Ansible 服務(wù)

Linux System Environment

[root@ansible ~]# cat /etc/redhat-release                      #==》系統(tǒng)版本

CentOS Linux release 7.5.1804 (Core)

[root@ansible ~]# uname –r                                     #==》系統(tǒng)內(nèi)核

3.10.0-862.el7.x86_64

[root@ansible ~]# uname -m                                     #==》系統(tǒng)位數(shù)

x86_64

[root@ansible ~]# echo $LANG                                   #==》系統(tǒng)字符集

en_US.UTF-8

[root@ansible ~]# ssh –V                                       #==》SSH版本

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@master ~]# ansible –version                              #==》Ansible版本
ansible 2.4.2.0
[root@master ~]# python –version                               #==》Python版本
Python 2.7.5

Ansible簡介

 Ansible是python中的一套模塊,系統(tǒng)中的一套自動化工具,只需要配置SSH免密登陸即可用來管理系統(tǒng)、自動化執(zhí)行命令等任務(wù)。Ansible已被紅帽收購。

Ansible Function

1、批量命令執(zhí)行
2、批量安裝服務(wù)
3、批量配置同步
4、批量任務(wù)執(zhí)行
5、批量代碼部署

Ansible Note

1、配置文件/etc/ansible/ansible.cfg(通常不需要配置)
2、不需要啟動服務(wù)
3、客戶端沒有需要安裝任務(wù)Ansible客戶端軟件(python與 SSH系統(tǒng)默認已經(jīng)安裝)
4、Ansible官方文檔地址 [https://docs.ansible.com/](https://docs.ansible.com/)
5、Ansible通過SSH服務(wù)進行批量管理,ansible架設(shè)前提是SSH服務(wù)密鑰驗證要配置好
6、Ansible 執(zhí)行的命令能避免重復(fù)執(zhí)行修改或更改的操作

Ansible 命令格式

ansible  <host-pattern>  -m  <module>  -a  “<command>”

Ansible 主機清單配置文件/etc/ansible/hosts

1、主機支持主機名通配以及正則表達式,例如web[1:3].oldboy.com代表三臺主機
2、主機支持基于非標準的SSH端口,例如 web.oldboy.com:6666或172.16.1.31:6666
3、主機支持指定變量,可對個別主機的特殊配置,例如 登陸用戶、密碼
4、主機組支持指定變量[GroupName:vars],同時支持嵌套組[game:children]

[root@ansible ~]# cat /etc/ansible/hosts
#==》主機組
[webserver01]
172.16.1.31
172.16.1.32
#==》主機+端口+密碼
[webserver02]
10.0.0.31 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='123456'
10.0.0.32 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='123456'
#==》主機組定義了變量,變量是免密輸入,默認22端口和root用戶登陸
[webserver03]
10.0.0.31
10.0.0.32
[webserver03:vars]
ansible_ssh_pass='123456'

一、 Ansible安裝

Ansible 命令輸出顏色說明

1、綠色            #==》成功執(zhí)行了命令操作,未做修改
2、紅色            #==》執(zhí)行失敗
3、黃色            #==》成功執(zhí)行了命令操作,做了修改
4、紫色            #==》警告信息
5、藍色            #==》打印輸出詳細信息

主機規(guī)劃

外網(wǎng)IP地址  內(nèi)網(wǎng)IP地址      計算名       備注
10.0.0.30         172.16.1.30       ansible       SSH服務(wù)端(私鑰),Ansible服務(wù)端
10.0.0.31         172.16.1.31       test01        SSH客戶端(公鑰),Ansible客戶端
10.0.0.32         172.16.1.32       test02        SSH客戶端(公鑰),Ansible客戶端

1、配置阿里云yum源

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum makecache

2、配置SSH免密登陸(此操作步驟省略,可查看相關(guān)文檔)

http://www.itdecent.cn/p/a64f76edc607

3、Ansible安裝與配置
標注:yum安裝ansible會自帶把python安裝(python系統(tǒng)默認已安裝)

[root@ansible ~]# yum -y install ansible
[root@ansible ~]# rpm -qa ansible
ansible-2.8.2-1.el7.noarch
[root@ansible ~]# rpm -qc ansible
/etc/ansible/ansible.cfg                 #==》Ansible配置文件
/etc/ansible/hosts                       #==》Ansible主機清單(重點了解)

4、Ansible測試

[root@ansible ~]# ansible webserver01 -m ping 
172.16.1.32 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
172.16.1.31 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

二、Ansible常用模塊

1、 ping模塊
標注:ping模塊技術(shù)文檔網(wǎng)址
https://docs.ansible.com/ansible/latest/modules/ping_module.html#ping-module

#==》測試Ansible主機與其它主機之間網(wǎng)絡(luò)連通性
[root@ansible ~]# ansible webserver01 -m ping 
172.16.1.32 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
172.16.1.31 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

2、command模塊
標注:command模塊技術(shù)文檔網(wǎng)址
https://docs.ansible.com/ansible/latest/modules/command_module.html#command-module

[root@ansible ~]# ansible webserver01 -m command -a "hostname"
172.16.1.32 | CHANGED | rc=0 >>
test02
172.16.1.31 | CHANGED | rc=0 >>
test01

#==》不能執(zhí)行特殊字符或一連串的命令
[root@ansible ~]# ansible webserver01 -m command -a "hostname;ifconfig"
172.16.1.32 | FAILED | rc=2 >>
[Errno 2] No such file or directory
172.16.1.31 | FAILED | rc=2 >>
[Errno 2] No such file or directory

3、shell模塊
標注:shell模塊技術(shù)文檔網(wǎng)址
https://docs.ansible.com/ansible/latest/modules/shell_module.html#shell-module

#==》shell模塊功能是萬能的,基本所有的命令都能執(zhí)行,但有一些命令是不能執(zhí)行,例如 awk命令
[root@ansible ~]# ansible webserver01 -m shell -a "hostname;hostname -I"
172.16.1.31 | CHANGED | rc=0 >>
test01
10.0.0.31 172.16.1.31 

172.16.1.32 | CHANGED | rc=0 >>
test02
10.0.0.32 172.16.1.32

#==》shell模塊指定的命令如果有awk會無效
[root@ansible ~]# ansible webserver01 -m shell -a "hostname;ip a s eth0 | awk -F "[ /]+" 'NR==3{print $3}'"

4、copy模塊
標注:copy模塊技術(shù)文檔網(wǎng)址
https://docs.ansible.com/ansible/latest/modules/copy_module.html#copy-module

參數(shù)說明:
src     #==》源路徑 
dest    #==》目標路徑 
owner   #==》屬主
group   #==》屬組
mode    #==》文件權(quán)限

[root@ansible ~]# ansible webserver01 -m copy -a "src=/server/scripts/ssh_sent.sh dest=/mnt/ owner=root group=oldboy mode=0644"
172.16.1.32 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "checksum": "775164bc6f500d44af5ec0509149820811865268", 
    "dest": "/mnt/ssh_sent.sh", 
    "gid": 1000, 
    "group": "oldboy", 
    "md5sum": "80e8b575172fcd319e04c587ad8895c7", 
    "mode": "0644", 
    "owner": "root", 
    "size": 902, 
    "src": "/root/.ansible/tmp/ansible-tmp-1565070734.35-85675211898374/source", 
    "state": "file", 
    "uid": 0
}
[root@ansible ~]# ansible webserver01 -m shell -a "ls -l /mnt"
172.16.1.31 | CHANGED | rc=0 >>
total 4
-rw-r--r-- 1 root oldboy 902 Aug  6 13:52 ssh_sent.sh

5、file模塊
標注:file模塊技術(shù)文檔網(wǎng)址
https://docs.ansible.com/ansible/latest/modules/file_module.html#file-module

參數(shù)說明:

path    #==》文件或目錄的路徑
src     #==》源路徑 
dest    #==》目標路徑 
owner   #==》屬主
group   #==》屬組
mode    #==》文件權(quán)限
state   #==》文件狀態(tài)

#==》修改遠程主機組的文件屬性
[root@ansible ~]# ansible webserver01 -m shell -a "ls -l /mnt"
172.16.1.31 | CHANGED | rc=0 >>
total 4
-rw-r--r-- 1 root oldboy 902 Aug  6 13:52 ssh_sent.sh
[root@ansible ~]# ansible webserver01 -m file -a "path=/mnt/ssh_sent.sh owner=oldboy group=oldboy mode=600"
172.16.1.32 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "gid": 1000, 
    "group": "oldboy", 
    "mode": "0600", 
    "owner": "oldboy", 
    "path": "/mnt/ssh_sent.sh", 
    "size": 902, 
    "state": "file", 
    "uid": 1000
}
[root@ansible ~]# ansible webserver01 -m shell -a "ls -l /mnt"
172.16.1.32 | CHANGED | rc=0 >>
total 4
-rw------- 1 oldboy oldboy 902 Aug  6 13:52 ssh_sent.sh

#==》遠程創(chuàng)建軟鏈接文件
[root@ansible ~]# ansible webserver01 -m file -a "src=/mnt/ssh_sent.sh dest=/mnt/ssh_sent_link.sh state=link"
172.16.1.31 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "dest": "/mnt/ssh_sent_link.sh", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "size": 16, 
    "src": "/mnt/ssh_sent.sh", 
    "state": "link", 
    "uid": 0
}
[root@ansible ~]# ansible webserver01 -m shell -a "ls -l /mnt"
172.16.1.32 | CHANGED | rc=0 >>
total 4
lrwxrwxrwx 1 root   root    16 Aug  6 14:15 ssh_sent_link.sh -> /mnt/ssh_sent.sh
-rw------- 1 oldboy oldboy 902 Aug  6 13:52 ssh_sent.sh

6、script模塊
標注:script模塊技術(shù)文檔網(wǎng)址
https://docs.ansible.com/ansible/latest/modules/script_module.html#script-module

#==》編寫yum安裝bash_completion(按Tab鍵自動補全命令)腳本
[root@ansible ~]# mkdir -p /server/scripts/
[root@ansible ~]# vim /server/scripts/yum_bash-com.sh 
#!/bin/bash
yum -y install bash-completion
[root@ansible ~]# ansible webserver01 -m script -a "/server/scripts/yum_bash-com.sh"
172.16.1.31 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 172.16.1.31 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to 172.16.1.31 closed."
    ], 
    "stdout": "Loaded plugins: fastestmirror\r\nLoading mirror speeds from cached hostfile\r\n * base: mirrors.aliyun.com\r\n * extras: mirrors.aliyun.com\r\n * updates: mirrors.aliyun.com\r\nPackage 1:bash-completion-2.1-6.el7.noarch already installed and latest version\r\nNothing to do\r\n", 
    "stdout_lines": [
        "Loaded plugins: fastestmirror", 
        "Loading mirror speeds from cached hostfile", 
        " * base: mirrors.aliyun.com", 
        " * extras: mirrors.aliyun.com", 
        " * updates: mirrors.aliyun.com", 
        "Package 1:bash-completion-2.1-6.el7.noarch already installed and latest version", 
        "Nothing to do"
    ]
}

7、cron模塊
標注:cron模塊技術(shù)文檔網(wǎng)址
https://docs.ansible.com/ansible/latest/modules/cron_module.html#cron-module

參數(shù)說明:

name        #==》指定定時任務(wù)名稱(索引),這個任務(wù)名稱很重要,一定要設(shè)置
minute      #==》分 
hour        #==》時
day         #==》日
month       #==》月
weekday     #==》周
job         #==》要執(zhí)行的命令
state       #==》狀態(tài),absent取消任務(wù),present生成任務(wù)(默認值)

[root@ansible ~]# ansible webserver01 -m cron -a 'minute=*/5 hour=*/2 day=10 month=*/2 weekday=* job="/bin/ls -l /etc"'
#==》如果沒有指定name參數(shù)會警告提示
[DEPRECATION WARNING]: The 'name' parameter will be required in future releases.. This feature will be removed in version 2.12. Deprecation warnings can be 
disabled by setting deprecation_warnings=False in ansible.cfg.
172.16.1.32 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": [
        "uptime", 
        "None"
    ]
}
[root@ansible ~]# ansible webserver01 -m shell -a "crontab -l"
172.16.1.31 | CHANGED | rc=0 >>
#Ansible: uptime
*/5 */2 10 */2 * /usr/bin/uptime
#Ansible: None
*/5 */2 10 */2 * /bin/ls -l /etc

8、user模塊
標注:user模塊技術(shù)文檔網(wǎng)址
https://docs.ansible.com/ansible/latest/modules/user_module.html#user-module

參數(shù)說明:

uid             #==》指定用戶的uid
group           #==》指定用戶組 
groups          #==》指定附加用戶組
password        #==》給用戶添加密碼
shell           #==》指定用戶登陸shell
create_home     #==》是否創(chuàng)建家目錄,默認(yes)
comment         #==》用戶描述信息
[root@ansible ~]# ansible webserver01 -m user -a "name=test group=oldboy shell=/sbin/nologin comment=testuser create_home=no"
172.16.1.31 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "testuser", 
    "create_home": false, 
    "group": 1000, 
    "home": "/home/test", 
    "name": "test", 
    "shell": "/sbin/nologin", 
    "state": "present", 
    "system": false, 
    "uid": 1004
}
[root@ansible ~]# ansible webserver01 -m shell -a "tail -1 /etc/passwd"
172.16.1.31 | CHANGED | rc=0 >>
test:x:1004:1000:testuser:/home/test:/sbin/nologin

9、group模塊
標注:group模塊技術(shù)文檔網(wǎng)址
https://docs.ansible.com/ansible/latest/modules/group_module.html#group-module

參數(shù)說明:

name        #==》指定用戶組名稱
gid         #==》指定用戶組gid
state       #==》absent刪除用戶組,present創(chuàng)建用戶組(默認值)

#==》創(chuàng)建用戶組
[root@ansible ~]# ansible webserver01 -m group -a "name=Tom gid=9999"
172.16.1.32 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "gid": 9999, 
    "name": "Tom", 
    "state": "present", 
    "system": false
}
[root@ansible ~]# ansible webserver01 -m shell -a "tail -1 /etc/gshadow"
172.16.1.32 | CHANGED | rc=0 >>
Tom:!::
#==》刪除用戶組
[root@ansible ~]# ansible webserver01 -m group -a "name=Tom state=absent"
172.16.1.31 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "name": "Tom", 
    "state": "absent"
}
[root@ansible ~]# ansible webserver01 -m shell -a "tail -1 /etc/gshadow"
172.16.1.32 | CHANGED | rc=0 >>
oldgirl:!::
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

  • 本文作者: wuXing QQ: 1226032602 E-mail: 1226032602@qq.com ht...
    五行哥閱讀 2,467評論 0 0
  • 前言: 1、ansible輸出結(jié)果顏色含義:綠色: 命令執(zhí)行成功 沒有對遠程主機做任何修改黃色: 命令執(zhí)行成功 大...
    你好_請關(guān)照閱讀 2,773評論 0 1
  • # Python 資源大全中文版 我想很多程序員應(yīng)該記得 GitHub 上有一個 Awesome - XXX 系列...
    小邁克閱讀 3,124評論 1 3
  • 1)安裝2)常用模塊3)inventory4)playbook(role\tag\template)5) yaml...
    秦記閱讀 4,596評論 2 5
  • ansible 系統(tǒng)架構(gòu) ansible簡介ansible是新出現(xiàn)的自動化運維工具,ansible是一個配置管理和...
    運維阿文閱讀 9,841評論 1 53

友情鏈接更多精彩內(nèi)容