1. ansible
提高效率自動化運維的工具
- 自動化:
系統自動化(PXE+KS/PXE+cobblet)
程序自動化(ansible/saltstack/pupper)
代碼自動化(JenKins)
程序自動化分爲兩類
1) C/S架構: saltstack puppet
2) 無客戶端模式: ansible(主控端/被控端)
三者區別
ansible: 基於Python開發,使用ssh 協議,沒有客戶端,200-300臺被控端,適用於中小型應用環境,一個系統控制多臺主機
saltstack :基於Python開發,支持統一管理,比較輕量級 500
PYthon編寫,需要部署 agent 主控制端通過安裝在被控制端的代理來對被控端進行操作
puppet: ruby語言編寫,重型,適合大型環境,谷歌使用 軟件過於複雜,國內一般不使用 1000+
、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、
1. 實驗環境
ansible(控制端) : 192.168.116.10/24
server_1 (被控制端): 192.168.116.11/24
server_2(被控制端): 192.168.116.12/24
server_3(被控制端): 192.168.116.13/24
1)安裝ansible
- 安裝 系統擴展yum源
yum -y install epel-release
# epel(extend packages for Enterprose) 屬於 企業版linux擴展源yum 包
- 創建 yum 緩存,加快下載安裝速度。
[root@tianci ~]# yum makecache fast
- 安裝ansible
[root@tianci ~]# yum -y install ansible
2. 生成祕鑰對
-
生成祕鑰對,用於免密登錄其他服務器
另外兩臺服務器也需要[root@tianci ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:6lDiyTi6pBp5q898/TB173uor6CjmeeBkG0u4LCY49M root@tianci The key's randomart image is: +---[RSA 2048]----+ | | | | | | | o | |o o + . S . | |+= B = o . . | |Bo* B.= . .. | |+O E.=+= . .. . | |B=*.+++o. o++o | +----[SHA256]-----+
[root@tianci ~]# ls /root/.ssh/
id_rsa id_rsa.pub
id_rsa —》 私鑰
id_rsa.pub —》公鑰
- 將公鑰傳輸並追加至 指定的客戶端,.ssh/authorized_keys(記錄公鑰文件)
[root@tianci ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.116.11 (192.168.116.11)' can't be established.
ECDSA key fingerprint is SHA256:RFjKa//P/N+GhPwpj1/7/StnVP8o7DeQyHfLsjzdDQI.
ECDSA key fingerprint is MD5:64:d6:a3:e8:28:90:46:48:3f:aa:c4:0c:a9:06:ea:31.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
- 連接進行驗證
[root@tianci ~]# ssh [email protected]
Last login: Fri Sep 27 22:41:03 2019 from 1.1.1.11
[root@localhost ~]# exit
登出
Connection to 192.168.116.11 closed.
- 傳輸公鑰
[root@tianci ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
[root@tianci ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
3. 配置文件
ansible.cfg ----》 配置文件,位於 /etc/ansible/ansible.cfg ,默認不需要修改
hosts ---》 主機清單, 位於 /etc/ansible/hosts ,需要修改
roles ---》 角色:是一種編寫習慣,可以自己編寫,實現快速的部署
-
修改 hosts 主機清單 文件
添加ansible所控制的主機,在hosts 中可以 定義一個標籤(組名)並添加對應主機
可以根據需求設置對應的組名以及管理地址 -
在hosts 主機清單末尾追加
[root@localhost ~]# vim /etc/ansible/hosts
[dbserver] # 自定義標籤(name),相當於組名
192.168.116.11 # 所包含的主機
[webservers] # 組名/標籤
192.168.116.12
192.168.116.13
# 保存退出
-
查看ansible 版本號
[root@tianci ~]# ansible --version ansible 2.9.2 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
5.ansible 模塊
-
查看ansible 的模塊有多少以及有哪些
[root@tianci ~]# ansible-doc -l | wc -l 3387
-
查看指定模塊用法
ansible -s 模塊名
-
ansible 使用模塊格式
ansible 操作對象 -m 模塊名 -a ‘模塊參數’
參數:
-a 某些模塊中可以省略
- 測試 ansible 與所有服務器(hosts 中包含的地址)連接情況
- 如果都沒得問題,爲安全色(綠色)
ansible all -m ping
參數:
all 表示所有操作對象
例:
[root@tianci ~]# ansible all -m ping
192.168.116.11 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.116.12 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.116.13 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
1) command 模塊
- 主要用於執行簡單的shell命令;執行復雜的shell命令會報錯
- 一般用不到
- command 模塊稍微複雜一點就傻逼了
- 爲 操作對象 dbserver組 添加 command 模塊 並在該種中執行指定命令
[root@tianci ~]# ansible dbserver -m command -a 'ls /root'
192.168.116.11 | CHANGED | rc=0 >>
anaconda-ks.cfg
- 執行一條稍微兒複雜一點的命令
[root@tianci ~]# ansible dbserver -m command -a 'cat /etc/passwd | wc -l'
192.168.116.11 | FAILED | rc=1 >>
cat:無效選項 -- l
Try 'cat --help' for more information.non-zero return code
2) shell模塊
-
shell模塊可以執行所有的命令
-
執行上一條讓 command 懵逼的命令
[root@tianci ~]# ansible dbserver -m shell -a 'cat /etc/passwd | wc -l'
192.168.116.11 | CHANGED | rc=0 >>
19
3) cron 模塊
- 用於爲被控制端設置自動化任務;
cron == crontab - 爲 dbserver中的主機設置一個 crontab
ansible dbserver -m cron -a 'minute="*/2" job="data >> /tmp/date.txt" name="show date" state=present'
參數:
爲 dbserver 組 添加自動化任務,minute= 計劃任務, job=執行語句 name= 描述信息 state=添加/移除
state=present 一般表示添加,新添加的計劃任務
state=absent 一般表示移除
[root@tianci ~]# ansible dbserver -m cron -a 'minute="*/2" job="data >> /tmp/date.txt" name="show date" state=present'
192.168.116.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true, ## true 更改成功
"envs": [],
"jobs": [
"show date"
]
}
#
- 在被控端查看計劃任務
[root@localhost ~]# crontab -l -u root
#Ansible: show date
*/2 * * * * data >> /tmp/date.txt
- 移除改組的計劃任務
- 移除的時候只需要指定 name
[root@tianci ~]# ansible dbserver -m cron -a 'name="show date" state=absent'
192.168.116.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
- 查看驗證(192.168.116.11)
[root@localhost ~]# crontab -l -u root
name
4) user 模塊
- 主要用於:
1) useradd one
2) passwd one
3) useradd -M -s /sbin/nologin nginx
4) useradd -u 1111 nginx
5) userdel -r one
-
例子: 通過user 模塊 創建模塊
ansible dbserver -m user -a 'name=now state=present'
創建一個用戶, name= 用戶名 state=創建
[root@tianci ~]# ansible dbserver -m user -a 'name=now state=present'
192.168.116.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/now",
"name": "now",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
- 例子: 通過 shell 模塊 爲用戶添加密碼
[root@tianci ~]# ansible dbserver -m shell -a 'echo "123.com" | passwd --stdin now'
[root@tianci ~]# ansible dbserver -m shell -a 'echo "123.com" | passwd --stdin now'
192.168.116.11 | CHANGED | rc=0 >>
更改用戶 now 的密碼 。
passwd:所有的身份驗證令牌已經成功更新。
- 例子: 通過 user 模塊 創建用戶並賦值密碼
PS: user 模塊中加密 需要使用密文密碼
首先使用 openssl passwd 生成加密後的密文
[root@tianci ~]# openssl passwd '123.com'
bQs.zEBJmFOLw
[root@tianci ~]# ansible dbserver -m user -a 'name=two password="bQs.zEBJmFOLw" state=present'
# name=用戶 password=密文密碼 state=添加
[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
192.168.116.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1001,
"home": "/home/two",
"name": "two",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1001
}
- 例子: 使用 user 模塊指定家目錄創建
[root@tianci ~]# ansible dbserver -m user -a 'name=nginx create_home=no shell=/no/login state=present'
# name=用戶 create_home=創建家目錄 no 爲不 shell=指定登錄環境
192.168.116.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 1002,
"home": "/home/nginx",
"name": "nginx",
"shell": "/no/login",
"state": "present",
"system": false,
"uid": 1002
}
[root@tianci ~]# ansible dbserver -m shell -a 'tail /etc/passwd | grep "nginx"'
192.168.116.11 | CHANGED | rc=0 >>
nginx:x:1002:1002::/home/nginx:/no/login
# 通過驗證我們發現,該用戶也有家目錄,但是我們設置不爲其創建家目錄,這是怎麼回事呢
# 是因爲這是一個小BUG,只是顯示有而已,但是沒有家目錄哦
[root@tianci ~]# ansible dbserver -m shell -a 'ls /home/nginx'
192.168.116.11 | FAILED | rc=2 >>
ls: 無法訪問/home/nginx: 沒有那個文件或目錄non-zero return code
-
例子: 使用 user 模塊創建用戶並指定 uid
[root@tianci ~]# ansible dbserver -m user -a 'name=three uid=1111 state=present' 192.168.116.11 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1111, "home": "/home/three", "name": "three", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1111 } # 驗證 [root@tianci ~]# ansible dbserver -m shell -a 'id three' 192.168.116.11 | CHANGED | rc=0 >> uid=1111(three) gid=1111(three) 組=1111(three)
-
例子: 使用 user 模塊刪除用戶
[root@tianci ~]# ansible dbserver -m user -a 'name=noe remove=yes state=present'
# name=刪用戶名 remove=是否刪除
192.168.116.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1112,
"home": "/home/noe",
"name": "noe",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1112
}
5) group 模塊
-
添加 組
例子: 通過 group模塊添加組並指定 gid[root@tianci ~]# ansible dbserver -m group -a 'name=market system=yes state=present gid=1234' # name=組名 system=該組是否出現在遠程主機上 192.168.116.11 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 1234, "name": "market", "state": "present", "system": true } # 驗證 [root@tianci ~]# ansible dbserver -m shell -a 'tail /etc/group | grep "market"' 192.168.116.11 | CHANGED | rc=0 >> market:x:995:
-
例子: 通過 group 模塊 刪除組
刪除[root@tianci ~]# ansible dbserver -m group -a 'name=market state=absent' # name=組名 state=執行 192.168.116.11 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "name": "market", "state": "absent" } # 驗證 [root@tianci ~]# ansible dbserver -m shell -a 'tail /etc/group | grep "market"' 192.168.116.11 | FAILED | rc=1 >> non-zero return code
6) copy 模塊
1) 從主控端複製文件到被控制端(類似於scp)
2) 主控制被控制複製和粘貼被控制的文件
[root@tianci ~]# echo "copy module of ansible " > ansible.txt
[root@tianci ~]# ansible all -m copy -a 'src=/root/ansible.txt dest=/root' # 將ansible 本身的 文件 複製粘貼至 所有主機中 /root下
# src=複製(本地) dest=目標地址(被控端)
# 驗證
[root@tianci ~]# andible all -m shell -a 'cat /root/ansible.txt'
bash: andible: 未找到命令...
[root@tianci ~]# ansible all -m shell -a 'cat /root/ansible.txt'
192.168.116.13 | CHANGED | rc=0 >>
copy module of ansible
192.168.116.11 | CHANGED | rc=0 >>
copy module of ansible
192.168.116.12 | CHANGED | rc=0 >>
copy module of ansible
# 添加remote_src=yes 表示複製粘貼都在 ansible主機執行
[root@tianci ~]# ansible webservers -m copy -a 'src=/etc/resolv.conf dest=/rot remote_src=yes' ## 驗證ansible的冪等性;
[root@tianci ~]# ansible webservers -m copy -a 'src=/etc/resolv.conf dest=/rot remote_src=yes backup=yes' ## 修改一下被控制端/root/resolv.conf 的內容,使其可以發生文件覆蓋,此時加上backup 將覆蓋文件前的文件進行備份
# src=源 dest=目標地址 remote_src=如果是yes將src轉到遠程主機上
# backup=覆蓋時是否進行備份 ,在復重複制時ansible會比較兩個文件中的內容,如果一樣則不會進行覆蓋,但是會提示執行完畢
# 如果內容不一樣則會覆蓋,但是backup會將源文件進行備份(日期+時間+文加名)
7) file 模塊
1) 修改文件屬性(owner group mode權限) ---》 chown chmod
2) 軟連接、硬鏈接
3) 創建目錄或者文件
4) 刪除文件或者目錄
5) 遞歸設置目錄權限以及屬主屬組
-
例子:更改文件或者目錄屬主屬組
- [root@tianci ~]# ansible dbserver -m file -a 'path=/root/anaconda-ks.cfg owner=tianci group=tianci' # path=文件路徑 owner=屬主 group=屬組 192.168.116.11 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 1000, "group": "tianci", "mode": "0600", "owner": "tianci", "path": "/root/anaconda-ks.cfg", "secontext": "system_u:object_r:admin_home_t:s0", "size": 1257, "state": "file", "uid": 1000
驗證 :
[root@tianci ~]# ansible dbserver -m shell -a 'ls -l /root/anaconda-ks.cfg'
192.168.116.11 | CHANGED | rc=0 >>
-rw-------. 1 tianci tianci 1257 9月 27 22:17 /root/anaconda-ks.cfg
-
例子:修改文件權限
- [root@tianci ~]# ansible dbserver -m file -a 'path=/root/anaconda-ks.cfg mode=7777' 192.168.116.11 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 1000, "group": "now", "mode": "07777", "owner": "now", "path": "/root/anaconda-ks.cfg", "secontext": "system_u:object_r:admin_home_t:s0", "size": 1257, "state": "file", "uid": 1000 } # 驗證 [root@tianci ~]# ansible dbserver -m shell -a 'ls -l /root/anaconda-ks.cfg' 192.168.116.11 | CHANGED | rc=0 >> -rwsrwsrwt. 1 tianci tianci 1257 9月 27 22:17 /root/anaconda-ks.cfg
-
例子:創建軟連接與硬鏈接
- 軟連接
[root@tianci ~]# ansible dbserver -m file -a 'src=/etc/hosts dest=/root/host state=link'
# src=源 dest=目標 state= link 軟連接
192.168.116.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/root/host",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 10,
"src": "/etc/hosts",
"state": "link",
"uid": 0
}
state=link 軟連接
state=hard 硬鏈接
- 硬鏈接
[root@tianci ~]# ansible dbserver -m file -a 'src=/etc/hosts dest=/root/hosts state=hard'
192.168.116.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/root/hosts",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:net_conf_t:s0",
"size": 158,
"src": "/etc/hosts",
"state": "hard",
"uid": 0
}
- 在被控制端查看
[root@localhost ~]# ll /root/
總用量 12
-rwsrwsrwt. 1 now now 1257 9月 27 22:17 anaconda-ks.cfg
-rw-r--r--. 1 root root 24 1月 8 16:08 ansible.txt
lrwxrwxrwx. 1 root root 10 1月 8 16:43 host -> /etc/hosts ## 軟連接
-rw-r--r--. 2 root root 158 6月 7 2013 hosts ## 硬鏈接
-
例子:創建文件
- [root@tianci ~]# ansible dbserver -m file -a 'path=/tmp/file.txt state=touch' # state=touch 創建文件 192.168.116.11 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "dest": "/tmp/file.txt", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 0, "state": "file", "uid": 0 } # 驗證 [root@tianci ~]# ansible dbserver -m shell -a 'ls /root/file.txt' 192.168.116.11 | CHANGED | rc=0 >> /root/file.txt
-
創建目錄
[root@tianci ~]# ansible dbserver -m file -a 'path=/tmp/file state=directory' # state=directory 創建目錄 192.168.116.11 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/file", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 6, "state": "directory", "uid": 0 } # 驗證 [root@tianci ~]# ansible dbserver -m shell -a 'ls /tmp/ | grep 'file'' 192.168.116.11 | CHANGED | rc=0 >> file
-
刪除目錄
- [root@tianci ~]# ansible dbserver -m file -a 'path=/tmp/file state=absent' # state=absent 移除 192.168.116.11 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "path": "/tmp/file", "state": "absent" } # 驗證 [root@tianci ~]# ansible dbserver -m shell -a 'ls /tmp/ | grep 'file'' 192.168.116.11 | CHANGED | rc=0 >>
-
遞歸設置權限
# 如果指定目錄或者文件不存在則創建
[root@tianci ~]# ansible dbserver -m file -a 'path=/tmp/file mode=0777 recurse=yes'
192.168.116.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"path": "/tmp/file",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
# 驗證
[root@tianci ~]# ansible dbserver -m shell -a 'ls -l /tmp/ | grep 'file''
192.168.116.11 | CHANGED | rc=0 >>
drwxr-xr-x. 2 now now 6 1月 8 22:41 file
- 遞歸設置屬主屬組
[root@tianci ~]# ansible dbserver -m file -a 'path=/tmp/file owner=now group=now recurse=yes'
# recurse=yes 是否遞歸
192.168.116.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 1000,
"group": "now",
"mode": "0777",
"owner": "now",
"path": "/tmp/file",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 1000
}
8) yum 模塊
-
作用: 主控端空值被控端 使其使用yum 安裝rpm包
PS: 被控端yum 可用
常規操作:
yum -y install
yum -y remove -
例子:通過 yum 模塊安裝
- [root@tianci ~]# ansible dbserver -m yum -a 'name=wget state=present' # name=rpm包名字,如果安裝多個用逗號隔開即可 192.168.116.11 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "changes": { "installed": [ "wget" ] }
-
例子: 通過 yum 模塊卸載
[root@tianci ~]# ansible dbserver -m yum -a 'name=gcc,c++ state=absent' 192.168.116.11 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "changes": { "removed": [ "gcc" ] }
-
service 模塊
作用: 操控被控制端開啓,關閉、重啓、重載(視具體服務而定)
1) notice: service 可以管理rpm包安裝的服務源碼安裝的服務建議使用shell模塊直接執行命令
服務狀態(state)
started / stopped / restarted
例子:關閉防火牆
[root@tianci ~]# ansible dbserver -m service -a 'name=firewalld state=stopped'
# name=服務名字
192.168.116.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "firewalld",
"state": "stopped",
## 類似於以下這種情況一般是 該軟件已經存在
[root@tianci ~]# ansible dbserver -m yum -a 'name=wget state=present'
192.168.116.11 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "",
"rc": 0,
"results": [
"wget-1.14-15.el7_4.1.x86_64 providing wget is already installed"
]
}
[root@tianci ~]# ansible dbserver -m shell -a 'rpm -qa | grep wget'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If you need to use command because yum, dnf or zypper is insufficient you can add 'warn: false' to this
command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.116.11 | CHANGED | rc=0 >>
wget-1.14-15.el7_4.1.x86_64
- hostname 修改主機名
1) hostname 臨時
2) hostnamectl 永久
3) vim 配置文件
4) 通過 ansible hostname模塊
-
例子: 通過hostname修改主機名
- [root@tianci ~]# ansible dbserver -m hostname -a 'name=localhost.localdomain' # name=名字 192.168.116.11 | CHANGED => { "ansible_facts": { "ansible_domain": "localdomain", "ansible_fqdn": "localhost.localdomain", "ansible_hostname": "localhost", "ansible_nodename": "localhost.localdomain", "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "name": "localhost.localdomain" }
9) script 模塊
- 作用:用於將主控端的腳本在被控端運行
常用的腳本:
1)shell ----》 .sh
2)python ----》 .py
-
例子: 通過 script 模塊 執行主控端腳本
-
首先編寫腳本文件,批量創建用戶( user1–user10)
[root@tianci ~]# vim test.sh
#! /bin/bash
for i in {1..10}
do
useradd user$i
echo "123.com" | passwd --stdin user$i
done
- 調用腳本
[root@tianci ~]# ansible dbserver -m script -a '/root/test.sh'
# 調用主控端腳本不需要使用任何參數,直接輸入腳本位置即可。
192.168.116.11 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.116.11 closed.\r\n",
"stderr_lines": [
…………
…………
"更改用戶 user9 的密碼 。",
"passwd:所有的身份驗證令牌已經成功更新。",
"更改用戶 user10 的密碼 。",
"passwd:所有的身份驗證令牌已經成功更新。"
]
}
- 驗證
[root@tianci ~]# ansible dbserver -m shell -a 'tail /etc/passwd'
192.168.116.11 | CHANGED | rc=0 >>
user1:x:1113:1113::/home/user1:/bin/bash
user2:x:1114:1114::/home/user2:/bin/bash
user3:x:1115:1115::/home/user3:/bin/bash
user4:x:1116:1116::/home/user4:/bin/bash
user5:x:1117:1117::/home/user5:/bin/bash
user6:x:1118:1118::/home/user6:/bin/bash
user7:x:1119:1119::/home/user7:/bin/bash
user8:x:1120:1120::/home/user8:/bin/bash
user9:x:1121:1121::/home/user9:/bin/bash
user10:x:1122:1122::/home/user10:/bin/bash
-
例子: 通過script 模塊 執行腳本批量刪除用戶 (user1 – user10)
- [root@tianci ~]# vim userdel.sh #! /bin/bash for i in {1..10} do userdel user$1 done # 運行腳本 [root@tianci ~]# ansible dbserver -m script -a '/root/userdel.sh' 192.168.116.11 | CHANGED => { "changed": true, "rc": 0, "stderr": "Shared connection to 192.168.116.11 closed.\r\n", "stderr_lines": [ "Shared connection to 192.168.116.11 closed." ], "stdout": "", "stdout_lines": [] } # 驗證 [root@tianci ~]# ansible dbserver -m shell -a 'tail /etc/passwd' 192.168.116.11 | CHANGED | rc=0 >> dbus:x:81:81:System message bus:/:/sbin/nologin
10) setup 模塊
-
用於獲取被控端的 ansible變量
獲取的變量主要是用於模板中,可以利用變量,實現對被控端的快速配置和差異化配置 -
例子: 通過setup模塊獲取所有的 變量
- [root@tianci ~]# ansible dbserver -m setup -a '' # 此操作是獲取所有的變量, 例子:通過 setup 模塊獲取指定參數的變量 [root@tianci ~]# ansible dbserver -m setup -a 'filter="*cpu*"' # filter=變量 * 通配符, 192.168.116.11 | SUCCESS => { "ansible_facts": { "ansible_processor_vcpus": 1, "discovered_interpreter_python": "/usr/bin/python" }, "changed": false }
11) fetch 模塊
-
作用: 拿取被控端文件
-
例子: 通過 fetch 模塊 將被控端的文件 拉取到主控端
- [root@tianci ~]# ansible all -m fetch -a 'src=/etc/resolv.conf dest=/tcp/test' # src=源(被控端) dest=目標地址(主控端) 192.168.116.11 | CHANGED => { "changed": true, "checksum": "dfb754d542e43feec14d581300236fa04a56597d", "dest": "/tcp/test/192.168.116.11/etc/resolv.conf", "md5sum": "653fab6375ea318ef8d245125b8de19f", "remote_checksum": "dfb754d542e43feec14d581300236fa04a56597d", "remote_md5sum": null } 192.168.116.13 | CHANGED => { "changed": true, "checksum": "dfb754d542e43feec14d581300236fa04a56597d", "dest": "/tcp/test/192.168.116.13/etc/resolv.conf", "md5sum": "653fab6375ea318ef8d245125b8de19f", "remote_checksum": "dfb754d542e43feec14d581300236fa04a56597d", "remote_md5sum": null } 192.168.116.12 | CHANGED => { "changed": true, "checksum": "dfb754d542e43feec14d581300236fa04a56597d", "dest": "/tcp/test/192.168.116.12/etc/resolv.conf", "md5sum": "653fab6375ea318ef8d245125b8de19f", "remote_checksum": "dfb754d542e43feec14d581300236fa04a56597d", "remote_md5sum": null } # 驗證 [root@tianci ~]# ls /tcp/test/ 192.168.116.11 192.168.116.12 192.168.116.13
- replace 模塊
-
作用: 可以實現對文件間的內容切換
[root@tianci ~]# vim test.txt hello worald hello [root@tianci ~]# ansible dbserver -m replace -a 'path=/root/test.txt regexp="hello" replace="aaaaa"' # path=修改的文件 regexp=匹配的字符 replace=替換的東西 192.168.116.11 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "msg": "2 replacements made" } [root@tianci ~]# ansible dbserver -m shell -a 'cat /root/test.txt' 192.168.116.11 | CHANGED | rc=0 >> aaaaa worald aaaaa
-
例子:將整行內容替換
- [root@tianci ~]# ansible dbserver -m shell -a 'cat /root/aaa.txt' 192.168.116.11 | CHANGED | rc=0 >> aaaaaa # ^ 以什麼開頭 # $ 以什麼結尾 [root@tianci ~]# ansible dbserver -m replace -a 'path=/root/aaa.txt regexp="^aaaaaa$" replace="abcdefg"' 192.168.116.11 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "msg": "1 replacements made" } [root@tianci ~]# ansible dbserver -m shell -a 'cat /root/aaa.txt' 192.168.116.11 | CHANGED | rc=0 >> abcdefg
13) template 模塊
-
作用: 主要用於主控端使用模板配置被控端配置文件的場景,
需要用到模板文件、文件必須以 .j2 結尾 -
安裝 服務 進行測試
[root@tianci ~]# ansible webservers -m shell -a 'mount /dev/cdrom /media'
[WARNING]: Consider using the mount module rather than running 'mount'. If you need to use command because mount is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.116.13 | CHANGED | rc=0 >>
mount: /dev/sr0 寫保護,將以只讀方式掛載
192.168.116.12 | CHANGED | rc=0 >>
mount: /dev/sr0 寫保護,將以只讀方式掛載
# 通過ansible yum 安裝 httpd
[root@tianci ~]# ansible webservers -m yum -a 'name=httpd state=installed'
# 主控端安裝 web 服務
[root@tianci ~]# yum -y install httpd
# 將被控端的 httpd配置文件作爲模板
[root@tianci ~]# cp /etc/httpd/conf/httpd.conf /root/httpd.conf.j2
# 修改其 域名 爲 www.baidu.com
[root@tianci ~]# vim /root/httpd.conf.js
ServerName www.baidu.com:80
# 通過模板修改
[root@tianci ~]# ansible webservers -m template -a 'src=/root/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf'
# src=主控端模板源 dest=目標地址
192.168.116.13 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "f3385c6f241cc46f9585382b8edd7e287d3367d2",
"dest": "/etc/httpd/conf/httpd.conf",
"gid": 0,
"group": "root",
"md5sum": "f7271dedceda064a54c591c904e1ffb6",
"mode": "0644",
"owner": "root",
"size": 11750,
"src": "/root/.ansible/tmp/ansible-tmp-1578552032.32-247713146820451/source",
"state": "file",
"uid": 0
}
192.168.116.12 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "f3385c6f241cc46f9585382b8edd7e287d3367d2",
"dest": "/etc/httpd/conf/httpd.conf",
"gid": 0,
"group": "root",
"md5sum": "f7271dedceda064a54c591c904e1ffb6",
"mode": "0644",
"owner": "root",
"size": 11750,
"src": "/root/.ansible/tmp/ansible-tmp-1578552032.33-257511787935695/source",
"state": "file",
"uid": 0
}
# 驗證
[root@tianci ~]# ansible webservers -m shell -a 'cat /etc/httpd/conf/httpd.conf | grep "ServerName"'
192.168.116.12 | CHANGED | rc=0 >>
# ServerName gives the name and port that the server uses to identify itself.
ServerName www.baidu.com:80
192.168.116.13 | CHANGED | rc=0 >>
# ServerName gives the name and port that the server uses to identify itself.
ServerName www.baidu.com:80
- 例子: 引用變量進行修改
[root@tianci ~]# vim /root/httpd.conf.j2
ServerName www.baidu.com:{{http_port}}
# 修改hosts 主機清單的變量與端口號
[root@tianci ~]# vim /etc/ansible/hosts
[webservers]
192.168.116.12 http_port=8888
192.168.116.13 http_port=8888
unarchive 模塊
作用: 將主控端的壓縮文件,解壓後 放在被控端
# 將 tar 包解壓至 被控端的目錄中
[root@tianci ~]# ansible webservers -m unarchive -a 'src=/root/nginx-1.12.2.tar.gz dest=/usr/src'
# src=主控端源 dest=目標地址(被空端)
# 驗證
[root@tianci ~]# ansible webservers -m shell -a 'ls /usr/src | grep "nginx*"'
192.168.116.13 | CHANGED | rc=0 >>
nginx-1.12.2
192.168.116.12 | CHANGED | rc=0 >>
nginx-1.12.2
14) lineinfile 模塊
- 作用: 修改文件中的內容
BOF begin of file 文件開頭
EOF end of file 文件結尾
參數:
參數 | 含義 |
---|---|
path | 指定要操作的文件對象 |
regexp | 匹配條件 |
insertbefore | 在某行之前插入 |
line | 要寫入文件的內容 |
insertafter | 在某行之後插入 |
-
如果使用 insertbefore或者 insertafter 必須使用 state= 參數
-
例子: 通過 lineinfile 模塊在 nginx.conf文件的開頭前插入一行
[root@tianci ~]# ansible dbserver -m lineinfile -a 'path=/root/nginx.conf insertbefore=BOF line='#aaaaaaaa'' 192.168.116.11 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "backup": "", "changed": true, "msg": "line added" }
驗證:
[root@tianci ~]# ansible dbserver -m shell -a 'head -n 2 /root/nginx.conf' 192.168.116.11 | CHANGED | rc=0 >> #aaaaaaaa
-
例子: 在文件的末尾插入一行
[root@tianci ~]# ansible dbserver -m lineinfile -a 'path=/root/nginx.conf insertafter=EOF line="# bbbbbbbbbbb"' 192.168.116.11 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "backup": "", "changed": true, "msg": "line added" }
驗證:
[root@tianci ~]# ansible dbserver -m shell -a 'tail -n 2 /root/nginx.conf'
192.168.116.11 | CHANGED | rc=0 >>
}
# bbbbbbbbbbb
- 例子: 在指定的行 前/後 插入內容
- 在 /root/nginx.conf 文件中的 #charset koi8-r; 行 之後 插入 charset koi8-r;
[root@tianci ~]# ansible dbserver -m lineinfile -a 'path=/root/nginx.conf insertafter=" #charset koi8-r;" line=" charset koi8-r;" state=present'
- 在 /root/nginx.conf 文件的 server { 之前插入 upstream{
[root@tianci ~]# ansible dbserver -m lineinfile -a 'path=/root/nginx.conf insertbefore=" server {" line=" upstrame{" state=present'
- 例子: 刪除指定的行
將剛剛添加的# bbbbbbbbbbb 刪除
[root@tianci ~]# ansible dbserver -m lineinfile -a 'path=/root/nginx.conf regexp="# bbbbbbbbbbb" state=absent'
192.168.116.11 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"found": 1,
"msg": "1 line(s) removed"
}
4. ansible 的任務編排
playbook(劇本)
1) ansible 劇本的文件 後綴 爲 .yml .yaml
- 格式:
帶有 - 的行爲 描述行,描述行下的爲執行語句
- hosts: 操作對象
remote_user: 遠程用戶
tasks:
- name: 描述信息
模塊名: 執行任務
- name: 描述信息
模塊名: 執行任務
[root@tianci ~]# vim tset.yml
- hosts: dbserver # 描操作對象,可以是主機、主機清單(組名標籤)
remote_user: root # 遠程執行的用戶
tasks: # 計劃任務
- name: install vsftpd # 描述信息
yum: name=vsftpd # 執行任務 模塊名 執行語句
- name: start vsftpd # 描述信息
service: name=vsftpd state=started # 執行任務: 模塊名 加執行語句
- 檢測語法錯誤
# 如果由錯誤直接提示,如沒有錯誤輸入劇本名稱
[root@tianci ~]# ansible-playbook tset.yml --syntax-check playbook: tset.yml
- 運行劇本
- 以下屬於 劇本的運行過程,列出了描述信息以及執行進度
[root@tianci ~]# ansible-playbook tset.yml
PLAY [dbserver] *****************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************
ok: [192.168.116.11]
……………………
-
在使用 shell腳本時,可以在shell下使用args添加參數
例子- shell: ./config ~~~~ args: chdir: /usr/local/nginx-1.11.1 ## 意思是在編譯時首先進入到 下面那個目錄
-
例子: 通過 ansible - playbook(劇本) 爲被控端安裝 LNMP 環境
部署 Nginx
- hosts: webservers
remote_user: root
tasks:
- name: install nginx
unarchive: src=/root/nginx-1.11.1.tar.gz dest=/usr/src
- name: yum install pcre8 openssl*
yum: name=pcre*,openssl-devel,pcre-devel,zlib-devel
- name: make nginx
shell: ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-pcre && make && make install
args:
chdir: /usr/src/nginx-1.11.1
- name: create nginx running user
user: name=nginx create_home=no shell=/sbin/nologin state=present
- name: create link /usr/local/nginx/sbin/nginx /usr/sbin/nginx
file: src=/usr/local/nginx/sbin/nginx dest=/usr/sbin/nginx state=link
- name: start nginx
shell: nginx
部署MySQL
- hosts: webservers
remote_user: root
tasks:
- name: jie ya tar_cmake
unarchive: src=/root/cmake-2.8.7.tar.gz dest=/usr/src
- name: cd /usr/src/cmake* gmake install cmake
shell: ./configure && gmake && gmake install
args:
chdir: /usr/src/cmake-2.8.7
- name: jie ya tar_mysql
unarchive: src=/root/mysql-5.5.22.tar.gz dest=/usr/src
- name: yum install
yum: name=pcre-devel,ncurses,ncurses-devel
- name: cd /usr/src/mysql* && make && make install msyql
shell: cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DSYSCONFDIR=/etc -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH-EXTRA_CHARSETS=all && make && make install
args:
chdir: /usr/src/mysql-5.5.22
- name: create mysql running user
user: name=mysql state=present
- name: mysql link
shell: ln -s /usr/local/mysql/bin/* /usr/local/bin
- name: updata mysql user\group
file: path=/usr/local/mysql owner=mysql group=mysql recurse=yes
- name: copy mysql_config_file
copy: src=/usr/local/mysql/support-files/my-medium.cnf dest=/etc/my.cnf remote_src=yes
- name: copy msyqld
copy: src=/usr/local/mysql/support-files/mysql.server dest=/etc/init.d/mysqld remote_src=yes
- name: chkconfig
shell: chkconfig --add mysqld
- name: chu shi hua mysql
shell: /usr/local/mysql/scripts/mysql_install_db --user=mysql --group=mysql --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/
- name: permission
file: path=/etc/init.d/mysqld mode=755
- name: start mysql
service: name=mysqld state=started
- hosts: dbserver
remote_user: root
tasks:
- name: yum install
yum: name=gd,libxml2-devel,libjpeg-devel,libpng-devel
- name: jie ya php
unarchive: src=php-5.3.28.tar.gz dest=/usr/src/
- name:
shell: ./configure --prefix=/usr/local/php --with-gd --with-zlib --with-mysql=/usr/local/mysql --with-config-file-path=/usr/local/php --enable-fpm --enable-mbstring --with-jpeg-dir=/usr/lib && make && make install
args:
chdir: /usr/src/php-5.3.28
- name: copy-config-file
copy: src=/usr/src/php-5.3.28/php.ini-development dest=/usr/local/php/php.ini remote_src=yes
- name: updata php.ini
shell: sed -i '/#default_charset = "utf-8"/a\default_charset = "utf-8"' /usr/local/php/php.ini && sed -i '/short_open_tag/c\short_open_tag = On' /usr/local/php/php.ini
- name: jie ya Zend
unarchive: src=/root/ZendGuardLoader-php-5.3-linux-glibc23-x86_64.tar.gz dest=/usr/src/
- name: copy Zend
copy: src=/usr/src/ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/ZendGuardLoader.so dest=/usr/local/php/lib/ZendGuardLoader.so remote_src=yes
- name: sed php.ini_Zend
lineinfile: path=/usr/local/php/php.ini insertafter=BOF line="Zend_extension=/usr/local/php/lib/ZendGuardLoader"
- lineinfile: path=/usr/local/php/php.ini insertafter=BOF line="Zend_loader.enable=1"
- name: tian jia systemctl
copy: src=/usr/src/php-5.3.28/sapi/fpm/init.d.php-fpm dest=/etc/init.d/php-fpm remote_src=yes
- name: permisvissi
file: path=/etc/init.d/php-fpm mode=755
- name: chkconfig
shell: chkconfig --add php-fpm
- name: copy php-fpm_config_fiel
copy: src=/usr/local/php/etc/php-fpm.conf.default dest=/usr/local/php/etc/php-fpm.conf remote_src=yes
- name: update php-fpm.conf
shell: sed -i '/pid = /a\pid = run/php-fpm.pid' /usr/local/php/etc/php-fpm.conf && sed -i '/user = nobody/c\user = nginx' /usr/local/php/etc/php-fpm.conf && sed -i '/group = nobody/c\group = nginx' /usr/local/php/etc/php-fpm.conf
- name: start php-fpm
service: name="php-fpm" state=started
- name: update nginx.conf
replace: path=/usr/local/nginx/conf/nginx.conf regexp=" index index.html index.htm;" replace=" index index.php index.html index.htm;"
- name: update nginx.conf
shell: sed -i '/ server_name localhost;/a \ location ~ \.php$ {\n root html;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_index index.php;\n fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;\n include fastcgi.conf;\n}' /usr/local/nginx/conf/nginx.conf
- name: restart
service: name=php-fpm state=restarted
Apache: 劇本
- hosts: dbserver
remote_user: root
tasks:
- name: apr
unarchive: src=/root/apr-1.5.2.tar.gz dest=/usr/src
- name: apr-make
shell: ./configure --prefix=/usr/local/apr && make && make install
args:
chdir: /usr/src/apr-1.5.2
- name: apr-util
unarchive: src=/root/apr-util.*.tar.gz dest=/usr/src
- shell: ./configure --prefix=/usr/local/apr-util --with-apr=/usr/loca/apr/bin/apr-1-config && make && make install
args:
chdir: /usr/src/apr-util.*
- name: tar httpd install
unarchive: src=/root/httpd-2.4.25.tar.gz dest=/usr/src
- shell: /usr/local/apr-util/bin/* /usr/local/bin
- yum: name=pcre-devel
- shell: ./configure --prefix=/usr/local/httpd --enable-so --enable-charset-lite --enable-cgi --enable-rewrite && make && make install
args:
chdir: /usr/src/httpd-2.4.25
- name: you hua httpd path
shell: ln -s /usr/local/httpd/bin/* /usr/local/bin
- name: copy httpd-start-config-file
copy: src=/usr/local/httpd/bin/apachectl dest=/etc/init.d/httpd remote_src=yes
- shell: chkconfig --add httpd
- file: path=/etc/init.d/httpd mode=0755
- name: start httpd-server
service: name=httpd state=started