Ansible:
Ansible是新出現的自動化運維工具,基於Python開發,集合了衆多運維工具(puppet,cfengine,chef,func,fabric)的優點,實現了批量系統配置,批量程序部署,批量運行命令等功能。
Ansible是基於模塊工作的,本身沒有批量部署的能力,真正具有批量部署的是Ansible所運行的模塊,Ansible只是提供一種框架。
自動化運維工具:
- puppet:基於ruby語言開發,屬於C/S架構,兼容linux,windows,unix,支持1000臺主機以上。
- saltstack:基於python語言開發,屬於C/S架構,統一管理,輕量級,支持1000臺主機以上。
- ansible:基於python語言開發,屬於無客戶端模式,使用ssh協議管理,支持100臺以上。
Ansible特性:
- 模塊化:調用特定的模塊,完成特定任務。
- 有Paramiko,PyYAML,Jinja2(模板語言)三個關鍵模塊。
- 支持自定義模塊。
- 基於Python語言實現。
- 部署簡單:基於Python和SSH(默認已安裝),agentless。
- 安全:基於OpenSSH。
- 支持playbook編排任務。
- 冪等性:一個任務執行一遍和執行N遍效果一樣,不因重複執行帶來意外狀況。
- 無需代理不依賴PKI(無需ssl)。
- 可使用任何編程語言寫模塊。
- YAML格式,編排任務,支持豐富的數據結構。
- 較強大的多層解決方案。
Ansible組成部分:
- Ansible core:Ansible核心程序。
- HostInventory:記錄有Ansible管理的主機信息,包括端口,密碼,IP等。
- ConnectionPlugins:連接插件,用來和被控端通信。
- Playbook:劇本,YAML格式文件,多個任務定義在一個文件中。
- CoreModules:核心模塊。
- CustomModules:自定義模塊。
ssh原理:
私鑰加密,公鑰解密:
在主控端生成一對密鑰,把公鑰傳遞到遠程的主機上,當主控端想要去連接遠程主機,遠程主機會隨機發送一串字符給主控端,主控端將這串字符加密,發送給遠程主機,遠程主機用公鑰來進行解密,解密出的字符如果和自己生成的字符一直,則主控端驗證通過。
安裝Ansible:
Host | 網絡信息: |
---|---|
主控端 | ens33:192.168.43.23 |
Host1 | ens33:192.168.43.241 |
Host1 | ens33:192.168.43.104 |
主控端:
方法一:
[root@localhost ansible]# ls
ansible-2.4.2.0-2.el7.noarch.rpm python-httplib2-0.9.2-1.el7.noarch.rpm python-passlib-1.6.5-2.el7.noarch.rpm
libyaml-0.1.4-11.el7_0.x86_64.rpm python-jinja2-2.7.2-2.el7.noarch.rpm pyyaml-3.10-11.el7.x86_64.rpm
python2-jmespath-0.9.0-3.el7.noarch.rpm python-markupsafe-0.11-10.el7.x86_64.rpm sshpass-1.06-2.el7.x86_64.rpm
python-babel-0.9.6-8.el7.noarch.rpm python-paramiko-2.1.1-2.el7.noarch.rpm
[root@localhost ansible]# pwd
/root/ansible
[root@localhost ansible]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# vim ansible.repo
[ansible]
name=ansible
baseurl=file:///root/ansible
enabled=1
gpgcheck=0
[root@localhost yum.repos.d]# createrepo /root/ansible
Spawning worker 0 with 6 pkgs
Spawning worker 1 with 5 pkgs
Workers Finished
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete
[root@localhost yum.repos.d]# yum -y install ansible
[root@localhost yum.repos.d]# ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
方法二:
[root@localhost ~]# yum -y install ansible.noarch
[root@localhost ~]# ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
ssh免密登錄:
[root@localhost yum.repos.d]# yum -y install openssh openssh-devel openssl openssl-devel
[root@localhost yum.repos.d]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:zzj2bNrD0MsJi0jLBXRqY4STyNYcqa5FXmAqnW0bRnI root@localhost
The key's randomart image is:
+---[RSA 2048]----+
|..o+o |
|.oB+E . |
|.+.@ o |
|o.+ % |
|oo * = S. |
| .o o . o+. |
|.. o + .+*oo |
|. + ...=B |
| .o+. |
+----[SHA256]-----+
[root@localhost yum.repos.d]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.43.23 (192.168.43.23)' can't be established.
ECDSA key fingerprint is SHA256:PjbUpTdGG1FtiYjG1P2DIADe646/IxZq5ge0sQybAhE.
ECDSA key fingerprint is MD5:86:09:71:21:24:06:f4:9b:ae:08:08:ea:4c:31:84:8f.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost yum.repos.d]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.43.241 (192.168.43.241)' can't be established.
ECDSA key fingerprint is SHA256:pQXV+j1JjfR1c2ESn2FEtfxeC5Oumv14JQMnR7S5Yic.
ECDSA key fingerprint is MD5:23:72:5e:ea:11:13:c2:b7:c4:8f:1b:0f:a4:d7:05:9b.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost yum.repos.d]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.43.104 (192.168.43.104)' can't be established.
ECDSA key fingerprint is SHA256:VUy72dDXxHUZFcfqyGGlGYX3IGBI++aL7uNlufMJAsQ.
ECDSA key fingerprint is MD5:02:89:1d:f4:9b:66:c4:a9:a9:9e:5f:8d:d9:48:9e:f1.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost yum.repos.d]# ssh [email protected]
Last login: Wed Nov 6 14:00:13 2019 from desktop-a1km2p9
[root@localhost ~]# exit
logout
Connection to 192.168.43.241 closed.
[root@localhost yum.repos.d]# ssh [email protected]
Last login: Wed Nov 6 14:00:48 2019 from desktop-a1km2p9
[root@localhost ~]# exit
logout
Connection to 192.168.43.104 closed.
Ansible主目錄:
[root@localhost yum.repos.d]# cd /etc/ansible/
[root@localhost ansible]# ls
ansible.cfg hosts roles
#ansible.cfg:配置文件
#hosts:主機清單
#roles:角色
[root@localhost ansible]# vim hosts
添加:
[webserver]
192.168.43.104
192.168.43.241
[dbserver]
192.168.43.241
Ansible命令:
格式:
ansible Hosts(主機) -module_name(模塊名) -a job(對主機進行的命令操作)
Ansible消息級別所對應的顏色:
- 綠色:代表執行成功。
- 紅色:代表執行失敗。
- 黃色:代表執行成功,對遠程主機的數據進行了修改。
- 紫色:代表警告。
列出Ansible中的所有模塊:
[root@localhost ansible]# ansible-doc --list
a10_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' server object.
a10_server_axapi3 Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
a10_service_group Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' service groups.
a10_virtual_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' virtual servers...
accelerate Enable accelerated mode on remote node
... ...
... ...
查看指定模塊的幫助信息:
[root@localhost mysql-5.7.22]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
ping:
data: # Data to return for the `ping' return value. If this parameter is set to `crash', the
module will cause an exception.
Ansible常用模塊:
ping:
檢查指定節點機器是否還能連通,用法很簡單,不涉及參數,主機如果在線,則回覆pong。
[root@localhost ~]# ansible webserver -m ping
192.168.43.104 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.43.241 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@localhost ~]# ansible dbserver -m ping
192.168.43.241 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@localhost ~]# ansible all -m ping
192.168.43.241 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.43.104 | SUCCESS => {
"changed": false,
"ping": "pong"
}
command:
用於在各被管理節點運行指定的命令,shell和command的區別在於shell模塊可以使用特殊字符,而command是不支持。
[root@localhost ~]# ansible all -m command -a 'hostname'
192.168.43.241 | SUCCESS | rc=0 >>
localhost
192.168.43.104 | SUCCESS | rc=0 >>
localhost
參數:
-
chdir:指定當前所在目錄。
[root@localhost ~]# ansible all -m command -a ‘chdir=/home ls’
192.168.43.104 | SUCCESS | rc=0 >>
gsb192.168.43.241 | SUCCESS | rc=0 >>
shaobo -
creates:當指定文件存在時,命令不執行,當指定文件不存在時,則命令執行。
[root@localhost ~]# ansible all -m command -a ‘creates=/etc/fstab cat /etc/fstab’
192.168.43.241 | SUCCESS | rc=0 >>
skipped, since /etc/fstab exists192.168.43.104 | SUCCESS | rc=0 >>
skipped, since /etc/fstab exists -
removes:當指定文件存在時,命令執行,當指定文件不存在時,則命令不執行。
[root@localhost ~]# ansible all -m command -a ‘removes=/etc/fstab cat /etc/fstab’
192.168.43.241 | SUCCESS | rc=0 >>/etc/fstab
Created by anaconda on Tue Nov 5 20:30:33 2019
Accessible filesystems, by reference, are maintained under ‘/dev/disk’
See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
/dev/mapper/cl-root / xfs defaults 0 0
UUID=0698a74d-300d-4aea-a8c9-c6b7c7c449f4 /boot xfs defaults 0 0
/dev/mapper/cl-swap swap swap defaults 0 0192.168.43.104 | SUCCESS | rc=0 >>
/etc/fstab
Created by anaconda on Mon Mar 4 21:27:17 2019
Accessible filesystems, by reference, are maintained under ‘/dev/disk’
See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
/dev/mapper/cl-root / xfs defaults 0 0
UUID=f20cd398-f878-40e5-a5d9-f7f683aabe77 /boot xfs defaults 0 0
/dev/mapper/cl-swap swap swap defaults 0 0
shell:
在遠程主機上執行命令 可以指定特殊的字符。
[root@localhost ~]# ansible all -m shell -a 'ls /usr | grep src'
192.168.43.241 | SUCCESS | rc=0 >>
src
192.168.43.104 | SUCCESS | rc=0 >>
src
user:
user模塊用來對遠程主機上的用戶進行操作,user模塊所對應的請求命令是useradd, userdel, usermod。
參數:
-
name:指定創建的用戶名,如果沒有這個用戶,就自動創建。
[root@localhost ~]# ansible all -m user -a "name=testuser "
192.168.43.104 | SUCCESS => {
“changed”: true,
“comment”: “”,
“createhome”: true,
“group”: 1001,
“home”: “/home/testuser”,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“system”: false,
“uid”: 1001
}
192.168.43.241 | SUCCESS => {
“changed”: true,
“comment”: “”,
“createhome”: true,
“group”: 1001,
“home”: “/home/testuser”,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“system”: false,
“uid”: 1001
}
[root@localhost ~]# ansible all -m shell -a “ls /home | grep test”
192.168.43.104 | SUCCESS | rc=0 >>
testuser192.168.43.241 | SUCCESS | rc=0 >>
testuser -
password:用來指定創建用戶的密碼。
[root@localhost ~]# openssl passwd -1 123.com
BI5o3s0e$05rvmfSuWXfsb0i3r93wd1
[root@localhost ~]# ansible all -m user -a “name=testuser password=BI5o3s0e$05rvmfSuWXfsb0i3r93wd1”
192.168.43.104 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 1001,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“password”: “NOT_LOGGING_PASSWORD”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1001
}
192.168.43.241 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 1001,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“password”: “NOT_LOGGING_PASSWORD”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1001
}
[root@localhost ~]# ansible all -m shell -a “cat /etc/shadow | grep testuser”
192.168.43.104 | SUCCESS | rc=0 >>
testuser:-bash5rvmfSuWXfsb0i3r93wd1:18206:0:99999:7:::192.168.43.241 | SUCCESS | rc=0 >>
testuser:-bash5rvmfSuWXfsb0i3r93wd1:18206:0:99999:7::: -
uid:用來指定創建用戶的UID。
[root@localhost ~]# ansible all -m user -a “uid=1020 name=testuser”
192.168.43.104 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 1001,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
192.168.43.241 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 1001,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
[root@localhost ~]# ansible all -m shell -a “cat /etc/passwd | grep testuser”
192.168.43.104 | SUCCESS | rc=0 >>
testuser❌1020:1001::/home/testuser:/bin/bash192.168.43.241 | SUCCESS | rc=0 >>
testuser❌1020:1001::/home/testuser:/bin/bash -
group:用來指定創建用戶的基本組。
[root@localhost ~]# ansible all -m user -a “group=root name=testuser”
192.168.43.104 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 0,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
192.168.43.241 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 0,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
[root@localhost ~]# ansible all -m shell -a “groups testuser”
192.168.43.104 | SUCCESS | rc=0 >>
testuser : root192.168.43.241 | SUCCESS | rc=0 >>
testuser : root -
groups(append):用來指定創建用戶的附加組。
[root@localhost ~]# ansible all -m user -a “groups=adm name=testuser”
192.168.43.241 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 0,
“groups”: “adm”,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
192.168.43.104 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 0,
“groups”: “adm”,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
[root@localhost ~]# ansible all -m shell -a “groups testuser”
192.168.43.241 | SUCCESS | rc=0 >>
testuser : root adm192.168.43.104 | SUCCESS | rc=0 >>
testuser : root adm -
home:用來指定創建用戶的家目錄。
[root@localhost ~]# ansible all -m shell -a “mkdir /home/truehome”
[WARNING]: Consider using file module with state=directory rather than running mkdir192.168.43.104 | SUCCESS | rc=0 >>
192.168.43.241 | SUCCESS | rc=0 >>
[root@localhost ~]# ansible all -m user -a “name=testuser home=/home/truehome”
192.168.43.104 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 0,
“home”: “/home/truehome”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
192.168.43.241 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 0,
“home”: “/home/truehome”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
[root@localhost ~]# ansible all -m shell -a “cat /etc/passwd | grep testuser”
192.168.43.104 | SUCCESS | rc=0 >>
testuser❌1020:0::/home/truehome:/bin/bash192.168.43.241 | SUCCESS | rc=0 >>
testuser❌1020:0::/home/truehome:/bin/bash -
remove=yes或者state=absent:刪除用戶。
[root@localhost ~]# ansible all -m user -a “name=testuser remove=yes”
192.168.43.104 | SUCCESS => {
“append”: false,
“changed”: false,
“comment”: “”,
“group”: 0,
“home”: “/home/truehome”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
192.168.43.241 | SUCCESS => {
“append”: false,
“changed”: false,
“comment”: “”,
“group”: 0,
“home”: “/home/truehome”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
group:
group模塊主要用來對遠程主機上的組進行操作,group模塊所對應的請求命令是groupadd, groupdel, groupmod。
參數:
- name:用來指定創建組的名字,如果沒有這個組,則自動創建。
- gid:用來指定創建組的gid。
- state=absent:刪除組。
創建組:
[root@localhost ~]# ansible all -m group -a "name=one gid=1030"
192.168.43.241 | SUCCESS => {
"changed": true,
"gid": 1030,
"name": "one",
"state": "present",
"system": false
}
192.168.43.104 | SUCCESS => {
"changed": true,
"gid": 1030,
"name": "one",
"state": "present",
"system": false
}
查看結果:
[root@localhost ~]# ansible all -m shell -a "cat /etc/group | grep one"
192.168.43.241 | SUCCESS | rc=0 >>
one:x:1030:
192.168.43.104 | SUCCESS | rc=0 >>
one:x:1030:
刪除組:
[root@localhost ~]# ansible all -m group -a "name=one state=absent"
192.168.43.241 | SUCCESS => {
"changed": true,
"name": "one",
"state": "absent"
}
192.168.43.104 | SUCCESS => {
"changed": true,
"name": "one",
"state": "absent"
}
script:
用來在遠程主機上執行主控端的腳本。
創建腳本,並在遠程主機上執行:
[root@localhost ~]# vim test.sh
#! /bin/bash
touch /tmp/scriptfile
echo "hello world" > /tmp/scriptfile
cat /tmp/scriptfile
[root@localhost ~]# chmod +x test.sh
[root@localhost ~]# ansible all -m script -a "chdir=/root test.sh"
192.168.43.104 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.43.104 closed.\r\n",
"stdout": "hello world\r\n",
"stdout_lines": [
"hello world"
]
}
192.168.43.241 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.43.241 closed.\r\n",
"stdout": "hello world\r\n",
"stdout_lines": [
"hello world"
]
}
copy:
用來將主控端主機的文件複製到遠程主機。
參數:
- src:指定要複製文件的源地址。
- dest:指定複製文件的目標地址。
創建測試文件並拷貝到遠程主機:
[root@localhost ~]# touch testfile
[root@localhost ~]# echo "hello world" > testfile
[root@localhost ~]# ansible all -m copy -a "src=/root/testfile dest=/tmp"
192.168.43.104 | SUCCESS => {
"changed": true,
"checksum": "22596363b3de40b06f981fb85d82312e8c0ed511",
"dest": "/tmp/testfile",
"gid": 0,
"group": "root",
"md5sum": "6f5902ac237024bdd0c176cb93063dc4",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 12,
"src": "/root/.ansible/tmp/ansible-tmp-1573027196.14-194603345129606/source",
"state": "file",
"uid": 0
}
192.168.43.241 | SUCCESS => {
"changed": true,
"checksum": "22596363b3de40b06f981fb85d82312e8c0ed511",
"dest": "/tmp/testfile",
"gid": 0,
"group": "root",
"md5sum": "6f5902ac237024bdd0c176cb93063dc4",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 12,
"src": "/root/.ansible/tmp/ansible-tmp-1573027196.16-53338356328815/source",
"state": "file",
"uid": 0
}
查看結果:
[root@localhost ~]# ansible all -m shell -a "cat /tmp/testfile"
192.168.43.104 | SUCCESS | rc=0 >>
hello world
192.168.43.241 | SUCCESS | rc=0 >>
hello world
- content:用來添加或修改遠程主機文件的內容(雙引號套單引號,/n爲換行符)。
修改遠程主機文件中的內容:
[root@localhost ~]# ansible all -m copy -a "content='new\nstr' dest=/tmp/testfile"
192.168.43.241 | SUCCESS => {
"changed": true,
"checksum": "b117bd2a83c362c24fb99d886f62da015a836922",
"dest": "/tmp/testfile",
"gid": 0,
"group": "root",
"md5sum": "5622de4dea7dadc42530691bbb296da5",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 7,
"src": "/root/.ansible/tmp/ansible-tmp-1573027455.72-143535204445616/source",
"state": "file",
"uid": 0
}
192.168.43.104 | SUCCESS => {
"changed": true,
"checksum": "b117bd2a83c362c24fb99d886f62da015a836922",
"dest": "/tmp/testfile",
"gid": 0,
"group": "root",
"md5sum": "5622de4dea7dadc42530691bbb296da5",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 7,
"src": "/root/.ansible/tmp/ansible-tmp-1573027455.72-221471957710822/source",
"state": "file",
"uid": 0
}
查看結果:
[root@localhost ~]# ansible all -m shell -a "cat /tmp/testfile"
192.168.43.241 | SUCCESS | rc=0 >>
new
str
192.168.43.104 | SUCCESS | rc=0 >>
new
str
- force=no:當主控端拷貝的文件名和目標名一致,但是內容不一致的時,放棄拷貝。
- backup=yes:當主控端拷貝的文件名和目標名一致,但是內容不一致時,對目標文件進行備份。
對文件進行備份:
[root@localhost ~]# ansible all -m copy -a "src=/root/testfile dest=/tmp force=no"
192.168.43.241 | SUCCESS => {
"changed": false,
"dest": "/tmp",
"src": "/root/testfile"
}
192.168.43.104 | SUCCESS => {
"changed": false,
"dest": "/tmp",
"src": "/root/testfile"
}
[root@localhost ~]# ansible all -m copy -a "src=/root/testfile dest=/tmp backup=yes"
192.168.43.104 | SUCCESS => {
"backup_file": "/tmp/testfile.42050.2019-11-06@16:09:25~",
"changed": true,
"checksum": "22596363b3de40b06f981fb85d82312e8c0ed511",
"dest": "/tmp/testfile",
"gid": 0,
"group": "root",
"md5sum": "6f5902ac237024bdd0c176cb93063dc4",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 12,
"src": "/root/.ansible/tmp/ansible-tmp-1573027763.91-233828879526500/source",
"state": "file",
"uid": 0
}
192.168.43.241 | SUCCESS => {
"backup_file": "/tmp/testfile.42217.2019-11-06@16:09:23~",
"changed": true,
"checksum": "22596363b3de40b06f981fb85d82312e8c0ed511",
"dest": "/tmp/testfile",
"gid": 0,
"group": "root",
"md5sum": "6f5902ac237024bdd0c176cb93063dc4",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 12,
"src": "/root/.ansible/tmp/ansible-tmp-1573027763.92-123506317381226/source",
"state": "file",
"uid": 0
}
查看結果:
[root@localhost ~]# ansible all -m shell -a "ls /tmp | grep testfile"
192.168.43.241 | SUCCESS | rc=0 >>
testfile
testfile.42217.2019-11-06@16:09:23~
192.168.43.104 | SUCCESS | rc=0 >>
testfile
testfile.42050.2019-11-06@16:09:25~
- owner:指定文件的屬主。
- group:指定文件的屬組。
- mode: 指定文件的權限。
修改文件的屬主,屬組爲root並且賦予755權限:
[root@localhost ~]# touch testfile_new
[root@localhost ~]# ansible all -m copy -a "src=/root/testfile_new dest=/tmp owner=root group=root mode=755"
192.168.43.241 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/testfile_new",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0755",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1573028049.42-128576015175073/source",
"state": "file",
"uid": 0
}
192.168.43.104 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/testfile_new",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0755",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1573028049.41-132072472051321/source",
"state": "file",
"uid": 0
}
查看結果:
[root@localhost ~]# ansible all -m shell -a "ls -l /tmp/ | grep test"
192.168.43.104 | SUCCESS | rc=0 >>
-rw-r--r--. 1 root root 12 Nov 6 16:09 testfile
-rw-r--r--. 1 root root 7 Nov 6 16:04 testfile.42050.2019-11-06@16:09:25~
-rwxr-xr-x. 1 root root 0 Nov 6 16:14 testfile_new
192.168.43.241 | SUCCESS | rc=0 >>
-rw-r--r--. 1 root root 12 Nov 6 16:09 testfile
-rw-r--r--. 1 root root 7 Nov 6 16:04 testfile.42217.2019-11-06@16:09:23~
-rwxr-xr-x. 1 root root 0 Nov 6 16:14 testfile_new
YUM:
這個模塊時用於REHL或者Centos系統作爲遠端節點的時候,控制遠程主機使用YUM安裝應用。
- name:指定要安裝的應用的名字。
- state=present|lastest|absent:安裝|安裝最新版|刪除
- disablerepo:禁用某個repo源。
- enablerepo:啓用某個repo源。
- disable_gpg_check:關閉gpg驗證。
安裝samba:
[root@localhost ~]# ansible all -m yum -a "name=samba state=installed"
192.168.43.104 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"samba-4.9.1-6.el7.x86_64 providing samba is already installed"
]
}
192.168.43.241 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"samba-4.9.1-6.el7.x86_64 providing samba is already installed"
]
}
啓動smb服務:
[root@localhost ~]# ansible all -m shell -a "systemctl start smb"
192.168.43.104 | SUCCESS | rc=0 >>
192.168.43.241 | SUCCESS | rc=0 >>
查看結果:
[root@localhost ~]# ansible all -m shell -a "netstat -anput | grep smb"
192.168.43.104 | SUCCESS | rc=0 >>
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3315/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 3315/smbd
tcp6 0 0 :::139 :::* LISTEN 3315/smbd
tcp6 0 0 :::445 :::* LISTEN 3315/smbd
192.168.43.241 | SUCCESS | rc=0 >>
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3072/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 3072/smbd
tcp6 0 0 :::139 :::* LISTEN 3072/smbd
tcp6 0 0 :::445 :::* LISTEN 3072/smbd
service:
用於管理遠程主機的服務進程。
參數:
- name:服務名。
- state=started|restarted|reload|stopped|enable:開啓|重啓|重載|停止|開機自啓/
- sleep:如果執行了restarted,則在stop和start之間沉睡幾秒鐘。
- runlevel:運行級別。
關閉smb服務:
[root@localhost ~]# ansible all -m service -a "name=smb state=stopped"
[root@localhost ~]# ansible all -m shell -a "netstat -anput | grep smb"
192.168.43.104 | FAILED | rc=1 >>
non-zero return code
192.168.43.241 | FAILED | rc=1 >>
non-zero return code
file:
file模塊主要用於對遠程主機上的文件進行操作。
參數:
- mode:指定創建文件的權限。
- group:指定創建文件的屬組。
- owner:指定創建文件的屬性。
- path:指定創建文件的路徑。
- recurse:只用於創建目錄時,遞歸目錄的屬性。
- src:要被鏈接的源文件路徑,只用於創建軟鏈接或硬鏈接時。
- dest:要被鏈接到的路徑,只用於創建軟鏈接或硬鏈接時。
- state=directory|touch|link|hard|absent:創建一個目錄|創建一個文件|創建軟連接|軟件硬連接|刪除文件或目錄。
創建目錄:
[root@localhost ~]# ansible all -m file -a "path=/testdirectory state=directory"
192.168.43.241 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/testdirectory",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
192.168.43.104 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/testdirectory",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
創建文件:
[root@localhost ~]# ansible all -m file -a "path=/testdirectory/testfile.txt state=touch"
192.168.43.104 | SUCCESS => {
"changed": true,
"dest": "/testdirectory/testfile.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
192.168.43.241 | SUCCESS => {
"changed": true,
"dest": "/testdirectory/testfile.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
創建新目錄:
[root@localhost ~]# ansible all -m file -a "path=/newdirectory/ state=directory"
192.168.43.241 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/newdirectory/",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
192.168.43.104 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/newdirectory/",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
將文件軟鏈接到新目錄:
[root@localhost ~]# ansible all -m file -a "path=/newdirectory/newtestfile.txt src=/testdirectory/testfile.txt state=link"
192.168.43.104 | SUCCESS => {
"changed": true,
"dest": "/newdirectory/newtestfile.txt",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 27,
"src": "/testdirectory/testfile.txt",
"state": "link",
"uid": 0
}
192.168.43.241 | SUCCESS => {
"changed": true,
"dest": "/newdirectory/newtestfile.txt",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 27,
"src": "/testdirectory/testfile.txt",
"state": "link",
"uid": 0
}
查看結果:
[root@localhost ~]# ansible all -m shell -a "ls -l /newdirectory/"
192.168.43.241 | SUCCESS | rc=0 >>
total 0
lrwxrwxrwx. 1 root root 27 Nov 6 21:18 newtestfile.txt -> /testdirectory/testfile.txt
192.168.43.104 | SUCCESS | rc=0 >>
total 0
lrwxrwxrwx. 1 root root 27 Nov 6 21:18 newtestfile.txt -> /testdirectory/testfile.txt
cron:
cron這個模塊用來對遠程主機執行計劃任務。
參數:
-
minute:分鐘。
-
hour:小時。
-
day:天。
-
month:月。
-
weekday:周。
-
job:執行的命令。
-
name:對計劃任務的命名。
-
special_time=hourly|reboot|yearly|monthly|weekly|daily|:每小時執行一次|重啓時執行一次|每年執行一次|每月執行一次|每週執行一次|每天執行一次。
[root@localhost ~]# ansible all -m cron -a “name=one hour=8 minute=10 job=‘echo hello world’”
192.168.43.241 | SUCCESS => {
“changed”: true,
“envs”: [],
“jobs”: [
“one”
]
}
192.168.43.104 | SUCCESS => {
“changed”: true,
“envs”: [],
“jobs”: [
“one”
]
}
[root@localhost ~]# ansible all -m shell -a “crontab -l”
192.168.43.104 | SUCCESS | rc=0 >>
#Ansible: one
10 8 * * * echo hello world192.168.43.241 | SUCCESS | rc=0 >>
#Ansible: one
10 8 * * * echo hello world
lineinfile:
正則匹配,lineinfile這個模塊用來將文件中中匹配的內容更改爲指定的內容。
-
regexp:定義正則。
-
line:替換掉匹配的內容。
-
path:文件路徑。
[root@localhost ~]# ansible all -m file -a “path=/tmp/newfile state=touch”
192.168.43.104 | SUCCESS => {
“changed”: true,
“dest”: “/tmp/newfile”,
“gid”: 0,
“group”: “root”,
“mode”: “0644”,
“owner”: “root”,
“secontext”: “unconfined_u:object_r:user_tmp_t:s0”,
“size”: 0,
“state”: “file”,
“uid”: 0
}
192.168.43.241 | SUCCESS => {
“changed”: true,
“dest”: “/tmp/newfile”,
“gid”: 0,
“group”: “root”,
“mode”: “0644”,
“owner”: “root”,
“secontext”: “unconfined_u:object_r:user_tmp_t:s0”,
“size”: 0,
“state”: “file”,
“uid”: 0
}
[root@localhost ~]# ansible all -m shell -a “echo ‘hello world’ > /tmp/newfile”
192.168.43.241 | SUCCESS | rc=0 >>192.168.43.104 | SUCCESS | rc=0 >>
[root@localhost ~]# ansible all -m shell -a “cat /tmp/newfile”
192.168.43.104 | SUCCESS | rc=0 >>
hello world192.168.43.241 | SUCCESS | rc=0 >>
hello world
[root@localhost ~]# ansible all -m lineinfile -a “regexp=’^h’ line=‘hello newworld’ path=/tmp/newfile”
192.168.43.104 | SUCCESS => {
“backup”: “”,
“changed”: true,
“msg”: “line replaced”
}
192.168.43.241 | SUCCESS => {
“backup”: “”,
“changed”: true,
“msg”: “line replaced”
}
[root@localhost ~]# ansible all -m shell -a “cat /tmp/newfile”
192.168.43.104 | SUCCESS | rc=0 >>
hello newworld192.168.43.241 | SUCCESS | rc=0 >>
hello newworld
劇本(Playbook):
Playbook是由多個模塊組成的。
yaml:yaml語言是由多個而語言集合而成的,包括C語言,Python,Ruby,Perl等,後綴名爲yaml,yml。層級縮進不能使用tab,只能使用空格,#表示註釋。
yaml數據類型:
- 對象: name: value。
- 數組:-food,代表組。
- 字符串。
- 數字。
yaml文件中的含義:
task 任務 要調用模塊完成的操作。
variables 變量。
handlers 觸發器。
使用劇本安裝nginx:
[root@localhost ~]# vim nginx.yml
---
- hosts: webserver
remote_user: root
tasks:
- yum: name=pcre,pcre-devel,gcc,gcc-c++,zlib,zlib-devel,openssl,openssl-devel state=installed
- copy: src=/root/nginx-1.14.2.tar.gz dest=/usr/src/nginx-1.14.2.tar.gz
- shell: tar -zxvf /usr/src/nginx-1.14.2.tar.gz -C /usr/src && useradd nginx -s /sbin/nologin && cd /usr/src/nginx-1.14.2/ && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module && make && make install && ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/nginx
- file: path=/etc/systemd/system/nginx.service state=touch
- copy: content='[Unit]\nDescription=nginx\nAfter=network.target\n[Service]\nType=forking\nPIDFile=/usr/local/nginx/logs/nginx.pid\nExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf\nExecStop=/usr/local/nginx/sbin/nginx -s stop -c /usr/local/nginx/conf/nginx.conf\nExecReload= /usr/local/nginx/sbin/nginx -s reload -c /usr/local/nginx/conf/nginx.conf\nPrivateTmp=ture\n[Install]\nWantedBy=multi-user.target' dest=/etc/systemd/system/nginx.service
- shell: systemctl daemon-reload && systemctl start nginx.service
- shell: netstat -anput | grep 80
[root@localhost ~]# vim nginx.yml
[root@localhost ~]# ansible-playbook --syntax-check nginx.yml
playbook: nginx.yml
[root@localhost ~]# ansible-playbook nginx.yml
PLAY [webserver] *****************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [yum] ***********************************************************************************************************
ok: [192.168.43.241]
ok: [192.168.43.104]
TASK [copy] **********************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] *******************************************************************************************************
[WARNING]: Consider using unarchive module rather than running tar
changed: [192.168.43.241]
changed: [192.168.43.104]
TASK [file] **********************************************************************************************************
changed: [192.168.43.241]
changed: [192.168.43.104]
TASK [copy] **********************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] *******************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] *******************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
PLAY RECAP ***********************************************************************************************************
192.168.43.104 : ok=8 changed=6 unreachable=0 failed=0
192.168.43.241 : ok=8 changed=6 unreachable=0 failed=0
[root@localhost ~]# curl 192.168.43.104
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@localhost ~]# curl 192.168.43.241
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
使用劇本安裝mysqld:
[root@localhost ~]# vim mysql.yml
---
- hosts: webserver
remote_user: root
tasks:
- yum: name=ncurses-devel,bison,cmake state=installed
- yum: name=libzip state=absent
- copy: src=/root/mysql-5.7.22.tar.gz dest=/usr/src/mysql-5.7.22.tar.gz
- copy: src=/root/boost_1_59_0.tar.gz dest=/usr/src/boost_1_59_0.tar.gz
- shell: useradd mysql -s /sbin/nologin
- shell: tar -zxvf /usr/src/mysql-5.7.22.tar.gz -C /usr/src && tar -zxvf /usr/src/boost_1_59_0.tar.gz -C /usr/local/ && mv /usr/local/boost_1_59_0 /usr/local/boost && rm -rf /usr/local/boost_1_59_0
- shell: cd /usr/src/mysql-5.7.22 && cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DMYSQL-USER=mysql -DMYSQL_DATADIR=/usr/local/mysql/data -DDOWNLOAD_BOOST=1 -DWITH_BOOST=/usr/local/boost -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_FEDERATED_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITHOUT_EXAMPLE_STORAGE_ENGINE=1 -DWITH_PARTITION_STORAGE_ENGINE=1 -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 && make && make install
- shell: mkdir /usr/local/mysql/data && chmod 755 /usr/local/mysql/data -R && chown mysql:mysql /usr/local/mysql/data -R && cp /usr/src/mysql-5.7.22/support-files/mysql.server /etc/init.d/mysqld && chmod +x /etc/init.d/mysqld
- shell: echo 'export PATH=$PATH:/usr/local/mysql/bin/' > /etc/profile.d/mysql.sh
- shell: cd /usr/local/mysql && ./bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data
- file: path=/etc/systemd/system/mysqld.service state=touch
- copy: content='[Unit]\nDescription=mysqld\nAfter=network.target\n[Service]\nType=forking\nPIDFile=/usr/local/mysql/data/localhost.pid\nExecStart=/etc/init.d/mysqld start\nExecStop=/etc/init.d/mysqld stop\nExecReload=/etc/init.d/mysqld reload\nPrivateTmp=ture\n[Install]\nWantedBy=multi-user.target' dest=/etc/systemd/system/mysqld.service
- shell: systemctl daemon-reexec && systemctl daemon-reload && systemctl start mysqld.service
[root@localhost ~]# ansible-playbook --syntax-check mysql.yml
playbook: mysql.yml
[root@localhost ~]# ansible-playbook mysql.yml
PLAY [webserver] *****************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [yum] ***********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [yum] ***********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [copy] **********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [copy] **********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [command] *******************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] *******************************************************************************************************
[WARNING]: Consider using unarchive module rather than running tar
changed: [192.168.43.241]
changed: [192.168.43.104]
TASK [command] *******************************************************************************************************
changed: [192.168.43.241]
changed: [192.168.43.104]
TASK [command] *******************************************************************************************************
[WARNING]: Consider using file module with state=directory rather than running mkdir
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] *******************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] *******************************************************************************************************
changed: [192.168.43.241]
changed: [192.168.43.104]
TASK [file] **********************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [copy] **********************************************************************************************************
changed: [192.168.43.241]
changed: [192.168.43.104]
TASK [command] *******************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
PLAY RECAP ***********************************************************************************************************
192.168.43.104 : ok=12 changed=7 unreachable=0 failed=0
192.168.43.241 : ok=12 changed=7 unreachable=0 failed=0
[root@localhost ~]# ansible all -m shell -a "netstat -anput | grep 3306"
192.168.43.104 | SUCCESS | rc=0 >>
tcp6 0 0 :::3306 :::* LISTEN 54760/mysqld
192.168.43.241 | SUCCESS | rc=0 >>
tcp6 0 0 :::3306 :::* LISTEN 47609/mysqld
使用劇本安裝php:
[root@localhost ~]# vim php.yml
---
- hosts: webserver
remote_user: root
tasks:
- yum: name=libxml2,libxml2-devel,bzip2,bzip2-devel,libcurl,libcurl-devel,libjpeg,libjpeg-devel,libpng,libpng-devel,freetype,freetype-devel,gmp,gmp-devel,readline,readline-devel,libxslt,libxslt-devel state=installed
- yum: name=libzip,cmake state=absent
- copy: src=/root/php-7.3.9.tar.gz dest=/usr/src/php-7.3.9.tar.gz
- copy: src=/root/cmake-3.15.3.tar.gz dest=/usr/src/cmake-3.15.3.tar.gz
- copy: src=/root/libzip-1.5.1.tar.gz dest=/usr/src/libzip-1.5.1.tar.gz
- shell: tar -zxvf /usr/src/php-7.3.9.tar.gz -C /usr/src && tar -zxvf /usr/src/cmake-3.15.3.tar.gz -C /usr/src && tar -zxvf /usr/src/libzip-1.5.1.tar.gz -C /usr/src
- shell: cd /usr/src/cmake-3.15.3/ && ./bootstrap --prefix=/usr/local/cmake && gmake && gmake install && ln -s /usr/local/cmake/bin/* /usr/sbin/
- shell: mkdir /usr/src/libzip-1.5.1/build && cd /usr/src/libzip-1.5.1/build && cmake .. && make && make install
- shell: cd /usr/src//php-7.3.9/ && ./configure --enable-fpm --prefix=/usr/local/php --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir --with-mysqli --with-openssl --with-pcre-regex --with-pdo-mysql --with-pdo-sqlite --with-pear --with-png-dir --with-jpeg-dir --with-xmlrpc --with-xsl --with-zlib --with-openssl --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-mbregex --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip && make && make install && ln -s /usr/local/php/bin/php /usr/bin/
- shell: cd /usr/local/php/etc/ && cp php-fpm.conf.default php-fpm.conf && cd php-fpm.d/ && cp www.conf.default www.conf && cp /usr/src/php-7.3.9/php.ini-development /usr/local/php/etc/php.ini
- shell: cd /usr/local/php/sbin/ && ./php-fpm -c /usr/local/php/etc/php.ini
[root@localhost ~]# ansible-playbook php.yml
PLAY [webserver] *********************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [yum] ***********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [yum] ***********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [copy] **********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [copy] **********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [command] ***********************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] ***********************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] ***********************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
PLAY RECAP ***************************************************************************************************************
192.168.43.104 : ok=4 changed=3 unreachable=0 failed=0
192.168.43.241 : ok=4 changed=3 unreachable=0 failed=0
[root@localhost ~]# ansible all -m shell -a "netstat -anput | grep php-fpm"
192.168.43.241 | SUCCESS | rc=0 >>
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 34304/php-fpm: mast
192.168.43.104 | SUCCESS | rc=0 >>
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 45370/php-fpm: mast