实验环境:已经安装配置好ansible了,server1是服务端
一、command(ansible的默认模块)
[devops@server1 ansible]$ ansible dev -m command -a 'df -h'
其中dev是dev组,-m是指定模块,-a是指定命令
二、copy模块
[devops@server1 ansible]$ ansible dev -m copy -a 'src=/etc/passwd dest=/tmp/passwd'
将/etc/passwd 复制到/tmp/passwd
查看
三、file模块
更改文件权限
查看权限
[devops@server1 ansible]$ ansible dev -a 'ls -l /tmp/passwd'
server2 | CHANGED | rc=0 >>
-rw-rw-r-- 1 devops devops 1003 Jun 19 15:28 /tmp/passwd
更改权限
[devops@server1 ansible]$ ansible dev -m file -a 'dest=/tmp/passwd mode=777'
server2 | CHANGED => {
"changed": true,
"gid": 1000,
"group": "devops",
"mode": "0777",
"owner": "devops",
"path": "/tmp/passwd",
"size": 1003,
"state": "file",
"uid": 1000
}
查看权限
[devops@server1 ansible]$ ansible dev -a 'ls -l /tmp/passwd'
server2 | CHANGED | rc=0 >>
-rwxrwxrwx 1 devops devops 1003 Jun 19 15:28 /tmp/passwd
四、yum模块
查看yum模块的使用方法
[devops@server1 ansible]$ ansible-doc yum
因为是普通用户,所以没有执行yum的权力,所以要进行配置
[root@server2 ~]# vim /etc/sudoers
92 devops ALL=(ALL) NOPASSWD: ALL
[root@server3 ~]# vim /etc/sudoers
92 devops ALL=(ALL) NOPASSWD: ALL
在server2上下载httpd
[devops@server1 ansible]$ ansible dev -m yum -a 'name=httpd state=present' -b
-b是become=true,如果不想每次执行命令的时候加,可以在配置文件中修改。下面会涉及
查看:
[devops@server1 ansible]$ ansible dev -m command -a 'rpm -q httpd'
不加-b可以在ansible的配置文件里设置
[devops@server1 ansible]$ vim ansible.cfg
[defaults]
inventory = inventory
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
再次下载httpd时就不需要-b
[devops@server1 ansible]$ ansible test -m yum -a 'name=httpd state=present'
如果想卸载server2上的httpd
[devops@server1 ansible]$ ansible dev -m yum -a 'name=httpd state=absent'
启动httpd服务:
[devops@server1 ansible]$ ansible test -m service -a 'name=httpd state=started
测试
[devops@server1 ansible]$ curl 172.25.60.3
给server3加发布页面
[devops@server1 ansible]$ ansible test -m copy -a 'content="www.westos.org\n" dest=/var/www/html/index.html'
五、firewalld模块
将server3加入防火墙白名单,这样的话在firewalld开启的情况下也可以访问。
1、开启server3防火墙
[devops@server1 ansible]$ ansible test -m service -a 'name=firewalld state=started enabled=true'
将httpd服务加入白名单
[devops@server1 ansible]$ ansible test -m firewalld -a 'service=http state=enabled permanent=yes immediate=yes'
server3 | CHANGED => {
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed service http to enabled"
}
[devops@server1 ansible]$ curl server3
www.westos.org