Ansible常用模块

ansible模块有很多，具体模块的使用方法可以使用 ansible-doc 命令可以详细的查看，最下面给的还有实例，很是方便。

ansible-doc service  # 查看模块 service 的使用方法
less 436
Copyright (C) 1984-2009 Mark Nudelman
less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
Homepage: http://www.greenwoodsoftware.com/less > SERVICE
Controls services on remote hosts. Supported init systems include
BSD init, OpenRC, SysV, Solaris SMF, systemd, upstart.
Options (= is mandatory):
- arguments
Additional arguments provided on the command line
.......
.......
EXAMPLES:  # 下面给的一些实例，很是实用
# Example action to start service httpd, if not running
- service: name=httpd state=started
# Example action to stop service httpd, if running
- service: name=httpd state=stopped
...
...

下面我自己罗列的一写常用的模块使用方法，便于以后查找使用。

copy 复制本地文件到远程(类似scp命令)

- copy: src=/srv/myfiles/foo.conf dest=/etc/foo.conf owner=foo group=foo mode=0644
- copy: src=/srv/myfiles/foo.conf dest=/etc/foo.conf owner=foo group=foo mode="u=rw,g=r,o=r"
- copy: src=/srv/myfiles/foo.conf dest=/etc/foo.conf owner=foo group=foo mode="u+rw,g-wx,o-rwx"
- copy: src=/mine/ntp.conf dest=/etc/ntp.conf owner=root group=root mode=644 backup=yes
- copy: src=/mine/sudoers dest=/etc/sudoers validate='visudo -cf %s'
ansible test -m copy -a 'src=/tmp/test.txt dest=/tmp/t.txt'  # 将本地'/tmp/test.txt'文件复制到test主机并重命名'/tmp/t.txt'
ansible test -m copy -a 'src=/tmp/dir dest=/tmp/'   # 将本地'/tmp/dir'目录复制到test主机'/tmp/'目录下

fetch 远程文件copy到本地

- fetch: src=/tmp/somefile dest=/tmp/fetched
- fetch: src=/tmp/somefile dest=/tmp/prefix-{{ ansible_hostname }} flat=yes
- fetch: src=/tmp/uniquefile dest=/tmp/special/ flat=yes
- fetch: src=/tmp/uniquefile dest=special/prefix-{{ ansible_hostname }} flat=yes

replace 替换(类似sed命令)

ansible test -m replace -a "dest=/etc/hosts regexp='Old' replace='New' backeup=yes"

authorized_key 添加互信

- authorized_key: user=test state=present key=\"{{ lookup('file', '/home/test/.ssh/id_rsa.pub') }}\"  # 添加test互信
- authorized_key: user=test                                                   # 远程用户
state=present  # 新建，absent删除
key=\"{{ lookup('file', '/home/test/.ssh/id_rsa.pub') }}\" # 本地公钥
path='/data/test/.ssh/authorized_keys'              # 额外指定远程用户权限文件,默认是远程用户的家目录下/$HOMEDIR/.ssh/authorized_keys
manage_dir=no                               # 根据path指定的路径创建远程用户权限文件authorized_keys
ansible all -m authorized_key -a "user=root state=present key=\"{{ lookup('file', '/root/.ssh/id_rsa.pub') }}\"" -k    # 将本地root的公钥导入到远程用户root的authorized_keys里
ansible all -m authorized_key -a "user=root state=present key=\"{{ lookup('file', '/home/test/.ssh/id_rsa.pub') }}\"" -k # 将本地test的公钥导入到远程用户root的authorized_keys里

synchronize 同步(类似rsync命令)

src=/some/relative/path dest=/some/absolute/path
dest_port=22   # 指定远程端口
delete=yes     # 使两边的内容一样（即以推送方为主）
compress=yes   # 开启压缩，默认为开启
--exclude=.git # 忽略同步.git结尾的文件
recursive=yes  # 递归
checksum=yes   # 默认 no
archive=no
links=yes
times=no
- synchronize: src=/tmp/helloworld dest=/var/www/helloword rsync_opts=--no-motd,--exclude=.gi dest_port=22
- synchronize: src=/tmp/dir dest=/tmp/ dest_port=2020 delete=yes recursive=yes rsync_opts=--no-motd,--exclude=.log # 通过2020端口拷贝目录/tmp/dir到远程/tmp/下面,保持和源目录结构一致,忽略 .log文件
- synchronize: src=/tmp/dir dest=/tmp/ dest_port=2020 delete=yes recursive=yes rsync_opts=--exclude-from=/tmp/ex   # 通过2020端口拷贝目录/tmp/dir到远程/tmp/下面，保持和源目录结构一致并且过滤/tmp/ex文件里的内容

lineinfile 行替换

- lineinfile: dest=/etc/selinux/config regexp=^SELINUX= line=SELINUX=enforcing      # 将以“SELINUX”开头的行换成 “SELINUX=enforcing”
- lineinfile: dest=/etc/sudoers state=absent regexp="^%wheel"                       # 将以 %wheel 开头的行删除
- lineinfile: dest=/etc/hosts regexp='^127\.0\.0\.1' line='127.0.0.1 localhost' owner=root group=root mode=0644
- lineinfile: dest=/etc/httpd/conf/httpd.conf regexp="^Listen " insertafter="^#Listen " line="Listen 8080" # 将以 #Listen 开头行的下面的 以Listen开头的行换成  Listen 8080
- lineinfile: dest=/etc/httpd/conf/httpd.conf insertafter="^#Listen " line="Listen 8080"            # 在 #Listen 开头行的下面的 添加 Listen 8080 新行
- lineinfile: dest=/etc/httpd/conf/httpd.conf regexp="^Listen " insertbefore="^#Listen " line="Listen 8080" # 将以 #Listen 开头行的上面的 以Listen开头的行换成  Listen 8080
- lineinfile: dest=/tmp/testfile line="192.168.1.99 foo.lab.net foo"  # 添加一个新行

unarchive 解压缩

src
copy  yes|no  # yes:默认，压缩包在本地,src=本地压缩包路径，dest=解压到远程路径；no远程主机已存在压缩包，src=远程压缩包路径，dest=解压到远程路径
creates  # 创建文件目录，当文件存在就不执行
dest
group
mode
owner
- unarchive: src=foo.tgz dest=/var/lib/foo
- unarchive: src=/tmp/foo.zip dest=/usr/local/bin copy=no
- unarchive: src=/tmp/test.tar.gz dest=/opt/tmp/ creates=/opt/tmp/ copy=no

mysql_relication mysql的主从复制

- mysql_replication: mode=stopslave
- mysql_replication: mode=changemaster master_host=192.168.1.1 master_log_file=mysql-bin.000009 master_log_pos=4578
- mysql_replication: mode=getslave login_host=ansible.example.com login_port=3308

mysql_user mysql的用户授权

- mysql_user: name=bob password=12345 priv=*.*:ALL state=present         # 所以权限
- mysql_user: name=bob password=12345 priv=*.*:ALL,GRANT state=present   # 所以权限包括 with grant option
- mysql_user: name=bob append_privs=true priv=*.*:REQUIRESSL state=present
- mysql_user: login_user=root login_password=123456 name=sally state=absent # 删除用户
- mysql_user: name=replication password=12345 priv=*.*:"REPLICATION CLIENT" state=present  # 创建从用户

本文出自 “行 者--->” 博客，请务必保留此出处http://liumissyou.blog.51cto.com/4828343/1749121