shell -a 'cat /data/hello.log'
10.4.7.22 | CHANGED | rc=0 >>
hello
10.4.7.21 | CHANGED | rc=0 >>
hello
[root@hdss7-11 ~]# ansible websrvs -m shell -a 'chdir=/data cat hello.log'
10.4.7.22 | CHANGED | rc=0 >>
hello
10.4.7.21 | CHANGED | rc=0 >>
hello
[root@hdss7-11 ~]# ansible websrvs -m shell -a 'chdir=/data creates=/etc/issue cat hello.log'
10.4.7.22 | SUCCESS | rc=0 >>
skipped, since /etc/issue exists
10.4.7.21 | SUCCESS | rc=0 >>
skipped, since /etc/issue exists
[root@hdss7-11 ~]# ansible websrvs -m shell -a 'chdir=/data removes=/etc/issue cat hello.log'
10.4.7.22 | CHANGED | rc=0 >>
hello
10.4.7.21 | CHANGED | rc=0 >>
hello有上面的command模块和shell模块对比,发现shell更好用,我们可以把shell模块改为默认模块
方法
[root@hdss7-11 ~]# vi /etc/ansible/ansible.cfg
这样模块就可以不用写了默认是shell
3.4.3 Script 模块
功能:在远程主机上运行ansible服务器上的脚本
说明::::shell模块执行是脚本已经存在目标主机上的才能执行
范例
————————
[root@hdss7-11 ~]# ansible-doc -s script
- name: Runs a local script on a remote node after transferring it
script:
chdir: # Change into this directory on the remote node before running the script.
cmd: # Path to the local script to run followed by optional arguments.
creates: # A filename on the remote node, when it already exists, this step will *not* be run.
decrypt: # This option controls the autodecryption of source files using vault.
executable: # Name or path of a executable to invoke the script with.
free_form: # Path to the local script file followed by optional arguments.
removes: # A filename on the remote node, when it does not exist, this step will *not* be run.
[root@hdss7-11 ~]#说明::::shell模块执行是脚本已经存在目标主机上的才能执行
比如我们在21上写个脚本,22上不写,然后去11上用ansible执行脚本
看结果 -----若是scp拷贝过去那样也太麻烦了,所以用模块Script
21上写脚本
[root@localhost ~]# cat > test.sh
#!/bin/bash
hostname
^C
[root@localhost ~]# ll
total 12
-rw-------. 1 root root 1762 Aug 7 05:14 anaconda-ks.cfg
-rw-r--r--. 1 root root 1810 Aug 7 05:16 initial-setup-ks.cfg
-rw-r--r--. 1 root root 21 Aug 11 21:23 test.sh
[root@localhost ~]# chmod +x test.sh
[root@localhost ~]# ./test.sh
localhost.localdomain
到11上执行命令
[root@hdss7-11 ~]# ansible websrvs -a '/root/test.sh'
10.4.7.22 | FAILED | rc=127 >>
/bin/sh: /root/test.sh: 没有那个文件或目录non-zero return code
10.4.7.21 | CHANGED | rc=0 >>
localhost.localdomain
[root@hdss7-11 ~]#现在我们用模块去操作看下
[root@hdss7-11 ~]# cat > test.sh
echo My hostname is `hostname`
^C
[root@hdss7-11 ~]# cat test.sh
echo My hostname is `hostname`
[root@hdss7-11 ~]# chmod +x test.sh
[root@hdss7-11 ~]# ./test.sh
My hostname is
[root@hdss7-11 ~]# ansible websrvs -m script -a '/root/test.sh'
10.4.7.22 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.4.7.22 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.4.7.22 closed."
],
"stdout": "My hostname is \r\n",
"stdout_lines": [
"My hostname is "
]
}
10.4.7.21 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.4.7.21 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.4.7.21 closed."
],
"stdout": "My hostname is localhost.localdomain\r\n",
"stdout_lines": [
"My hostname is localhost.localdomain"
]
}为了看到脚本的执行过程,说明ansible执行就是把test.sh推送到目标主机执行我们做下面实验
11上改脚本
[root@hdss7-11 ~]# cat test.sh
echo My hostname is `hostname`
sleep 100
[root@hdss7-11 ~]# ^C
[root@hdss7-11 ~]# ansible websrvs -m script -a '/root/test.sh'
10.4.7.22 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.4.7.22 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.4.7.22 closed."
],
"stdout": "My hostname is \r\n",
"stdout_lines": [
"My hostname is "
]
}
10.4.7.21 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.4.7.21 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.4.7.21 closed."
],
"stdout": "My hostname is localhost.localdomain\r\n",
"stdout_lines": [
"My hostname is localhost.localdomain"
]
}
在执行的时候去21上看下文件
[root@localhost ~]# cat .ansible/tmp/ansible-tmp-1628688935.24-54951-196272443875340/test.sh
echo My hostname is `hostname`
sleep 100
执行结束后就没有这个文件了,就按你在执行过程中在11上Ctrl+C 但是还是会自动删除哦(这里面可以用信号铺捉命令trap)
[root@localhost ~]# cat .ansible/tmp/ansible-tmp-1628688935.24-54951-196272443875340/test.sh
cat: .ansible/tmp/ansible-tmp-1628688935.24-54951-196272443875340/test.sh: No such file or directory3.4.4 Copy模块
功能:从ansible服务器主控端复制文件到远程主机
——————————
[root@hdss7-11 ~]# ansible websrvs -m copy -a "content='test line1\ntest line2' dest=/tmp/test.txt"
10.4.7.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "43791ccbbcf72774b2bbbe6fe8d7ab488359b922",
"dest": "/tmp/test.txt",
"gid": 0,
"group": "root",
"md5sum": "f0e596e1a1a3ef7d278f2dda4d4e6ec8",
"mode": "0644",
"owner": "root",
"size": 21,
"src": "/root/.ansible/tmp/ansible-tmp-1628689811.87-55139-229202774480832/source",
"state": "file",
"uid": 0
}
10.4.7.21 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "43791ccbbcf72774b2bbbe6fe8d7ab488359b922",
"dest": "/tmp/test.txt",
"gid": 0,
"group": "root",
"md5sum": "f0e596e1a1a3ef7d278f2dda4d4e6ec8",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 21,
"src": "/root/.ansible/tmp/ansible-tmp-1628689812.05-55137-257520235557832/source",
"state": "file",
"uid": 0
}
[root@hdss7-11 ~]# ansible websrvs -a "cat /tmp/test.txt"
10.4.7.21 | CHANGED | rc=0 >>
test line1
test line2
10.4.7.22 | CHANGED | rc=0 >>
test line1
test line2
下面是用ansible测试拷贝文件和拷贝目录到目标主机,文件多了会慢
[root@hdss7-11 ~]# ansible websrvs -m copy -a "src=/etc/centos-release dest=/data/os.txt owner=dong mode=600"
10.4.7.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "dd9a53b0d396d3ab190cfbc08dca572d3e741a03",
"dest": "/data/os.txt",
"gid": 0,
"group": "root",
"md5sum": "712356bf79a10f4c45cc0a1772bbeaf6",
"mode": "0600",
"owner": "dong",
"size": 38,
"src": "/root/.ansible/tmp/ansible-tmp-1628689985.01-55310-41129428274553/source",
"state": "file",
"uid": 1001
}
10.4.7.21 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "dd9a53b0d396d3ab190cfbc08dca572d3e741a03",
"dest": "/data/os.txt",
"gid": 0,
"group": "root",
"md5sum": "712356bf79a10f4c45cc0a1772bbeaf6",
"mode": "0600",
"owner": "dong",
"secontext": "system_u:object_r:default_t:s0",
"size": 38,
"src": "/root/.ansible/tmp/ansible-tmp-1628689985.0-55308-173664581856645/source",
"state": "file",
"uid": 1001
}
[root@hdss7-11 ~]# ansible websrvs -a "cat /data/os.txt"
10.4.7.22 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
10.4.7.21 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
[root@hdss7-11 ~]# ansible websrvs -m copy -a "src=/etc/sysconfig dest=/data/ owner=dong mode=600"
10.4.7.22 | CHANGED => {
"changed": true,
"dest": "/data/",
"src": "/etc/sysconfig"
}
10.4.7.21 | CHANGED => {
"changed": true,
"dest": "/data/",
"src": "/etc/sysconfig"
}
[root@hdss7-11 ~]# ansible websrvs -a "ls -l /data/"
10.4.7.22 | CHANGED | rc=0 >>
总用量 12
-rw-r--r-- 1 root root 6 8月 11 21:10 hello.log
-rw------- 1 dong root 38 8月 11 21:53 os.txt
drwxr-xr-x 6 dong root 4096 8月 11 21:55 sysconfig
10.4.7.21 | CHANGED | rc=0 >>
总用量 12
-rw-r--r--. 1 root root 6 8月 11 21:10 hello.log
-rw-------. 1 dong root 38 8月 11 21:53 os.txt
drwxr-xr-x. 6 dong root 4096 8月 11 21:55 sysconfig
[root@hdss7-11 ~]# ^C3.4.5 Fetch模块
功能:从远程主机提取文件至ansbile的主控端吗,copy相反,目前不支持目录
范例
——————————
下面就是抓取目标主机的指定内容
[root@hdss7-11 ~]# ansible-doc -s fetch
- name: Fetch files from remote nodes
fetch:
dest: # (required) A directory to save the file into. For example, if the `dest' directory is
`/backup' a `src' file named `/etc/profile' on host
`', would be saved into
`/backup//etc/profile'. The host name is
based on the inventory name.
fail_on_missing: # When set to `yes', the task will fail if the remote file cannot be read for any reason.
Prior to Ansible 2.5, setting this would only fail if the
source file was missing. The default was changed to `yes'
in Ansible 2.5.
flat: # Allows you to override the default behavior of appending hostname/path/to/file to the
destination. If `dest' ends with '/', it will use the
basename of the source file, similar to the copy module.
This can be useful if working with a single host, or if
retrieving files that are uniquely named per host. If
using multiple hosts with the same filename, the file
will be overwritten for each host.
src: # (required) The file on the remote system to fetch. This `must' be a file, not a
directory. Recursive fetching may be supported in a later
release.
validate_checksum: # Verify that the source and destination checksums match after the files are fetched.
[root@hdss7-11 ~]# mkdir /data
mkdir: 无法创建目录"/data": 文件已存在
[root@hdss7-11 ~]# ansible all -m fetch -a 'src=/etc/redhat-release dest=/data/os'
10.4.7.22 | CHANGED => {
"changed": true,
"checksum": "dd9a53b0d396d3ab190cfbc08dca572d3e741a03",
"dest": "/data/os/10.4.7.22/etc/redhat-release",
"md5sum": "712356bf79a10f4c45cc0a1772bbeaf6",
"remote_checksum": "dd9a53b0d396d3ab190cfbc08dca572d3e741a03",
"remote_md5sum": null
}
10.4.7.12 | CHANGED => {
"changed": true,
"checksum": "dd9a53b0d396d3ab190cfbc08dca572d3e741a03",
"dest": "/data/os/10.4.7.12/etc/redhat-release",
"md5sum": "712356bf79a10f4c45cc0a1772bbeaf6",
"remote_checksum": "dd9a53b0d396d3ab190cfbc08dca572d3e741a03",
"remote_md5sum": null
}
10.4.7.21 | CHANGED => {
"changed": true,
"checksum": "dd9a53b0d396d3ab190cfbc08dca572d3e741a03",
"dest": "/data/os/10.4.7.21/etc/redhat-release",
"md5sum": "712356bf79a10f4c45cc0a1772bbeaf6",
"remote_checksum": "dd9a53b0d396d3ab190cfbc08dca572d3e741a03",
"remote_md5sum": null
}
[root@hdss7-11 ~]# cd /data/
[root@hdss7-11 data]# ll
总用量 0
drwx--x--x. 13 root root 167 8月 9 04:08 docker
drwxr-xr-x. 3 root root 58 8月 9 04:44 dockerfile
drwxr-xr-x. 5 root root 57 8月 11 22:01 os
[root@hdss7-11 data]# ls os/
10.4.7.12 10.4.7.21 10.4.7.22
[root@hdss7-11 data]# tree os/
os/
├── 10.4.7.12
│ └── etc
│ └── redhat-release
├── 10.4.7.21
│ └── etc
│ └── redhat-release
└── 10.4.7.22
└── etc
└── redhat-release
6 directories, 3 files
[root@hdss7-11 data]#3.4.6 File模块
功能: 设置文件属性
范例
创建空文件
ansible srv -m file -a 'path=/data/test.txt state=touch'
把这个文件删除
ansible srv -m file -a 'path=/data/test.txt state=absent'
更改这个文件的所有者为dong 权限为755
ansible srv -m file -a 'path=/data/test.txt owner=dong mode=755'
创建目录并递归的更改所有者所属组
ansible srv -m file -a "path=/data/mysql state=dirctory owner=mysql group=mysql"
创建软链接
ansible srv -m file -a 'src=/data/testfile dest=/data/testfile-link state=link'————————
[root@hdss7-11 ~]# ansible websrvs -m file -a 'path=/data/test.txt state=touch'
10.4.7.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/data/test.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
10.4.7.21 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/data/test.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
[root@hdss7-11 ~]# ansible websrvs -a 'ls -l /data/test.txt'
10.4.7.21 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 0 8月 11 22:14 /data/test.txt
10.4.7.22 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 8月 11 22:14 /data/test.txt
也可以更改它的组权限改为600
[root@hdss7-11 ~]# ansible websrvs -m file -a 'path=/data/test.txt group=bin mode=600'
10.4.7.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 1,
"group": "bin",
"mode": "0600",
"owner": "root",
"path": "/data/test.txt",
"size": 0,
"state": "file",
"uid": 0
}
10.4.7.21 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 1,
"group": "bin",
"mode": "0600",
"owner": "root",
"path": "/data/test.txt",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
[root@hdss7-11 ~]# ansible websrvs -a 'ls -l /data/test.txt'
10.4.7.22 | CHANGED | rc=0 >>
-rw------- 1 root bin 0 8月 11 22:14 /data/test.txt
10.4.7.21 | CHANGED | rc=0 >>
-rw-------. 1 root bin 0 8月 11 22:14 /data/test.txt3.4.7 unarchive 模块
功能:解包和解压缩
实现两种用法:
1、将ansible主机上的压缩包传到远程主机后解压缩至特定目录,设置copy=yes
2、将远程主机上的某个压缩包解压缩到指定路径下,设置copy=no
常见参数:
- copy: 设置为yes,当copy=yes ,拷贝的文件是从ansible主机复制到远程主机上,如果设置为copy=no ,会在远程主机上寻找src源文件
- remote_src: 和copy功能一样,且互斥,yes表示在远程主机,不在ansible主机,no表示文件在ansible主机上
- src:源路径,可以是ansible主机上的路径,也可以是远程主机上的路径,如果远程主机上的路径,则需要设置copy=no
- dest:远程主机上的目标路径
- mode:设置解压缩后的文件权限
范例
————————
在11上压缩下文件,比如说/etc
[root@hdss7-11 ~]# tar zcvf /data/etc.tar.gz /etc
用xz比较慢但是压缩比比较高
[root@hdss7-11 ~]# tar Jcvf /data/etc.tar.xz /etc
[root@hdss7-11 ~]# ll /data
总用量 20276
drwx--x--x. 13 root root 167 8月 9 04:08 docker
drwxr-xr-x. 3 root root 58 8月 9 04:44 dockerfile
-rw-r--r--. 1 root root 12201428 8月 11 22:27 etc.tar.gz
-rw-r--r--. 1 root root 8556844 8月 11 22:28 etc.tar.xz
drwxr-xr-x. 5 root root 57 8月 11 22:01 os
查看目标主机/data都有那些文件
[root@hdss7-11 ~]# ansible websrvs -a 'ls /data'
10.4.7.22 | CHANGED | rc=0 >>
hello.log
os.txt
sysconfig
test.txt
10.4.7.21 | CHANGED | rc=0 >>
hello.log
os.txt
sysconfig
test.txt
[root@hdss7-11 ~]# ansible websrvs -a 'rm -rf /data/*'
[WARNING]: Consider using the file module with state=absent rather than running 'rm'. If you need to use command
because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
10.4.7.22 | CHANGED | rc=0 >>
10.4.7.21 | CHANGED | rc=0 >>
下面是本机的etc.tar.gz 复制到目标主机并解压缩,并把所主改为dong用户
[root@hdss7-11 ~]# ansible websrvs -m unarchive -a 'src=/data/etc.tar.gz dest=/data/ owner=dong'
[root@hdss7-11 ~]# ansible websrvs -a 'ls -l /data/'
10.4.7.21 | CHANGED | rc=0 >>
总用量 12
drwxr-xr-x. 149 dong root 12288 8月 11 20:01 etc
10.4.7.22 | CHANGED | rc=0 >>
总用量 12
drwxr-xr-x 149 dong root 12288 8月 11 20:01 etc下面验证把远程主机的压缩后的文件copy到本机并解压缩
[root@hdss7-11 ~]# ansible websrvs -m copy -a 'src=/data/etc.tar.xz dest=/data'
[root@hdss7-11 ~]# ansible websrvs -a 'ls -l /data/'
10.4.7.22 | CHANGED | rc=0 >>
总用量 8372
drwxr-xr-x 149 dong root 12288 8月 11 20:01 etc
-rw-r--r-- 1 root root 8556844 8月 11 22:38 etc.tar.xz
10.4.7.21 | CHANGED | rc=0 >>
总用量 8372
drwxr-xr-x. 149 dong root 12288 8月 11 20:01 etc
-rw-r--r--. 1 root root 8556844 8月 11 22:38 etc.tar.xz
控制远程主机进行指定解压缩文件到某个目录下,copy=no表示不用copy到本机了
[root@hdss7-11 ~]# ansible websrvs -m unarchive -a 'src=/data/etc.tar.xz dest=/opt/ mode=700 copy=no '
10.4.7.22 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/",
"extract_results": {
"cmd": [
"/usr/bin/gtar",
"--extract",
"-C",
"/opt/",
"-f",
"/data/etc.tar.xz"
],
"err": "",
"out": "",
"rc": 0
},
"gid": 0,
"group": "root",
"handler": "TarArchive",
"mode": "0755",
"owner": "root",
"size": 4096,
"src": "/data/etc.tar.xz",
"state": "directory",
"uid": 0
}
10.4.7.21 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/",
"extract_results": {
"cmd": [
"/usr/bin/gtar",
"--extract",
"-C",
"/opt/",
"-f",
"/data/etc.tar.xz"
],
"err": "",
"out": "",
"rc": 0
},
"gid": 0,
"group": "root",
"handler": "TarArchive",
"mode": "0755",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 4096,
"src": "/data/etc.tar.xz",
"state": "directory",
"uid": 0
}
[root@hdss7-11 ~]# ansible websrvs -a 'ls -l /opt/'
10.4.7.22 | CHANGED | rc=0 >>
总用量 20
drwx--x--x 4 root root 4096 8月 8 00:34 containerd
drwx------ 149 root root 12288 8月 11 20:01 etc
drwxr-xr-x. 2 root root 4096 10月 31 2018 rh
10.4.7.21 | CHANGED | rc=0 >>
总用量 16
drwx------. 149 root root 12288 8月 11 20:01 etc
drwxr-xr-x. 2 root root 4096 10月 31 2018 rh
[root@hdss7-11 ~]# ansible websrvs -a 'du -sh /opt/'
10.4.7.22 | CHANGED | rc=0 >>
45M /opt/
10.4.7.21 | CHANGED | rc=0 >>
45M /opt/3.4.8 Archive模块
功能:打包压缩
范例
把目标主机的/var/log文件打包为log.tar.bz2放在/data目录下 指定所有者和权限
ansible websrvs -m archive -a 'path=/var/log dest=/data/log.tar.bz2 format=bz2 owner=dong mode=600'[root@hdss7-11 ~]# ansible websrvs -m archive -a 'path=/var/log dest=/data/log.tar.bz2 format=bz2 owner=dong mode=600'
[root@hdss7-11 ~]# ansible websrvs -a 'ls -l /data/log.tar.bz2'
10.4.7.22 | CHANGED | rc=0 >>
-rw------- 1 dong root 585315 8月 11 22:49 /data/log.tar.bz2
10.4.7.21 | CHANGED | rc=0 >>
-rw-------. 1 dong root 564742 8月 11 22:49 /data/log.tar.bz2
[root@hdss7-11 ~]# ^C
下面查看下属性
[root@hdss7-11 ~]# ansible websrvs -a 'file /data/log.tar.bz2'
10.4.7.22 | CHANGED | rc=0 >>
/data/log.tar.bz2: bzip2 compressed data, block size = 900k
10.4.7.21 | CHANGED | rc=0 >>
/data/log.tar.bz2: bzip2 compressed data, block size = 900k
[root@hdss7-11 ~]#
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
