Ansible 原理
使用者使用Ansible或Ansible-playbooks時,在服務器終端輸入Ansible的Ad-Hoc命令集或palybook後,Ansible會遵循預先編排的規則將Playbooks逐條拆解爲Play,再將paly組織成Ansible可識別的任務(Task),隨後調用任務涉及的所有模塊(modules)和插件(plugins),根據Inventory中定義的主機列表通過SSH將任務集以臨時文件或命令的形式傳輸到遠程客戶端執行並返回執行結果,如果是臨時文件,則執行完畢後自動刪除。
Ansible命令執行來源:
USER(普通用戶)即SYSTEM ADMINISTRATORCMDB(配置管理數據庫)API 調用
PUBLIC/PRIVATE CLOUD API調用
USER-> AnsiblePlaybook -> Ansibile
Ansible 特性與構架
特性
模塊化:調用特定的模塊,完成特定任務
有Paramiko,PyYAML,Jinja2(模板語言)三個關鍵模塊
支持自定義模塊
基於Python語言實現
部署簡單,基於python和SSH(默認已安裝),agentless
安全,基於OpenSSH
支持playbook編排任務
冪等性:一個任務執行1遍和執行n遍效果一樣,不因重複執行帶來意外情況
無需代理不依賴PKI(無需ssl)
可使用任何編程語言寫模塊
YAML格式,編排任務,支持豐富的數據結構
較強大的多層解決方案
架構
ANSIBLE PLAYBOOKS:任務劇本(任務集),編排定義Ansible任務集的配置文件,由Ansible順序依次執行,通常是JSON格式的YML文件
INVENTORY:Ansible管理主機的清單/etc/anaible/hosts
MODULES:Ansible執行命令的功能模塊,多數爲內置核心模塊,也可自定義
PLUGINS:模塊功能的補充,如連接類型插件、循環插件、變量插件、過濾插件等,該功能不常用
API:供第三方程序調用的應用程序編程接口
ANSIBLE:組合INVENTORY、API、MODULES、PLUGINS的綠框,可以理解爲是ansible命令工具,其爲核心執行工具
Ansible 部署
1、使用 yum 命令通過 epel 源安裝
[root@CentOS7 ~]#⮀yum install ansible2、使用 git 命令通過 github 安裝
確認安裝成功
[root@CentOS7 ~]# ansible --version
ansible 2.5.3
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]查看 ansible 主程序
[root@CentOS7 ~]# ll /usr/bin/ansible
lrwxrwxrwx 1 root root 20 May 28 19:35 /usr/bin/ansible -> /usr/bin/ansible-2.7發現程序路徑是一個指向 /usr/bin/ansible-2.7 的軟連接,所以當安裝新版本的 ansible 時,或者需要回滾至舊版本,改變軟連接指向即可。
配置主機清單 /etc/ansible/hosts
[root@CentOS7 ~]#⮀cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
## www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
## db-[99:101]-node.example.com
192.168.30.75 #添加控制主機
192.168.30.69
[group1] #添加控制主機組
192.168.30.75
192.168.30.69
[group2]
192.168.30.75 #相同的主機可以同時出現在不同的主機組
192.168.30.174
[group]
192.168.30.69
192.168.30.174
[example]
www.jiangbowen.com:2222 #可以使用域名,也可以指定端口號,默認22
192.168.30.[1:100] #支持範圍指定
db[a:z].jiangbowen.com配置 ansible 主配置文件
ansible 的主配置文件存放在 /etc/ansible/ansible.cfg,一般不需要修改,可能修改的
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts #主機清單保存列表
#library = /usr/share/my_modules/ #庫文件保存目錄
#module_utils = /usr/share/my_module_utils/ #模塊文件路徑
#remote_tmp = ~/.ansible/tmp #遠程臨時文件存放目錄
#local_tmp = ~/.ansible/tmp #本地臨時文件存放目錄
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml #插件的配置文件
#forks = 5 #併發執行個數
#poll_interval = 15 #執行間隔
#sudo_user = root #sudo用戶
#ask_sudo_pass = True #是否需要詢問sudo口令
#ask_pass = True #是否詢問用戶口令
#transport = smart
#remote_port = 22 #默認連接遠程端口
#module_lang = C
#module_set_locale = False
host_key_checking = False #是否檢查主機密鑰
log_path = /var/log/ansible.log #日誌記錄保存目錄Ansible 使用
ansible 命令
語法:ansible 主機 [-m 模塊] [-a 指令] [選項]
[root@CentOS7 ~]# ansible all --list-hosts
hosts (3):
192.168.30.75
192.168.30.69
192.168.30.174 #沒有進行基於Key驗證
[root@CentOS7 ~]# ansible group1 --list-hosts
hosts (2):
192.168.30.75
192.168.30.69
[root@CentOS7 ~]# ansible group2 --list-hosts
hosts (2):
192.168.30.75
192.168.30.174
[root@CentOS7 ~]# ansible group3 --list-hosts
hosts (2):
192.168.30.69
192.168.30.174 選項:
-v 詳細過程–vv-vvv更詳細
--list-hosts 顯示主機列表,可簡寫—list
-k, --ask-pass 提示連接密碼,默認Key驗證
-K, --ask-become-pass 提示輸入sudo
-C, --check 檢查,並不執行
-T, --timeout=TIMEOUT 執行命令的超時時間,默認10s
-u, --user=REMOTE_USER 執行遠程執行的用戶
-b, --become 代替舊版的sudo切換
主機必須出現在主機清單中,可以是單個主機,指定多個臺主機時使用 , 隔開,也可以
使用 all 表示主機清單中的所有主機
[root@CentOS7 ~]# ansible group1 -m ping
192.168.30.69 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.30.75 | SUCCESS => {
"changed": false,
"ping": "pong"
}使用通配符 * 表示
[root@CentOS7 ~]# ansible 192.168.30.* -m ping
192.168.30.174 | UNREACHABLE! => { #此處報錯後面會解釋,此處只需要瞭解 * 確實可以使用
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
192.168.30.75 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.30.69 | SUCCESS => {
"changed": false,
"ping": "pong"
}使用邏輯關係,注意使用單引號將主機引起來
[root@CentOS7 ~]# ansible 'group1:group2' -m ping #:表示邏輯或
192.168.30.174 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
192.168.30.69 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.30.75 | SUCCESS => {
"changed": false,
"ping": "pong"
}[root@CentOS7 ~]# ansible 'group1:&group2' -m ping #:&表示邏輯與
192.168.30.75 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@CentOS7 ~]#⮀ansible 'group1:!group2' -m ping #:!表示邏輯非
192.168.30.69 | SUCCESS => {
"changed": false,
"ping": "pong"
}使用正則表達式
[root@CentOS7 ~]#⮀ansible 'group[1|2]' -m ping
192.168.30.174 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
192.168.30.69 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.30.75 | SUCCESS => {
"changed": false,
"ping": "pong"
}ansible 默認基於 Key 驗證,當目標主機沒用進行基於 Key 驗證時,需要使用 -k 選項輸入對應用戶的口令,但是隻能輸入一個口令,便會作用於所有需要輸入口令的主機。所以建議在使用 ansible 之前先進行基於 Key 的驗證。
[root@CentOS7 ~]# ansible all -m ping -k #使用-k輸入用戶口令進行驗證
SSH password: #輸入用戶口令
192.168.30.69 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.30.75 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.30.174 | SUCCESS => {
"changed": false,
"ping": "pong"
}ansible 常用模塊
command 模塊用於在遠程主機上執行命令。使用 ansible 命令時,默認使用 command 模塊。
[root@CentOS7 ~]# ansible group2 -m command -a 'systemctl start httpd.service'
192.168.30.174 | SUCCESS | rc=0 >>
192.168.30.75 | SUCCESS | rc=0 >>選項:
chdir=:切換目錄後執行命令
creates=:當指定文件存在,則該命令不執行
removes=:當指定文件不存在,則該選項不執行
不支持使用管道,變量引用,重定向,邏輯判斷等操作符
[root@CentOS7 ~]# ansible group1 -m command -a 'echo "new line" >> /etc/fstab'
192.168.30.69 | SUCCESS | rc=0 >>
new line >> /etc/fstab #只是將echo後字符串打印出來而已,並沒有執行
192.168.30.75 | SUCCESS | rc=0 >>
new line >> /etc/fstabshell 模塊會通過指定用戶的默認shell執行命令,所以支持管道,變量引用,重定向,邏輯判斷等操作符。
[root@CentOS7 ~]#⮀ansible group1 -m shell -a 'echo "new line" >> /etc/fstab'
192.168.30.69 | SUCCESS | rc=0 >>
192.168.30.75 | SUCCESS | rc=0 >>
[root@CentOS7 ~]#⮀ansible group1 -m shell -a 'cat /etc/fstab | grep "new line"'
192.168.30.69 | SUCCESS | rc=0 >>
new line
192.168.30.75 | SUCCESS | rc=0 >>
new line選項:
chdir=:切換目錄後執行命令
creates=:當指定文件存在,則該命令不執行
removes=:當指定文件不存在,則該選項不執行
script 模塊能夠將主控端的腳本推送並運行在指定主機。
[root@CentOS7 ~]# ansible group1 -m script -a '/root/bin/9x9table.sh' #對端主機並沒有此腳本,腳本執行後也並沒有保存此腳本
192.168.30.69 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.30.69 closed.\r\n",
"stdout": "1x1=1\t\r\n1x2=2\t2x2=4\t\r\n1x3=3\t2x3=6\t3x3=9\t\r\n1x4=4\t2x4=8\t3x4=12\t4x4=16\t\r\n1x5=5\t2x5=10\t3x5=15\t4x5=20\t5x5=25\t\r\n1x6=6\t2x6=12\t3x6=18\t4x6=24\t5x6=30\t6x6=36\t\r\n1x7=7\t2x7=14\t3x7=21\t4x7=28\t5x7=35\t6x7=42\t7x7=49\t\r\n1x8=8\t2x8=16\t3x8=24\t4x8=32\t5x8=40\t6x8=48\t7x8=56\t8x8=64\t\r\n1x9=9\t2x9=18\t3x9=27\t4x9=36\t5x9=45\t6x9=54\t7x9=63\t8x9=72\t9x9=81\t\r\n",
"stdout_lines": [
"1x1=1\t",
"1x2=2\t2x2=4\t",
"1x3=3\t2x3=6\t3x3=9\t",
"1x4=4\t2x4=8\t3x4=12\t4x4=16\t",
"1x5=5\t2x5=10\t3x5=15\t4x5=20\t5x5=25\t",
"1x6=6\t2x6=12\t3x6=18\t4x6=24\t5x6=30\t6x6=36\t",
"1x7=7\t2x7=14\t3x7=21\t4x7=28\t5x7=35\t6x7=42\t7x7=49\t",
"1x8=8\t2x8=16\t3x8=24\t4x8=32\t5x8=40\t6x8=48\t7x8=56\t8x8=64\t",
"1x9=9\t2x9=18\t3x9=27\t4x9=36\t5x9=45\t6x9=54\t7x9=63\t8x9=72\t9x9=81\t"
]
}
192.168.30.75 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.30.75 closed.\r\n",
"stdout": "1x1=1\t\r\n1x2=2\t2x2=4\t\r\n1x3=3\t2x3=6\t3x3=9\t\r\n1x4=4\t2x4=8\t3x4=12\t4x4=16\t\r\n1x5=5\t2x5=10\t3x5=15\t4x5=20\t5x5=25\t\r\n1x6=6\t2x6=12\t3x6=18\t4x6=24\t5x6=30\t6x6=36\t\r\n1x7=7\t2x7=14\t3x7=21\t4x7=28\t5x7=35\t6x7=42\t7x7=49\t\r\n1x8=8\t2x8=16\t3x8=24\t4x8=32\t5x8=40\t6x8=48\t7x8=56\t8x8=64\t\r\n1x9=9\t2x9=18\t3x9=27\t4x9=36\t5x9=45\t6x9=54\t7x9=63\t8x9=72\t9x9=81\t\r\n",
"stdout_lines": [
"1x1=1\t",
"1x2=2\t2x2=4\t",
"1x3=3\t2x3=6\t3x3=9\t",
"1x4=4\t2x4=8\t3x4=12\t4x4=16\t",
"1x5=5\t2x5=10\t3x5=15\t4x5=20\t5x5=25\t",
"1x6=6\t2x6=12\t3x6=18\t4x6=24\t5x6=30\t6x6=36\t",
"1x7=7\t2x7=14\t3x7=21\t4x7=28\t5x7=35\t6x7=42\t7x7=49\t",
"1x8=8\t2x8=16\t3x8=24\t4x8=32\t5x8=40\t6x8=48\t7x8=56\t8x8=64\t",
"1x9=9\t2x9=18\t3x9=27\t4x9=36\t5x9=45\t6x9=54\t7x9=63\t8x9=72\t9x9=81\t"
]
}選項:
chdir=:切換目錄後執行命令
creates=:當指定文件存在,則該命令不執行
removes=:當指定文件不存在,則該選項不執行
當腳本需要讀取標準輸入時,腳本並不會正常運行。因爲腳本是在對端主機的後臺運行,而得不到標準輸入,便會一直等待下去,除非在腳本中設置超時時間。
[root@CentOS7 ~]# ansible group1 -m script -a '/root/bin/chessboard.sh'
^C [ERROR]: User interrupted execution
root 2211 0.0 0.0 113180 1184 pts/1 S+ 23:48 0:00 /bin/bash ~None/.ansible/tmp/ansible-tmp-1527580121.43-60904787174182/chessboard.sh此時可以在 /root/~None/.ansible/tmp/ 查看命令的臨時文件
[root@CentOS7 tmp]#⮀tree
.
└── ansible-tmp-1527577052.42-180110633770421
└── command.py
1 directory, 1 filecopy 模塊能夠實現從主控端向目標主機複製單個文件
[root@CentOS7 ~]# ansible group1 -m copy -a 'src=/etc/fstab dest=/data/secfstab owner=jiangbowen mode=644' #將本機的/etc/fstab文件複製到目標主機上,並將所有者設爲jiangbowen用戶,權限設爲644
192.168.30.69 | SUCCESS => {
"changed": true,
"checksum": "6fbb65e6bb62d7666d77297c188a46c9e215bb84",
"dest": "/data/secfstab",
"gid": 0,
"group": "root",
"md5sum": "427fa130e12a6c41daafe68f78c886b1",
"mode": "0644",
"owner": "jiangbowen",
"size": 734,
"src": "~None/.ansible/tmp/ansible-tmp-1527581713.59-139108316398323/source",
"state": "file",
"uid": 500
}
192.168.30.75 | SUCCESS => {
"changed": true,
"checksum": "6fbb65e6bb62d7666d77297c188a46c9e215bb84",
"dest": "/data/secfstab",
"gid": 0,
"group": "root",
"md5sum": "427fa130e12a6c41daafe68f78c886b1",
"mode": "0644",
"owner": "jiangbowen",
"secontext": "system_u:object_r:default_t:s0",
"size": 734,
"src": "~None/.ansible/tmp/ansible-tmp-1527581713.58-232064196823164/source",
"state": "file",
"uid": 1000
}
[root@CentOS7 ~]#⮀ansible group1 -m copy -a 'src=/root/bin/9x9table.sh dest=/data/secfstab owner=jiangbowen mode=644 backup=yes' #將本機的/etc/fstab文件複製到目標主機上,並將所有者設爲jiangbowen用戶,權限設爲644,同時在複製時,如果文件已存在同時備份原文件按
192.168.30.69 | SUCCESS => {
"backup_file": "/data/secfstab.6192.2018-05-29@16:19:02~",
"changed": true,
"checksum": "8b1bd1f6a042036eeaa74f69df6a7f4183b31ee7",
"dest": "/data/secfstab",
"gid": 0,
"group": "root",
"md5sum": "7be915baaec4daf296ad4765ed76b2ff",
"mode": "0644",
"owner": "jiangbowen",
"size": 455,
"src": "~None/.ansible/tmp/ansible-tmp-1527581943.02-122324632902056/source",
"state": "file",
"uid": 500
}
192.168.30.75 | SUCCESS => {
"backup_file": "/data/secfstab.3478.2018-05-30@00:18:52~",
"changed": true,
"checksum": "8b1bd1f6a042036eeaa74f69df6a7f4183b31ee7",
"dest": "/data/secfstab",
"gid": 0,
"group": "root",
"md5sum": "7be915baaec4daf296ad4765ed76b2ff",
"mode": "0644",
"owner": "jiangbowen",
"secontext": "system_u:object_r:default_t:s0",
"size": 455,
"src": "~None/.ansible/tmp/ansible-tmp-1527581943.02-121032871897130/source",
"state": "file",
"uid": 1000
}
[root@CentOS7 ~]#⮀ansible group1 -m shell -a 'll /data/secfstab*' #使用ll別名查看文件,發現shell並不支持別名
192.168.30.69 | FAILED | rc=127 >>
/bin/sh: ll: command not foundnon-zero return code
192.168.30.75 | FAILED | rc=127 >>
/bin/sh: ll: command not foundnon-zero return code
[root@CentOS7 ~]#⮀ansible group1 -m shell -a 'ls -l /data/secfstab*' #使用ls -l查看文件
192.168.30.69 | SUCCESS | rc=0 >>
-rw-r--r-- 1 jiangbowen root 455 May 29 16:19 /data/secfstab
-rw-r--r-- 1 jiangbowen root 734 May 29 16:15 /data/secfstab.6192.2018-05-29@16:19:02~
192.168.30.75 | SUCCESS | rc=0 >>
-rw-r--r--. 1 jiangbowen root 455 May 30 00:18 /data/secfstab
-rw-r--r--. 1 jiangbowen root 734 May 30 00:15 /data/secfstab.3478.2018-05-30@00:18:52~選項:
backup:在覆蓋之前,將源文件備份,備份文件包含時間信息。有兩個選項:yes|no
content:用於替代“src”,可以直接設定指定文件的值
dest:必選項。要將源文件複製到的遠程主機的絕對路徑,如果源文件是一個目錄,那麼該路徑也必須是個目錄
directory_mode:遞歸設定目錄的權限,默認爲系統默認權限
force:如果目標主機包含該文件,但內容不同,如果設置爲yes,則強制覆蓋,如果爲no,則只有當目標主機的目標位置不存在該文件時,才複製。默認爲yes
follow:當複製的文件夾內有鏈接存在的時候,會保留鏈接進行復制
src:被複制到遠程主機的本地文件,可以是絕對路徑,也可以是相對路徑。如果路徑是一個目錄,它將遞歸複製。在這種情況下,如果路徑使用“/”來結尾,則只複製目錄裏的內容,如果沒有使用“/”來結尾,則包含目錄在內的整個內容全部複製。
group:指定複製到對端的所屬組
mode:指定複製到對端的所屬組,類似於chmod
owner:指定複製到對端的所屬者
注意:shell 和 command 模塊不支持使用別名,同時 CentOS7 中 PATH 變量也會改變
[root@CentOS7 ~]#⮀ansible group1 -m shell -a 'alias' #使用alias查看對端主機的別名爲空
192.168.30.69 | SUCCESS | rc=0 >>
192.168.30.75 | SUCCESS | rc=0 >>
[root@CentOS7 ~]#⮀ansible group1 -m shell -a 'echo $PATH' #查看對端主機的PATH變量,CentOS7沒有/root/bin路徑
192.168.30.69 | SUCCESS | rc=0 >>
/app/bin:/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
192.168.30.75 | SUCCESS | rc=0 >>
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bins也可以利用內容,在對端主機上直接生成文件
[root@CentOS7 ~]#⮀ansible group1 -m copy -a 'content="CentOS\nLinux\ntest" dest=/data/test.txt' #將指定內容直接創建在對端的/data/test.txt中
192.168.30.69 | SUCCESS => {
"changed": true,
"checksum": "0f7fd4a4cccdbf903bdb895e22abfa4d594ca2b6",
"dest": "/data/test.txt",
"gid": 0,
"group": "root",
"md5sum": "d244d5f01cc6ae8f6dbd6e478f4aa43e",
"mode": "0644",
"owner": "root",
"size": 17,
"src": "~None/.ansible/tmp/ansible-tmp-1527582726.73-72421110990483/source",
"state": "file",
"uid": 0
}
192.168.30.75 | SUCCESS => {
"changed": true,
"checksum": "0f7fd4a4cccdbf903bdb895e22abfa4d594ca2b6",
"dest": "/data/test.txt",
"gid": 0,
"group": "root",
"md5sum": "d244d5f01cc6ae8f6dbd6e478f4aa43e",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:default_t:s0",
"size": 17,
"src": "~None/.ansible/tmp/ansible-tmp-1527582726.71-83329890814862/source",
"state": "file",
"uid": 0
}
[root@CentOS7 ~]#⮀ansible group1 -m shell -a 'cat /data/test.txt' #查看對端主機的/data/test.txt文件
192.168.30.69 | SUCCESS | rc=0 >>
CentOS
Linux
test
192.168.30.75 | SUCCESS | rc=0 >>
CentOS
Linux
testfetch 模塊用於將對端主機的文件拉取到主控端。
[root@CentOS7 fetch_test]# ansible group2 -m fetch -a 'src=/etc/fstab dest=/data/fetch_test'
192.168.30.174 | SUCCESS => {
"changed": true,
"checksum": "2b1777d51b0d5a8ca780204e76d8cbfbe1841856",
"dest": "/data/fetch_test/192.168.30.174/etc/fstab",
"md5sum": "020f628f8334bd9b8c3d3bd7f70307ad",
"remote_checksum": "2b1777d51b0d5a8ca780204e76d8cbfbe1841856",
"remote_md5sum": null
}
192.168.30.75 | SUCCESS => {
"changed": true,
"checksum": "cfafdc9012666a8e6e02dd5edb67dafc6ba4d181",
"dest": "/data/fetch_test/192.168.30.75/etc/fstab",
"md5sum": "f5fbd1248d0b8c3e1b7003897a3d8d84",
"remote_checksum": "cfafdc9012666a8e6e02dd5edb67dafc6ba4d181",
"remote_md5sum": null
}
[root@CentOS7 fetch_test]# tree #當拉取多個主機上文件時,默認會將不同主機文件保存在各自的目錄下,沒有此目錄則會創建
.
├── 192.168.30.174
│ └── etc
│ └── fstab
└── 192.168.30.75
└── etc
└── fstab
4 directories, 2 files選項:
src:必選項。要拉取到本機的遠程主機文件
dest:本機保存路徑
flat:默認爲no,當爲 yes 時,將不會保存路徑信息
[root@CentOS7 fetch_test]# ansible 192.168.30.75 -m fetch -a 'src=/etc/fstab dest=/data/fetch_test/test'
192.168.30.75 | SUCCESS => {
"changed": true,
"checksum": "cfafdc9012666a8e6e02dd5edb67dafc6ba4d181",
"dest": "/data/fetch_test/test/192.168.30.75/etc/fstab",
"md5sum": "f5fbd1248d0b8c3e1b7003897a3d8d84",
"remote_checksum": "cfafdc9012666a8e6e02dd5edb67dafc6ba4d181",
"remote_md5sum": null
}
[root@CentOS7 fetch_test]# tree #拉取文件時並能不保存並改名,當指定一個不存在的路徑時,則會創建爲目錄
.
└── test
└── 192.168.30.75
└── etc
└── fstab
3 directories, 1 file
[root@CentOS7 fetch_test]# ansible 192.168.30.75 -m fetch -a 'flat=yes src=/etc/fstab dest=/data/fetch_test/test'
192.168.30.75 | SUCCESS => {
"changed": true,
"checksum": "cfafdc9012666a8e6e02dd5edb67dafc6ba4d181",
"dest": "/data/fetch_test/test",
"md5sum": "f5fbd1248d0b8c3e1b7003897a3d8d84",
"remote_checksum": "cfafdc9012666a8e6e02dd5edb67dafc6ba4d181",
"remote_md5sum": null
}
[root@CentOS7 fetch_test]# tree #當flat=yes時,拉取文件時並不保留原路徑
.
└── test
0 directories, 1 filecron 模塊用於創建計劃任務。
[root@CentOS7 fetch_test]#⮀ansible all -m cron -a 'minute=5 weekday=2,4,6 user=jiangbowen job="/usr/bin/wall CentOS!" name=Linux'
192.168.30.69 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"Linux"
]
}
192.168.30.174 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"Linux"
]
}
192.168.30.75 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"Linux"
]
}切換到 jiangbowen 用戶,使用 cron -e 查看創建出的計劃任務文件
#Ansible: Linux
5 * * * 2,4,6 /usr/bin/wall CentOS! 選項:
minute:分鐘 hour:小時 day:天 month:月 weekday:星期
reboot:當下次開機時 yearly:每年 monthly:每月 weekly:每週 ...
name:計劃任務的描述信息,同名的計劃任務將會被後創建覆蓋
disable:設爲 yes 爲禁用指定計劃任務
job:執行的操作
state:設爲 absent 爲刪除指定計劃任務,present 爲創建計劃任務,缺省爲 present
cron_file:指定計劃任務文件名,計劃任務將創建在 cron.d 目錄下,再次創建同名的計劃任務文件會覆蓋掉原有的計劃任務,且無視 backup 選項,在創建時要指定user
user:以指定用戶身份創建計劃任務
[root@CentOS7 fetch_test]# ansible all -m cron -a 'state=absent user=jiangbowen name=Linux' #刪除計劃任務時,需要指定name,當不是默認用戶時,還需要指定用戶
192.168.30.69 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": []
}
192.168.30.174 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": []
}
192.168.30.75 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": []
}
[root@CentOS7 fetch_test]# ansible all -m cron -a 'state=absent user=root cron_file=MyCron' #刪除計劃任務文件時,需要指定文件名與用戶,
192.168.30.69 | SUCCESS => {
"changed": true,
"cron_file": "MyCron",
"state": "absent"
}
192.168.30.174 | SUCCESS => {
"changed": true,
"cron_file": "MyCron",
"state": "absent"
}
192.168.30.75 | SUCCESS => {
"changed": true,
"cron_file": "MyCron",
"state": "absent"
}file 模塊可以管理文件的屬性
[root@CentOS7 ~]# ansible group1 -m file -a 'state=absent dest=/data/secfstab'
192.168.30.69 | SUCCESS => {
"changed": true,
"path": "/data/secfstab",
"state": "absent"
}
192.168.30.75 | SUCCESS => {
"changed": true,
"path": "/data/secfstab",
"state": "absent"
}選項:
state:修改文件狀態directory:創建目錄,支持多級創建
file:判斷文件存在性
link:創建軟鏈接
hard:創建硬鏈接接
absent:刪除文件,如果是目錄將會被遞歸刪除
touch:創建文件,如果文件已經存在,將修改時間戳
dest:目標文件或目錄的路徑和名稱
src:指定鏈接文件的源文件
mode:設置文件權限
owner:設置文件的屬主信息
group:設置文件的屬組信息
force:強制創建鏈接文件,即使源文件不存在,如果鏈接文件已存在,便覆蓋state:修改文件狀態
[root@CentOS7 ~]# ansible all -m file -a 'force=yes state=link src=/data/NewFile dest=/data/LinkFile' #192.168.30.174主機中沒有/data/NewFile文件
192.168.30.69 | SUCCESS => {
"changed": true,
"dest": "/data/LinkFile",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 13,
"src": "/data/NewFile",
"state": "link",
"uid": 0
}
[WARNING]: Cannot set fs attributes on a non-existent symlink target. follow should be set to False to avoid this.
#提示沒有源文件,但是制定了force選項,還是創建了指向不存在文件的鏈接文件
192.168.30.174 | SUCCESS => {
"changed": true,
"dest": "/data/LinkFile",
"src": "/data/NewFile",
"state": "absent"
}
192.168.30.75 | SUCCESS => {
"changed": true,
"dest": "/data/LinkFile",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:etc_runtime_t:s0",
"size": 13,
"src": "/data/NewFile",
"state": "link",
"uid": 0
}
[root@CentOS7 ~]# ansible all -m shell -a 'ls -l /data/LinkFile'
192.168.30.69 | SUCCESS | rc=0 >>
lrwxrwxrwx 1 root root 13 May 30 20:04 /data/LinkFile -> /data/NewFile
192.168.30.174 | SUCCESS | rc=0 >>
lrwxrwxrwx 1 root root 13 May 30 08:04 /data/LinkFile -> /data/NewFile #/data/NewFile文件不存在
192.168.30.75 | SUCCESS | rc=0 >>
lrwxrwxrwx. 1 root root 13 May 31 04:04 /data/LinkFile -> /data/NewFilehhostname 模塊用於管理對端主機名。
[root@CentOS7 ~]#⮀ansible 192.168.30.174 -m hostname -a 'name=NewName'
192.168.30.174 | SUCCESS => {
"ansible_facts": {
"ansible_domain": "",
"ansible_fqdn": "NewName",
"ansible_hostname": "NewName",
"ansible_nodename": "NewName"
},
"changed": true,
"name": "NewName"
}yum 模塊能夠管理軟件包。
[root@CentOS7 ~]#⮀ansible 192.168.30.174 -m yum -a 'name=bind state=installed'
192.168.30.174 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror, langpacks\nLoading mirror speeds from cached hostfile\nResolving Dependencies\n--> Running transaction check\n---> Package bind.x86_64 32:9.9.4-50.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n bind x86_64 32:9.9.4-50.el7 development 1.8 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 1.8 M\nInstalled size: 4.3 M\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : 32:bind-9.9.4-50.el7.x86_64 1/1 \n Verifying : 32:bind-9.9.4-50.el7.x86_64 1/1 \n\nInstalled:\n bind.x86_64 32:9.9.4-50.el7 \n\nComplete!\n"
]
}
選項:
disablerepo:禁用某個 yum 源
enblerepo:啓用某個 yum 源
name:軟件包名
state:installed 爲安裝,removed 爲卸載
lsit:顯示"installed","updates","available'"和"repos"中的包
service 模塊能夠管理服務。
[root@CentOS7 ~]# ansible group1 -m service -a 'name=httpd state=started'
192.168.30.75 | SUCCESS => {
"changed": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "systemd-journald.socket system.slice remote-fs.target basic.target network.target tmp.mount -.mount nss-lookup.target",
"AllowIsolate": "no",
...
}
}
192.168.30.69 | SUCCESS => {
"changed": true,
"name": "httpd",
"state": "started"
}
選項:
enabled:開機是否啓動
name:服務名
runleval:指定運行級別
sleep:在重啓服務時,啓動前會等待指定時間
state:
started:啓動
stopped:停止
restarted:重啓
reloaded:重載
user 模塊用於管理用戶的信息。
[root@CentOS7 ~]# ansible 192.168.30.174 -m user -a 'name=TestUser group=jiangbowen comment="test user" system=yes'
192.168.30.174 | SUCCESS => {
"changed": true,
"comment": "test user",
"create_home": true,
"group": 1000,
"home": "/home/TestUser",
"name": "TestUser",
"shell": "/bin/bash",
"state": "present",
"system": true,
"uid": 996
}選項:
name:用戶名
state:缺省 present 爲添加用戶,absent 爲刪除用戶
system:是否創建爲系統用戶
home:指定家目錄
creathome:是否創建家目錄
uid:指定 UID
group:指定用戶組
password:此選項會將明文密碼存入 /etc/shadow 文件中,但是在登陸時會將輸入的密碼加密後與文件中的密碼比對,所以在設置密碼時需要使用 openssl passwd -1 "密碼" 命令生成密文後再使用 ansible 設置密碼。
[root@CentOS7 ~]# ansible 192.168.30.174 -m user -a 'name=TestUser password=centos'
192.168.30.174 | SUCCESS => {
"append": false,
"changed": true,
"comment": "test user",
"group": 1000,
"home": "/home/TestUser",
"move_home": false,
"name": "TestUser",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 996
}
[root@CentOS7 ~]# ansible 192.168.30.174 -m shell -a 'getent shadow TestUser'
192.168.30.174 | SUCCESS | rc=0 >>
TestUser:centos:17681:::::: #密碼爲明文,會導致登陸密碼錯誤group 模塊可以管理用戶組。
[root@CentOS7 ~]# ansible 192.168.30.174 -m group -a 'name=TestUser gid=1111'
192.168.30.174 | SUCCESS => {
"changed": true,
"gid": 1111,
"name": "TestUser",
"state": "present",
"system": false
}
[root@CentOS7 ~]# ansible 192.168.30.174 -m shell -a 'getent group TestUser'
192.168.30.174 | SUCCESS | rc=0 >>
TestUser:x:1111:x
選項:
name:用戶名
state:缺省 present 爲添加組,absent 爲刪除組
system:是否創建爲系統組
gid:指定 GID
mount 模塊用於掛載文件
[root@CentOS7 ~]#⮀ansible 192.168.30.75 -m mount -a 'src=/dev/sr0 path=/mnt/cdrom state=mounted fstype=iso9660'
192.168.30.75 | SUCCESS => { #必須指定文件系統
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "iso9660",
"name": "/mnt/cdrom",
"opts": "defaults",
"passno": "0",
"src": "/dev/sr0"
}
[root@CentOS7 ~]#⮀ansible 192.168.30.75 -m shell -a 'cat /etc/fstab'
192.168.30.75 | SUCCESS | rc=0 >>
#
# /etc/fstab
# Created by anaconda on Wed May 23 01:10:20 2018
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=8a963d68-4561-4fe2-9479-47ed2421ab9d / xfs defaults 0 0
UUID=04af341f-9ac3-4da3-9298-71759aff9e41 /boot xfs defaults 0 0
UUID=ec1cbe64-cf82-4d3b-aee5-d321f9500f8e /data xfs defaults 0 0
UUID=d5eb5f25-9563-4a26-bac2-cadde7466cbf swap swap defaults 0 0
/dev/sr0 /mnt/cdrom iso9660 defaults 0 0
[root@CentOS7 ~]#⮀ansible 192.168.30.75 -m shell -a 'df'
192.168.30.75 | SUCCESS | rc=0 >>
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda2 52403200 3630368 48772832 7% /
devtmpfs 748312 0 748312 0% /dev
tmpfs 764204 0 764204 0% /dev/shm
tmpfs 764204 10220 753984 2% /run
tmpfs 764204 0 764204 0% /sys/fs/cgroup
/dev/sda3 20961280 245792 20715488 2% /data
/dev/sda1 1038336 157936 880400 16% /boot
tmpfs 152844 0 152844 0% /run/user/0
/dev/sr0 9176232 9176232 0 100% /mnt/cdrom #掛載成功
選項:
src:要掛載的設備
path:掛載路徑
state:
present:在 /etc/fstab 文件中添加掛載信息
absent:在 /etc/fstab 中刪除掛載信息並卸載設備
mounted:在 /etc/fstab 文件中添加掛載信息後再掛載設備
unmounted:卸載指定路徑掛載設備
fstype:指定文件系統類型