Introduction and use of common ansible modules

Posted by itpvision on Wed, 09 Feb 2022 08:33:18 +0100

Install ansible

apt update
apt install -y software-properties-common
apt-add-repository --yes --update ppa:ansible/ansible
apt install -y ansible

Generate key unclassified connection

ssh-keygen -f ~/.ssh/id_rsa -P '' -q
#Copy the ssh key to the remote host. You don't need to enter the password when ssh
ssh-copy-id root@

ansible manage those hosts

Host Inventory configuration file:
The default file is:

Introduction and use of Ansible common modules

ping module

The ping module is mainly used to test whether the target server can be connected

ansible test -m ping

command module

Command module is a pure command execution module, which is used to execute commands on the managed machine. It can also expand functions with many secondary parameters and instructions. Pipeline function is not supported
It should be noted that when the - m parameter of ansible is not specifically specified, the Module called by default is command. The following are some common secondary parameters of command:
Judge that when the file exists, the command will not be executed
Linux instructions to be executed
Switch to the specified directory before executing the command
Judge that when the file does not exist, this option will not be executed

ansible test -m command -a "hostname"
#Determine whether there is AA Txt file. If it exists, skip and do not create it
ansible test -m command  -a "creates=aa.txt mkdir -p /opt/aa"
ansible test -m command -a "echo aa"
ansible test -m command -a "chdir=/opt mkdir aa"
#Determine whether there is AA Txt file, if not, it will not be executed
ansible test -m command  -a "creates=aa.txt mkdir -p /opt/aa"

shell module

The main feature of this module is that it includes all command functions and secondary parameter support, and supports pipeline.

ansible test -m shell -a "ps -ef | grep ansible | grep -v grep"

file module

The file module is mainly for some simple operations of files, mainly creating or permission setting, judging the existence of existing files, etc.
Define the group of files / directories
Define permissions for files / directories
Define the owner of the file / directory
Required to define the path of the file / directory
Recursively set the attributes of the file, which is only valid for the directory
The path to be linked only applies when state=link
The linked path only applies to the case where state=link
Directory: if the directory does not exist, create a directory
File: even if the file does not exist, it will not be created
Link: create a soft link
Hard: create a hard link
touch: if the file does not exist, a new file will be created. If the file or directory already exists, its last modification time will be updated
absent: delete directories, files, or unlink files

#Change file ownership, group, and mode. When the mode is specified using octal numbers, the first number should always be 0
ansible test -m file -a "path=/root/su.yaml  owner=test group=test mode=0644"
#Make soft connection
ansible test -m file -a "src=/root/su.yaml dest=/opt/aa.yaml state=link"
# touch creates files and sets permissions using symbol mode (equivalent to 0644)
ansible test -m file -a "path=/root/aa.txt state=touch mode='u=rw,g=r,o=r'"
# touch create files, add / delete some permissions
ansible test -m file -a "path=/root/aa.txt state=touch mode='u+rw,g-wx,o-rwx'"
# Create a directory if it does not exist
ansible test -m file -a "path=/opt/aa state=directory mode=0755"

copy module

Perform a copy operation on a remote host.
The local address of the file to be copied to the remote host can be an absolute path or a relative path. If the path is a directory, it will be copied recursively. In this case, if the path ends with "/", only the contents in the directory will be copied. If "/" is not used, the entire contents including the directory will be copied, similar to rsync.
The override value of src file can be set directly
Required. The absolute path of the remote host to which the source file is to be copied. If the source file is a directory, the path must also be a directory
Recursively set the permission of the directory. It is the default permission of the system by default
If the target host contains the file but the contents are different, if set to yes, it will be forced to overwrite. If set to no, it will be copied only when the file does not exist in the target location of the target host. The default is yes
All options in the file module can be used here

#copy local files to remote server and add permissions
ansible test -m copy -a "src=/srv/myfiles/foo.conf dest=/etc/foo.conf owner=foo group=foo mode=0644"
ansible test -m copy -a "src=/srv/myfiles/foo.conf dest=/etc/foo.conf owner=foo group=foo mode='u=rw,g=r,o=r'"
#Copy all files in aa directory
ansible test -m copy -a "src=/root/aa/ dest=/opt"

service module

For managing services, remember not to use this module for Centos7.
Provide some options to the command line
Whether to start the machine? yes|no requires at least one of state and enabled.
Required, service name
Run level
If restarted is executed, then sleep for a few seconds between stop and start
Start, stop, restart and reload the current service

# Start service httpd, if not running
ansible test -m service -a "name=httpd state=started"
# Stop service httpd, if running
ansible test -m service -a "name=httpd state=stopped"
# Enable sample actions for service httpd without using running state
ansible test -m service -a "name=httpd enabled=yes"

cron module

Ansible cron module is mainly used to add, delete and update crontab task plans of the operating system
Task plan name
Replace the client with the file of the user's task plan
Minutes (0-59, *, / 2)
When (0-23, *, / 2)
Day (1-31, *, * / 2)
Month (1-12, *, * / 2)
Weeks (0-6 or 1-7, *)
For any planned command, state should be equal to present
Do you want to back up the previous task schedule
User who created a new task schedule
Specify task plan present, absent

#Based on the cron module, create a crontab task plan. For example, let all back-end servers synchronize with ntpdate from the host at 00:00 every day. The task name is Ntpdate server for sync time. Be sure to pay attention to this timing service and configure the ntp server at 
ansible test -m cron -a "minute=0 hour=0 day=* month=* weekday=* name='Ntpdate server for sync time' job='ntpdate'"
#backup=yes, which means that backup is enabled, and the backup files will be stored under the client / tmp / directory 
ansible test -m cron -a "minute=0 hour=0 day=* month=* weekday=* name='Ntpdate server for sync time' backup=yes job='ntpdate'"
#Delete crontab task schedule 
ansible test -m cron -a "name='Ntpdate server for sync time' state=absent"

File system module

The file system module is used to configure the file system of the managed machine. Please be careful when changing the module involves high-level operation. The common parameters are:
Target block device
Force creation on a device with an existing file system
Type of file system
Options passed to mkfs command

#Format call disk
ansible test -m filesystem -a "dev=/dev/sdb fstype=ext4"

mount module

Remote host partition mount
Storage (see column 5 of fstab file). Note that if it is set to null and the status is set to present, it will stop working and duplicate entries will be made in subsequent runs. No impact on Solaris System.
Required, file system type. The required status is present or mounted
Required, mount point
Parameters passed to mount command
Required, the path of the device to mount. The required status is present or mounted
Required. The options are as follows:
present only handles the configuration in fstab
absent delete mount point
mounted automatically creates and mounts mount points
unmounted uninstall

ansible test -m mount -a "name=/mnt/data src=/dev/sdb1 fstype=ext4 opts=ro state=present"

sysctl module

sysctl configuration module of remote linux host
Variable name
Whether to use sysctl -p reload file when the file is updated
Is it to remove (absent) or set (present) from the file
If it is not the default file, specify another file
Using sysctl command to set, reload file is not necessary

Ansible doc sysctl can see the following example

#The following is an example defined in the yml format file:
# Set vm.swappiness to 5 in /etc/sysctl.conf
- sysctl:
    name: vm.swappiness
    value: 5
    state: present
# Remove kernel.panic entry from /etc/sysctl.conf
- sysctl:
    name: kernel.panic
    state: absent
    sysctl_file: /etc/sysctl.conf
# Set kernel.panic to 3 in /tmp/test_sysctl.conf
- sysctl:
    name: kernel.panic
    value: 3
    sysctl_file: /tmp/test_sysctl.conf
    reload: no
# Set ip forwarding on in /proc and do not reload the sysctl file
- sysctl:
    name: net.ipv4.ip_forward
    value: 1
    sysctl_set: yes
# Set ip forwarding on in /proc and in the sysctl file and reload if necessary
- sysctl:
    name: net.ipv4.ip_forward
    value: 1
    sysctl_set: yes
    state: present
    reload: yes

yum module

This module is most used when RedHat / CentOS is the OS of the remote node. I won't say more about what Yum is. RedHat / CentOS package management tool
Use yum package manager to manage packages. The options are:
yum's profile (optional)
Turn off gpg_check (optional)
Do not enable a source (optional)
Enable a source (optional)
The name of the software package to be operated. It defaults to the latest package and indicates the package to be installed. It can carry the version number or pass a url or the path of a local rpm package
Status (present, absent, latest), indicating whether it is installed or uninstalled
   present: default, indicating installation
  latest: install as the latest version
   absent: indicates deletion

#Install the latest version of http
ansible test -m yum -a 'name=httpd state=latest' 
##Install rpm package
ansible test -m yum -a 'name= state=present'

apt module

This module is most often used as the remote node of Tu. I won't say much about Apt, the package management tool of Ubuntu/Debian.
For installing on remote machines Package with suffix deb (optional)
This parameter can control whether the software package is only downloaded or installed after downloading on the remote computer. The default parameter is true. When set to false, only the software package is downloaded and not installed
When this parameter is yes, it is equal to apt get update (optional)
The name of the software package to be downloaded by apt supports the version making mode of name=git=1.6
Status (present, absent, latest), indicating whether it is installed or uninstalled
   present: default, indicating installation
  lastest: install the latest version
   absent: indicates deletion

# Update and install foo before installing foo package
ansible test -m apt -a "name=foo update_cache=yes"
# Remove foo package
ansible test -m apt -a "name=foo state=absent"
# Install foo package
ansible test -m apt -a "name=foo state=present"
# Install foo 1.0 package
ansible test -m apt -a "name=foo=1.00 state=present"
# Install nginx's latest release package named squeeze backport, and perform the update before installation
ansible test -m apt -a "name=nginx state=latest default_release=squeeze-backports update_cache=yes"
# Only download the latest package of openjdk-6-jdk without installing it
ansible test -m apt -a "name=openjdk-6-jdk state=latest install_recommends=no"
# Install all software packages to the latest version
ansible test -m apt -a "upgrade=dist"
# Update apt get's list
ansible test -m apt -a "update_cache=yes"
# Stop update after 3600 seconds_ cache
ansible test -m apt -a "update_cache=yes cache_valid_time=3600"
# Install / TMP / mypackage. On the remote node Deb software package
ansible test -m apt -a "deb=/tmp/mypackage.deb"

pip module

Used to manage Python library dependencies. In order to use the pip module, you must provide the parameter name or requirements
Directory entered by cd before executing pip command
The name of the Python library to install or the URL of the remote package.
A PIP requirements Txt file, which should be the local file of the remote system. If you use the chdir option, you can specify the file as a relative path.
The installed version of the specified Python library.
Additional parameters are passed to pip.
The path name of an explicit executable or executable that is used to run PIP for a particular version of Python installed on the system. For example, pip-3.3, if Python 2.7 and 3.3 are installed on the system and you want to run PIP for Python 3.3 installation. It cannot be specified with the "virtualenv" parameter (added in 2.1). By default, it will use the version that is applicable to the Python interpreter. pip3 on python 3, pip2 or pip on python 2.
Optional path to the virtualenv directory to install to. It cannot be specified with the 'executable' parameter (added in 2.1). If virtualenv does not exist, it will be created before installing the package. Optional virtualenv_site_packages,virtualenv_command and virtualenv_ The python option affects the creation of virtualenv.
The command or pathname used to create the virtual environment. For example, pyvenv, virtualenv, virtualenv2, ~ / bin /virtualenv, / usr/local/bin/virtualenv.
Python executable for creating a virtual environment. For example, python 3 5,python2.7. When not specified, the python version used to run the ansible module is used. When virtualenv_command should not use this parameter when using pyvenv or - m venv modules.
Status (present, absent, latest, forceinstall), indicating whether to install or uninstall
   present: default, indicating installation
  lastest: install the latest version
   absent: indicates deletion
   forceinstall: the "forceinstall" option is only applicable to ansible version 2.1 and later.

# Install the bottle python package.
ansible test -m pip -a "name=bottle"
# Install the bottle python package in version 0.11.
ansible test -m pip -a "name=bottle version=0.11"
# Install MyApp using remote protocols (bzr +, hg +, git +, svn +). You don't have to be in extra_ The '- e' option is provided in args.
ansible test -m pip -a "name=svn+http://myrepo/svn/MyApp#egg=MyApp"
# Install MyApp using remote protocols (bzr +, hg +, git +).
ansible test -m pip -a "name=git+http://myrepo/app/MyApp"
# Install MyApp from a local package
ansible test -m pip -a "name=file:///path/to/MyApp.tar.gz"
# Install the bottle into the specified virtualenv and inherit the globally installed modules
ansible test -m pip -a "name=bottle virtualenv=/my_app/venv virtualenv_site_packages=yes"
# Install the bottle into the specified virtualenv using Python 2.7
ansible test -m pip -a "name=bottle virtualenv=/my_app/venv virtualenv_command=virtualenv-2.7"
# Install the bottle in the user's home directory.
ansible test -m pip -a "name=bottle extra_args=--user"
# Install the specified python requirements
ansible test -m pip -a "requirements=/my_app/requirements.txt"
# Install the specified python requirements in the specified virtualenv.
ansible test -m pip -a "requirements=/my_app/requirements.txt virtualenv=/my_app/venv"
# Install the specified python requirements and custom pip source URL
ansible test -m pip -a "requirements=/my_app/requirements.txt extra_args=-i"
# bottle is specially installed for Python 3.3, using the 'pip-3.3' executable.
ansible test -m pip -a "name=bottle executable=pip-3.3"
# Install the bottle. If it is already installed, force it to be reinstalled
ansible test -m pip -a "name=bottle state=forcereinstall"

user module

The user module requests three instructions: useradd, userdel and usermod
Specify the user's home directory, which needs to be used with createhome.
Specify the user's group.
Specifies the uid to use.
Specify the password of the user.
Note that when specifying the password parameter, the plaintext password cannot be used, because the following string of passwords will be directly transmitted to the / etc/shadow file of the managed host, so the password string needs to be encrypted first. Then put the obtained string into password.
Specify the user name.
Whether to create home directory yes|no.
Whether it is a system user.
When state=absent, remove=yes means to delete it together with the home directory, which is equivalent to userdel -r.
Create or delete. (present,absent)
Specifies the user's shell environment.
Whether to generate SSH key for relevant users. This will not overwrite the existing SSH key.
Optionally, specify the number of digits in the SSH key to be created.
Set the password for the SSH key. If no password is provided, the SSH key will default to no password.
Specify the SSH key file name (optional). If this is a relative file name, it will be relative to the user's home directory.
Specify the type of SSH key to generate (optional). Depends on the type of key that will be available on the target.

# Use the bash shell to add the user "test" and attach the group "Administrator" and "developer" to the user group
ansible test -m user -a "name=test shell=/bin/bash groups=admins,developers append=yes"
# Delete user 'test'
ansible test -m user -a "name=test state=absent remove=yes"
# At ~ / ssh/id_ Create a 2048 bit SSH key for user test in RSA
ansible test -m user -a "name=test generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa"

group module

The goup module requests three instructions: groupadd, groupdel and groupmod.
Specifies the gid to use.
Specify the user name.
Create or delete. (present,absent)
If yes, the created group is a system group.

#Sample group commands from Ansible Playbooks
ansible test -m group -a "name=somegroup state=present"

get_url module

This module is mainly used to download files from http, ftp and https servers (similar to wget). It mainly has the following options:
Conduct sha256 check after downloading;
Download timeout, 10s by default
Download URL
It is mainly used when the user name and password are required for authentication
The absolute path to where to download the file. If dest is a directory, the file name provided by the server is used, or if not provided, the base name of the URL on the remote server is used.
Add a custom HTTP header for the request in the format "key:value, key:value".

# Demo example of playbook
- name: Download foo.conf
    dest: /etc/foo.conf
    mode: '0440'

- name: Download file and force basic auth
    dest: /etc/foo.conf
    force_basic_auth: yes

- name: Download file with custom HTTP headers
    dest: /etc/foo.conf
      key1: one
      key2: two

- name: Download file with check (sha256)
    dest: /etc/foo.conf
    checksum: sha256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c

stat module

Obtain remote file status information, including atime, ctime, mtime, md5, uid, gid and other information

ansible test -m stat -a "path=/etc/sysctl.conf"
#Displays information about all ansible default variables
ansible test -m setup

script module

This module is used to execute sh script on the managed machine.

#A simple example of creating a directory is to create the / usr/local/src/data/log directory, as follows:
# cat 
if [ -z $1 ] || [ -z $2 ];then echo "Wrong,Please input two args" echo "Usage `basename $0` arguments arguments" exit 6
mkdir -pv /usr/local/src/$1/$2
# cat createdir.yml 
- hosts: test
  user: root
  gather_facts: True
    - name: Create Dir in client server 
    script: /etc/ansible/ data log
ansible-playbook createdir.yml

unarchive module

Used to extract files. The module contains the following options:
Whether to copy the file from the local 'master' to the remote host before decompressing the file. The default is yes. If it is no, the compressed package on the target host must exist. This option is similar to remote_src is mutually exclusive.
If the specified absolute path (file or directory) already exists, this step will not be run.
A path on the remote host, that is, the absolute path of file decompression.
keep_newer( yes | no)
Do not replace an existing file that is newer than the file in the archive.
The group of unzipped directories or files
The owner of the extracted file or directory
Setting to yes indicates that the archived file is already on the remote system, not local to the Ansible controller. This option is mutually exclusive with copy.
If yes, the files in the compressed package will be listed. The default is no, which is a new option in version 2.0
Permissions of extracted files
src (path / required)
If remote_src=no (default), it is the local path of the archive file to be copied to the target server; It can be absolute or relative.
If it is remote_src=yes, the path of the existing archive file to be decompressed on the target server.
If remote_src=yes and src contain: / /, the remote computer will first download the file from the URL. (version 2.0). In simple cases only, to fully download support, use get_url module.

#name: set foo Extract tgz into / var/lib/foo
ansible test -m unarchive -a "src=foo.tgz dest=/var/lib/foo"
#name: unzip the existing files on the remote computer
ansible test -m unarchive -a "src=/tmp/ dest=/usr/local/bin remote_src=yes"
#name: files to be downloaded for decompressing documents (added in 2.0)
ansible test -m unarchive -a "src= dest=/usr/local/bin remote_src=yes"

debug module

This module is used to output information during debugging. It is very useful for debugging variables or expressions without stopping playing this. Debugging with the 'when:' instruction is useful. The Windows target also supports this module.
Debug output messages
Pass the output of a task as a variable to the debug module, and debug will print it directly
debug level (level 0 by default, all displayed)


- hosts: test
  gather_facts: F   #Open debug
    war: "ps -ef | grep tomcat | grep -v grep | awk '{print $2}'"
    - name: stop tomcat 
      shell: nohup /bin/bash /tmp/ 
      ignore_errors: True 
      register: tomcat_out  #Define variables to store the returned results
    - name: show result #Define the task of the output result 
        var: tomcat_out 
        verbosity: 0 #In this way, not only the command results are output, but also the relevant debugging information is returned. If only the execution results are output, Tomcat is used_ out. stdout. 
    - name: back war 
      shell: cp /home/admin/taobao-tomcat-production- /tmp/
    - name: remove romate dir 
        path: /home/admin/taobao-tomcat-production- 
        state: absent
    - name: remove romate war 
        path: /home/admin/taobao-tomcat-production- 
        state: absent
    - name: copy war 
        src: /home/admin/.jenkins/jobs/NET-hangfa/workspace/aecc_purchase_portal_web/xx.war  
        dest: /home/admin/taobao-tomcat-production- 
        owner: admin 
        group: wheel 
        mode: 0644
    - name: start tomcat 
      shell: nohup sh /home/admin/taobao-tomcat-production- &
    - name: tomcatalive 
      shell: "{{war}}" 
      register: check
    - name: show 
        var: check.stdout 
        verbosity: 0 #check. The information displayed by stdout will be clearer

wait_for module

During the execution of playbook, wait for some operations to complete before subsequent operations


Timeout to wait for a connection before the next task is executed
When waiting for a port or file or connecting to the specified state, the default timeout is 300 seconds. In the waiting time of 300 seconds, wait_ The for module will always poll whether the specified object reaches the specified state. delay is how often to poll the state.
wait_ The address of the host that the for module waits for. The default is
wait_ The port of the host to which the for module is to be
Path. The next task starts only when the file exists, that is, wait for the file to be created
The waiting state, that is, when the waiting file or port or connection state reaches the specified state, the next task starts to execute. When the object of waiting is a port, the status has started and stopped, that is, the port has been monitored or the port has been closed; When the waiting object is a file, the status is present or started, except, that is, the file has been created or deleted; When the waiting object is a connection, the status is drained, that is, the connection has been established. The default is started
wait_ The timeout for waiting for. The default is 300 seconds


- hosts: test
  user: root
    - wait_for: 
        port: 8080 
        state: started #Wait for port 8080 to listen normally before starting the next task until it times out
    - wait_for: 
        port: 8000 
        delay: 10 #Wait for port 8000 to listen normally, and check every 10s until the wait times out
    - wait_for: 
        port: 8000 
        delay: 10 
        state: drained #Wait for port 8000 until a connection is established
    - wait_for: 
        port: 8000 
        state: drained 
        exclude_hosts:, #Wait until a connection is established on port 8000. If the connection comes from or, ignore it.
    - wait_for: 
        path: /tmp/foo #Wait for the / tmp/foo file to be created
    - wait_for: 
        path: /tmp/foo 
        search_regex: completed #Wait until the / tmp/foo file has been created and the file needs to contain the completed string
    - wait_for: 
        path: /var/lock/file.lock 
        state: absent #Wait for / var / lock / file Lock deleted
    - wait_for: 
        path: /proc/3466/status 
        state: absent #Wait for the specified process to be destroyed
    - local_action: 
        wait_for port: 22 
        host: "{{ ansible_ssh_host | default(inventory_hostname) }}" 
        search_regex: OpenSSH 
        delay: 10 #Wait for openssh to start and check every 10s

template module

Generate a file based on the template method and copy it to the remote host (template is a module that uses Jinjia2 format as the file template to replace variables in the document. Every time it is used, it will be marked as "changed" by ansible.)
If the original target file exists, back up the target file first. Default: no
The path to the Jinja2 format template on the ansible controller. This can be a relative or absolute path.
Render the template to a location on a remote machine.
Whether to force overwrite. The default value is yes
Target file owner
Target file group
The permission mode of the target file, which can be specified as symbol mode (for example, u + rwx or u = rw, g = r, o = r).

- name: File template to/etc/files.conf
    src: /mytemplates/foo.j2
    dest: /etc/file.conf
    owner: bin
    group: wheel
    mode: '0644'

- name: Use symbol mode (equivalent to 0644) to template the file
    src: /mytemplates/foo.j2
    dest: /etc/file.conf
    owner: bin
    group: wheel
    mode: u=rw,g=r,o=r

- name: Replication is operating system dependent named.conf edition. By executing on the original file ls -Z /etc/named.conf Acquired setype
    src: named.conf_{{ ansible_os_family }}.j2
    dest: /etc/named.conf
    group: named
    setype: named_conf_t
    mode: 0640

- name: Create from template DOS Style text file
    src: config.ini.j2
    dest: /share/windows/config.ini
    newline_sequence: '\r\n'

- name: adopt visudo After verification, the new sudoers Copy files in place
    src: /mine/sudoers
    dest: /etc/sudoers
    validate: /usr/sbin/visudo -cf %s

- name: Security update sshd Configuration to avoid locking yourself
    src: etc/ssh/sshd_config.j2
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: '0600'
    validate: /usr/sbin/sshd -t -f %s
    backup: yes

Topics: ansible