ansible使用臨時命令通過模組來執行任務
- 2022 年 10 月 24 日
- 筆記
使用臨時命令通過模組來執行任務
一、查看系統上安裝的所有模組
ansible-doc -l
查看ping模組幫助文檔
ansible-doc ping
1、ansible模組
文件模組:
copy:將本地文件複製到受控主機
file:設置文件的許可權和其他屬性
lineinfile:確保特定行是否在文件中,也就是說修改文件內容
synchronize:使用rsync同步內容
軟體包模組
package:使用作業系統本機的自動檢測軟體包管理器管理軟體包
yum:使用yum軟體包管理器管理軟體包
apt:使用apt軟體包管理器管理軟體包
dnf:使用dnf軟體包管理器管理軟體包
pip:從PyPI管理Python軟體包
系統模組
firewalld:使用firewalld管理任意埠和服務
reboot:重新啟動電腦
service:管理服務
user:添加、刪除和管理用戶賬戶
Net Tools模組
get_url:通過http、https或者ftp下載文件
nmcli:管理網路
uri:與WEB服務交互
語法:
ansible bgx -m command -a ‘df -h’
命令 主機名稱 指定模組 模組名稱 模組動作 具體命令
執行的狀態返回資訊:
綠色:執行成功並且不需要做改變的動作
黃色:執行成功並且對目標主機做變更
紅色:執行失敗
常用模組
案例1:user
臨時命令使用user模組來確保newbie用戶存在於node1.example.com上,並且其UID為4000
[galaxy@server ~]$ ansible server1 -m user -a 'name=newbie uid=4000 state=present'
創建用戶並指定密碼,如果該用戶存在,仍然修改密碼
[galaxy@server ~]$ openssl passwd -1 linux
$1$bChlQ4jX$97x50MlATs0PA6UsObqN1.
[galaxy@server ~]$ ansible all -m user -a 'name=chenyu state=present password="$1$bChlQ4jX$97x50MlATs0PA6UsObqN1." update_password=always'
創建用戶並指定密碼,但是如果改用戶存在,則不修改密碼
[galaxy@server ~]$ openssl passwd -1 redhat
$1$zcVeWQiB$dIsAdkcv91mTjrCaayN3F/
[galaxy@server ~]$ ansible all -m user -a 'name=chenyu12 state=present password="$1$zcVeWQiB$dIsAdkcv91mTjrCaayN3F/" update_password=on_create'
案例2:shell
臨時命令使用shell模組來刪除node1.example.com節點中的用戶newbie
ansible server1 -m shell -a 『userdel -r newbie』
案例3:copy
ansible webserver -m copy -a 『src=/etc/fstab dest=/var/tmp/fstab』
ansible webserver -m copy -a 『src=/etc/fstab dest=/var/tmp/fstab group=chenyu owner=chenyu』
案例4:template模組—template模組用法和copy模組用法基本一致,它主要用於複製配置文件
ansible all -m template -a ‘src=/usr/share/doc/httpd/httpd-vhosts.conf dest=/etc/httpd/conf.d/httpd-vhosts.conf group=root owner=root mode=0644 ‘
案例5:file 修改文件的許可權屬性和context值
ansible webserver -m file -a ‘path=/var/tmp/fstab mode=g+w mode=o+w group=galaxy owner=galaxy setype=samba_share_t’
mode:設置許可權可以是mode=g+w 也可以是mode=666
group:設置文件的所屬組
owner:設置文件的所有者
setype:修改文件的context值
新建文件
ansible webserver -m file -a ‘path=/var/tmp/bbb state=touch’
新建目錄
ansible webserver -m file -a ‘path=/var/tmp/cc state=directory’
刪除文件或者目錄
ansible webserver -m file -a ‘path=/var/tmp/cc state=absent’
創建軟鏈接
ansible webserver -m file -a ‘dest=/var/tmp/chenyu src=/var/tmp/bbb state=link’
創建硬鏈接
ansible webserver -m file -a ‘dest=/var/tmp/chenyu1 src=/var/tmp/aaa state=hard’
案例6:lineinfile
把abc開頭的一行換成 bbbbb
ansible webserver -m lineinfile -a ‘dest=/tmp/cy regexp=abc line=bbbbb’
在某一行前面插入一行新數據—insertbefore
ansible webserver -m lineinfile -a ‘dest=/tmp/cy insertbefore=”aa(.*)” line=chenyu’
在某一行後面插入一行新數據—insertafter
ansible webserver -m lineinfile -a ‘dest=/tmp/cy insertafter=”aaaa(.*)” line=bbbb’
刪除某一行
ansible webserver -m lineinfile -a ‘dest=/tmp/cy regexp=”aaa(.*)” state=absent’
案例7:yum_repository模組—–配置yum倉庫
ansible webserver -m yum_repository -a ‘file=server name=baseos description=rhel8 baseurl=file:///mnt/BaseOS enabled=yes gpgcheck=no’
ansible webserver -m yum_repository -a ‘file=server name=appstream description=RHEL8 baseurl=file:///mnt/AppStream enabled=yes gpgcheck=no’
案例8:yum模組—-yum安裝與卸載
state:present、installed、latest安裝
absent、removed卸載
ansible all -m yum -a ‘name=httpd state=installed’ —————-安裝
ansible all -m yum -a ‘name=httpd state=removed’ —————-卸載
案例9:service模組
重啟httpd服務並設置下次啟動生效
ansible all -m service -a ‘name=httpd state=started enabled=yes’
案例10:fetch—拉取文件模組
和copy工作方式類似,只不過是從遠程主機將文件拉取到本地端,存儲時使用主機名作為目錄樹,且只能拉取文件,不能拉取目錄
將遠程主機的/etc/fstab文件拉取到本地來,存儲的名字為/tmp/node1(node2)/etc/fstab
ansible all -m fetch -a ‘src=/etc/fstab dest=/tmp’
將某台遠程主機的/etc/fstab文件拉取到本地來,存儲的名字為/tmp/fstab
ansible node1 -m fetch -a ‘src=/etc/fstab dest=/tmp/ flat=yes’
將遠程主機的/etc/fstab文件拉取到本地來,存儲的名字為/tmp/fstab-node1(node2)
ansible all -m fetch -a ‘src=/etc/fstab dest=/tmp/fstab-{{inventory_hostname}} flat=yes’
案例11:firewalld模組
允許http流量的傳入
ansible all -m firewalld -a ‘service=http permanent=yes state=enabled immediate=yes’
富規則 允許172.16.30.0/24主機http流量的傳入
ansible all -m firewalld -a 『zone=public rich_rule=”rule family=ipv4 source address=172.16.30.0/24 service name=http accept” permanent=yes state=enabled immediate=yes’
案例12:replace模組
replace模組可以根據我們指定的正則表達式替換文件中的字元串,文件中所有被匹配的字元串都會被替換
參數:
path參數:2.3版本之前只能用dest、destfile、name指定操作文件,2.4版本中仍然可以用這些參數名,也可以用path
regexp參數:必須參數,指定一個python正則表達式,文件中與正則匹配的字元串將會被替換
replace參數:指定最終要替換成的字元串
backup參數:是否在修改文件之前對文件進行備份,最好設置為yes。
將/tmp/cy文件中的「abc」替換成「yyy」
ansible all -m replace -a ‘path=/tmp/cy regexp=”abc” replace=”yyy”‘
將/tmp/cy文件中的「yyy」替換成「iii」,且把替換前的/tmp/cy文件備份
ansible all -m replace -a ‘path=/tmp/cy regexp=”yyy” replace=”iii” backup=yes’
案例13:parted模組
新建擴展分區
ansible node1 -m parted -a ‘device=/dev/sda number=4 part_type=extended part_start=46GiB part_end=49.8GiB state=present’
新建邏輯分區ansible node1 -m parted -a ‘device=/dev/sda number=5 part_type=logical part_start=46.1GiB part_end=48.2GiB state=present’
案例14:filesystem—文件系統
ansible node1 -m filesystem -a ‘fstype=xfs dev=/dev/sda5’
案例15:mount—掛載
新建掛載點/common
ansible node1 -m file -a ‘path=/common state=directory’
查看/dev/sda5的UUID
ansible node1 -m shell -a ‘blkid /dev/sda5’
將分區/dev/sda5掛載到/common目錄
ansible node1 -m mount -a ‘path=/common src=”UUID=d162b8b9-2326-4ee4-a559-80861461c4f0″ fstype=xfs state=mounted’
卸載
ansible node1 -m mount -a ‘path=/common src=”UUID=d162b8b9-2326-4ee4-a559-80861461c4f0″ fstype=xfs state=absent’
案例16:lvg—新建卷組
ansible node1 -m lvg -a ‘vg=vg0 pesize=16M pvs=/dev/sda5’
案例17:lvol—新建邏輯卷
ansible node1 -m lvol -a ‘lv=lv0 size=1000M vg=vg0’
在線擴容邏輯卷
ansible node1 -m lvol -a ‘lv=lv0 size=1600M vg=vg0 resizefs=yes’
案例18:sefcontext—修改context值
ansible node1 -m file -a ‘path=/share state=directory’
修改context值
ansible node1 -m sefcontext -a ‘target=”/share(/.*)?” setype=samba_share_t state=present’
應用新的selinux 文件的context值
ansible node1 -m command -a ‘restorecon -irv /share’
案例19:debug
用戶輸出自定義的資訊,類似於echo、print等輸出命令。ansible中的debug主要用於輸出變數值、表達式值,以及用於when條件判斷時。使用方式非常簡單
案例20:cron—計劃任務模組
ansible node1 -m cron -a ‘name=”shuchu” job=”/bin/echo I AM RHCE” user=root minute=0 hour=14 state=present’
案例21:get_url
語法:ansible node1 -m get_url -a ‘url=需要下載的文件 dest=存放的位置’
部署web伺服器
[root@ansible ~]# su - student
Last login: Fri Oct 21 11:08:53 CST 2022 on pts/0
[student@ansible ~]$ cd ansible/
下載本地倉庫
[student@ansible ansible]$ ansible node1 -m yum_repository -a 'file=server name=baseos description=centos8 baseurl=file:///mnt/BaseOS enabled=yes gpgcheck=no'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "baseos",
"state": "present"
}
[student@ansible ansible]$ ansible node1 -m yum_repository -a 'file=server name=appsteram description=centos8 baseurl=file:///mnt/AppStream enabled=yes gpgcheck=no'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "appsteram",
"state": "present"
}
掛載本地倉庫
[student@ansible ansible]$ ansible node1 -m mount -a 'src=/dev/cdrom path=/mnt fstype=iso9660 state=mounted'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "iso9660",
"name": "/mnt",
"opts": "defaults",
"passno": "0",
"src": "/dev/cdrom"
}
下載htppd
[student@ansible ansible]$ ansible node1 -m yum -a 'name=httpd state=installed'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: mailcap-2.1.48-3.el8.noarch",
"Installed: httpd-2.4.37-30.module_el8.3.0+462+ba287492.0.1.x86_64",
"Installed: httpd-filesystem-2.4.37-30.module_el8.3.0+462+ba287492.0.1.noarch",
"Installed: apr-1.6.3-11.el8.x86_64",
"Installed: httpd-tools-2.4.37-30.module_el8.3.0+462+ba287492.0.1.x86_64",
"Installed: centos-logos-httpd-80.5-2.el8.noarch",
"Installed: mod_http2-1.15.7-2.module_el8.3.0+477+498bb568.x86_64",
"Installed: apr-util-1.6.1-6.el8.x86_64",
"Installed: apr-util-bdb-1.6.1-6.el8.x86_64",
"Installed: apr-util-openssl-1.6.1-6.el8.x86_64"
]
}
做軟鏈接
[student@ansible ansible]$ ansible node1 -m file -a 'src=/var/www/html dest=/www state=link'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/www",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 13,
"src": "/var/www/html",
"state": "link",
"uid": 0
}
node1中查看
[root@node1 /]# ll -d /www
lrwxrwxrwx 1 root root 13 Oct 24 15:58 /www -> /var/www/html
輸入內容
[student@ansible ansible]$ ansible node1 -m shell -a 'echo "my name is luojialong" > /www/index.html'
node1 | CHANGED | rc=0 >>
[student@ansible ansible]$ ansible node1 -m shell -a 'cat /www/index.html'
node1 | CHANGED | rc=0 >>
my name is luojialong
設置httpd服務開機自啟
[student@ansible ansible]$ ansible node1 -m service -a 'name=httpd state=started enabled=yes'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveState": "inactive",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUAffinityFromNUMA": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUQuotaPeriodUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"ControlPID": "0",
"DefaultMemoryLow": "0",
"DefaultMemoryMin": "0",
"Delegate": "no",
"DevicePolicy": "auto",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"Environment": "LANG=C",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FileDescriptorStoreMax": "0",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
"IPIngressBytes": "18446744073709551615",
"IPIngressPackets": "18446744073709551615",
"LimitAS": "infinity",
"LimitASSoft": "infinity",
"LimitCORE": "infinity",
"LimitCORESoft": "infinity",
"LimitCPU": "infinity",
"LimitCPUSoft": "infinity",
"LimitDATA": "infinity",
"LimitDATASoft": "infinity",
"LimitFSIZE": "infinity",
"LimitFSIZESoft": "infinity",
"LimitLOCKS": "infinity",
"LimitLOCKSSoft": "infinity",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "262144",
"LimitNOFILESoft": "1024",
"LimitNPROC": "2964",
"LimitNPROCSoft": "2964",
"LimitRSS": "infinity",
"LimitRSSSoft": "infinity",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "infinity",
"LimitRTTIMESoft": "infinity",
"LimitSIGPENDING": "2964",
"LimitSIGPENDINGSoft": "2964",
"LimitSTACK": "infinity",
"LimitSTACKSoft": "8388608",
"LogLevelMax": "-1",
"LogRateLimitBurst": "0",
"LogRateLimitIntervalUSec": "0",
"MainPID": "0",
"MemoryAccounting": "yes",
"MemoryCurrent": "[not set]",
"MemoryHigh": "infinity",
"MemoryLimit": "infinity",
"MemoryLow": "0",
"MemoryMax": "infinity",
"MemoryMin": "0",
"MemorySwapMax": "infinity",
"NFileDescriptorStore": "0",
"NRestarts": "0",
"NUMAMask": "",
"NUMAPolicy": "n/a",
"Nice": "0",
"NonBlocking": "no",
"NotifyAccess": "main",
"OOMScoreAdjust": "0",
"PermissionsStartOnly": "no",
"RemainAfterExit": "no",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeMaxUSec": "infinity",
"SecureBits": "0",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardInputData": "",
"StandardOutput": "journal",
"StartupBlockIOWeight": "[not set]",
"StartupCPUShares": "[not set]",
"StartupCPUWeight": "[not set]",
"StartupIOWeight": "[not set]",
"StatusErrno": "0",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "yes",
"TasksCurrent": "[not set]",
"TasksMax": "4743",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Type": "notify",
"UID": "[not set]",
"UMask": "0022",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
開啟防火牆
[student@ansible ansible]$ ansible node1 -m service -a 'name=firewalld state=started enabled=yes'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "firewalld",
"state": "started",
"status": {
"ActiveState": "inactive",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"BusName": "org.fedoraproject.FirewallD1",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUAffinityFromNUMA": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUQuotaPeriodUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"ControlPID": "0",
"DefaultMemoryLow": "0",
"DefaultMemoryMin": "0",
"Delegate": "no",
"DevicePolicy": "auto",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FileDescriptorStoreMax": "0",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
"IPIngressBytes": "18446744073709551615",
"IPIngressPackets": "18446744073709551615",
"LimitAS": "infinity",
"LimitASSoft": "infinity",
"LimitCORE": "infinity",
"LimitCORESoft": "infinity",
"LimitCPU": "infinity",
"LimitCPUSoft": "infinity",
"LimitDATA": "infinity",
"LimitDATASoft": "infinity",
"LimitFSIZE": "infinity",
"LimitFSIZESoft": "infinity",
"LimitLOCKS": "infinity",
"LimitLOCKSSoft": "infinity",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "262144",
"LimitNOFILESoft": "1024",
"LimitNPROC": "2964",
"LimitNPROCSoft": "2964",
"LimitRSS": "infinity",
"LimitRSSSoft": "infinity",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "infinity",
"LimitRTTIMESoft": "infinity",
"LimitSIGPENDING": "2964",
"LimitSIGPENDINGSoft": "2964",
"LimitSTACK": "infinity",
"LimitSTACKSoft": "8388608",
"LogLevelMax": "-1",
"LogRateLimitBurst": "0",
"LogRateLimitIntervalUSec": "0",
"MainPID": "0",
"MemoryAccounting": "yes",
"MemoryCurrent": "[not set]",
"MemoryHigh": "infinity",
"MemoryLimit": "infinity",
"MemoryLow": "0",
"MemoryMax": "infinity",
"MemoryMin": "0",
"MemorySwapMax": "infinity",
"NFileDescriptorStore": "0",
"NRestarts": "0",
"NUMAMask": "",
"NUMAPolicy": "n/a",
"Nice": "0",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "0",
"PermissionsStartOnly": "no",
"RemainAfterExit": "no",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeMaxUSec": "infinity",
"SecureBits": "0",
"Slice": "system.slice",
"StandardError": "null",
"StandardInput": "null",
"StandardInputData": "",
"StandardOutput": "null",
"StartupBlockIOWeight": "[not set]",
"StartupCPUShares": "[not set]",
"StartupCPUWeight": "[not set]",
"StartupIOWeight": "[not set]",
"StatusErrno": "0",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "yes",
"TasksCurrent": "[not set]",
"TasksMax": "4743",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Type": "dbus",
"UID": "[not set]",
"UMask": "0022",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
[root@node1 www]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: e>
Active: inactive (dead)
Docs: man:firewalld(1)
lines 1-4/4 (END)
^C
[root@node1 www]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: en>
Active: active (running) since Mon 2022-10-24 16:12:13 CST; 4s ago
Docs: man:firewalld(1)
Main PID: 5226 (firewalld)
Tasks: 2 (limit: 4743)
Memory: 26.0M
CGroup: /system.slice/firewalld.service
└─5226 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
Oct 24 16:12:13 node1.example.com systemd[1]: Starting firewalld - dynamic firewall daem>
Oct 24 16:12:13 node1.example.com systemd[1]: Started firewalld - dynamic firewall daemo>
Oct 24 16:12:13 node1.example.com firewalld[5226]: WARNING: AllowZoneDrifting is enabled>
設置允許http流量的傳入
[student@ansible ansible]$ ansible node1 -m firewalld -a 'service=http permanent=yes state=enabled immediate=yes'
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed service http to enabled"
}
測試
[student@ansible ansible]$ curl //node1
my name is luojialong
