ansible常用模块(shell/yum/wait_for)介绍_ansible playbook shell模块

---

一、user模块—创建用户并设置密码

- name: create user
  user: name={{ item.name }} password={{ item.chpass | password_hash('sha512') }}  update_password=always
  with_items:
    - { name: "devops", chpass: '1q2w3e4r' }
1
2
3
4

update_password的值：

always：每次都更新密码
on_create：创建新用户时才设置密码
1
2

二、authorized_key模块上传公钥，配置ssh免密

在hosts中配置远程主机的密码

[mysql]
192.168.1.2 ansible_ssh_pass="123456"
1
2

ansible写法：

ansible mysql -m authorized_key -a "user=root state=present key='{{ lookup('file', '/home/devops/.ssh/id_rsa.pub') }}'"
1

ansible-playbook写法：

- name: push ssh pub key
  authorized_key:
    user: "root"
    key: "{{ lookup('file', '/home/devops/.ssh/id_rsa.pub') }}"
    state: present
1
2
3
4
5

ansible用authorized_key模块批量推送密钥到受控主机(免密登录)

三、mysql_db模块创建数据库

- name: create schema
  mysql_db:
    login_host: "{{ MYSQL_IP }}"
    login_user: "{{ MYSQL_ADMIN_USER }}"
    login_password: "{{ MYSQL_ADMIN_PWD }}"
    login_port: "{{ MYSQL_PORT }}"
    name:
      - db1
      - db2
    encoding: "utf8mb4"
    collation: "utf8mb4_bin"
    state: "present"
1
2
3
4
5
6
7
8
9
10
11
12

四、mysql_user模块创建用户并授权

- name: grant mysql user
  mysql_user:
    login_host: "{{ MYSQL_IP }}"
    login_user: "{{ MYSQL_ADMIN_USER }}"
    login_password: "{{ MYSQL_ADMIN_PWD }}"
    login_port: "{{ MYSQL_PORT }}"
    name: "{{ MYSQL_ACCESS_USER }}"
    password: "{{ MYSQL_ACCESS_PWD }}"
    update_password: "on_create"
    host: "%"
    priv: "db1.*:ALL/db2.*:ALL"
    state: "present"
1
2
3
4
5
6
7
8
9
10
11
12

五、yum模块

- name: install MySQL-python unzip
  yum:
    name: ['MySQL-python', 'unzip']
    update_cache: yes
1
2
3
4

六、shell模块

切换目录，并执行多行命令

- name: download sql dump
  become: yes
  become_user: root	#切换为root用户执行shell命令
  shell:
    cmd: |
         unzip a.zip
         unzip b.zip
    chdir: /data/mysql		#切换到/data/mysql目录执行上述命令
1
2
3
4
5
6
7
8

七、wait_for模块

检查端口

检查端口，端口down，为真，端口up为假，timeout时间要大于delay

- name: check mysql port
  wait_for:
      port: 3306
      state: stopped	#端口down为真
      delay: 1			#1秒后开始检查
      timeout: 2		#检查超时时间2秒
      msg: "3306 Is Up"	#如果检查失败，输出该信息
1
2
3
4
5
6
7

安装前检查端口状态，根据端口状态调用不同的playbook

- block:
  - name: check nginx port {{ NGINX_PORT }}
    wait_for: port={{ NGINX_PORT }} state=stopped delay=1 timeout=2
  - set_fact: service_status="Down"
  - debug: msg="{{ NGINX_PORT }} is Down"
  rescue:
    - debug: msg="{{ NGINX_PORT }} Is Up"
    - set_fact: service_status="Up"

- include: install_nginx.yml
  when: 'service_status == "Down" and action == "install"'

- include: uninstall_nginx.yml
  when: 'service_status == "Up" and action == "uninstall"'

- include: install_nginx.yml
  when: action == "upgrade"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

安装/卸载后检查端口状态

#检测端口是否启动成功
- block:
    - name: start {{ svc_port }} port...
      wait_for:
        port: "{{ svc_port }}"
        state: started
        delay: 3
        timeout: 4
    - name: start {{ svc_port }} port success
      set_fact: service_status="Up"
  rescue:
    - set_fact: service_status="Down"
    - debug: msg="{{ svc_port }} is Down"
    - name: start fail
      shell: echo "{{ service_status }}"
      register: result
      failed_when: result.stdout == "Down"
  when: 'check_status == "start"'

#检测端口是否停止成功
- block:
    - name: stop {{ svc_port }} port...
      wait_for:
        port: "{{ svc_port }}"
        state: stopped
        delay: 2
        timeout: 3
    - name: stop {{ svc_port }} port success
      set_fact: service_status="Down"
  rescue:
    - set_fact: service_status="Up"
    - debug: msg="{{ svc_port }} is Up"
    - name: start fail
      shell: echo "{{ service_status }}"
      register: result
      failed_when: result.stdout == "Up"
  when: 'check_status == "stop"'
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

八、unarchive模块—传包并解压

在主控端先解压，再拷贝到被控端机器

- name: unarchive and copy {{ MYSQL_IMAGE_NAME }}
    unarchive:
      src: "/data/docker_images/{{ MYSQL_IMAGE_NAME }}"
      dest: "{{ MYSQL_DATA }}"
      mode: 0755
      remote_src: no		#代表被控端机器没有包，需要先解压再拷贝
1
2
3
4
5
6

在被控端机器解压包到被控端机器下

- name: unarchive {{ MYSQL_IMAGE_NAME }}
    unarchive:
      src: "{{ MYSQL_DATA }}/{{ MYSQL_IMAGE_NAME }}"
      dest: "{{ MYSQL_DATA }}"
      mode: 0755
      remote_src: yes	#代表被控端机器存在该包，不需要拷贝
1
2
3
4
5
6

九、uri模块

until: 直到后面的条件满足才为真
retries: 重试次数
delay: 每隔n秒钟检测一次

- name: check service is health
    uri:
      url: "http://127.0.0.1:{{ APP_PORT}}/healthz"
    register: result
    until: result.status == 200
    retries: 20		#(最长等待20*5=100s)
    delay: 5
1
2
3
4
5
6
7

十、with_fileglob模块，遍历文件

参考文章：
ansible 中的循环（七） with_file 和 with_fileglob

遍历zip包并传到远程主机

- name: copy web pkg
      copy: src="{{ item }}" dest="{{ NGINX_DATA }}/data" mode=0755
      with_fileglob:
        - "html/*.zip"
        - "web/*.zip"
1
2
3
4
5

十一、systemd模块，控制服务启停

启动服务，并设置开机自启

- name: start datakit
  systemd:
    name: datakit
    enabled: yes		#允许开机自启
    state: started
    daemon_reload: yes	#重载配置文件
  when: action == "start"
1
2
3
4
5
6
7

重启服务

- name: restart datakit
  systemd:
    name: datakit
    state: restarted
  when: action == "restart"
1
2
3
4
5

停止服务

- name: stop datakit
  systemd:
    name: datakit
    state: stopped
  when: action == "stop"
1
2
3
4
5

file模块

修改文件权限

- name: Recursively change ownership of a directory
  file:
    path: /tmp/2.txt
    owner: devops
    group: devops
1
2
3
4
5

递归修改目录权限

- name: Recursively change ownership of a directory
  file:
    path: /tmp/onedir
    owner: devops
    group: devops
    recurse: yes
1
2
3
4
5
6