1.Ansible介绍
1.1 Ansible简介
(1)Ansible不需要安装客户端,通过sshd去通信(无密钥登陆)。
(2)Ansible无服务器端,使用时直接运行命令。
(3)Ansible基于模块工作,模块可以由任何语言开发。
(4)Ansible不仅支持命令行使用模块,也支持编写Yaml格式的playbook,易于编写和阅读。
(5)Ansible安装十分简单,CentOS上可直接Yum安装。
(6)Ansible有提供UI(浏览器图形化)www.ansible.com/tower,收费的官方文档 http://docs.ansible.com/ansible/latest/index.html。
Ansible已经被RedHat公司收购,它在Github(https://github.com/ansible/ansible)上是一个非常受欢迎的开源软件。
一本不错的入门电子书 https://ansible-book.gitbooks.io/ansible-first-book/
1.2 Ansible系统架构
Ansible的系统架构如图1所示。
(1)Ansible:核心程序(核心引擎)
(2)Core Modules:核心模块,主要操作是通过调用核心模块来完成管理任务(Ansible自带模块)
(3)Custom Modules:自定义模块,如果核心模块不足以完成某种功能,可以添加自定义模块来完成功能,支持多种语言。
(4)Plugins:插件,完成模块功能的补充,借助插件完成记录日志,邮件等功能。
(5)Playbooks:剧本定义Ansible任务的配置文件,可以将多个任务定义在一个剧本中,有Ansible自动执行,剧本支持多个任务,可以由控制主机运行多个位置,同时对多台远程主机进行管理。Playbooks是Ansible的配置、部署和编排语言,可以描述一个想要的运程系统执行策略或一组步骤的一般过程.
(6)Connectior plugins:连接插件,Ansible基于连接插件连接到各个主机上,负责和被管节点实现通信(Ansible和Host通信使用)
(7)Host Inventory:主机清单,定义Ansible管理的主机策略,默认是在Ansible的hosts配置文件中定义被管节点,记录由Ansible管理的主机信息,包括端口、密码、IP等。
1.3 Ansible执行流程
如图2所示,Ansible在运行时,首先读取ansible.cfg中的配置,根据规则获取Inventory中的管理主机列表,并行的在这些主机中执行配置的任务,最后等待执行返回的结果。
2.Ansible安装
(1)环境准备
修改主机名
rootalocalhost ~]# hostnamectl set-hostname ansible-test]
rootalocalhost ~l# bash
在两台机器上关闭防火墙和SELinux
[root@ansible-test1 ~]# systemctl stop firewalld
[root@ansible-test1 ~]# systemctl disable firewalld
[root@ansible-test1 ~]# setenforce 0
修改/etc/hosts文件
[root@ansible-test1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.10 ansible-test1 //添加两台主机的IP和主机名
192.168.2.20 ansible-test2
(2)安装Ansible
准备两台机器anisble-01和anisble-02,只需要在anisble-01上安装Ansible,先安装epel仓库
[root@ansible-test1 ~]# yum install epel-release -y
[root@ansible-test1 ~]# yum install -y ansible
[root@ansible-test1 ~]# ansible --version
ansible 2.9.27config file = /etc/ansible/ansible,cfgconfigured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']ansible python module location = /usr/lib/python2.7/site-packages/ansibleexecutable location =/usr/bin/ansiblepython version = 2.7,5 (default, Apr 11 2018,07:36:10) [GCc 4.8.5 20150623 (Red Hat 4.8.5-28)]
(3)免密配置
anisble-01上生成密钥对ssh-keygen -t rsa,把公钥放到anisble-02上,设置密钥认证
[root@ansible-test1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:noXQMFFeEGuct0KdmqnqPaKwPZawovbauE6ejo22hfQ root@ansible-test1
The key's randomart image is:
+---[RSA 2048]----+
| +o+o. |
| * = . |
| . O + |
| + * . |
| . S o |
|o o o + |
|.= E . o |
|*OO .o. |
|%@O*o... |
+----[SHA256]-----+
[root@ansible-test1 ~]# ssh-copy-id 192.168.20.45
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.20.45's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.20.45'"
and check to make sure that only the key(s) you wanted were added.
[root@ansible-test1 ~]# ssh 192.168.20.45
Last login: Mon Dec 9 19:01:28 2024 from 192.168.20.1
[root@ansible-test2 ~]# exit
logout
Connection to 192.168.20.45 closed.
(4)主机组设置
在/etc/ansible/hosts文件中添加本机和另一台机器的IP
[root@ansible-test1 ~]# grep ^[^#] /etc/ansible/hosts
[testhost]
127.0.0.1
2.1 Ansible远程登录执行命令-command
[root@ansible-test1 ~]# ansible testhost -m command -a "hostname"
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:XAJ0u7oW+LkZyLPHW0KHB984o9XoOdFoRq6Z6kS31s4.
ECDSA key fingerprint is MD5:96:9a:2e:7e:a5:2a:9c:54:2f:5d:84:b2:20:f0:0e:dd.
Are you sure you want to continue connecting (yes/no)? yes
127.0.0.1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
192.168.20.45 | CHANGED | rc=0 >>
ansible-test2
注意:这样就可以批量执行命令了。这里的testhost为主机组名,-m后边是模块名字,-a后面是命令。当然我们也可以直接写一个IP,针对某一台机器来执行命令。
2.2 Ansible拷贝文件或目录-copy
[root@ansible-test1 ~]# ansible 192.168.20.45 -m copy -a "src=/etc/passwd dest=/tmp/123"
192.168.20.45 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "f8bfb8bffc9b65bcdb742b0382d602dc53182fa5",
"dest": "/tmp/123",
"gid": 0,
"group": "root",
"md5sum": "4022cc06f1f2fa60d0eecb807417c1c4",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 846,
"src": "/root/.ansible/tmp/ansible-tmp-1733791585.03-20509-52889187708234/source",
"state": "file",
"uid": 0
}
注意:这里的/tmp/123和源机器上的/etc/passwd是一致的,但如果目标机器上已经有/tmp/123目录,则会再/tmp/123目录下面建立passwd文件。
2.3 Ansible远程执行脚本-shell
首先创建一个shell脚本
[root@ansible-test1 ~]# cat /tmp/test.sh
#!/bin/bash
# 这是一个简单的脚本,用于将当前日期时间追加到 /tmp/ansible_test.txt 文件中
echo $(date) >> /tmp/ansible_test.txt
然后把该脚本分发到各个机器上
[root@ansible-test1 ~]# ansible testhost -m copy -a "src=/tmp/test.sh dest=/tmp/test.sh mode=0755"
127.0.0.1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
192.168.20.45 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "e452d88ec2d3d23eeb08cbf88d6d063a23a8b6fe",
"dest": "/tmp/test.sh",
"gid": 0,
"group": "root",
"md5sum": "cad929cb4be1bed33a8858dfb41662d1",
"mode": "0755",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 152,
"src": "/root/.ansible/tmp/ansible-tmp-1733792083.59-20644-253577200571222/source",
"state": "file",
"uid": 0
}
最后是批量执行该shell脚本
[root@ansible-test1 ~]# ansible testhost -m shell -a "/tmp/test.sh"
127.0.0.1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
192.168.20.45 | CHANGED | rc=0 >>
shell模块,还支持远程执行命令并且带管道
[root@ansible-test1 ~]# ansible testhost -m shell -a "cat /etc/passwd |wc -l "
127.0.0.1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
192.168.20.45 | CHANGED | rc=0 >>
19
[root@ansible-test1 ~]# cat /tmp/ansible_test.txt
Mon Dec 9 19:51:52 EST 2024
Mon Dec 9 19:53:22 EST 2024
Mon Dec 9 19:54:16 EST 2024
2.4 Ansible管理任务计划-cron
创建任务计划,命名并定义工作
[root@ansible-test1 ~]# ansible testhost -m cron -a "name='test cron' job='/bin/bash/tmp/test.sh' weekday=6"
127.0.0.1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
192.168.20.45 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
若要删除该cron只需要加一个字段state=absent
[root@ansible-test1 ~]# ansible testhost -m cron -a "name='test cron' state=absent"
127.0.0.1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
192.168.20.45 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
其他的时间表示------分钟:minute;小时:hour;日期:day;月份:month
2.5 Ansible安装RPM包、管理服务-yum
[root@ansible-test1 ~]# ansible testhost -m yum -a "name=httpd"
127.0.0.1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
192.168.20.45 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"httpd"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-99.el7.centos.1 will be installed\n--> Processing Dependency: httpd-tools = 2.4.6-99.el7.centos.1 for package: httpd-2.4.6-99.el7.centos.1.x86_64\n--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-99.el7.centos.1.x86_64\n--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-99.el7.centos.1.x86_64\n--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-99.el7.centos.1.x86_64\n--> Running transaction check\n---> Package apr.x86_64 0:1.4.8-7.el7 will be installed\n---> Package apr-util.x86_64 0:1.5.2-6.el7_9.1 will be installed\n---> Package httpd-tools.x86_64 0:2.4.6-99.el7.centos.1 will be installed\n---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n httpd x86_64 2.4.6-99.el7.centos.1 updates 2.7 M\nInstalling for dependencies:\n apr x86_64 1.4.8-7.el7 base 104 k\n apr-util x86_64 1.5.2-6.el7_9.1 updates 92 k\n httpd-tools x86_64 2.4.6-99.el7.centos.1 updates 94 k\n mailcap noarch 2.1.41-2.el7 base 31 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+4 Dependent packages)\n\nTotal download size: 3.0 M\nInstalled size: 10 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 264 kB/s | 3.0 MB 00:11 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : apr-1.4.8-7.el7.x86_64 1/5 \n Installing : apr-util-1.5.2-6.el7_9.1.x86_64 2/5 \n Installing : httpd-tools-2.4.6-99.el7.centos.1.x86_64 3/5 \n Installing : mailcap-2.1.41-2.el7.noarch 4/5 \n Installing : httpd-2.4.6-99.el7.centos.1.x86_64 5/5 \n Verifying : httpd-2.4.6-99.el7.centos.1.x86_64 1/5 \n Verifying : mailcap-2.1.41-2.el7.noarch 2/5 \n Verifying : apr-1.4.8-7.el7.x86_64 3/5 \n Verifying : httpd-tools-2.4.6-99.el7.centos.1.x86_64 4/5 \n Verifying : apr-util-1.5.2-6.el7_9.1.x86_64 5/5 \n\nInstalled:\n httpd.x86_64 0:2.4.6-99.el7.centos.1 \n\nDependency Installed:\n apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7_9.1 \n httpd-tools.x86_64 0:2.4.6-99.el7.centos.1 mailcap.noarch 0:2.1.41-2.el7 \n\nComplete!\n"
]
}
在name后面还可以加上state=installed/removed。
设置服务状态,这里的name是CentOS系统里的服务名,可以通过chkconfig --list命令查到
[root@ansible-test1 ~]# ansible testhost -m service -a "name=httpd state=started enabled=yes"
127.0.0.1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
192.168.20.45 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "network.target tmp.mount system.slice nss-lookup.target systemd-journald.socket remote-fs.target -.mount basic.target",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Before": "shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"Conflicts": "shutdown.target",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The Apache HTTP Server",
"DevicePolicy": "auto",
"Documentation": "man:httpd(8) man:apachectl(8)",
"EnvironmentFile": "/etc/sysconfig/httpd (ignore_errors=no)",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStop": "{ path=/bin/kill ; argv[]=/bin/kill -WINCH ${MAINPID} ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/httpd.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "httpd.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestampMonotonic": "0",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "control-group",
"KillSignal": "18",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "4096",
"LimitNPROC": "14996",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "14996",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "0",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "httpd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "main",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "yes",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "-.mount basic.target",
"RequiresMountsFor": "/var/tmp",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "18446744073709551615",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "notify",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"Wants": "system.slice",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
Ansible文档的使用
[root@ansible-test1 ~]# ansible-doc -l
fortios_router_community_list Configure community lists in Fortinet's FortiOS and FortiGate
azure_rm_devtestlab_info Get Azure DevTest Lab facts
ecs_taskdefinition register a task definition in ecs
avi_alertscriptconfig Module for setup of AlertScriptConfig Avi RESTful Object
tower_receive Receive assets from Ansible Tower
netapp_e_iscsi_target NetApp E-Series manage iSCSI target configuration
azure_rm_acs Manage an Azure Container Service(ACS) instance
fortios_log_syslogd2_filter Filters for remote system server in Fortinet's FortiOS and FortiGate
junos_rpc Runs an arbitrary RPC over NetConf on an Juniper JUNOS device
na_elementsw_vlan NetApp Element Software Manage VLAN
pn_ospf CLI command to add/remove ospf protocol to a vRouter
pn_snmp_vacm CLI command to create/modify/delete snmp-vacm
cp_mgmt_service_sctp Manages service-sctp objects on Check Point over Web Services API
onyx_ospf Manage OSPF protocol on Mellanox ONYX network devices
icx_command Run arbitrary commands on remote Ruckus ICX 7000 series switches
cs_snapshot_policy Manages volume snapshot policies on Apache CloudStack based clouds
nxos_install_os Set boot options like boot, kickstart image and issu
cnos_static_route Manage static IP routes on Lenovo CNOS network devices
win_eventlog Manage Windows event logs
vmware_category Manage VMware categories
vmware_host_feature_info Gathers info about an ESXi host's feature capability information
avi_cluster Module for setup of Cluster Avi RESTful Object
na_ontap_user NetApp ONTAP user configuration and management
aci_l3out Manage Layer 3 Outside (L3Out) objects (l3ext:Out)
memset_server_info Retrieve server information
gcp_compute_subnetwork_info Gather info for GCP Subnetwork
azure_rm_virtualmachinescalesetextension Manage Azure Virtual Machine Scale Set (VMSS) extensions
fortios_report_dataset Report dataset configuration in Fortinet's FortiOS and FortiGate
avi_api_session Avi API Module
avi_networkprofile Module for setup of NetworkProfile Avi RESTful Object
avi_backup Module for setup of Backup Avi RESTful Object
aci_interface_policy_cdp Manage CDP interface policies (cdp:IfPol)
fortios_firewall_vip Configure virtual IP for IPv4 in Fortinet's FortiOS and FortiGate
gcp_compute_backend_service Creates a GCP BackendService
iam_policy Manage IAM policies for users, groups, and roles
fortios_system_fips_cc Configure FIPS-CC mode in Fortinet's FortiOS and FortiGate
fortios_log_null_device_setting Settings for null device logging in Fortinet's FortiOS and FortiGate
查看指定模块的文档
[root@ansible-test1 ~]# ansible-doc yum
> YUM (/usr/lib/python2.7/site-packages/ansible/modules/packaging/os/yum.py)
Installs, upgrade, downgrades, removes, and lists packages and groups with the `yum' package manager. This module only
works on Python 2. If you require Python 3 support see the [dnf] module.
* This module is maintained by The Ansible Core Team
* note: This module has a corresponding action plugin.
OPTIONS (= is mandatory):
- allow_downgrade
Specify if the named package and version is allowed to downgrade a maybe already installed higher version of that
package. Note that setting allow_downgrade=True can make this module behave in a non-idempotent way. The task could
end up with a set of packages that does not match the complete list of specified packages to install (because
dependencies between the downgraded package and others can cause changes to the packages which were in the earlier
transaction).
[Default: no]
type: bool
version_added: 2.4
- autoremove
If `yes', removes all "leaf" packages from the system that were originally installed as dependencies of user-installed
packages but which are no longer required by any such package. Should be used alone or when state is `absent'
NOTE: This feature requires yum >= 3.4.3 (RHEL/CentOS 7+)
[Default: no]
type: bool
version_added: 2.7
- bugfix
If set to `yes', and `state=latest' then only installs updates that have been marked bugfix related.
[Default: no]
version_added: 2.6
- conf_file
The remote yum configuration file to use for the transaction.
[Default: (null)]
version_added: 0.6