一、Ansible常用模块

1、ansible常用模块command、shell、raw的区别:

  • command模块不是调用的shell的指令,所以没有bash的环境变量
  • shell模块调用的/bin/sh指令执行
  • raw很多地方和shell类似,更多的地方建议使用shellcommand模块
    • 但是如果是使用老版本python,需要用到raw,又或者是客户端是路由器,因为没有安装python模块,那就需要使用raw模块了

二、Ansible常用模块使用详解

1、ping模块

1️⃣:ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong

  • 实例:

    [root@localhost ~]# ansible all -m ping
    192.168.121.81 | SUCCESS => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
    }

2、user模块

①:user模块常用参数

create_home    :【 yes | no 】
说明:默认创建帐户或主目录不存在时将为用户创建主目录;除非选择 no
group
说明:设置用户主要组
groups
说明:设置用户附加组;当设置为空字符串时' ',该用户将从主要组之外的所有组中删除
home
说明:设置用户的家目录
name
说明:要创建,删除或修改的用户的名称
password
说明:将用户密码设置为此加密值;要在Linux系统上创建禁用的帐户,请将其设置为'!'或'*'
remove :【 yes | no 】
说明:当 state=asbent 时,删除与用户关联的目录;相当于:userdel --remove
shell
说明:设置用户的登陆的shell;如果不希望登陆可以设置 /sbin/nologin
state :【 present | absent 】
说明:设置未present声明创建该用户;设置absent声明删除该用户
system :【 yes | no 】
说明:当 state=present 时,将其设置为 yes 会使该用户成为系统帐户
uid
说明:指明用户的UID

②:在受控机上添加一个系统用户,用户名为zhangsanUID为888,设置登陆的shell为/sbin/nologin,无家目录

  • 实例:

    [root@localhost ~]# ansible 192.168.121.81 -m user -a 'name=zhangsan uid=888 system=yes shell=/sbin/nologin create_home=no state=present'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "comment": "",
    "create_home": false,
    "group": 888,
    "home": "/home/zhangsan",
    "name": "zhangsan",
    "shell": "/sbin/nologin",
    "state": "present",
    "system": true,
    "uid": 888
    } //查看受控主机上是否存在zhangsan 用户
    [root@localhost ~]# ansible 192.168.121.81 -m command -a 'id zhangsan'
    192.168.121.81 | CHANGED | rc=0 >>
    uid=888(zhangsan) gid=888(zhangsan) groups=888(zhangsan) //删除受管主机上的zhangsan用户
    [root@localhost ~]# ansible 192.168.121.81 -m user -a 'name=zhangsan state=absent'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "force": false,
    "name": "zhangsan",
    "remove": false,
    "state": "absent"
    } //查看受控主机上是否存在zhangsanzhangsan用户
    [root@localhost ~]# ansible 192.168.121.81 -m command -a 'id zhangsan'
    192.168.121.81 | FAILED | rc=1 >>
    id: ‘zhangsan’: no such usernon-zero return code //更改zhangsan用户的UID为1000
    [root@localhost ~]# ansible 192.168.121.81 -m user -a 'name=zhangsan uid=1000'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "append": false,
    "changed": true,
    "comment": "",
    "group": 888,
    "home": "/home/zhangsan",
    "move_home": false,
    "name": "zhangsan",
    "shell": "/sbin/nologin",
    "state": "present",
    "uid": 1000
    }  

3、group模块

①:group模块常用参数

name
说明:指定组的名称
state : 【 present | absent 】
说明:设置present声明创建该组;设置absent声明删除该组
system : 【 yes | no 】
说明:如果yes,则表示创建的组是系统组
gid
说明:声明组的GID

②:在受控机上添加一个系统组,其GID为800,组名为zhangsan

  • 实例:

    [root@localhost ~]# ansible 192.168.121.81 -m group -a 'name=zhangsan system=yes gid=800 state=present'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "gid": 800,
    "name": "zhangsan",
    "state": "present",
    "system": true
    } //查看受控主机上是否存在zhangsan组
    [root@localhost ~]# ansible 192.168.121.81 -m command -a 'grep zhangsan /etc/group'
    192.168.121.81 | CHANGED | rc=0 >>
    zhangsan:x:800: //删除收控主机上的zhangsan组
    [root@localhost ~]# ansible 192.168.121.81 -m group -a 'name=zhangsan state=absent'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "name": "zhangsan",
    "state": "absent"
    } //查看受控主机上是否存在zhangsan 组
    [root@localhost ~]# ansible 192.168.121.81 -m command -a 'grep zhangsan /etc/group'
    192.168.121.81 | FAILED | rc=1 >>
    non-zero return code //更改受控主机zhangsan组的GID为1000
    [root@localhost ~]# ansible 192.168.121.81 -m group -a 'name=zhangsan gid=1000'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "gid": 1000,
    "name": "zhangsan",
    "state": "present",
    "system": false
    }

4、yum模块

1️⃣:yum模块用于在指定节点机器上通过yum管理软件

2️⃣:yum模块常用参数

name:安装的软件包名
state : 【 present | installed | latest | absent | removed 】
present: 安装软件
installed: 安装软件
latest: 安装软件
absent: 卸载软件
removed: 卸载软件
  • 示例:在受控主机上使用yum模块安装httpd服务

    • [root@localhost ~]# ansible 192.168.121.81 -m yum -a 'name=httpd state=present'
      192.168.121.81 | CHANGED => {
      "ansible_facts": {
      "discovered_interpreter_python": "/usr/libexec/platform-python"
      },
      "changed": true,
      "msg": "",
      "rc": 0,
      "results": [
      "Installed: apr-1.6.3-9.el8.x86_64",
      "Installed: centos-logos-httpd-80.5-2.el8.noarch",
      "Installed: apr-util-1.6.1-6.el8.x86_64",
      "Installed: apr-util-bdb-1.6.1-6.el8.x86_64",
      "Installed: httpd-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64",
      "Installed: httpd-filesystem-2.4.37-21.module_el8.2.0+382+15b0afa8.noarch",
      "Installed: mod_http2-1.11.3-3.module_el8.2.0+307+4d18d695.x86_64",
      "Installed: httpd-tools-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64",
      "Installed: apr-util-openssl-1.6.1-6.el8.x86_64",
      "Installed: mailcap-2.1.48-3.el8.noarch"
      ]
      } //启动httpd服务
      [root@localhost ~]# ansible 192.168.121.81 -m command -a 'systemctl start httpd'
      192.168.121.81 | CHANGED | rc=0 >> //查看httpd服务端口
      [root@localhost ~]# ansible 192.168.121.81 -m shell -a 'ps -ef | grep httpd'
      192.168.121.81 | CHANGED | rc=0 >>
      root 20991 1 0 18:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
      apache 20992 20991 0 18:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
      apache 20993 20991 0 18:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
      apache 20994 20991 0 18:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
      apache 20996 20991 0 18:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
      root 21573 21572 0 18:59 pts/1 00:00:00 /bin/sh -c ps -ef | grep httpd
      root 21575 21573 0 18:59 pts/1 00:00:00 grep httpd //查看是否安装httpd服务
      [root@localhost ~]# ansible 192.168.121.81 -m shell -a 'rpm -qa | grep httpd'
      192.168.121.81 | CHANGED | rc=0 >>
      httpd-filesystem-2.4.37-21.module_el8.2.0+382+15b0afa8.noarch
      centos-logos-httpd-80.5-2.el8.noarch
      httpd-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64
      httpd-tools-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64

5、command模块

1️⃣:command模块用于在远程主机上执行命令,ansible默认就是使用command模块

2️⃣:command模块有一个缺陷就是不能使用管道符和重定向功能

  • 实例:

     //查看 /tmp下文件
    [root@localhost ~]# ansible 192.168.121.81 -m command -a 'ls /tmp'
    192.168.121.81 | CHANGED | rc=0 >>
    ansible_command_payload_bgh98niw
    ks-script-rz2t819q
    systemd-private-27d81652d04247e0aabf5ca3135190a7-httpd.service-34NQn0
    vmware-root_987-4257200413 //在root目录下创建test文件
    [root@localhost ~]# ansible 192.168.121.81 -m command -a 'touch /root/test'
    192.168.121.81 | CHANGED | rc=0 >>
    [root@localhost ~]# ansible 192.168.121.81 -m command -a 'ls /root'
    192.168.121.81 | CHANGED | rc=0 >>
    anaconda-ks.cfg
    test

6、shell模块

①:shell模块用于在受控机上执行受控机上的脚本,亦可直接在受控机上执行命令(一般当命名使用,脚本就用script模块)

②:shell模块可能使用的参数

chdir
说明:运行命令之前,先切换到该目录
removes
说明:文件名(如果文件名不存在)将不会删除指定的文件
stdin
说明:将命令的 stdin 直接设置为指定值

  

③:shell模块亦支持管道与重定向

  • 实例:

    //查看受控主机上的脚本文件
    [root@localhost ~]# ls
    anaconda-ks.cfg test.sh
    [root@localhost ~]# chmod a+x test.sh
    [root@localhost ~]# ll test.sh
    -rwxr-xr-x. 1 root root 27 Aug 27 19:12 test.sh //在控制节点上执行受控主机上的脚本文件
    [root@localhost ~]# ansible 192.168.121.81 -m shell -a '/root/test.sh'
    192.168.121.81 | CHANGED | rc=0 >>
    Thu Aug 27 19:15:20 CST 2020/root/test.sh: line 1: !/bin/bash: No such file or directory //使用shell执行管道符
    [root@localhost ~]# ansible 192.168.121.81 -m shell -a 'cat /etc/group | grep root'
    192.168.121.81 | CHANGED | rc=0 >>
    root:x:0: //使用shell执行重定向
    [root@localhost ~]# ansible 192.168.121.81 -m shell -a '/root/test.sh > /tmp/dir.txt'
    192.168.121.81 | CHANGED | rc=0 >>
    /root/test.sh: line 1: !/bin/bash: No such file or directory
    [root@localhost ~]# ansible 192.168.121.81 -m shell -a 'cat /tmp/dir.txt'
    192.168.121.81 | CHANGED | rc=0 >>
    Thu Aug 27 19:19:04 CST 2020

7、raw模块

1️⃣:raw模块用于在远程主机上执行命令,其支持管道符与重定向(除此之外,可以使用raw模块在其他不能安装服务:(例如路由器)上安装服务)

  • 实例

     //使用管道符
    [root@localhost ~]# ansible 192.168.121.81 -m raw -a 'cat /etc/group |grep root'
    192.168.121.81 | CHANGED | rc=0 >>
    root:x:0: //使用重定向
    [root@localhost ~]# ansible 192.168.121.81 -m raw -a 'echo "hellow word" > /root/test.txt'
    192.168.121.81 | CHANGED | rc=0 >>
    [root@localhost ~]# ansible 192.168.121.81 -m raw -a 'cat /root/test.txt'
    192.168.121.81 | CHANGED | rc=0 >>
    hellow word

8、script模块

①:script模块用于在受管主机上执行控制节点上的脚本

②:script模块常用参数

chdir
说明:运行脚本之前,先切换到远程节点上的此目录
creates
说明:远程节点上的文件名(如果已存在)将不会运行此步骤
removes
说明:远程节点上的文件名(如果文件名不存在)将不会运行
  • 实例:

     //查看控制节点上的脚本文件
    [root@localhost ~]# ls
    anaconda-ks.cfg test.sh //执行控制节点上的脚本文件
    [root@localhost ~]# ansible 192.168.121.81 -m script -a '/root/test.sh > /root/dir.txt'
    192.168.121.81 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 192.168.121.81 closed.\r\n",
    "stderr_lines": [
    "Shared connection to 192.168.121.81 closed."
    ],
    "stdout": "",
    "stdout_lines": []
    }
    [root@localhost ~]# ansible 192.168.121.81 -m shell -a 'cat /root/dir.txt'
    192.168.121.81 | CHANGED | rc=0 >>
    This is test file.sh

9、service模块

1️⃣:service模块用于管理受控机上的服务

2️⃣:service模块常用参数列表

state  : 【 started | stopped | restarted | reloaded 】
started 启动服务
stopped 停止服务
restarted 重新启动
reloaded 重现加载 enabled : 【 yes | no 】
yes 开机自启
no 不启用开机自启
设置服务是否开机自启

  

  • 实例:

     //查看受控主机上的httpd服务是否启动
    [root@localhost ~]# ansible 192.168.121.81 -m command -a 'systemctl status httpd'
    192.168.121.81 | FAILED | rc=3 >>
    ● httpd.service - The Apache HTTP Server
    Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
    Active: inactive (dead)
    Docs: man:httpd.service(8) Aug 27 18:58:10 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
    Aug 27 18:58:10 localhost.localdomain httpd[20991]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
    Aug 27 18:58:10 localhost.localdomain systemd[1]: Started The Apache HTTP Server.
    Aug 27 18:58:10 localhost.localdomain httpd[20991]: Server configured, listening on: port 80
    Aug 27 19:31:21 localhost.localdomain systemd[1]: Stopping The Apache HTTP Server...
    Aug 27 19:31:22 localhost.localdomain systemd[1]: Stopped The Apache HTTP Server.non-zero return code //使用sevice模块启动httpd服务
    [root@localhost ~]# ansible 192.168.121.81 -m service -a 'name=httpd state=started'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "name": "httpd",
    "state": "started",
    "status": {
    "ActiveEnterTimestampMonotonic": "0",
    "ActiveExitTimestampMonotonic": "0",
    ............ //查看受控主机httpd服务状态
    [root@localhost ~]# ansible 192.168.121.81 -m command -a 'systemctl status httpd'
    192.168.121.81 | CHANGED | rc=0 >>
    ● httpd.service - The Apache HTTP Server
    Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
    Active: active (running) since Thu 2020-08-27 19:37:22 CST; 1min 33s ago
    Docs: man:httpd.service(8)
    Main PID: 23488 (httpd)
    Status: "Running, listening on: port 80"
    Tasks: 213 (limit: 11340)
    Memory: 27.3M
    CGroup: /system.slice/httpd.service
    ├─23488 /usr/sbin/httpd -DFOREGROUND
    ├─23489 /usr/sbin/httpd -DFOREGROUND
    ├─23490 /usr/sbin/httpd -DFOREGROUND
    ├─23491 /usr/sbin/httpd -DFOREGROUND
    └─23492 /usr/sbin/httpd -DFOREGROUND Aug 27 19:37:22 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
    Aug 27 19:37:22 localhost.localdomain httpd[23488]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
    Aug 27 19:37:22 localhost.localdomain systemd[1]: Started The Apache HTTP Server.
    Aug 27 19:37:23 localhost.localdomain httpd[23488]: Server configured, listening on: port 80 //设置受控主机httpd服务开机自启
    [root@localhost ~]# ansible 192.168.121.81 -m service -a 'name=httpd enabled=yes'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "enabled": true,
    "name": "httpd",
    "status": {
    "ActiveEnterTimestamp": "Thu 2020-08-27 19:37:22 CST",
    "ActiveEnterTimestampMonotonic": "18191160572",
    ............. //查看受控主机上httpd服务开机自启状态
    [root@localhost ~]# ansible 192.168.121.81 -m command -a 'systemctl is-enabled httpd'
    192.168.121.81 | CHANGED | rc=0 >>
    enabled //停止受控主机上的httpd服务
    [root@localhost ~]# ansible 192.168.121.81 -m service -a 'name=httpd state=stopped'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "name": "httpd",
    "state": "stopped",
    "status": {
    "ActiveEnterTimestamp": "Thu 2020-08-27 19:37:22 CST",
    "ActiveEnterTimestampMonotonic": "18191160572",

10、copy模块

1️⃣:copy模块用于复制文件至远程受控机

2️⃣:copy模块常用参数

src
说明:复制到远程服务器的文件的本地路径;可以是绝对的也可以是相对的
dest
说明:文件应复制到的远程主机的绝对路径
backup : 【 yes | no 】
说明:创建一个包含时间戳信息的备份文件,以便在不正确地破坏文件的情况下将其找回
force : 【 yes | no 】
说明:如果为yes,则当内容与源文件不同时,将替换远程文件;如果为no,则仅在目标不存在的情况下才传输文件

  

  • 实例:

     //查看控制节点文件
    [root@localhost ~]# ls
    anaconda-ks.cfg test.sh //复制文件
    [root@localhost ~]# ansible 192.168.121.81 -m copy -a 'src=/root/test.sh dest=/root'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "6754b4785dbeace09c90e9ce4a2560d4e386efab",
    "dest": "/root/test.sh",
    "gid": 0,
    "group": "root",
    "md5sum": "b51ea9009c046cd325621fa7065782f0",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:admin_home_t:s0",
    "size": 41,
    "src": "/root/.ansible/tmp/ansible-tmp-1598558057.5922036-5111-245228725024513/source",
    "state": "file",
    "uid": 0
    } //查看受管主机上是否存在改文件
    [root@localhost ~]# ansible 192.168.121.81 -m shell -a 'ls /root'
    192.168.121.81 | CHANGED | rc=0 >>
    anaconda-ks.cfg
    test.sh  

11、template模块

1️⃣:template模块用于生成一个模板,并可将其传输至远程主机上(主要用于创建模板)

2️⃣:template模块常用参数

src
说明:本地模板的路径;这可以是相对或绝对路径
dest
说明:将模板呈现到远程计算机上的位置
backup : 【 yes | no 】
说明:创建一个包含时间戳信息的备份文件,以便在不正确地破坏文件的情况下将其找回
force : 【 yes | no 】
说明:设置yes为时,如果内容不同于源文件,则替换远程文件;设置为时 no,仅在目标不存在的情况下才传输文件

  

  • 实例:

    [root@localhost ~]# ansible 192.168.121.81 -m template -a 'src=/etc/yum.repos.d/CentOS-Base.repo dest=/etc/yum.repos.d'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "4966466ad015ef3d2a3cc0b8252d43efbdcf2c94",
    "dest": "/etc/yum.repos.d/CentOS-Base.repo",
    "gid": 0,
    "group": "root",
    "md5sum": "d06fb7d5709727828bcaba7457ea673e",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:system_conf_t:s0",
    "size": 2595,
    "src": "/root/.ansible/tmp/ansible-tmp-1598559298.4569452-5352-77842158483794/source",
    "state": "file",
    "uid": 0
    } //查看受控主机上是否存在该文件
    [root@localhost ~]# ansible 192.168.121.81 -m shell -a 'ls /etc/yum.repos.d'
    192.168.121.81 | CHANGED | rc=0 >>
    CentOS-Base.repo
    redhat.repo   

12、firewalld模块

1️⃣:firewalld模块常用参数

firewalld模块实现放行某个端口的权限:
permanent :【 yes | no 】
说明:此配置应处于正在运行的firewalld配置中,还是应在重新启动后持续存在;此外需要注意的是:如果设置为no,则假定为yes,永久启用;设置为yes,则假定为no,临时启用
port
说明:要添加到防火墙d或从防火墙删除的端口或端口范围的名称;对于端口范围,格式必须为 port/protocol 或 port-port/protocol;例如: 80/tcp
rich_rule
说明:富规则,用于添加到防火墙或从防火墙中删除
service
说明:要添加到防火墙或从防火墙删除的服务的名称
source
说明:您要添加到防火墙或从防火墙删除的源ip网络
state :【 present |enabled | absent | disabled 】
说明:对于端口:此端口应接受(enabled)还是拒绝(disabled)连接;状态present和absent只能在区域级别的操作中使用
  • 实例:
  •  //查看受控主机上得防火墙是否启用
    [root@ansible ~]# ansible 192.168.121.81 -m shell -a 'systemctl is-active firewalld'
    192.168.121.81 | CHANGED | rc=0 >>
    active //查看受控主机是否启用800端口
    [root@ansible ~]# ansible 192.168.121.81 -m shell -a 'firewall-cmd --list-all'
    192.168.121.81 | CHANGED | rc=0 >>
    public (active)
    target: default
    icmp-block-inversion: no
    interfaces: eth0
    sources:
    services: cockpit dhcpv6-client ssh
    ports: //800端口还没有放行
    protocols:
    masquerade: no
    forward-ports:
    source-ports:
    icmp-blocks:
    rich rules: //放行受控主机上800端口
    [root@ansible ~]# ansible 192.168.121.81 -m firewalld -a 'port=800/tcp state=enabled permanent=no'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "msg": "Non-permanent operation, Changed port 800/tcp to enabled"
    } //再次查看受控主机上800端口是否放行
    [root@ansible ~]# ansible 192.168.121.81 -m shell -a 'firewall-cmd --list-all'
    192.168.121.81 | CHANGED | rc=0 >>
    public (active)
    target: default
    icmp-block-inversion: no
    interfaces: eth0
    sources:
    services: cockpit dhcpv6-client ssh
    ports: 800/tcp //800端口已经放行
    protocols:
    masquerade: no
    forward-ports:
    source-ports:
    icmp-blocks:
    rich rules:    //关闭800端口放行
    [root@ansible ~]# ansible 192.168.121.81 -m firewalld -a 'port=800/tcp state=disabled permanent=no' //permanent必须为yes,否则在开机自启后任然启用800端口放行
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "msg": "Non-permanent operation, Changed port 800/tcp to disabled"
    } //查看800端口是否放行
    [root@ansible ~]# ansible 192.168.121.81 -m shell -a 'firewall-cmd --list-all'
    192.168.121.81 | CHANGED | rc=0 >>
    public (active)
    target: default
    icmp-block-inversion: no
    interfaces: eth0
    sources:
    services: cockpit dhcpv6-client ssh
    ports: //800端口已经取消放行
    protocols:
    masquerade: no
    forward-ports:
    source-ports:
    icmp-blocks:
    rich rules:

13、selinux模块

1️⃣:selinux模块常用参数:

policy
说明:如果state不是disabled,则需要使用要使用的SELinux策略的名称(例如)targeted
state : 【 enforcing | premissive | disabled 】
说明:
disabled #关闭selinux
permissive #临时关闭selinux
enforcing #强制执行selinux 例子:
- name: Enable SELinux
selinux:
policy: targeted
state: enforcing - name: Put SELinux in permissive mode, logging actions that would be blocked.
selinux:
policy: targeted
state: permissive - name: Disable SELinux
selinux:
state: disabled
  • 实例:

     //查看受管主机的selinux状态
    [root@ansible ~]# ansible all -m shell -a 'getenforce'
    192.168.121.81 | CHANGED | rc=0 >>
    Enforcing //设置selinux为disabled
    [root@ansible ~]# ansible all -m selinux -a 'state=disabled'
    [WARNING]: SELinux state temporarily changed from 'enforcing' to 'permissive'. State change will take effect next reboot.
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "configfile": "/etc/selinux/config",
    "msg": "Config SELinux state changed from 'enforcing' to 'disabled'",
    "policy": "targeted",
    "reboot_required": true,
    "state": "disabled"
    }
    //忽略警告 //查看selinux状态
    [root@ansible ~]# ansible all -m shell -a 'getenforce'
    192.168.121.81 | CHANGED | rc=0 >>
    Permissive

14、seport模块

1️⃣:seport模块管理网络端口类型定义(在selinux添加/删除允许开放的端口)

2️⃣:seport常用模块:

ports
说明:端口或端口范围 ;例如:1000-2000 ;200-500,7777(逗号分隔)
proto :【 tcp | udp 】
说明:指定端口的协议 ;例如:proto=tcp;proto=udp
reload :【 yes | no 】
说明:提交后重新加载SELinux策略
setype
说明:指定端口的selinux类型 ;例如:http服务:setype=http_port_t
state :【 present | absent 】
说明:指定端口的状态:
present #添加允许开放该端口
absent #删除/关闭该端口
  • 实例:

     //查看受控主机上是否开放777端口
    [root@ansible ~]# ansible all -m shell -a 'semanage port -l | grep http'
    192.168.121.81 | CHANGED | rc=0 >>
    http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
    http_cache_port_t udp 3130
    http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
    pegasus_http_port_t tcp 5988
    pegasus_https_port_t tcp 5989
    //semanage命令需要安装额外的安装包才能使用该命令,我这是提前安装好了的 //使用seport模块允许开放777端口
    [root@ansible ~]# ansible all -m seport -a 'ports=777 proto=tcp setype=http_port_t state=present'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "ports": [
    "777"
    ],
    "proto": "tcp",
    "setype": "http_port_t",
    "state": "present"
    } //查看受控主机上是否开放777端口
    [root@ansible ~]# ansible all -m shell -a 'semanage port -l | grep http'
    192.168.121.81 | CHANGED | rc=0 >>
    http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
    http_cache_port_t udp 3130
    http_port_t tcp 777, 80, 81, 443, 488, 8008, 8009, 8443, 9000
    pegasus_http_port_t tcp 5988
    pegasus_https_port_t tcp 5989 //关闭777端口
    [root@ansible ~]# ansible all -m seport -a 'ports=777 proto=tcp setype=http_port_t state=absent'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "ports": [
    "777"
    ],
    "proto": "tcp",
    "setype": "http_port_t",
    "state": "absent"
    } //查看777端口是否删除
    [root@ansible ~]# ansible all -m shell -a 'semanage port -l | grep http'
    192.168.121.81 | CHANGED | rc=0 >>
    http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
    http_cache_port_t udp 3130
    http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
    pegasus_http_port_t tcp 5988
    pegasus_https_port_t tcp 5989

15、mount模块

1️⃣:mount模块用来挂载目录,也可以用来挂载镜像文件

2️⃣:mount常用的参数:

src
说明:选择所要安装文件的路径;当状态设置为present或mounted,必须使用该参数
path
说明:挂载的路径;例如 path=/mnt/files
fstype
说明:挂载文件系统类型;当状态为present或mounted,必须使用该参数
state :【 mounted | unmounted | remounted | present | absent 】
说明:
mounted:如果是mounted,将在fstab中主动安装设备并进行适当配置;如果没有安装点,则将创建安装点
如果是unmounted,则无需更改fstab即可卸载设备
remounted指定要在挂载本身上强制刷新时重新安装设备
present仅指定要在fstab中配置设备,并且不触发或不需要安装
absent指定将设备安装项从fstab中删除,还将卸载设备并删除安装点
opts
说明:以什么方式挂载;例如:ro,rw
  • 实例:

    //查看/dev/sr0是否已经挂载
    [root@ansible ~]# ansible all -m shell -a 'df -h'
    192.168.121.81 | CHANGED | rc=0 >>
    Filesystem Size Used Avail Use% Mounted on
    devtmpfs 887M 0 887M 0% /dev
    tmpfs 904M 0 904M 0% /dev/shm
    tmpfs 904M 8.6M 895M 1% /run
    tmpfs 904M 0 904M 0% /sys/fs/cgroup
    /dev/mapper/rhel-root 50G 1.7G 49G 4% /
    /dev/mapper/rhel-home 27G 225M 27G 1% /home
    /dev/nvme0n1p1 1014M 173M 842M 17% /boot
    tmpfs 181M 0 181M 0% /run/user/0 //挂载/dev/s/sr0到/mnt
    [root@ansible ~]# ansible all -m mount -a 'src=/dev/sr0 path=/mnt fstype=iso9660 state=mounted'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "dump": "0",
    "fstab": "/etc/fstab",
    "fstype": "iso9660",
    "name": "/mnt",
    "opts": "defaults",
    "passno": "0",
    "src": "/dev/sr0"
    } //查看是否挂载
    [root@ansible ~]# ansible all -m shell -a 'df -h'
    192.168.121.81 | CHANGED | rc=0 >>
    Filesystem Size Used Avail Use% Mounted on
    devtmpfs 887M 0 887M 0% /dev
    tmpfs 904M 0 904M 0% /dev/shm
    tmpfs 904M 8.6M 895M 1% /run
    tmpfs 904M 0 904M 0% /sys/fs/cgroup
    /dev/mapper/rhel-root 50G 1.7G 49G 4% /
    /dev/mapper/rhel-home 27G 225M 27G 1% /home
    /dev/nvme0n1p1 1014M 173M 842M 17% /boot
    tmpfs 181M 0 181M 0% /run/user/0
    /dev/sr0 7.4G 7.4G 0 100% /mnt //卸载
    [root@ansible ~]# ansible all -m mount -a 'src=/dev/sr0 path=/mnt state=unmounted'
    192.168.121.81 | CHANGED => {
    "ansible_facts": {
    "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "dump": "0",
    "fstab": "/etc/fstab",
    "name": "/mnt",
    "opts": "defaults",
    "passno": "0",
    "src": "/dev/sr0"
    } //查看是否卸载成功
    [root@ansible ~]# ansible all -m shell -a 'df -h'
    192.168.121.81 | CHANGED | rc=0 >>
    Filesystem Size Used Avail Use% Mounted on
    devtmpfs 887M 0 887M 0% /dev
    tmpfs 904M 0 904M 0% /dev/shm
    tmpfs 904M 8.6M 895M 1% /run
    tmpfs 904M 0 904M 0% /sys/fs/cgroup
    /dev/mapper/rhel-root 50G 1.7G 49G 4% /
    /dev/mapper/rhel-home 27G 225M 27G 1% /home
    /dev/nvme0n1p1 1014M 173M 842M 17% /boot
    tmpfs 181M 0 181M 0% /run/user/0 //查看/etc/fstab文件是否删除信息
    [root@ansible ~]# ansible all -m shell -a 'cat /etc/fstab'
    192.168.121.81 | CHANGED | rc=0 >> #
    # /etc/fstab
    # Created by anaconda on Wed Aug 26 03:25:38 2020
    #
    # Accessible filesystems, by reference, are maintained under '/dev/disk/'.
    # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
    #
    # After editing this file, run 'systemctl daemon-reload' to update systemd
    # units generated from this file.
    #
    /dev/mapper/rhel-root / xfs defaults 0 0
    UUID=234365dc-2262-452e-9cbb-a6acfde04385 /boot xfs defaults 0 0
    /dev/mapper/rhel-home /home xfs defaults 0 0
    /dev/mapper/rhel-swap swap swap defaults 0 0
    /dev/sr0 /mnt iso9660 defaults 0 0

16、yum_repository模块

1️⃣:yum_repository模块是用来添加或删除YUM仓库的

2️⃣:yum_repository模块常用的参数:

name
说明:唯一的存储库ID。也就是配置文件中“[ ]”中括号中写的内容;名称必须唯一name参数是必须设置的;仅当状态设置为present或时,才需要此参数absent
description
说明:人类可读的字符串,描述存储库;也就是配置文件中name=描述的字符串;仅在state设置为present时才需要此参数
baseurl
说明:yum存储库“ repodata”目录所在目录的URL;它也可以是多个URL的列表;说白了就是给仓库的地址;如果需要的参数状态设置为present
enbaled :【 yes | no 】
说明:yum是否使用此存储库
yes 代表启用
no 代表不启用
pgpcheck :【 yes | no 】
说明:yum是否应该对软件包执行GPG签名检查;可选boolean值:
yes 如果设置启用签名检查:则需要写入gpgkey=URL
no 不启用签名检查
file
说明:不带 .repo 扩展名的文件名,用于保存存储库。默认为name的值。
如果设置里name参数,name改变的是文件中[ ] 中中括号中的值;而file改变的是文件名的名称
如果设置了name参数,但不给值,name就使用DEFAULT作为仓库的名称;file任然是改变文件名的名称
state :【 present | absent 】
说明:repo 文件的状态(是否创建)

3️⃣:演示实例:

 //查看playbook
[root@localhost ~]# cat playbook.yml
---
- hosts: client
gather_facts: no
tasks:
- name: add repository
yum_repository:
name: dvd
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
description: my first repo
enabled: yes
gpgcheck: no
file: jjyy //执行playbook后,查看
[root@localhost yum.repos.d]# ls
jjyy.repo
[root@localhost yum.repos.d]# cat jjyy.repo
[dvd]
baseurl = https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
enabled = 1
gpgcheck = 0
name = my first repo

  

Ansible_常用模块的更多相关文章

  1. Ansible运维自动化工具19个常用模块使用实例【转】

    一.模块列表 1.setup 2.ping 3.file 4.copy 5.command 6.shell 7.script 8.cron 9.yum 10.service 11.group 12.u ...

  2. Ansible常用模块命令

    Ansible常用模块命令 一.安装ansible yum install epel-release yum install ansible 二.配置文件配置 vi /etc/ansible/ansi ...

  3. Ansible基础配置与常用模块使用

    环境介绍: Ansible服务端IP:192.168.2.215 Ansible客户端IP:192.168.2.216.192.168.2.218.192.168.2.113   一.创建Ansibl ...

  4. ansible 四常用模块

    常用模块 Ansible默认提供了很多模块来供我们使用.在Linux中,我们可以通过 ansible-doc -l 命令查看到当前Ansible支持哪些模块,通过 ansible-doc -s [模块 ...

  5. atitit 商业项目常用模块技术知识点 v3 qc29

    atitit 商业项目常用模块技术知识点 v3 qc29 条码二维码barcodebarcode 条码二维码qrcodeqrcode 条码二维码dm码生成与识别 条码二维码pdf147码 条码二维码z ...

  6. 《Ansible权威指南》笔记(3)——Ad-Hoc命令集,常用模块

    五.Ad-Hoc命令集1.Ad-Hoc命令集通过/usr/bin/ansible命令实现:ansible <host-pattern> [options]    -v,--verbose  ...

  7. python学习笔记(5)--迭代器,生成器,装饰器,常用模块,序列化

    生成器 在Python中,一边循环一边计算的机制,称为生成器:generator. 如: >>> g = (x * x for xin range(10)) >>> ...

  8. 进击的Python【第五章】:Python的高级应用(二)常用模块

    Python的高级应用(二)常用模块学习 本章学习要点: Python模块的定义 time &datetime模块 random模块 os模块 sys模块 shutil模块 ConfigPar ...

  9. Python模块之常用模块,反射以及正则表达式

    常用模块  1. OS模块 用于提供系统级别的操作,系统目录,文件,路径,环境变量等 os.getcwd() 获取当前工作目录,即当前python脚本工作的目录路径 os.chdir("di ...

随机推荐

  1. 锋利的NodeJS之NodeJS多线程

    最近刚好有朋友在问Node.js多线程的问题,我总结了一下,可以考虑使用源码包里面的worker_threads或者第三方的模块来实现. 首先明确一下多线程在Node.js中的概念,然后在聊聊work ...

  2. java面试-公平锁/非公平锁/可重入锁/递归锁/自旋锁谈谈你的理解

    一.公平锁/非公平锁/可重入锁/递归锁/自旋锁谈谈你的理解 公平锁:多个线程按照申请的顺序来获取锁. 非公平锁:多个线程获取锁的先后顺序与申请锁的顺序无关.[ReentrantLock 默认非公平.s ...

  3. 【软件推荐】使用Cmder替换Windows自带的控制台

    安装地址 进入cmder官网,下载相应版本. 如果本地已经安装了git,可以选择mini版本. 将 λ 替换为 $ 当前cmder默认的提示符是λ,看上去总是有点不习惯. 打开cmder目录下的ven ...

  4. 201871030127-王明强 实验三 结对项目—《D{0-1}KP 实例数据集算法实验平台》项目报告

    项目 内容 课程班级博客链接 18级卓越班 这个作业要求链接 实验三 软件工程结对项目 我的课程学习目标 1.熟悉PSP流程2. 熟悉github操作3.加深对D{0-1}问题的解法的理解4.熟悉ja ...

  5. canvas判断点是否在路径内

    应用场景 我们的项目中有个功能是,canvas上的某个图片选中后可以再这个图片上用鼠标拖拽绘制画笔线条. 当然绘制的边界要控制在图片大小范围内的,那么鼠标是可以随意动的,怎么能控制只在图片上的时候才绘 ...

  6. 诸葛亮的锦囊妙计竟然是大名鼎鼎的Java设计模式:策略模式

    目录 应用场景 简单实现例子 改进代码 策略模式 定义 意图 主要解决问题 何时使用 优缺点 诸葛亮的锦囊妙计 应用场景 京东.天猫双十一,情人节商品大促销,各种商品有不同的促销活动 满减:满200减 ...

  7. Parentheses Balance UVA - 673

    You are given a string consisting of parentheses () and []. A string of this type is said to be corr ...

  8. 记一次 医院.NET公众号系统 线程CPU双高分析

    一:背景 1. 讲故事 上周四有位朋友加wx咨询他的程序出现 CPU + 线程 双高的情况,希望我能帮忙排查下,如下图: 从截图看只是线程爆高,没看到 cpu 爆高哈,有意思的是这位朋友说他: 一直在 ...

  9. JS 中一些高效的魔法运算符

    这两天有同事说我挺久没更新文章了,不过最近一段时间确实有点忙,一直在忙着两个活动中心的改版,没什么时间来更新文章.今天终于抽空可以写一写. JavaScript 现在每年都会发一个新版本,里面也会新增 ...

  10. 共享内存多进程key value操作

    这个方法的优势是多进程,劣势也很明显,只允许操作key为uint32 value为uint32的数据.   https://www.cnblogs.com/dearplain/p/11578588.h ...