安裝包可以不用跟後面的state=present,因為我們不寫預設就是present;安裝包的時候name也可以指定從遠端倉庫裡安裝某一個包,比如name=https://xxx/包名.rpm。也可以從本地CD光牒安裝,比如name=/file/to/package.rpm;同時也可以指定安裝某個包組的包,比如name="@Development tools";當然這個子產品隻能用于支援yum包管理的Linux系統(redhat系列),ubuntu需要用apt這個子產品進行包的管理,用法同yum類似。
1、hostname:此子產品的主要作用是管理遠端節點主機名
子產品幫助:
root@localhost ~]# ansible-doc -s hostname
- name: Manage hostname
hostname:
name: # (required) Name of the host
[root@localhost ~]#
說明:通常我們使用這個子產品是在playbook裡使用,通過一些變量的控制,給定不同的主機以不同的主機名。
常用參數說明:
name:指定遠端節點主機名稱
[root@localhost ~]# ansible 192.168.0.99 -m shell -a 'hostname'
192.168.0.99 | SUCCESS | rc=0 >>
docker
[root@localhost ~]# ansible 192.168.0.99 -m hostname -a 'name=test'
192.168.0.99 | SUCCESS => {
"ansible_facts": {
"ansible_domain": "",
"ansible_fqdn": "test",
"ansible_hostname": "test",
"ansible_nodename": "test"
},
"changed": true,
"name": "test"
}
[root@localhost ~]# ansible 192.168.0.99 -m shell -a 'hostname'
192.168.0.99 | SUCCESS | rc=0 >>
test
[root@localhost ~]#
說明:以上指令是給192.168.0.99這台主機更改主機名
2、cron:此子產品的主要作用是管理計劃任務
[root@localhost ~]# ansible-doc -s cron
- name: Manage cron.d and crontab entries.
cron:
backup: # If set, create a backup of the crontab before it is modified. The location of the backup is returned in
the `backup_file' variable by this module.
cron_file: # If specified, uses this file instead of an individual user's crontab. If this is a relative path, it is
interpreted with respect to /etc/cron.d. (If it is absolute, it will
typically be /etc/crontab). Many linux distros expect (and some require)
the filename portion to consist solely of upper- and lower-case letters,
digits, underscores, and hyphens. To use the `cron_file' parameter you
must specify the `user' as well.
day: # Day of the month the job should run ( 1-31, *, */2, etc )
disabled: # If the job should be disabled (commented out) in the crontab. Only has effect if state=present
env: # If set, manages a crontab's environment variable. New variables are added on top of crontab. "name" and
"value" parameters are the name and the value of environment variable.
hour: # Hour when the job should run ( 0-23, *, */2, etc )
insertafter: # Used with `state=present' and `env'. If specified, the environment variable will be inserted after the
declaration of specified environment variable.
insertbefore: # Used with `state=present' and `env'. If specified, the environment variable will be inserted before the
declaration of specified environment variable.
job: # The command to execute or, if env is set, the value of environment variable. The command should not
contain line breaks. Required if state=present.
minute: # Minute when the job should run ( 0-59, *, */2, etc )
month: # Month of the year the job should run ( 1-12, *, */2, etc )
name: # Description of a crontab entry or, if env is set, the name of environment variable. Required if
state=absent. Note that if name is not set and state=present, then a new
crontab entry will always be created, regardless of existing ones.
reboot: # If the job should be run at reboot. This option is deprecated. Users should use special_time.
special_time: # Special time specification nickname.
state: # Whether to ensure the job or environment variable is present or absent.
user: # The specific user whose crontab should be modified.
weekday: # Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc )
[root@localhost ~]# backup:是否備份之前的計劃任務,預設為no
[root@localhost ~]# ansible websers -m shell -a 'crontab -l'
192.168.0.99 | FAILED | rc=1 >>
no crontab for rootnon-zero return code
192.168.0.218 | FAILED | rc=1 >>
no crontab for rootnon-zero return code
[root@localhost ~]# ansible websers -m cron -a 'name=test minute=*/4 job="/usr/bin/wall hello world" '
192.168.0.218 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test"
]
}
192.168.0.99 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test"
]
}
[root@localhost ~]# ansible websers -m shell -a 'crontab -l'
192.168.0.218 | SUCCESS | rc=0 >>
#Ansible: test
*/4 * * * * /usr/bin/wall hello world
192.168.0.99 | SUCCESS | rc=0 >>
#Ansible: test
*/4 * * * * /usr/bin/wall hello world
[root@localhost ~]# ansible websers -m cron -a 'name=test2 minute=*/2 job="/usr/bin/wall this is test" backup=yes '
192.168.0.218 | SUCCESS => {
"backup_file": "/tmp/crontab3sg1oa",
"changed": true,
"envs": [],
"jobs": [
"test",
"test2"
]
}
192.168.0.99 | SUCCESS => {
"backup_file": "/tmp/crontabMvYnq7",
"changed": true,
"envs": [],
"jobs": [
"test",
"test2"
]
}
[root@localhost ~]# ansible websers -m shell -a 'crontab -l'
192.168.0.218 | SUCCESS | rc=0 >>
#Ansible: test
*/4 * * * * /usr/bin/wall hello world
#Ansible: test2
*/2 * * * * /usr/bin/wall this is test
192.168.0.99 | SUCCESS | rc=0 >>
#Ansible: test
*/4 * * * * /usr/bin/wall hello world
#Ansible: test2
*/2 * * * * /usr/bin/wall this is test
[root@localhost ~]# ansible websers -m shell -a 'cat /tmp/crontab*'
192.168.0.218 | SUCCESS | rc=0 >>
#Ansible: test
*/4 * * * * /usr/bin/wall hello world
192.168.0.99 | SUCCESS | rc=0 >>
#Ansible: test
*/4 * * * * /usr/bin/wall hello world
[root@localhost ~]#
說明:指定了backup=yes,它預設會把原有的計劃任務備份到遠端節點主機的/tmp/下,名為crontab+随機字元串。
day:表示時間日,取值範圍(1-31),支援’*‘,表示每日的意思,*/2表示每兩日
hour:表示時間小時,取值範圍(0-23),支援*, */2
minute:表示時間分鐘,取值範圍(0-59),支援* ,*/2
month:表示時間月,取值範圍(1-12),支援* , */2
weekday:表示時間周,取值範圍(0-6或者1-7),支援*
user:表示建立幾乎任務的使用者
[root@localhost ~]# ansible websers -m cron -a 'name=test3 minute=*/2 job="/usr/bin/wall this is test3" user=qiuhom '
192.168.0.218 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test3"
]
}
192.168.0.99 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test3"
]
}
[root@localhost ~]# ansible websers -m shell -a 'crontab -u qiuhom -l'
192.168.0.218 | SUCCESS | rc=0 >>
#Ansible: test3
*/2 * * * * /usr/bin/wall this is test3
192.168.0.99 | SUCCESS | rc=0 >>
#Ansible: test3
*/2 * * * * /usr/bin/wall this is test3
[root@localhost ~]# state:指定計劃任務是present(建立)或者absent(删除),若不指定state的值,預設是建立計劃任務
[root@localhost ~]# ansible websers -m shell -a 'crontab -u qiuhom -l'
192.168.0.218 | SUCCESS | rc=0 >>
#Ansible: test3
*/2 * * * * /usr/bin/wall this is test3
#Ansible: hehe
*/2 * * * * /usr/bin/wall hhheee
192.168.0.99 | SUCCESS | rc=0 >>
#Ansible: test3
*/2 * * * * /usr/bin/wall this is test3
#Ansible: hehe
*/2 * * * * /usr/bin/wall hhheee
[root@localhost ~]# ansible websers -m cron -a 'name=hehe user=qiuhom state=absent'
192.168.0.218 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test3"
]
}
192.168.0.99 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test3"
]
}
[root@localhost ~]# ansible websers -m shell -a 'crontab -u qiuhom -l'
192.168.0.218 | SUCCESS | rc=0 >>
#Ansible: test3
*/2 * * * * /usr/bin/wall this is test3
192.168.0.99 | SUCCESS | rc=0 >>
#Ansible: test3
*/2 * * * * /usr/bin/wall this is test3
[root@localhost ~]#
說明:state=absent是從使用者的計劃任務清單中删除計劃任務,它不是把計劃任務給注釋掉,而是删除。删除計劃任務隻需指定計劃任務名稱以及使用者就可以,若沒有指定使用者,它預設是root使用者。
disabled:是否禁用計劃任務(被注釋),此選項隻能在state=present的時候才有效
[root@localhost ~]# ansible websers -m cron -a 'name=xxxx hour=2 minute=30 day=14 month=11 job="/usr/bin/wall ahahahahh" disabled=yes '
192.168.0.218 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test",
"test2",
"xxxx"
]
}
192.168.0.99 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test",
"test2",
"xxxx"
]
}
[root@localhost ~]#
[root@localhost ~]# ansible websers -m shell -a 'crontab -l'
192.168.0.218 | SUCCESS | rc=0 >>
#Ansible: test
*/4 * * * * /usr/bin/wall hello world
#Ansible: test2
*/2 * * * * /usr/bin/wall this is test
#Ansible: xxxx
#30 2 14 11 * /usr/bin/wall ahahahahh
192.168.0.99 | SUCCESS | rc=0 >>
#Ansible: test
*/4 * * * * /usr/bin/wall hello world
#Ansible: test2
*/2 * * * * /usr/bin/wall this is test
#Ansible: xxxx
#30 2 14 11 * /usr/bin/wall ahahahahh
[root@localhost ~]#
[root@localhost ~]# ansible websers -m cron -a 'name=xxxx hour=2 minute=30 day=14 month=11 job="/usr/bin/wall ahahahahh" disabled=no '
192.168.0.218 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test",
"test2",
"xxxx"
]
}
192.168.0.99 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test",
"test2",
"xxxx"
]
}
[root@localhost ~]# ansible websers -m shell -a 'crontab -l'
192.168.0.218 | SUCCESS | rc=0 >>
#Ansible: test
*/4 * * * * /usr/bin/wall hello world
#Ansible: test2
*/2 * * * * /usr/bin/wall this is test
#Ansible: xxxx
30 2 14 11 * /usr/bin/wall ahahahahh
192.168.0.99 | SUCCESS | rc=0 >>
#Ansible: test
*/4 * * * * /usr/bin/wall hello world
#Ansible: test2
*/2 * * * * /usr/bin/wall this is test
#Ansible: xxxx
30 2 14 11 * /usr/bin/wall ahahahahh
[root@localhost ~]# name:指定計劃任務的名稱
job:指定任務計劃要執行的指令
cron_file:替換遠端使用者的任務計劃的檔案
[root@localhost ~]# ansible websers -m cron -a 'name=xxxx hour=2 minute=30 day=14 month=11 job="/usr/bin/wall ahahahahh" disabled=no cron_file=/root/test_cron_file user=root'
192.168.0.218 | SUCCESS => {
"changed": true,
"cron_file": "/root/test_cron_file",
"envs": [],
"jobs": [
"xxxx"
]
}
192.168.0.99 | SUCCESS => {
"changed": true,
"cron_file": "/root/test_cron_file",
"envs": [],
"jobs": [
"xxxx"
]
}
[root@localhost ~]# ansible websers -m shell -a 'ls -l /root/test_cron_file'
192.168.0.218 | SUCCESS | rc=0 >>
-rw-r--r--. 1 root root 57 Nov 13 19:15 /root/test_cron_file
192.168.0.99 | SUCCESS | rc=0 >>
-rw-r--r-- 1 root root 57 Nov 13 19:15 /root/test_cron_file
[root@localhost ~]# ansible websers -m shell -a 'cat /root/test_cron_file'
192.168.0.218 | SUCCESS | rc=0 >>
#Ansible: xxxx
30 2 14 11 * root /usr/bin/wall ahahahahh
192.168.0.99 | SUCCESS | rc=0 >>
#Ansible: xxxx
30 2 14 11 * root /usr/bin/wall ahahahahh
[root@localhost ~]#
說明:此選項必須指定以那個使用者建立的計劃任務。
3、yum:此子產品主要功能是使用“yum”包管理器管理包
[root@localhost ~]# ansible-doc -s yum
- name: Manages packages with the `yum' package manager
yum:
allow_downgrade: # Specify if the named package and version is allowed to downgrade a maybe already installed higher version of
that package. Note that setting allow_downgrade=True can make this module
behave in a non-idempotent way. The task could end up with a set of packages
that does not match the complete list of specified packages to install
(because dependencies between the downgraded package and others can cause
changes to the packages which were in the earlier transaction).
conf_file: # The remote yum configuration file to use for the transaction.
disable_gpg_check: # Whether to disable the GPG checking of signatures of packages being installed. Has an effect only if state is
`present' or `latest'.
disablerepo: # `Repoid' of repositories to disable for the install/update operation. These repos will not persist beyond the
`present' or `latest'.
disablerepo: # `Repoid' of repositories to disable for the install/update operation. These repos will not persist beyond the
transaction. When specifying multiple repos, separate them with a ",".
enablerepo: # `Repoid' of repositories to enable for the install/update operation. These repos will not persist beyond the
transaction. When specifying multiple repos, separate them with a ",".
exclude: # Package name(s) to exclude when state=present, or latest
installroot: # Specifies an alternative installroot, relative to which all packages will be installed.
list: # Package name to run the equivalent of yum list <package> against.
name: # (required) Package name, or package specifier with version, like `name-1.0'. If a previous version is
specified, the task also needs to turn `allow_downgrade' on. See the
`allow_downgrade' documentation for caveats with downgrading packages. When
using state=latest, this can be '*' which means run `yum -y update'. You can
also pass a url or a local path to a rpm file (using state=present). To
operate on several packages this can accept a comma separated list of packages
or (as of 2.0) a list of packages.
security: # If set to `yes', and `state=latest' then only installs updates that have been marked security related.
skip_broken: # Resolve depsolve problems by removing packages that are causing problems from the trans‐ action.
state: # Whether to install (`present' or `installed', `latest'), or remove (`absent' or `removed') a package.
update_cache: # Force yum to check if cache is out of date and redownload if needed. Has an effect only if state is `present'
or `latest'.
validate_certs: # This only applies if using a https url as the source of the rpm. e.g. for localinstall. If set to `no', the
SSL certificates will not be validated. This should only set to `no' used on
personally controlled sites using self-signed certificates as it avoids
verifying the source site. Prior to 2.1 the code worked as if this was set to
`yes'.
[root@localhost ~]# name:指定包的名稱
state:指定是對包的操作,present或者installed或者latest 都表示安裝,latest表示安裝最新版本的包;absent或者removed表示删除,解除安裝,預設是present
list:類似yum list 包名 這條指令
1)安裝包
[root@localhost ~]# ansible websers -m yum -a ' list=httpd'
192.168.0.99 | SUCCESS => {
"changed": false,
"results": [
{
"arch": "x86_64",
"envra": "0:httpd-2.4.6-90.el7.centos.x86_64",
"epoch": "0",
"name": "httpd",
"release": "90.el7.centos",
"repo": "base",
"version": "2.4.6",
"yumstate": "available"
}
]
}
192.168.0.218 | SUCCESS => {
"changed": false,
"results": [
{
"arch": "x86_64",
"envra": "0:httpd-2.2.15-69.el6.centos.x86_64",
"epoch": "0",
"name": "httpd",
"release": "69.el6.centos",
"repo": "base",
"version": "2.2.15",
"yumstate": "available"
}
]
}
[root@localhost ~]# ansible websers -m yum -a 'name=httpd state=present'
192.168.0.218 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * epel: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.163.com\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.2.15-69.el6.centos will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n httpd x86_64 2.2.15-69.el6.centos base 836 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 836 k\nInstalled size: 3.0 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : httpd-2.2.15-69.el6.centos.x86_64 1/1 \n\r Verifying : httpd-2.2.15-69.el6.centos.x86_64 1/1 \n\nInstalled:\n httpd.x86_64 0:2.2.15-69.el6.centos \n\nComplete!\n"
]
}
192.168.0.99 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-90.el7.centos will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n httpd x86_64 2.4.6-90.el7.centos base 2.7 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 2.7 M\nInstalled size: 9.4 M\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : httpd-2.4.6-90.el7.centos.x86_64 1/1 \n Verifying : httpd-2.4.6-90.el7.centos.x86_64 1/1 \n\nInstalled:\n httpd.x86_64 0:2.4.6-90.el7.centos \n\nComplete!\n"
]
}
[root@localhost ~]# ansible websers -m yum -a ' list=httpd'
192.168.0.99 | SUCCESS => {
"changed": false,
"results": [
{
"arch": "x86_64",
"envra": "0:httpd-2.4.6-90.el7.centos.x86_64",
"epoch": "0",
"name": "httpd",
"release": "90.el7.centos",
"repo": "base",
"version": "2.4.6",
"yumstate": "available"
},
{
"arch": "x86_64",
"envra": "0:httpd-2.4.6-90.el7.centos.x86_64",
"epoch": "0",
"name": "httpd",
"release": "90.el7.centos",
"repo": "installed",
"version": "2.4.6",
"yumstate": "installed"
}
]
}
192.168.0.218 | SUCCESS => {
"changed": false,
"results": [
{
"arch": "x86_64",
"envra": "0:httpd-2.2.15-69.el6.centos.x86_64",
"epoch": "0",
"name": "httpd",
"release": "69.el6.centos",
"repo": "base",
"version": "2.2.15",
"yumstate": "available"
},
{
"arch": "x86_64",
"envra": "0:httpd-2.2.15-69.el6.centos.x86_64",
"epoch": "0",
"name": "httpd",
"release": "69.el6.centos",
"repo": "installed",
"version": "2.2.15",
"yumstate": "installed"
}
]
}
[root@localhost ~]# 說明:安裝包可以不用跟後面的state=present,因為我們不寫預設就是present;安裝包的時候name也可以指定從遠端倉庫裡安裝某一個包,比如name=https://xxx/包名.rpm。也可以從本地CD光牒安裝,比如name=/file/to/package.rpm;同時也可以指定安裝某個包組的包,比如name="@Development tools";當然這個子產品隻能用于支援yum包管理的Linux系統(redhat系列),ubuntu需要用apt這個子產品進行包的管理,用法同yum類似。
2)解除安裝包
[root@localhost ~]# ansible websers -m yum -a ' name=httpd state=absent'
192.168.0.218 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Remove Process\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.2.15-69.el6.centos will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n httpd x86_64 2.2.15-69.el6.centos @base 3.0 M\n\nTransaction Summary\n================================================================================\nRemove 1 Package(s)\n\nInstalled size: 3.0 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Erasing : httpd-2.2.15-69.el6.centos.x86_64 1/1 \n\r Verifying : httpd-2.2.15-69.el6.centos.x86_64 1/1 \n\nRemoved:\n httpd.x86_64 0:2.2.15-69.el6.centos \n\nComplete!\n"
]
}
192.168.0.99 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-90.el7.centos will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n httpd x86_64 2.4.6-90.el7.centos @base 9.4 M\n\nTransaction Summary\n================================================================================\nRemove 1 Package\n\nInstalled size: 9.4 M\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Erasing : httpd-2.4.6-90.el7.centos.x86_64 1/1 \n Verifying : httpd-2.4.6-90.el7.centos.x86_64 1/1 \n\nRemoved:\n httpd.x86_64 0:2.4.6-90.el7.centos \n\nComplete!\n"
]
}
[root@localhost ~]# ansible websers -m yum -a ' list=httpd'
192.168.0.99 | SUCCESS => {
"changed": false,
"results": [
{
"arch": "x86_64",
"envra": "0:httpd-2.4.6-90.el7.centos.x86_64",
"epoch": "0",
"name": "httpd",
"release": "90.el7.centos",
"repo": "base",
"version": "2.4.6",
"yumstate": "available"
}
]
}
192.168.0.218 | SUCCESS => {
"changed": false,
"results": [
{
"arch": "x86_64",
"envra": "0:httpd-2.2.15-69.el6.centos.x86_64",
"epoch": "0",
"name": "httpd",
"release": "69.el6.centos",
"repo": "base",
"version": "2.2.15",
"yumstate": "available"
}
]
}
[root@localhost ~]#
4、service:此子產品主要功能是管理服務
[root@localhost ~]# ansible-doc -s service
- name: Manage services.
service:
arguments: # Additional arguments provided on the command line
enabled: # Whether the service should start on boot. *At least one of state and enabled are required.*
name: # (required) Name of the service.
pattern: # If the service does not respond to the status command, name a substring to look for as would be found in the
output of the `ps' command as a stand-in for a status result. If the string
is found, the service will be assumed to be running.
runlevel: # For OpenRC init scripts (ex: Gentoo) only. The runlevel that this service belongs to.
sleep: # If the service is being `restarted' then sleep this many seconds between the stop and start command. This
helps to workaround badly behaving init scripts that exit immediately after
signaling a process to stop.
state: # `started'/`stopped' are idempotent actions that will not run commands unless necessary. `restarted' will
always bounce the service. `reloaded' will always reload. *At least one of
state and enabled are required.* Note that reloaded will start the service if
it is not already started, even if your chosen init system wouldn't normally.
use: # The service module actually uses system specific modules, normally through auto detection, this setting can
force a specific module. Normally it uses the value of the
'ansible_service_mgr' fact and falls back to the old 'service' module when
none matching is found.
[root@localhost ~]# enabled:是否開機啟動
name:指定服務名稱
state:指定對服務的操作,started表示啟動服務,stopped表示停止服務,restarted表示重新開機服務,reloaded表示重新加載配置檔案,切記沒有status這個值
1)啟動httpd服務
[root@localhost ~]# ansible websers -m shell -a 'ss -ntl|grep 80'
192.168.0.218 | FAILED | rc=1 >>
non-zero return code
192.168.0.99 | FAILED | rc=1 >>
non-zero return code
[root@localhost ~]# ansible websers -m service -a 'name=httpd state=started'
192.168.0.218 | SUCCESS => {
"changed": true,
"name": "httpd",
"state": "started"
}
192.168.0.99 | SUCCESS => {
"changed": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "systemd-journald.socket tmp.mount network.target remote-fs.target system.slice nss-lookup.target -.mount basic.target",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Before": "shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"Conflicts": "shutdown.target",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The Apache HTTP Server",
"DevicePolicy": "auto",
"Documentation": "man:httpd(8) man:apachectl(8)",
"EnvironmentFile": "/etc/sysconfig/httpd (ignore_errors=no)",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStop": "{ path=/bin/kill ; argv[]=/bin/kill -WINCH ${MAINPID} ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/httpd.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "httpd.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestampMonotonic": "0",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "control-group",
"KillSignal": "18",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "4096",
"LimitNPROC": "6537",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "6537",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "0",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "httpd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "main",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "yes",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "basic.target -.mount system.slice",
"RequiresMountsFor": "/var/tmp",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "18446744073709551615",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "notify",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
[root@localhost ~]# ansible websers -m shell -a 'ss -ntl|grep 80'
192.168.0.218 | SUCCESS | rc=0 >>
LISTEN 0 128 :::80 :::*
192.168.0.99 | SUCCESS | rc=0 >>
LISTEN 0 128 :::80 :::*
[root@localhost ~]#
說明:httpd服務監聽的端口它不區分ipv4和ipv6,是以都監聽在ipv6上
2)停止httpd服務,并設定開機啟動
[root@localhost ~]# ansible websers -m service -a 'name=httpd state=stopped enabled=yes'
192.168.0.218 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "stopped"
}
192.168.0.99 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "Wed 2019-11-13 20:14:01 CST",
"ActiveEnterTimestampMonotonic": "161470007169",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "systemd-journald.socket -.mount tmp.mount nss-lookup.target network.target remote-fs.target basic.target system.slice",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "yes",
"AssertTimestamp": "Wed 2019-11-13 20:14:00 CST",
"AssertTimestampMonotonic": "161469785404",
"Before": "shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"ConditionResult": "yes",
"ConditionTimestamp": "Wed 2019-11-13 20:14:00 CST",
"ConditionTimestampMonotonic": "161469785403",
"Conflicts": "shutdown.target",
"ControlGroup": "/system.slice/httpd.service",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The Apache HTTP Server",
"DevicePolicy": "auto",
"Documentation": "man:httpd(8) man:apachectl(8)",
"EnvironmentFile": "/etc/sysconfig/httpd (ignore_errors=no)",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "5877",
"ExecMainStartTimestamp": "Wed 2019-11-13 20:14:00 CST",
"ExecMainStartTimestampMonotonic": "161469797959",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[Wed 2019-11-13 20:14:00 CST] ; stop_time=[n/a] ; pid=5877 ; code=(null) ; status=0/0 }",
"ExecStop": "{ path=/bin/kill ; argv[]=/bin/kill -WINCH ${MAINPID} ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/httpd.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "httpd.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestamp": "Wed 2019-11-13 20:14:00 CST",
"InactiveExitTimestampMonotonic": "161469798163",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "control-group",
"KillSignal": "18",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "4096",
"LimitNPROC": "6537",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "6537",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "5877",
"MemoryAccounting": "no",
"MemoryCurrent": "3018752",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "httpd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "main",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "yes",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "basic.target -.mount system.slice",
"RequiresMountsFor": "/var/tmp",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StatusText": "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec",
"StopWhenUnneeded": "no",
"SubState": "running",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "6",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "notify",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"WatchdogTimestamp": "Wed 2019-11-13 20:14:01 CST",
"WatchdogTimestampMonotonic": "161470007075",
"WatchdogUSec": "0"
}
}
[root@localhost ~]#ansible 'websers:!*99' -m shell -a 'chkconfig --list httpd'
192.168.0.218 | SUCCESS | rc=0 >>
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost ~]# ansible 'websers:!*21*' -m shell -a 'systemctl is-enabled httpd'
192.168.0.99 | SUCCESS | rc=0 >>
enabled
說明:本人測試是一台centos6和一台centos7,兩個系統查詢開機啟動的指令不同。是以分兩次來檢視不同系統的服務開機啟動是否設定成功,重新開機服務和重讀配置檔案的參數同啟動服務,停止服務用法一樣,隻需要在state後面指定它的動作。
5、user:此子產品主要功能是管理使用者
[root@localhost ~]# ansible-doc -s user
- name: Manage user accounts
user:
append: # If `yes', will only add groups, not set them to just the list in `groups'.
comment: # Optionally sets the description (aka `GECOS') of user account.
createhome: # Unless set to `no', a home directory will be made for the user when the account is created or if the home
directory does not exist.
expires: # An expiry time for the user in epoch, it will be ignored on platforms that do not support this. Currently
supported on Linux and FreeBSD.
force: # When used with `state=absent', behavior is as with `userdel --force'.
generate_ssh_key: # Whether to generate a SSH key for the user in question. This will *not* overwrite an existing SSH key.
group: # Optionally sets the user's primary group (takes a group name).
groups: # Puts the user in list of groups. When set to the empty string ('groups='), the user is removed from all
groups except the primary group. Before version 2.3, the only input format
allowed was a 'comma separated string', now it should be able to accept YAML
lists also.
home: # Optionally set the user's home directory.
local: # Forces the use of "local" command alternatives on platforms that implement it. This is useful in environments
that use centralized authentification when you want to manipulate the local
users. I.E. it uses `luseradd` instead of `useradd`. This requires that these
commands exist on the targeted host, otherwise it will be a fatal error.
login_class: # Optionally sets the user's login class for FreeBSD, OpenBSD and NetBSD systems.
move_home: # If set to `yes' when used with `home=', attempt to move the user's home directory to the specified directory
if it isn't there already.
name: # (required) Name of the user to create, remove or modify.
non_unique: # Optionally when used with the -u option, this option allows to change the user ID to a non-unique value.
password: # Optionally set the user's password to this crypted value. See the user example in the github examples
directory for what this looks like in a playbook. See
http://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-
for-the-user-module for details on various ways to generate these password
values. Note on Darwin system, this value has to be cleartext. Beware of
security issues.
remove: # When used with `state=absent', behavior is as with `userdel --remove'.
seuser: # Optionally sets the seuser type (user_u) on selinux enabled systems.
shell: # Optionally set the user's shell.
skeleton: # Optionally set a home skeleton directory. Requires createhome option!
ssh_key_bits: # Optionally specify number of bits in SSH key to create.
ssh_key_comment: # Optionally define the comment for the SSH key.
ssh_key_file: # Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the
user's home directory.
ssh_key_passphrase: # Set a passphrase for the SSH key. If no passphrase is provided, the SSH key will default to having no
passphrase.
ssh_key_type: # Optionally specify the type of SSH key to generate. Available SSH key types will depend on implementation
present on target host.
state: # Whether the account should exist or not, taking action if the state is different from what is stated.
system: # When creating an account, setting this to `yes' makes the user a system account. This setting cannot be
changed on existing users.
uid: # Optionally sets the `UID' of the user.
update_password: # `always' will update passwords if they differ. `on_create' will only set the password for newly created
users.
[root@localhost ~]# append:yes表示增量添加group;no表示全量變更group,隻設定groups指定的group組,預設no
comment:指定使用者的簡要資訊,預設null
createhome:指定使用者是否建立家目錄,預設yes
group:指定使用者主組
groups:指定使用者附加組
password:指定使用者密碼
home:指定使用者家目錄
name:指定使用者名
remove:是否删除使用者家目錄以及郵件目錄,類似 userdel -r
state:指定對使用者的操作,absent表示删除,present表示建立
system:指定使用者是否為系統使用者,預設no
shell:指定使用者的shell類型
uid:指定使用者的uid
1)建立使用者
[root@localhost ~]# ansible websers -m user -a 'name=jerry uid=2222 home=/var/log/jerry createhome=yes shell=/sbin/nologin comment="this is test " group=qiuhom groups=qiuhom,root append=yes password="$6$3tM1oeNLhJwuqnlD$wHmKA7EMikPLvhMFF87xdmEV.lk5UElq5pgvvQIQpW9tb8B6TAGIFS2NkWy7mXL3dKOljy8JCbNjO.He0Ve3z0"'
192.168.0.218 | SUCCESS => {
"changed": true,
"comment": "this is test ",
"createhome": true,
"group": 500,
"groups": "qiuhom,root",
"home": "/var/log/jerry",
"name": "jerry",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/sbin/nologin",
"state": "present",
"system": false,
"uid": 2222
}
192.168.0.99 | SUCCESS => {
"changed": true,
"comment": "this is test ",
"createhome": true,
"group": 1000,
"groups": "qiuhom,root",
"home": "/var/log/jerry",
"name": "jerry",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/sbin/nologin",
"state": "present",
"system": false,
"uid": 2222
}
[root@localhost ~]# ansible websers -m shell -a 'id jerry'
192.168.0.218 | SUCCESS | rc=0 >>
uid=2222(jerry) gid=500(qiuhom) groups=500(qiuhom),0(root)
192.168.0.99 | SUCCESS | rc=0 >>
uid=2222(jerry) gid=1000(qiuhom) groups=1000(qiuhom),0(root)
[root@localhost ~]# ansible websers -m shell -a 'getent passwd jerry'
192.168.0.218 | SUCCESS | rc=0 >>
jerry:x:2222:500:this is test :/var/log/jerry:/sbin/nologin
192.168.0.99 | SUCCESS | rc=0 >>
jerry:x:2222:1000:this is test :/var/log/jerry:/sbin/nologin
[root@localhost ~]# ansible websers -m shell -a 'getent shadow jerry'
192.168.0.218 | SUCCESS | rc=0 >>
jerry:$6$3tM1oeNLhJwuqnlD$wHmKA7EMikPLvhMFF87xdmEV.lk5UElq5pgvvQIQpW9tb8B6TAGIFS2NkWy7mXL3dKOljy8JCbNjO.He0Ve3z0:18213:0:99999:7:::
192.168.0.99 | SUCCESS | rc=0 >>
jerry:$6$3tM1oeNLhJwuqnlD$wHmKA7EMikPLvhMFF87xdmEV.lk5UElq5pgvvQIQpW9tb8B6TAGIFS2NkWy7mXL3dKOljy8JCbNjO.He0Ve3z0:18213:0:99999:7:::
[root@localhost ~]#
說明:使用者密碼可以用工具生成後然後把生成後的字元貼進去,本人用python生成的密碼, python -c 'import crypt,getpass;pw="admin";print(crypt.crypt(pw))'
2)修改使用者資訊
[root@localhost ~]# ansible websers -m user -a 'name=jerry uid=2222 home=/var/log/jerry createhome=yes shell=/bin/login comment="xxx" groups=""' 192.168.0.218 | SUCCESS => {
"append": false,
"changed": true,
"comment": "xxx",
"group": 500,
"groups": "",
"home": "/var/log/jerry",
"move_home": false,
"name": "jerry",
"shell": "/bin/login",
"state": "present",
"uid": 2222
}
192.168.0.99 | SUCCESS => {
"append": false,
"changed": true,
"comment": "xxx",
"group": 1000,
"groups": "",
"home": "/var/log/jerry",
"move_home": false,
"name": "jerry",
"shell": "/bin/login",
"state": "present",
"uid": 2222
}
[root@localhost ~]# ansible websers -m shell -a 'id jerry'
192.168.0.218 | SUCCESS | rc=0 >>
uid=2222(jerry) gid=500(qiuhom) groups=500(qiuhom)
192.168.0.99 | SUCCESS | rc=0 >>
uid=2222(jerry) gid=1000(qiuhom) groups=1000(qiuhom)
[root@localhost ~]# ansible websers -m shell -a 'getent passwd jerry'
192.168.0.218 | SUCCESS | rc=0 >>
jerry:x:2222:500:xxx:/var/log/jerry:/bin/login
192.168.0.99 | SUCCESS | rc=0 >>
jerry:x:2222:1000:xxx:/var/log/jerry:/bin/login
[root@localhost ~]# ansible websers -m shell -a 'getent shadow jerry'
192.168.0.218 | SUCCESS | rc=0 >>
jerry:$6$3tM1oeNLhJwuqnlD$wHmKA7EMikPLvhMFF87xdmEV.lk5UElq5pgvvQIQpW9tb8B6TAGIFS2NkWy7mXL3dKOljy8JCbNjO.He0Ve3z0:18213:0:99999:7:::
192.168.0.99 | SUCCESS | rc=0 >>
jerry:$6$3tM1oeNLhJwuqnlD$wHmKA7EMikPLvhMFF87xdmEV.lk5UElq5pgvvQIQpW9tb8B6TAGIFS2NkWy7mXL3dKOljy8JCbNjO.He0Ve3z0:18213:0:99999:7:::
[root@localhost ~]#
說明:修改使用者資訊,直接指定使用者名稱和需要修改的項和值即可。未指定的項和值将保留原來的不變。
3)删除使用者
[root@localhost ~]# ansible websers -m user -a 'name=jerry remove=yes state=absent'
192.168.0.218 | SUCCESS => {
"changed": true,
"force": false,
"name": "jerry",
"remove": true,
"state": "absent"
}
192.168.0.99 | SUCCESS => {
"changed": true,
"force": false,
"name": "jerry",
"remove": true,
"state": "absent"
}
[root@localhost ~]# ansible websers -m shell -a 'id jerry'
192.168.0.218 | FAILED | rc=1 >>
id: jerry: No such usernon-zero return code
192.168.0.99 | FAILED | rc=1 >>
id: jerry: no such usernon-zero return code
[root@localhost ~]# ansible websers -m shell -a 'ls -l /var/log/jerry'
192.168.0.218 | FAILED | rc=2 >>
ls: cannot access /var/log/jerry: No such file or directorynon-zero return code
192.168.0.99 | FAILED | rc=2 >>
ls: cannot access /var/log/jerry: No such file or directorynon-zero return code
[root@localhost ~]#
說明:remove參數表示連同使用者家目錄一起删除,等同于userdel -r這條指令
6、group:此子產品主要功能是管理組
[root@localhost ~]# ansible-doc -s group
- name: Add or remove groups
group:
gid: # Optional `GID' to set for the group.
name: # (required) Name of the group to manage.
state: # Whether the group should be present or not on the remote host.
system: # If `yes', indicates that the group created is a system group.
[root@localhost ~]# gid:指定gid
name:指定組名
system:是否為系統組,預設no
state:指定對組的操作,absent表示删除,present表示建立,預設present
1)建立組
[root@localhost ~]# ansible websers -m shell -a 'getent group xxx'
192.168.0.218 | FAILED | rc=2 >>
non-zero return code
192.168.0.99 | FAILED | rc=2 >>
non-zero return code
[root@localhost ~]# ansible websers -m group -a 'name=xxx system=yes'
192.168.0.218 | SUCCESS => {
"changed": true,
"gid": 493,
"name": "xxx",
"state": "present",
"system": true
}
192.168.0.99 | SUCCESS => {
"changed": true,
"gid": 983,
"name": "xxx",
"state": "present",
"system": true
}
[root@localhost ~]# ansible websers -m shell -a 'getent group xxx'
192.168.0.218 | SUCCESS | rc=0 >>
xxx:x:493:
192.168.0.99 | SUCCESS | rc=0 >>
xxx:x:983:
[root@localhost ~]#
2)删除組
[root@localhost ~]# ansible websers -m group -a 'name=xxx state=absent'
192.168.0.218 | SUCCESS => {
"changed": true,
"name": "xxx",
"state": "absent"
}
192.168.0.99 | SUCCESS => {
"changed": true,
"name": "xxx",
"state": "absent"
}
[root@localhost ~]# ansible websers -m shell -a 'getent group xxx'
192.168.0.218 | FAILED | rc=2 >>
non-zero return code
192.168.0.99 | FAILED | rc=2 >>
non-zero return code
[root@localhost ~]#
7、setup:此子產品主要功能收集遠端主機上的資訊
[root@localhost ~]# ansible-doc -s setup
- name: Gathers facts about remote hosts
setup:
fact_path: # path used for local ansible facts (*.fact) - files in this dir will be run (if executable) and their results
be added to ansible_local facts if a file is not executable it is read. Check
notes for Windows options. (from 2.1 on) File/results format can be json or
ini-format
filter: # if supplied, only return facts that match this shell-style (fnmatch) wildcard.
gather_subset: # if supplied, restrict the additional facts collected to the given subset. Possible values: all, min,
hardware, network, virtual, ohai, and facter Can specify a list of values to
specify a larger subset. Values can also be used with an initial `!' to
specify that that specific subset should not be collected. For instance:
!hardware, !network, !virtual, !ohai, !facter. If !all is specified then only
the min subset is collected. To avoid collecting even the min subset, specify
!all and !min subsets. To collect only specific facts, use !all, !min, and
specify the particular fact subsets. Use the filter parameter if you do not
want to display some collected facts.
gather_timeout: # Set the default timeout in seconds for individual fact gathering
[root@localhost ~]# filter:指定我們過濾的資訊變量
[root@localhost ~]# ansible *99 -m setup -a 'filter=ansible_all_ipv4_addresses'
192.168.0.99 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"172.17.0.1",
"192.168.0.99"
]
},
"changed": false
}
[root@localhost ~]#
說明:setup子產品預設不跟參數,它會顯示很多資訊,不利于我們檢視想要的資訊,是以一般都會跟上參數過濾自己想要檢視的參數。以上指令表示檢視遠端主機上的所有ipv4的ip位址。
作者:Linux-1874
出處:https://www.cnblogs.com/qiuhom-1874/
本文版權歸作者和部落格園共有,歡迎轉載,但未經作者同意必須保留此段聲明,且在文章頁面明顯位置給出原文連接配接,否則保留追究法律責任的權利.
![小技巧 (十一) ansible普通使用者執行[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)