龙空技术网

ansible的安装和常用模块使用和ansible-playbook使用

运维实战掌门人 135

前言:

此时同学们对“centos55怎么安装”可能比较注意,各位老铁们都想要知道一些“centos55怎么安装”的相关内容。那么小编也在网上搜集了一些有关“centos55怎么安装””的相关文章,希望小伙伴们能喜欢,你们一起来了解一下吧!

ansible的安装和常用模块使用-7.x(此处是7.4)和ansible-playbook使用

ansible特点:

ansible不需要单独安装客户端,ssh相当于ansible的客户端

ansible不需要启动任何服务,仅需要安装对应工具即可。

ansible依赖大量的python模块来实现批量管理。

ansible的配置文件:/etc/ansible/ansible.cfg

ansible查看模块使用参数: #ansible-doc 模块名,如:ansible-doc command

1.ansible的安装和使用——管理端:(ansible,192.168.171.128):

1)管理端机器上生成ssh密钥对,实现能无密码连接登录到被管理机器:

[root@localhost ~]# ssh-keygen -t rsa #下面一路回车,不用输密码

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Created directory '/root/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:rZn0m2eUdeYzqZUEYE2W8cAZJ2ElF/6/XvvP7aoq7EQ root@localhost.localdomain

The key's randomart image is:

+---[RSA 2048]----+

| o=@B=.|

| . o*O |

| .o |

| . ..+|

| E . o.++|

| o = o *o|

| .= .. o =|

| .o oo. .=|

| ...++..o*O|

+----[SHA256]-----+

[root@localhost ~]# ls /root/.ssh/

id_rsa id_rsa.pub

[root@localhost ~]# yum -y install openssh openssh-clients openssh-server #若没有ssh命令和ssh-copy-id等时候的安装

[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.171.129 #或仅IP也可

#第一次需要输入对方用户密码:123456

[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.171.129 #或仅IP也可

#第一次需要输入对方用户密码:123456

[root@localhost ~]# ssh root@192.168.171.129 ifconfig |head -3

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 192.168.171.129 netmask 255.255.255.0 broadcast 192.168.171.255

inet6 fe80::2fab:326:734f:2936 prefixlen 64 scopeid 0x20<link>

[root@localhost ~]# ssh root@192.168.171.130 ifconfig |head -3

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 192.168.171.130 netmask 255.255.255.0 broadcast 192.168.171.255

inet6 fe80::eaa2:384e:60ac:87b1 prefixlen 64 scopeid 0x20<link>

注意:ssh-copy命令格式有两种:1)ssh-copy-id 远端用户@远端IP #或仅IP

2)ssh-copy-id -i /root/.ssh/id_rsa.pub 远端用户@远端IP #或仅IP

2)管理端yum安装ansible:

[root@localhost ~]# yum -y install epel-release #先安装epel-release

[root@localhost ~]# yum -y install ansible

[root@localhost ~]# ansible --version

ansible 2.8.5

config file = /etc/ansible/ansible.cfg

configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']

ansible python module location = /usr/lib/python2.7/site-packages/ansible

executable location = /usr/bin/ansible

python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

3)管理端配置主机管理: 在hosts文件中添加管理主机的IP地址列表:

[root@localhost ~]# vim /etc/ansible/hosts

……

## [dbservers]

##

## db01.intranet.mydomain.net

## db02.intranet.mydomain.net

## 10.25.1.56

## 10.25.1.57

[test] #添加一个组名

192.168.171.129 #添加被管理主机的IP

192.168.171.130 #添加被管理主机的IP

……

wq

4)管理端ansible的相关配置:

[root@localhost ~]# vim /etc/ansible/ansible.cfg

……

host_key_checking = False #禁用每次执行ansbile命令检查ssh key host ,默认注释,开启即可

log_path = /var/log/ansible.log #开启日志记录, 默认注释,开启即可

……

[accelerate]

accelerate_port = 5099 #释放,默认注释,也可改变端口号,此处没改

#accelerate_timeout = 30

#accelerate_connect_timeout = 5.0

# The daemon timeout is measured in minutes. This time is measured

# from the last activity to the accelerate daemon.

#accelerate_daemon_timeout = 30

# If set to yes, accelerate_multi_key will allow multiple

# private keys to be uploaded to it, though each user must

# have access to the system via SSH to add a new key. The default

# is "no".

accelerate_multi_key = yes #释放,默认注释

5)最后测试下在管理机器上批量执行命令管理被管理端

ping命令,查看被管理端是否活着:

[root@localhost ~]# ansible test -m ping #此处为管理test模块,也可其他模块,也用all,管理所有模块

……

192.168.171.129 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

192.168.171.130 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

可以看出,在每台管理机器上都成功执行了ping命令

若机器没开机,则显示:

[root@localhost ~]# ansible test -m ping #此处为管理test模块,也可其他模块,也用all,管理所有模块

192.168.171.137 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.231.137 port 22: Connection timed out\r\n",

"unreachable": true

}

2.ansible的常用模块使用-批量操作机器

1)command或shell模块,执行远程命令,管理被管理端

(都是批量执行命令,shell更强大,什么都能干,如果需要一些管道等复杂命令的操作,则使用shell,command完成不了,shell还能执行脚本)

执行远程命令: 以下的command也可以用shell代替

# ansible 单独模块名 -m command/shell -a "执行的远程命令" #管理单独模块下机器,执行远程机器命令

# ansible all -m command -a "执行的远程命令" #管理所有模块下机器,执行远程机器命令

# ansible test -m command -a "ifconfig|grep ens33" -f 50 #command执行不了,-f 50一次显示50个主机

# ansible test -m shell -a "ifconfig|grep ens33" -f 50 #shell可以执行,-f 50一次显示50个主机

192.168.171.130 | CHANGED | rc=0 >>

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

192.168.171.129 | CHANGED | rc=0 >>

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

其他例子:

[root@localhost ~]# ansible test -m command -a "free -m"

192.168.171.129 | CHANGED | rc=0 >>

total used free shared buff/cache available

Mem: 984 124 498 6 361 674

Swap: 2047 0 2047

192.168.171.130 | CHANGED | rc=0 >>

total used free shared buff/cache available

Mem: 984 123 500 6 359 676

Swap: 2047 0 2047

[root@localhost ~]# ansible test -m shell -a "free -m"

192.168.171.130 | CHANGED | rc=0 >>

total used free shared buff/cache available

Mem: 984 123 500 6 359 676

Swap: 2047 0 2047

192.168.171.129 | CHANGED | rc=0 >>

total used free shared buff/cache available

Mem: 984 124 499 6 361 674

Swap: 2047 0 2047

[root@localhost ~]# ansible test -m shell -a "sh /root/a.sh"

192.168.171.129 | CHANGED | rc=0 >>

129

192.168.171.130 | CHANGED | rc=0 >>

130

2)copy模块,批量发送文件到被管理端或向被管理端文件写内容

copy模块下常用参数:

src: 推送数据的源文件信息

dest: 推送数据的目录路径

backup: 对推送传送过去的文件,进行原文件备份,再接收新文件

content: 直接批量在被管理端文件中添加内容

group: 将本地文件推送到远端,指定文件属组信息

owner: 将本地文件推送到远端,指定文件属主信息

mode: 将本地文件推动到远端,指定文件权限信息

(1) 将管理端(ansible机器)上本地文件(/tmp/a.txt)批量发送给被管理端(/tmp/目录):

copy模块注意:所有被管理端需要安装:libselinux-python ,此处为192.168.171.129和192.168.171.130上)

[root@localhost ~]# yum install libselinux-python -y 默认cent7.x已经安装,若没有安装,需要先安装该包

a)批量发送文件:

管理端:

[root@localhost ~]# cat /tmp/a.txt

111

[root@localhost ~]# ansible test -m copy -a "src=/tmp/a.txt dest=/tmp/"

192.168.171.129 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

"checksum": "63bea2e3b0c7cd2d1f98bc5b7a9951eafcfead0f",

"dest": "/tmp/a.txt",

"gid": 0,

"group": "root",

"md5sum": "1181c1834012245d785120e3505ed169",

"mode": "0644",

"owner": "root",

"secontext": "unconfined_u:object_r:admin_home_t:s0",

"size": 4,

"src": "/root/.ansible/tmp/ansible-tmp-1570087134.72-175986676314669/source",

"state": "file",

"uid": 0

}

192.168.171.130 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

"checksum": "63bea2e3b0c7cd2d1f98bc5b7a9951eafcfead0f",

"dest": "/tmp/a.txt",

"gid": 0,

"group": "root",

"md5sum": "1181c1834012245d785120e3505ed169",

"mode": "0644",

"owner": "root",

"secontext": "unconfined_u:object_r:admin_home_t:s0",

"size": 4,

"src": "/root/.ansible/tmp/ansible-tmp-1570087134.73-59570214580082/source",

"state": "file",

"uid": 0

}

被管理端: (所有被管理端需要安装:libselinux-python ,此处为192.168.171.129和192.168.171.130上)

[root@localhost ~]# yum install libselinux-python -y

[root@localhost ~]# ls /tmp/ #被管理端192.168.171.129,需要yum -y install libselinux-python

a.txt

[root@localhost ~]# ls /tmp/ #被管理端192.168.171.130,需要yum -y install libselinux-python

txt yum.log

管理端:

[root@localhost ~]# echo xxx >> /tmp/a.txt

[root@localhost ~]# cat /tmp/a.txt

111

xxx

[root@localhost ~]# ll /tmp/a.txt

-rw-r--r--. 1 root root 8 Oct 3 15:31 /tmp/a.txt

[root@localhost ~]# ansible test -m copy -a "src=/tmp/a.txt dest=/tmp/ backup='yes' owner='root' group='root' mode='0600'"

被管理端: (所有被管理端需要安装:libselinux-python ,此处为192.168.171.129和192.168.171.130上)

[root@localhost ~]# yum install libselinux-python -y

[root@localhost ~]# ls /tmp/a.txt* #被管理端192.168.171.129,需要yum -y install libselinux-python

-rw-------. 1 root root 8 Oct 3 15:35 /tmp/a.txt

-rw-r--r--. 1 root root 4 Oct 3 15:18 /tmp/a.txt.9796.2019-10-03@15:35:55~

[root@localhost ~]# cat /tmp/a.txt

111

xxx

b)批量将内容写入远端文件:(远端文件可事先不存在)直接向远端文件内写入数据信息,并且会覆盖远端文件内容原有数据信息

管理端: content定义要写的内容, dest:定义要写入远端的文件名

[root@localhost ~]# ansible test -m copy -a "content='123' dest=/etc/rsync.pass owner=root group=root mode=600"

被管理端:

[root@localhost ~]# cat /etc/rsync.pass

123[root@localhost ~]#

3)yum模块,批量安装软件(相当于到远端机器执行yum -y install xxx)

# ansible test -m yum -a "name=要安装的服务名 state=installed"

如:ansible test -m yum -a "name=httpd state=installed"

使用详解:

name: 指定要安装的软件包名称

name的常用参数:即是常用软件包的名称,如:httpd,....

state: 指定使用yum的方法进行安装,卸载等操作

state的常用参数如下:

installed,present 安装软件包

removed,absent 移除软件包

latest 安装最新软件包

例子:

管理端:

[root@localhost ~]# ansible test -m yum -a "name=httpd state=installed"

[root@localhost ~]# ansible test -m command -a "systemctl start httpd"

所有被管理端:

#httpd服务已经安装完成

[root@localhost ~]# systemctl status httpd

httpd.service - The Apache HTTP Server

Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)

Active: active (running) since Thu 2019-10-03 16:05:38 CST; 15s ago

4)service模块,启动,停止,重启,重载服务等

# ansible test -m service -a "name=服务名 state=stopped enabled=yes"

如: ansible test -m service -a "name=httpd state=stopped enabled=yes"

name: 定义要启动服务的名称,参数即为各服务名

state: 指定服务状态是停止或运行,或重载等,参数如下:

started: 启动

stopped: 停止

restarted 重启

reloaded 重载

enabled: 是否让服务开机自启动

例子:

管理端:

[root@localhost ~]# ansible test -m command -a "systemctl status httpd"

192.168.171.129 | CHANGED | rc=0 >>

● httpd.service - The Apache HTTP Server

Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)

Active: active (running) since Thu 2019-10-03 16:05:38 CST; 22min ago

Docs: man:httpd(8)

......

192.168.171.130 | CHANGED | rc=0 >>

● httpd.service - The Apache HTTP Server

Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)

Active: active (running) since Thu 2019-10-03 16:05:38 CST; 22min ago

Docs: man:httpd(8)

......

[root@localhost ~]# ansible test -m service -a "name=httpd state=stopped enabled=yes"

[root@localhost ~]# ansible test -m command -a "systemctl status httpd"

192.168.171.129 | FAILED | rc=3 >>

● httpd.service - The Apache HTTP Server

Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)

Active: inactive (dead) since Thu 2019-10-03 16:30:41 CST; 41s ago

.......

192.168.171.130 | FAILED | rc=3 >>

● httpd.service - The Apache HTTP Server

Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)

Active: inactive (dead) since Thu 2019-10-03 16:30:41 CST; 41s ago

........

所有被管理端:

[root@localhost ~]# systemctl status httpd

● httpd.service - The Apache HTTP Server

Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)

Active: inactive (dead) since Thu 2019-10-03 16:30:41 CST; 1min 5s ago

5)script模块,编写脚本和执行脚本(本地编写脚本,本地运行,即可等同于在远程执行)

在本地运行模块,等同于在远程执行,不需要将脚本文件进行推送目标主机执行。

格式:# ansible test -m script -a "/.../本地编写的脚本.sh"

例子:

管理端:

[root@localhost ~]# cat /root/yum_wget.sh

#!/usr/bin/bash

yum -y install wget

[root@localhost ~]# chmod +x /root/yum_wget.sh

[root@localhost ~]# ansible test -m script -a "/root/yum_wget.sh"

所有被管理端:

[root@localhost ~]# wget -V

GNU Wget 1.14 built on linux-gnu.

6)file模块,配置模块,远程创建目录,远程创建文件,远程做软硬链接文件

远程创建目录:

# ansible test -m file -a "path=/tmp/shi state=directory"

远程创建文件:

# ansible test -m file -a "path=/tmp/shi.txt state=touch mode=555 owner=root group=root"

远程做软连接:

# ansible test -m file -a "src=/tmp/shi.txt path=/tmp/shi.txt_link state=link"

递归创建或更改目录权限:

# ansible test -m file -a "path=/tmp/shi state=directory owner=root group=root mode=600 recurse=yes"

path: 指定远程主机目录或文件目录

recurse: 递归授权

state:

directory: 在远端创建mull

touch: 在远端创建文件

link: link或hard表示创建链接文件

absent: 表示删除文件或目录

mode: 设置文件或目录权限

owner: 设置文件或目录属主信息

group: 设置文件或目录属组信息

例子:

管理端:

[root@localhost ~]# ansible test -m file -a "path=/tmp/shi state=directory" #远程创建目录 

所有被管理端:

目录/tmp/shi目录会被创建出来。

管理端:

[root@localhost ~]# ansible test -m file -a "path=/tmp/shi.txt state=touch mode=555 owner=root group=root"

所有被管理端:

文件:/tmp/shi.txt文件会被创建出来,且权限为555

管理端:

[root@localhost ~]# ansible test -m file -a "src=/tmp/shi.txt path=/tmp/shi.txt_link state=link"

所有被管理端:

文件:/tmp/shi.txt文件会被创建软连接,软连接文件为:/tmp/shi.txt_link

管理端:

[root@localhost ~]# ansible test -m file -a "path=/tmp/shi state=directory owner=root group=root mode=600 recurse=yes"

所有被管理端:

[root@localhost ~]# ll /tmp/shi/a.txt

-rw-------. 1 root root 4 Oct 3 17:29 /tmp/shi/a.txt

7)group模块,远程创建组

# ansible test -m group -a "name=要创建的组名 gid=888 state=present" #创建组,指定gid

如:

[root@localhost ~]# ansible test -m group -a "name=shi_group gid=888 state=present"

name: 指定创建的组名

gid: 指定组的gid

state: 表示对组的操作状态,参数如下:

absent: 删除远端的组

present: 创建远端的组(默认)

例子:

管理端:

[root@localhost ~]# ansible test -m group -a "name=shi_group gid=888 state=present"

被管理端:

[root@localhost ~]# tail -2 /etc/group

apache:x:48:

shi_group:x:888:

8)user模块,远程创建用户

创建用户:不加密码:

# ansible test -m user -a "name=shi uid=88 group=shi_group shell=/sbin/nologin create_home=no state=present"

删除用户:

# ansible test -m user -a "name=shi uid=88 group=shi_group shell=/sbin/nologin create_home=no state=absent"

创建普通用户并设置登录密码:

# echo 'mima' |openssl passwd -1 -stdin #给指定的密码内容加密,注意需要加密,用户才能登录

$1$PxrQduFH$0sqImb.R6gy80gm8qlUvc0

# ansible test -m user -a 'name=shi3 password="$1$PxrQduFH$0sqImb.R6gy80gm8qlUvc0"'

name: 指定创建的用户名

uid: 指定用户的uid

gruop: 指定用户组名称

gruops: 指定附加组名称

password: 给用户添加密码

shell: 指定用户登录shell

create_home: 是否创建家目录

state: 表示对用户的操作状态,参数如下:

absent: 删除远端的组

present: 创建远端的组(默认)

例子: 管理端:

[root@localhost ~]# ansible test -m user -a "name=shi uid=88 group=shi_group shell=/sbin/nologin create_home=no state=present" #创建用,不加密码

所有被管理端即可创建用户shi:

[root@localhost ~]# id shi

uid=88(shi) gid=888(shi_group) groups=888(shi_group)

创建普通用户并设置登录密码:

管理端:

[root@localhost ~]# echo 'mima' |openssl passwd -1 -stdin #给指定的密码内容加密,注意需要加密,用户才能登录

$1$PxrQduFH$0sqImb.R6gy80gm8qlUvc0

[root@localhost ~]# ansible test -m user -a 'name=shi3 password="$1$PxrQduFH$0sqImb.R6gy80gm8qlUvc0"'

[root@localhost ~]# ssh shi3@192.168.171.129

shi3@192.168.171.129's password:

[shi3@localhost ~]$ ifconfig |head -2

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 192.168.171.129 netmask 255.255.255.0 broadcast 192.168.171.255

所有被管理端有用户shi3且能登录,如下:

[root@localhost ~]# id shi3

uid=1001(shi3) gid=1001(shi3) groups=1001(shi3)

9)cron模块,远程添加定时任务 (下面:a.sh是远程机器上本地有的脚本)

远程添加定时任务,未设置注释信息:

# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* job='/bin/sh /root/a.sh' state=present"

远程添加定时任务,并设置注释信息,防止定时任务重复:

# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* name='注释信息' job='/bin/sh /root/a.sh' state=present"

远程注释定时任务:

# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* name='cron1' job='/bin/sh /root/a.sh' state=present disabled=yes"

远程删除定时任务:

# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* name='cron1' job='/bin/sh /root/a.sh' state=absent"

例子:

管理端:

[root@localhost ~]# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* job='/bin/sh /root/a.sh' state=present" #远程添加定时任务,未设置注释信息:

所有被管理端:

[root@localhost ~]# crontab -l

#Ansible: None

00 01 * * * /bin/sh /root/a.sh

管理端:

[root@localhost ~]# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* name='cron1' job='/bin/sh /root/a.sh' state=present" #远程添加定时任务,并设置注释信息,防止定时任务重复

所有被管理端:

[root@localhost ~]# crontab -l

#Ansible: cron1

00 01 * * * /bin/sh /root/a.sh

管理端:

[root@localhost ~]# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* name='cron1' job='/bin/sh /root/a.sh' state=present disabled=yes" #远程注释定时任务

所有被管理端:

[root@localhost ~]# crontab -l

#Ansible: cron1

#00 01 * * * /bin/sh /root/a.sh

管理端:

[root@localhost ~]# ansible test -m cron -a "minute=00 hour=01 day=* month=* weekday=* name='cron1' job='/bin/sh /root/a.sh' state=absent" #远程删除定时任务

所有被管理端:

[root@localhost ~]# crontab -l

10)mount模块,远程添加挂载

立刻挂载并写入/etc/fstab中:

# ansible test -m mount -a "src=192.168.171.128:/data path=/opt fstype=nfs opts=defaults,noatime state=mounted"

立刻卸载并清除/etc/fstab中信息:

# ansible test -m mount -a "src=192.168.171.128:/data path=/opt fstype=nfs opts=defaults,noatime state=absent"

src: 要被挂载的原目录

path: 要挂载到的本地目录

fstype: 要挂载的文件类型

state: 挂载或卸载的状态,常用参数如下:

present: 开机挂载,不会直接挂载设备,仅将配置写入/etc/fstab,不会马上挂载

mounted: 马上直接挂载设备,并将配置写入/etc/fstab

unmounted: 马上直接卸载设备,不会清除/etc/fstab写入的配置

absent: 马上直接卸载设备,会清理/etc/fstab写入的配置

例子:

管理端:192.168.171.128

[root@localhost ~]# yum -y install nfs-utils #被管理的挂载端也要安装,才能挂载

[root@localhost ~]# vim /etc/exports

/data *(rw,no_root_squash)

[root@localhost ~]# systemctl start nfs

[root@localhost ~]# ansible test -m mount -a "src=192.168.171.128:/data path=/opt fstype=nfs opts=defaults,noatime state=mounted"

所有被管理端:

[root@localhost ~]# mount |grep opt

192.168.171.128:/data on /opt type nfs4 (rw,noatime,vers=4.1,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.171.129,local_lock=none,addr=192.168.171.128)

[root@localhost ~]# tail -1 /etc/fstab

192.168.171.128:/data /opt nfs defaults,noatime 0 0

管理端:192.168.171.128

[root@localhost ~]# ansible test -m mount -a "src=192.168.171.128:/data path=/opt fstype=nfs opts=defaults,noatime state=absent"

被管理端:

[root@localhost ~]# mount |grep opt

[root@localhost ~]# tail -2 /etc/fstab

/dev/mapper/centos-home /home xfs defaults 0 0

/dev/mapper/centos-swap swap swap defaults 0 0

2.ansible-playbook使用(剧本)

playbook是由一个或多个模块组成的,使用多个不同的模块,完成一件事情。Playbook通过yaml语法识别描述的状态文件,扩展名是yaml。

yaml三板斧:

缩进: yaml使用一个固定的缩进风格表示层级结构,每个缩进由两个空格组成,不能使用tab键。

冒号: 以冒号结尾的除外,其他所有冒号后面所有必须有空格。

短横线: 表示列表项,使用一个短横线加一个空格,多个项使用同样的缩进级别作为同一列表。

案例1: 用ansible-playbook方式远程批量安装httpd-若修改完配置,重新推送后,配置改了但没重载服务,不生效

管理端:192.168.171.128

[root@localhost ~]# ls

httpd.conf httpd_install.yaml

[root@localhost ~]# vim httpd_install.yaml

#这是一个ansible的playbook

#第一步: 找到谁,hosts: 定义主机清单,ansible的hosts文件里定义的主机清单模块名

#第二步: 大概做的任务: 安装,配置,启动

#第三步: 具体怎么做

#name:描述信息,task里有3个同级别的列表步骤

#yum: 远端安装服务,yum模块安装服务(installed)

#copy: 远端拷贝文件,copy模块传送文件到远端

#service: 远端启动服务(started)

- hosts: test

tasks:

- name: install httpd fuwu

yum: name=httpd,httpd-tools state=installed

- name: configure httpd fuwu

copy: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf

- name: qidong httpd fuwu

service: name=httpd state=started enabled=yes

[root@localhost ~]# ansible-playbook --syntax-check httpd_install.yaml #检查语法是否有误

playbook: httpd_install.yaml

[root@localhost ~]# ansible-playbook -C httpd_install.yaml #-C模拟执行,不是真的直接执行

[root@localhost ~]# ansible-playbook httpd_install.yaml #真正模拟执行,批量操作远端机器安装服务

所有管理端机器: httpd服务会安装后并启动

[root@localhost ~]# systemctl status httpd

● httpd.service - The Apache HTTP Server

Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)

Active: active (running) since Fri 2019-10-04 01:20:56 CST; 4s ago

案例2: 用ansible-playbook方式远程批量安装httpd-若修改完配置,重新推送后,配置改了且能触发重启服务配置生效.

管理端:192.168.171.128

[root@localhost ~]# curl 192.168.171.129

80端口能访问httpd

[root@localhost ~]# curl 192.168.171.10

80端口能访问httpd

[root@localhost ~]# ls

httpd.conf httpd_install.yaml

[root@localhost ~]# vim httpd.conf

Listen 8888 #修改端口

[root@localhost ~]# vim httpd_install.yaml

#这是一个ansible的playbook

#第一步: 找到谁,hosts: 定义主机清单,ansible的hosts文件里定义的主机清单模块名

#第二步: 大概做的任务: 安装,配置,启动 #第三步: 具体怎么做

#name:描述信息,task里有3个同级别的列表步骤

#yum: 远端安装服务,yum模块安装服务

#copy: 远端拷贝文件,copy模块传送文件到远端 #service: 远端启动服务

#notify: 当该项中的配置文件内容有变更时候,会触发下面的handlers的重启操作(根据handler描述信息关联触发)

#handler: 当被触发后执行的操作,重启httpd服务

- hosts: test

tasks:

- name: install httpd fuwu

yum: name=httpd,httpd-tools state=installed

- name: configure httpd fuwu

copy: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf

notify: Restart httpd fuwu

- name: qidong httpd fuwu

service: name=httpd state=started enabled=yes

handlers:

- name: Restart httpd fuwu

service: name=httpd state=restarted

[root@localhost ~]# ansible-playbook --syntax-check httpd_install.yaml #检查语法是否有误

playbook: httpd_install.yaml

[root@localhost ~]# ansible-playbook -C httpd_install.yaml #-C模拟执行,不是真的直接执行

[root@localhost ~]# ansible-playbook httpd_install.yaml #真正模拟执行,批量操作远端机器安装服务

[root@localhost ~]# curl 192.168.171.129

curl: (7) Failed connect to 192.168.171.129:80; Connection refused

[root@localhost ~]# curl 192.168.171.130

curl: (7) Failed connect to 192.168.171.130:80; Connection refused

[root@localhost ~]# curl 192.168.171.129:8888

能访问httpd

[root@localhost ~]# curl 192.168.171.130:8888

能访问httpd

所有管理端机器: httpd服务会安装后并启动

[root@localhost ~]# systemctl status httpd

● httpd.service - The Apache HTTP Server

Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)

Active: active (running) since Fri 2019-10-04 01:47:03 CST; 18s ago

[root@localhost ~]# netstat -anput |grep 80

[root@localhost ~]# netstat -anput |grep 8888

tcp6 0 0 :::8888 :::* LISTEN 16723/httpd

案例3: 在管理端安装nfs服务,在被管理端批量挂载nfs的共享目录

管理端:192.168.171.128

[root@localhost ~]# cat /etc/ansible/hosts

[test] #添加一个组名

192.168.171.129 #添加被管理主机的IP

192.168.171.130 #添加被管理主机的IP

[root@localhost ~]# yum -y install nfs-utils #被管理的挂载端也要安装,才能挂载

[root@localhost ~]# vim /etc/exports

/data *(rw,no_root_squash)

[root@localhost ~]# ls /data/

a.txt

[root@localhost ~]# cat /data/a.txt

111

[root@localhost ~]# systemctl start nfs

[root@localhost ~]# cat web_mount.yaml

#test: 为/etc/ansible/hosts中的主机列表 #task: 执行的任务

#name: 描述信息 #mount: mount模块

#state=mounted: 马上直接挂载设备,并将配置写入/etc/fstab

- hosts: test

tasks:

- name: Mount nfs server share data

mount: src=192.168.171.128:/data path=/data fstype=nfs opts=defaults state=mounted

#若将state=absent,则立刻卸载并清除/etc/fstab中信息

[root@localhost ~]# ansible-playbook web_mount.yaml #执行剧本

所有被管理端:

[root@localhost ~]# df -h|tail -1

192.168.171.128:/data 50G 1.3G 49G 3% /data

[root@localhost ~]# cat /etc/fstab |tail -1

192.168.171.128:/data /data nfs defaults 0 0

[root@localhost ~]# cat /data/a.txt

111

案例4: 远程批量安装rsync服务,并设置管理端修改配置文件变动时候执行playbook时触发重启服务

管理端:192.168.171.128

[root@localhost ~]# ls

conf rsync_install.yaml web_mount.yaml

[root@localhost ~]# ls conf/

rsyncd.conf

[root@localhost ~]# cat conf/rsyncd.conf

uid = www

gid = www

port = 873

fake super = yes

use chroot = no

max connections = 200

timeout = 600

ignore errors

read only = false

list = false

auth users = rsync_backup

secrets file = /etc/rsyncd.password

log file = /var/log/rsyncd.log

[data]

path=/data

[root@localhost ~]# cat rsync_install.yaml

#test: 为/etc/ansible/hosts中的主机列表 #task: 执行的任务

#name: 描述信息 #yum: yum模块,安装服务的

#copy: copy模块,远程传递文件的 #file: file模块,远程创建目录的

#service: service模块,远程管理服务的

- hosts: test

tasks:

#安装rsync服务

- name: Install Rsync Server

yum: name=rsync state=installed

#配置rsync服务,cp自定义的配置文件,且设置当该配置文件变更需要触发重启操作

- name: configure rsync server

copy: src=./conf/rsyncd.conf dest=/etc/rsyncd.conf

notify: Restart Rsync Server

#创建rsync虚拟用户和密码文件,用户名:rsync_backup,密码:1

- name: create Virt User

copy: content='rsync_backup:1' dest=/etc/rsyncd.password mode=600

#远程创建用户组和用户

- name: create yonghu zu www

group: name=www gid=666

#远程创建用户, create_home=no:不创建家目录 指定shell不能登录

- name: create yonghu www

user: name=www uid=666 group=www create_home=no shell=/sbin/nologin

#远程创建目录/data作为共享目录

- name: create data mulu

file: path=/data state=directory recurse=yes owner=www group=www mode=755

#远程启动rsync服务

- name: start rsyncserver

service: name=rsyncd state=started enabled=yes

#下面handler是接收notify的触发,执行重启rsync服务

handlers:

- name: Restart Rsync Server

service: name=rsyncd state=restarted

[root@localhost ~]# ansible-playbook rsync_install.yaml #执行远程安装

[root@localhost ~]# yum -y install rsync

[root@localhost ~]# echo 1 > /etc/rsync.pass

[root@localhost ~]# chmod -R 600 /etc/rsync.pass

[root@localhost ~]# echo 111 > a.txt

[root@localhost ~]# rsync -av a.txt rsync_backup@192.168.171.129::data --password-file=/etc/rsync.pass

[root@localhost ~]# rsync -av a.txt rsync_backup@192.168.171.130::data --password-file=/etc/rsync.pass

所有被管理端:192.168.171.129和192.168.171.130

[root@localhost ~]# systemctl status rsyncd

● rsyncd.service - fast remote file copy program daemon

Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)

Active: active (running) since Fri 2019-10-04 17:16:39 CST; 4min 18s ago

[root@localhost ~]# netstat -anput |grep 873

tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 23117/rsync

[root@localhost ~]# ls /data/

a.txt

[root@localhost ~]# cat /data/a.txt

111

案例5: 远程批量安装nfs服务,并设置管理端修改配置文件变动时候执行playbook时触发重启服务

管理端:192.168.171.128

[root@localhost ~]# cat /etc/ansible/hosts

[test] #添加一个组名

192.168.171.129 #添加被管理主机的IP

192.168.171.130 #添加被管理主机的IP

[root@localhost ~]# ls

conf nfs_install.yaml

[root@localhost ~]# ls conf/

exports

[root@localhost ~]# cat /etc/exports

/data *(rw,no_root_squash)

[root@localhost ~]# cat nfs_install.yaml

#hosts: 指定要操作的主机清单

- hosts: test

tasks:

#远端安装nfs

- name: Install nfs server

yum: name=nfs-utils state=installed

#配置nfs,自定义配置文件传递到远端,并修改配置后触发重启服务动作

- name: configure nfs server

copy: src=./conf/exports dest=/etc/exports

notify: Restart Nfs Server

#远程递归创建共享目录

- name: create share data directory

file: path=/data state=directory recurse=yes owner=root group=root mode=755

#远程启动nfs

- name: start nfs server

service: name=nfs-server state=started enabled=yes

handlers:

- name: Restart Nfs Server

service: name=nfs-server state=restarted

[root@localhost ~]# ansible-playbook nfs_install.yaml #执行远程安装

[root@localhost ~]# yum -y install nfs-utils #安装客户端,查看挂载使用

[root@localhost ~]# showmount -e 192.168.171.129

Export list for 192.168.171.129:

/data *

[root@localhost ~]# showmount -e 192.168.171.130

Export list for 192.168.171.130:

/data *

所有被管理端:192.168.171.129和192.168.171.130

[root@localhost ~]# systemctl status nfs

● nfs-server.service - NFS server and services

Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)

Drop-In: /run/systemd/generator/nfs-server.service.d

└─order-with-mounts.conf

Active: active (exited) since Fri 2019-10-04 17:39:08 CST; 14s ago

案例6: 远程批量添加定时任务

管理端:192.168.171.128

[root@localhost ~]# cat /etc/ansible/hosts

[test] #添加一个组名

192.168.171.129 #添加被管理主机的IP

192.168.171.130 #添加被管理主机的IP

[root@localhost ~]# cat cron_add.yaml

#hosts: 指定要操作的主机清单

#task: 任务列表

#name:描述注释信息

#cron:cron模块,添加定时任务,分时日月周,不写的默认是*,下面只关添加定时任务,具体要执行,需要本地有相应的脚本才行

- hosts: test

tasks:

- name: Crontab Scripts chuangjian

cron: name='dellog scripts' minute=00 hour=01 job="/bin/sh /server/scripts/delete_log.sh &>/dev/null"

[root@localhost ~]# ansible-playbook cron_add.yaml #执行远程添加

注意:若下面是:删除定时任务:

cron: name='backup scripts' minute=00 hour=01 job="/bin/sh /server/scripts/delete_log.sh &>/dev/null" state=absent

若下面则是:注释定时任务:

cron: name='backup scripts' minute=00 hour=01 job="/bin/sh /server/scripts/delete_log.sh &>/dev/null" disabled=yes

所有被管理端:192.168.171.129和192.168.130

[root@localhost ~]# crontab -l

#Ansible: dellog scripts

00 01 * * * /bin/sh /server/scripts/delete_log.sh &>/dev/null

注意事项:

1.当管理端向被管理端发送文件时候,在(被管理端)安装:libselinux-python,才能将管理端(ansible机器)上本地文件批量发送给被管理端,即: yum install libselinux-python -y

2.ansible机器也可不用创建密钥对,进行无秘钥连接被管理机器,只需要在配置文件/etc/ansible/hosts中添加各个被管理机器的密码也可(不过第一次连接时需要输入yes确认,后面就不需要了)

格式例子如:

[maya]

keeper-01 ansible_ssh_host="192.168.14.128" ansible_ssh_user="root" ansible_ssh_pass="123456"

maya-001-129 ansible_ssh_host="192.168.14.129" ansible_ssh_user="root" ansible_ssh_pass="123456"

[mem]

mem1 ansible_ssh_host="192.168.14.130" ansible_ssh_user="root" ansible_ssh_pass="123456"

mem2 ansible_ssh_host="192.168.14.131" ansible_ssh_user="root" ansible_ssh_pass="123456"

3.ansible机器可以对定义的整个模块批量操作管理机器,也可对某模块中定义的某个被管理机器单独进行操作

例子如:

[root@keeper-01 ~]# vim /etc/ansible/hosts

[maya]

keeper-01 ansible_ssh_host="192.168.14.128" ansible_ssh_user="root" ansible_ssh_pass="123456"

maya-001-129 ansible_ssh_host="192.168.14.129" ansible_ssh_user="root" ansible_ssh_pass="123456"

[mem]

mem1 ansible_ssh_host="192.168.14.130" ansible_ssh_user="root" ansible_ssh_pass="123456"

mem2 ansible_ssh_host="192.168.14.131" ansible_ssh_user="root" ansible_ssh_pass="123456"

#根据上面的模块,ansible想单独给mem1机器发送文件:

[root@keeper-01 ~]# ansible mem1 -m copy -a "src=/root/jenkins.war dest=/tmp/ROOT.war"

注意上面各模块下的第一个并不一定非要是主机名,不一定就要能解析,也不用必须要在/etc/hosts文件中将该名和对应的IP对应,而只是自己模块下定义的指定被管理机器的一个别名,只是为了好区分,将该别名一般和主机名设置的一样而已。

4.ansible批量发送文件时,远端机器ssh的端口号不是22,而是已经改变了的22115时候的配置

[root@keeper-01 ~]# vim /etc/ansible/hosts

[app-girl]

app-girl1 ansible_ssh_host="172.17.133.212" ansible_ssh_user="root" ansible_ssh_pass="b6eMWV2VQQ" ansible_ssh_port=22115

app-girl2 ansible_ssh_host="172.17.133.213" ansible_ssh_user="root" ansible_ssh_pass="C4NMcSyBrQ" ansible_ssh_port=22115

[root@keeper-01 ~]# ansible app-girl1 -m copy -a "src=/root/a.txt dest=/tmp/" #给机器app-girl1发送文件

ansible批量管理客户端的命令总结:

1)检查主机连接:

# ansible 单独模块名 -m ping //管理单独模块的ping,是否能通

# ansible all -m ping //管理所有模块的ping,是否能通

# ansible 192.168.40.134 -m ping //管理某个机器IP的ping,是否能通

3)执行远程主机的脚本:

# ansible 单独模块名 -m shell -a 'sh shell脚本名 或 python python脚本名'

//管理单独模块下机器,执行远程机器脚本

# ansible all -m shell -a 'sh shell脚本名 或 python python脚本名'

//管理所有模块下机器,执行远程机器脚本

4)复制文件到远程服务器:

# ansible 单独模块名 -m copy -a "src=/路径/…ansible机器文件名 dest=/路径/…远端机器文件名"

//管理单独模块下机器,将复制文件到远端机器

# ansible all -m copy -a "src=/路径/…ansible机器文件名 dest=/路径/…远端文件名"

//管理所有模块下机器,将复制文件到远端机器

注意:所有被管理端需要安装:libselinux-python,即:yum -y install libselinux-python

如果对运维课程感兴趣,可以在b站上搜索我的账号: 运维实战课程,可以关注我,学习更多运维实战技术视频

标签: #centos55怎么安装