Ansible Modules 常用模块
执行命令(不经 shell 解析)
- name: List directory
command: ls -l /etc
执行 shell 命令(允许重定向、管道)
- name: Use pipe
shell: "ps aux | grep nginx"
⚠️ 最佳实践:能用专用模块就不要用 shell/command
创建目录、文件、软链接、修改权限
- name: Create directory
file:
path: /data/www
state: directory
mode: "0755"
复制文件到远程节点
- name: Copy config
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
基于 Jinja2 模板渲染文件
- name: Render template
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
替换匹配行(非常常用)
- name: Update config line
lineinfile:
path: /etc/sysctl.conf
regexp: "^net.ipv4.ip_forward"
line: "net.ipv4.ip_forward = 1"
插入多行文本
- blockinfile:
path: /etc/profile
block: |
export GOPROXY=https://proxy.golang.org
使用 rsync 同步文件(速度快)
- synchronize:
src: ./dist/
dest: /var/www/
解压文件
- unarchive:
src: app.tar.gz
dest: /opt/app/
remote_src: yes
管理用户
- user:
name: martin
shell: /bin/bash
state: present
管理用户组
- group:
name: developers
state: present
管理 SSH key
- authorized_key:
user: root
key: "{{ lookup('file', 'id_rsa.pub') }}"
控制服务(systemd)
- service:
name: nginx
state: restarted
enabled: yes
更复杂的 systemd 操作
- systemd:
name: docker
daemon_reload: yes
state: restarted
- package:
name: htop
state: present
- yum:
name: httpd
state: present
- apt:
name: nginx
update_cache: yes
- pip:
name: uvicorn
state: present
- firewalld:
port: 80/tcp
permanent: yes
state: enabled
- iptables:
chain: INPUT
protocol: tcp
destination_port: 22
jump: ACCEPT
- hostname:
name: web01
- mysql_db:
name: appdb
state: present
- mysql_user:
name: appuser
password: secret
priv: "appdb.*:ALL"
state: present
- postgresql_db:
name: mydb
state: present
- postgresql_user:
db: mydb
name: martin
password: "pwd123"
priv: ALL
- docker_container:
name: nginx
image: nginx:latest
state: started
ports:
- "80:80"
- docker_image:
name: python:3.12
source: pull
- docker_network:
name: mynet
state: present
Ansible 可直接管理 CRD、Deployment、Service 等。
- k8s:
state: present
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.25
获取资源信息
- k8s_info:
kind: Pod
namespace: default
收集系统 facts
- setup:
修改内核参数(K8s 调优常用)
- sysctl:
name: net.ipv4.ip_forward
value: 1
state: present
reload: yes
- timezone:
name: Asia/Shanghai
- git:
repo: "https://github.com/martin/app.git"
dest: /opt/app
version: main
- get_url:
url: https://example.com/app.tar.gz
dest: /tmp/app.tar.gz
mode: "0644"
发送 HTTP 请求
- uri:
url: https://httpbin.org/get
method: GET
return_content: yes
将多个文件拼接为一个
- assemble:
src: /etc/nginx/conf.d.d/
dest: /etc/nginx/nginx.conf
过滤 JSON
- debug:
msg: "{{ result | json_query('items[*].metadata.name') }}"
按条件加载任务
- include_tasks: install.yml
when: ansible_os_family == "RedHat"
编译时加载
- import_tasks: common.yml
- shell: curl http://127.0.0.1/healthz
register: result
retries: 5
delay: 3
until: result.rc == 0
- include_role:
name: nginx
- import_role:
name: mysql
- command: cat /etc/hostname
register: out
- debug:
msg: "{{ out.stdout }}"
- yum:
name: httpd
when: ansible_os_family == "RedHat"
- user:
name: "{{ item }}"
state: present
with_items:
- alice
- bob
- cron:
name: backup
minute: "0"
hour: "2"
job: "/usr/bin/backup.sh"
挂载磁盘
- mount:
path: /data
src: /dev/vdb1
fstype: ext4
state: mounted
- reboot:
msg: "Rebooting for kernel upgrade"
reboot_timeout: 600
| 需求 | 推荐模块 |
|---|---|
| 创建目录 | file |
| 上传配置文件 | template / copy |
| 修改配置文件一行 | lineinfile |
| 插入多行 | blockinfile |
| 重启服务 | service |
| 安装软件 | package / apt / yum |
| 管理用户 | user |
| 管理 Docker | docker_* 系列 |
| 管理 k8s | k8s |
| 下载 URL 文件 | get_url |
| 使用 rsync 同步 | synchronize |
| 管理系统参数 | sysctl |
| 管理定时任务 | cron |