Ansible

配置文件查找優(yōu)先級(jí)

ANSIBLE_CONFIG #全局
ansible.cfg #項(xiàng)目目錄
.ansible.cfg
/etc/ansible/ansible.cfg

Ansible Inventory 主機(jī)清單
Ansible Ad-Hoc 模塊 ansible-doc module_name
1.yum | yum_repository
2.copy
3.file
4.service|systemd
5.cron
6.mount
7.user
8.group
9.shell | command
10.firewalld | selinux

command shell

  • 建議使用shell模塊,因?yàn)閏ommand不支持管道技術(shù)

yum模塊

內(nèi)容 含義
name 軟件包名稱 URL地址 本地的某個(gè)路徑下的rpm包
state 具體動(dòng)作 present absent latest
exclude 排除
enablerepo 通過哪個(gè)倉庫安裝
disablerepo 安裝時(shí)不使用哪個(gè)倉庫
  • 2yum 安裝軟件
#示例一、安裝當(dāng)前最新的Apache軟件,如果存在則不安裝
[root@manager ~/ansible-project1]# ansible oldboy -m yum -a "name=httpd state=latest"

#示例二、安裝當(dāng)前最新的Apache軟件,通過epel倉庫安裝
[root@manager ~]# ansible oldboy -m yum -a "name=httpd enablerepo=epel state=present"

#示例三、通過公網(wǎng)URL安裝rpm軟件
[root@manager ~/ansible-project1]# ansible oldboy -m yum -a "name=http://192.168.16.236/zabbix/4.0/rhel/7/x86_64/zabbix-agent-4.0.0-2.el7.x86_64.rpm state=present"

#示例五、更新所有的軟件包,但排除和kernel相關(guān)的
[root@manager ~/ansible-project1]# ansible oldboy -m yum -a "name='*' state=latest exclude="kernel*""   


#示例六、刪除Apache軟件
[root@manager ~/ansible-project1]# ansible oldboy -m yum -a "name=httpd state=absent"

copy模塊

內(nèi)容 含義
src 當(dāng)前管理機(jī)的配置文件路徑
content 要寫入的內(nèi)容
dest 目標(biāo)文件的配置文件路徑
owner 屬主
group 屬組
mode 權(quán)限
backup 備份 (每個(gè)變更進(jìn)行備份) 
[root@manager ~/ansible-project1]# ansible oldboy -m copy -a 'src=./hosts dest=/tmp/ owner=root group=root mode=600 backup=yes'


管理httpd配置文件
[root@manager ~/ansible-project1]# ansible oldboy -m copy -a "src=./files/httpd.conf dest=/etc/httpd/conf/httpd.conf owner=root group=root mode=0644 backup=yes"


systemd
    name:       服務(wù)名稱
    state:  started stopped restarted  reloaded
    enabled:   開機(jī)自啟動(dòng)  yes|no

    
1.啟動(dòng)httpd服務(wù)
[root@manager ~/ansible-project1]# ansible oldboy -m systemd -a "name=httpd state=started"

2.開機(jī)自啟動(dòng)
[root@manager ~/ansible-project1]# ansible oldboy -m systemd -a "name=httpd state=started enabled=yes"

file模塊

path: /work                 #在被控端哪個(gè)路徑下創(chuàng)建目錄 | 文件
state: directory  touch     # directory 目錄  touch 文件``
owner: root
group: root
mode: '0755'
recurse: yes 遞歸授權(quán)

[root@manager ~/ansible-project1]# ansible oldboy -m file -a "path=/ansible_data state=directory owner=root group=root mode=0755"

group
    name:       組名稱
    state:      present  absent
    gid:        組id
[root@manager ~/ansible-project1]# ansible oldboy -m group -a "name=test gid=8888 state=present"
[root@manager ~/ansible-project1]# ansible oldboy -m group -a "name=test state=absent"

user
    name:               指定用戶名稱
    uid:                指定用戶的uid
    group:              指定用戶的組名稱  或 組 GID
    groups:             指定用戶的附加組(附加組需存在) append:yes 給一個(gè)用戶追加附加組
    create_home         創(chuàng)建用戶家目錄/home/Username   默認(rèn)yes | no 
    shell:              指定登錄用戶的bash  /bin/bash  /sbin/nologin
    system:             指定系統(tǒng)用戶
    password
    
1.創(chuàng)建一個(gè)dev用戶,uid為9999    屬于test主的組,附加組為admin,root組
[root@manager ~/ansible-project1]# ansible oldboy -m user -a "name=dev uid=9999 group=test groups=adm,root shell=/bin/bash create_home=yes"

2.追加兩個(gè)組給dev用戶
[root@manager ~/ansible-project1]# ansible oldboy -m user -a "name=dev groups=bin,daemon append=yes"

3.創(chuàng)建一個(gè)系統(tǒng)用戶ops,沒有家目錄  不允許登錄系統(tǒng)
[root@manager ~/ansible-project1]# ansible oldboy -m user -a "name=ops system=yes shell=/sbin/nologin create_home=no"


4.創(chuàng)建一個(gè)普通用戶,可登錄  devops  123456
ansible all -i localhost, -m debug -a "msg={{ '123456' | password_hash('sha512', 'mysecretsalt') }}"
    "msg": "$6$mysecretsalt$ZB9R8AirQYAXhtfhOo2qdJz52FyNI6v3L6Uc3KNRP.arBKIYpcuEyQewT5qBAHoyQFwHkW6Z551Ql.cZ53GeY0"
    
[root@manager ~/ansible-project1]# ansible oldboy -m user -a 'name=devops password="$6$mysecretsalt$ZB9R8AirQYAXhtfhOo2qdJz52FyNI6v3L6Uc3KNRP.arBKIYpcuEyQewT5qBAHoyQFwHkW6Z551Ql.cZ53GeY0"'

mount掛載

    src:   源設(shè)備  (磁盤 | 光盤|  遠(yuǎn)程的共享的地址) src=172.16.1.31:/data
    path:   掛載點(diǎn)
    fstype: 設(shè)備類型  nfs xfs ext4 iso9660 ....
    opts:   掛載選項(xiàng)  defaults
    state: 
        absent  mounted         永久
        present unmounted       臨時(shí)

1.掛載172.16.1.31/data/blog  掛載至本地的/opt  
[root@manager ~/ansible-project1]# ansible oldboy -m mount -a "src=172.16.1.31:/data/blog path=/opt fstype=nfs opts=defaults state=mounted"

[root@manager ~/ansible-project1]# ansible oldboy -m mount -a "src=172.16.1.31:/data/blog path=/opt fstype=nfs opts=defaults state=unmounted"   
    



selinux
    [root@manager ~/ansible-project1]# ansible oldboy -m selinux -a "state=disabled"

firewalld
    zone:               指定區(qū)域 默認(rèn)public
    service:            指定服務(wù)名稱
    port:               指定端口
    state:              啟用或禁止
    masquerade:         開機(jī)地址偽裝 yes
    immediate:          臨時(shí)生效 yes
    permanent:          永久生效
    source:             來源IP
    rich_rule: rule service name="ftp" audit limit value="1/m" accept

1.放行http服務(wù)
[root@manager ~/ansible-project1]# ansible 172.16.1.31 -m firewalld -a "zone=public  service=http state=enabled immediate=yes permanent=yes"

2.放行tcp80端口
[root@manager ~/ansible-project1]# ansible 172.16.1.31 -m firewalld -a "zone=public  port=80/tcp state=enabled immediate=yes permanent=yes"

3.將5555端口轉(zhuǎn)發(fā)到 172.16.1.7 22  端口 開啟masquerade地址偽裝
[root@manager ~/ansible-project1]# ansible 172.16.1.31 -m firewalld -a "zone=public rich_rule='rule family=ipv4 forward-port port=5555 protocol=tcp to-port=22 to-addr=172.16.1.7'  state=enabled immediate=yes"
[root@manager ~/ansible-project1]# ansible 172.16.1.31 -m firewalld -a "zone=public masquerade=yes state=enabled immediate=yes"


4.配置基于來源IP  10.0.0.1主機(jī) 放行 22 端口
[root@manager ~/ansible-project1]# ansible 172.16.1.31 -m firewalld -a "zone=public rich_rule='rule family=ipv4 source address=10.0.0.100/32 service name=ssh accept'  state=enabled immediate=yes"


cron
1.添加一個(gè)定時(shí)任務(wù) (能不能執(zhí)行跟cron模塊沒有關(guān)系)
[root@manager ~/ansible-project1]# ansible oldboy -m cron -a "name='Backup scripts' minute=00 hour=05 user=root job='/bin/bash /scripts/check_data.sh &>/dev/null'"

2.刪除定時(shí)任務(wù)
[root@manager ~/ansible-project1]# ansible oldboy -m cron -a "name='Backup scripts' minute=00 hour=05 user=root job='/bin/bash /scripts/check_data.sh &>/dev/null' state=absent"
    
yum_repository
    name:           倉庫名稱,并且是文件的名稱
    description:    描述--
    baseurl:        倉庫的地址|很重要  http:// https:// ftp:// file://
    enabled:        是否啟用該倉庫yes
    gpgcheck:       不對(duì)下載的軟件包進(jìn)行檢查
[root@manager ~/ansible-project1]# ansible oldboy -m yum_repository -a 'name=rpmforge description="RPMforge YUM Repo" baseurl="https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/os/$basearch/" enabled=yes gpgcheck=no'

ansible-doc (user group mount)

1.使用ansible 的 ad-hoc  搭建  NFS  服務(wù)?  31
    1.安裝nfs
        # ansible nfs -m yum -a "name=nfs-utils state=present"
    
    2.配置nfs
    [root@manager ~/ansible-project1]# cat exports.j2 
    /data/blog 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666) 
    /data/zh 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
    /data/ansible 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
    
    [root@manager ~/ansible-project1]# ansible nfs -m copy -a "src=./exports.j2 dest=/etc/exports owner=root group=root mode=0644 backup=yes"
    
    3.根據(jù)配置文件進(jìn)行初始化操作   創(chuàng)建用戶  創(chuàng)建目錄 授權(quán)
    
    [root@manager ~/ansible-project1]# ansible nfs -m group -a "name=www gid=666 state=present"
    [root@manager ~/ansible-project1]# ansible nfs -m user -a "name=www uid=666 group=www  state=present"
    
    [root@manager ~/ansible-project1]# ansible nfs -m file -a "path=/data/ansible state=directory owner=www group=www mode=755 recurse=yes"
    
    3.啟動(dòng)nfs
    [root@manager ~/ansible-project1]# ansible nfs -m systemd -a "name=nfs state=restarted enabled=yes"
    
    
2.使用ansible 的 ad-hoc  實(shí)現(xiàn)  NFS  掛載?   7
    1.安裝nfs-utils工具
        [root@manager ~/ansible-project1]# ansible web -m yum -a "name=nfs-utils state=present"
    
    2.使用mount掛載即可
        [root@manager ~/ansible-project1]# ansible web -m mount -a "src=172.16.1.31:/data/ansible path=/mnt fstype=nfs opts=defaults state=mounted"



[root@manager ~/ansible-project1]# cat nfs-server.yml 
- hosts: nfs
  tasks:
    - name: Installed NFS Server
      yum:
        name: nfs-utils
        state: present

    - name: Configure NFS Server
      copy:
        src: ./exports.j2
        dest: /etc/exports
        owner: root
        group: root
        mode: 0644

    - name: Create NFS Group
      group:
        name: www
        gid: 666
  
    - name: Create NFS User
      user: 
        name: www
        uid: 666
        group: 666

    - name: Create NFS Share directory
      file:
        path: /data/ansible
        state: directory
        owner: www
        group: www
        mode: 755

    - name: Restart NFS Server
      systemd: 
        name: nfs
        state: restarted    
            
        
[root@manager ~/ansible-project1]# cat nfs-client.yml 
- hosts: web
  tasks:
    - name: Mount NFS Server
      mount: 
        src: 172.16.1.31:/data/ansible 
        path: /mnt
        fstype: nfs
        opts: defaults 
        state: mounted
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容