跳转至

第四章:Ad-hoc 命令

什么是 Ad-hoc 命令?

Ad-hoc 命令是一次性的临时命令,用于快速执行简单任务,无需编写 Playbook。

基本语法

ansible [pattern] -m [module] -a "[arguments]" [options]

示例

# 测试连接
ansible all -m ping

# 执行命令
ansible all -m command -a "uptime"

# 安装软件
ansible webservers -m apt -a "name=nginx state=present"

常用选项

选项 说明
-i 指定主机清单
-m 指定模块
-a 模块参数
-b 提权(become)
-u 远程用户
-k 询问密码
-K 询问提权密码
-v 详细输出
-f 并发数
-e 设置变量

常用模块

1. ping 模块

测试主机连接:

# 测试所有主机
ansible all -m ping

# 测试指定组
ansible webservers -m ping

# 详细输出
ansible all -m ping -v

2. command 模块

执行命令(不支持管道和重定向):

# 执行命令
ansible all -m command -a "uptime"
ansible all -m command -a "df -h"
ansible all -m command -a "free -m"

# 切换目录执行
ansible all -m command -a "ls -la chdir=/tmp"

# 创建文件
ansible all -m command -a "touch /tmp/test.txt creates=/tmp/test.txt"

# 删除文件
ansible all -m command -a "rm /tmp/test.txt removes=/tmp/test.txt"

3. shell 模块

执行 Shell 命令(支持管道和重定向):

# 使用管道
ansible all -m shell -a "cat /etc/passwd | grep root"

# 使用重定向
ansible all -m shell -a "echo 'hello' > /tmp/test.txt"

# 使用环境变量
ansible all -m shell -a "export PATH=$PATH:/opt/bin && mycommand"

# 执行脚本
ansible all -m shell -a "bash /tmp/script.sh"

4. copy 模块

复制文件到远程主机:

# 复制文件
ansible all -m copy -a "src=/local/file.txt dest=/remote/file.txt"

# 复制并设置权限
ansible all -m copy -a "src=file.txt dest=/tmp/file.txt mode=0644 owner=root group=root"

# 复制并备份
ansible all -m copy -a "src=file.txt dest=/tmp/file.txt backup=yes"

# 直接写入内容
ansible all -m copy -a "content='Hello World' dest=/tmp/hello.txt"

# 验证文件
ansible all -m copy -a "src=nginx.conf dest=/etc/nginx/nginx.conf validate='nginx -t -c %s'"

5. file 模块

管理文件和目录:

# 创建目录
ansible all -m file -a "path=/tmp/mydir state=directory"

# 创建文件
ansible all -m file -a "path=/tmp/myfile state=touch"

# 删除文件/目录
ansible all -m file -a "path=/tmp/myfile state=absent"

# 设置权限
ansible all -m file -a "path=/tmp/file mode=0644 owner=root group=root"

# 创建符号链接
ansible all -m file -a "src=/path/to/file dest=/path/to/link state=link"

# 递归设置权限
ansible all -m file -a "path=/tmp/mydir mode=0755 owner=root group=root recurse=yes"

6. apt/yum 模块

管理软件包:

# apt (Ubuntu/Debian)
# 更新缓存
ansible all -m apt -a "update_cache=yes"

# 安装软件
ansible all -m apt -a "name=nginx state=present"
ansible all -m apt -a "name=nginx,git,vim state=present"

# 安装指定版本
ansible all -m apt -a "name=nginx=1.18.0 state=present"

# 卸载软件
ansible all -m apt -a "name=nginx state=absent"

# 升级所有软件
ansible all -m apt -a "upgrade=dist"

# yum (CentOS/RHEL)
ansible all -m yum -a "name=nginx state=present"
ansible all -m yum -a "name=nginx state=latest"
ansible all -m yum -a "name=nginx state=absent"

7. service/systemd 模块

管理服务:

# 启动服务
ansible all -m service -a "name=nginx state=started"

# 停止服务
ansible all -m service -a "name=nginx state=stopped"

# 重启服务
ansible all -m service -a "name=nginx state=restarted"

# 重载配置
ansible all -m service -a "name=nginx state=reloaded"

# 开机自启
ansible all -m service -a "name=nginx enabled=yes"

# systemd 模块
ansible all -m systemd -a "name=nginx state=started enabled=yes"
ansible all -m systemd -a "name=nginx daemon_reload=yes"

8. user 模块

管理用户:

# 创建用户
ansible all -m user -a "name=myuser"

# 创建用户并设置密码
ansible all -m user -a "name=myuser password={{ 'mypassword' | password_hash('sha512') }}"

# 创建用户并设置 shell
ansible all -m user -a "name=myuser shell=/bin/bash"

# 创建用户并设置家目录
ansible all -m user -a "name=myuser home=/home/myuser create_home=yes"

# 创建系统用户
ansible all -m user -a "name=myuser system=yes"

# 删除用户
ansible all -m user -a "name=myuser state=absent"

# 删除用户和家目录
ansible all -m user -a "name=myuser state=absent remove=yes"

# 添加用户到组
ansible all -m user -a "name=myuser groups=docker append=yes"

9. group 模块

管理用户组:

# 创建组
ansible all -m group -a "name=mygroup"

# 创建系统组
ansible all -m group -a "name=mygroup system=yes"

# 删除组
ansible all -m group -a "name=mygroup state=absent"

10. git 模块

管理 Git 仓库:

# 克隆仓库
ansible all -m git -a "repo=https://github.com/user/repo.git dest=/opt/repo"

# 克隆指定分支
ansible all -m git -a "repo=https://github.com/user/repo.git dest=/opt/repo version=main"

# 更新仓库
ansible all -m git -a "repo=https://github.com/user/repo.git dest=/opt/repo update=yes"

# 克隆并切换到指定版本
ansible all -m git -a "repo=https://github.com/user/repo.git dest=/opt/repo version=v1.0.0"

11. cron 模块

管理定时任务:

# 创建定时任务
ansible all -m cron -a "name='backup' job='/opt/backup.sh' minute=0 hour=2"

# 每天凌晨 2 点执行
ansible all -m cron -a "name='backup' job='/opt/backup.sh' minute=0 hour=2"

# 每小时执行
ansible all -m cron -a "name='check' job='/opt/check.sh' minute=0"

# 删除定时任务
ansible all -m cron -a "name='backup' state=absent"

# 禁用定时任务
ansible all -m cron -a "name='backup' disabled=yes"

12. lineinfile 模块

管理文件中的行:

# 确保行存在
ansible all -m lineinfile -a "path=/etc/hosts line='192.168.1.100 web1'"

# 确保行不存在
ansible all -m lineinfile -a "path=/etc/hosts line='192.168.1.100 web1' state=absent"

# 替换行
ansible all -m lineinfile -a "path=/etc/hosts regexp='^192.168.1.100' line='192.168.1.101 web1'"

# 在匹配行后插入
ansible all -m lineinfile -a "path=/etc/hosts insertafter='^127.0.0.1' line='192.168.1.100 web1'"

# 在匹配行前插入
ansible all -m lineinfile -a "path=/etc/hosts insertbefore='^127.0.0.1' line='192.168.1.100 web1'"

13. template 模块

部署 Jinja2 模板:

# 部署模板
ansible all -m template -a "src=nginx.conf.j2 dest=/etc/nginx/nginx.conf"

# 部署并验证
ansible all -m template -a "src=nginx.conf.j2 dest=/etc/nginx/nginx.conf validate='nginx -t -c %s'"

14. setup 模块

收集主机信息:

# 收集所有信息
ansible all -m setup

# 收集指定信息
ansible all -m setup -a "filter=ansible_eth0"
ansible all -m setup -a "filter=ansible_memtotal_mb"

# 收集网络信息
ansible all -m setup -a "gather_subset=network"

# 收集硬件信息
ansible all -m setup -a "gather_subset=hardware"

# 保存到文件
ansible all -m setup --tree ./facts

主机模式

选择主机

# 所有主机
ansible all -m ping

# 指定组
ansible webservers -m ping

# 指定主机
ansible web1.example.com -m ping

# 多个组
ansible webservers:dbservers -m ping

# 排除主机
ansible webservers:!web1.example.com -m ping

# 交集
ansible webservers:&production -m ping

# 通配符
ansible 'web*' -m ping
ansible '*.example.com' -m ping

# 正则表达式
ansible '~web[0-9]+' -m ping

# 索引
ansible webservers[0] -m ping
ansible webservers[0:2] -m ping

提权

# 使用 sudo
ansible all -m apt -a "name=nginx state=present" -b

# 指定提权用户
ansible all -m apt -a "name=nginx state=present" -b --become-user=root

# 询问提权密码
ansible all -m apt -a "name=nginx state=present" -b -K

实用示例

系统管理

# 查看系统信息
ansible all -m shell -a "uname -a"
ansible all -m shell -a "cat /etc/os-release"

# 查看磁盘使用
ansible all -m shell -a "df -h"

# 查看内存使用
ansible all -m shell -a "free -h"

# 查看进程
ansible all -m shell -a "ps aux | grep nginx"

# 重启服务器
ansible all -m command -a "reboot" -b

文件管理

# 批量创建目录
ansible all -m file -a "path=/opt/myapp state=directory mode=0755"

# 批量分发配置文件
ansible all -m copy -a "src=app.conf dest=/etc/app/app.conf"

# 批量修改文件权限
ansible all -m file -a "path=/opt/myapp mode=0755 recurse=yes"

# 批量清理日志
ansible all -m shell -a "find /var/log -name '*.log' -mtime +7 -delete"

软件管理

# 批量更新软件
ansible all -m apt -a "update_cache=yes upgrade=dist" -b

# 批量安装软件
ansible all -m apt -a "name=vim,git,htop state=present" -b

# 批量卸载软件
ansible all -m apt -a "name=apache2 state=absent" -b

服务管理

# 批量重启服务
ansible webservers -m service -a "name=nginx state=restarted" -b

# 批量启动服务
ansible all -m service -a "name=docker state=started enabled=yes" -b

# 检查服务状态
ansible all -m shell -a "systemctl status nginx"

小结

本章学习了:

  • ✅ Ad-hoc 命令语法
  • ✅ 常用模块使用
  • ✅ 主机模式选择
  • ✅ 提权配置
  • ✅ 实用示例

下一章

第五章:Playbook 剧本 - 学习编写自动化剧本。