Heartsuit's Simple Blog
A place to hold mainly reading notes, and some technical stuff occasionally. 这里主要是一些读书笔记、感悟;还有部分技术相关的内容。
Project maintained by heartsuit Hosted on GitHub Pages — Theme by mattgraham
Ansible纸上谈兵02:常用模块
发布:2021-05-22 Saturday
标签:Ansible,Server
目录[-]
背景
这里以 ad-hoc 命令的方式介绍下 Ansible 经常用到的模块。 Ansible 已经具备丰富的模块生态,我们可以借助 Ansible 的模块完成日常在 Linux 操作系统上的运维工作。
一般常用的模块有:
- 执行命令
command(默认) shell
Note: command , shell 本质上执行的都是基础命令(区别在于 command 模块不支持管道命令)
- 管理安装包
yum
- 管理文件
file copy get_url
- 管理服务
service
- 管理用户
group user
- 管理定时任务
cron
主机清单
主机清单配置与上一篇Ansible纸上谈兵01:认识一下Ansible文章中的一致,并对其进行分组(1个控制端,3个web服务,1个数据库服务,1个缓存服务)。
# Ansible默认的配置文件位于/etc/ansible/hosts
[root@ecs-kunpeng-0001 ~]# vim /etc/ansible/hosts
# 配置以下内容
[controller]
192.168.0.6
[web]
192.168.0.53
192.168.0.39
192.168.0.46
[db]
192.168.0.235
[cache]
192.168.0.166
ad-hoc
-
ad-hoc命令语法格式:ansible [一般为主机清单] -m [模块] -a [模块选项]
所谓的 ad-hoc ,是指每次执行一条命令,类似于 Shell 命令行的交互式脚本。
-
查看模块使用文档语法格式:
ansible-doc [模块]
不用看其他书籍,关键是学会查看文档(可直接定位到Example查看示例),eg: ansible-doc yum
执行命令
# 指定一个组,执行命令
[root@ecs-kunpeng-0001 ~]# ansible cache -m ping
192.168.0.166 | SUCCESS => {
"changed": false,
"ping": "pong"
}
# 指定多个组(db组、cache组),执行命令
[root@ecs-kunpeng-0001 ~]# ansible db:cache -m ping
192.168.0.166 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.0.235 | SUCCESS => {
"changed": false,
"ping": "pong"
}
# command模块执行管道操作时报语法错误
[root@ecs-kunpeng-0001 ~]# ansible cache -m command -a "ps aux|grep redis"
192.168.0.166 | FAILED | rc=1 >>
error: unsupported option (BSD syntax)
Usage:
ps [options]
Try 'ps --help <simple|list|output|threads|misc|all>'
or 'ps --help <s|l|o|t|m|a>'
for additional help text.
For more details see ps(1).non-zero return code
# shell模块可以执行管道操作
[root@ecs-kunpeng-0001 ~]# ansible cache -m shell -a "ps aux|grep redis"
192.168.0.166 | CHANGED | rc=0 >>
systemd+ 75292 0.1 0.0 136256 6080 ? Ssl 4月16 100:18 redis-server *:6379
root 1292536 0.0 0.0 214464 1728 pts/0 S+ 21:59 0:00 /bin/sh -c ps aux|grep redis
root 1292538 0.0 0.0 214080 1536 pts/0 S+ 21:59 0:00 grep redis
root 1848214 0.0 0.1 1298368 7488 ? Ssl 5月20 1:11 ./bin/redis-server *:6380
Note:
- 如果不指定模块,则默认采用
command模块; - 基础的
Linux命令,都可以通过command与shell模块执行,区别在于command模块不支持管道命令。
管理安装包
# 安装当前最新的Apache软件
[root@ecs-kunpeng-0001 ~]# ansible cache -m yum -a "name=httpd state=latest"
192.168.0.166 | SUCCESS => {
"ansible_facts": {
"pkg_mgr": "dnf"
},
"changed": false,
"msg": "Nothing to do",
"rc": 0,
"results": []
}
# 通过公网URL安装rpm软件
[root@ecs-kunpeng-0001 ~]# ansible cache -m yum -a "name=https://mirrors.huaweicloud.com/openeuler/openEuler-20.03-LTS/everything/aarch64/Packages/httpd-2.4.34-15.oe1.aarch64.rpm state=latest"
# 通过本地包安装rpm软件
[root@ecs-kunpeng-0001 ~]# ansible cache -m yum -a "name=/tmp/package.rpm state=present"
# 卸载删除httpd软件
[root@ecs-kunpeng-0001 ~]# ansible cache -m yum -a "name=httpd state=absent"
管理文件
file copy get_url
- file:创建文件、目录,授权模块
# 创建文件,并设定属主、属组、权限
[root@ecs-kunpeng-0001 ~]# ansible cache -m file -a "path=/var/www/html/index.html state=touch owner=apache group=apache mode=644"
192.168.0.166 | CHANGED => {
"changed": true,
"dest": "/var/www/html/index.html",
"gid": 48,
"group": "apache",
"mode": "0644",
"owner": "apache",
"size": 0,
"state": "file",
"uid": 48
}
# 创建目录,并设定属主、属组、权限
[root@ecs-kunpeng-0001 ~]# ansible cache -m file -a "path=/var/www/html/dir state=directory owner=apache group=apache mode=755"
192.168.0.166 | CHANGED => {
"changed": true,
"gid": 48,
"group": "apache",
"mode": "0755",
"owner": "apache",
"path": "/var/www/html/dir",
"size": 4096,
"state": "directory",
"uid": 48
}
# 通过shell模块验证下是否创建了文件与目录
[root@ecs-kunpeng-0001 ~]# ansible cache -m shell -a "ls -l /var/www/html"
192.168.0.166 | CHANGED | rc=0 >>
总用量 4
drwxr-xr-x 2 apache apache 4096 5月 21 22:20 dir
-rw-r--r-- 1 apache apache 0 5月 21 22:17 index.html
- copy:文件传输模块
# 将本地的file.txt文件推送到远端服务
[root@ecs-kunpeng-0001 ~]# ansible cache -m copy -a "src=./file.txt dest=/var/www/html/file.txt owner=root group=root mode=644"
192.168.0.166 | CHANGED => {
"changed": true,
"checksum": "d4d55684a3d4d6a3c31c36f788f01f30d0d22d02",
"dest": "/var/www/html/file.txt",
"gid": 0,
"group": "root",
"md5sum": "1ae9367e28d7d3173e93a92d09e76708",
"mode": "0644",
"owner": "root",
"size": 25,
"src": "/root/.ansible/tmp/ansible-tmp-1621607368.0554242-3109318-111286480082069/source",
"state": "file",
"uid": 0
}
# 往远程的主机文件中写入内容
[root@ecs-kunpeng-0001 ~]# ansible cache -m copy -a "content=writesomething.. dest=/var/www/html/file.txt"
192.168.0.166 | CHANGED => {
"changed": true,
"checksum": "dd3c25def1f5204fd618a0a3346b68feac393c1e",
"dest": "/var/www/html/file.txt",
"gid": 0,
"group": "root",
"md5sum": "b30d3b6c1a4327a291e271d7e502247e",
"mode": "0644",
"owner": "root",
"size": 16,
"src": "/root/.ansible/tmp/ansible-tmp-1621607386.0447457-3110984-150399809437238/source",
"state": "file",
"uid": 0
}
# 通过shell模块验证下是否创建了文件与目录
[root@ecs-kunpeng-0001 ~]# ansible cache -m shell -a "cat /var/www/html/file.txt"
192.168.0.166 | CHANGED | rc=0 >>
writesomething..
- get_url:下载文件模块
# 下载互联网的软件至本地,url支持http, https, ftp,这里以之前中招的挖矿病毒脚本为例测试下载
[root@ecs-kunpeng-0001 ~]# ansible cache -m get_url -a "url=http://45.9.148.37/cf67356a3333e6999999999/init.sh dest=/var/www/html/"
192.168.0.166 | CHANGED => {
"changed": true,
"checksum_dest": null,
"checksum_src": "1bf6b644228a468e6f90643d7a5efdd447dd169d",
"dest": "/var/www/html/init.sh",
"elapsed": 0,
"gid": 0,
"group": "root",
"md5sum": "179fd51fe6b061e8b54b0f3ca2e8bd26",
"mode": "0600",
"msg": "OK (37907 bytes)",
"owner": "root",
"size": 37907,
"src": "/root/.ansible/tmp/ansible-tmp-1621607722.632395-3141898-83452532208350/tmpbt07hddb",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "http://45.9.148.37/cf67356a3333e6999999999/init.sh"
}
# 验证是否下载成功init.sh
[root@ecs-kunpeng-0001 ~]# ansible cache -m shell -a "ls -l /var/www/html"
192.168.0.166 | CHANGED | rc=0 >>
总用量 48
drwxr-xr-x 2 apache apache 4096 5月 21 22:20 dir
-rw-r--r-- 1 root root 16 5月 21 22:29 file.txt
-rw-r--r-- 1 apache apache 0 5月 21 22:17 index.html
-rw------- 1 root root 37907 5月 21 22:35 init.sh
# 使用默认命令模块删除文件时,有个警告,并建议使用file模块来操作文件的删除。
[root@ecs-kunpeng-0001 ~]# ansible cache -a "rm /var/www/html/init.sh"
[WARNING]: Consider using the file module with state=absent rather than running 'rm'. If you
need to use command because file is insufficient you can add 'warn: false' to this command
task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.0.166 | CHANGED | rc=0 >>
# 使用file模块删除文件
[root@ecs-kunpeng-0001 ~]# ansible cache -m file -a "path=/var/www/html/file.txt state=absent"
192.168.0.166 | CHANGED => {
"changed": true,
"path": "/var/www/html/file.txt",
"state": "absent"
}
# 验证是否已经删除了init.sh以及file.txt
[root@ecs-kunpeng-0001 ~]# ansible cache -m shell -a "ls -l /var/www/html"
192.168.0.166 | CHANGED | rc=0 >>
总用量 4
drwxr-xr-x 2 apache apache 4096 5月 21 22:20 dir
-rw-r--r-- 1 apache apache 0 5月 21 22:17 index.html
管理服务
# 启动httpd服务
[root@ecs-kunpeng-0001 ~]# ansible cache -m service -a "name=httpd state=started"
192.168.0.166 | CHANGED => {
"changed": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
...
# 停止httpd服务
[root@ecs-kunpeng-0001 ~]# ansible cache -m service -a "name=httpd state=stopped"
# 重启httpd服务
[root@ecs-kunpeng-0001 ~]# ansible cache -m service -a "name=httpd state=restarted"
# 启动httpd服务,并加入开机自启
[root@ecs-kunpeng-0001 ~]# ansible cache -m service -a "name=httpd state=started enabled=yes"
管理用户
- group: 分组模块
# 创建grpone基本组,指定uid为1234
[root@ecs-kunpeng-0001 ~]# ansible cache -m group -a "name=grpone gid=1234 state=present"
192.168.0.166 | CHANGED => {
"changed": true,
"gid": 1234,
"name": "grpone",
"state": "present",
"system": false
}
# 创建grptwo系统组,指定uid为5678
[root@ecs-kunpeng-0001 ~]# ansible cache -m group -a "name=grptwo gid=5678 system=yes state=present"
192.168.0.166 | CHANGED => {
"changed": true,
"gid": 5678,
"name": "grptwo",
"state": "present",
"system": true
}
# 删除grpone基本组
[root@ecs-kunpeng-0001 ~]# ansible cache -m group -a "name=grpone state=absent"
192.168.0.166 | CHANGED => {
"changed": true,
"name": "grpone",
"state": "absent"
}
- user: 用户模块
# 创建heartsuit用户,组是docker
[root@ecs-kunpeng-0001 ~]# ansible cache -m user -a "name=heartsuit group=docker"
192.168.0.166 | CHANGED => {
"changed": true,
"comment": "",
"create_home": true,
"group": 989,
"home": "/home/heartsuit",
"name": "heartsuit",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
# 删除用户
[root@ecs-kunpeng-0001 ~]# ansible cache -m user -a "name=heartsuit state=absent"
192.168.0.166 | CHANGED => {
"changed": true,
"force": false,
"name": "heartsuit",
"remove": false,
"state": "absent"
}
管理定时任务
# 添加定时任务:每隔2分钟执行一次date >> /var/www/html/date.txt
[root@ecs-kunpeng-0001 ~]# ansible cache -m cron -a "name=job-datetime minute=*/2 job='date >> /var/www/html/date.txt'"
192.168.0.166 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"job-datetime"
]
}
# 验证是否生成了定时任务
[root@ecs-kunpeng-0001 ~]# ansible cache -m shell -a "crontab -l"
192.168.0.166 | CHANGED | rc=0 >>
#Ansible: job-datetime
*/2 * * * * date >> /var/www/html/date.txt
# 验证定时任务是否执行
[root@ecs-kunpeng-0001 ~]# ansible cache -m shell -a "cat /var/www/html/date.txt"
192.168.0.166 | CHANGED | rc=0 >>
Fri May 21 22:42:01 CST 2021
Fri May 21 22:44:01 CST 2021
Fri May 21 22:46:01 CST 2021
# 关闭定时任务
[root@ecs-kunpeng-0001 ~]# ansible cache -m cron -a "name=job-datetime minute=*/2 job='date >> /var/www/html/date.txt' disabled=yes"
192.168.0.166 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"job-datetime"
]
}
# 验证是否关闭定时任务,这里的结果是把定时任务配置注释了
[root@ecs-kunpeng-0001 ~]# ansible cache -m shell -a "crontab -l"192.168.0.166 | CHANGED | rc=0 >>
#Ansible: job-datetime
#*/2 * * * * date >> /var/www/html/date.txt
借助 Ansible 这些常用模块,执行基本的命令,可以实现对服务集群的简单管理;如果需要执行稍微复杂的运维任务,则可以通过 Playbook 来完成。
Reference
If you have any questions or any bugs are found, please feel free to contact me.
Your comments and suggestions are welcome!
「说点什么吧😊~~😊」:
