Ansible常用命令及操作

Ansible常用命令及操作
一、安装
yum install -y ansible

二、命令补全 ansible 2.9版本以上
# yum -y install python-argcomplete
#或者任何系统都可以使用pip工具安装argcomplete,如下
# pip3 install argcomplete
#激活插件并退出bash重新进入生效
activate-global-python-argcomplete

三、ansible配置文件优先级
Ansible支持4种方式指定配置文件,它们的读取顺序从高到低:
## ansible_config:首先,Ansible命令会检查环境变量,及这个环境变量将指向的配置文件
## .ansible.cfg:当前目录下的ansible.cfg
## ~/.ansible.cfg:家目录下的ansible.cfg
## /etc/ansible/ansible.cfg:默认的全局配置文件
Ansible配置文件采用 ini 风格进行配置,每一项配置都使用key=value的方式进行配置。

四、ansible配置ssh免密登录
#生成ssh公钥私钥
ssh-keygen -t rsa -b 4096
#密码copy至本机root下
ssh-copy-id -p 22 root@192.168.9.20

在 /root/.ssh中添加ssh config
cat > /root/.ssh/config  << EOF
Host k8s02
        HostName 192.168.9.21
        Port 22
        User root
        ServerAliveInterval 60
        IdentityFile ~/.ssh/id_rsa
Host k8s03
        HostName 192.168.9.22
        Port 22
        User root
        ServerAliveInterval 60
        IdentityFile ~/.ssh/id_rsa
Host node01
        HostName 192.168.9.23
        Port 22
        User root
        ServerAliveInterval 60
        IdentityFile ~/.ssh/id_rsa        
EOF


#各节点的主机信息(host key)写入Master节点的~/.ssh/known_hosts文件:
for host in 192.168.9.{20..22} node0{1..3};
do
ssh-keyscan $host >>~/.ssh/known_hosts 2>/dev/null
done

# ssh公钥分发给各节点
# sshpass -p选项指定的是密码 
yum -y install sshpass
for host in 192.168.9.{20..22} node0{1..3};
do
sshpass -p'xxxxxx' ssh-copy-id root@$host &>/dev/null
done

五、ansible 帮助模块
#使用ansible-doc命令来筛选模块
ansible-doc  -l  |  grep 'copy'
#显示copy模块详细用法
ansible-doc  copy
#只显示playbook相关用法
ansible-doc  -s  copy

六、ansible性能优化
1. ## 关闭gathering facts功能
## ansible-playbook执行第1个步骤总是执行gather facts,不论你有没有在playbook设定这个tasks,如果你不需要获取被控机器的fact数据的话,就可以关闭获取fact数据功能。
# cat test.yml
- hosts: k8s01
  remote_user: root
  gather_facts: False
  tasks:
    - name: a test
      shell: echo "test"
## 详细模块查看无gathering facts过程      
ansible-playbook -v test.yml

2. ## 开启 SSH pipelining  不使用sudo命令建议开启,在一个ssh会话中执行所有操作,速度较快。
## 使用sudo命令时需要在被控节点的/etc/sudoers中禁用"requiretty"!!!!
# grep requiretty /etc/sudoers
# Defaults    requiretty
vim /etc/ansible/ansible.cfg
........
pipelining = True

3. ## 开启SSH长连接 (ControlPersist特性)ConrolPersist=5d, 这个参数是设置整个长连接保持时间为5天。
# vim /etc/ansible/ansible.cfg
..........
ssh_args = -C -o ControlMaster=auto -o ControlPersist=5d

4. ## 设置facts缓存
# vim /etc/ansible/ansible.cfg
.........
gathering = smart
fact_caching_timeout = 86400
fact_caching = jsonfile
fact_caching_connection = /dev/shm/ansible_fact_cache
#第二种缓存方式:使用redis存储facts文件需安装redis,还需要安装python库
# yum -y install epel-release redis
# yum install python-pip
# pip install redis
# vim /etc/ansible/ansible.cfg
........
gathering = smart
facts_caching_timeout = 86400      #设置缓存过期时间86400秒
facts_caching = redis              # 使用redis或者 (或者使用memcached,即"facts_caching = memcached")
fact_caching_connection = 127.0.0.1:6379
#若redis设置了密码,比如密码为"admin",则配置修改如下:
# fact_caching_connection = localhost:6379:0:admin
在使用redis缓存后,如果出现异常(若未出现,请忽略):TypeError: the JSON object must be str, not 'bytes'。
解决办法:
# find / -name ansible
# vim /usr/lib/python2.7/site-packages/ansible/plugins/cache/redis.py
..........
self._cache[key] = json.loads(value.decode('utf-8'))       #修改为这个

5. ## Ansible取消交互
# vim /etc/ansible/ansible.cfg
........
host_key_checking = False      #打开注释即可
取消ssh的yes和no的交互:
# vim /root/.ssh/config
UserKnownHostsFile /dev/null
ConnectTimeout 15
StrictHostKeyChecking no   
或者直接ssh时增加一个参数
# ssh -o StrictHostKeyChecking=no -p22 root@k8s02

6.ansible的-t选项,提高ansible执行效率
## ansible的"-t"或"--tree"选项是将ansible的执行结果按主机名保存在指定目录下的文件中。
time ansible k8s02 -m command -a "hostname"
time ansible k8s02 -m command -a "hostname" -t /tmp/test

七、配置inventory
在默认的inventory文件/etc/ansible/hosts添加几个目标主机的各种格式:
[k8s]
k8s02
k8s03 ansible_host=192.168.9.22
192.168.9.23
192.168.9.24:22
192.168.9.2[5:7] ansible_port=222

八、ansible的playbook剧本元素
## role角色
tasks:包含角色要执行的主要任务列表
handlers:包含处理程序,可以由此角色使用,甚至可以在此角色之外的任何位置使用
defaults:角色默认的变量
vars:角色其他的变量
files:包含可以通过此角色部署的文件
templates:包含可以通过此角色部署的模板
meta:角色定义的一些元数据
试例:
# cat nginx_role.yml 
- hosts: webservers
  remote_user: root
  roles:
    - nginx
[root@ansible opt]# tree roles/
roles/
├── nginx
│   ├── files
│   ├── handlers
│   │   └── main.yml
│   ├── tasks
│   │   └── main.yml
│   ├── templates
│   │   ├── nginx.conf.j2
│   │   └── nginx.service.j2
│   └── vars

九、ansible常用命令
ansible-doc -l     列出ansible所支持的模块
ansible-doc -s fetch     查看fetch模块的帮助信息
ansible all -m ping         调用ping模块 ping所有主机
ansible k8s02 -m fetch -a "src=/etc/fstab dest=/mnt/ansible/"          调用fetch模块拉取目标主机上的文件
         
copy模块
ansible k8s02 -m copy -a "src=/mnt/copytest dest=/opt/"
ansible k8s02 -m copy -a 'content="aaa\nbbb\n" dest=/opt/test'
ansible k8s02 -m copy -a "src=/mnt/copytest dest=/opt/ force=no"
ansible k8s02 -m copy -a "src=/mnt/copytest dest=/opt/ backup=yes"
ansible k8s02 -m copy -a "src=/mnt/copytest dest=/opt/ owner=zsy"
ansible k8s02 -m copy -a "src=/mnt/copytest dest=/opt/ group=zsy"
ansible k8s02 -m copy -a "src=/mnt/copytest dest=/opt/ mode=0640"

file模块
ansible k8s02 -m file -a "path=/mnt/testfile state=touch"
ansible k8s02 -m file -a "path=/mnt/mnt state=directory"
ansible k8s02 -m file -a "path=/mnt/linkfile state=link src=/mnt/testfile"
ansible k8s02 -m file -a "path=/mnt/hardfile state=hard src=/mnt/testfile"
ansible k8s02 -m file -a "path=/mnt/linkfile state=link src=sourcefile force=yes"
ansible k8s02 -m file -a "path=/mnt/mnt state=absent"
ansible k8s02 -m file -a "path=/mnt/abc state=touch owner=zsy"
ansible k8s02 -m file -a "path=/mnt/abc owner=zsy"
ansible k8s02 -m file -a "path=/mnt/abc state=directory owner=zsy"
ansible k8s02 -m file -a "path=/mnt/abb state=touch group=zsy"
ansible k8s02 -m file -a "path=/mnt/abb group=zsy"
ansible k8s02 -m file -a "path=/mnt/abb state=directory group=zsy"
ansible k8s02 -m file -a "path=/mnt/abb state=touch mode=0644"
ansible k8s02 -m file -a "path=/mnt/abb mode=0644"
ansible k8s02 -m file -a "path=/mnt/binfile mode=4700"
ansible k8s02 -m file -a "path=/mnt/abb state=directory mode=0644"
ansible k8s02 -m file -a "path=/mnt/abd state=directory owner=zsy group=zsy recurse=yes"

blockinfile模块
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local block="systemctl start mariadb\nsystemctl start httpd" '
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local block="systemctl start mariadb\nsystemctl start httpd" marker="#{mark} serivce to start" '
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local block="systemctl start mariadb" marker="#{mark} serivce to start" '
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local block="" marker="#{mark} serivce to start" '
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local  marker="#{mark} serivce to start" state=absent'
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local block="####blockinfile test####"  marker="#{mark} test" insertbefore=BOF'
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local block="####blockinfile test####"  marker="#{mark} test" insertafter=EOF'
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local block="####blockinfile test####"  marker="#{mark} test reg" insertafter="^#!/bin/bash" '
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local marker="#{mark} test" state=absent backup=yes'
ansible k8s02 -m blockinfile -a 'path=/mnt/test block="test" marker="#{mark} test" create=yes'

lineinfile模块
ansible k8s02 -m lineinfile -a 'path=/mnt/test line="test text"'
ansible k8s02 -m lineinfile -a 'path=/mnt/test regexp="^line" line="test text" '
ansible k8s02 -m lineinfile -a 'path=/mnt/test regexp="^line" line="test text" backrefs=yes '
ansible k8s02 -m lineinfile -a 'path=/mnt/test line="lineinfile -" state=absent'
ansible k8s02 -m lineinfile -a 'path=/mnt/test regexp="^lineinfile" state=absent'
ansible k8s02 -m lineinfile -a 'path=/mnt/test regexp="(H.{4}).*(H.{4})" line="\2" backrefs=yes'

find模块
ansible k8s02 -m find -a 'paths=/mnt contains=".*abc.*" '
ansible k8s02 -m find -a 'paths=/mnt contains=".*abc.*" recurse=yes '
ansible k8s02 -m find -a 'paths=/mnt patterns="*.sh" hidden=yes'
ansible k8s02 -m find -a 'paths=/mnt patterns="*.sh" file_type=any hidden=yes'
ansible k8s02 -m find -a 'paths=/mnt patterns="*.sh" file_type=any hidden=yes'
ansible k8s02 -m find -a 'paths=/mnt patterns=".*\.sh" use_regex=yes file_type=any hidden=yes'
ansible k8s02 -m find -a "path=/mnt age=-4d recurse=yes"
ansible k8s02 -m find -a "path=/mnt age=-2w age_stamp=atime recurse=yes"
ansible k8s02 -m find -a "paths=/mnt size=2g recurse=yes"
ansible k8s02 -m find -a "paths=/mnt patterns=*.sh get_checksum=yes  hidden=yes recurse=yes"

replace模块
ansible k8s02 -m replace -a 'path=/mnt/test regexp="ASM" replace=asm'
ansible k8s02 -m replace -a 'path=/mnt/test regexp="ASM" replace=asm backup=yes'

command模块
ansible k8s02 -m command -a "ls"
ansible k8s02 -m command -a "chdir=/mnt ls"
ansible k8s02 -m command -a "creates=/mnt/test echo test"
ansible k8s02 -m command -a "removes=/mnt/test echo test"

shell模块
ansible k8s02 -m shell -a "chdir=/mnt echo test > test"
ansible k8s02 -m shell -a 'executable=/bin/csh @ TestNum=666 ; echo $TestNum > /mnt/TestNumFile'

script模块
ansible k8s02 -m script -a "chdir=/opt /mnt/atest.sh"
ansible k8s02 -m script -a "creates=/opt/testfile /mnt/atest.sh"
ansible k8s02 -m script -a "removes=/opt/testfile /mnt/atest.sh"

cron模块
ansible k8s02 -m cron -a " name='test crontab' minute=5 hour=1 job='echo test' "
ansible k8s02 -m cron -a " name='crontab day test' minute=1 hour=1 day=*/3 job='echo test' "
ansible k8s02 -m cron -a " name='test special time' special_time=reboot job='echo test' "
ansible k8s02 -m cron -a " name='test special time' special_time=hourly job='echo test' backup=yes "
ansible k8s02 -m cron -a " name='test special time' state=absent backup=yes "
ansible k8s02 -m cron -a "user=zsy name='test special time' special_time=hourly job='echo test'"
ansible k8s02 -m cron -a " name='crontab day test' minute=1 hour=1 day=*/3 job='echo test'  disabled=yes backup=yes"
ansible k8s02 -m cron -a " name='crontab day test' minute=55 job='echo test'  disabled=yes backup=yes"


service模块
ansible k8s02 -m service -a "name=nginx state=started"
ansible k8s02 -m service -a "name=nginx state=stopped"
ansible k8s02 -m service -a " name='nginx' enabled=yes"

user模块
ansible k8s02 -m user -a 'name=zsy'
ansible k8s02 -m user -a 'name=zsy state=absent'
ansible k8s02 -m user -a 'name=abc state=absent remove=yes'
ansible k8s02 -m user -a "name=zsy group=zsythink"
ansible k8s02 -m user -a "name=zsy groups=zsythink append=yes"
ansible k8s02 -m user -a "name=zsy shell=/bin/csh"
ansible k8s02 -m user -a "name=zsy uid=2002"
ansible k8s02 -m user -a 'name=zsy expires=1546185600'              使用date -d 2018-12-31 +%s  获取对应日期unix时间戳
ansible k8s02 -m user -a 'name=zsy comment="www.zsythink.net"'

[root@test71 ~]# python;
Python 2.7.5 (default, Aug  4 2017, 00:39:18)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt; crypt.crypt('666666')
'$6$ygRbo7Fj.mMU2KY0$OEqihCCn5UfOsvMyzPNPBgx3bzAtwrOFyFvacgUmA374XOAEtUCrdjbW5Ip.Zqo491o3kD5I.HaC9nLhh6x741'

ansible k8s02 -m user -a ' name=zsy password="$6$ygRbo7Fj.mMU2KY0$OEqihCCn5UfOsvMyzPNPBgx3bzAtwrOFyFvacgUmA374XOAEtUCrdjbW5Ip.Zqo491o3kD5I.HaC9nLhh6x741" '
ansible k8s02 -m user -a 'name=zsy password="$6$a.ofrhIWn4gJGbi0$i6Xhr.F/YyhMe2UCodydwyF952bP4DOf0qYcGE8aK.EsgOR/GKU0Oy9Ov6oIH3RIJ9BnhvoVR9ozflmUJgxhL0" update_password=on_create'
ansible k8s02 -m user -a 'name=zsy generate_ssh_key=yes'
ansible k8s02 -m user -a 'name=zsy generate_ssh_key=yes ssh_key_file=/opt/id_rsa_zsy'
ansible k8s02 -m user -a 'name=zsy generate_ssh_key=yes ssh_key_comment="www.zsythink.net"'
ansible k8s02 -m user -a 'name=zsy generate_ssh_key=yes ssh_key_type=dsa'

group模块
ansible k8s02 -m group -a ' name=zsythink'
ansible k8s02 -m group -a ' name=zsythink state=absent'
ansible k8s02 -m group -a 'name=zsythink gid=1008'

yum_repository模块
ansible k8s02 -m yum_repository -a 'name=aliEpel description="alibaba EPEL" baseurl=https://mirrors.aliyun.com/epel/$releasever\Server/$basearch/'
ansible k8s02 -m yum_repository -a 'name=aliEpel description="alibaba EPEL" baseurl=https://mirrors.aliyun.com/epel/$releasever\Server/$basearch/ file=alibaba'
ansible k8s02 -m yum_repository -a 'name=local baseurl=file:///media description="local cd yum" enabled=no'
ansible k8s02 -m yum_repository -a 'name=local baseurl=file:///media description="local cd yum" gpgcheck=yes gpgcakey=file:///media/RPM-GPG-KEY-CentOS-7'
ansible k8s02 -m yum_repository -a 'file=alibaba name=aliEpel state=absent'

yum模块
ansible k8s02 -m yum -a 'name=nginx disable_gpg_check=yes'
ansible k8s02 -m yum -a 'name=nginx state=present disable_gpg_check=yes'
ansible k8s02 -m yum -a 'name=nginx state=installed disable_gpg_check=yes'
ansible k8s02 -m yum -a 'name=nginx state=latest disable_gpg_check=yes'
ansible k8s02 -m yum -a 'name=nginx state=absent'
ansible k8s02 -m yum -a 'name=nginx state=removed'
ansible k8s02 -m yum -a 'name=telnet disable_gpg_check=yes enablerepo=local'
ansible k8s02 -m yum -a 'name=telnet disable_gpg_check=yes disablerepo=local'
ansible-doc -l     列出ansible所支持的模块
ansible-doc -s fetch     查看fetch模块的帮助信息
ansible all -m ping         调用ping模块 ping所有主机
ansible k8s02 -m fetch -a "src=/etc/fstab dest=/mnt/ansible/"          调用fetch模块拉取目标主机上的文件
         
copy模块
ansible k8s02 -m copy -a "src=/mnt/copytest dest=/opt/"
ansible k8s02 -m copy -a 'content="aaa\nbbb\n" dest=/opt/test'
ansible k8s02 -m copy -a "src=/mnt/copytest dest=/opt/ force=no"
ansible k8s02 -m copy -a "src=/mnt/copytest dest=/opt/ backup=yes"
ansible k8s02 -m copy -a "src=/mnt/copytest dest=/opt/ owner=zsy"
ansible k8s02 -m copy -a "src=/mnt/copytest dest=/opt/ group=zsy"
ansible k8s02 -m copy -a "src=/mnt/copytest dest=/opt/ mode=0640"

file模块
ansible k8s02 -m file -a "path=/mnt/testfile state=touch"
ansible k8s02 -m file -a "path=/mnt/mnt state=directory"
ansible k8s02 -m file -a "path=/mnt/linkfile state=link src=/mnt/testfile"
ansible k8s02 -m file -a "path=/mnt/hardfile state=hard src=/mnt/testfile"
ansible k8s02 -m file -a "path=/mnt/linkfile state=link src=sourcefile force=yes"
ansible k8s02 -m file -a "path=/mnt/mnt state=absent"
ansible k8s02 -m file -a "path=/mnt/abc state=touch owner=zsy"
ansible k8s02 -m file -a "path=/mnt/abc owner=zsy"
ansible k8s02 -m file -a "path=/mnt/abc state=directory owner=zsy"
ansible k8s02 -m file -a "path=/mnt/abb state=touch group=zsy"
ansible k8s02 -m file -a "path=/mnt/abb group=zsy"
ansible k8s02 -m file -a "path=/mnt/abb state=directory group=zsy"
ansible k8s02 -m file -a "path=/mnt/abb state=touch mode=0644"
ansible k8s02 -m file -a "path=/mnt/abb mode=0644"
ansible k8s02 -m file -a "path=/mnt/binfile mode=4700"
ansible k8s02 -m file -a "path=/mnt/abb state=directory mode=0644"
ansible k8s02 -m file -a "path=/mnt/abd state=directory owner=zsy group=zsy recurse=yes"

blockinfile模块
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local block="systemctl start mariadb\nsystemctl start httpd" '
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local block="systemctl start mariadb\nsystemctl start httpd" marker="#{mark} serivce to start" '
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local block="systemctl start mariadb" marker="#{mark} serivce to start" '
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local block="" marker="#{mark} serivce to start" '
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local  marker="#{mark} serivce to start" state=absent'
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local block="####blockinfile test####"  marker="#{mark} test" insertbefore=BOF'
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local block="####blockinfile test####"  marker="#{mark} test" insertafter=EOF'
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local block="####blockinfile test####"  marker="#{mark} test reg" insertafter="^#!/bin/bash" '
ansible k8s02 -m blockinfile -a 'path=/mnt/rc.local marker="#{mark} test" state=absent backup=yes'
ansible k8s02 -m blockinfile -a 'path=/mnt/test block="test" marker="#{mark} test" create=yes'

lineinfile模块
ansible k8s02 -m lineinfile -a 'path=/mnt/test line="test text"'
ansible k8s02 -m lineinfile -a 'path=/mnt/test regexp="^line" line="test text" '
ansible k8s02 -m lineinfile -a 'path=/mnt/test regexp="^line" line="test text" backrefs=yes '
ansible k8s02 -m lineinfile -a 'path=/mnt/test line="lineinfile -" state=absent'
ansible k8s02 -m lineinfile -a 'path=/mnt/test regexp="^lineinfile" state=absent'
ansible k8s02 -m lineinfile -a 'path=/mnt/test regexp="(H.{4}).*(H.{4})" line="\2" backrefs=yes'

find模块
ansible k8s02 -m find -a 'paths=/mnt contains=".*abc.*" '
ansible k8s02 -m find -a 'paths=/mnt contains=".*abc.*" recurse=yes '
ansible k8s02 -m find -a 'paths=/mnt patterns="*.sh" hidden=yes'
ansible k8s02 -m find -a 'paths=/mnt patterns="*.sh" file_type=any hidden=yes'
ansible k8s02 -m find -a 'paths=/mnt patterns="*.sh" file_type=any hidden=yes'
ansible k8s02 -m find -a 'paths=/mnt patterns=".*\.sh" use_regex=yes file_type=any hidden=yes'
ansible k8s02 -m find -a "path=/mnt age=-4d recurse=yes"
ansible k8s02 -m find -a "path=/mnt age=-2w age_stamp=atime recurse=yes"
ansible k8s02 -m find -a "paths=/mnt size=2g recurse=yes"
ansible k8s02 -m find -a "paths=/mnt patterns=*.sh get_checksum=yes  hidden=yes recurse=yes"

replace模块
ansible k8s02 -m replace -a 'path=/mnt/test regexp="ASM" replace=asm'
ansible k8s02 -m replace -a 'path=/mnt/test regexp="ASM" replace=asm backup=yes'

command模块
ansible k8s02 -m command -a "ls"
ansible k8s02 -m command -a "chdir=/mnt ls"
ansible k8s02 -m command -a "creates=/mnt/test echo test"
ansible k8s02 -m command -a "removes=/mnt/test echo test"

shell模块
ansible k8s02 -m shell -a "chdir=/mnt echo test > test"
ansible k8s02 -m shell -a 'executable=/bin/csh @ TestNum=666 ; echo $TestNum > /mnt/TestNumFile'

script模块
ansible k8s02 -m script -a "chdir=/opt /mnt/atest.sh"
ansible k8s02 -m script -a "creates=/opt/testfile /mnt/atest.sh"
ansible k8s02 -m script -a "removes=/opt/testfile /mnt/atest.sh"

cron模块
ansible k8s02 -m cron -a " name='test crontab' minute=5 hour=1 job='echo test' "
ansible k8s02 -m cron -a " name='crontab day test' minute=1 hour=1 day=*/3 job='echo test' "
ansible k8s02 -m cron -a " name='test special time' special_time=reboot job='echo test' "
ansible k8s02 -m cron -a " name='test special time' special_time=hourly job='echo test' backup=yes "
ansible k8s02 -m cron -a " name='test special time' state=absent backup=yes "
ansible k8s02 -m cron -a "user=zsy name='test special time' special_time=hourly job='echo test'"
ansible k8s02 -m cron -a " name='crontab day test' minute=1 hour=1 day=*/3 job='echo test'  disabled=yes backup=yes"
ansible k8s02 -m cron -a " name='crontab day test' minute=55 job='echo test'  disabled=yes backup=yes"


service模块
ansible k8s02 -m service -a "name=nginx state=started"
ansible k8s02 -m service -a "name=nginx state=stopped"
ansible k8s02 -m service -a " name='nginx' enabled=yes"

user模块
ansible k8s02 -m user -a 'name=zsy'
ansible k8s02 -m user -a 'name=zsy state=absent'
ansible k8s02 -m user -a 'name=abc state=absent remove=yes'
ansible k8s02 -m user -a "name=zsy group=zsythink"
ansible k8s02 -m user -a "name=zsy groups=zsythink append=yes"
ansible k8s02 -m user -a "name=zsy shell=/bin/csh"
ansible k8s02 -m user -a "name=zsy uid=2002"
ansible k8s02 -m user -a 'name=zsy expires=1546185600'              使用date -d 2018-12-31 +%s  获取对应日期unix时间戳
ansible k8s02 -m user -a 'name=zsy comment="www.zsythink.net"'

# python;
Python 2.7.5 (default, Aug  4 2017, 00:39:18)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt; crypt.crypt('666666')
'$6$ygRbo7Fj.mMU2KY0$OEqihCCn5UfOsvMyzPNPBgx3bzAtwrOFyFvacgUmA374XOAEtUCrdjbW5Ip.Zqo491o3kD5I.HaC9nLhh6x741'

ansible k8s02 -m user -a ' name=zsy password="$6$ygRbo7Fj.mMU2KY0$OEqihCCn5UfOsvMyzPNPBgx3bzAtwrOFyFvacgUmA374XOAEtUCrdjbW5Ip.Zqo491o3kD5I.HaC9nLhh6x741" '
ansible k8s02 -m user -a 'name=zsy password="$6$a.ofrhIWn4gJGbi0$i6Xhr.F/YyhMe2UCodydwyF952bP4DOf0qYcGE8aK.EsgOR/GKU0Oy9Ov6oIH3RIJ9BnhvoVR9ozflmUJgxhL0" update_password=on_create'
ansible k8s02 -m user -a 'name=zsy generate_ssh_key=yes'
ansible k8s02 -m user -a 'name=zsy generate_ssh_key=yes ssh_key_file=/opt/id_rsa_zsy'
ansible k8s02 -m user -a 'name=zsy generate_ssh_key=yes ssh_key_comment="www.zsythink.net"'
ansible k8s02 -m user -a 'name=zsy generate_ssh_key=yes ssh_key_type=dsa'

group模块
ansible k8s02 -m group -a ' name=zsythink'
ansible k8s02 -m group -a ' name=zsythink state=absent'
ansible k8s02 -m group -a 'name=zsythink gid=1008'

yum_repository模块
ansible k8s02 -m yum_repository -a 'name=aliEpel description="alibaba EPEL" baseurl=https://mirrors.aliyun.com/epel/$releasever\Server/$basearch/'
ansible k8s02 -m yum_repository -a 'name=aliEpel description="alibaba EPEL" baseurl=https://mirrors.aliyun.com/epel/$releasever\Server/$basearch/ file=alibaba'
ansible k8s02 -m yum_repository -a 'name=local baseurl=file:///media description="local cd yum" enabled=no'
ansible k8s02 -m yum_repository -a 'name=local baseurl=file:///media description="local cd yum" gpgcheck=yes gpgcakey=file:///media/RPM-GPG-KEY-CentOS-7'
ansible k8s02 -m yum_repository -a 'file=alibaba name=aliEpel state=absent'

yum模块
ansible k8s02 -m yum -a 'name=nginx disable_gpg_check=yes'
ansible k8s02 -m yum -a 'name=nginx state=present disable_gpg_check=yes'
ansible k8s02 -m yum -a 'name=nginx state=installed disable_gpg_check=yes'
ansible k8s02 -m yum -a 'name=nginx state=latest disable_gpg_check=yes'
ansible k8s02 -m yum -a 'name=nginx state=absent'
ansible k8s02 -m yum -a 'name=nginx state=removed'
ansible k8s02 -m yum -a 'name=telnet disable_gpg_check=yes enablerepo=local'
ansible k8s02 -m yum -a 'name=telnet disable_gpg_check=yes disablerepo=local'