linux-ansible-02 ansible常用模块

参数解析

ansible命令常用参数：

-a指定模块参数
-m指定模块名称
-M指定模块路径
–list-hosts：列出主机清单
–f FORKS：指定进程并发量，默认为5

　　其中，常用-a与-m配合完成一条ansible命令，默认使用的模块是command；也就是说，你不指定模块是，默认使用的是command模块。

举例分析

在上一篇文章中，我们改了主机名，命令如下

[root@localhost ~]# ansible node2 -m command -a "hostnamectl set-hostname node2"
node2 | CHANGED | rc=0 >>


[root@localhost ~]# ansible node3 -m command -a "hostnamectl set-hostname node3"
node3 | CHANGED | rc=0 >>


[root@localhost ~]# ssh 192.168.141.53
Last login: Sat Mar 23 16:01:20 2019 from 192.168.141.12
[root@node2 ~]# exit
logout
Connection to 192.168.141.53 closed.
[root@localhost ~]# ssh 192.168.141.69
Last login: Sat Mar 23 16:01:28 2019 from 192.168.141.12
[root@node3 ~]# exit
logout
Connection to 192.168.141.69 closed.
[root@localhost ~]#

　　其中，-m command表示指定使用command模块，-a “hostnamectl set-hostname node3”表示指定的模块参数是”hostnamectl set-hostname node3”，整个命令连起来就是用command模块将node3更改主机名称为node3的意思。

ansible的执行状态

绿色：执行成功并且不需要做改变的操作
黄色：执行成功并且对目标主机做变更
红色：执行失败

常用模块

在介绍常用模块之前，必须要掌握的命令是ansible-doc命令。

ansible-doc -l 查看当前支持的所有模块
ansible-doc -s 模块名 查看当前指定模块使用方法
ansible-doc -h 该命令使用方法
ansible-doc -M 指定模块路径

例如，查看command模块如何使用

ansible-doc -s command

ansible-doc -s 模块名之后如何退出：按q即可退出。

ping

如下，可以看到

[root@test ~]# ansible-doc -s ping

- name: Try to connect to host, verify a usable python and return `pong' on success
  ping:
      data:                  # Data to return for the `ping' return value. If this parameter is set to `crash', the
                               module will cause an exception.
[root@test ~]#

user

[root@test ~]# ansible-doc -s user

- name: Manage user accounts
  user:
      comment:               # 用户的描述信息
      create_home:           # 是否创建家目录
      force:                 # 在使用`state=absent'时, 行为与`userdel --force'一致                 group:                 # 指定基本组（主组）
      groups:                # 指定附加组，如果指定为('groups=')表示删除所有附加组
      home:                  # 指定用户家目录
      name:                  # 指定用户名
      password:              # 指定用户密码                           
      password_lock:         # 是否锁定用户的密码
      remove:                # 在使用 `state=absent'时, 行为与 `userdel --remove'一致.
      shell:                 # 指定默认shell
      state:                 # 设置帐号状态，不指定为创建，指定值为absent表示删除
      system:                # 当创建一个用户，设置这个用户是系统用户。这个设置不能更改现有用户。
      uid:                   # 指定用户的uid
      update_password:       # `always' will update passwords if they differ.  `on_create' will only set the password

group

[root@test ~]# ansible-doc -s group

- name: Add or remove groups
  group:
      gid:                   # Optional `GID' to set for the group.    
      name:                  # (required) Name of the group to manage.
      state:                 # 指定组状态，默认为创建，设置值为absent为删除
      system:                # If `yes', indicates that the group created is a system group.

command

1.command是默认使用的模块

2.不支持管道，变量及重定向等，如果是带有管道，变量及重定向符号，请用shell模块

[root@test ~]# ansible-doc -s command
- name: Executes a command on a remote node
  command:
      argv:                  # Allows the user to provide the command as a list vs. a string.  Only the string or the
                               list form can be provided, not both.  One or the other
                               must be provided.
      chdir:                 # Change into this directory before running the command.
      creates:               # A filename or (since 2.0) glob pattern. If it already exists, this step *won't* be
                               run.
      free_form:             # (required) The command module takes a free form command to run.  There is no parameter
                               actually named 'free form'. See the examples!
      removes:               # A filename or (since 2.0) glob pattern. If it already exists, this step *will* be run.
      stdin:                 # Set the stdin of the command directly to the specified value.
      warn:                  # If command_warnings are on in ansible.cfg, do not warn about this particular line if
                               set to `no'.

shell

1.调用bash执行命令

2.但是某些复杂的操作即使使用shell也可能会失败

解决方法：将操作写到脚本中，通过script模块

3.command不支持管道，变量及重定向等，如果是带有管道，变量及重定向符号，请用shell模块

[root@test ~]# ansible-doc -s shell

- name: Execute commands in nodes.
  shell:
      chdir:                 # cd into this directory before running the command
      creates:               # a filename, when it already exists, this step will *not* be run.
      executable:            # change the shell used to execute the command. Should be an absolute path to the
                               executable.
      free_form:             # (required) The shell module takes a free form command to run, as a string.  There's
                               not an actual option named "free form".  See the
                               examples!
      removes:               # a filename, when it does not exist, this step will *not* be run.
      stdin:                 # Set the stdin of the command directly to the specified value.
      warn:                  # if command warnings are on in ansible.cfg, do not warn about this particular line if
                               set to no/false.
[root@test ~]#

script

[root@test ~]# ansible-doc -s script

- name: Runs a local script on a remote node after transferring it
  script:
      chdir:                 # Change into this directory on the remote node before running the script.
      creates:               # A filename on the remote node, when it already exists, this step will *not* be run.
      decrypt:               # This option controls the autodecryption of source files using vault.
      executable:            # Name or path of a executable to invoke the script with.
      free_form:             # (required) Path to the local script file followed by optional arguments. There is no
                               parameter actually named 'free form', see the examples!
      removes:               # A filename on the remote node, when it does not exist, this step will *not* be run.
[root@test ~]#

copy

[root@test ~]# ansible-doc -s copy

- name: Copies files to remote locations
  copy:
      backup:                # 在覆盖之前，将源文件备份，备份文件包含时间信息。
      content:               # 用于替代“src”，可以直接设定指定文件的值
      dest:                  # 必选项。要将源文件复制到的远程主机的绝对路径
      directory_mode:        # 递归设定目录的权限，默认为系统默认权限
      force:                 # 强制覆盖目的文件内容，默认为yes
      others:				 # 所有的file模块里的选项都可以在这里使用
      src:                   #被复制到远程主机的本地文件，可以是绝对路径，也可以是相对路径。如果路径是一个目录，它将递归复制。

file

[root@test ~]# ansible-doc -s file

- name: Sets attributes of files
  file:
      force:                 # 需要在两种情况下强制创建软链接，一种是源文件不存在，但之后会建立的情况下；另一种是目标软链接已存在，需要先取消之前的软链，然后创建新的软链，有两个选项：yes|no
      group:                 # 定义文件/目录的所属组
      mode:                  # 定义文件/目录的权限
      owner:                 # 定义文件/目录的所属用户
      path:                  # 必选项，定义文件/目录的路径
      recurse:               # 递归设置文件的属性，只对目录有效
      src:                   # 被链接的源文件路径，只应用于state=link的情况
      dest:					 # 被链接到的路径，只应用于state=link的情况
      state：
       	directory：如果目录不存在，就创建目录
       	file：即使文件不存在，也不会被创建
       	link：创建软链接
       	hard：创建硬链接
       	touch：如果文件不存在，则会创建一个新的文件，如果文件或目录已存在，则更新其最后修改时间
       	absent：删除目录、文件或者取消链接文件

cron

[root@test ~]# ansible-doc -s cron

- name: Manage cron.d and crontab entries
  cron:
      backup:                # If set, create a backup of the crontab before it is modified. The location of the
                               backup is returned in the `backup_file' variable by
                               this module.
      cron_file:             # If specified, uses this file instead of an individual user's crontab. If this is a
                               relative path, it is interpreted with respect to
                               /etc/cron.d. (If it is absolute, it will typically be
                               /etc/crontab). Many linux distros expect (and some
                               require) the filename portion to consist solely of
                               upper- and lower-case letters, digits, underscores, and
                               hyphens. To use the `cron_file' parameter you must
                               specify the `user' as well.
      day:                   # Day of the month the job should run ( 1-31, *, */2, etc )
      disabled:              # If the job should be disabled (commented out) in the crontab. Only has effect if
                               `state=present'.
      env:                   # If set, manages a crontab's environment variable. New variables are added on top of
                               crontab. "name" and "value" parameters are the name and
                               the value of environment variable.
      hour:                  # Hour when the job should run ( 0-23, *, */2, etc )
      insertafter:           # Used with `state=present' and `env'. If specified, the environment variable will be
                               inserted after the declaration of specified environment
                               variable.
      insertbefore:          # Used with `state=present' and `env'. If specified, the environment variable will be
                               inserted before the declaration of specified
                               environment variable.
      job:                   # The command to execute or, if env is set, the value of environment variable. The
                               command should not contain line breaks. Required if
                               state=present.
      minute:                # Minute when the job should run ( 0-59, *, */2, etc )
      month:                 # Month of the year the job should run ( 1-12, *, */2, etc )
      name:                  # Description of a crontab entry or, if env is set, the name of environment variable.
                               Required if state=absent. Note that if name is not set
                               and state=present, then a new crontab entry will always
                               be created, regardless of existing ones.
      reboot:                # If the job should be run at reboot. This option is deprecated. Users should use
                               special_time.
      special_time:          # Special time specification nickname.
      state:                 # Whether to ensure the job or environment variable is present or absent.
      user:                  # The specific user whose crontab should be modified.
      weekday:               # Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc )
(END)

yum

[root@test ~]# ansible-doc -s yum

- name: Manages packages with the `yum' package manager
  yum:
      conf_file:             # 定远程yum安装时所依赖的配置文件。如配置文件没有在默认的位置。
      disable_gpg_check:     # 是否禁止GPG checking，只用于`present' or `latest'。
      disablerepo:           # 临时禁止使用yum库。 只用于安装或更新时。
      enablerepo:            # 临时使用的yum库。只用于安装或更新时。
      name:                  # 所安装的包的名称
      state:                 # present安装， latest安装最新的, absent 卸载软件。
      update_cache:          # 强制更新yum的缓存。

service

[root@test ~]# ansible-doc -s service

- name: Manage services
  service:
      arguments:             # 命令行提供额外的参数
      enabled:               # 设置开机启动。
      name:                  # 服务名称
      runlevel:              # 开机启动的级别，一般不用指定。
      sleep:                 # 在重启服务的过程中，是否等待。如在服务关闭以后等待2秒再启动。
      state:                 # started启动服务， stopped停止服务， restarted重启服务， reloaded重载配置

setup

[root@test ~]# ansible-doc -s setup

- name: Gathers facts about remote hosts
  setup:
      fact_path:             # path used for local ansible facts (`*.fact') - files in this dir will be run (if
                               executable) and their results be added to
                               `ansible_local' facts if a file is not executable it is
                               read. Check notes for Windows options. (from 2.1 on)
                               File/results format can be json or ini-format
      filter:                # if supplied, only return facts that match this shell-style (fnmatch) wildcard.
      gather_subset:         # if supplied, restrict the additional facts collected to the given subset. Possible
                               values: `all', `min', `hardware', `network', `virtual',
                               `ohai', and `facter'. Can specify a list of values to
                               specify a larger subset. Values can also be used with
                               an initial `!' to specify that that specific subset
                               should not be collected.  For instance:
                               `!hardware,!network,!virtual,!ohai,!facter'. If `!all'
                               is specified then only the min subset is collected. To
                               avoid collecting even the min subset, specify
                               `!all,!min'. To collect only specific facts, use
                               `!all,!min', and specify the particular fact subsets.
                               Use the filter parameter if you do not want to display
                               some collected facts.
      gather_timeout:        # Set the default timeout in seconds for individual fact gathering
[root@test ~]#

selinux

[root@test ~]# ansible-doc -s selinux

- name: Change policy and state of SELinux
  selinux:
      conf:                  # path to the SELinux configuration file, if non-standard
      policy:                # name of the SELinux policy to use (example: `targeted') will be required if state is
                               not `disabled'
      state:                 # (required) The SELinux mode
[root@test ~]#

firewalld

[root@test ~]# ansible-doc -s firewalld
- name: Manage arbitrary ports/services with firewalld
  firewalld:
      immediate:             # Should this configuration be applied immediately, if set as permanent
      interface:             # The interface you would like to add/remove to/from a zone in firewalld
      masquerade:            # The masquerade setting you would like to enable/disable to/from zones within firewalld
      permanent:             # Should this configuration be in the running firewalld configuration or persist across
                               reboots. As of Ansible version 2.3, permanent
                               operations can operate on firewalld configs when it's
                               not running (requires firewalld >= 3.0.9). (NOTE: If
                               this is false, immediate is assumed true.)
      port:                  # Name of a port or port range to add/remove to/from firewalld. Must be in the form
                               PORT/PROTOCOL or PORT-PORT/PROTOCOL for port ranges.
      rich_rule:             # Rich rule to add/remove to/from firewalld.
      service:               # Name of a service to add/remove to/from firewalld - service must be listed in output
                               of firewall-cmd --get-services.
      source:                # The source/network you would like to add/remove to/from firewalld
      state:                 # (required) Enable or disable a setting. For ports: Should this port accept(enabled) or
                               reject(disabled) connections. The states "present" and
                               "absent" can only be used in zone level operations
                               (i.e. when no other parameters but zone and state are
                               set).
      timeout:               # The amount of time the rule should be in effect for when non-permanent.
      zone:                  # The firewalld zone to add/remove to/from (NOTE: default zone can be configured per
                               system but "public" is default from upstream. Available
                               choices can be extended based on per-system configs,
                               listed here are "out of the box" defaults).
[root@test ~]#

setup

[root@test ~]# ansible-doc -s setup
- name: Gathers facts about remote hosts
  setup:
      fact_path:             # path used for local ansible facts (`*.fact') - files in this dir will be run (if
                               executable) and their results be added to
                               `ansible_local' facts if a file is not executable it is
                               read. Check notes for Windows options. (from 2.1 on)
                               File/results format can be json or ini-format
      filter:                # if supplied, only return facts that match this shell-style (fnmatch) wildcard.
      gather_subset:         # if supplied, restrict the additional facts collected to the given subset. Possible
                               values: `all', `min', `hardware', `network', `virtual',
                               `ohai', and `facter'. Can specify a list of values to
                               specify a larger subset. Values can also be used with
                               an initial `!' to specify that that specific subset
                               should not be collected.  For instance:
                               `!hardware,!network,!virtual,!ohai,!facter'. If `!all'
                               is specified then only the min subset is collected. To
                               avoid collecting even the min subset, specify
                               `!all,!min'. To collect only specific facts, use
                               `!all,!min', and specify the particular fact subsets.
                               Use the filter parameter if you do not want to display
                               some collected facts.
      gather_timeout:        # Set the default timeout in seconds for individual fact gathering
[root@test ~]#