第十一章:常用模块详解
深入学习 Ansible 最常用的核心模块。
最后更新: 2024-01-25
页面目录
Ansible 常用模块详解
Ansible 模块是执行具体任务的功能单元,本章详细介绍最常用的核心模块。
查看模块帮助
# 列出所有模块
ansible-doc -l
# 查看特定模块文档
ansible-doc copy
ansible-doc service
ansible-doc yum
# 查看模块示例
ansible-doc -s copy
文件操作模块
copy 模块
# 基本用法
- name: Copy file
copy:
src: ./files/myfile.conf
dest: /etc/myapp/myfile.conf
# 带属性
- name: Copy with permissions
copy:
src: ./app.conf
dest: /etc/myapp/app.conf
owner: app
group: app
mode: '0640'
backup: yes
# 复制内容
- name: Copy content directly
copy:
content: |
# Configuration file
app.name=MyApp
app.port=8080
dest: /etc/myapp/app.conf
# 远程 src
- name: Copy from remote location
copy:
src: /path/on/remote/server
dest: /path/to/destination
remote_src: yes
file 模块
# 创建目录
- name: Create directory
file:
path: /opt/myapp
state: directory
owner: www-data
group: www-data
mode: '0755'
# 创建文件
- name: Create empty file
file:
path: /tmp/myfile
state: touch
mode: '0644'
# 创建符号链接
- name: Create symlink
file:
src: /opt/myapp/current
dest: /opt/myapp/latest
state: link
# 删除文件/目录
- name: Remove file
file:
path: /tmp/myfile
state: absent
# 递归设置属性
- name: Set directory attributes recursively
file:
path: /opt/myapp
state: directory
owner: www-data
group: www-data
recurse: yes
fetch 模块
# 从远程主机获取文件
- name: Fetch file from remote
fetch:
src: /var/log/myapp.log
dest: /tmp/logs/
flat: no
# 获取并扁平化
- name: Fetch with flatten
fetch:
src: /etc/myapp/config.conf
dest: /tmp/configs/{{ inventory_hostname }}.conf
flat: yes
包管理模块
apt 模块
# 安装包
- name: Install package
apt:
name: nginx
state: present
update_cache: yes
# 安装多个包
- name: Install multiple packages
apt:
name:
- nginx
- vim
- git
- curl
state: present
# 安装特定版本
- name: Install specific version
apt:
name: nginx=1.24.0
state: present
# 删除包
- name: Remove package
apt:
name: nginx
state: absent
# 更新所有包
- name: Update all packages
apt:
upgrade: dist
update_cache: yes
# 安装 .deb 文件
- name: Install deb file
apt:
deb: /tmp/package.deb
# 清理缓存
- name: Clean cache
apt:
autoremove: yes
clean: yes
yum/dnf 模块
# 安装包(RHEL/CentOS)
- name: Install package
yum:
name: httpd
state: present
# 安装多个包
- name: Install multiple packages
yum:
name:
- nginx
- mysql-server
- php-fpm
state: present
# 安装 @group
- name: Install package group
yum:
name: "@Development Tools"
state: present
# 卸载包
- name: Remove package
yum:
name: httpd
state: absent
# 使用 dnf(Fedora/RHEL 8+)
- name: Install with dnf
dnf:
name: podman
state: present
package 模块
# 通用的包管理模块(自动选择 apt/yum/dnf)
- name: Install package
package:
name: nginx
state: present
# 跨平台使用
- name: Install packages
package:
name:
- nginx
- vim
state: present
服务管理模块
service/systemd 模块
# 启动服务(SysVinit)
- name: Start service
service:
name: nginx
state: started
enabled: yes
# 停止服务
- name: Stop service
service:
name: nginx
state: stopped
# 重启服务
- name: Restart service
service:
name: nginx
state: restarted
# 重新加载配置
- name: Reload service
service:
name: nginx
state: reloaded
# 使用 systemd(systemd 系统)
- name: Manage with systemd
systemd:
name: nginx
state: started
enabled: yes
daemon_reload: yes
# 使用 arguments
- name: Start with arguments
systemd:
name: myapp
state: started
arguments: '--config=/etc/myapp.conf'
命令执行模块
command 模块
# 基本命令
- name: Run command
command: ls -la /tmp
# 带参数
- name: Run with args
command: rm -rf /tmp/cache creates=/tmp/cache
# 使用 chdir
- name: Run in directory
command: make install
args:
chdir: /opt/src
creates: /usr/local/bin/myapp
# 读取文件内容
- name: Read file
command: cat /etc/myapp/config
register: config_content
# 检查退出码
- name: Check exit code
command: grep pattern /etc/myapp/config
register: grep_result
failed_when: grep_result.rc not in [0, 1]
shell 模块
# 执行 shell 脚本
- name: Run shell script
shell: |
cd /opt/myapp
./build.sh
./deploy.sh
args:
executable: /bin/bash
# 管道使用
- name: Use pipe
shell: ps aux | grep nginx
register: process_list
# 环境变量
- name: Set environment
shell: echo $HOME
environment:
PATH: "/usr/local/bin:$PATH"
MY_VAR: value
script 模块
# 执行本地脚本
- name: Run local script
script: /tmp/setup.sh
# 带参数
- name: Run script with args
script: /tmp/deploy.sh {{ app_version }}
args:
creates: /opt/myapp/.deployed
# 指定解释器
- name: Run script with interpreter
script: /tmp/setup.ps1
args:
executable: powershell
when: ansible_os_family == "Windows"
用户管理模块
user 模块
# 创建用户
- name: Create user
user:
name: deploy
comment: "Deploy User"
shell: /bin/bash
home: /home/deploy
groups: wheel,developers
append: yes
# 创建系统用户
- name: Create system user
user:
name: myapp
system: yes
create_home: no
shell: /sbin/nologin
# 设置密码
- name: Set user password
user:
name: deploy
password: "{{ 'secret123' | password_hash('sha512') }}"
# 修改用户
- name: Modify user
user:
name: deploy
groups: admin
append: yes
# 删除用户
- name: Remove user
user:
name: deploy
state: absent
remove: yes
force: yes
group 模块
# 创建组
- name: Create group
group:
name: developers
state: present
# 创建系统组
- name: Create system group
group:
name: myapp
system: yes
state: present
# 删除组
- name: Remove group
group:
name: developers
state: absent
数据库模块
mysql_db 模块
# 创建数据库
- name: Create database
mysql_db:
name: myapp_production
state: present
# 导入数据
- name: Import database
mysql_db:
name: myapp_production
state: import
target: /tmp/backup.sql
# 删除数据库
- name: Drop database
mysql_db:
name: myapp_test
state: absent
# 复制数据库
- name: Clone database
mysql_db:
name: "{{ item.new }}"
state: present
copy: "{{ item.from }}"
loop:
- { new: 'myapp_dev', from: 'myapp_production' }
mysql_user 模块
# 创建用户
- name: Create user
mysql_user:
name: app
password: secret
priv: 'myapp.*:ALL'
host: localhost
state: present
# 创建用户并授权
- name: Create user with privileges
mysql_user:
name: app
password: secret
priv:
'myapp.*': SELECT,INSERT,UPDATE,DELETE
'*.*': USAGE
state: present
# 删除用户
- name: Remove user
mysql_user:
name: old_user
state: absent
云模块
ec2 模块(AWS)
# 启动实例
- name: Launch EC2 instance
ec2:
key_name: mykey
instance_type: t3.micro
image: ami-12345678
region: us-east-1
count: 2
vpc_subnet_id: subnet-12345678
assign_public_ip: yes
group: mysecuritygroup
wait: yes
volumes:
- device_name: /dev/sda1
volume_size: 20
volume_type: gp3
register: ec2
- name: Add instances to host group
add_host:
hostname: "{{ item.public_ip }}"
groupname: launched
loop: "{{ ec2.instances }}"
azure_rm_virtualmachine 模块
# Azure VM 管理
- name: Create Azure VM
azure_rm_virtualmachine:
resource_group: myResourceGroup
name: myVM
vm_size: Standard_DS1_v2
admin_username: azureuser
image:
offer: UbuntuServer
publisher: Canonical
sku: '18.04-LTS'
version: latest
网络模块
get_url 模块
# 下载文件
- name: Download file
get_url:
url: https://example.com/file.tar.gz
dest: /tmp/file.tar.gz
mode: '0644'
# 带认证下载
- name: Download with auth
get_url:
url: https://example.com/file.zip
dest: /tmp/file.zip
url_username: user
url_password: secret
force_basic_auth: yes
# 带校验
- name: Download with checksum
get_url:
url: https://example.com/file.tar.gz
dest: /tmp/file.tar.gz
checksum: sha256:abc123...
uri 模块
# HTTP GET 请求
- name: GET request
uri:
url: https://api.example.com/data
method: GET
return_content: yes
register: response
# HTTP POST 请求
- name: POST request
uri:
url: https://api.example.com/submit
method: POST
body_format: json
body:
name: myapp
version: "1.0"
headers:
Authorization: "Bearer {{ token }}"
register: result
# 带认证
- name: Request with basic auth
uri:
url: https://api.example.com/data
user: admin
password: secret
force_basic_auth: yes
磁盘/存储模块
lvg 模块
# 创建卷组
- name: Create volume group
lvg:
vg: vg_data
pvs: /dev/sdb1
pesize: 32
lvol 模块
# 创建逻辑卷
- name: Create logical volume
lvol:
vg: vg_data
lv: lv_mysql
size: 10G
state: present
# 扩展逻辑卷
- name: Extend logical volume
lvol:
vg: vg_data
lv: lv_mysql
size: +5G
resizefs: yes
mount 模块
# 挂载文件系统
- name: Mount filesystem
mount:
path: /mnt/data
src: /dev/vg_data/lv_mysql
fstype: ext4
state: mounted
# 卸载
- name: Unmount filesystem
mount:
path: /mnt/data
state: unmounted
# 永久挂载(写入 fstab)
- name: Add to fstab
mount:
path: /mnt/data
src: UUID=xxx
fstype: ext4
opts: defaults,noatime
state: present
模块速查表
| 类别 | 模块 | 用途 |
|---|---|---|
| 文件 | copy |
复制文件 |
| 文件 | file |
创建/删除文件/目录/链接 |
| 文件 | fetch |
从远程获取文件 |
| 文件 | synchronize |
rsync 同步 |
| 包管理 | apt |
Debian/Ubuntu 包管理 |
| 包管理 | yum |
RHEL/CentOS 包管理 |
| 包管理 | package |
通用包管理 |
| 服务 | service |
SysVinit 服务管理 |
| 服务 | systemd |
systemd 服务管理 |
| 命令 | command |
执行命令 |
| 命令 | shell |
执行 shell 脚本 |
| 命令 | script |
执行本地脚本 |
| 用户 | user |
用户管理 |
| 用户 | group |
组管理 |
| 数据库 | mysql_db |
MySQL 数据库管理 |
| 数据库 | mysql_user |
MySQL 用户管理 |
| 云 | ec2 |
AWS EC2 实例 |
| 云 | azure_rm_virtualmachine |
Azure VM |
| 网络 | get_url |
下载文件 |
| 网络 | uri |
HTTP 请求 |
| 存储 | lvg |
逻辑卷组 |
| 存储 | lvol |
逻辑卷 |
| 存储 | mount |
挂载点管理 |
下一步
现在你已经掌握了常用模块的使用。接下来让我们学习 Vault 加密和安全。