Ansible自动化运维工具之常用模块使用实战（5）-阿里云开发者社区

环境介绍：

管理主机 k8s_master1 192.168.1.18

被托管主机 k8s_node1 192.168.1.19

被托管主机 K8S_node2 192.168.1.20

操作系统 Centos 7.5

常用模块：

ansible-doc和ping模块

command模块

shell模块

script模块

copy模块

lineinfile|replace模块

yum模块

service模块

setup模块

模块使用实战：

1.ansible-doc和ping模块

- ansible-doc

[root@k8s_master1 ~]# ansible-doc -l     //列出所有模块
fortios_router_community_list                                 Configure community lists in Fortinet's FortiOS and...
azure_rm_devtestlab_info                                      Get Azure DevTest Lab facts
ecs_taskdefinition                                            register a task definition in ecs
avi_alertscriptconfig                                         Module for setup of AlertScriptConfig Avi RESTful O...
tower_receive                                                 Receive assets from Ansible Tower
netapp_e_iscsi_target                                         NetApp E-Series manage iSCSI target configuration
azure_rm_acs                                                  Manage an Azure Container Service(ACS) instance
......
[root@k8s_master1 ~]# ansible-doc -l | grep mysql   //查找mysql相关的模块
azure_rm_mysqlfirewallrule_info                               
Get Azure MySQL Firewall Rule facts
azure_rm_mysqlconfiguration_info                              
Get Azure MySQL Configuration facts
mysql_info                                                    
Gather information about MySQL servers                                                                                          
...
[root@k8s_master1 ~]# ansible-doc mysql_db     //查看mysql_db模块的使用手册
> MYSQL_DB    (/usr/lib/python2.7/site-packages/ansible/modules/database/mysql/mysql_db.py)
        Add or remove MySQL databases from a remote host.
  * This module is maintained by The Ansible Community
OPTIONS (= is mandatory):
- ca_cert
        The path to a Certificate Authority (CA) certificate. This option, if used, must
        specify the same certificate as used by the server.
        (Aliases: ssl_ca)[Default: (null)]
        type: path
        version_added: 2.0
- client_cert
        The path to a client public key certificate.
        (Aliases: ssl_cert)[Default: (null)]
        type: path
        version_added: 2.0
...

- ping

[root@k8s_master1 ~]# cat /etc/ansible/hosts
...
[k8s_node]
k8s_node1
k8s_node2
[root@k8s_master1 ~]# ansible k8s_node -m ping   
k8s_node2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
k8s_node1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
[root@k8s_master1 ~]# ansible k8s_node -m ping -k
SSH password:    --》 -k 表示交互式输入被托管主机连接密码
k8s_node2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
k8s_node1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

2.command模块

- command

完整格式：

ansible 主机集合 -m 模块名称 -a 模块参数

[root@k8s_master1 ~]# ansible k8s_node -m command -a 'uptime'  //ansible远程查看k8s_node主机组中的主机系统负载信息
k8s_node2 | CHANGED | rc=0 >>
 17:51:47 up 1 day,  7:37,  2 users,  load average: 0.00, 0.01, 0.05
k8s_node1 | CHANGED | rc=0 >>
 09:38:28 up 1 day, 16:03,  2 users,  load average: 0.00, 0.01, 0.05
[root@k8s_master1 ~]# ansible k8s_node -m command -a 'date'  //ansible远程查看k8s_node主机组中的主机系统时间
k8s_node2 | CHANGED | rc=0 >>
2021年 08月 11日 星期三 17:51:52 CST
k8s_node1 | CHANGED | rc=0 >>
2021年 08月 11日 星期三 09:38:33 CST
[root@k8s_master1 ~]# ansible k8s_node -m command -a 'cat /etc/passwd'   //ansible远程查看k8s_node主机组中的主机中/etc/passwd文件
k8s_node2 | CHANGED | rc=0 >>
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
......
k8s_node1 | CHANGED | rc=0 >>
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
......

示例：

[root@k8s_master1 ~]# ansible k8s_node -m command -a 'ps -aux | grep sshd'   //ansible在使用command模块远程控制主机组时无法识别上图字符
k8s_node2 | FAILED | rc=1 >>
error: user name does not exist
Usage:
 ps [options]
 Try 'ps --help <simple|list|output|threads|misc|all>'
  or 'ps --help <s|l|o|t|m|a>'
 for additional help text.
For more details see ps(1).non-zero return code
k8s_node1 | FAILED | rc=1 >>
error: user name does not exist
Usage:
 ps [options]
 Try 'ps --help <simple|list|output|threads|misc|all>'
  or 'ps --help <s|l|o|t|m|a>'
 for additional help text.
For more details see ps(1).non-zero return code

3.shell模块

- shell

shell模块基本上可以执行所有类型（除了交互式）的命令。

[root@k8s_master1 ~]# ansible k8s_node -m shell -a 'ps -aux | grep sshd'   //ansible使用shell模块远程查看k8s_node主机组中的sshd服务信息
k8s_node1 | CHANGED | rc=0 >>
root       1164  0.0  0.3 162012  6888 ?        Ss   8月09   0:00 sshd: root@pts/0
root       1166  0.0  0.3 161664  6396 ?        Ss   8月09   0:00 sshd: root@notty
root       2174  0.0  0.2 112892  4344 ?        Ss   8月10   0:00 /usr/sbin/sshd -D
root       5417  0.0  0.2 154968  5868 ?        Ss   09:49   0:00 sshd: root@pts/1
root       5539  0.0  0.0 113172  1208 pts/1    S+   09:50   0:00 /bin/sh -c ps -aux | grep sshd
root       5541  0.0  0.0 112724   952 pts/1    S+   09:50   0:00 grep sshd
k8s_node2 | CHANGED | rc=0 >>
root        892  0.0  0.2 112892  4344 ?        Ss   8月10   0:00 /usr/sbin/sshd -D
root       1185  0.0  0.3 159848  6784 ?        Ss   8月10   0:00 sshd: root@pts/0
root       1187  0.0  0.3 159532  6332 ?        Ss   8月10   0:00 sshd: root@notty
root       5933  0.0  0.2 154964  5872 ?        Ss   18:03   0:00 sshd: root@pts/1
root       6056  0.0  0.0 113172  1212 pts/1    S+   18:03   0:00 /bin/sh -c ps -aux | grep sshd
root       6058  0.0  0.0 112724   956 pts/1    S+   18:03   0:00 grep sshd
[root@k8s_master1 ~]# ansible k8s_node -m shell -a 'uptime'
k8s_node2 | CHANGED | rc=0 >>
 18:04:07 up 1 day,  7:50,  2 users,  load average: 0.00, 0.01, 0.05
k8s_node1 | CHANGED | rc=0 >>
 09:50:48 up 1 day, 16:16,  2 users,  load average: 0.00, 0.01, 0.05
[root@k8s_master1 ~]# ansible k8s_node -m shell -a 'echo ${HOSTNAME}'   //ansible使用shell模块远程查看k8s_node主机组中的HOSTNAME内置变量值
k8s_node2 | CHANGED | rc=0 >>
k8s_node2
k8s_node1 | CHANGED | rc=0 >>
k8s_node1

以上testfile文件案例验证：

[root@k8s_master1 ~]# ansible k8s_node -m shell -a "cd /tmp"  //ansible使用shell模块远程进入k8s_node主机组中的tmp目录
k8s_node2 | CHANGED | rc=0 >>
k8s_node1 | CHANGED | rc=0 >>
[root@k8s_master1 ~]# ansible k8s_node -m shell -a "touch testfile"  //ansible使用shell模块远程为k8s_node主机组创建testfile文件
[WARNING]: Consider using the file module with state=touch rather than running 'touch'.  If you need to use command
because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
k8s_node2 | CHANGED | rc=0 >>
k8s_node1 | CHANGED | rc=0 >>
--两台被托管主机查看创建的testfile文件---
[root@k8s_node1 ~]# pwd
/root
[root@k8s_node1 ~]# ll testfile
-rw-r--r-- 1 root root 0 8月  11 09:58 testfile
[root@k8s_node2 ~]# pwd
/root
[root@k8s_node2 ~]# ll testfile
-rw-r--r-- 1 root root 0 8月  11 18:11 testfile

可以看到在创建testfile文件时，并没有创建在tmp目录下，而是被默认创建到了root目录下，说明ansible 是使用 ssh 多次连接执行，连接退出以后之前的状态就全部失效了。

- - 解决办法 - -：

使用 chdir 代替 cd 命令

[root@k8s_master1 ~]# ansible k8s_node -m shell -a "chdir=/tmp touch testfile"
[WARNING]: Consider using the file module with state=touch rather than running 'touch'.  If you need to use command
because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
k8s_node2 | CHANGED | rc=0 >>
k8s_node1 | CHANGED | rc=0 >>
[root@k8s_node1 ~]# ll /tmp/testfile    //成功将testfile文件创建到tmp文件夹中
-rw-r--r-- 1 root root 0 8月  11 10:09 /tmp/testfile
[root@k8s_node2 ~]# ll /tmp/testfile
-rw-r--r-- 1 root root 0 8月  11 18:22 /tmp/testfile

例子：为k8s_node主机组中的主机创建一个test用户并且设置密码为123。

[root@k8s_master1 ~]# ansible k8s_node -m shell -a 'useradd test'
k8s_node2 | CHANGED | rc=0 >>
k8s_node1 | CHANGED | rc=0 >>
[root@k8s_master1 ~]# ansible k8s_node -m shell -a 'echo 123 | passwd --stdin test'
k8s_node2 | CHANGED | rc=0 >>
更改用户 test 的密码 。
passwd：所有的身份验证令牌已经成功更新。
k8s_node1 | CHANGED | rc=0 >>
更改用户 test 的密码 。
passwd：所有的身份验证令牌已经成功更新。

4.script模块

- script

案例：在两台被托管主机上判断有无用户tom，如果没有则创建用户tom并配置密码为123。

[root@k8s_master1 ~]# cat >> user.sh << EOF
> #!/bin/bash
> id tom
> if [  $? != 0 ];then
> useradd tom
> echo 123 | passwd --stdin tom
> fi
> EOF
[root@k8s_master1 ~]# cat user.sh
#!/bin/bash
id tom
if [ $? != 0 ];then
useradd tom
echo 123 | passwd --stdin tom
fi
[root@k8s_master1 ~]# ansible k8s_node -m script -a '/root/user.sh'
k8s_node2 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to k8s_node2 closed.\r\n",
    "stderr_lines": [
        "Shared connection to k8s_node2 closed."
    ],
    "stdout": "id: tom: no such user\r\n更改用户 tom 的密码 。\r\npasswd：所有的身份验证令牌已经成功更新。\r\n",
    "stdout_lines": [
        "id: tom: no such user",
        "更改用户 tom 的密码 。",
        "passwd：所有的身份验证令牌已经成功更新。"
    ]
}
k8s_node1 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to k8s_node1 closed.\r\n",
    "stderr_lines": [
        "Shared connection to k8s_node1 closed."
    ],
    "stdout": "id: tom: no such user\r\n更改用户 tom 的密码 。\r\npasswd：所有的身份验证令牌已经成功更新。\r\n",
    "stdout_lines": [
        "id: tom: no such user",
        "更改用户 tom 的密码 。",
        "passwd：所有的身份验证令牌已经成功更新。"
    ]
}
---两台被托管主机查看ansible执行情况---
[root@k8s_node1 ~]# id tom
uid=1001(tom) gid=1001(tom) 组=1001(tom)
[root@k8s_node1 ~]# cat /etc/passwd | grep tom
tom:x:1001:1001::/home/tom:/bin/bash
[root@k8s_node2 ~]# id tom
uid=1001(tom) gid=1001(tom) 组=1001(tom)
[root@k8s_node2 ~]# cat /etc/passwd | grep tom
tom:x:1001:1001::/home/tom:/bin/bash

5.copy模块

- copy

[root@k8s_master1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.18 k8s_master1
192.168.1.19 k8s_node1
192.168.1.20 k8s_node2
[root@k8s_master1 ~]# ansible k8s_node -m copy -a 'src=/etc/hosts dest=/etc/hosts'
k8s_node2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "checksum": "561ed24474a2938a845088d89f280b8e3e864103",
    "dest": "/etc/hosts",
    "gid": 0,
    "group": "root",
    "mode": "0644",
    "owner": "root",
    "path": "/etc/hosts",
    "size": 229,
    "state": "file",
    "uid": 0
}
k8s_node1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "checksum": "561ed24474a2938a845088d89f280b8e3e864103",
    "dest": "/etc/hosts",
    "gid": 0,
    "group": "root",
    "mode": "0644",
    "owner": "root",
    "path": "/etc/hosts",
    "size": 229,
    "state": "file",
    "uid": 0
}
[root@k8s_node1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.18 k8s_master1
192.168.1.19 k8s_node1
192.168.1.20 k8s_node2
[root@k8s_node2 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.18 k8s_master1
192.168.1.19 k8s_node1
192.168.1.20 k8s_node2

Ansible自动化运维工具之常用模块使用实战（5）

环境介绍：

常用模块：

模块使用实战：

热门文章

最新文章

相关课程

相关电子书

相关实验场景