Ad-Hoc应用场景和实例

---

layout: post
title: Ad-Hoc应用场景和实例
date: 2018-01-13
tags: [“Ansible”,”自动化运维工具”]

---

 

一、Ansible的配置

1、ansible的主配置文件配置

我们主控机的ip：172.18.0.253

1、我们先修改几出配置文件
vim /etc/ansible/ansible.cfg
host_key_checking = False    #取消这一项的注释

2、ansible的INVENTORY配置

[root@ansible /]# vim /etc/ansible/hosts 
添加如下配置
[webserver]
172.18.30.[1:2]
[loadbalance]
172.18.30.2
[mysql]
172.18.30.3
[middle]
172.18.30.4

我们配置了4项主机组

二、Ad-Hoc演练

注意一点，主控机需要事先将pub-key传送到受控机，否则每次操作都会提示输入密码，相当繁琐

1）ping模块，测试检测主机的存活（改 模块虽然叫ping，但是其并不依赖icmp协议，当受控机器设置了忽略icmp时，不会影响这个操作）

@172.18.30.253
[root@ansible /]# cat /etc/ansible/hosts ' grep '^\['  #获取主机组标签
[webserver]
[loadbalance]
[mysql]
[middle]
 
[root@ansible /]# ansible "webserver" -m ping 
172.18.30.1 ' SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
172.18.30.2 ' SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
 
现在我们将172.18.30.2这台主机的网络服务关闭，再执行 ansible "webserver" -m ping
 
@172.18.30.2
[root@localhost ~]# systemctl stop network
 
@172.18.30.253
[root@ansible /]# ansible "webserver" -m ping 
172.18.30.1 ' SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
172.18.30.2 ' UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: ssh: connect to host 172.18.30.2 port 22: Connection timed out\r\n", 
    "unreachable": true
}
 

  2）command模块，在受控机器只想能够shell命令，但不支持远端的管道、变量引用等操作

[root@ansible /]# ansible "*" -m command -a 'ls /app '  #查看所有机器下/app 目录的内容
172.18.30.4 ' SUCCESS ' rc=0 >>
 
172.18.30.2 ' SUCCESS ' rc=0 >>
f1.sh
 
172.18.30.1 ' SUCCESS ' rc=0 >>
f1.sh
 
172.18.30.3 ' SUCCESS ' rc=0 >>
 
[root@ansible /]# ansible "~172.18.30.[12]" -a 'cat /app/f1.sh'  #查看172.18.30.1和2机器上/app/f1.sh的内容 ，"~"表示使用正则表达式
172.18.30.2 ' SUCCESS ' rc=0 >>
uname -r
hostname
 
172.18.30.1 ' SUCCESS ' rc=0 >>
uname -r
hostname
 
[root@ansible /]# ansible "~172.18.30.[12]" -a 'rm -rf /app/f1.sh'         #删除172.18.30.1和2机器上的/app/f1.sh
 [WARNING]: Consider using file module with state=absent rather than running rm  
这里有个提示，让我们使用absent来代替rm，后面我们会演示，这里虽然提示了，但是命令执行是成功的。
 
172.18.30.2 ' SUCCESS ' rc=0 >>
 
172.18.30.1 ' SUCCESS ' rc=0 >>
 

3）shell模块（过于复杂的命令有时也会执行失败，建议写到脚本内，然后copy到受控机，然后远程后自行脚本）

[root@ansible /]# ansible "~172.18.30.*" -m shell -a 'echo $HOSTNAME'    #查看172.18.30.段下所有机器的主机名，注意，执行的命令引用了变量，必须用单引号引起来，否则改变量引用的是本地的变量，而不是远端的。
172.18.30.1 ' SUCCESS ' rc=0 >>
localhost.localdomain
 
172.18.30.2 ' SUCCESS ' rc=0 >>
localhost.localdomain
 
172.18.30.3 ' SUCCESS ' rc=0 >>
localhost.localdomain
 
172.18.30.4 ' SUCCESS ' rc=0 >>
localhost.localdomain

4）script 模块（在远端执行本地脚本）

@172.18.30.253
[root@ansible shell]# cat scanip.sh 
> /app/ip_up.log
> /app/ip_down.log
#$1是netmask为255.255.255.0的网段
net=$1
for i in {1..254};
do
        { if ping -c1 -W1 $net.$i &>/dev/null;then
                echo $net.$i is up >> ./ip_up.log
        else
                echo $net.$i is down >> ./ip_down.log
        fi
        } &
done
wait   #退出
 
我们准备执行这个脚本文件
 
[root@ansible shell]# ansible-doc -s script   #获取script的选项
- name: Runs a local script on a remote node after transferring it
  script:
      chdir:                 # cd into this directory on the remote node before
                               running the
                               script
      creates:               # a filename, when it already exists, this step
                               will *not* be
                               run.
      decrypt:               # This option controls the autodecryption of
                               source files
                               using vault.
      free_form:             # (required) Path to the local script file
                               followed by
                               optional
                               arguments. There
                               is no parameter
                               actually named
                               'free form'; see
                               the examples!
      removes:               # a filename, when it does not exist, this step
                               will *not* be
                               run.
 
我们需要用到 chdir选项，否则脚本的log文件会不知道存放在哪里
[root@ansible shell]# ansible '*' -m script -a 'chdir=/app /root/zsfile/shell/scanip.sh 172.18.30'
172.18.30.4 ' SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 172.18.30.4 closed.\r\n", 
    "stdout": "", 
    "stdout_lines": []
}
172.18.30.2 ' SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 172.18.30.2 closed.\r\n", 
    "stdout": "", 
    "stdout_lines": []
}
172.18.30.1 ' SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 172.18.30.1 closed.\r\n", 
    "stdout": "", 
    "stdout_lines": []
}
172.18.30.3 ' SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 172.18.30.3 closed.\r\n", 
    "stdout": "", 
    "stdout_lines": []
}
 
@172.18.30.1
[root@localhost app]# cat /app/ip_up.log 
172.18.30.1 is up
172.18.30.2 is up
172.18.30.3 is up
172.18.30.4 is up
172.18.30.253 is up
172.18.30.254 is up
 
脚本已经在目标机器成功执行了

不管什么模块的子参数都可以通过ansible-doc 模块来查看

5）Copy模块，拷贝本地的文件到受控主机

@172.18.30.253
[root@ansible app]# ansible-doc -s copy
- name: Copies files to remote locations
  copy:
      attributes:            # Attributes the file or directory should have. To get supported flags look at the man page for `chattr' on the
                               target system. This string should contain the attributes in the same order as
                               the one displayed by `lsattr'.
      backup:                # Create a backup file including the timestamp information so you can get the original file back if you somehow
                               clobbered it incorrectly.
      content:               # When used instead of `src', sets the contents of a file directly to the specified value. For anything
                               advanced or with formatting also look at the template module.
      decrypt:               # This option controls the autodecryption of source files using vault.
      dest:                  # (required) Remote absolute path where the file should be copied to. If `src' is a directory, this must be a
                               directory too. If `dest' is a nonexistent path and if either `dest' ends with
                               "/" or `src' is a directory, `dest' is created. If `src' and `dest' are files,
                               the parent directory of `dest' isn't created: the task fails if it doesn't
                               already exist.
      directory_mode:        # When doing a recursive copy set the mode for the directories. If this is not set we will use the system
                               defaults. The mode is only set on directories which are newly created, and
                               will not affect those that already existed.
      follow:                # This flag indicates that filesystem links in the destination, if they exist, should be followed.
      force:                 # the default is `yes', which will replace the remote file when contents are different than the source. If
                               `no', the file will only be transferred if the destination does not exist.
      group:                 # Name of the group that should own the file/directory, as would be fed to `chown'.
      local_follow:          # This flag indicates that filesystem links in the source tree, if they exist, should be followed.
      mode:                  # Mode the file or directory should be. For those used to `/usr/bin/chmod' remember that modes are actually
                               octal numbers (like 0644). Leaving off the leading zero will likely have
                               unexpected results. As of version 1.8, the mode may be specified as a symbolic
                               mode (for example, `u+rwx' or `u=rw,g=r,o=r').
      owner:                 # Name of the user that should own the file/directory, as would be fed to `chown'.
      remote_src:            # If `no', it will search for `src' at originating/master machine. If `yes' it will go to the remote/target
                               machine for the `src'. Default is `no'. Currently `remote_src' does not
                               support recursive copying.
      selevel:               # Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the `range'.
                               `_default' feature works as for `seuser'.
      serole:                # Role part of SELinux file context, `_default' feature works as for `seuser'.
      setype:                # Type part of SELinux file context, `_default' feature works as for `seuser'.
      seuser:                # User part of SELinux file context. Will default to system policy, if applicable. If set to `_default', it
                               will use the `user' portion of the policy if available.
      src:                   # Local path to a file to copy to the remote server; can be absolute or relative. If path is a directory, it is
                               copied recursively. In this case, if path ends with "/", only inside contents
                               of that directory are copied to destination. Otherwise, if it does not end
                               with "/", the directory itself with all contents is copied. This behavior is
                               similar to Rsync.
      unsafe_writes:         # Normally this module uses atomic operations to prevent data corruption or inconsistent reads from the target
                               files, sometimes systems are configured or just broken in ways that prevent
                               this. One example are docker mounted files, they cannot be updated atomically
                               and can only be done in an unsafe manner. This boolean option allows ansible
                               to fall back to unsafe methods of updating files for those cases in which you
                               do not have any other choice. Be aware that this is subject to race conditions
                               and can lead to data corruption.
      validate:              # The validation command to run before copying into place. The path to the file to validate is passed in via
                               '%s' which must be present as in the example below. The command is passed
                               securely so shell features like expansion and pipes won't work.
 
模块的用法：主要的参数 src dest 分别代表原目录和目标目录，其中还可以使用mode指定权限，owner指定所有者，group所属组
 
[root@ansible app]# ansible 'webserver' -m copy -a 'remote_src=yes src=/app/fist.des3 dest=/app/fist.des3 mode=600 owner=root group=root'    
172.18.30.1 ' FAILED! => {
    "changed": false, 
    "msg": "Source /app/fist.des3 not found"
}
172.18.30.2 ' FAILED! => {
    "changed": false, 
    "msg": "Source /app/fist.des3 not found"
}
 
这次执行失败是因为"remote_src=yes "这个选项， 因为在受控机器并没有fist.des3这个文件
 
[root@ansible app]# ansible 'webserver' -m copy -a 'src=/app/fist.des3 dest=/app/fist.des3 mode=600 owner=root group=root'               
172.18.30.2 ' SUCCESS => {
    "changed": true, 
    "checksum": "e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e", 
    "dest": "/app/fist.des3", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "b026324c6904b2a9cb4b88d6d61c81d1", 
    "mode": "0600", 
    "owner": "root", 
    "size": 2, 
    "src": "/root/.ansible/tmp/ansible-tmp-1515830878.84-276590900255815/source", 
    "state": "file", 
    "uid": 0
}
172.18.30.1 ' SUCCESS => {
    "changed": true, 
    "checksum": "e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e", 
    "dest": "/app/fist.des3", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "b026324c6904b2a9cb4b88d6d61c81d1", 
    "mode": "0600", 
    "owner": "root", 
    "size": 2, 
    "src": "/root/.ansible/tmp/ansible-tmp-1515830878.81-263414101661294/source", 
    "state": "file", 
    "uid": 0
}
 
@172.18.30.1
[root@localhost app]# ll /app
总用量 16
-rw------- 1 root root    2 1月  13 16:07 fist.des3   #权限已经改变了
-rw-r--r-- 1 root root 5356 1月  13 15:36 ip_down.log
-rw------- 1 root root  112 1月  13 15:36 ip_up.log

6）Cron 计划任务

支持时间：minute，hour，day，month，weekday

@172.18.30.253
[root@ansible app]# ansible-doc -s cron
- name: Manage cron.d and crontab entries.
  cron:
      backup:                # If set, create a backup of the crontab before it is modified. The location of the backup is returned in the
                               `backup_file' variable by this module.
      cron_file:             # If specified, uses this file instead of an individual user's crontab. If this is a relative path, it is
                               interpreted with respect to /etc/cron.d. (If it is absolute, it will typically
                               be /etc/crontab). Many linux distros expect (and some require) the filename
                               portion to consist solely of upper- and lower-case letters, digits,
                               underscores, and hyphens. To use the `cron_file' parameter you must specify
                               the `user' as well.
      day:                   # Day of the month the job should run ( 1-31, *, */2, etc )
      disabled:              # If the job should be disabled (commented out) in the crontab. Only has effect if state=present
      env:                   # If set, manages a crontab's environment variable. New variables are added on top of crontab. "name" and
                               "value" parameters are the name and the value of environment variable.
      hour:                  # Hour when the job should run ( 0-23, *, */2, etc )
      insertafter:           # Used with `state=present' and `env'. If specified, the environment variable will be inserted after the
                               declaration of specified environment variable.
      insertbefore:          # Used with `state=present' and `env'. If specified, the environment variable will be inserted before the
                               declaration of specified environment variable.
      job:                   # The command to execute or, if env is set, the value of environment variable. The command should not contain
                               line breaks. Required if state=present.
      minute:                # Minute when the job should run ( 0-59, *, */2, etc )
      month:                 # Month of the year the job should run ( 1-12, *, */2, etc )
      name:                  # Description of a crontab entry or, if env is set, the name of environment variable. Required if state=absent.
                               Note that if name is not set and state=present, then a new crontab entry will
                               always be created, regardless of existing ones.
      reboot:                # If the job should be run at reboot. This option is deprecated. Users should use special_time.
      special_time:          # Special time specification nickname.
      state:                 # Whether to ensure the job or environment variable is present or absent.
      user:                  # The specific user whose crontab should be modified.
      weekday:               # Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc )
 
}
 
添加定时任务
[root@ansible app]# ansible '*' -m cron -a 'state=present user=root name=test minute=10 job="wall ok"'
172.18.30.3 ' SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "test"
    ]
}
172.18.30.1 ' SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "test"
    ]
}
172.18.30.4 ' SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "test"
    ]
}
172.18.30.2 ' SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "test"
    ]
}
 
@172.18.30.1
[root@localhost app]# crontab -e
#Ansible: test
10 * * * * wall ok
 
@172.18.30.253
取消刚才的定时任务
[root@ansible app]# ansible '*' -m cron -a 'state=absent user=root name=test minute=10 job="wall ok"'        
172.18.30.3 ' SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": []
}
172.18.30.2 ' SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": []
}
172.18.30.1 ' SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": []
}
172.18.30.4 ' SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": []
}
 
@172.18.30.1
[root@localhost app]# crontab -e
已经没有定时任务

7）Fetch模块，将远程主机的指定文件复制到管理机的指定目录，与copy模块相反

[root@ansible app]# ansible '*' -m fetch -a 'dest=/app src=/app/ip_down.log'
172.18.30.4 ' SUCCESS => {
    "changed": true, 
    "checksum": "761cb53a1208b1e6a7004108a597e02082f3b630", 
    "dest": "/app/172.18.30.4/app/ip_down.log", 
    "md5sum": "3b1576b36d72897ecaf798faa7129635", 
    "remote_checksum": "761cb53a1208b1e6a7004108a597e02082f3b630", 
    "remote_md5sum": null
}
172.18.30.3 ' SUCCESS => {
    "changed": true, 
    "checksum": "8c946be6ff9777014f992cf77417231626adaca9", 
    "dest": "/app/172.18.30.3/app/ip_down.log", 
    "md5sum": "784d01045ed8fdbdd4ba59e092244573", 
    "remote_checksum": "8c946be6ff9777014f992cf77417231626adaca9", 
    "remote_md5sum": null
}
172.18.30.1 ' SUCCESS => {
    "changed": true, 
    "checksum": "2302bde1cb0aa030da62961348835d2eaaaff6ff", 
    "dest": "/app/172.18.30.1/app/ip_down.log", 
    "md5sum": "0ed208a07074c8db42749007360b3779", 
    "remote_checksum": "2302bde1cb0aa030da62961348835d2eaaaff6ff", 
    "remote_md5sum": null
}
172.18.30.2 ' SUCCESS => {
    "changed": true, 
    "checksum": "11515e50e0ab4dbe4d6783c6da35b7a1a798a5bb", 
    "dest": "/app/172.18.30.2/app/ip_down.log", 
    "md5sum": "58362c368725e2f4d85d85d8fa4118e5", 
    "remote_checksum": "11515e50e0ab4dbe4d6783c6da35b7a1a798a5bb", 
    "remote_md5sum": null
}
 
将远程主机的ip_down.log文件拷贝到本地的/app目录下
 
[root@ansible app]# tree /app
/app
├── 172.18.30.1
│   └── app
│       └── ip_down.log
├── 172.18.30.2
│   └── app
│       └── ip_down.log
├── 172.18.30.3
│   └── app
│       └── ip_down.log
├── 172.18.30.4
│   └── app
│       └── ip_down.log
├── fist.des3
├── fist_encrypt
├── ip_down.log
├── ip_up.log
├── new_file
├── private_key
├── private_key.tmp
├── pub_key
└── pub_key.tmp
 
8 directories, 13 files
 
完成之后，会按照主机的IP进行命名目录

8）File设置文件属性

@172.18.30.253
[root@ansible app]# ansible-doc -s file
- name: Sets attributes of files
  file:
      attributes:            # Attributes the file or directory should have. To get supported flags look at the man page for `chattr' on the
                               target system. This string should contain the attributes in the same order as
                               the one displayed by `lsattr'.
      follow:                # This flag indicates that filesystem links, if they exist, should be followed.
      force:                 # force the creation of the symlinks in two cases: the source file does not exist (but will appear later); the
                               destination exists and is a file (so, we need to unlink the "path" file and
                               create symlink to the "src" file in place of it).
      group:                 # Name of the group that should own the file/directory, as would be fed to `chown'.
      mode:                  # Mode the file or directory should be. For those used to `/usr/bin/chmod' remember that modes are actually
                               octal numbers (like 0644). Leaving off the leading zero will likely have
                               unexpected results. As of version 1.8, the mode may be specified as a symbolic
                               mode (for example, `u+rwx' or `u=rw,g=r,o=r').
      owner:                 # Name of the user that should own the file/directory, as would be fed to `chown'.
      path:                  # (required) path to the file being managed.  Aliases: `dest', `name'
      recurse:               # recursively set the specified file attributes (applies only to state=directory)
      selevel:               # Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the `range'.
                               `_default' feature works as for `seuser'.
      serole:                # Role part of SELinux file context, `_default' feature works as for `seuser'.
      setype:                # Type part of SELinux file context, `_default' feature works as for `seuser'.
      seuser:                # User part of SELinux file context. Will default to system policy, if applicable. If set to `_default', it
                               will use the `user' portion of the policy if available.
      src:                   # path of the file to link to (applies only to `state=link'). Will accept absolute, relative and nonexisting
                               paths. Relative paths are not expanded.
      state:                 # If `directory', all immediate subdirectories will be created if they do not exist, since 1.7 they will be
                               created with the supplied permissions. If `file', the file will NOT be created
                               if it does not exist, see the [copy] or [template] module if you want that
                               behavior.  If `link', the symbolic link will be created or changed. Use `hard'
                               for hardlinks. If `absent', directories will be recursively deleted, and files
                               or symlinks will be unlinked. Note that `absent' will not cause `file' to fail
                               if the `path' does not exist as the state did not change. If `touch' (new in
                               1.4), an empty file will be created if the `path' does not exist, while an
                               existing file or directory will receive updated file access and modification
                               times (similar to the way `touch` works from the command line).
      unsafe_writes:         # Normally this module uses atomic operations to prevent data corruption or inconsistent reads from the target
                               files, sometimes systems are configured or just broken in ways that prevent
                               this. One example are docker mounted files, they cannot be updated atomically
                               and can only be done in an unsafe manner. This boolean option allows ansible
                               to fall back to unsafe methods of updating files for those cases in which you
                               do not have any other choice. Be aware that this is subject to race conditions
                               and can lead to data corruption.
 
几个重要的属性
group        设置属组
mode         设置权限
owner        社会资所有人
path         设置文件路径
recurse      设置是否使用递归，只有在目标是目录时才可以使用
src          创建软连接时使用
state        状态   directory file link hard absent touch path 这几种，用法参考模块文档
 
[root@ansible /]# ansible '*' -m file -a 'state=file path=/app/ip_up.log mode=0600 '     
172.18.30.4 ' SUCCESS => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0600", 
    "owner": "root", 
    "path": "/app/ip_up.log", 
    "size": 112, 
    "state": "file", 
    "uid": 0
}
172.18.30.1 ' SUCCESS => {
    "changed": false, 
    "gid": 0, 
    "group": "root", 
    "mode": "0600", 
    "owner": "root", 
    "path": "/app/ip_up.log", 
    "size": 112, 
    "state": "file", 
    "uid": 0
}
172.18.30.2 ' SUCCESS => {
    "changed": false, 
    "gid": 0, 
    "group": "root", 
    "mode": "0600", 
    "owner": "root", 
    "path": "/app/ip_up.log", 
    "size": 112, 
    "state": "file", 
    "uid": 0
}
172.18.30.3 ' SUCCESS => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0600", 
    "owner": "root", 
    "path": "/app/ip_up.log", 
    "size": 112, 
    "state": "file", 
    "uid": 0
}
 
下面设置软连接
[root@ansible /]# ansible 'mysql' -m file -a 'state=link src=/app/ip_up.log dest=/app/log.log'
172.18.30.3 ' SUCCESS => {
    "changed": true, 
    "dest": "/app/log.log", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "size": 14, 
    "src": "/app/ip_up.log", 
    "state": "link", 
    "uid": 0
}
@172.18.30.3
 
[root@localhost ~]# cd /app
[root@localhost app]# ll
总用量 12
-rw-r--r-- 1 root root 5356 1月  13 21:10 ip_down.log
-rw------- 1 root root  112 1月  13 21:10 ip_up.log
lrwxrwxrwx 1 root root   14 1月  13 23:54 log.log -> /app/ip_up.log
 
下面递归设置目录权限
 
[root@ansible /]# ansible 'mysql' -m file -a 'state=directory mode=440 recurse=yes path=/app'
172.18.30.3 ' SUCCESS => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0440", 
    "owner": "root", 
    "path": "/app", 
    "size": 57, 
    "state": "directory", 
    "uid": 0
}
 
@172.18.30.3
[root@localhost app]# ll
总用量 12
-r--r----- 1 root root 5356 1月  13 21:10 ip_down.log
-r--r----- 1 root root  112 1月  13 21:10 ip_up.log
lrwxrwxrwx 1 root root   14 1月  13 23:54 log.log -> /app/ip_up.log
[root@localhost app]# cd ..
[root@localhost /]# ll ' grep app
dr--r-----.   2 root root   57 1月  13 23:54 app
 
可以看出/app 的目录权限已经更改了，但是默认软连接的权限不会更改

9）hostname

[root@ansible /]# ansible 'mysql' -m hostname -a 'name=mysql.joker.com'    
172.18.30.3 ' SUCCESS => {
    "ansible_facts": {
        "ansible_domain": "joker.com", 
        "ansible_fqdn": "mysql.joker.com", 
        "ansible_hostname": "mysql", 
        "ansible_nodename": "mysql.joker.com"
    }, 
    "changed": false, 
    "name": "mysql.joker.com"
}
 
修改主机名

10）Yum包管理

安装httpd
[root@ansible /]# ansible 'webserver' -m yum -a 'state=present name=httpd'
172.18.30.2 ' SUCCESS => {
    "changed": false, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "httpd-2.4.6-67.el7.centos.6.x86_64 providing httpd is already installed"
    ]
}
172.18.30.1 ' SUCCESS => {
    "changed": false, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "httpd-2.4.6-67.el7.centos.6.x86_64 providing httpd is already installed"
    ]
}
 
卸载httpd
[root@ansible /]# ansible 'webserver' -m yum -a 'state=absent name=httpd' 
172.18.30.1 ' SUCCESS => {
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "已加载插件：fastestmirror\n正在解决依赖关系\n--> 正在检查事务\n---> 软件包 httpd.x86_64.0.2.4.6-67.el7.centos.6 将被 删除\n--> 解决依赖关系完成\n\n依赖关系解决\n\n================================================================================\n Package      架构          版本                          源               大小\n================================================================================\n正在删除:\n httpd        x86_64        2.4.6-67.el7.centos.6         @updates        9.4 M\n\n事务概要\n================================================================================\n移除  1 软件包\n\n安装大小：9.4 M\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n  正在删除    : httpd-2.4.6-67.el7.centos.6.x86_64                          1/1 \n  验证中      : httpd-2.4.6-67.el7.centos.6.x86_64                          1/1 \n\n删除:\n  httpd.x86_64 0:2.4.6-67.el7.centos.6                                          \n\n完毕！\n"
    ]
}
172.18.30.2 ' SUCCESS => {
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "已加载插件：fastestmirror\n正在解决依赖关系\n--> 正在检查事务\n---> 软件包 httpd.x86_64.0.2.4.6-67.el7.centos.6 将被 删除\n--> 解决依赖关系完成\n\n依赖关系解决\n\n================================================================================\n Package      架构          版本                          源               大小\n================================================================================\n正在删除:\n httpd        x86_64        2.4.6-67.el7.centos.6         @updates        9.4 M\n\n事务概要\n================================================================================\n移除  1 软件包\n\n安装大小：9.4 M\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n  正在删除    : httpd-2.4.6-67.el7.centos.6.x86_64                          1/1 \n  验证中      : httpd-2.4.6-67.el7.centos.6.x86_64                          1/1 \n\n删除:\n  httpd.x86_64 0:2.4.6-67.el7.centos.6                                          \n\n完毕！\n"
    ]
}
 
以上结果的乱码有yum导致的，可以通过sed命令来做操作

11）Service管理服务

停止服务
[root@ansible /]# ansible 'webserver' -m service -a 'state=stopped name=crond'
172.18.30.2 ' SUCCESS => {
    "changed": true, 
    "name": "crond", 
    "state": "stopped", 
    "status": {
        "ActiveEnterTimestamp": "六 2018-01-13 20:36:07 CST", 
        "ActiveEnterTimestampMonotonic": "4116254", 
        "ActiveExitTimestampMonotonic": "0", 
        "ActiveState": "active", 
        "After": "system.slice systemd-journald.socket basic.target auditd.service systemd-user-sessions.service time-sync.target", 
        "AllowIsolate": "no", 
        "AmbientCapabilities": "0", 
        "AssertResult": "yes", 
        "AssertTimestamp": "六 2018-01-13 20:36:07 CST", 
        "AssertTimestampMonotonic": "4109479", 
        "Before": "multi-user.target shutdown.target", 
        "BlockIOAccounting": "no", 
        "BlockIOWeight": "18446744073709551615", 
        "CPUAccounting": "no", 
        "CPUQuotaPerSecUSec": "infinity", 
        "CPUSchedulingPolicy": "0", 
        "CPUSchedulingPriority": "0", 
        "CPUSchedulingResetOnFork": "no", 
        "CPUShares": "18446744073709551615", 
        "CanIsolate": "no", 
        "CanReload": "yes", 
        "CanStart": "yes", 
        "CanStop": "yes", 
        "CapabilityBoundingSet": "18446744073709551615", 
        "ConditionResult": "yes", 
        "ConditionTimestamp": "六 2018-01-13 20:36:07 CST", 
        "ConditionTimestampMonotonic": "4109479", 
        "Conflicts": "shutdown.target", 
        "ControlGroup": "/system.slice/crond.service", 
        "ControlPID": "0", 
        "DefaultDependencies": "yes", 
        "Delegate": "no", 
        "Description": "Command Scheduler", 
        "DevicePolicy": "auto", 
        "EnvironmentFile": "/etc/sysconfig/crond (ignore_errors=no)", 
        "ExecMainCode": "0", 
        "ExecMainExitTimestampMonotonic": "0", 
        "ExecMainPID": "698", 
        "ExecMainStartTimestamp": "六 2018-01-13 20:36:07 CST", 
        "ExecMainStartTimestampMonotonic": "4116176", 
        "ExecMainStatus": "0", 
        "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", 
        "ExecStart": "{ path=/usr/sbin/crond ; argv[]=/usr/sbin/crond -n $CRONDARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", 
        "FailureAction": "none", 
        "FileDescriptorStoreMax": "0", 
        "FragmentPath": "/usr/lib/systemd/system/crond.service", 
        "GuessMainPID": "yes", 
        "IOScheduling": "0", 
        "Id": "crond.service", 
        "IgnoreOnIsolate": "no", 
        "IgnoreOnSnapshot": "no", 
        "IgnoreSIGPIPE": "yes", 
        "InactiveEnterTimestampMonotonic": "0", 
        "InactiveExitTimestamp": "六 2018-01-13 20:36:07 CST", 
        "InactiveExitTimestampMonotonic": "4116254", 
        "JobTimeoutAction": "none", 
        "JobTimeoutUSec": "0", 
        "KillMode": "process", 
        "KillSignal": "15", 
        "LimitAS": "18446744073709551615", 
        "LimitCORE": "18446744073709551615", 
        "LimitCPU": "18446744073709551615", 
        "LimitDATA": "18446744073709551615", 
        "LimitFSIZE": "18446744073709551615", 
        "LimitLOCKS": "18446744073709551615", 
        "LimitMEMLOCK": "65536", 
        "LimitMSGQUEUE": "819200", 
        "LimitNICE": "0", 
        "LimitNOFILE": "4096", 
        "LimitNPROC": "1802", 
        "LimitRSS": "18446744073709551615", 
        "LimitRTPRIO": "0", 
        "LimitRTTIME": "18446744073709551615", 
        "LimitSIGPENDING": "1802", 
        "LimitSTACK": "18446744073709551615", 
        "LoadState": "loaded", 
        "MainPID": "698", 
        "MemoryAccounting": "no", 
        "MemoryCurrent": "18446744073709551615", 
        "MemoryLimit": "18446744073709551615", 
        "MountFlags": "0", 
        "Names": "crond.service", 
        "NeedDaemonReload": "no", 
        "Nice": "0", 
        "NoNewPrivileges": "no", 
        "NonBlocking": "no", 
        "NotifyAccess": "none", 
        "OOMScoreAdjust": "0", 
        "OnFailureJobMode": "replace", 
        "PermissionsStartOnly": "no", 
        "PrivateDevices": "no", 
        "PrivateNetwork": "no", 
        "PrivateTmp": "no", 
        "ProtectHome": "no", 
        "ProtectSystem": "no", 
        "RefuseManualStart": "no", 
        "RefuseManualStop": "no", 
        "RemainAfterExit": "no", 
        "Requires": "basic.target", 
        "Restart": "no", 
        "RestartUSec": "100ms", 
        "Result": "success", 
        "RootDirectoryStartOnly": "no", 
        "RuntimeDirectoryMode": "0755", 
        "SameProcessGroup": "no", 
        "SecureBits": "0", 
        "SendSIGHUP": "no", 
        "SendSIGKILL": "yes", 
        "Slice": "system.slice", 
        "StandardError": "inherit", 
        "StandardInput": "null", 
        "StandardOutput": "journal", 
        "StartLimitAction": "none", 
        "StartLimitBurst": "5", 
        "StartLimitInterval": "10000000", 
        "StartupBlockIOWeight": "18446744073709551615", 
        "StartupCPUShares": "18446744073709551615", 
        "StatusErrno": "0", 
        "StopWhenUnneeded": "no", 
        "SubState": "running", 
        "SyslogLevelPrefix": "yes", 
        "SyslogPriority": "30", 
        "SystemCallErrorNumber": "0", 
        "TTYReset": "no", 
        "TTYVHangup": "no", 
        "TTYVTDisallocate": "no", 
        "TasksAccounting": "no", 
        "TasksCurrent": "18446744073709551615", 
        "TasksMax": "18446744073709551615", 
        "TimeoutStartUSec": "1min 30s", 
        "TimeoutStopUSec": "1min 30s", 
        "TimerSlackNSec": "50000", 
        "Transient": "no", 
        "Type": "simple", 
        "UMask": "0022", 
        "UnitFilePreset": "enabled", 
        "UnitFileState": "enabled", 
        "WantedBy": "multi-user.target", 
        "Wants": "system.slice", 
        "WatchdogTimestamp": "六 2018-01-13 20:36:07 CST", 
        "WatchdogTimestampMonotonic": "4116237", 
        "WatchdogUSec": "0"
    }
}
172.18.30.1 ' SUCCESS => {
    "changed": true, 
    "name": "crond", 
    "state": "stopped", 
    "status": {
        "ActiveEnterTimestamp": "五 2018-01-12 09:18:48 CST", 
        "ActiveEnterTimestampMonotonic": "3696327", 
        "ActiveExitTimestampMonotonic": "0", 
        "ActiveState": "active", 
        "After": "auditd.service systemd-user-sessions.service system.slice time-sync.target systemd-journald.socket basic.target", 
        "AllowIsolate": "no", 
        "AmbientCapabilities": "0", 
        "AssertResult": "yes", 
        "AssertTimestamp": "五 2018-01-12 09:18:48 CST", 
        "AssertTimestampMonotonic": "3696000", 
        "Before": "shutdown.target multi-user.target", 
        "BlockIOAccounting": "no", 
        "BlockIOWeight": "18446744073709551615", 
        "CPUAccounting": "no", 
        "CPUQuotaPerSecUSec": "infinity", 
        "CPUSchedulingPolicy": "0", 
        "CPUSchedulingPriority": "0", 
        "CPUSchedulingResetOnFork": "no", 
        "CPUShares": "18446744073709551615", 
        "CanIsolate": "no", 
        "CanReload": "yes", 
        "CanStart": "yes", 
        "CanStop": "yes", 
        "CapabilityBoundingSet": "18446744073709551615", 
        "ConditionResult": "yes", 
        "ConditionTimestamp": "五 2018-01-12 09:18:48 CST", 
        "ConditionTimestampMonotonic": "3696000", 
        "Conflicts": "shutdown.target", 
        "ControlGroup": "/system.slice/crond.service", 
        "ControlPID": "0", 
        "DefaultDependencies": "yes", 
        "Delegate": "no", 
        "Description": "Command Scheduler", 
        "DevicePolicy": "auto", 
        "EnvironmentFile": "/etc/sysconfig/crond (ignore_errors=no)", 
        "ExecMainCode": "0", 
        "ExecMainExitTimestampMonotonic": "0", 
        "ExecMainPID": "700", 
        "ExecMainStartTimestamp": "五 2018-01-12 09:18:48 CST", 
        "ExecMainStartTimestampMonotonic": "3696282", 
        "ExecMainStatus": "0", 
        "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", 
        "ExecStart": "{ path=/usr/sbin/crond ; argv[]=/usr/sbin/crond -n $CRONDARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", 
        "FailureAction": "none", 
        "FileDescriptorStoreMax": "0", 
        "FragmentPath": "/usr/lib/systemd/system/crond.service", 
        "GuessMainPID": "yes", 
        "IOScheduling": "0", 
        "Id": "crond.service", 
        "IgnoreOnIsolate": "no", 
        "IgnoreOnSnapshot": "no", 
        "IgnoreSIGPIPE": "yes", 
        "InactiveEnterTimestampMonotonic": "0", 
        "InactiveExitTimestamp": "五 2018-01-12 09:18:48 CST", 
        "InactiveExitTimestampMonotonic": "3696327", 
        "JobTimeoutAction": "none", 
        "JobTimeoutUSec": "0", 
        "KillMode": "process", 
        "KillSignal": "15", 
        "LimitAS": "18446744073709551615", 
        "LimitCORE": "18446744073709551615", 
        "LimitCPU": "18446744073709551615", 
        "LimitDATA": "18446744073709551615", 
        "LimitFSIZE": "18446744073709551615", 
        "LimitLOCKS": "18446744073709551615", 
        "LimitMEMLOCK": "65536", 
        "LimitMSGQUEUE": "819200", 
        "LimitNICE": "0", 
        "LimitNOFILE": "4096", 
        "LimitNPROC": "1802", 
        "LimitRSS": "18446744073709551615", 
        "LimitRTPRIO": "0", 
        "LimitRTTIME": "18446744073709551615", 
        "LimitSIGPENDING": "1802", 
        "LimitSTACK": "18446744073709551615", 
        "LoadState": "loaded", 
        "MainPID": "700", 
        "MemoryAccounting": "no", 
        "MemoryCurrent": "18446744073709551615", 
        "MemoryLimit": "18446744073709551615", 
        "MountFlags": "0", 
        "Names": "crond.service", 
        "NeedDaemonReload": "no", 
        "Nice": "0", 
        "NoNewPrivileges": "no", 
        "NonBlocking": "no", 
        "NotifyAccess": "none", 
        "OOMScoreAdjust": "0", 
        "OnFailureJobMode": "replace", 
        "PermissionsStartOnly": "no", 
        "PrivateDevices": "no", 
        "PrivateNetwork": "no", 
        "PrivateTmp": "no", 
        "ProtectHome": "no", 
        "ProtectSystem": "no", 
        "RefuseManualStart": "no", 
        "RefuseManualStop": "no", 
        "RemainAfterExit": "no", 
        "Requires": "basic.target", 
        "Restart": "no", 
        "RestartUSec": "100ms", 
        "Result": "success", 
        "RootDirectoryStartOnly": "no", 
        "RuntimeDirectoryMode": "0755", 
        "SameProcessGroup": "no", 
        "SecureBits": "0", 
        "SendSIGHUP": "no", 
        "SendSIGKILL": "yes", 
        "Slice": "system.slice", 
        "StandardError": "inherit", 
        "StandardInput": "null", 
        "StandardOutput": "journal", 
        "StartLimitAction": "none", 
        "StartLimitBurst": "5", 
        "StartLimitInterval": "10000000", 
        "StartupBlockIOWeight": "18446744073709551615", 
        "StartupCPUShares": "18446744073709551615", 
        "StatusErrno": "0", 
        "StopWhenUnneeded": "no", 
        "SubState": "running", 
        "SyslogLevelPrefix": "yes", 
        "SyslogPriority": "30", 
        "SystemCallErrorNumber": "0", 
        "TTYReset": "no", 
        "TTYVHangup": "no", 
        "TTYVTDisallocate": "no", 
        "TasksAccounting": "no", 
        "TasksCurrent": "18446744073709551615", 
        "TasksMax": "18446744073709551615", 
        "TimeoutStartUSec": "1min 30s", 
        "TimeoutStopUSec": "1min 30s", 
        "TimerSlackNSec": "50000", 
        "Transient": "no", 
        "Type": "simple", 
        "UMask": "0022", 
        "UnitFilePreset": "enabled", 
        "UnitFileState": "enabled", 
        "WantedBy": "multi-user.target", 
        "Wants": "system.slice", 
        "WatchdogTimestamp": "五 2018-01-12 09:18:48 CST", 
        "WatchdogTimestampMonotonic": "3696305", 
        "WatchdogUSec": "0"
    }
}
 
启动服务
[root@ansible /]# ansible 'webserver' -m service -a 'state=started name=crond'
172.18.30.2 ' SUCCESS => {
    "changed": true, 
    "name": "crond", 
    "state": "started", 
    "status": {
        "ActiveEnterTimestamp": "六 2018-01-13 20:36:07 CST", 
        "ActiveEnterTimestampMonotonic": "4116254", 
        "ActiveExitTimestamp": "日 2018-01-14 03:00:17 CST", 
        "ActiveExitTimestampMonotonic": "23054283113", 
        "ActiveState": "inactive", 
        "After": "system.slice systemd-journald.socket basic.target auditd.service systemd-user-sessions.service time-sync.target", 
        "AllowIsolate": "no", 
        "AmbientCapabilities": "0", 
        "AssertResult": "yes", 
        "AssertTimestamp": "六 2018-01-13 20:36:07 CST", 
        "AssertTimestampMonotonic": "4109479", 
        "Before": "multi-user.target shutdown.target", 
        "BlockIOAccounting": "no", 
        "BlockIOWeight": "18446744073709551615", 
        "CPUAccounting": "no", 
        "CPUQuotaPerSecUSec": "infinity", 
        "CPUSchedulingPolicy": "0", 
        "CPUSchedulingPriority": "0", 
        "CPUSchedulingResetOnFork": "no", 
        "CPUShares": "18446744073709551615", 
        "CanIsolate": "no", 
        "CanReload": "yes", 
        "CanStart": "yes", 
        "CanStop": "yes", 
        "CapabilityBoundingSet": "18446744073709551615", 
        "ConditionResult": "yes", 
        "ConditionTimestamp": "六 2018-01-13 20:36:07 CST", 
        "ConditionTimestampMonotonic": "4109479", 
        "Conflicts": "shutdown.target", 
        "ControlPID": "0", 
        "DefaultDependencies": "yes", 
        "Delegate": "no", 
        "Description": "Command Scheduler", 
        "DevicePolicy": "auto", 
        "EnvironmentFile": "/etc/sysconfig/crond (ignore_errors=no)", 
        "ExecMainCode": "1", 
        "ExecMainExitTimestamp": "日 2018-01-14 03:00:17 CST", 
        "ExecMainExitTimestampMonotonic": "23054285827", 
        "ExecMainPID": "698", 
        "ExecMainStartTimestamp": "六 2018-01-13 20:36:07 CST", 
        "ExecMainStartTimestampMonotonic": "4116176", 
        "ExecMainStatus": "0", 
        "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", 
        "ExecStart": "{ path=/usr/sbin/crond ; argv[]=/usr/sbin/crond -n $CRONDARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", 
        "FailureAction": "none", 
        "FileDescriptorStoreMax": "0", 
        "FragmentPath": "/usr/lib/systemd/system/crond.service", 
        "GuessMainPID": "yes", 
        "IOScheduling": "0", 
        "Id": "crond.service", 
        "IgnoreOnIsolate": "no", 
        "IgnoreOnSnapshot": "no", 
        "IgnoreSIGPIPE": "yes", 
        "InactiveEnterTimestamp": "日 2018-01-14 03:00:17 CST", 
        "InactiveEnterTimestampMonotonic": "23054285887", 
        "InactiveExitTimestamp": "六 2018-01-13 20:36:07 CST", 
        "InactiveExitTimestampMonotonic": "4116254", 
        "JobTimeoutAction": "none", 
        "JobTimeoutUSec": "0", 
        "KillMode": "process", 
        "KillSignal": "15", 
        "LimitAS": "18446744073709551615", 
        "LimitCORE": "18446744073709551615", 
        "LimitCPU": "18446744073709551615", 
        "LimitDATA": "18446744073709551615", 
        "LimitFSIZE": "18446744073709551615", 
        "LimitLOCKS": "18446744073709551615", 
        "LimitMEMLOCK": "65536", 
        "LimitMSGQUEUE": "819200", 
        "LimitNICE": "0", 
        "LimitNOFILE": "4096", 
        "LimitNPROC": "1802", 
        "LimitRSS": "18446744073709551615", 
        "LimitRTPRIO": "0", 
        "LimitRTTIME": "18446744073709551615", 
        "LimitSIGPENDING": "1802", 
        "LimitSTACK": "18446744073709551615", 
        "LoadState": "loaded", 
        "MainPID": "0", 
        "MemoryAccounting": "no", 
        "MemoryCurrent": "18446744073709551615", 
        "MemoryLimit": "18446744073709551615", 
        "MountFlags": "0", 
        "Names": "crond.service", 
        "NeedDaemonReload": "no", 
        "Nice": "0", 
        "NoNewPrivileges": "no", 
        "NonBlocking": "no", 
        "NotifyAccess": "none", 
        "OOMScoreAdjust": "0", 
        "OnFailureJobMode": "replace", 
        "PermissionsStartOnly": "no", 
        "PrivateDevices": "no", 
        "PrivateNetwork": "no", 
        "PrivateTmp": "no", 
        "ProtectHome": "no", 
        "ProtectSystem": "no", 
        "RefuseManualStart": "no", 
        "RefuseManualStop": "no", 
        "RemainAfterExit": "no", 
        "Requires": "basic.target", 
        "Restart": "no", 
        "RestartUSec": "100ms", 
        "Result": "success", 
        "RootDirectoryStartOnly": "no", 
        "RuntimeDirectoryMode": "0755", 
        "SameProcessGroup": "no", 
        "SecureBits": "0", 
        "SendSIGHUP": "no", 
        "SendSIGKILL": "yes", 
        "Slice": "system.slice", 
        "StandardError": "inherit", 
        "StandardInput": "null", 
        "StandardOutput": "journal", 
        "StartLimitAction": "none", 
        "StartLimitBurst": "5", 
        "StartLimitInterval": "10000000", 
        "StartupBlockIOWeight": "18446744073709551615", 
        "StartupCPUShares": "18446744073709551615", 
        "StatusErrno": "0", 
        "StopWhenUnneeded": "no", 
        "SubState": "dead", 
        "SyslogLevelPrefix": "yes", 
        "SyslogPriority": "30", 
        "SystemCallErrorNumber": "0", 
        "TTYReset": "no", 
        "TTYVHangup": "no", 
        "TTYVTDisallocate": "no", 
        "TasksAccounting": "no", 
        "TasksCurrent": "18446744073709551615", 
        "TasksMax": "18446744073709551615", 
        "TimeoutStartUSec": "1min 30s", 
        "TimeoutStopUSec": "1min 30s", 
        "TimerSlackNSec": "50000", 
        "Transient": "no", 
        "Type": "simple", 
        "UMask": "0022", 
        "UnitFilePreset": "enabled", 
        "UnitFileState": "enabled", 
        "WantedBy": "multi-user.target", 
        "Wants": "system.slice", 
        "WatchdogTimestampMonotonic": "0", 
        "WatchdogUSec": "0"
    }
}
172.18.30.1 ' SUCCESS => {
    "changed": true, 
    "name": "crond", 
    "state": "started", 
    "status": {
        "ActiveEnterTimestamp": "五 2018-01-12 09:18:48 CST", 
        "ActiveEnterTimestampMonotonic": "3696327", 
        "ActiveExitTimestamp": "六 2018-01-13 20:53:29 CST", 
        "ActiveExitTimestampMonotonic": "126112891498", 
        "ActiveState": "inactive", 
        "After": "auditd.service systemd-user-sessions.service system.slice time-sync.target systemd-journald.socket basic.target", 
        "AllowIsolate": "no", 
        "AmbientCapabilities": "0", 
        "AssertResult": "yes", 
        "AssertTimestamp": "五 2018-01-12 09:18:48 CST", 
        "AssertTimestampMonotonic": "3696000", 
        "Before": "shutdown.target multi-user.target", 
        "BlockIOAccounting": "no", 
        "BlockIOWeight": "18446744073709551615", 
        "CPUAccounting": "no", 
        "CPUQuotaPerSecUSec": "infinity", 
        "CPUSchedulingPolicy": "0", 
        "CPUSchedulingPriority": "0", 
        "CPUSchedulingResetOnFork": "no", 
        "CPUShares": "18446744073709551615", 
        "CanIsolate": "no", 
        "CanReload": "yes", 
        "CanStart": "yes", 
        "CanStop": "yes", 
        "CapabilityBoundingSet": "18446744073709551615", 
        "ConditionResult": "yes", 
        "ConditionTimestamp": "五 2018-01-12 09:18:48 CST", 
        "ConditionTimestampMonotonic": "3696000", 
        "Conflicts": "shutdown.target", 
        "ControlPID": "0", 
        "DefaultDependencies": "yes", 
        "Delegate": "no", 
        "Description": "Command Scheduler", 
        "DevicePolicy": "auto", 
        "EnvironmentFile": "/etc/sysconfig/crond (ignore_errors=no)", 
        "ExecMainCode": "1", 
        "ExecMainExitTimestamp": "六 2018-01-13 20:53:29 CST", 
        "ExecMainExitTimestampMonotonic": "126112902263", 
        "ExecMainPID": "700", 
        "ExecMainStartTimestamp": "五 2018-01-12 09:18:48 CST", 
        "ExecMainStartTimestampMonotonic": "3696282", 
        "ExecMainStatus": "0", 
        "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", 
        "ExecStart": "{ path=/usr/sbin/crond ; argv[]=/usr/sbin/crond -n $CRONDARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", 
        "FailureAction": "none", 
        "FileDescriptorStoreMax": "0", 
        "FragmentPath": "/usr/lib/systemd/system/crond.service", 
        "GuessMainPID": "yes", 
        "IOScheduling": "0", 
        "Id": "crond.service", 
        "IgnoreOnIsolate": "no", 
        "IgnoreOnSnapshot": "no", 
        "IgnoreSIGPIPE": "yes", 
        "InactiveEnterTimestamp": "六 2018-01-13 20:53:29 CST", 
        "InactiveEnterTimestampMonotonic": "126112902377", 
        "InactiveExitTimestamp": "五 2018-01-12 09:18:48 CST", 
        "InactiveExitTimestampMonotonic": "3696327", 
        "JobTimeoutAction": "none", 
        "JobTimeoutUSec": "0", 
        "KillMode": "process", 
        "KillSignal": "15", 
        "LimitAS": "18446744073709551615", 
        "LimitCORE": "18446744073709551615", 
        "LimitCPU": "18446744073709551615", 
        "LimitDATA": "18446744073709551615", 
        "LimitFSIZE": "18446744073709551615", 
        "LimitLOCKS": "18446744073709551615", 
        "LimitMEMLOCK": "65536", 
        "LimitMSGQUEUE": "819200", 
        "LimitNICE": "0", 
        "LimitNOFILE": "4096", 
        "LimitNPROC": "1802", 
        "LimitRSS": "18446744073709551615", 
        "LimitRTPRIO": "0", 
        "LimitRTTIME": "18446744073709551615", 
        "LimitSIGPENDING": "1802", 
        "LimitSTACK": "18446744073709551615", 
        "LoadState": "loaded", 
        "MainPID": "0", 
        "MemoryAccounting": "no", 
        "MemoryCurrent": "18446744073709551615", 
        "MemoryLimit": "18446744073709551615", 
        "MountFlags": "0", 
        "Names": "crond.service", 
        "NeedDaemonReload": "no", 
        "Nice": "0", 
        "NoNewPrivileges": "no", 
        "NonBlocking": "no", 
        "NotifyAccess": "none", 
        "OOMScoreAdjust": "0", 
        "OnFailureJobMode": "replace", 
        "PermissionsStartOnly": "no", 
        "PrivateDevices": "no", 
        "PrivateNetwork": "no", 
        "PrivateTmp": "no", 
        "ProtectHome": "no", 
        "ProtectSystem": "no", 
        "RefuseManualStart": "no", 
        "RefuseManualStop": "no", 
        "RemainAfterExit": "no", 
        "Requires": "basic.target", 
        "Restart": "no", 
        "RestartUSec": "100ms", 
        "Result": "success", 
        "RootDirectoryStartOnly": "no", 
        "RuntimeDirectoryMode": "0755", 
        "SameProcessGroup": "no", 
        "SecureBits": "0", 
        "SendSIGHUP": "no", 
        "SendSIGKILL": "yes", 
        "Slice": "system.slice", 
        "StandardError": "inherit", 
        "StandardInput": "null", 
        "StandardOutput": "journal", 
        "StartLimitAction": "none", 
        "StartLimitBurst": "5", 
        "StartLimitInterval": "10000000", 
        "StartupBlockIOWeight": "18446744073709551615", 
        "StartupCPUShares": "18446744073709551615", 
        "StatusErrno": "0", 
        "StopWhenUnneeded": "no", 
        "SubState": "dead", 
        "SyslogLevelPrefix": "yes", 
        "SyslogPriority": "30", 
        "SystemCallErrorNumber": "0", 
        "TTYReset": "no", 
        "TTYVHangup": "no", 
        "TTYVTDisallocate": "no", 
        "TasksAccounting": "no", 
        "TasksCurrent": "18446744073709551615", 
        "TasksMax": "18446744073709551615", 
        "TimeoutStartUSec": "1min 30s", 
        "TimeoutStopUSec": "1min 30s", 
        "TimerSlackNSec": "50000", 
        "Transient": "no", 
        "Type": "simple", 
        "UMask": "0022", 
        "UnitFilePreset": "enabled", 
        "UnitFileState": "enabled", 
        "WantedBy": "multi-user.target", 
        "Wants": "system.slice", 
        "WatchdogTimestampMonotonic": "0", 
        "WatchdogUSec": "0"
    }
}

12）user管理用户

创建用户
[root@ansible /]# ansible 'webserver' -m user -a 'name=nfs system=yes state=present'    
172.18.30.2 ' SUCCESS => {
    "changed": true, 
    "comment": "", 
    "createhome": true, 
    "group": 996, 
    "home": "/home/nfs", 
    "name": "nfs", 
    "shell": "/bin/bash", 
    "state": "present", 
    "stderr": "useradd：警告：此主目录已经存在。\n不从 skel 目录里向其中复制任何文件。\n", 
    "stderr_lines": [
        "useradd：警告：此主目录已经存在。", 
        "不从 skel 目录里向其中复制任何文件。"
    ], 
    "system": true, 
    "uid": 998
}
172.18.30.1 ' SUCCESS => {
    "changed": true, 
    "comment": "", 
    "createhome": true, 
    "group": 996, 
    "home": "/home/nfs", 
    "name": "nfs", 
    "shell": "/bin/bash", 
    "state": "present", 
    "stderr": "useradd：警告：此主目录已经存在。\n不从 skel 目录里向其中复制任何文件。\n", 
    "stderr_lines": [
        "useradd：警告：此主目录已经存在。", 
        "不从 skel 目录里向其中复制任何文件。"
    ], 
    "system": true, 
    "uid": 998
}
删除用户
[root@ansible /]# ansible 'webserver' -m user -a 'name=nfs system=yes state=absent'
172.18.30.1 ' SUCCESS => {
    "changed": true, 
    "force": false, 
    "name": "nfs", 
    "remove": false, 
    "state": "absent"
}
172.18.30.2 ' SUCCESS => {
    "changed": true, 
    "force": false, 
    "name": "nfs", 
    "remove": false, 
    "state": "absent"
}
注意，不会移除家目录
更多的参数请参考ansible-doc -s user

13)group管理组

添加组
[root@ansible /]# ansible 'webserver' -m group -a 'name=nfs system=yes'
172.18.30.2 ' SUCCESS => {
    "changed": true, 
    "gid": 996, 
    "name": "nfs", 
    "state": "present", 
    "system": true
}
172.18.30.1 ' SUCCESS => {
    "changed": true, 
    "gid": 996, 
    "name": "nfs", 
    "state": "present", 
    "system": true
}
删除组
[root@ansible /]# ansible 'webserver' -m group -a 'name=nfs state=absent'
172.18.30.2 ' SUCCESS => {
    "changed": true, 
    "name": "nfs", 
    "state": "absent"
}
172.18.30.1 ' SUCCESS => {
    "changed": true, 
    "name": "nfs", 
    "state": "absent"
}