ansible批量管理常见的配置方法
Posted liangyuxing
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ansible批量管理常见的配置方法相关的知识,希望对你有一定的参考价值。
7.3.1 根据主机IP地址来进行设置主机清单????105
7.4 ansible的模块讲解(相当于linux命令行的命令)????112
7.5 ansible的剧本讲解(相当于linux编写的脚本)????134
第7章 ansible的管理
7.1 ansible概念的介绍
- ansible-playbook –syntax????????????检查语法
- ansible-playbook -C????????????????模拟执行剧本
- ansible-doc -l????????????????????????列出ansible的一些模块名字
- ansible-doc -s 模块名????????????????详细查看指定的模块参数
- ansible-doc 模块名????????????????详细查看指定的模块用法
======================================================================
- 黄色????????????????????????????对系统数据信息有改变
- 绿色????????????????????????????对系统进行查看操作时
- 红色????????????????????????????操作过程有严重错误
- 紫色????????????????????????????建议或者忠告
- 蓝色????????????????????????????操作执行过程信息
7.1.1 ansible的概念
- ansible是基于python开发的,一个批量管理服务器的软件
7.1.2 ansible使用的一些意义
- 可以批量管理服务器
- 可以节约公司维护成本
- 可以减少做一些重复性的工作
- 提高工作效率,提高工作的精确度
7.1.3 ansible拥有哪些服务
- ansible可以批量分发数据信息
- ansible可以批量部署服务
- ansible可以批量的进行公司资产的统计
- ansible可以进行自动管理(代码上线,服务重启)
7.1.4 ansible服务的一些特点
- ansible服务不需要启动
- ansible软件安装简单
- ansible软件功能强大(管理模块众多,剧本编写实现自动化)
- 客户端不需要配置
7.2 ansible部署过程
7.2.1 服务的安装
[root@m01 ~] # yum -y install ansible
7.2.2 服务版本的检查
[root@m01 ~] # ansible --version
ansible 2.8.5
config file = /etc/ansible/ansible.cfg
configured module search path = [u‘/root/.ansible/plugins/modules‘, u‘/usr/share/ansible/plugins/modules‘]
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
[root@m01 ~] #
?
7.3 ansible的主机清单讲解
7.3.1 根据主机IP地址来进行设置主机清单
7.3.1.1 编辑配置文件,将主机IP地址放入配置文件最后一行
[root@m01 ~] # vim /etc/ansible/hosts
## db-[99:101]-node.example.com
172.16.1.41
172.16.1.7
7.3.1.2 使用ansible命令来测试这几个服务器是否正常
[root@m01 ~] # ansible all -m ping????????????????查看IP地址是否正常
172.16.1.41 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"????????????????????????????出现ping:pong就是正常的情况
}
172.16.1.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@m01 ~] #
7.3.2 根据分组来进行设置主机清单
7.3.2.1 只查看网站web服务器的情况
[root@m01 ~] # vim /etc/ansible/hosts
?
172.16.1.41
?
[web_server]????????????????将网站服务器分组,组名为[web_server]
172.16.1.7
"/etc/ansible/hosts" 50L, 1067C written
You have new mail in /var/spool/mail/root
[root@m01 ~] # ansible web_server -m ping????????????????查找指定的组来进行测试
172.16.1.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@m01 ~] #
7.3.3 根据内置环境变量设置主机清单
7.3.3.1 秘钥不正常,需要使用密码的情况
7.3.3.1.1 破坏分发的公钥
[root@web01 ~] # vim ~/.ssh/authorized_keys
-dss AAAAB3NzaC1kc3MAAACBAP2/LmC3aM8WowMU81f1PYTFR5l08hATO3LR13RSa6XBw8laM5ih2tqe66FwUOwgpKfEczvOcqtbohCg87ZF3B/1sT25lKrsePysmn7Jr93htinjAMrP36pS5+MG
7.3.3.1.2 查看ssh连接看是否秘钥还否正常
[root@backup ~] # ssh 172.16.1.7????????????????秘钥已经不正常
root@172.16.1.7‘s password:
7.3.3.1.3 使用ansible来测试
[root@m01 ~] # ansible 172.16.1.7 -m ping
172.16.1.7 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).", ????????连接失败
"unreachable": true
}
[root@m01 ~] #
?
172.16.1.7 ansible_user=root ansible_password=123456 ansible_port=22????????设置内置变量来定义用户,密码,端口
"/etc/ansible/hosts" 50L, 1125C written
[root@m01 ~] # ansible 172.16.1.7 -m ping
172.16.1.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"????????????????连接成功
}
[root@m01 ~] #
?
- ansible_user????????????????????????????????????指定被管理主机连接的用户信息
- ansible_password????????????????????????????????指定被管理主机连接的密码信息
- ansible_port????????????????????????????????????指定被管理主机连接的端口信息
- ansible_host????????????????????????????????????指定被管理主机IP对应的的用户名????????????????????????????????????????????信息
7.3.3.2 使用用户名来设置主机清单
web01 ansible_host=172.16.1.7 ansible_user=root ansible_password=123456 ansible_port=22
"/etc/ansible/hosts"^[[A 50L, 1144C written ????????????????使用ansible_host来进行设置IP对应的主机名
[root@m01 ~] # ansible web01 -m ping
web01 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@m01 ~] #
7.3.3.3 用户提权来设置主机清单
?
web01 ansible_host=172.16.1.7 ansible_user=oldboy10 ansible_password=123456 ansible_port=22
~
"/etc/ansible/hosts" 51L, 1343C written
[root@m01 ~] # ansible web01 -m command -a "cat /etc/shadow"
web01 | FAILED | rc=1 >>
cat: /etc/shadow: Permission deniednon-zero return code????????????????权限拒绝,因为是普通用户,没有权限打开
?
[root@m01 ~] #
?
?
[root@m01 ~] # vim /etc/ansible/hosts
?
[web_server]
web01 ansible_host=172.16.1.7 ansible_user=oldboy10 ansible_password=123456 ansible_port=22 ansible_become=yes ansible_become_method=su ansible_becom
e_user=root ansible_become_password=123456????????????????是否开启提权操作 使用什么方法来进行提权 使用什么用户进行提权 密码是多少
?
?
[root@m01 ~] # ansible web01 -m command -a "cat /etc/passwd"????????????查看主机名为web01的/etc/passwd,用户为普通用户
web01 | CHANGED | rc=0 >>
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
?
- ansible_become????????????????????????????是否进行提权(yes/no)(true/false)
- ansible_become_method????????????????????????提权选择的方法(su/sudo)
- ansible_become_user????????????????????????使用什么用户进行提权
- ansible_become_password????????????????????指定提权用户密码
7.3.4 根据组变量来设置主机清单
[web_server]
web01 ansible_host=172.16.1.7 ansible_user=oldboy10 ansible_password=123456 ansible_port=22
?
[web_server:vars]????????????????设置他的组变量参数为vars
ansible_become=yes
ansible_become_method=su
ansible_become_user=root
ansible_become_password=123456
?
[root@m01 ~] # ansible web01 -m command -a "cat /etc/shadow"
web01 | CHANGED | rc=0 >>
root:$6$pn3juE2N$C9kmnucSJh08QQ.84BOTUNPqy3MSLez2YFG70N4NHD9gU40ibY8mdT6P05xUiaim2xcuRkjgB1rBohhZ8Y.To.:18178:0:99999:7:::
bin:*:17834:0:99999:7:::
daemon:*:17834:0:99999:7:::
adm:*:17834:0:99999:7:::
lp:*:17834:0:99999:7:::
sync:*:17834:0:99999:7:::
7.3.5 根据组与子组来设置主机清单
?
[web_backup:children]????????????????????将多个模块合在一起进行查看(children:可以说成是web_backup主模块的子模块配置)
backup_server
web_server
?
[backup_server]????
172.16.1.41
?
[web_server]
172.16.1.7 ansible_user=root ansible_password=123456 ansible_port=22
?
?
[root@m01 ~] # ansible web_backup -m ping
172.16.1.41 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@m01 ~] #
7.3.6 根据序列来设置主机清单
[seq_server]????????????????????连续的情况下使用这个方法
172.16.1.[41:45]
"/etc/ansible/hosts" 59L, 1222C written
?
[root@m01 ~] # ansible seq_server -m ping
172.16.1.41 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.42 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 172.16.1.42 port 22: No route to host",
"unreachable": true
}
172.16.1.44 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 172.16.1.44 port 22: No route to host",
"unreachable": true
}
[root@m01 ~] #
7.4 ansible的模块讲解(相当于linux命令行的命令)
7.4.1 命令模块的讲解
7.4.1.1 command命令模块讲解(默认模块)
7.4.1.1.1 作用
批量管理多个数据执行命令,默认不支持特殊符号的使用
7.4.1.1.2 语法
ansible 主机名 -m command -a "hostname"
7.4.1.1.3 使用command来查看各个服务器的主机名
[root@m01 ~] # ansible web_server -m command -a "hostname"????????????查看主机名
172.16.1.7 | CHANGED | rc=0 >>
web01
?
[root@m01 ~] #
7.4.1.1.4 使用command来切换目录
[root@m01 ~] # ansible web_server -m command -a "chdir=/tmp pwd"????????????切换目录
172.16.1.7 | CHANGED | rc=0 >>
/tmp
?
You have new mail in /var/spool/mail/root
[root@m01 ~] #
7.4.1.1.5 使用command来创建文件
- creates:判断文件数据是否存在,如果存在,则跳过下次的创建,所以不创建33.txt
[root@m01 ~] # ansible web_server -m command -a "creates=/tmp/aa.txt touch33.txt"????????????
172.16.1.7 | SUCCESS | rc=0 >>
skipped, since /tmp/aa.txt exists????????????????跳过,现在aa.txt已经存在,跳过创建33.txt
?
[root@m01 ~] #
?
[root@web01 tmp] # ll
total 0
-rw-r--r-- 1 root root 0 Oct 30 16:33 aa.txt
[root@web01 tmp] #
- removes:如果文件存在,才会进行创建,现在oldboy.txt文件不存在,所以不会创建
[root@m01 ~] # ansible 172.16.1.41 -m command -a "removes=/tmp/oldboy.txt touch /tmp/aa.txt"
172.16.1.41 | SUCCESS | rc=0 >>
skipped, since /tmp/oldboy.txt does not exist
?
[root@m01 ~] #
?
[root@backup ~] # ll /tmp????????????????????????????文件不存在
total 4
-rw-r--r-- 1 root root 0 Oct 30 11:19 aa.txt
-rw-r--r-- 1 oldboy01 oldboy01 390 Oct 17 19:10 hosts
7.4.1.2 shell命令模块的讲解(万能模块)
7.4.1.2.1 作用
批量管理多个数据执行命令,默认支持特殊符号,但是这个命令执行一次就废了,简称幂等法
7.4.1.2.2 语法
ansible 主机名 -m shell-a "echo oldboy66 > /tmp/aa.txt"
?
7.4.1.2.3 将备份服务器/tmp/aa.txt里面加入数据信息oldboy66
[root@m01 ~] # ansible 172.16.1.41 -m shell -a "echo oldboy66 > /tmp/aa.txt"
172.16.1.41 | CHANGED | rc=0 >>
?
?
[root@m01 ~] #
?
[root@backup ~] # cat /tmp/aa.txt
oldboy66????????????????????????????????????数据已经重定向成功
[root@backup ~] #
7.4.1.3 script命令模块的讲解(脚本模块)
7.4.1.3.1 作用
可以远程执行脚本文件
7.4.1.3.2 语法
ansible IP地址 -m script -a "/server/scripts/1.sh"
7.4.1.3.3 将/server/scripts/1.sh分发到备份服务器上创建出脚本中执行的内容
[root@m01 scripts] # ansible 172.16.1.41 -m script -a "/server/scripts/1.sh"
172.16.1.41 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.16.1.41 closed. ",
"stderr_lines": [
"Shared connection to 172.16.1.41 closed."
],
"stdout": "",
"stdout_lines": []
}
7.4.2 文件模块的讲解
7.4.2.1 copy模块的讲解
7.4.2.1.1 作用
- 将管理主机上的数据分发到其他被管理主机上
- 可以将被管理主机上的数据进行复制的操作
?
7.4.2.1.2 语法
- ansible 172.16.1.41 -m copy -a "src=路径 dest=路径 mode=权限 owner=属主 group=属组"
- ansible 172.16.1.41 -m copy -a "src=路径 dest=路径 remote_src=yes/no mode=权限 owner=属主 group=属组"
- ansible 172.16.1.41 -m copy -a "content=内容 dest=路径 mode=权限 owner=属主 group=属组"
- ansible 172.16.1.41 -m copy -a "content=内容 dest=路径 mode=权限 owner=属主 group=属组 backup=yes/no"
7.4.2.1.3 参数讲解
- src????????????????????????要复制到远程服务器的文件路径
- dest????????????????????????指定保存到远程服务器哪个路径下面
- remote_src????????????????true:表示src文件在远程服务器上,false表示src文件在本????????????????????????????地上
- backup????????????????????传输文件之前,对可能要备份覆盖的文件做备份操作
- mode????????????????????传输文件之后对文件权限进行修改操作
- owner????????????????????传输文件之后对文件的属主进行修改操作
- group????????????????????传输文件之后对文件的属组进行修改操作
- content????????????????????在被管理的主机创建文件并且添加新的额内容
7.4.2.1.4 将批量管理服务器的hosts文件备份到备份服务器的backup目录下面
[root@m01 scripts] # ansible 172.16.1.41 -m copy -a "src=/etc/hosts dest=/backup/ mode=666 owner=oldboy10 group=oldboy10"
172.16.1.41 | CHANGED => {
"gid": 1004,
?
}
[root@m01 scripts] #
?
?
[root@backup scripts] # cd /backup/
[root@backup backup] # ll
total 4
-rw-rw-rw- 1 oldboy10 oldboy10 390 Oct 30 19:32 hosts????????????属主.属组修改为了oldboy10,权限为666
[root@backup backup] #
7.4.2.1.5 将备份服务器文件/etc/hosts文件移动到/tmp目录下面
[root@m01 scripts] # ansible 172.16.1.41 -m copy -a "src=/etc/hosts dest=/backup/ mode=777 remote_src=yes"
172.16.1.41 | CHANGED => {????????????remote_src代表的是远程源是否开启
"ansible_facts": {
"changed": true
?
?
[root@backup backup] # ll
total 4
-rwxrwxrwx 1 root root 390 Oct 17 19:10 hosts
[root@backup backup] #
7.4.2.1.6 将oldboy66放入到远程备份服务器的/tmp/hosts文件中
[root@m01 backup] # ansible 172.16.1.41 -m copy -a "content=oldboy66 dest=/backup/hosts mode=777 "
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
?
[root@backup backup] # cat hosts
oldboy66????????????????????????????内容输出正确
7.4.2.1.7 将/etc/hosts传输到备份服务器backup目录下
[root@m01 backup] # ansible 172.16.1.41 -m copy -a "src=/etc/hosts dest=/backup/hosts mode=111 backup=yes "
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backu
?
?
[root@backup backup] # ll
total 8
---x--x--x 1 root root 390 Oct 30 19:49 hosts????????????????????传输成功
-rwxrwxrwx 1 root root 9 Oct 30 19:45 hosts.9266.2019-10-30@19:49:30~
You have new mail in /var/spool/mail/root
[root@backup backup] #
7.4.2.2 file模块的讲解
7.4.2.2.1 作用
对已有数据信息进行数据属性的修改
在多台主机上面可以进行创建或者删除的操作
7.4.2.2.2 语法
ansible 172.16.1.41 -m file -a "path=指定数据的路径信息 mode=要修改成的权限 owner=要修改成的属主 group=要修改成的属组"
ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要创建的文件 state=touch"
ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要创建的目录 state=directory"
ansible 172.16.1.41 -m file -a "src=远程的文件????path=指定数据的路径信息/要创建硬链接 state=hard"
ansible 172.16.1.41 -m file -a " src=远程的文件????path=指定数据的路径信息/要创建软链接 state=link"
ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要删除的文件 state=absent"
ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要删除的目录 state=absent"
7.4.2.2.3 参数讲解
path????????????????指定要远程创建的文件的具体路径信息
src????????????????指定源文件是哪个
state????????????????指定对查找到的路径下面的文件进行什么操作(touch,directory.,hard,link)
mode????????????指定文件的权限信息
owner????????????指定文件的属主信息
group????????????指定文件的属组信息
7.4.2.2.4 将远程172.16.1.41服务器的/backup/hosts文件权限修改为644,并且属主.属组为oldboy10
[root@m01 backup] # ansible 172.16.1.41 -m file -a "path=/backup/hosts mode=644 owner=oldboy10 group=oldboy10"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
?
[root@backup backup] # ll
total 8
-rw-r--r-- 1 oldboy10 oldboy10 390 Oct 30 19:49 hosts????????????????修改成功
7.4.2.2.5 在远程主机172.16.1.4的/backup/目录下面创建文件为oldboy10.txt
[root@m01 backup] # ansible 172.16.1.41 -m file -a "path=/backup/oldboy10.txt state=touch"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
[root@backup backup] # ll
total 8
-rw-r--r-- 1 oldboy10 oldboy10 390 Oct 30 19:49 hosts
-rw-r--r-- 1 root root 0 Oct 30 20:28 oldboy10.txt????????????????????创建成功
7.4.2.2.6 在远程主机172.16.1.4的/backup/目录下面创建目录为oldboy
[root@m01 backup] # ansible 172.16.1.41 -m file -a "path=/backup/oldboy state=directory"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
?
[root@backup backup] # ll
total 8
-rw-r--r-- 1 oldboy10 oldboy10 390 Oct 30 19:49 hosts
drwxr-xr-x 2 root root 6 Oct 30 20:31 oldboy????????????创建目录成功
7.4.2.2.7 在远程主机172.16.1.4的/backup/目录下面创建硬链接文件为hard_oldboy.txt
[root@m01 backup] # ansible 172.16.1.41 -m file -a "src=/backup/oldboy10.txt path=/backup/hard_oldboy.txt state=hard"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
69620303 -rw-r--r-- 3 root root 0 Oct 30 20:28 hard_oldboy.txt????????????创建硬链接成功
69620303 -rw-r--r-- 3 root root 0 Oct 30 20:28 oldboy10.txt
7.4.2.2.8 在远程主机172.16.1.4的/backup/目录下面创建软链接文件为link_oldboy.txt
[root@m01 backup] # ansible 172.16.1.41 -m file -a "src=/backup/oldboy10.txt path=/backup/link_oldboy01.txt state=link "
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
[root@backup backup] # ll
total 12
lrwxrwxrwx 1 root root 20 Oct 30 20:50 link_oldboy01.txt -> /backup/oldboy10.txt????????创建成功
-rw-r--r-- 4 root root 0 Oct 30 20:28 oldboy10.txt
7.4.2.2.9 在远程主机上将oldboy10.txt删除
[root@m01 backup] # ansible 172.16.1.41 -m file -a " path=/backup/oldboy10.txt state=absent"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
?
?
[root@backup backup] # ll????????????????????发现没有oldboy10.txt文件了
total 12
-rw-r--r-- 2 oldboy10 oldboy10 390 Oct 30 19:49 aa
-rw-r--r-- 3 root root 0 Oct 30 20:28 hard_oldboy.txt
[root@backup backup] #
7.4.2.2.10 在远程主机上将oldboy目录删除
[root@m01 backup] # ansible 172.16.1.41 -m file -a " path=/backup/oldboy state=absent"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
}
You have new mail in /var/spool/mail/root
[root@m01 backup] #
?
[root@backup backup] # ll????????????????????发现没有oldboy10目录
total 12
-rw-r--r-- 2 oldboy10 oldboy10 390 Oct 30 19:49 aa
-rw-r--r-- 3 root root 0 Oct 30 20:28 hard_oldboy.txt
[root@backup backup] #
?
?
7.4.2.3 fetch模块的讲解
7.4.2.3.1 作用
将被管理端主机数据进行拉取保存到管理主机上
7.4.2.3.2 语法
ansible 172.16.1.41 -m fetch -a " src=被管理机的目录下面的数据信息 dest=管理机指定的目录下面 "
7.4.2.3.3 将/etc/hosts文件拿到批量管理服务器上的/backup目录里面
[root@m01 backup] # ansible 172.16.1.41 -m fetch -a " src=/etc/hosts dest=/backup/"
172.16.1.41 | CHANGED => {
"changed": true,
"remote_md5sum": null
}
[root@m01 backup] # ll /backup
total 16
drwxr-xr-x 3 root root 17 Oct 30 20:58 172.16.1.41
[root@m01 backup] # cd 172.16.1.41????????
[root@m01 172.16.1.41] # ll
total 0
drwxr-xr-x 2 root root 19 Oct 30 20:58 etc????????成功
[root@m01 172.16.1.41] #
7.4.3 系统模块的讲解
7.4.3.1 yum模块的讲解
7.4.3.1.1 作用
可以用于批量安装软件
7.4.3.1.2 语法
ansible 主机IP -m yum -a "name=htop state=intsalled"
ansible 主机IP -m yum -a "name=htop state=removed"
?
7.4.3.1.3 参数讲解
name????????指定远程主机要安装的软件信息
state????????????是否安装软件(installed)或者卸载软件(removed)
7.4.3.1.4 批量安装htop软件
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m yum -a "name=htop state=installed"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"htop"
?
?
[root@backup ~] # rpm -qa htop
htop-2.2.0-3.el7.x86_64????????????????安装成功
[root@backup ~] #
7.4.3.1.5 批量卸载htop软件
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m yum -a "name=htop state=removed"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"removed": [
"htop"
?
[root@backup ~] # rpm -qa htop????????????????卸载成功
7.4.3.2 service模块的讲解
7.4.3.2.1 作用
可以批量启动/停止/重启/重载服务程序
7.4.3.2.2 语法
ansible 主机IP -m service -a "name=启动的服务名称 state=启动/停止/重启/重载"
ansible 主机IP -m service -a "name=启动的服务名称 enabled=yes/no"
?
7.4.3.2.3 参数讲解
name????????指定远程主机需要批量启动/停止/重启/重载的服务程序
state????????????指定你要将服务的状态怎么样
enabled????????指定是否要开启开机自启服务
7.4.3.2.4 启动/停止/重启rsync服务
ansible 172.16.1.41 -m service -a "name=rsyncd state=started"????????????启动
[root@backup ~] # systemctl status rsyncd
● rsyncd.service - fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-10-31 15:52:23 CST; 8s ago
Main PID: 3404 (rsync)
?
ansible 172.16.1.41 -m service -a "name=rsyncd state=stopped"????????????停止
[root@backup ~] # systemctl status rsyncd
● rsyncd.service - fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Thu 2019-10-31 15:52:44 CST; 4s ago
?
ansible 172.16.1.41 -m service -a "name=rsyncd state=restarted"????????????重启
[root@backup ~] # systemctl status rsyncd
● rsyncd.service - fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-10-31 15:53:00 CST; 3s ago
7.4.3.2.5 开机自启rsync服务
[root@backup ~] # systemctl status rsyncd
● rsyncd.service - fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; disabled; vendor preset: disabled)????发现没有开启
Active: active (running) since Thu 2019-10-31 15:53:00 CST; 7min ago
?
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m service -a "name=rsyncd enabled=yes"
?
[root@backup ~] # systemctl status rsyncd
● rsyncd.service - fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)????开启成功
Active: active (running) since Thu 2019-10-31 15:53:00 CST; 8min ago
?
7.4.3.3 cron模块的讲解
7.4.3.3.1 作用
批量设置定时任务
7.4.3.3.2 语法
ansible 主机IP -m cron -a "name=注释信息 minute=*/5 job=执行的任务"
ansible 主机IP -m cron -a " minute=*/5 job=执行的任务"
ansible 主机IP -m cron -a "name=注释信息 minute=*/5 job=执行的任务 state=absent/disable"
?
?
7.4.3.3.3 参数讲解
minute????????每分钟(0-59)
hour????????????每小时(0-23)
day????????????每天(1-31)
month????????每月(1-12)
weekday????????每周(0-6)
name????????注释的信息
job????????????指定的任务参数
state????????????定义此定时任务的状态信息
7.4.3.3.4 在备份服务器上定义每5分钟更新下时间
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m cron -a "name=定时任务更新时间 minute=*/5 job=‘/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null‘"
[DEPRECATION WARNING]: The ‘name‘ parameter will be required in future releases.. This
]
}
[root@m01 ansible_playbook] #
?
?
[root@backup ~] # crontab -l
#Ansible:定时任务更新时间
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null????????????添加成功
[root@backup ~] #
7.4.3.3.5 在备份服务器上将添加的定时任务注释掉
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m cron -a "name=定时任务更新 minute=*/5 job=‘/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null‘ disabled=yes"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
?
[root@backup ~] # crontab -l
#Ansible: 定时任务更新
#*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null????????????注释成功
[root@backup ~] #
7.4.3.3.6 在备份服务器上将定时任务更新任务删除
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m cron -a "name=定时任务更新 minute=*/5 job=‘/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null‘ state=absent"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
?
[root@backup ~] # crontab -l????????????????发现定时任务已经删除
#时间同步
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com
?
#nfs打包发送给备份服务
0 20 * * * /bin/sh /server/scripts/backup_server.sh
?
[root@backup ~] #
7.4.3.4 mount模块的讲解
7.4.3.4.1 作用
可以批量的挂载和卸载操作
7.4.3.4.2 语法
ansible 主机IP -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=挂载;卸载 "
7.4.3.4.3 参数讲解
src????????????????指定要挂载的设备文件/网络文件
path????????????????指定要挂载在哪个目录上
fstype????????????指定挂载设备的文件类型
state????????????????指定目前你需要的挂载操作
mounted????????????挂载(临时挂载和永久挂载)
unmounted????????卸载(临时卸载)
present????????????挂载(永久挂载)
absent????????????卸载(临时卸载和永久卸载)
7.4.3.4.4 将服务端的data01挂载到客户端/mnt目录上(mounted状态的时候)
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=mounted"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
?
[root@backup ~] # df -h????????????????????????????临时挂载成功
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 99G 5.3G 93G 6% /
172.16.1.31:/data01 99G 5.3G 93G 6% /mnt
[root@backup ~] # tail /etc/fstab
#
#UUID=27104df9-3f54-4b94-acb7-0890b452e99f / xfs defaults 0 0
172.16.1.31:/data01 /mnt nfs defaults 0 0????????????????永久挂载成功
[root@backup ~] #
7.4.3.4.5 将服务端的data01挂载到客户端/mnt目录上(persent状态的时候)
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=present"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
?
[root@backup ~] # df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 99G 5.3G 93G 6% /
devtmpfs 471M 0 471M 0% /dev
tmpfs 487M 0 487M 0% /dev/shm
tmpfs 487M 8.4M 478M 2% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sda1 197M 160M 37M 82% /boot
tmpfs 98M 12K 98M 1% /run/user/42
tmpfs 98M 0 98M 0% /run/user/0
[root@backup ~] # tail -1 /etc/fstab ????????????????????????发现只有永远挂载,不会临时挂载
172.16.1.31:/data01 /mnt nfs defaults 0 0
[root@backup ~] #
7.4.3.4.5 将客户端的挂载点/mnt卸载(unmounted)
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=unmounted"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
?
[root@backup ~] # df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 99G 5.4G 93G 6% /
devtmpfs 471M 0 471M 0% /dev
tmpfs 487M 0 487M 0% /dev/shm
tmpfs 487M 8.4M 478M 2% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sda1 197M 160M 37M 82% /boot
tmpfs 98M 12K 98M 1% /run/user/42
tmpfs 98M 0 98M 0% /run/user/0????????????发现只能临时卸载,不能永久卸载
[root@backup ~] # tail -1 /etc/fstab
172.16.1.31:/data01 /mnt nfs defaults 0 0????????????????永久卸载失败
[root@backup ~] #
7.4.3.4.6 将客户端的挂载点/mnt卸载(absent)
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=absent"
172.16.1.41 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "Error rmdir /mnt: [Errno 39] Directory not empty: ‘/mnt‘"
}
?
?
[root@backup ~] # df -h????????????????????????????卸载成功
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 99G 5.4G 93G 6% /
devtmpfs 471M 0 471M 0% /dev
tmpfs 487M 0 487M 0% /dev/shm
tmpfs 487M 8.4M 478M 2% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sda1 197M 160M 37M 82% /boot
tmpfs 98M 12K 98M 1% /run/user/42
tmpfs 98M 0 98M 0% /run/user/0
[root@backup ~] # tail -1 /etc/fstab ????????????????????卸载成功
#/dev/sdb1 /mnt ext4 user 0 0
[root@backup ~] #
?
7.4.3.5 user模块的讲解
7.4.3.5.1 作用
可以批量生成用户信息
7.4.3.5.2 语法
ansible 主机IP地址 -m user -a ‘name=创建用户名称 shell=是否进行登录 create_home=yes/no password="密文信息"‘
7.4.3.5.3 参数讲解
name????????????指定远程要创建的用户名称
shell????????????????指定用户登录的方式
create_home????????指定用户是否创建家目录
password????????????指定设置用户的密码,需要使用密文信息来设置密码
uid????????????????指定创建的用户的uid‘值
group????????????指定创建的用户的主组信息
groups????????????指定创建的用户的附属组信息
7.4.3.5.4 创建olddog用户
[root@m01 ansible_playbook] #
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m user -a "name=olddog"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true
?
[root@backup ~] # id olddog
uid=1015(olddog) gid=1018(olddog) groups=1018(olddog)????????????创建用户成功
You have new mail in /var/spool/mail/root
[root@backup ~] #
7.4.3.5.5 创建虚拟用户oldgirl用户
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m user -a "name=oldgirl shell=/sbin/nologin create_home=no"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
[root@backup ~] # id oldgirl????????????????????????????????创建虚拟用户成功
uid=1016(oldgirl) gid=100(users) groups=100(users)
You have new mail in /var/spool/mail/root
[root@backup ~] # ll /home/oldgirl????????????????????家目录找不到
ls: cannot access /home/oldgirl: No such file or directory
[root@backup ~] # grep oldgirl /etc/passwd
oldgirl:x:1016:100::/home/oldgirl:/sbin/nologin????????????不可以进行用户登录
[root@backup ~] #
7.4.3.5.6 创建用户并且设置密码
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m user -a "name=oldgirl shell=/bin/bash create_home=no password=123456"
[WARNING]: The input password appears not to have been hashed. The ‘password‘ argument must be encrypted for this module to work properly.
?
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": true,
?
?
[root@backup ~] # grep oldgirl /etc/shadow
oldgirl:123456:18200:0:99999:7:::????????????密码是明文的,设置用户密码的时候使用密文信息,不正确
[root@backup ~] #
?
?
- 创建密文密码信息
- 方式一:利用ansible命令来设置密文信息
????????[root@m01 ansible_playbook] # ansible 172.16.1.41 -m debug -a "msg={{‘123456‘|password_hash(‘sha512‘,‘oldboy‘) }}"
172.16.1.41 | SUCCESS => {
"msg": "$6$oldboy$MVd3DevkLcimrBLdMICrBY8HF82Wtau5cI8D2w4Zs6P1cCfMTcnnyAmmJc7mQaE9zuHxk8JFTRgYMGv9uKW7j1"
}
- 方式二:使用python语言来生成密码信息
- 安装pip软件
????????yum install -y python-pip
- pip安装passlib软件
????????pip install passlib
????????
[root@m01 ansible_playbook] # python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))"????????使用python语言来设置密文信息
Password: ????????????????设置明文密码
$6$XavoWtpBWnfV2sRL$3H8B1SeY76Dca8b.y6OQlBFVVeSHCwM71MQNwcV7Z1ApGVxIGFX9DNGVZU/k.J0/Vo2Rijrbasaku3nuR7qML1
- 重新设定oldtea密码信息
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m user -a ‘name=oldgirl shell=/bin/bash create_home=no password="$6$XavoWtpBWnfV2sRL$3H8B1SeY76Dca8b.y6OQlBFVVeSHCwM71MQNwcV7Z1ApGVxIGFX9DNGVZU/k.J0/Vo2Rijrbasaku3nuR7qML1"‘????????????添加密文信息
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
[root@backup ~] # grep oldgirl /etc/shadow????????????????查看发现添加成功
oldgirl:$6$XavoWtpBWnfV2sRL$3H8B1SeY76Dca8b.y6OQlBFVVeSHCwM71MQNwcV7Z1ApGVxIGFX9DNGVZU/k.J0/Vo2Rijrbasaku3nuR7qML1:18200:0:99999:7:::
[root@backup ~] #
7.5 ansible的剧本讲解(相当于linux编写的脚本)
7.5.1 剧本的概念
将多个模块进行整合灵活的使用,实现一键批量化的安装软件
简化了操作的流程
提高了工作效率
降低的公司维护的成本
实现了服务端额自动部署
7.5.2 剧本编写的注意点(yaml语法)
7.5.2.1 缩进规范:2个空格表示一个缩进
- hosts: 主机清单
tasks:
- name: 01 安装服务
7.5.2.2 冒号后面要有空格(如果是冒号后面会在下面一行输入内容,则不需要)
- hosts: 主机清单????????????????冒号后面要有1个空格
tasks:????????????????????????冒号后面不需要有1个空格
- name: 01 安装服务
7.5.2.3 短横线后面需要有空格
- hosts: 主机清单
tasks:
- name: 01 安装服务????????????????空格后面有一个空格
?
7.5.3 剧本编写常见的格式
7.5.3.1 剧本执行方法
7.5.3.1.1 剧本测试语法方法
[root@m01 auto_yaml] # ansible-playbook --syntax-check auto_rsync_news.yaml ????????测试方法
?
playbook: auto_rsync_news.yaml
7.5.3.1.2 剧本模拟测试方法
[root@m01 auto_yaml] # ansible-playbook -C auto_rsync_news.yaml ????????????模拟执行方法
?
PLAY [backup] **************************************************************************************************************************************
7.5.3.1.3 剧本执行方法
[root@m01 auto_yaml] # ansible-playbook auto_rsync_news.yaml ????????????执行方法
?
PLAY [backup] **************************************************************************************************************************************
?
7.5.3.2 列表格式的编写
- hosts: nfs_server
tasks:
- name: 01:install software
yum: name=nfs-utils state=installed
yum: name=rpcbind state=installed
- name: 02:push conf_file to server
copy: src=./nfs/exports dest=/etc/
- name: 03:create data dir
file: path=/data state=directory owner=nfsnobody group=nfsnobody
- name: 04:boot server
service: name=rpcbind state=started enabled=yes
service: name=nfs state=started enabled=yes
?
- hosts: nfs_client
tasks:
- name: 01:install software
yum: name=nfs-utils state=installed
- name: 02:mount data dir
shell: mount -t nfs 172.16.1.31:/data /mnt
7.5.3.3 字典格式的编写
- hosts: nfs_server
tasks:
- name: 01:install software
yum:
name:
- nfs-utils
- rpcbind
state: installed
- name: 02:push conf_file to server
copy:
src: ./nfs/exports
dest: /etc/
- name: 03:create data dir
file:
path: /data
state: directory
owner: nfsnobody
group: nfsnobody
- name: 04:boot server rpc
service:
name: rpcbind
state: started
enabled: yes
- name: 05:boot server nfs
service:
name: nfs
state: started
enabled: yes
?
- hosts: nfs_client
tasks:
- name: 01:install software
yum:
name: nfs-utils
state: installed
- name: 02:mount data dir
shell: mount -t nfs 172.16.1.31:/data /mnt????
7.5.3.4 json格式的编写(???)
7.5.4 剧本编写扩展功能
7.5.4.1 剧本中的判断功能(when)
7.5.4.1.1 剧本中设置变量判断的信息
ansible_all_ipv4_addresses:????????????????仅显示ipv4的信息。
ansible_devices:????????????????????????仅显示磁盘设备信息。
ansible_distribution:????????????????????显示是什么系统,例:centos,suse等。
ansible_distribution_major_version:????????显示是系统主版本。
ansible_distribution_version:????????????仅显示系统版本。
ansible_machine:????????????????????????显示系统类型,例:32位,还是64位。
ansible_eth0:????????????????????????仅显示eth0的信息。
ansible_hostname:????????????????????仅显示主机名。
ansible_kernel:????????????????????????仅显示内核版本。
ansible_lvm:????????????????????????????显示lvm相关信息。
ansible_memtotal_mb:????????????????????显示系统总内存。
ansible_memfree_mb:????????????????????显示可用系统内存。
ansible_memory_mb:????????????????????详细显示内存情况。
ansible_swaptotal_mb:????????????????????显示总的swap内存。
ansible_swapfree_mb:????????????????????显示swap内存的可用内存。
ansible_mounts:????????????????????????显示系统磁盘挂载情况。
ansible_processor:????????????????????显示cpu个数(具体显示每个cpu的型号)。
ansible_processor_vcpus:????????????????显示cpu个数(只显示总的个数)。
7.5.4.1.2 判断单个判断信息
[root@m01 test] # vim playbook_判断功能.yaml
- hosts: nfs_server
tasks:
- name: 01 查看df -h信息
shell: df -h
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
when: ansible_eth1.ipv4.address == "172.16.1.31"????????????????设置单个变量when
7.5.4.1.3 设置多个判断信息
- 使用or/and来组合
[root@m01 test] # vim playbook_判断功能.yaml
- hosts: nfs_server
tasks:
- name: 01 查看df -h信息
shell: df -h
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
when: (ansible_eth1.ipv4.address == "172.16.1.31") or/and (ansible_hostname == "nfs")????????使用or/and来判读
- 使用[]来组合
- hosts: nfs
tasks:
- name: 01 查看df -h信息
shell: "systemctl status sshd"
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
when: (ansible_eth1.ipv4.address == ["172.16.1.31","172.16.1.41"])????????使用[]来判断
7.5.4.1.4 取反操作
[root@m01 test] # vim playbook_判断功能.yaml
- hosts: nfs_server
tasks:
- name: 01 查看df -h信息
shell: df -h
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
when: ansible_eth1.ipv4.address != "172.16.1.31"????????????????设置单个变量when,排除31
?
7.5.4.2 剧本中的循环功能(loop/with_items)
7.5.4.2.1 循环的内容指定的时候
- name: 04:重启nfs服务
service: name={{ item }} state=started enabled=yes????????????设置循环的变量
loop:
- rpcbind????????????????设置循环的内容
- nfs
when: ansible_eth1.ipv4.address == "172.16.1.31"
7.5.4.2.2 循环的内容每次不同的时候
- hosts: nfs
tasks:
- name: 01:创建存储目录
file: path={{ item.path }} state={{ item.state }} owner={{ item.owner }} group={{ item.group }}????????????????????取出你要得到的值
loop:????????????????循环模块
- {path: ‘/data‘, state: ‘directory‘, owner: ‘nfsnobody‘, group: ‘nfsnobody‘}????????设置循环的内容
- {path: ‘/data01‘, state: ‘directory‘, owner: ‘nfsnobody‘, group: ‘nfsnobody‘}
- {path: ‘/data02‘, state: ‘directory‘, owner: ‘oldboy01‘, group: ‘oldboy01‘}
when: ansible_eth1.ipv4.address == "172.16.1.31"
7.5.4.3 剧本中的标签功能(tags:调试剧本)
ansible-playbook test_标签功能配置.yml -t oldboy100????????????????只执行标记任务ansible-playbook test_标签功能配置.yml --skip-tags oldboy100????????????跳过标记任务
- hosts: nfs
tasks:
- name: 01:创建用户oldboy
user: name=oldboy1000
tags: oldboy100????????????????????-t:只执行这个模块 --skip-tags:忽略掉这个模块
- name: 02:查看用户oldboy是否创建成功
shell: id oldboy
register: oldboy1000
- name: 03:check info
debug: msg={{ oldboy1000.stdout_lines }}
?
7.5.4.4 剧本中的忽略错误功能(ignore_errors: yes)
- name: 01:创建用户oldboy
user: name=oldboy1000 state=installed
ignore_errors: yes????????????????????????????忽略上面模块参数的错误,会继续往下面执行
- name: 02:查看用户oldboy是否创建成功
shell: id oldboy
register: oldboy1000
- name: 03:check info
debug: msg={{ oldboy1000.stdout_lines }}
?
7.5.4.5 剧本中的触发器功能
- 提示: 触发器任务会在所有任务执行完毕之后才执行
[root@m01 test] # vim playbook_触发器.yaml
- hosts: 172.16.1.41
tasks:
- name: 01 安装rsync服务
yum: name=rsync state=installed
- name: 02 将文件传送过去
copy: src=/etc/ansible/ansible_playbook/test/rsyncd.conf dest=/etc
notify:????????????????????????如果传输或者执行的结果有变化,都会触发
- restart_server
- display news info
- check info
- name: 03 重启
service: name=rsyncd state=started
- name: display news info
shell: netstat -anptu | grep rsync
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
handlers:????????????????????????????????触发器
- name: restart_server????????????第一个需要触发的事情
service: name=rsyncd state=restarted
- name: display news info????????第二个需要触发的事情
shell: netstat -anptu | grep rsync
register: oldboy
- name: check info????????????第三个需要触发的事情
debug: msg={{ oldboy.stdout_lines }}
7.5.4.6 剧本中的注册功能(register:显示指定输出的信息)
[root@m01 test] # vim playbook_注册信息.yaml
- hosts: 172.16.1.31
tasks:
- name: 01 查看df -h信息
shell: df -h
register: oldboy????????????????????注册信息,输出的信息以oldboy变量来显示
- name: check info
debug: msg={{ oldboy.stdout_lines }}????????将信息输出来
?
?
[root@m01 test] # ansible-playbook playbook_设置变量.yaml
?
PLAY [172.16.1.31] ********************************************************************************************
ok: [172.16.1.31]
?
TASK [01 查看df -h信息] *********************************************************************************************************************************
changed: [172.16.1.31]
?
TASK [check info] ***********************************************************************************************************************************
ok: [172.16.1.31] => {????????????????????????????????执行的结果已经显示出来
"msg": [
"Filesystem Size Used Avail Use% Mounted on",
"/dev/sda3 99G 5.3G 94G 6% /",
"devtmpfs 471M 0 471M 0% /dev",
"tmpfs 487M 0 487M 0% /dev/shm",
"tmpfs 487M 16M 472M 4% /run",
"tmpfs 487M 0 487M 0% /sys/fs/cgroup",
"/dev/sda1 197M 160M 37M 82% /boot",
"tmpfs 98M 16K 98M 1% /run/user/988",
"tmpfs 98M 0 98M 0% /run/user/0"
]
?
7.5.4.7 剧本中的设置变量功能(vars)
7.5.4.7.1 剧本中设置
[root@m01 test] # vim playbook_设置变量.yaml
- hosts: 172.16.1.31
vars:
name: oldboy100????????????????????设置变量
tasks:
- name: 01 创建oldboy100用户
user: name={{ name }}????????????调用变量
?
?
[root@nfs01 ~] # id oldboy100????????????查看是否创建成功
uid=1000(oldboy100) gid=1004(oldboy100) groups=1004(oldboy100)
You have new mail
7.5.4.7.2 命令行中设置
[root@m01 test] # ansible-playbook -e name=oldboy50 playbook_设置变量.yaml ????????使用-e指定变量
?
?
PLAY [172.16.1.31] **********************************************************************************************************************************
?
TASK [Gathering Facts] ******************************************************************************************************************************
ok: [172.16.1.31]
?
TASK [01 创建oldboy50用户] *****************************************************************************************************************************
changed: [172.16.1.31]
?
PLAY RECAP ******************************************************************************************************************************************
172.16.1.31 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@nfs01 ~] # id oldboy50????????????????????????查看用户是否创建成功
uid=1001(oldboy50) gid=1001(oldboy50) groups=1001(oldboy50)
[root@nfs01 ~] #
?
7.5.4.7.3 主机清单中设置
- 单个主机设置变量
172.16.1.31 name=oldboy20????????????????只给主机31设置了变量oldboy20
172.16.1.41
?
[root@m01 test] # ansible-playbook playbook_设置变量.yaml
?
PLAY [172.16.1.31] **********************************************************************************************************************************
?
TASK [Gathering Facts]
?
?
[root@nfs01 ~] # id oldboy20????????????????????????????发现31已经创建成功
uid=1002(oldboy20) gid=1005(oldboy20) groups=1005(oldboy20)
You have new mail in /var/spool/mail/root
?
[root@backup ~] # id oldboy20????????????????????????????发现41 没有创建成功
id: oldboy20: no such user
You have new mail in /var/spool/mail/root
[root@backup ~] #
- 多个主机设置变量
[backup]????????????????????将31和41创建用户oldboy30
172.16.1.41
172.16.1.31
?
[backup:vars]
name=oldboy30
?
[root@m01 test] # ansible-playbook playbook_设置变量.yaml ????????????
?
PLAY [172.16.1.31] **********************************************************************************************************************************
?
TASK [Gathering Facts]
?
?
[root@nfs01 ~] # id oldboy30????????????????????????????发现31已经创建成功
uid=1002(oldboy30) gid=1005(oldboy30) groups=1005(oldboy30)
You have new mail in /var/spool/mail/root
?
[root@backup ~] # id oldboy30????????????????????????????发现41创建成功
uid=1002(oldboy30) gid=1005(oldboy30) groups=1005(oldboy30)
You have new mail in /var/spool/mail/root
[root@backup ~] #
7.5.4.7.4 变量设置的优先级最终结论
将3个变量oldboy10、oldboy60 和oldboy80分别设置变量为命令的,主机清单的和剧本中
通过执行发现首先创建oldboy10,其次oldboy80,最后oldboy60
结论:
- 变量中设置在命令行中第一个执行
- 变量中设置在剧本中的第二个执行
- 变量在主机清单中的是最后一个执行
7.5.4.8 剧本执行优化(gather_facts)
7.5.4.8.1 使用gather_facts=no来解决
- hosts: 172.16.1.41
gather_facts: no????????????添加一行,来提高剧本的执行速度(切记:这个是不需要收集服务器信息了,但是如果你是需要判断的,是不能添加的)
tasks:
7.5.4.8.2 影响剧本执行速度的快慢的原因
- ssh远程连接没有优化,内有将DNS反向解析关闭
- yum下载软件使用的是外网,也会导致,建议自己搭建仓库
- 剧本执行的时候会收集服务器的信息也会导致运行比较慢
7.5.5 剧本的整合功能
7.5.5.1 include:xxx.yml
????- include:auto_rsync.yaml
????- include:auto_nfs.yaml
7.5.5.2 - import_playbook:
????- import_playbook: auto_rsync.yaml
????- import_playbook: auto_nfs.yaml
7.6 剧本的角色功能
7.6.1 角色的作用
- 可以使剧本编写更加的规范
- 可以使剧本的编写更加的简单
- 可以在汇总剧本中看到主机的信息
7.6.2 怎么配置角色功能
7.6.2.1 创建主机清单
[root@m01 roles] # vim /etc/ansible/roles/hosts
[rsync_server]
172.16.1.41
?
[rsync_client]
172.16.1.31
172.16.1.7
?
[nfs_server]
172.16.1.31
?
[nfs_client]
172.16.1.41
172.16.1.7
7.6.2.2 创建角色功能的目录
7.6.2.2.1 创建第一级目录,这个可以自己定义
[root@m01 roles] # mkdir /etc/ansible/roles/rsync
[root@m01 roles] # mkdir /etc/ansible/roles/nfs
[root@m01 roles] # mkdir /etc/ansible/roles/inotify
[root@m01 roles] # mkdir /etc/ansible/roles/nginx
[root@m01 roles] #
7.6.2.2.2 创建第二级目录,这个不能自定义
[root@m01 roles] # ansible-galaxy init --force rsync????????????????????使用这个命令来创建子目录
- rsync was created successfully
You have new mail in /var/spool/mail/root
[root@m01 roles] # ls
hosts inotify nfs nginx rsync
[root@m01 roles] # cd rsync/????????????创建的子目录
[root@m01 rsync] # ll
total 4
drwxr-xr-x 2 root root 22 Nov 2 17:41 defaults????????????????保存定义变量的文件(不经常变化的)
drwxr-xr-x 2 root root 6 Nov 2 17:41 files????????????????保存要分发的文件
drwxr-xr-x 2 root root 22 Nov 2 17:41 handlers????????????????保存目录中要触发的事件
drwxr-xr-x 2 root root 22 Nov 2 17:41 meta
-rw-r--r-- 1 root root 1328 Nov 2 17:41 README.md
drwxr-xr-x 2 root root 22 Nov 2 17:41 tasks????????????????定义任务中的剧本信息
drwxr-xr-x 2 root root 6 Nov 2 17:41 templates????????????目录中保存模板的文件
drwxr-xr-x 2 root root 39 Nov 2 17:41 tests
drwxr-xr-x 2 root root 22 Nov 2 17:41 vars????????????????保存定义变量的文件(经常变化的)
[root@m01 rsync] #
7.6.2.3 配置角色目录中的剧本信息
7.6.2.3.1 编写tasks/main.yaml文件
- 完整的保存下来
[root@m01 tasks] # vim main.yml
- name: 01 安装rsync服务
yum: name={{ install_software }} state=installed
- name: 02 将文件传送过去
copy: src=/etc/ansible/ansible_playbook/test/rsyncd.conf dest=/etc
notify:
- restart_server
- display news info
- check info
- name: 03 重启
service: name=rsyncd state=started
- name: display news info
shell: netstat -anptu | grep rsync
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
- 将每个模块进行文件的分割
[root@m01 tasks] # cat install.yaml ????????????????????????安装服务的模块文件
- name: 01 安装rsync服务
yum: name={{ install_software }} state=installed
?
[root@m01 tasks] # cat transfer.yaml ????????????????????????传输文件的模块文件
- name: 02 将文件传送过去
copy: src=rsyncd.conf dest=/etc
notify:
- restart_server
- display news info
- check info
?
[root@m01 tasks] # cat restart_server.yaml ????????????????重启服务的文件
- name: 03 重启
service: name=rsyncd state=started
- name: display news info
shell: netstat -anptu | grep rsync
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
?
[root@m01 tasks] # cat main.yml????????????????????????整合几个模块
- include_tasks: install.yaml
- include_tasks: transfer.yaml
- include_tasks: restart_server.yaml
[root@m01 tasks] #
7.6.2.3.2 将需要分发的文件或者目录放入file目录中
[root@m01 rsync] # cp -rf ../../../ansible/ansible_playbook/test/rsyncd.conf ./files/
You have new mail in /var/spool/mail/root
[root@m01 rsync] # cd files/
[root@m01 files] # ll
total 4
-rw-r--r-- 1 root root 577 Nov 2 17:55 rsyncd.conf
[root@m01 files] #
7.6.2.3.3 编写vars/main.yaml文件
[root@m01 vars] # vim main.yml
install_software: rsync
7.6.2.3.4 编写handlers/main.yaml文件
- name: restart_server
service: name=rsyncd state=restarted
- name: display news info
shell: netstat -anptu | grep rsync
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
7.6.2.4 调取角色信息
- hosts: 172.16.1.41
roles:
- rsync
~
7.6.2.5 执行角色汇总剧本
[root@m01 roles] # ansible-playbook site.yaml
7.6.2.6 templates模板功能的使用(扩展)
7.6.2.6.1 将需要改变的文件移动到templates目录下
mv ../files/rsyncd.conf ../templates/
7.6.2.6.2 将rsyncd.conf文件需要变化的端口信息设置成变量
[root@m01 roles] # cat rsync/templates/rsyncd.conf
uid = rsync
gid = rsync
port = {{ port }}????????????????????设置变量为port
fake super = yes
use chroot = no????????????
max connections = 200
7.6.2.6.3 将端口配置到vars目录下的main.yaml里面
[root@m01 roles] # cat rsync/vars/main.yml
install_software: rsync
port: 879????????????????????定义端口号为879
[root@m01 roles] #
7.6.2.6.4 修改传输模块
- template????????????????????可以解析你传输的文件里面的变量信息
- copy????????????????????????所见即所得
- name: 02 将文件传送过去
template: src=rsyncd.conf dest=/etc????????????????????可以解析你传输的文件里面的变量信息
notify:
- restart_server
- display news info
- check info
以上是关于ansible批量管理常见的配置方法的主要内容,如果未能解决你的问题,请参考以下文章