前言:
此时同学们对“centos55怎么安装”可能比较注意,各位老铁们都想要知道一些“centos55怎么安装”的相关内容。那么小编也在网上搜集了一些有关“centos55怎么安装””的相关文章,希望小伙伴们能喜欢,你们一起来了解一下吧!ansible的安装和常用模块使用-7.x(此处是7.4)和ansible-playbook使用
ansible特点:
ansible不需要单独安装客户端,ssh相当于ansible的客户端
ansible不需要启动任何服务,仅需要安装对应工具即可。
ansible依赖大量的python模块来实现批量管理。
ansible的配置文件:/etc/ansible/ansible.cfg
ansible查看模块使用参数: #ansible-doc 模块名,如:ansible-doc command
1.ansible的安装和使用——管理端:(ansible,192.168.171.128):
1)管理端机器上生成ssh密钥对,实现能无密码连接登录到被管理机器:
[root@localhost ~]# ssh-keygen -t rsa #下面一路回车,不用输密码
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rZn0m2eUdeYzqZUEYE2W8cAZJ2ElF/6/XvvP7aoq7EQ root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| o=@B=.|
| . o*O |
| .o |
| . ..+|
| E . o.++|
| o = o *o|
| .= .. o =|
| .o oo. .=|
| ...++..o*O|
+----[SHA256]-----+
[root@localhost ~]# ls /root/.ssh/
id_rsa id_rsa.pub
[root@localhost ~]# yum -y install openssh openssh-clients openssh-server #若没有ssh命令和ssh-copy-id等时候的安装
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.171.129 #或仅IP也可
#第一次需要输入对方用户密码:123456
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.171.129 #或仅IP也可
#第一次需要输入对方用户密码:123456
[root@localhost ~]# ssh root@192.168.171.129 ifconfig |head -3
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.171.129 netmask 255.255.255.0 broadcast 192.168.171.255
inet6 fe80::2fab:326:734f:2936 prefixlen 64 scopeid 0x20<link>
[root@localhost ~]# ssh root@192.168.171.130 ifconfig |head -3
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.171.130 netmask 255.255.255.0 broadcast 192.168.171.255
inet6 fe80::eaa2:384e:60ac:87b1 prefixlen 64 scopeid 0x20<link>
注意:ssh-copy命令格式有两种:1)ssh-copy-id 远端用户@远端IP #或仅IP
2)ssh-copy-id -i /root/.ssh/id_rsa.pub 远端用户@远端IP #或仅IP
2)管理端yum安装ansible:
[root@localhost ~]# yum -y install epel-release #先安装epel-release
[root@localhost ~]# yum -y install ansible
[root@localhost ~]# ansible --version
ansible 2.8.5
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
3)管理端配置主机管理: 在hosts文件中添加管理主机的IP地址列表:
[root@localhost ~]# vim /etc/ansible/hosts
……
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
[test] #添加一个组名
192.168.171.129 #添加被管理主机的IP
192.168.171.130 #添加被管理主机的IP
……
wq
4)管理端ansible的相关配置:
[root@localhost ~]# vim /etc/ansible/ansible.cfg
……
host_key_checking = False #禁用每次执行ansbile命令检查ssh key host ,默认注释,开启即可
log_path = /var/log/ansible.log #开启日志记录, 默认注释,开启即可
……
[accelerate]
accelerate_port = 5099 #释放,默认注释,也可改变端口号,此处没改
#accelerate_timeout = 30
#accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
#accelerate_daemon_timeout = 30
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
accelerate_multi_key = yes #释放,默认注释
5)最后测试下在管理机器上批量执行命令管理被管理端
ping命令,查看被管理端是否活着:
[root@localhost ~]# ansible test -m ping #此处为管理test模块,也可其他模块,也用all,管理所有模块
……
192.168.171.129 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.171.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
可以看出,在每台管理机器上都成功执行了ping命令
若机器没开机,则显示:
[root@localhost ~]# ansible test -m ping #此处为管理test模块,也可其他模块,也用all,管理所有模块
192.168.171.137 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.231.137 port 22: Connection timed out\r\n",
"unreachable": true
}
2.ansible的常用模块使用-批量操作机器
1)command或shell模块,执行远程命令,管理被管理端
(都是批量执行命令,shell更强大,什么都能干,如果需要一些管道等复杂命令的操作,则使用shell,command完成不了,shell还能执行脚本)
执行远程命令: 以下的command也可以用shell代替
# ansible 单独模块名 -m command/shell -a "执行的远程命令" #管理单独模块下机器,执行远程机器命令
# ansible all -m command -a "执行的远程命令" #管理所有模块下机器,执行远程机器命令
# ansible test -m command -a "ifconfig|grep ens33" -f 50 #command执行不了,-f 50一次显示50个主机
# ansible test -m shell -a "ifconfig|grep ens33" -f 50 #shell可以执行,-f 50一次显示50个主机
192.168.171.130 | CHANGED | rc=0 >>
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
192.168.171.129 | CHANGED | rc=0 >>
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
其他例子:
[root@localhost ~]# ansible test -m command -a "free -m"
192.168.171.129 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 984 124 498 6 361 674
Swap: 2047 0 2047
192.168.171.130 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 984 123 500 6 359 676
Swap: 2047 0 2047
[root@localhost ~]# ansible test -m shell -a "free -m"
192.168.171.130 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 984 123 500 6 359 676
Swap: 2047 0 2047
192.168.171.129 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 984 124 499 6 361 674
Swap: 2047 0 2047
[root@localhost ~]# ansible test -m shell -a "sh /root/a.sh"
192.168.171.129 | CHANGED | rc=0 >>
129
192.168.171.130 | CHANGED | rc=0 >>
130
2)copy模块,批量发送文件到被管理端或向被管理端文件写内容
copy模块下常用参数:
src: 推送数据的源文件信息
dest: 推送数据的目录路径
backup: 对推送传送过去的文件,进行原文件备份,再接收新文件
content: 直接批量在被管理端文件中添加内容
group: 将本地文件推送到远端,指定文件属组信息
owner: 将本地文件推送到远端,指定文件属主信息
mode: 将本地文件推动到远端,指定文件权限信息
(1) 将管理端(ansible机器)上本地文件(/tmp/a.txt)批量发送给被管理端(/tmp/目录):
copy模块注意:所有被管理端需要安装:libselinux-python ,此处为192.168.171.129和192.168.171.130上)
[root@localhost ~]# yum install libselinux-python -y 默认cent7.x已经安装,若没有安装,需要先安装该包
a)批量发送文件:
管理端:
[root@localhost ~]# cat /tmp/a.txt
111
[root@localhost ~]# ansible test -m copy -a "src=/tmp/a.txt dest=/tmp/"
192.168.171.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "63bea2e3b0c7cd2d1f98bc5b7a9951eafcfead0f",
"dest": "/tmp/a.txt",
"gid": 0,
"group": "root",
"md5sum": "1181c1834012245d785120e3505ed169",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 4,
"src": "/root/.ansible/tmp/ansible-tmp-1570087134.72-175986676314669/source",
"state": "file",
"uid": 0
}
192.168.171.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "63bea2e3b0c7cd2d1f98bc5b7a9951eafcfead0f",
"dest": "/tmp/a.txt",
"gid": 0,
"group": "root",
"md5sum": "1181c1834012245d785120e3505ed169",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 4,
"src": "/root/.ansible/tmp/ansible-tmp-1570087134.73-59570214580082/source",
"state": "file",
"uid": 0
}
被管理端: (所有被管理端需要安装:libselinux-python ,此处为192.168.171.129和192.168.171.130上)
[root@localhost ~]# yum install libselinux-python -y
[root@localhost ~]# ls /tmp/ #被管理端192.168.171.129,需要yum -y install libselinux-python
a.txt
[root@localhost ~]# ls /tmp/ #被管理端192.168.171.130,需要yum -y install libselinux-python
txt yum.log
管理端:
[root@localhost ~]# echo xxx >> /tmp/a.txt
[root@localhost ~]# cat /tmp/a.txt
111
xxx
[root@localhost ~]# ll /tmp/a.txt
-rw-r--r--. 1 root root 8 Oct 3 15:31 /tmp/a.txt
[root@localhost ~]# ansible test -m copy -a "src=/tmp/a.txt dest=/tmp/ backup='yes' owner='root' group='root' mode='0600'"
被管理端: (所有被管理端需要安装:libselinux-python ,此处为192.168.171.129和192.168.171.130上)
[root@localhost ~]# yum install libselinux-python -y
[root@localhost ~]# ls /tmp/a.txt* #被管理端192.168.171.129,需要yum -y install libselinux-python
-rw-------. 1 root root 8 Oct 3 15:35 /tmp/a.txt
-rw-r--r--. 1 root root 4 Oct 3 15:18 /tmp/a.txt.9796.2019-10-03@15:35:55~
[root@localhost ~]# cat /tmp/a.txt
111
xxx
b)批量将内容写入远端文件:(远端文件可事先不存在)直接向远端文件内写入数据信息,并且会覆盖远端文件内容原有数据信息
管理端: content定义要写的内容, dest:定义要写入远端的文件名
[root@localhost ~]# ansible test -m copy -a "content='123' dest=/etc/rsync.pass owner=root group=root mode=600"
被管理端:
[root@localhost ~]# cat /etc/rsync.pass
123[root@localhost ~]#
3)yum模块,批量安装软件(相当于到远端机器执行yum -y install xxx)
# ansible test -m yum -a "name=要安装的服务名 state=installed"
如:ansible test -m yum -a "name=httpd state=installed"
使用详解:
name: 指定要安装的软件包名称
name的常用参数:即是常用软件包的名称,如:httpd,....
state: 指定使用yum的方法进行安装,卸载等操作
state的常用参数如下:
installed,present 安装软件包
removed,absent 移除软件包
latest 安装最新软件包
例子:
管理端:
[root@localhost ~]# ansible test -m yum -a "name=httpd state=installed"
[root@localhost ~]# ansible test -m command -a "systemctl start httpd"
所有被管理端:
#httpd服务已经安装完成
[root@localhost ~]# systemctl status httpd
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2019-10-03 16:05:38 CST; 15s ago
4)service模块,启动,停止,重启,重载服务等
# ansible test -m service -a "name=服务名 state=stopped enabled=yes"
如: ansible test -m service -a "name=httpd state=stopped enabled=yes"
name: 定义要启动服务的名称,参数即为各服务名
state: 指定服务状态是停止或运行,或重载等,参数如下:
started: 启动
stopped: 停止
restarted 重启
reloaded 重载
enabled: 是否让服务开机自启动
例子:
管理端:
[root@localhost ~]# ansible test -m command -a "systemctl status httpd"
192.168.171.129 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2019-10-03 16:05:38 CST; 22min ago
Docs: man:httpd(8)
......
192.168.171.130 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2019-10-03 16:05:38 CST; 22min ago
Docs: man:httpd(8)
......
[root@localhost ~]# ansible test -m service -a "name=httpd state=stopped enabled=yes"
[root@localhost ~]# ansible test -m command -a "systemctl status httpd"
192.168.171.129 | FAILED | rc=3 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Thu 2019-10-03 16:30:41 CST; 41s ago
.......
192.168.171.130 | FAILED | rc=3 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Thu 2019-10-03 16:30:41 CST; 41s ago
........
所有被管理端:
[root@localhost ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Thu 2019-10-03 16:30:41 CST; 1min 5s ago
5)script模块,编写脚本和执行脚本(本地编写脚本,本地运行,即可等同于在远程执行)
在本地运行模块,等同于在远程执行,不需要将脚本文件进行推送目标主机执行。
格式:# ansible test -m script -a "/.../本地编写的脚本.sh"
例子:
管理端:
[root@localhost ~]# cat /root/yum_wget.sh
#!/usr/bin/bash
yum -y install wget
[root@localhost ~]# chmod +x /root/yum_wget.sh
[root@localhost ~]# ansible test -m script -a "/root/yum_wget.sh"
所有被管理端:
[root@localhost ~]# wget -V
GNU Wget 1.14 built on linux-gnu.
6)file模块,配置模块,远程创建目录,远程创建文件,远程做软硬链接文件
远程创建目录:
# ansible test -m file -a "path=/tmp/shi state=directory"
远程创建文件:
# ansible test -m file -a "path=/tmp/shi.txt state=touch mode=555 owner=root group=root"
远程做软连接:
# ansible test -m file -a "src=/tmp/shi.txt path=/tmp/shi.txt_link state=link"
递归创建或更改目录权限:
# ansible test -m file -a "path=/tmp/shi state=directory owner=root group=root mode=600 recurse=yes"
path: 指定远程主机目录或文件目录
recurse: 递归授权
state:
directory: 在远端创建mull
touch: 在远端创建文件
link: link或hard表示创建链接文件
absent: 表示删除文件或目录
mode: 设置文件或目录权限
owner: 设置文件或目录属主信息
group: 设置文件或目录属组信息
例子:
管理端:
[root@localhost ~]# ansible test -m file -a "path=/tmp/shi state=directory" #远程创建目录
所有被管理端:
目录/tmp/shi目录会被创建出来。
管理端:
[root@localhost ~]# ansible test -m file -a "path=/tmp/shi.txt state=touch mode=555 owner=root group=root"
所有被管理端:
文件:/tmp/shi.txt文件会被创建出来,且权限为555
管理端:
[root@localhost ~]# ansible test -m file -a "src=/tmp/shi.txt path=/tmp/shi.txt_link state=link"
所有被管理端:
文件:/tmp/shi.txt文件会被创建软连接,软连接文件为:/tmp/shi.txt_link
管理端:
[root@localhost ~]# ansible test -m file -a "path=/tmp/shi state=directory owner=root group=root mode=600 recurse=yes"
所有被管理端:
[root@localhost ~]# ll /tmp/shi/a.txt
-rw-------. 1 root root 4 Oct 3 17:29 /tmp/shi/a.txt
7)group模块,远程创建组
# ansible test -m group -a "name=要创建的组名 gid=888 state=present" #创建组,指定gid
如:
[root@localhost ~]# ansible test -m group -a "name=shi_group gid=888 state=present"
name: 指定创建的组名
gid: 指定组的gid
state: 表示对组的操作状态,参数如下:
absent: 删除远端的组
present: 创建远端的组(默认)
例子:
管理端:
[root@localhost ~]# ansible test -m group -a "name=shi_group gid=888 state=present"
被管理端:
[root@localhost ~]# tail -2 /etc/group
apache:x:48:
shi_group:x:888:
8)user模块,远程创建用户
创建用户:不加密码:
# ansible test -m user -a "name=shi uid=88 group=shi_group shell=/sbin/nologin create_home=no state=present"
删除用户:
# ansible test -m user -a "name=shi uid=88 group=shi_group shell=/sbin/nologin create_home=no state=absent"
创建普通用户并设置登录密码:
# echo 'mima' |openssl passwd -1 -stdin #给指定的密码内容加密,注意需要加密,用户才能登录
$1$PxrQduFH$0sqImb.R6gy80gm8qlUvc0
# ansible test -m user -a 'name=shi3 password="$1$PxrQduFH$0sqImb.R6gy80gm8qlUvc0"'
name: 指定创建的用户名
uid: 指定用户的uid
gruop: 指定用户组名称
gruops: 指定附加组名称
password: 给用户添加密码
shell: 指定用户登录shell
create_home: 是否创建家目录
state: 表示对用户的操作状态,参数如下:
absent: 删除远端的组
present: 创建远端的组(默认)
例子: 管理端:
[root@localhost ~]# ansible test -m user -a "name=shi uid=88 group=shi_group shell=/sbin/nologin create_home=no state=present" #创建用,不加密码
所有被管理端即可创建用户shi:
[root@localhost ~]# id shi
uid=88(shi) gid=888(shi_group) groups=888(shi_group)
创建普通用户并设置登录密码:
管理端:
[root@localhost ~]# echo 'mima' |openssl passwd -1 -stdin #给指定的密码内容加密,注意需要加密,用户才能登录
$1$PxrQduFH$0sqImb.R6gy80gm8qlUvc0
[root@localhost ~]# ansible test -m user -a 'name=shi3 password="$1$PxrQduFH$0sqImb.R6gy80gm8qlUvc0"'
[root@localhost ~]# ssh shi3@192.168.171.129
shi3@192.168.171.129's password:
[shi3@localhost ~]$ ifconfig |head -2
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.171.129 netmask 255.255.255.0 broadcast 192.168.171.255
所有被管理端有用户shi3且能登录,如下:
[root@localhost ~]# id shi3
uid=1001(shi3) gid=1001(shi3) groups=1001(shi3)
9)cron模块,远程添加定时任务 (下面:a.sh是远程机器上本地有的脚本)
远程添加定时任务,未设置注释信息:
# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* job='/bin/sh /root/a.sh' state=present"
远程添加定时任务,并设置注释信息,防止定时任务重复:
# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* name='注释信息' job='/bin/sh /root/a.sh' state=present"
远程注释定时任务:
# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* name='cron1' job='/bin/sh /root/a.sh' state=present disabled=yes"
远程删除定时任务:
# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* name='cron1' job='/bin/sh /root/a.sh' state=absent"
例子:
管理端:
[root@localhost ~]# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* job='/bin/sh /root/a.sh' state=present" #远程添加定时任务,未设置注释信息:
所有被管理端:
[root@localhost ~]# crontab -l
#Ansible: None
00 01 * * * /bin/sh /root/a.sh
管理端:
[root@localhost ~]# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* name='cron1' job='/bin/sh /root/a.sh' state=present" #远程添加定时任务,并设置注释信息,防止定时任务重复
所有被管理端:
[root@localhost ~]# crontab -l
#Ansible: cron1
00 01 * * * /bin/sh /root/a.sh
管理端:
[root@localhost ~]# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* name='cron1' job='/bin/sh /root/a.sh' state=present disabled=yes" #远程注释定时任务
所有被管理端:
[root@localhost ~]# crontab -l
#Ansible: cron1
#00 01 * * * /bin/sh /root/a.sh
管理端:
[root@localhost ~]# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* name='cron1' job='/bin/sh /root/a.sh' state=absent" #远程删除定时任务
所有被管理端:
[root@localhost ~]# crontab -l
无
10)mount模块,远程添加挂载
立刻挂载并写入/etc/fstab中:
# ansible test -m mount -a "src=192.168.171.128:/data path=/opt fstype=nfs opts=defaults,noatime state=mounted"
立刻卸载并清除/etc/fstab中信息:
# ansible test -m mount -a "src=192.168.171.128:/data path=/opt fstype=nfs opts=defaults,noatime state=absent"
src: 要被挂载的原目录
path: 要挂载到的本地目录
fstype: 要挂载的文件类型
state: 挂载或卸载的状态,常用参数如下:
present: 开机挂载,不会直接挂载设备,仅将配置写入/etc/fstab,不会马上挂载
mounted: 马上直接挂载设备,并将配置写入/etc/fstab
unmounted: 马上直接卸载设备,不会清除/etc/fstab写入的配置
absent: 马上直接卸载设备,会清理/etc/fstab写入的配置
例子:
管理端:192.168.171.128
[root@localhost ~]# yum -y install nfs-utils #被管理的挂载端也要安装,才能挂载
[root@localhost ~]# vim /etc/exports
/data *(rw,no_root_squash)
[root@localhost ~]# systemctl start nfs
[root@localhost ~]# ansible test -m mount -a "src=192.168.171.128:/data path=/opt fstype=nfs opts=defaults,noatime state=mounted"
所有被管理端:
[root@localhost ~]# mount |grep opt
192.168.171.128:/data on /opt type nfs4 (rw,noatime,vers=4.1,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.171.129,local_lock=none,addr=192.168.171.128)
[root@localhost ~]# tail -1 /etc/fstab
192.168.171.128:/data /opt nfs defaults,noatime 0 0
管理端:192.168.171.128
[root@localhost ~]# ansible test -m mount -a "src=192.168.171.128:/data path=/opt fstype=nfs opts=defaults,noatime state=absent"
被管理端:
[root@localhost ~]# mount |grep opt
空
[root@localhost ~]# tail -2 /etc/fstab
/dev/mapper/centos-home /home xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
2.ansible-playbook使用(剧本)
playbook是由一个或多个模块组成的,使用多个不同的模块,完成一件事情。Playbook通过yaml语法识别描述的状态文件,扩展名是yaml。
yaml三板斧:
缩进: yaml使用一个固定的缩进风格表示层级结构,每个缩进由两个空格组成,不能使用tab键。
冒号: 以冒号结尾的除外,其他所有冒号后面所有必须有空格。
短横线: 表示列表项,使用一个短横线加一个空格,多个项使用同样的缩进级别作为同一列表。
案例1: 用ansible-playbook方式远程批量安装httpd-若修改完配置,重新推送后,配置改了但没重载服务,不生效
管理端:192.168.171.128
[root@localhost ~]# ls
httpd.conf httpd_install.yaml
[root@localhost ~]# vim httpd_install.yaml
#这是一个ansible的playbook
#第一步: 找到谁,hosts: 定义主机清单,ansible的hosts文件里定义的主机清单模块名
#第二步: 大概做的任务: 安装,配置,启动
#第三步: 具体怎么做
#name:描述信息,task里有3个同级别的列表步骤
#yum: 远端安装服务,yum模块安装服务(installed)
#copy: 远端拷贝文件,copy模块传送文件到远端
#service: 远端启动服务(started)
- hosts: test
tasks:
- name: install httpd fuwu
yum: name=httpd,httpd-tools state=installed
- name: configure httpd fuwu
copy: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf
- name: qidong httpd fuwu
service: name=httpd state=started enabled=yes
[root@localhost ~]# ansible-playbook --syntax-check httpd_install.yaml #检查语法是否有误
playbook: httpd_install.yaml
[root@localhost ~]# ansible-playbook -C httpd_install.yaml #-C模拟执行,不是真的直接执行
[root@localhost ~]# ansible-playbook httpd_install.yaml #真正模拟执行,批量操作远端机器安装服务
所有管理端机器: httpd服务会安装后并启动
[root@localhost ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2019-10-04 01:20:56 CST; 4s ago
案例2: 用ansible-playbook方式远程批量安装httpd-若修改完配置,重新推送后,配置改了且能触发重启服务配置生效.
管理端:192.168.171.128
[root@localhost ~]# curl 192.168.171.129
80端口能访问httpd
[root@localhost ~]# curl 192.168.171.10
80端口能访问httpd
[root@localhost ~]# ls
httpd.conf httpd_install.yaml
[root@localhost ~]# vim httpd.conf
Listen 8888 #修改端口
[root@localhost ~]# vim httpd_install.yaml
#这是一个ansible的playbook
#第一步: 找到谁,hosts: 定义主机清单,ansible的hosts文件里定义的主机清单模块名
#第二步: 大概做的任务: 安装,配置,启动 #第三步: 具体怎么做
#name:描述信息,task里有3个同级别的列表步骤
#yum: 远端安装服务,yum模块安装服务
#copy: 远端拷贝文件,copy模块传送文件到远端 #service: 远端启动服务
#notify: 当该项中的配置文件内容有变更时候,会触发下面的handlers的重启操作(根据handler描述信息关联触发)
#handler: 当被触发后执行的操作,重启httpd服务
- hosts: test
tasks:
- name: install httpd fuwu
yum: name=httpd,httpd-tools state=installed
- name: configure httpd fuwu
copy: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: Restart httpd fuwu
- name: qidong httpd fuwu
service: name=httpd state=started enabled=yes
handlers:
- name: Restart httpd fuwu
service: name=httpd state=restarted
[root@localhost ~]# ansible-playbook --syntax-check httpd_install.yaml #检查语法是否有误
playbook: httpd_install.yaml
[root@localhost ~]# ansible-playbook -C httpd_install.yaml #-C模拟执行,不是真的直接执行
[root@localhost ~]# ansible-playbook httpd_install.yaml #真正模拟执行,批量操作远端机器安装服务
[root@localhost ~]# curl 192.168.171.129
curl: (7) Failed connect to 192.168.171.129:80; Connection refused
[root@localhost ~]# curl 192.168.171.130
curl: (7) Failed connect to 192.168.171.130:80; Connection refused
[root@localhost ~]# curl 192.168.171.129:8888
能访问httpd
[root@localhost ~]# curl 192.168.171.130:8888
能访问httpd
所有管理端机器: httpd服务会安装后并启动
[root@localhost ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2019-10-04 01:47:03 CST; 18s ago
[root@localhost ~]# netstat -anput |grep 80
无
[root@localhost ~]# netstat -anput |grep 8888
tcp6 0 0 :::8888 :::* LISTEN 16723/httpd
案例3: 在管理端安装nfs服务,在被管理端批量挂载nfs的共享目录
管理端:192.168.171.128
[root@localhost ~]# cat /etc/ansible/hosts
[test] #添加一个组名
192.168.171.129 #添加被管理主机的IP
192.168.171.130 #添加被管理主机的IP
[root@localhost ~]# yum -y install nfs-utils #被管理的挂载端也要安装,才能挂载
[root@localhost ~]# vim /etc/exports
/data *(rw,no_root_squash)
[root@localhost ~]# ls /data/
a.txt
[root@localhost ~]# cat /data/a.txt
111
[root@localhost ~]# systemctl start nfs
[root@localhost ~]# cat web_mount.yaml
#test: 为/etc/ansible/hosts中的主机列表 #task: 执行的任务
#name: 描述信息 #mount: mount模块
#state=mounted: 马上直接挂载设备,并将配置写入/etc/fstab
- hosts: test
tasks:
- name: Mount nfs server share data
mount: src=192.168.171.128:/data path=/data fstype=nfs opts=defaults state=mounted
#若将state=absent,则立刻卸载并清除/etc/fstab中信息
[root@localhost ~]# ansible-playbook web_mount.yaml #执行剧本
所有被管理端:
[root@localhost ~]# df -h|tail -1
192.168.171.128:/data 50G 1.3G 49G 3% /data
[root@localhost ~]# cat /etc/fstab |tail -1
192.168.171.128:/data /data nfs defaults 0 0
[root@localhost ~]# cat /data/a.txt
111
案例4: 远程批量安装rsync服务,并设置管理端修改配置文件变动时候执行playbook时触发重启服务
管理端:192.168.171.128
[root@localhost ~]# ls
conf rsync_install.yaml web_mount.yaml
[root@localhost ~]# ls conf/
rsyncd.conf
[root@localhost ~]# cat conf/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsyncd.password
log file = /var/log/rsyncd.log
[data]
path=/data
[root@localhost ~]# cat rsync_install.yaml
#test: 为/etc/ansible/hosts中的主机列表 #task: 执行的任务
#name: 描述信息 #yum: yum模块,安装服务的
#copy: copy模块,远程传递文件的 #file: file模块,远程创建目录的
#service: service模块,远程管理服务的
- hosts: test
tasks:
#安装rsync服务
- name: Install Rsync Server
yum: name=rsync state=installed
#配置rsync服务,cp自定义的配置文件,且设置当该配置文件变更需要触发重启操作
- name: configure rsync server
copy: src=./conf/rsyncd.conf dest=/etc/rsyncd.conf
notify: Restart Rsync Server
#创建rsync虚拟用户和密码文件,用户名:rsync_backup,密码:1
- name: create Virt User
copy: content='rsync_backup:1' dest=/etc/rsyncd.password mode=600
#远程创建用户组和用户
- name: create yonghu zu www
group: name=www gid=666
#远程创建用户, create_home=no:不创建家目录 指定shell不能登录
- name: create yonghu www
user: name=www uid=666 group=www create_home=no shell=/sbin/nologin
#远程创建目录/data作为共享目录
- name: create data mulu
file: path=/data state=directory recurse=yes owner=www group=www mode=755
#远程启动rsync服务
- name: start rsyncserver
service: name=rsyncd state=started enabled=yes
#下面handler是接收notify的触发,执行重启rsync服务
handlers:
- name: Restart Rsync Server
service: name=rsyncd state=restarted
[root@localhost ~]# ansible-playbook rsync_install.yaml #执行远程安装
[root@localhost ~]# yum -y install rsync
[root@localhost ~]# echo 1 > /etc/rsync.pass
[root@localhost ~]# chmod -R 600 /etc/rsync.pass
[root@localhost ~]# echo 111 > a.txt
[root@localhost ~]# rsync -av a.txt rsync_backup@192.168.171.129::data --password-file=/etc/rsync.pass
[root@localhost ~]# rsync -av a.txt rsync_backup@192.168.171.130::data --password-file=/etc/rsync.pass
所有被管理端:192.168.171.129和192.168.171.130
[root@localhost ~]# systemctl status rsyncd
● rsyncd.service - fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2019-10-04 17:16:39 CST; 4min 18s ago
[root@localhost ~]# netstat -anput |grep 873
tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 23117/rsync
[root@localhost ~]# ls /data/
a.txt
[root@localhost ~]# cat /data/a.txt
111
案例5: 远程批量安装nfs服务,并设置管理端修改配置文件变动时候执行playbook时触发重启服务
管理端:192.168.171.128
[root@localhost ~]# cat /etc/ansible/hosts
[test] #添加一个组名
192.168.171.129 #添加被管理主机的IP
192.168.171.130 #添加被管理主机的IP
[root@localhost ~]# ls
conf nfs_install.yaml
[root@localhost ~]# ls conf/
exports
[root@localhost ~]# cat /etc/exports
/data *(rw,no_root_squash)
[root@localhost ~]# cat nfs_install.yaml
#hosts: 指定要操作的主机清单
- hosts: test
tasks:
#远端安装nfs
- name: Install nfs server
yum: name=nfs-utils state=installed
#配置nfs,自定义配置文件传递到远端,并修改配置后触发重启服务动作
- name: configure nfs server
copy: src=./conf/exports dest=/etc/exports
notify: Restart Nfs Server
#远程递归创建共享目录
- name: create share data directory
file: path=/data state=directory recurse=yes owner=root group=root mode=755
#远程启动nfs
- name: start nfs server
service: name=nfs-server state=started enabled=yes
handlers:
- name: Restart Nfs Server
service: name=nfs-server state=restarted
[root@localhost ~]# ansible-playbook nfs_install.yaml #执行远程安装
[root@localhost ~]# yum -y install nfs-utils #安装客户端,查看挂载使用
[root@localhost ~]# showmount -e 192.168.171.129
Export list for 192.168.171.129:
/data *
[root@localhost ~]# showmount -e 192.168.171.130
Export list for 192.168.171.130:
/data *
所有被管理端:192.168.171.129和192.168.171.130
[root@localhost ~]# systemctl status nfs
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)
Drop-In: /run/systemd/generator/nfs-server.service.d
└─order-with-mounts.conf
Active: active (exited) since Fri 2019-10-04 17:39:08 CST; 14s ago
案例6: 远程批量添加定时任务
管理端:192.168.171.128
[root@localhost ~]# cat /etc/ansible/hosts
[test] #添加一个组名
192.168.171.129 #添加被管理主机的IP
192.168.171.130 #添加被管理主机的IP
[root@localhost ~]# cat cron_add.yaml
#hosts: 指定要操作的主机清单
#task: 任务列表
#name:描述注释信息
#cron:cron模块,添加定时任务,分时日月周,不写的默认是*,下面只关添加定时任务,具体要执行,需要本地有相应的脚本才行
- hosts: test
tasks:
- name: Crontab Scripts chuangjian
cron: name='dellog scripts' minute=00 hour=01 job="/bin/sh /server/scripts/delete_log.sh &>/dev/null"
[root@localhost ~]# ansible-playbook cron_add.yaml #执行远程添加
注意:若下面是:删除定时任务:
cron: name='backup scripts' minute=00 hour=01 job="/bin/sh /server/scripts/delete_log.sh &>/dev/null" state=absent
若下面则是:注释定时任务:
cron: name='backup scripts' minute=00 hour=01 job="/bin/sh /server/scripts/delete_log.sh &>/dev/null" disabled=yes
所有被管理端:192.168.171.129和192.168.130
[root@localhost ~]# crontab -l
#Ansible: dellog scripts
00 01 * * * /bin/sh /server/scripts/delete_log.sh &>/dev/null
注意事项:
1.当管理端向被管理端发送文件时候,在(被管理端)安装:libselinux-python,才能将管理端(ansible机器)上本地文件批量发送给被管理端,即: yum install libselinux-python -y
2.ansible机器也可不用创建密钥对,进行无秘钥连接被管理机器,只需要在配置文件/etc/ansible/hosts中添加各个被管理机器的密码也可(不过第一次连接时需要输入yes确认,后面就不需要了)
格式例子如:
[maya]
keeper-01 ansible_ssh_host="192.168.14.128" ansible_ssh_user="root" ansible_ssh_pass="123456"
maya-001-129 ansible_ssh_host="192.168.14.129" ansible_ssh_user="root" ansible_ssh_pass="123456"
[mem]
mem1 ansible_ssh_host="192.168.14.130" ansible_ssh_user="root" ansible_ssh_pass="123456"
mem2 ansible_ssh_host="192.168.14.131" ansible_ssh_user="root" ansible_ssh_pass="123456"
3.ansible机器可以对定义的整个模块批量操作管理机器,也可对某模块中定义的某个被管理机器单独进行操作
例子如:
[root@keeper-01 ~]# vim /etc/ansible/hosts
[maya]
keeper-01 ansible_ssh_host="192.168.14.128" ansible_ssh_user="root" ansible_ssh_pass="123456"
maya-001-129 ansible_ssh_host="192.168.14.129" ansible_ssh_user="root" ansible_ssh_pass="123456"
[mem]
mem1 ansible_ssh_host="192.168.14.130" ansible_ssh_user="root" ansible_ssh_pass="123456"
mem2 ansible_ssh_host="192.168.14.131" ansible_ssh_user="root" ansible_ssh_pass="123456"
#根据上面的模块,ansible想单独给mem1机器发送文件:
[root@keeper-01 ~]# ansible mem1 -m copy -a "src=/root/jenkins.war dest=/tmp/ROOT.war"
注意上面各模块下的第一个并不一定非要是主机名,不一定就要能解析,也不用必须要在/etc/hosts文件中将该名和对应的IP对应,而只是自己模块下定义的指定被管理机器的一个别名,只是为了好区分,将该别名一般和主机名设置的一样而已。
4.ansible批量发送文件时,远端机器ssh的端口号不是22,而是已经改变了的22115时候的配置
[root@keeper-01 ~]# vim /etc/ansible/hosts
[app-girl]
app-girl1 ansible_ssh_host="172.17.133.212" ansible_ssh_user="root" ansible_ssh_pass="b6eMWV2VQQ" ansible_ssh_port=22115
app-girl2 ansible_ssh_host="172.17.133.213" ansible_ssh_user="root" ansible_ssh_pass="C4NMcSyBrQ" ansible_ssh_port=22115
[root@keeper-01 ~]# ansible app-girl1 -m copy -a "src=/root/a.txt dest=/tmp/" #给机器app-girl1发送文件
ansible批量管理客户端的命令总结:
1)检查主机连接:
# ansible 单独模块名 -m ping //管理单独模块的ping,是否能通
# ansible all -m ping //管理所有模块的ping,是否能通
# ansible 192.168.40.134 -m ping //管理某个机器IP的ping,是否能通
3)执行远程主机的脚本:
# ansible 单独模块名 -m shell -a 'sh shell脚本名 或 python python脚本名'
//管理单独模块下机器,执行远程机器脚本
# ansible all -m shell -a 'sh shell脚本名 或 python python脚本名'
//管理所有模块下机器,执行远程机器脚本
4)复制文件到远程服务器:
# ansible 单独模块名 -m copy -a "src=/路径/…ansible机器文件名 dest=/路径/…远端机器文件名"
//管理单独模块下机器,将复制文件到远端机器
# ansible all -m copy -a "src=/路径/…ansible机器文件名 dest=/路径/…远端文件名"
//管理所有模块下机器,将复制文件到远端机器
注意:所有被管理端需要安装:libselinux-python,即:yum -y install libselinux-python
如果对运维课程感兴趣,可以在b站上搜索我的账号: 运维实战课程,可以关注我,学习更多运维实战技术视频
标签: #centos55怎么安装
