黄岛网站建设哪家权威,做瞹视频网站哪里看,国家工商网查询官网,煤棚网架多少钱一平方提示#xff1a;文章写完后#xff0c;目录可以自动生成#xff0c;如何生成可参考右边的帮助文档 目录 一、概述 1.1 为什么要用自动化运维软件 1.2 自动化运维 1.3 自动化运维要注意的方面 1.4 自动化运维主要关注的方面 1.5 常见的开源自动化运维软件 1.6 自动化运维软件… 提示文章写完后目录可以自动生成如何生成可参考右边的帮助文档 目录 一、概述 1.1 为什么要用自动化运维软件 1.2 自动化运维 1.3 自动化运维要注意的方面 1.4 自动化运维主要关注的方面 1.5 常见的开源自动化运维软件 1.6 自动化运维软件一般安装在哪 二、ansible 2.1 概念 2.2 特点 2.3 环境搭建 2.4 实验过程 服务器分组 三、模块 ansible模块 hostname模块 file模块(重点) stat模块(了解) copy模块(重点) fetch模块 user模块 group模块 cron模块 yum_repository模块 yum模块(重点) service模块(重点) script模块 提示以下是本篇文章正文内容下面案例可供参考
一、概述
1.1 为什么要用自动化运维软件 因为服务器特别多的情况下,我们需要比shell更高效的管理工具
1.2 自动化运维 将日常IT运维中大量的重复性工作小到简单的日常检查、配置变更和软件安装大到整个变更流程的组织调度由过去的手工执行转为自动化操作从而减少乃至消除运维中的延迟实现“零延时”的IT运维。
1.3 自动化运维要注意的方面 1管理机与被管理机之间的连接方式 2服务器分组(主机清单) 3自动化运维的管理分类 文件目录管理 用户与组管理 软件安装与卸载 服务启停与开机自启动
1.4 自动化运维主要关注的方面
假如管理很多台服务器主要关注以下几个方面:
1. 管理机与被管理机的连接(管理机如何将管理指令发送给被管理机)
2. 服务器信息收集 (如果被管理的服务器有centos7.5外还有其它linux发行版,如suse,ubuntu等。当你要做的事情在不同OS上有所不同,你需要收集信息,并将其分开处理)
3. 服务器分组因为有些时候我要做的事情不是针对所有服务器,可能只针对某一个分组
4. 管理内容的主要分类 文件目录管理(包括文件的创建,删除,修改,查看状态,远程拷贝等) 用户和组管理 cron时间任务管理 yum源配置与通过yum管理软件包 服务管理 远程执行脚本 远程执行命令
1.5 常见的开源自动化运维软件 puppet 基于ruby开发 saltstack 安装方便,需要维护管理机与被管理机的连接,走的zeromq协议。 优点: 管理机器多,速度快, 效率高 基于python开发 ansible 安装与连接方便,直接走ssh协议。 缺点: 管理机器特别多,效率较低 基于python开发
1.6 自动化运维软件一般安装在哪 一般安装在跳板机(堡垒机)整合使用
ansible主机清单 目的: 对管理的多台服务器进行分组
二、ansible
2.1 概念
ansible是一种由Python开发的自动化运维工具集合了众多运维工具puppet、cfengine、chef、func、fabric的优点实现了批量系统配置、批量程序部署、批量运行命令等功能。 2.2 特点
部署简单 默认使用ssh进行管理基于python里的paramiko模块开发** 管理端和被管理端不需要启动服务 配置简单功能强大扩展性强 能过playbook(剧本)进行多个任务的编排 2.3 环境搭建
实验准备:三台机器一台管理两台被管理 1. 静态ip
管理192.168.156.11
被管理的两台192.168.156.12 192.168.156.13 2. 主机名及主机名互相绑定 所有主机都要配置主机名和 hosts文件 [rootlocalhost]# hostnamectl set-hostname hd1
[rootlocalhost]# bash
[roothd1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.156.11 hd1
192.168.156.12 hd2
192.168.156.13 hd3 nd1:nd2:nd3:
3. 关闭防火墙, selinux 时间同步 [roothd1 ~]# systemctl restart ntpd
[roothd1 ~]# systemctl enable ntpd 4. 确认和配置yum源(需要epel源) yum -y install epel-release [rootlocalhost ~]# yum install -y epel-release
已加载插件fastestmirror, langpacks
Loading mirror speeds from cached hostfile* base: mirrors.aliyun.com* extras: mirrors.bfsu.edu.cn* updates: mirrors.bfsu.edu.cn
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/4): extras/7/x86_64/primary_db | 250 kB 00:00:00
(2/4): base/7/x86_64/group_gz | 153 kB 00:00:00
(3/4): base/7/x86_64/primary_db | 6.1 MB 00:00:05
(4/4): updates/7/x86_64/primary_db | 22 MB 00:00:06
正在解决依赖关系
-- 正在检查事务
--- 软件包 epel-release.noarch.0.7-11 将被 安装
-- 解决依赖关系完成依赖关系解决Package 架构 版本 源 大小正在安装:epel-release noarch 7-11 extras 15 k事务概要安装 1 软件包总下载量15 k
安装大小24 k
Downloading packages:
警告/var/cache/yum/x86_64/7/extras/packages/epel-release-7-11.noarch.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
epel-release-7-11.noarch.rpm 的公钥尚未安装
epel-release-7-11.noarch.rpm | 15 kB 00:00:00
从 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 检索密钥
导入 GPG key 0xF4A80EB5:用户ID : CentOS-7 Key (CentOS 7 Official Signing Key) securitycentos.org指纹 : 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5软件包 : centos-release-7-9.2009.0.el7.centos.x86_64 (anaconda)来自 : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction正在安装 : epel-release-7-11.noarch 1/1 验证中 : epel-release-7-11.noarch 1/1 已安装:epel-release.noarch 0:7-11 完毕2.4 实验过程
第1步: 管理机上安装ansible被管理节点必须打开ssh服务 [rootlocalhost ~]# yum -y install ansible
已加载插件fastestmirror, langpacks
Loading mirror speeds from cached hostfile* base: mirrors.ustc.edu.cn* epel: mirrors.bfsu.edu.cn* extras: mirrors.huaweicloud.com* updates: mirrors.huaweicloud.com
正在解决依赖关系
-- 正在检查事务
--- 软件包 ansible.noarch.0.2.9.27-1.el7 将被 安装
-- 正在处理依赖关系 python-httplib2它被软件包 ansible-2.9.27-1.el7.noarch 需要
-- 正在处理依赖关系 python-jinja2它被软件包 ansible-2.9.27-1.el7.noarch 需要
-- 正在处理依赖关系 python-paramiko它被软件包 ansible-2.9.27-1.el7.noarch 需要
-- 正在处理依赖关系 python2-cryptography它被软件包 ansible-2.9.27-1.el7.noarch 需要
-- 正在处理依赖关系 python2-jmespath它被软件包 ansible-2.9.27-1.el7.noarch 需要
-- 正在处理依赖关系 sshpass它被软件包 ansible-2.9.27-1.el7.noarch 需要
-- 正在检查事务
--- 软件包 python-jinja2.noarch.0.2.7.2-4.el7 将被 安装
-- 正在处理依赖关系 python-babel 0.8它被软件包 python-jinja2-2.7.2-4.el7.noarch 需要
-- 正在处理依赖关系 python-markupsafe它被软件包 python-jinja2-2.7.2-4.el7.noarch 需要
--- 软件包 python-paramiko.noarch.0.2.1.1-9.el7 将被 安装
-- 正在处理依赖关系 python2-pyasn1它被软件包 python-paramiko-2.1.1-9.el7.noarch 需要
--- 软件包 python2-cryptography.x86_64.0.1.7.2-2.el7 将被 安装
-- 正在处理依赖关系 python-idna 2.0它被软件包 python2-cryptography-1.7.2-2.el7.x86_64 需要
-- 正在处理依赖关系 python-cffi 1.4.1它被软件包 python2-cryptography-1.7.2-2.el7.x86_64 需要
-- 正在处理依赖关系 python-enum34它被软件包 python2-cryptography-1.7.2-2.el7.x86_64 需要
--- 软件包 python2-httplib2.noarch.0.0.18.1-3.el7 将被 安装
--- 软件包 python2-jmespath.noarch.0.0.9.4-2.el7 将被 安装
--- 软件包 sshpass.x86_64.0.1.06-2.el7 将被 安装
-- 正在检查事务
--- 软件包 python-babel.noarch.0.0.9.6-8.el7 将被 安装
--- 软件包 python-cffi.x86_64.0.1.6.0-5.el7 将被 安装
-- 正在处理依赖关系 python-pycparser它被软件包 python-cffi-1.6.0-5.el7.x86_64 需要
--- 软件包 python-enum34.noarch.0.1.0.4-1.el7 将被 安装
--- 软件包 python-idna.noarch.0.2.4-1.el7 将被 安装
--- 软件包 python-markupsafe.x86_64.0.0.11-10.el7 将被 安装
--- 软件包 python2-pyasn1.noarch.0.0.1.9-7.el7 将被 安装
-- 正在检查事务
--- 软件包 python-pycparser.noarch.0.2.14-1.el7 将被 安装
-- 正在处理依赖关系 python-ply它被软件包 python-pycparser-2.14-1.el7.noarch 需要
-- 正在检查事务
--- 软件包 python-ply.noarch.0.3.4-11.el7 将被 安装
-- 解决依赖关系完成依赖关系解决Package 架构 版本 源 大小正在安装:ansible noarch 2.9.27-1.el7 epel 17 M
为依赖而安装:python-babel noarch 0.9.6-8.el7 base 1.4 Mpython-cffi x86_64 1.6.0-5.el7 base 218 kpython-enum34 noarch 1.0.4-1.el7 base 52 kpython-idna noarch 2.4-1.el7 base 94 kpython-jinja2 noarch 2.7.2-4.el7 base 519 kpython-markupsafe x86_64 0.11-10.el7 base 25 kpython-paramiko noarch 2.1.1-9.el7 base 269 kpython-ply noarch 3.4-11.el7 base 123 kpython-pycparser noarch 2.14-1.el7 base 104 kpython2-cryptography x86_64 1.7.2-2.el7 base 502 kpython2-httplib2 noarch 0.18.1-3.el7 epel 125 kpython2-jmespath noarch 0.9.4-2.el7 epel 41 kpython2-pyasn1 noarch 0.1.9-7.el7 base 100 ksshpass x86_64 1.06-2.el7 extras 21 k事务概要安装 1 软件包 (14 依赖软件包)总下载量21 M
安装大小119 M
Downloading packages:
(1/15): python-enum34-1.0.4-1.el7.noarch.rpm | 52 kB 00:00:00
(2/15): python-cffi-1.6.0-5.el7.x86_64.rpm | 218 kB 00:00:01
(3/15): python-markupsafe-0.11-10.el7.x86_64.rpm | 25 kB 00:00:00
(4/15): python-babel-0.9.6-8.el7.noarch.rpm | 1.4 MB 00:00:02
(5/15): python-ply-3.4-11.el7.noarch.rpm | 123 kB 00:00:00
(6/15): python-pycparser-2.14-1.el7.noarch.rpm | 104 kB 00:00:00
(7/15): python-jinja2-2.7.2-4.el7.noarch.rpm | 519 kB 00:00:01
(8/15): python-paramiko-2.1.1-9.el7.noarch.rpm | 269 kB 00:00:00
(9/15): python2-cryptography-1.7.2-2.el7.x86_64.rpm | 502 kB 00:00:00
(10/15): ansible-2.9.27-1.el7.noarch.rpm | 17 MB 00:00:05
(11/15): python2-httplib2-0.18.1-3.el7.noarch.rpm | 125 kB 00:00:00
(12/15): python2-jmespath-0.9.4-2.el7.noarch.rpm | 41 kB 00:00:00
(13/15): python2-pyasn1-0.1.9-7.el7.noarch.rpm | 100 kB 00:00:00
(14/15): sshpass-1.06-2.el7.x86_64.rpm | 21 kB 00:00:00
(15/15): python-idna-2.4-1.el7.noarch.rpm | 94 kB 00:00:08
-------------------------------------------------------------------------------------------------------------------------
总计 2.4 MB/s | 21 MB 00:00:08
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction正在安装 : python2-pyasn1-0.1.9-7.el7.noarch 1/15 正在安装 : python-enum34-1.0.4-1.el7.noarch 2/15 正在安装 : sshpass-1.06-2.el7.x86_64 3/15 正在安装 : python2-httplib2-0.18.1-3.el7.noarch 4/15 正在安装 : python-babel-0.9.6-8.el7.noarch 5/15 正在安装 : python2-jmespath-0.9.4-2.el7.noarch 6/15 正在安装 : python-ply-3.4-11.el7.noarch 7/15 正在安装 : python-pycparser-2.14-1.el7.noarch 8/15 正在安装 : python-cffi-1.6.0-5.el7.x86_64 9/15 正在安装 : python-markupsafe-0.11-10.el7.x86_64 10/15 正在安装 : python-jinja2-2.7.2-4.el7.noarch 11/15 正在安装 : python-idna-2.4-1.el7.noarch 12/15 正在安装 : python2-cryptography-1.7.2-2.el7.x86_64 13/15 正在安装 : python-paramiko-2.1.1-9.el7.noarch 14/15 正在安装 : ansible-2.9.27-1.el7.noarch 15/15 验证中 : python-idna-2.4-1.el7.noarch 1/15 验证中 : python-markupsafe-0.11-10.el7.x86_64 2/15 验证中 : python-ply-3.4-11.el7.noarch 3/15 验证中 : ansible-2.9.27-1.el7.noarch 4/15 验证中 : python-paramiko-2.1.1-9.el7.noarch 5/15 验证中 : python2-jmespath-0.9.4-2.el7.noarch 6/15 验证中 : python-babel-0.9.6-8.el7.noarch 7/15 验证中 : python2-httplib2-0.18.1-3.el7.noarch 8/15 验证中 : python-cffi-1.6.0-5.el7.x86_64 9/15 验证中 : sshpass-1.06-2.el7.x86_64 10/15 验证中 : python-jinja2-2.7.2-4.el7.noarch 11/15 验证中 : python2-pyasn1-0.1.9-7.el7.noarch 12/15 验证中 : python-enum34-1.0.4-1.el7.noarch 13/15 验证中 : python-pycparser-2.14-1.el7.noarch 14/15 验证中 : python2-cryptography-1.7.2-2.el7.x86_64 15/15 已安装:ansible.noarch 0:2.9.27-1.el7 作为依赖被安装:python-babel.noarch 0:0.9.6-8.el7 python-cffi.x86_64 0:1.6.0-5.el7 python-enum34.noarch 0:1.0.4-1.el7 python-idna.noarch 0:2.4-1.el7 python-jinja2.noarch 0:2.7.2-4.el7 python-markupsafe.x86_64 0:0.11-10.el7 python-paramiko.noarch 0:2.1.1-9.el7 python-ply.noarch 0:3.4-11.el7 python-pycparser.noarch 0:2.14-1.el7 python2-cryptography.x86_64 0:1.7.2-2.el7 python2-httplib2.noarch 0:0.18.1-3.el7 python2-jmespath.noarch 0:0.9.4-2.el7 python2-pyasn1.noarch 0:0.1.9-7.el7 sshpass.x86_64 0:1.06-2.el7 完毕ansible模块 [roothd1 ~]# ansible --version
ansible 2.9.27config file /etc/ansible/ansible.cfgconfigured module search path [u/root/.ansible/plugins/modules, u/usr/share/ansible/plugins/modules]ansible python module location /usr/lib/python2.7/site-packages/ansibleexecutable location /usr/bin/ansiblepython version 2.7.5 (default, Oct 14 2020, 14:45:30) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]第2步: 实现master对agent的免密登录只在master上做。(如果这一步不做则在后面操作agent时都要加-k参数传密码;或者在主机清单里传密码) [roothd1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory /root/.ssh.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:IGqDvSfCcyMWgl76x8/bNZP1CuzUMQm6bVpdxSfqE2Y roothd1
The keys randomart image is:
---[RSA 2048]----
| |
| . |
| . . . . |
|.o . . . . ....o|
|.. S. E . |
|.o . |
|.Booo . %oo . |
|..o.o. . B .. |
| .. ..o . . |
----[SHA256]-----[roothd1 ~]# ssh-copy-id -i 192.168.156.12
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: /root/.ssh/id_rsa.pub
The authenticity of host 192.168.156.12 (192.168.156.12) cant be established.
ECDSA key fingerprint is SHA256:UYOTDfnPCXDYRisvqKkyxQEEiuZnt6vtyjxyIwTT10M.
ECDSA key fingerprint is MD5:43:59:03:5c:67:80:66:f1:84:6e:ab:9d:d9:1a:b4:90.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root192.168.156.12s password: Number of key(s) added: 1Now try logging into the machine, with: ssh 192.168.156.12
and check to make sure that only the key(s) you wanted were added.[roothd1 ~]# ssh-copy-id -i 192.168.156.13
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: /root/.ssh/id_rsa.pub
The authenticity of host 192.168.156.13 (192.168.156.13) cant be established.
ECDSA key fingerprint is SHA256:UYOTDfnPCXDYRisvqKkyxQEEiuZnt6vtyjxyIwTT10M.
ECDSA key fingerprint is MD5:43:59:03:5c:67:80:66:f1:84:6e:ab:9d:d9:1a:b4:90.
Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root192.168.156.13s password: Number of key(s) added: 1Now try logging into the machine, with: ssh 192.168.156.13
and check to make sure that only the key(s) you wanted were added.第3步: 在master上定义主机组,并测试连接性 [roothd1 ~]# ansible -m ping group1
192.168.156.12 | SUCCESS {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: false, ping: pong
}
192.168.156.13 | SUCCESS {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: false, ping: pong
}
[roothd1 ~]# ansible -m ping all
192.168.156.13 | SUCCESS {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: false, ping: pong
}
192.168.156.12 | SUCCESS {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: false, ping: pong
}服务器分组
ansible通过一个主机清单功能来实现服务器分组。
Ansible的默认主机清单配置文件为/etc/ansible/hosts.
示例:
[nginx] 组名
apache[1:10].aaa.com 表示apache1.aaa.com到apache10.aaa.com这10台机器
nginx[a:z].aaa.com 表示nginxa.aaa.com到nginxz.aaa.com共26台机器
10.1.1.[11:15] 表示10.1.1.11到10.1.1.15这5台机器
示例:
[nginx]
10.1.1.13:2222 表示10.1.1.13这台但ssh端口为2222
示例: 定义10.1.1.12:2222这台服务器的别名为nginx1
nginx1 ansible_ssh_host10.1.1.13 ansible_ssh_port2222
示例: 没有做免密登录的服务器可以指定用户名与密码
nginx1 ansible_ssh_host10.1.1.13 ansible_ssh_port2222 ansible_ssh_userroot ansible_ssh_pass123456
示例: 利用别名来分组
nginx1 ansible_ssh_host10.1.1.13 ansible_ssh_port2222 ansible_ssh_userroot ansible_ssh_pass123456
nginx2 ansible_ssh_host10.1.1.12
[nginx]
nginx1
nginx2三、模块
ansible模块
ansible是基于模块工作的本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块ansible只是提供一种框架。
ansible支持的模块非常的多我们并不需要把每个模块都记住而只需要熟悉一些常见的模块其它的模块在需要用到时再查询即可。
查看所有支持的模块 [roothd1~]# ansible-doc -l
a10_server Manage A10 Networks AX/SoftAX...
a10_server_axapi3 Manage A10 Networks AX/SoftAX...
a10_service_group Manage A10 Networks AX/SoftAX...
a10_virtual_server Manage A10 Networks AX/SoftAX...
aci_aaa_user Manage AAA users (aaa:User)
....... 如果要查看ping模块的用法使用下面命令其它模块以此类推) # ansible-doc ping hostname模块
hostname模块用于修改主机名注意: 它不能修改/etc/hosts文件)
将其中一远程机器主机名修改为agent1.com
ansible 10.1.1.12 -m hostname -a nameagent.com file模块(重点)
file模块用于对文件相关的操作(创建, 删除, 软硬链接等)
创建一个目录 : ansible group1 -m file -a path/test statedirectory [roothd1 ~]# ansible group1 -m file -a path/test statedirectory
192.168.156.12 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, gid: 0, group: root, mode: 0755, owner: root, path: /test, secontext: unconfined_u:object_r:default_t:s0, size: 6, state: directory, uid: 0
}
192.168.156.13 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, gid: 0, group: root, mode: 0755, owner: root, path: /test, secontext: unconfined_u:object_r:default_t:s0, size: 6, state: directory, uid: 0
}验证 创建一个文件 : ansible group1 -m file -a path/test/111 statetouch roothd1 ~]# ansible group1 -m file -a path/test/111 statetouch
192.168.156.13 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, dest: /test/111, gid: 0, group: root, mode: 0644, owner: root, secontext: unconfined_u:object_r:default_t:s0, size: 0, state: file, uid: 0
}
192.168.156.12 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, dest: /test/111, gid: 0, group: root, mode: 0644, owner: root, secontext: unconfined_u:object_r:default_t:s0, size: 0, state: file, uid: 0
}验证 递归修改owner,group,mode ansible group1 -m file -a path/test recurseyes ownerbin groupdaemon mode1777 [roothd1 ~]# ansible group1 -m file -a path/test recurseyes ownerbin groupdaemon mode1777
192.168.156.12 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, gid: 2, group: daemon, mode: 01777, owner: bin, path: /test, secontext: unconfined_u:object_r:default_t:s0, size: 17, state: directory, uid: 1
}
192.168.156.13 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, gid: 2, group: daemon, mode: 01777, owner: bin, path: /test, secontext: unconfined_u:object_r:default_t:s0, size: 17, state: directory, uid: 1
}验证 删除目录 absent 缺席的连同目录里的所有文件) ansible group1 -m file -a path/test stateabsent [roothd1 ~]# ansible group1 -m file -a path/test stateabsent
192.168.156.13 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, path: /test, state: absent
}
192.168.156.12 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, path: /test, state: absent
}创建文件并指定owner,group,mode等 ansible group1 -m file -a path/tmp/111 statetouch ownerbin groupdaemon mode1777 [roothd1 ~]# ansible group1 -m file -a path/tmp/111 statetouch ownerbin groupdaemon mode1777
192.168.156.12 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, dest: /tmp/111, gid: 2, group: daemon, mode: 01777, owner: bin, secontext: unconfined_u:object_r:user_tmp_t:s0, size: 0, state: file, uid: 1
}
192.168.156.13 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, dest: /tmp/111, gid: 2, group: daemon, mode: 01777, owner: bin, secontext: unconfined_u:object_r:user_tmp_t:s0, size: 0, state: file, uid: 1
}删除文件
master# ansible group1 -m file -a path/tmp/111 stateabsent [roothd1 ~]# ansible group1 -m file -a path/tmp/111 stateabsent
192.168.156.12 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, path: /tmp/111, state: absent
}
192.168.156.13 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, path: /tmp/111, state: absent
}创建软链接文件
ansible group1 -m file -a src/etc/fstab path/tmp/fstab statelink [roothd1 ~]# ansible group1 -m file -a src/etc/fstab path/tmp/fstab statelink
192.168.156.12 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, dest: /tmp/fstab, gid: 0, group: root, mode: 0777, owner: root, secontext: unconfined_u:object_r:user_tmp_t:s0, size: 10, src: /etc/fstab, state: link, uid: 0
}
192.168.156.13 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, dest: /tmp/fstab, gid: 0, group: root, mode: 0777, owner: root, secontext: unconfined_u:object_r:user_tmp_t:s0, size: 10, src: /etc/fstab, state: link, uid: 0
}创建硬链接文件
ansible group1 -m file -a src/etc/fstab path/tmp/fstab2 statehard [roothd1 ~]# ansible group1 -m file -a src/etc/fstab path/tmp/fstab2 statehard
192.168.156.12 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, dest: /tmp/fstab2, gid: 0, group: root, mode: 0644, owner: root, secontext: system_u:object_r:etc_t:s0, size: 465, src: /etc/fstab, state: hard, uid: 0
}
192.168.156.13 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, dest: /tmp/fstab2, gid: 0, group: root, mode: 0644, owner: root, secontext: system_u:object_r:etc_t:s0, size: 465, src: /etc/fstab, state: hard, uid: 0
}stat模块(了解)
stat模块类似linux的stat命令用于获取文件的状态信息。
获取/etc/fstab文件的状态信息
ansible group1 -m stat -a path/etc/fstab [roothd1 ~]# ansible group1 -m stat -a path/etc/fstab
192.168.156.12 | SUCCESS {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: false, stat: {atime: 1694016149.685236, attr_flags: , attributes: [], block_size: 4096, blocks: 8, charset: us-ascii, checksum: 3a63ec3ba12baa96fe6719bc31b22731fbc2d13f, ctime: 1694003717.553521, dev: 64768, device_type: 0, executable: false, exists: true, gid: 0, gr_name: root, inode: 16777282, isblk: false, ischr: false, isdir: false, isfifo: false, isgid: false, islnk: false, isreg: true, issock: false, isuid: false, mimetype: text/plain, mode: 0644, mtime: 1688831255.966, nlink: 2, path: /etc/fstab, pw_name: root, readable: true, rgrp: true, roth: true, rusr: true, size: 465, uid: 0, version: 955456813, wgrp: false, woth: false, writeable: true, wusr: true, xgrp: false, xoth: false, xusr: false}
}
192.168.156.13 | SUCCESS {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: false, stat: {atime: 1694016150.7691061, attr_flags: , attributes: [], block_size: 4096, blocks: 8, charset: us-ascii, checksum: 3a63ec3ba12baa96fe6719bc31b22731fbc2d13f, ctime: 1694003717.660331, dev: 64768, device_type: 0, executable: false, exists: true, gid: 0, gr_name: root, inode: 16777282, isblk: false, ischr: false, isdir: false, isfifo: false, isgid: false, islnk: false, isreg: true, issock: false, isuid: false, mimetype: text/plain, mode: 0644, mtime: 1688831255.966, nlink: 2, path: /etc/fstab, pw_name: root, readable: true, rgrp: true, roth: true, rusr: true, size: 465, uid: 0, version: 955456813, wgrp: false, woth: false, writeable: true, wusr: true, xgrp: false, xoth: false, xusr: false}
}copy模块(重点)
copy模块用于对文件的远程拷贝操作如把本地的文件拷贝到远程的机器上)
在master上准备一个文件拷贝此文件到group1的所有机器上 [roothd1 ~]# echo master /tmp/222
[roothd1 ~]# ansible group1 -m copy -a src/tmp/222 dest/tmp/333
192.168.156.13 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, checksum: 30f79bec32243c31dd91a05c0ad7b80f1e301aea, dest: /tmp/333, gid: 0, group: root, md5sum: c963080767f45828c31f83ca5cd25d36, mode: 0644, owner: root, secontext: unconfined_u:object_r:admin_home_t:s0, size: 7, src: /root/.ansible/tmp/ansible-tmp-1694082238.6-32333-216155124507669/source, state: file, uid: 0
}
192.168.156.12 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, checksum: 30f79bec32243c31dd91a05c0ad7b80f1e301aea, dest: /tmp/333, gid: 0, group: root, md5sum: c963080767f45828c31f83ca5cd25d36, mode: 0644, owner: root, secontext: unconfined_u:object_r:admin_home_t:s0, size: 7, src: /root/.ansible/tmp/ansible-tmp-1694082238.71-32331-202097380347300/source, state: file, uid: 0
}使用content参数直接往远程文件里写内容会覆盖原内容 [roothd1 ~]# ansible group1 -m copy -a contentha ha\n dest/tmp/333192.168.156.12 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, checksum: 92b543983c8ed2cb1ddccb1ea014a2b1d78eb38d, dest: /tmp/333, gid: 0, group: root, md5sum: a2c8d6b872054293afd41061e93bc289, mode: 0644, owner: root, secontext: unconfined_u:object_r:admin_home_t:s0, size: 6, src: /root/.ansible/tmp/ansible-tmp-1694082329.66-34241-16644602234490/source, state: file, uid: 0
}
192.168.156.13 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, checksum: 92b543983c8ed2cb1ddccb1ea014a2b1d78eb38d, dest: /tmp/333, gid: 0, group: root, md5sum: a2c8d6b872054293afd41061e93bc289, mode: 0644, owner: root, secontext: unconfined_u:object_r:admin_home_t:s0, size: 6, src: /root/.ansible/tmp/ansible-tmp-1694082329.25-34243-274972285491964/source, state: file, uid: 0
}注意:ansible中-a后面的参数里也有引号时记得要单引双引交叉使用如果都为双引会出现问题
使用force参数控制是否强制覆盖
如果目标文件已经存在则不覆盖 [roothd1 ~]# ansible group1 -m copy -a src/tmp/222 dest/tmp/333 forceno
192.168.156.12 | SUCCESS {changed: false, dest: /tmp/333, src: /tmp/222
}
192.168.156.13 | SUCCESS {changed: false, dest: /tmp/333, src: /tmp/222
}如果目标文件已经存在则会强制覆盖 [roothd1 ~]# ansible group1 -m copy -a src/tmp/222 dest/tmp/333 forceyes
192.168.156.13 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, checksum: 30f79bec32243c31dd91a05c0ad7b80f1e301aea, dest: /tmp/333, gid: 0, group: root, md5sum: c963080767f45828c31f83ca5cd25d36, mode: 0644, owner: root, secontext: unconfined_u:object_r:admin_home_t:s0, size: 7, src: /root/.ansible/tmp/ansible-tmp-1694082949.04-47354-114876946059338/source, state: file, uid: 0
}
192.168.156.12 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, changed: true, checksum: 30f79bec32243c31dd91a05c0ad7b80f1e301aea, dest: /tmp/333, gid: 0, group: root, md5sum: c963080767f45828c31f83ca5cd25d36, mode: 0644, owner: root, secontext: unconfined_u:object_r:admin_home_t:s0, size: 7, src: /root/.ansible/tmp/ansible-tmp-1694082949.02-47353-180469275670345/source, state: file, uid: 0
}使用backup参数控制是否备份文件
backupyes表示如果拷贝的文件内容与原内容不一样则会备份一份 group1的机器上会将/tmp/333备份一份备份文件命名加上时间再远程拷贝新的文件为/tmp/333 [roothd1 ~]# ansible group1 -m copy -a src/etc/fstab dest/tmp/333 backupyes ownerdaemon groupdaemon mode1777
192.168.156.12 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, backup_file: /tmp/333.47177.2023-09-0718:37:16~, changed: true, checksum: 3a63ec3ba12baa96fe6719bc31b22731fbc2d13f, dest: /tmp/333, gid: 2, group: daemon, md5sum: d3fc2b88bf5e90530ca5793a59ca2f59, mode: 01777, owner: daemon, secontext: unconfined_u:object_r:admin_home_t:s0, size: 465, src: /root/.ansible/tmp/ansible-tmp-1694083033.2-49357-246671726366385/source, state: file, uid: 2
}
192.168.156.13 | CHANGED {ansible_facts: {discovered_interpreter_python: /usr/bin/python}, backup_file: /tmp/333.46985.2023-09-0718:37:16~, changed: true, checksum: 3a63ec3ba12baa96fe6719bc31b22731fbc2d13f, dest: /tmp/333, gid: 2, group: daemon, md5sum: d3fc2b88bf5e90530ca5793a59ca2f59, mode: 01777, owner: daemon, secontext: unconfined_u:object_r:admin_home_t:s0, size: 465, src: /root/.ansible/tmp/ansible-tmp-1694083033.27-49358-35198328455539/source, state: file, uid: 2
}copy模块拷贝时要注意拷贝目录后面是否带/符号
/etc/yum.repos.d后面不带/符号则表示把/etc/yum.repos.d整个目录拷贝到/tmp/目录下 ansible group1 -m copy -a src/etc/yum.repos.d dest/tmp/ [roothd1 ~]# ansible group1 -m copy -a src/etc/yum.repos.d dest/tmp/
192.168.156.13 | CHANGED {changed: true, dest: /tmp/, src: /etc/yum.repos.d
}
192.168.156.12 | CHANGED {changed: true, dest: /tmp/, src: /etc/yum.repos.d
}/etc/yum.repos.d/后面带/符号则表示把/etc/yum.repos.d/目录里的所有文件拷贝到/tmp/目录下 ansible group1 -m copy -a src/etc/yum.repos.d/ dest/tmp/ [roothd1 ~]# ansible group1 -m copy -a src/etc/yum.repos.d/ dest/tmp/
192.168.156.12 | CHANGED {changed: true, dest: /tmp/, src: /etc/yum.repos.d/
}
192.168.156.13 | CHANGED {changed: true, dest: /tmp/, src: /etc/yum.repos.d/
}fetch模块
fetch模块与copy模块类似但作用相反。用于把远程机器的文件拷贝到本地。
第1步: 在两台被管理机上分别创建一个同名文件但内容不同)
agent1# echo agent1 /tmp/1.txt
agent2# echo agent2 /tmp/1.txt
第2步: 从master上fecth文件(因为group1里有2台机器,为了避免同名文件文件冲突它使用了不同的目录)
master# ansible group1 -m fetch -a src/tmp/1.txt dest/tmp/
192.168.156.12 | CHANGED {changed: true, checksum: d2911a028d3fcdf775a4e26c0b9c9d981551ae41, dest: /tmp/192.156.156.12/tmp/1.txt, 192.156.156.12的在这里md5sum: 0d59da0b2723eb03ecfbb0d779e6eca5, remote_checksum: d2911a028d3fcdf775a4e26c0b9c9d981551ae41, remote_md5sum: null
}
192.168.156.13 | CHANGED {changed: true, checksum: b27fb3c4285612643593d53045035bd8d972c995, dest: /tmp/192.168.156.13/tmp/1.txt, 192.168.156.13的在这里md5sum: cd0bd22f33d6324908dbadf6bc128f52, remote_checksum: b27fb3c4285612643593d53045035bd8d972c995, remote_md5sum: null
}
第3步: 先删除上面fetch过来的, 然后尝试只fetch其中一台机器的也会使用名称来做子目录区分
master# rm /tmp/192.168.156.* -rf
master# ansible 192.168.156.12 -m fetch -a src/tmp/1.txt dest/tmp/
192.168.156.12 | CHANGED {changed: true, checksum: d2911a028d3fcdf775a4e26c0b9c9d981551ae41, dest: /tmp/192.168.156.12/tmp/1.txt, 只fetch一个也会这样命名md5sum: 0d59da0b2723eb03ecfbb0d779e6eca5, remote_checksum: d2911a028d3fcdf775a4e26c0b9c9d981551ae41, remote_md5sum: null
}
注意: fetch模块不能从远程拷贝目录到本地
user模块
user模块用于管理用户账号和用户属性。
创建aaa用户,默认为普通用户,创建家目录
master# ansible group1 -m user -a ‘nameaaa statepresent’
创建bbb系统用户,并且登录shell环境为/sbin/nologin
master# ansible group1 -m user -a ‘namebbb statepresent systemyes shell/sbin/nologin’
创建ccc用户, 使用uid参数指定uid, 使用password参数传密码
master# echo 123456 | openssl passwd -1 -stdin
$1$DpcyhW2G$Kb/y1f.lyLI4MpRlHU9oq0
下一句命令注意一下格式密码要用双引号引起来单引号的话验证时会密码不正确
master# ansible group1 -m user -a nameccc uid2000 statepresent password$1$DpcyhW2G$Kb/y1f.lyLI4MpRlHU9oq0
创建一个普通用户叫hadoop,并产生空密码 密钥对
master# ansible group1 -m user -a namehadoop generate_ssh_keyyes
删除aaa用户,但家目录默认没有删除
master# ansible group1 -m user -a nameaaa stateabsent
删除bbb用户,使用removeyes参数让其删除用户的同时也删除家目录
master# ansible group1 -m user -a namebbb stateabsent removeyes
group模块
group模块用于管理用户组和用户组属性。
创建组
master# ansible group1 -m group -a namegroupa gid3000 statepresent
删除组如果有用户的gid为此组则删除不了)
master# ansible group1 -m group -a namegroupa stateabsent
cron模块
cron模块用于管理周期性时间任务
创建一个cron任务,不指定user的话,默认就是root因为我这里是用root操作的)。 如果minute,hour,day,month,week不指定的话默认都为*
master# ansible group1 -m cron -a nametest cron1 userroot jobtouch /tmp/111 minute*/2
删除cron任务
master# ansible group1 -m cron -a nametest cron1 stateabsent
yum_repository模块
yum_repository模块用于配置yum仓库。
增加一个/etc/yum.repos.d/local.repo配置文件
master# ansible group1 -m yum_repository -a namelocal descriptionlocalyum baseurlfile:///mnt/ enabledyes gpgcheckno
注意此模块只帮助配置yum仓库,但如果仓库里没有软件包安装一样会失败。所以可以手动去挂载光驱到/mnt目录
# mount /dev/cdrom /mnt
删除/etc/yum.repos.d/local.repo配置文件
master# ansible group1 -m yum_repository -a namelocal stateabsent
yum模块(重点)
yum模块用于使用yum命令来实现软件包的安装与卸载。
使用yum安装一个软件前提:group1的机器上的yum配置都已经OK
master# ansible group1 -m yum -a namevsftpd statepresent
使用yum安装httpd,httpd-devel软件,statelatest表示安装最新版本
master# ansible group1 -m yum -a namehttpd,httpd-devel statelatest
使用yum卸载httpd,httpd-devel软件
master# ansible group1 -m yum -a namehttpd,httpd-devel stateabsent
service模块(重点)
service模块用于控制服务的启动,关闭,开机自启动等。
启动vsftpd服务并设为开机自动启动
master# ansible group1 -m service -a namevsftpd statestarted enabledon
关闭vsftpd服务并设为开机不自动启动
master# ansible group1 -m service -a namevsftpd statestopped enabledfalse
script模块
script模块用于在远程机器上执行本地脚本。
在master上准备一个脚本
master# vim /tmp/1.sh
#!/bin/bash
mkdir /tmp/haha
touch /tmp/haha/{1..10}
在group1的远程机器里都执行master上的/tmp/1.sh脚本此脚本不用给执行权限)
master# ansible group1 -m script -a /tmp/1.sh
扩展: 使用shell脚本实现在group1的被管理机里的mariadb里创建一个abc库
#!/bin/bash
yum install mariadb-server -y /dev/null
systemctl start mariadb
systemctl enable mariadb
mysql EOF
create database abc;
quit
EOF
把上面的脚本使用script模块在group1被管理机里执行即可
command与shell模块
两个模块都是用于执行linux命令的,这对于命令熟悉的工程师来说用起来非常high。
shell模块与command模块差不多command模块不能执行一些类似$HOME,,,|等符号但shell可以)
master# ansible -m command group1 -a useradd user2
master# ansible -m command group1 -a id user2
master# ansible -m command group1 -a cat /etc/passwd |wc -l --报错
master# ansible -m shell group1 -a cat /etc/passwd |wc -l --成功
master# ansible -m command group1 -a cd $HOME;pwd --报错
master# ansible -m shell group1 -a cd $HOME;pwd --成功
注意: shell模块并不是百分之百任何命令都可以,比如vim或ll别名就不可以。不建议大家去记忆哪些命令不可以大家只要养成任何在生产环境里的命令都要先在测试环境里测试一下的习惯就好。
