linux-ansible-03 ansible常用模块命令实例

发表于 | 更新于 | 分类于 | 评论数: | 热度:
linux-ansible-03 ansible常用模块命令实例

linux-ansible-03 ansible常用模块命令实例

user模块

1、创建一个用户:feng

1
[root@test ~]# ansible node2 -m user -a "name=feng uid=1024 password=000000 shell=/bin/bash group=root"

可以到node2上查看这个用户的uid,如下,uid确实是1024

1
2
[root@node2 ~]# id feng
uid=1024(feng) gid=0(root) 组=0(root)

2、删除用户

1
2
3
4
5
6
7
8
9
[root@test ~]# ansible node2 -m user -a "name=feng  state=absent force=yes"
node2 | CHANGED => {
    "changed": true, 
    "force": true, 
    "name": "feng", 
    "remove": false, 
    "state": "absent"
}
[root@test ~]#

group模块

1、给node2创建一个组fenggroup

1
2
3
4
5
6
7
8
9
[root@test ~]# ansible node2 -m group -a "gid=1024 name=fenggroup system=yes"
node2 | CHANGED => {
    "changed": true, 
    "gid": 1024, 
    "name": "fenggroup", 
    "state": "present", 
    "system": true
}
[root@test ~]#

2、给node2创建一个用户feng,其主组root,加入到fenggroup附属组

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@test ~]# ansible node2 -m user -a "name=feng uid=1024 password=000000 shell=/bin/bash group=root groups=fenggroup"
 [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this
module to work properly.

node2 | CHANGED => {
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 0, 
    "groups": "fenggroup", 
    "home": "/home/feng", 
    "name": "feng", 
    "password": "NOT_LOGGING_PASSWORD", 
    "shell": "/bin/bash", 
    "state": "present", 
    "stderr": "useradd: warning: the home directory already exists.\nNot copying any file from skel directory into it.\nCreating mailbox file: File exists\n", 
    "stderr_lines": [
        "useradd: warning: the home directory already exists.", 
        "Not copying any file from skel directory into it.", 
        "Creating mailbox file: File exists"
    ], 
    "system": false, 
    "uid": 1024
}
[root@test ~]#

3、到node2上查看这个用户的信息,可以看到一切无误

1
2
[root@node2 ~]# id feng
uid=1024(feng) gid=0(root) 组=0(root),1024(fenggroup)

4、删除fenggroup组

1
2
3
4
5
6
7
[root@test ~]# ansible node2 -m group -a "name=fenggroup state=absent"
node2 | CHANGED => {
    "changed": true, 
    "name": "fenggroup", 
    "state": "absent"
}
[root@test ~]#

5、此时再到node2上查看这个用户的信息,可以看到它不再从属于fenggroup组了,因为fenggroup组已被删除

1
2
[root@node2 ~]# id feng
uid=1024(feng) gid=0(root) 组=0(root)

selinux模块

1、首先到node2上查看node2的selinux状态

1
2
[root@node2 ~]# getenforce 
Enforcing

2、在test上将node2的selinux关闭掉

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@test ~]# ansible node2 -m selinux -a "state=disabled"
 [WARNING]: SELinux state temporarily changed from 'enforcing' to 'permissive'. State change will take effect next
reboot.

node2 | CHANGED => {
    "changed": true, 
    "configfile": "/etc/selinux/config", 
    "msg": "Config SELinux state changed from 'enforcing' to 'disabled'", 
    "policy": "targeted", 
    "reboot_required": true, 
    "state": "disabled"
}
[root@test ~]#

3、再到node2上查看node2的selinux状态,可以看到关闭成功

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@node2 ~]# getenforce 
Permissive
[root@node2 ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 


[root@node2 ~]#

firewalld模块

1、放行node2的8080端口,并在node2上进行验证。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[root@node1 roles]# ansible node2 -m firewalld -a "port=8080/tcp state=enabled permanent=yes"
node2 | CHANGED => {
    "changed": true, 
    "msg": "Permanent operation, Changed port 8080/tcp to enabled"
}
[root@node1 roles]#
[root@node1 roles]# ansible node2 -m command -a "firewall-cmd --reload"
node2 | CHANGED | rc=0 >>
success

[root@node1 roles]# 


[root@node2 ~]# firewall-cmd --list-ports
8080/tcp
[root@node2 ~]#

copy模块

1、先在test上创建一个文件user.txt

1
[root@test ~]# touch user.txt

2、将这个文件传送给node2的/tmp目录下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@test ~]# ansible node2 -m copy -a "src=/root/user.txt dest=/tmp"
node2 | CHANGED => {
    "changed": true, 
    "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", 
    "dest": "/tmp/user.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "d41d8cd98f00b204e9800998ecf8427e", 
    "mode": "0644", 
    "owner": "root", 
    "secontext": "unconfined_u:object_r:admin_home_t:s0", 
    "size": 0, 
    "src": "/root/.ansible/tmp/ansible-tmp-1553334220.5-91381585251620/source", 
    "state": "file", 
    "uid": 0
}
[root@test ~]# ansible node2 -a "ls /tmp"
node2 | CHANGED | rc=0 >>
ansible_command_payload_ZUXpXh
ks-script-NiyyIS
systemd-private-60d307935d5b4b589a7ba7fb1e063954-chronyd.service-kxndmt
user.txt
vmware-root
yum.log

[root@test ~]#

3、往node2的/tmp目录下的user.txt里写入:”hello“

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@test ~]# ansible node2 -m copy -a "dest=/tmp/user.txt content=hello"
node2 | CHANGED => {
    "changed": true, 
    "checksum": "aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d", 
    "dest": "/tmp/user.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "5d41402abc4b2a76b9719d911017c592", 
    "mode": "0644", 
    "owner": "root", 
    "secontext": "unconfined_u:object_r:admin_home_t:s0", 
    "size": 5, 
    "src": "/root/.ansible/tmp/ansible-tmp-1553334393.04-135202047372696/source", 
    "state": "file", 
    "uid": 0
}
[root@test ~]# ansible node2 -a "cat /tmp/user.txt"
node2 | CHANGED | rc=0 >>
hello

[root@test ~]#

file模块

1、给node2的/tmp目录下创建一个名为user.test的文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[root@test ~]# ansible node2 -m file -a "path=/tmp/user.test state=touch owner=root group=root mode=777"
node2 | CHANGED => {
    "changed": true, 
    "dest": "/tmp/user.test", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "size": 0, 
    "state": "file", 
    "uid": 0
}
[root@test ~]# ansible node2 -a "ls /tmp"
node2 | CHANGED | rc=0 >>
ansible_command_payload_7oz5ZR
ks-script-NiyyIS
systemd-private-521b915097e843e2a1cd732f94d50984-chronyd.service-sTxtbh
user.test
user.txt
vmware-root
yum.log

[root@test ~]# ansible node2 -a "ls -l /tmp/user.test"
node2 | CHANGED | rc=0 >>
-rwxrwxrwx 1 root root 0 Mar 23 21:23 /tmp/user.test

[root@test ~]#

2、给node2的/tmp目录下创建一个名为test的文件夹

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[root@test ~]# ansible node2 -m file -a "path=/tmp/test state=directory owner=root group=root mode=644"
node2 | CHANGED => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0644", 
    "owner": "root", 
    "path": "/tmp/test", 
    "size": 6, 
    "state": "directory", 
    "uid": 0
}
[root@test ~]# ansible node2 -a "ls -l /tmp/test"
node2 | CHANGED | rc=0 >>
total 0

[root@test ~]# ansible node2 -a "ls -l /tmp"
node2 | CHANGED | rc=0 >>
total 8
drwx------  2 root root  80 Mar 23 21:30 ansible_command_payload_dUhGn0
-rwx------. 1 root root 836 Mar 16 22:08 ks-script-NiyyIS
drwx------  3 root root  17 Mar 23 21:16 systemd-private-521b915097e843e2a1cd732f94d50984-chronyd.service-sTxtbh
drw-r--r--  2 root root   6 Mar 23 21:29 test
-rwxrwxrwx  1 root root   0 Mar 23 21:23 user.test
-rw-r--r--. 1 root root   5 Mar 23 17:46 user.txt
drwx------. 2 root root   6 Mar 16 22:18 vmware-root
-rw-------. 1 root root   0 Mar 16 22:01 yum.log

[root@test ~]#

3、删除/tmp目录下一个名为user.test的文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@test ~]# ansible node2 -a "ls /tmp"
node2 | CHANGED | rc=0 >>
ansible_command_payload_cRmbqn
ks-script-NiyyIS
systemd-private-521b915097e843e2a1cd732f94d50984-chronyd.service-sTxtbh
test
user.test
user.txt
vmware-root
yum.log

[root@test ~]# ansible node2 -m file -a "path=/tmp/user.test state=absent"
node2 | CHANGED => {
    "changed": true, 
    "path": "/tmp/user.test", 
    "state": "absent"
}
[root@test ~]# ansible node2 -a "ls /tmp"
node2 | CHANGED | rc=0 >>
ansible_command_payload_SabNht
ks-script-NiyyIS
systemd-private-521b915097e843e2a1cd732f94d50984-chronyd.service-sTxtbh
test
user.txt
vmware-root
yum.log

[root@test ~]#

cron(计划任务)模块

1、给node2指定一个计划任务,*/1表示每一分钟,date显示日期时间

1
2
3
4
5
6
7
8
9
[root@test ~]# ansible node2 -m cron -a "name=showdate minute=*/1 job=date state=present"
node2 | CHANGED => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "showdate"
    ]
}
[root@test ~]#

2、删除上面指定的计划任务

1
2
3
4
5
6
7
[root@test ~]# ansible node2 -m cron -a "name=showdate state=absent"
node2 | CHANGED => {
    "changed": true, 
    "envs": [], 
    "jobs": []
}
[root@test ~]#

setup模块

1、查看node2的系统信息(该系统信息篇幅很长)

1
[root@test ~]# ansible node2 -m setup | less

yum模块

  给node2安装和卸载lrzsz,其中state为install、present表示安装,为latest表示安装到最新版,为absent、removed表示卸载。

1
[root@test ~]# ansible node2 -m yum -a "name=lrzsz state=latest"
1
[root@test ~]# ansible node2 -m yum -a "name=lrzsz state=removed"

如果yum报错的话:可以尝试以下命令:

1
ansible node2 -m copy -a "src=/etc/resolv.conf dest=/etc/resolv.conf force=yes"

service模块

1、先给node2安装httpd

1
[root@test ~]# ansible node2 -m yum -a "name=httpd state=latest"

2、给node2重启httpd服务,设置其开机自启

1
[root@test ~]# ansible node2 -m service -a "name=httpd state=restarted enabled=yes"

3、给node2停止httpd服务

1
[root@test ~]# ansible node2 -m service -a "name=httpd state=stopped"

4、查看node2的httpd状态,可以看到是关闭的

1
[root@test ~]#  ansible node2 -m command -a "systemctl status httpd"

5、command不支持管道,变量及重定向等,如果是带有管道,变量及重定向符号,请用shell模块

1
2
3
4
5
6
7
8
[root@test ~]# ansible node2 -m shell -a "cat /etc/httpd/conf/httpd.conf | grep Listen"
node2 | CHANGED | rc=0 >>
# Listen: Allows you to bind Apache to specific IP addresses and/or
# Change this to Listen on specific IP addresses as shown below to 
#Listen 12.34.56.78:80
Listen 80

[root@test ~]#
欢迎打赏,谢谢
------ 本文结束------
0%