Ansible_常用模块
一、Ansible常用模块
1、ansible常用模块command、shell、raw的区别:
- command模块不是调用的shell的指令,所以没有bash的环境变量
- shell模块调用的/bin/sh指令执行
- raw很多地方和shell类似,更多的地方建议使用shell和command模块
- 但是如果是使用老版本python,需要用到raw,又或者是客户端是路由器,因为没有安装python模块,那就需要使用raw模块了
二、Ansible常用模块使用详解
1、ping模块
1️⃣:ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong
- 实例:
[root@localhost ~]# ansible all -m ping
192.168.121.81 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
2、user模块
①:user模块常用参数
create_home :【 yes | no 】
说明:默认创建帐户或主目录不存在时将为用户创建主目录;除非选择 no
group
说明:设置用户主要组
groups
说明:设置用户附加组;当设置为空字符串时' ',该用户将从主要组之外的所有组中删除
home
说明:设置用户的家目录
name
说明:要创建,删除或修改的用户的名称
password
说明:将用户密码设置为此加密值;要在Linux系统上创建禁用的帐户,请将其设置为'!'或'*'
remove :【 yes | no 】
说明:当 state=asbent 时,删除与用户关联的目录;相当于:userdel --remove
shell
说明:设置用户的登陆的shell;如果不希望登陆可以设置 /sbin/nologin
state :【 present | absent 】
说明:设置未present声明创建该用户;设置absent声明删除该用户
system :【 yes | no 】
说明:当 state=present 时,将其设置为 yes 会使该用户成为系统帐户
uid
说明:指明用户的UID
②:在受控机上添加一个系统用户,用户名为zhangsan,UID为888,设置登陆的shell为/sbin/nologin,无家目录
- 实例:
[root@localhost ~]# ansible 192.168.121.81 -m user -a 'name=zhangsan uid=888 system=yes shell=/sbin/nologin create_home=no state=present'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 888,
"home": "/home/zhangsan",
"name": "zhangsan",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 888
} //查看受控主机上是否存在zhangsan 用户
[root@localhost ~]# ansible 192.168.121.81 -m command -a 'id zhangsan'
192.168.121.81 | CHANGED | rc=0 >>
uid=888(zhangsan) gid=888(zhangsan) groups=888(zhangsan) //删除受管主机上的zhangsan用户
[root@localhost ~]# ansible 192.168.121.81 -m user -a 'name=zhangsan state=absent'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"force": false,
"name": "zhangsan",
"remove": false,
"state": "absent"
} //查看受控主机上是否存在zhangsanzhangsan用户
[root@localhost ~]# ansible 192.168.121.81 -m command -a 'id zhangsan'
192.168.121.81 | FAILED | rc=1 >>
id: ‘zhangsan’: no such usernon-zero return code //更改zhangsan用户的UID为1000
[root@localhost ~]# ansible 192.168.121.81 -m user -a 'name=zhangsan uid=1000'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"append": false,
"changed": true,
"comment": "",
"group": 888,
"home": "/home/zhangsan",
"move_home": false,
"name": "zhangsan",
"shell": "/sbin/nologin",
"state": "present",
"uid": 1000
}
3、group模块
①:group模块常用参数
name
说明:指定组的名称
state : 【 present | absent 】
说明:设置present声明创建该组;设置absent声明删除该组
system : 【 yes | no 】
说明:如果yes,则表示创建的组是系统组
gid
说明:声明组的GID
②:在受控机上添加一个系统组,其GID为800,组名为zhangsan
- 实例:
[root@localhost ~]# ansible 192.168.121.81 -m group -a 'name=zhangsan system=yes gid=800 state=present'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 800,
"name": "zhangsan",
"state": "present",
"system": true
} //查看受控主机上是否存在zhangsan组
[root@localhost ~]# ansible 192.168.121.81 -m command -a 'grep zhangsan /etc/group'
192.168.121.81 | CHANGED | rc=0 >>
zhangsan:x:800: //删除收控主机上的zhangsan组
[root@localhost ~]# ansible 192.168.121.81 -m group -a 'name=zhangsan state=absent'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "zhangsan",
"state": "absent"
} //查看受控主机上是否存在zhangsan 组
[root@localhost ~]# ansible 192.168.121.81 -m command -a 'grep zhangsan /etc/group'
192.168.121.81 | FAILED | rc=1 >>
non-zero return code //更改受控主机zhangsan组的GID为1000
[root@localhost ~]# ansible 192.168.121.81 -m group -a 'name=zhangsan gid=1000'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 1000,
"name": "zhangsan",
"state": "present",
"system": false
}
4、yum模块
1️⃣:yum模块用于在指定节点机器上通过yum管理软件
2️⃣:yum模块常用参数
name:安装的软件包名
state : 【 present | installed | latest | absent | removed 】
present: 安装软件
installed: 安装软件
latest: 安装软件
absent: 卸载软件
removed: 卸载软件
- 示例:在受控主机上使用yum模块安装httpd服务
[root@localhost ~]# ansible 192.168.121.81 -m yum -a 'name=httpd state=present'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: apr-1.6.3-9.el8.x86_64",
"Installed: centos-logos-httpd-80.5-2.el8.noarch",
"Installed: apr-util-1.6.1-6.el8.x86_64",
"Installed: apr-util-bdb-1.6.1-6.el8.x86_64",
"Installed: httpd-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64",
"Installed: httpd-filesystem-2.4.37-21.module_el8.2.0+382+15b0afa8.noarch",
"Installed: mod_http2-1.11.3-3.module_el8.2.0+307+4d18d695.x86_64",
"Installed: httpd-tools-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64",
"Installed: apr-util-openssl-1.6.1-6.el8.x86_64",
"Installed: mailcap-2.1.48-3.el8.noarch"
]
} //启动httpd服务
[root@localhost ~]# ansible 192.168.121.81 -m command -a 'systemctl start httpd'
192.168.121.81 | CHANGED | rc=0 >> //查看httpd服务端口
[root@localhost ~]# ansible 192.168.121.81 -m shell -a 'ps -ef | grep httpd'
192.168.121.81 | CHANGED | rc=0 >>
root 20991 1 0 18:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 20992 20991 0 18:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 20993 20991 0 18:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 20994 20991 0 18:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 20996 20991 0 18:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
root 21573 21572 0 18:59 pts/1 00:00:00 /bin/sh -c ps -ef | grep httpd
root 21575 21573 0 18:59 pts/1 00:00:00 grep httpd //查看是否安装httpd服务
[root@localhost ~]# ansible 192.168.121.81 -m shell -a 'rpm -qa | grep httpd'
192.168.121.81 | CHANGED | rc=0 >>
httpd-filesystem-2.4.37-21.module_el8.2.0+382+15b0afa8.noarch
centos-logos-httpd-80.5-2.el8.noarch
httpd-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64
httpd-tools-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64
5、command模块
1️⃣:command模块用于在远程主机上执行命令,ansible默认就是使用command模块
2️⃣:command模块有一个缺陷就是不能使用管道符和重定向功能
- 实例:
//查看 /tmp下文件
[root@localhost ~]# ansible 192.168.121.81 -m command -a 'ls /tmp'
192.168.121.81 | CHANGED | rc=0 >>
ansible_command_payload_bgh98niw
ks-script-rz2t819q
systemd-private-27d81652d04247e0aabf5ca3135190a7-httpd.service-34NQn0
vmware-root_987-4257200413 //在root目录下创建test文件
[root@localhost ~]# ansible 192.168.121.81 -m command -a 'touch /root/test'
192.168.121.81 | CHANGED | rc=0 >>
[root@localhost ~]# ansible 192.168.121.81 -m command -a 'ls /root'
192.168.121.81 | CHANGED | rc=0 >>
anaconda-ks.cfg
test
6、shell模块
①:shell模块用于在受控机上执行受控机上的脚本,亦可直接在受控机上执行命令(一般当命名使用,脚本就用script模块)
②:shell模块可能使用的参数
chdir
说明:运行命令之前,先切换到该目录
removes
说明:文件名(如果文件名不存在)将不会删除指定的文件
stdin
说明:将命令的 stdin 直接设置为指定值
③:shell模块亦支持管道与重定向
- 实例:
//查看受控主机上的脚本文件
[root@localhost ~]# ls
anaconda-ks.cfg test.sh
[root@localhost ~]# chmod a+x test.sh
[root@localhost ~]# ll test.sh
-rwxr-xr-x. 1 root root 27 Aug 27 19:12 test.sh //在控制节点上执行受控主机上的脚本文件
[root@localhost ~]# ansible 192.168.121.81 -m shell -a '/root/test.sh'
192.168.121.81 | CHANGED | rc=0 >>
Thu Aug 27 19:15:20 CST 2020/root/test.sh: line 1: !/bin/bash: No such file or directory //使用shell执行管道符
[root@localhost ~]# ansible 192.168.121.81 -m shell -a 'cat /etc/group | grep root'
192.168.121.81 | CHANGED | rc=0 >>
root:x:0: //使用shell执行重定向
[root@localhost ~]# ansible 192.168.121.81 -m shell -a '/root/test.sh > /tmp/dir.txt'
192.168.121.81 | CHANGED | rc=0 >>
/root/test.sh: line 1: !/bin/bash: No such file or directory
[root@localhost ~]# ansible 192.168.121.81 -m shell -a 'cat /tmp/dir.txt'
192.168.121.81 | CHANGED | rc=0 >>
Thu Aug 27 19:19:04 CST 2020
7、raw模块
1️⃣:raw模块用于在远程主机上执行命令,其支持管道符与重定向(除此之外,可以使用raw模块在其他不能安装服务:(例如路由器)上安装服务)
- 实例:
//使用管道符
[root@localhost ~]# ansible 192.168.121.81 -m raw -a 'cat /etc/group |grep root'
192.168.121.81 | CHANGED | rc=0 >>
root:x:0: //使用重定向
[root@localhost ~]# ansible 192.168.121.81 -m raw -a 'echo "hellow word" > /root/test.txt'
192.168.121.81 | CHANGED | rc=0 >>
[root@localhost ~]# ansible 192.168.121.81 -m raw -a 'cat /root/test.txt'
192.168.121.81 | CHANGED | rc=0 >>
hellow word
8、script模块
①:script模块用于在受管主机上执行控制节点上的脚本
②:script模块常用参数
chdir
说明:运行脚本之前,先切换到远程节点上的此目录
creates
说明:远程节点上的文件名(如果已存在)将不会运行此步骤
removes
说明:远程节点上的文件名(如果文件名不存在)将不会运行
- 实例:
//查看控制节点上的脚本文件
[root@localhost ~]# ls
anaconda-ks.cfg test.sh //执行控制节点上的脚本文件
[root@localhost ~]# ansible 192.168.121.81 -m script -a '/root/test.sh > /root/dir.txt'
192.168.121.81 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.121.81 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.121.81 closed."
],
"stdout": "",
"stdout_lines": []
}
[root@localhost ~]# ansible 192.168.121.81 -m shell -a 'cat /root/dir.txt'
192.168.121.81 | CHANGED | rc=0 >>
This is test file.sh
9、service模块
1️⃣:service模块用于管理受控机上的服务
2️⃣:service模块常用参数列表
state : 【 started | stopped | restarted | reloaded 】
started 启动服务
stopped 停止服务
restarted 重新启动
reloaded 重现加载 enabled : 【 yes | no 】
yes 开机自启
no 不启用开机自启
设置服务是否开机自启
- 实例:
//查看受控主机上的httpd服务是否启动
[root@localhost ~]# ansible 192.168.121.81 -m command -a 'systemctl status httpd'
192.168.121.81 | FAILED | rc=3 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd.service(8) Aug 27 18:58:10 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
Aug 27 18:58:10 localhost.localdomain httpd[20991]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Aug 27 18:58:10 localhost.localdomain systemd[1]: Started The Apache HTTP Server.
Aug 27 18:58:10 localhost.localdomain httpd[20991]: Server configured, listening on: port 80
Aug 27 19:31:21 localhost.localdomain systemd[1]: Stopping The Apache HTTP Server...
Aug 27 19:31:22 localhost.localdomain systemd[1]: Stopped The Apache HTTP Server.non-zero return code //使用sevice模块启动httpd服务
[root@localhost ~]# ansible 192.168.121.81 -m service -a 'name=httpd state=started'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
............ //查看受控主机httpd服务状态
[root@localhost ~]# ansible 192.168.121.81 -m command -a 'systemctl status httpd'
192.168.121.81 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2020-08-27 19:37:22 CST; 1min 33s ago
Docs: man:httpd.service(8)
Main PID: 23488 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 11340)
Memory: 27.3M
CGroup: /system.slice/httpd.service
├─23488 /usr/sbin/httpd -DFOREGROUND
├─23489 /usr/sbin/httpd -DFOREGROUND
├─23490 /usr/sbin/httpd -DFOREGROUND
├─23491 /usr/sbin/httpd -DFOREGROUND
└─23492 /usr/sbin/httpd -DFOREGROUND Aug 27 19:37:22 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
Aug 27 19:37:22 localhost.localdomain httpd[23488]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Aug 27 19:37:22 localhost.localdomain systemd[1]: Started The Apache HTTP Server.
Aug 27 19:37:23 localhost.localdomain httpd[23488]: Server configured, listening on: port 80 //设置受控主机httpd服务开机自启
[root@localhost ~]# ansible 192.168.121.81 -m service -a 'name=httpd enabled=yes'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "httpd",
"status": {
"ActiveEnterTimestamp": "Thu 2020-08-27 19:37:22 CST",
"ActiveEnterTimestampMonotonic": "18191160572",
............. //查看受控主机上httpd服务开机自启状态
[root@localhost ~]# ansible 192.168.121.81 -m command -a 'systemctl is-enabled httpd'
192.168.121.81 | CHANGED | rc=0 >>
enabled //停止受控主机上的httpd服务
[root@localhost ~]# ansible 192.168.121.81 -m service -a 'name=httpd state=stopped'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "httpd",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "Thu 2020-08-27 19:37:22 CST",
"ActiveEnterTimestampMonotonic": "18191160572",
10、copy模块
1️⃣:copy模块用于复制文件至远程受控机
2️⃣:copy模块常用参数
src
说明:复制到远程服务器的文件的本地路径;可以是绝对的也可以是相对的
dest
说明:文件应复制到的远程主机的绝对路径
backup : 【 yes | no 】
说明:创建一个包含时间戳信息的备份文件,以便在不正确地破坏文件的情况下将其找回
force : 【 yes | no 】
说明:如果为yes,则当内容与源文件不同时,将替换远程文件;如果为no,则仅在目标不存在的情况下才传输文件
- 实例:
//查看控制节点文件
[root@localhost ~]# ls
anaconda-ks.cfg test.sh //复制文件
[root@localhost ~]# ansible 192.168.121.81 -m copy -a 'src=/root/test.sh dest=/root'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "6754b4785dbeace09c90e9ce4a2560d4e386efab",
"dest": "/root/test.sh",
"gid": 0,
"group": "root",
"md5sum": "b51ea9009c046cd325621fa7065782f0",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:admin_home_t:s0",
"size": 41,
"src": "/root/.ansible/tmp/ansible-tmp-1598558057.5922036-5111-245228725024513/source",
"state": "file",
"uid": 0
} //查看受管主机上是否存在改文件
[root@localhost ~]# ansible 192.168.121.81 -m shell -a 'ls /root'
192.168.121.81 | CHANGED | rc=0 >>
anaconda-ks.cfg
test.sh
11、template模块
1️⃣:template模块用于生成一个模板,并可将其传输至远程主机上(主要用于创建模板)
2️⃣:template模块常用参数
src
说明:本地模板的路径;这可以是相对或绝对路径
dest
说明:将模板呈现到远程计算机上的位置
backup : 【 yes | no 】
说明:创建一个包含时间戳信息的备份文件,以便在不正确地破坏文件的情况下将其找回
force : 【 yes | no 】
说明:设置yes为时,如果内容不同于源文件,则替换远程文件;设置为时 no,仅在目标不存在的情况下才传输文件
- 实例:
[root@localhost ~]# ansible 192.168.121.81 -m template -a 'src=/etc/yum.repos.d/CentOS-Base.repo dest=/etc/yum.repos.d'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "4966466ad015ef3d2a3cc0b8252d43efbdcf2c94",
"dest": "/etc/yum.repos.d/CentOS-Base.repo",
"gid": 0,
"group": "root",
"md5sum": "d06fb7d5709727828bcaba7457ea673e",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:system_conf_t:s0",
"size": 2595,
"src": "/root/.ansible/tmp/ansible-tmp-1598559298.4569452-5352-77842158483794/source",
"state": "file",
"uid": 0
} //查看受控主机上是否存在该文件
[root@localhost ~]# ansible 192.168.121.81 -m shell -a 'ls /etc/yum.repos.d'
192.168.121.81 | CHANGED | rc=0 >>
CentOS-Base.repo
redhat.repo
12、firewalld模块
1️⃣:firewalld模块常用参数
firewalld模块实现放行某个端口的权限:
permanent :【 yes | no 】
说明:此配置应处于正在运行的firewalld配置中,还是应在重新启动后持续存在;此外需要注意的是:如果设置为no,则假定为yes,永久启用;设置为yes,则假定为no,临时启用
port
说明:要添加到防火墙d或从防火墙删除的端口或端口范围的名称;对于端口范围,格式必须为 port/protocol 或 port-port/protocol;例如: 80/tcp
rich_rule
说明:富规则,用于添加到防火墙或从防火墙中删除
service
说明:要添加到防火墙或从防火墙删除的服务的名称
source
说明:您要添加到防火墙或从防火墙删除的源ip网络
state :【 present |enabled | absent | disabled 】
说明:对于端口:此端口应接受(enabled)还是拒绝(disabled)连接;状态present和absent只能在区域级别的操作中使用
- 实例:
//查看受控主机上得防火墙是否启用
[root@ansible ~]# ansible 192.168.121.81 -m shell -a 'systemctl is-active firewalld'
192.168.121.81 | CHANGED | rc=0 >>
active //查看受控主机是否启用800端口
[root@ansible ~]# ansible 192.168.121.81 -m shell -a 'firewall-cmd --list-all'
192.168.121.81 | CHANGED | rc=0 >>
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client ssh
ports: //800端口还没有放行
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules: //放行受控主机上800端口
[root@ansible ~]# ansible 192.168.121.81 -m firewalld -a 'port=800/tcp state=enabled permanent=no'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Non-permanent operation, Changed port 800/tcp to enabled"
} //再次查看受控主机上800端口是否放行
[root@ansible ~]# ansible 192.168.121.81 -m shell -a 'firewall-cmd --list-all'
192.168.121.81 | CHANGED | rc=0 >>
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client ssh
ports: 800/tcp //800端口已经放行
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules: //关闭800端口放行
[root@ansible ~]# ansible 192.168.121.81 -m firewalld -a 'port=800/tcp state=disabled permanent=no' //permanent必须为yes,否则在开机自启后任然启用800端口放行
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Non-permanent operation, Changed port 800/tcp to disabled"
} //查看800端口是否放行
[root@ansible ~]# ansible 192.168.121.81 -m shell -a 'firewall-cmd --list-all'
192.168.121.81 | CHANGED | rc=0 >>
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client ssh
ports: //800端口已经取消放行
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
13、selinux模块
1️⃣:selinux模块常用参数:
policy
说明:如果state不是disabled,则需要使用要使用的SELinux策略的名称(例如)targeted
state : 【 enforcing | premissive | disabled 】
说明:
disabled #关闭selinux
permissive #临时关闭selinux
enforcing #强制执行selinux 例子:
- name: Enable SELinux
selinux:
policy: targeted
state: enforcing - name: Put SELinux in permissive mode, logging actions that would be blocked.
selinux:
policy: targeted
state: permissive - name: Disable SELinux
selinux:
state: disabled
- 实例:
//查看受管主机的selinux状态
[root@ansible ~]# ansible all -m shell -a 'getenforce'
192.168.121.81 | CHANGED | rc=0 >>
Enforcing //设置selinux为disabled
[root@ansible ~]# ansible all -m selinux -a 'state=disabled'
[WARNING]: SELinux state temporarily changed from 'enforcing' to 'permissive'. State change will take effect next reboot.
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"configfile": "/etc/selinux/config",
"msg": "Config SELinux state changed from 'enforcing' to 'disabled'",
"policy": "targeted",
"reboot_required": true,
"state": "disabled"
}
//忽略警告 //查看selinux状态
[root@ansible ~]# ansible all -m shell -a 'getenforce'
192.168.121.81 | CHANGED | rc=0 >>
Permissive
14、seport模块
1️⃣:seport模块管理网络端口类型定义(在selinux添加/删除允许开放的端口)
2️⃣:seport常用模块:
ports
说明:端口或端口范围 ;例如:1000-2000 ;200-500,7777(逗号分隔)
proto :【 tcp | udp 】
说明:指定端口的协议 ;例如:proto=tcp;proto=udp
reload :【 yes | no 】
说明:提交后重新加载SELinux策略
setype
说明:指定端口的selinux类型 ;例如:http服务:setype=http_port_t
state :【 present | absent 】
说明:指定端口的状态:
present #添加允许开放该端口
absent #删除/关闭该端口
- 实例:
//查看受控主机上是否开放777端口
[root@ansible ~]# ansible all -m shell -a 'semanage port -l | grep http'
192.168.121.81 | CHANGED | rc=0 >>
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
//semanage命令需要安装额外的安装包才能使用该命令,我这是提前安装好了的 //使用seport模块允许开放777端口
[root@ansible ~]# ansible all -m seport -a 'ports=777 proto=tcp setype=http_port_t state=present'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"ports": [
"777"
],
"proto": "tcp",
"setype": "http_port_t",
"state": "present"
} //查看受控主机上是否开放777端口
[root@ansible ~]# ansible all -m shell -a 'semanage port -l | grep http'
192.168.121.81 | CHANGED | rc=0 >>
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 777, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989 //关闭777端口
[root@ansible ~]# ansible all -m seport -a 'ports=777 proto=tcp setype=http_port_t state=absent'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"ports": [
"777"
],
"proto": "tcp",
"setype": "http_port_t",
"state": "absent"
} //查看777端口是否删除
[root@ansible ~]# ansible all -m shell -a 'semanage port -l | grep http'
192.168.121.81 | CHANGED | rc=0 >>
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
15、mount模块
1️⃣:mount模块用来挂载目录,也可以用来挂载镜像文件
2️⃣:mount常用的参数:
src
说明:选择所要安装文件的路径;当状态设置为present或mounted,必须使用该参数
path
说明:挂载的路径;例如 path=/mnt/files
fstype
说明:挂载文件系统类型;当状态为present或mounted,必须使用该参数
state :【 mounted | unmounted | remounted | present | absent 】
说明:
mounted:如果是mounted,将在fstab中主动安装设备并进行适当配置;如果没有安装点,则将创建安装点
如果是unmounted,则无需更改fstab即可卸载设备
remounted指定要在挂载本身上强制刷新时重新安装设备
present仅指定要在fstab中配置设备,并且不触发或不需要安装
absent指定将设备安装项从fstab中删除,还将卸载设备并删除安装点
opts
说明:以什么方式挂载;例如:ro,rw
- 实例:
//查看/dev/sr0是否已经挂载
[root@ansible ~]# ansible all -m shell -a 'df -h'
192.168.121.81 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
devtmpfs 887M 0 887M 0% /dev
tmpfs 904M 0 904M 0% /dev/shm
tmpfs 904M 8.6M 895M 1% /run
tmpfs 904M 0 904M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 50G 1.7G 49G 4% /
/dev/mapper/rhel-home 27G 225M 27G 1% /home
/dev/nvme0n1p1 1014M 173M 842M 17% /boot
tmpfs 181M 0 181M 0% /run/user/0 //挂载/dev/s/sr0到/mnt
[root@ansible ~]# ansible all -m mount -a 'src=/dev/sr0 path=/mnt fstype=iso9660 state=mounted'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "iso9660",
"name": "/mnt",
"opts": "defaults",
"passno": "0",
"src": "/dev/sr0"
} //查看是否挂载
[root@ansible ~]# ansible all -m shell -a 'df -h'
192.168.121.81 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
devtmpfs 887M 0 887M 0% /dev
tmpfs 904M 0 904M 0% /dev/shm
tmpfs 904M 8.6M 895M 1% /run
tmpfs 904M 0 904M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 50G 1.7G 49G 4% /
/dev/mapper/rhel-home 27G 225M 27G 1% /home
/dev/nvme0n1p1 1014M 173M 842M 17% /boot
tmpfs 181M 0 181M 0% /run/user/0
/dev/sr0 7.4G 7.4G 0 100% /mnt //卸载
[root@ansible ~]# ansible all -m mount -a 'src=/dev/sr0 path=/mnt state=unmounted'
192.168.121.81 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"name": "/mnt",
"opts": "defaults",
"passno": "0",
"src": "/dev/sr0"
} //查看是否卸载成功
[root@ansible ~]# ansible all -m shell -a 'df -h'
192.168.121.81 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
devtmpfs 887M 0 887M 0% /dev
tmpfs 904M 0 904M 0% /dev/shm
tmpfs 904M 8.6M 895M 1% /run
tmpfs 904M 0 904M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 50G 1.7G 49G 4% /
/dev/mapper/rhel-home 27G 225M 27G 1% /home
/dev/nvme0n1p1 1014M 173M 842M 17% /boot
tmpfs 181M 0 181M 0% /run/user/0 //查看/etc/fstab文件是否删除信息
[root@ansible ~]# ansible all -m shell -a 'cat /etc/fstab'
192.168.121.81 | CHANGED | rc=0 >> #
# /etc/fstab
# Created by anaconda on Wed Aug 26 03:25:38 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/rhel-root / xfs defaults 0 0
UUID=234365dc-2262-452e-9cbb-a6acfde04385 /boot xfs defaults 0 0
/dev/mapper/rhel-home /home xfs defaults 0 0
/dev/mapper/rhel-swap swap swap defaults 0 0
/dev/sr0 /mnt iso9660 defaults 0 0
16、yum_repository模块
1️⃣:yum_repository模块是用来添加或删除YUM仓库的
2️⃣:yum_repository模块常用的参数:
name
说明:唯一的存储库ID。也就是配置文件中“[ ]”中括号中写的内容;名称必须唯一name参数是必须设置的;仅当状态设置为present或时,才需要此参数absent
description
说明:人类可读的字符串,描述存储库;也就是配置文件中name=描述的字符串;仅在state设置为present时才需要此参数
baseurl
说明:yum存储库“ repodata”目录所在目录的URL;它也可以是多个URL的列表;说白了就是给仓库的地址;如果需要的参数状态设置为present
enbaled :【 yes | no 】
说明:yum是否使用此存储库
yes 代表启用
no 代表不启用
pgpcheck :【 yes | no 】
说明:yum是否应该对软件包执行GPG签名检查;可选boolean值:
yes 如果设置启用签名检查:则需要写入gpgkey=URL
no 不启用签名检查
file
说明:不带 .repo 扩展名的文件名,用于保存存储库。默认为name的值。
如果设置里name参数,name改变的是文件中[ ] 中中括号中的值;而file改变的是文件名的名称
如果设置了name参数,但不给值,name就使用DEFAULT作为仓库的名称;file任然是改变文件名的名称
state :【 present | absent 】
说明:repo 文件的状态(是否创建)
3️⃣:演示实例:
//查看playbook
[root@localhost ~]# cat playbook.yml
---
- hosts: client
gather_facts: no
tasks:
- name: add repository
yum_repository:
name: dvd
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
description: my first repo
enabled: yes
gpgcheck: no
file: jjyy //执行playbook后,查看
[root@localhost yum.repos.d]# ls
jjyy.repo
[root@localhost yum.repos.d]# cat jjyy.repo
[dvd]
baseurl = https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
enabled = 1
gpgcheck = 0
name = my first repo
Ansible_常用模块的更多相关文章
- Ansible运维自动化工具19个常用模块使用实例【转】
一.模块列表 1.setup 2.ping 3.file 4.copy 5.command 6.shell 7.script 8.cron 9.yum 10.service 11.group 12.u ...
- Ansible常用模块命令
Ansible常用模块命令 一.安装ansible yum install epel-release yum install ansible 二.配置文件配置 vi /etc/ansible/ansi ...
- Ansible基础配置与常用模块使用
环境介绍: Ansible服务端IP:192.168.2.215 Ansible客户端IP:192.168.2.216.192.168.2.218.192.168.2.113 一.创建Ansibl ...
- ansible 四常用模块
常用模块 Ansible默认提供了很多模块来供我们使用.在Linux中,我们可以通过 ansible-doc -l 命令查看到当前Ansible支持哪些模块,通过 ansible-doc -s [模块 ...
- atitit 商业项目常用模块技术知识点 v3 qc29
atitit 商业项目常用模块技术知识点 v3 qc29 条码二维码barcodebarcode 条码二维码qrcodeqrcode 条码二维码dm码生成与识别 条码二维码pdf147码 条码二维码z ...
- 《Ansible权威指南》笔记(3)——Ad-Hoc命令集,常用模块
五.Ad-Hoc命令集1.Ad-Hoc命令集通过/usr/bin/ansible命令实现:ansible <host-pattern> [options] -v,--verbose ...
- python学习笔记(5)--迭代器,生成器,装饰器,常用模块,序列化
生成器 在Python中,一边循环一边计算的机制,称为生成器:generator. 如: >>> g = (x * x for xin range(10)) >>> ...
- 进击的Python【第五章】:Python的高级应用(二)常用模块
Python的高级应用(二)常用模块学习 本章学习要点: Python模块的定义 time &datetime模块 random模块 os模块 sys模块 shutil模块 ConfigPar ...
- Python模块之常用模块,反射以及正则表达式
常用模块 1. OS模块 用于提供系统级别的操作,系统目录,文件,路径,环境变量等 os.getcwd() 获取当前工作目录,即当前python脚本工作的目录路径 os.chdir("di ...
随机推荐
- OO电梯系列总结与反思
目录 前言 HW5 度量分析 UML类图与协作图 bug分析 HW6 度量分析 UML类图与协作图 bug分析 HW7 度量分析 UML类图与协作图 bug分析 SOLID原则 感想 前言 紧张刺激的 ...
- 初学 Babel 工作原理
前言 Babel 对于前端开发者来说应该是很熟悉了,日常开发中基本上是离不开它的. 已经 9102 了,我们已经能够熟练地使用 es2015+ 的语法.但是对于浏览器来说,可能和它们还不够熟悉,我们得 ...
- Ambassador-07-熔断
Ambassador的熔断机制的定义 circuit_breakers: - priority: <string> max_connections: <integer> max ...
- Ambassador-06-金丝雀部署
金丝雀部署:Canary Releases ambassador使用加权循环,在多个服务之间路由流量.收集所有服务的完整指标,以便比较canary和production的相对性能.这个weight的值 ...
- 6. VUE 指令-概述
指令 (Directives) 是带有 v- 前缀的特殊特性.指令特性的值预期是单个 JavaScript 表达式 (v-for是例外情况,稍后我们再讨论).指令的职责是,当表达式的值改变时,将其产生 ...
- Day14_84_通过反射机制修改和获取class里的属性值
通过反射机制修改和获取class里的属性值 * 属性对象.set(Object,属性值) 给Object对象中的某个属性赋值(属性对象) * 属性对象.get(Object); 获取Object对象中 ...
- 基于.Net Core 5.0 Worker Service 的 Quart 服务
前言 看过我之前博客的人应该都知道,我负责了相当久的部门数据同步相关的工作.其中的艰辛不赘述了. 随着需求的越来越复杂,最近windows的计划任务已经越发的不能满足我了,而且计划任务毕竟太弱智,总是 ...
- shopify 学习链接整理
shopify shopify packagist https://help.shopify.com/zh-CN/manual/apps/apps-by-shopify/script-editor/s ...
- WDK 标准数据类型
刚刚看到vs2012可以完美支持wdk开发,心中窃喜,正要下载,竟然看到xp不在其支持范围内, 这让刚刚从win7换过来的我真是DT,算了,还是和学习资料保持一致,反正学习的重点不是方便 正题: 为了 ...
- Portswigger web security academy:WebSockets
Portswigger web security academy:WebSockets 目录 Portswigger web security academy:WebSockets Lab: Mani ...