ansible批量管理常见的配置方法

第7章 ansible的管理????103

7.1 ansible概念的介绍????103

7.1.1 ansible的概念????104

7.1.2 ansible使用的一些意义????104

7.1.3 ansible拥有哪些服务????104

7.1.4 ansible服务的一些特点????104

7.2 ansible部署过程????104

7.2.1 服务的安装????104

7.2.2 服务版本的检查????105

7.3 ansible的主机清单讲解????105

7.3.1 根据主机IP地址来进行设置主机清单????105

7.3.2 根据分组来进行设置主机清单????106

7.3.3 根据内置环境变量设置主机清单????107

7.3.4 根据组变量来设置主机清单????109

7.3.5 根据组与子组来设置主机清单????110

7.3.6 根据序列来设置主机清单????111

7.4 ansible的模块讲解(相当于linux命令行的命令)????112

7.4.1 命令模块的讲解????112

7.4.2 文件模块的讲解????115

7.4.3 系统模块的讲解????123

7.5 ansible的剧本讲解(相当于linux编写的脚本)????134

7.5.1 剧本的概念????134

7.5.2 剧本编写的注意点(yaml语法)????135

7.5.3 剧本编写常见的格式????135

7.5.4 剧本编写扩展功能????138

7.5.5 剧本的整合功能????147

7.6 剧本的角色功能????148

7.6.1 角色的作用????148

7.6.2 怎么配置角色功能????148

第7章 ansible的管理

7.1 ansible概念的介绍

  • ansible-playbook –syntax????????????检查语法
  • ansible-playbook -C????????????????模拟执行剧本
  • ansible-doc -l????????????????????????列出ansible的一些模块名字
  • ansible-doc -s 模块名????????????????详细查看指定的模块参数
  • ansible-doc 模块名????????????????详细查看指定的模块用法

======================================================================

  • 黄色????????????????????????????对系统数据信息有改变
  • 绿色????????????????????????????对系统进行查看操作时
  • 红色????????????????????????????操作过程有严重错误
  • 紫色????????????????????????????建议或者忠告
  • 蓝色????????????????????????????操作执行过程信息

7.1.1 ansible的概念

  1. ansible是基于python开发的,一个批量管理服务器的软件

7.1.2 ansible使用的一些意义

  1. 可以批量管理服务器
  2. 可以节约公司维护成本
  3. 可以减少做一些重复性的工作
  4. 提高工作效率,提高工作的精确度

7.1.3 ansible拥有哪些服务

  1. ansible可以批量分发数据信息
  2. ansible可以批量部署服务
  3. ansible可以批量的进行公司资产的统计
  4. ansible可以进行自动管理(代码上线,服务重启)

7.1.4 ansible服务的一些特点

  1. ansible服务不需要启动
  2. ansible软件安装简单
  3. ansible软件功能强大(管理模块众多,剧本编写实现自动化)
  4. 客户端不需要配置

7.2 ansible部署过程

7.2.1 服务的安装

[[email protected] ~] # yum -y install ansible

7.2.2 服务版本的检查

[[email protected] ~] # ansible --version

ansible 2.8.5

config file = /etc/ansible/ansible.cfg

configured module search path = [u‘/root/.ansible/plugins/modules‘, u‘/usr/share/ansible/plugins/modules‘]

ansible python module location = /usr/lib/python2.7/site-packages/ansible

executable location = /usr/bin/ansible

python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

[[email protected] ~] #

?

7.3 ansible的主机清单讲解

7.3.1 根据主机IP地址来进行设置主机清单

7.3.1.1 编辑配置文件,将主机IP地址放入配置文件最后一行

[[email protected] ~] # vim /etc/ansible/hosts

## db-[99:101]-node.example.com

172.16.1.41

172.16.1.7

7.3.1.2 使用ansible命令来测试这几个服务器是否正常

[[email protected] ~] # ansible all -m ping????????????????查看IP地址是否正常

172.16.1.41 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"????????????????????????????出现ping:pong就是正常的情况

}

172.16.1.7 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

[[email protected] ~] #

7.3.2 根据分组来进行设置主机清单

7.3.2.1 只查看网站web服务器的情况

[[email protected] ~] # vim /etc/ansible/hosts

?

172.16.1.41

?

[web_server]????????????????将网站服务器分组,组名为[web_server]

172.16.1.7

"/etc/ansible/hosts" 50L, 1067C written

You have new mail in /var/spool/mail/root

[[email protected] ~] # ansible web_server -m ping????????????????查找指定的组来进行测试

172.16.1.7 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

[[email protected] ~] #

7.3.3 根据内置环境变量设置主机清单

7.3.3.1 秘钥不正常,需要使用密码的情况

7.3.3.1.1 破坏分发的公钥

[[email protected] ~] # vim ~/.ssh/authorized_keys

-dss AAAAB3NzaC1kc3MAAACBAP2/LmC3aM8WowMU81f1PYTFR5l08hATO3LR13RSa6XBw8laM5ih2tqe66FwUOwgpKfEczvOcqtbohCg87ZF3B/1sT25lKrsePysmn7Jr93htinjAMrP36pS5+MG

7.3.3.1.2 查看ssh连接看是否秘钥还否正常

[[email protected] ~] # ssh 172.16.1.7????????????????秘钥已经不正常

[email protected]‘s password:

7.3.3.1.3 使用ansible来测试

[[email protected] ~] # ansible 172.16.1.7 -m ping

172.16.1.7 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).", ????????连接失败

"unreachable": true

}

[[email protected]1 ~] #

?

172.16.1.7 ansible_user=root ansible_password=123456 ansible_port=22????????设置内置变量来定义用户,密码,端口

"/etc/ansible/hosts" 50L, 1125C written

[[email protected] ~] # ansible 172.16.1.7 -m ping

172.16.1.7 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"????????????????连接成功

}

[[email protected] ~] #

?

  • ansible_user????????????????????????????????????指定被管理主机连接的用户信息
  • ansible_password????????????????????????????????指定被管理主机连接的密码信息
  • ansible_port????????????????????????????????????指定被管理主机连接的端口信息
  • ansible_host????????????????????????????????????指定被管理主机IP对应的的用户名????????????????????????????????????????????信息

7.3.3.2 使用用户名来设置主机清单

web01
ansible_host=172.16.1.7 ansible_user=root ansible_password=123456 ansible_port=22

"/etc/ansible/hosts"^[[A 50L, 1144C written ????????????????使用ansible_host来进行设置IP对应的主机名

[[email protected] ~] # ansible web01 -m ping

web01 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

[[email protected] ~] #

7.3.3.3 用户提权来设置主机清单

?

web01 ansible_host=172.16.1.7 ansible_user=oldboy10 ansible_password=123456 ansible_port=22

~

"/etc/ansible/hosts" 51L, 1343C written

[[email protected] ~] # ansible web01 -m command -a "cat /etc/shadow"

web01 | FAILED | rc=1 >>

cat: /etc/shadow: Permission deniednon-zero return code????????????????权限拒绝,因为是普通用户,没有权限打开

?

[[email protected] ~] #

?

?

[[email protected] ~] # vim /etc/ansible/hosts

?

[web_server]

web01 ansible_host=172.16.1.7 ansible_user=oldboy10 ansible_password=123456 ansible_port=22 ansible_become=yes ansible_become_method=su ansible_becom

e_user=root ansible_become_password=123456????????????????是否开启提权操作
使用什么方法来进行提权
使用什么用户进行提权
密码是多少

?

?

[[email protected] ~] # ansible web01 -m command -a "cat /etc/passwd"????????????查看主机名为web01的/etc/passwd,用户为普通用户

web01 | CHANGED | rc=0 >>

root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

sync:x:5:0:sync:/sbin:/bin/sync

?

  • ansible_become????????????????????????????是否进行提权(yes/no)(true/false)
  • ansible_become_method????????????????????????提权选择的方法(su/sudo)
  • ansible_become_user????????????????????????使用什么用户进行提权
  • ansible_become_password????????????????????指定提权用户密码

7.3.4 根据组变量来设置主机清单

[web_server]

web01 ansible_host=172.16.1.7 ansible_user=oldboy10 ansible_password=123456 ansible_port=22

?

[web_server:vars]????????????????设置他的组变量参数为vars

ansible_become=yes

ansible_become_method=su

ansible_become_user=root

ansible_become_password=123456

?

[[email protected] ~] # ansible web01 -m command -a "cat /etc/shadow"

web01 | CHANGED | rc=0 >>

root:$6$pn3juE2N$C9kmnucSJh08QQ.84BOTUNPqy3MSLez2YFG70N4NHD9gU40ibY8mdT6P05xUiaim2xcuRkjgB1rBohhZ8Y.To.:18178:0:99999:7:::

bin:*:17834:0:99999:7:::

daemon:*:17834:0:99999:7:::

adm:*:17834:0:99999:7:::

lp:*:17834:0:99999:7:::

sync:*:17834:0:99999:7:::

7.3.5 根据组与子组来设置主机清单

?

[web_backup:children]????????????????????将多个模块合在一起进行查看(children:可以说成是web_backup主模块的子模块配置)

backup_server

web_server

?

[backup_server]????

172.16.1.41

?

[web_server]

172.16.1.7 ansible_user=root ansible_password=123456 ansible_port=22

?

?

[[email protected] ~] # ansible web_backup -m ping

172.16.1.41 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

172.16.1.7 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

[[email protected] ~] #

7.3.6 根据序列来设置主机清单

[seq_server]????????????????????连续的情况下使用这个方法

172.16.1.[41:45]

"/etc/ansible/hosts" 59L, 1222C written

?

[[email protected] ~] # ansible seq_server -m ping

172.16.1.41 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

172.16.1.42 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: ssh: connect to host 172.16.1.42 port 22: No route to host",

"unreachable": true

}

172.16.1.44 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: ssh: connect to host 172.16.1.44 port 22: No route to host",

"unreachable": true

}

[[email protected] ~] #

7.4 ansible的模块讲解(相当于linux命令行的命令)

7.4.1 命令模块的讲解

7.4.1.1 command命令模块讲解(默认模块)

7.4.1.1.1 作用

批量管理多个数据执行命令,默认不支持特殊符号的使用

7.4.1.1.2 语法

ansible 主机名 -m command -a "hostname"

7.4.1.1.3 使用command来查看各个服务器的主机名

[[email protected] ~] # ansible web_server -m command -a "hostname"????????????查看主机名

172.16.1.7 | CHANGED | rc=0 >>

web01

?

[[email protected] ~] #

7.4.1.1.4 使用command来切换目录

[[email protected] ~] # ansible web_server -m command -a "chdir=/tmp pwd"????????????切换目录

172.16.1.7 | CHANGED | rc=0 >>

/tmp

?

You have new mail in /var/spool/mail/root

[[email protected] ~] #

7.4.1.1.5 使用command来创建文件
  • creates:判断文件数据是否存在,如果存在,则跳过下次的创建,所以不创建33.txt

[[email protected] ~] # ansible web_server -m command -a "creates=/tmp/aa.txt touch33.txt"????????????

172.16.1.7 | SUCCESS | rc=0 >>

skipped, since /tmp/aa.txt exists????????????????跳过,现在aa.txt已经存在,跳过创建33.txt

?

[[email protected] ~] #

?

[[email protected] tmp] # ll

total 0

-rw-r--r-- 1 root root 0 Oct 30 16:33 aa.txt

[[email protected] tmp] #

  • removes:如果文件存在,才会进行创建,现在oldboy.txt文件不存在,所以不会创建

[[email protected] ~] # ansible 172.16.1.41 -m command -a "removes=/tmp/oldboy.txt touch /tmp/aa.txt"

172.16.1.41 | SUCCESS | rc=0 >>

skipped, since /tmp/oldboy.txt does not exist

?

[[email protected] ~] #

?

[[email protected] ~] # ll /tmp????????????????????????????文件不存在

total 4

-rw-r--r-- 1 root root 0 Oct 30 11:19 aa.txt

-rw-r--r-- 1 oldboy01 oldboy01 390 Oct 17 19:10 hosts

7.4.1.2 shell命令模块的讲解(万能模块)

7.4.1.2.1 作用

批量管理多个数据执行命令,默认支持特殊符号,但是这个命令执行一次就废了,简称幂等法

7.4.1.2.2 语法

ansible 主机名 -m shell-a "echo oldboy66 > /tmp/aa.txt"

?

7.4.1.2.3 将备份服务器/tmp/aa.txt里面加入数据信息oldboy66

[[email protected] ~] # ansible 172.16.1.41 -m shell -a "echo oldboy66 > /tmp/aa.txt"

172.16.1.41 | CHANGED | rc=0 >>

?

?

[[email protected] ~] #

?

[[email protected] ~] # cat /tmp/aa.txt

oldboy66????????????????????????????????????数据已经重定向成功

[[email protected] ~] #

7.4.1.3 script命令模块的讲解(脚本模块)

7.4.1.3.1 作用

可以远程执行脚本文件

7.4.1.3.2 语法

ansible IP地址 -m script -a "/server/scripts/1.sh"

7.4.1.3.3 将/server/scripts/1.sh分发到备份服务器上创建出脚本中执行的内容

[[email protected] scripts] # ansible 172.16.1.41 -m script -a "/server/scripts/1.sh"

172.16.1.41 | CHANGED => {

"changed": true,

"rc": 0,

"stderr": "Shared connection to 172.16.1.41 closed.\r\n",

"stderr_lines": [

"Shared connection to 172.16.1.41 closed."

],

"stdout": "",

"stdout_lines": []

}

7.4.2 文件模块的讲解

7.4.2.1 copy模块的讲解

7.4.2.1.1 作用
  • 将管理主机上的数据分发到其他被管理主机上
  • 可以将被管理主机上的数据进行复制的操作

?

7.4.2.1.2 语法
  • ansible 172.16.1.41 -m copy -a "src=路径 dest=路径 mode=权限 owner=属主 group=属组"
  • ansible 172.16.1.41 -m copy -a "src=路径 dest=路径 remote_src=yes/no mode=权限 owner=属主 group=属组"
  • ansible 172.16.1.41 -m copy -a "content=内容 dest=路径 mode=权限 owner=属主 group=属组"
  • ansible 172.16.1.41 -m copy -a "content=内容 dest=路径 mode=权限 owner=属主 group=属组 backup=yes/no"
7.4.2.1.3 参数讲解
  • src????????????????????????要复制到远程服务器的文件路径
  • dest????????????????????????指定保存到远程服务器哪个路径下面
  • remote_src????????????????true:表示src文件在远程服务器上,false表示src文件在本????????????????????????????地上
  • backup????????????????????传输文件之前,对可能要备份覆盖的文件做备份操作
  • mode????????????????????传输文件之后对文件权限进行修改操作
  • owner????????????????????传输文件之后对文件的属主进行修改操作
  • group????????????????????传输文件之后对文件的属组进行修改操作
  • content????????????????????在被管理的主机创建文件并且添加新的额内容
7.4.2.1.4 将批量管理服务器的hosts文件备份到备份服务器的backup目录下面

[[email protected] scripts] # ansible 172.16.1.41 -m copy -a "src=/etc/hosts dest=/backup/ mode=666 owner=oldboy10 group=oldboy10"

172.16.1.41 | CHANGED => {

"gid": 1004,

?

}

[[email protected] scripts] #

?

?

[[email protected] scripts] # cd /backup/

[[email protected] backup] # ll

total 4

-rw-rw-rw- 1 oldboy10 oldboy10 390 Oct 30 19:32 hosts????????????属主.属组修改为了oldboy10,权限为666

[[email protected] backup] #

7.4.2.1.5 将备份服务器文件/etc/hosts文件移动到/tmp目录下面

[[email protected] scripts] # ansible 172.16.1.41 -m copy -a "src=/etc/hosts dest=/backup/ mode=777 remote_src=yes"

172.16.1.41 | CHANGED => {????????????remote_src代表的是远程源是否开启

"ansible_facts": {

"changed": true

?

?

[[email protected] backup] # ll

total 4

-rwxrwxrwx 1 root root 390 Oct 17 19:10 hosts

[[email protected] backup] #

7.4.2.1.6 将oldboy66放入到远程备份服务器的/tmp/hosts文件中

[[email protected] backup] # ansible 172.16.1.41 -m copy -a "content=oldboy66 dest=/backup/hosts mode=777 "

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

?

?

[[email protected] backup] # cat hosts

oldboy66????????????????????????????内容输出正确

7.4.2.1.7 将/etc/hosts传输到备份服务器backup目录下

[[email protected] backup] # ansible 172.16.1.41 -m copy -a "src=/etc/hosts dest=/backup/hosts mode=111 backup=yes "

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"backu

?

?

[[email protected] backup] # ll

total 8

---x--x--x 1 root root 390 Oct 30 19:49 hosts????????????????????传输成功

-rwxrwxrwx 1 root root 9 Oct 30 19:45 [email protected]:49:30~

You have new mail in /var/spool/mail/root

[[email protected] backup] #

7.4.2.2 file模块的讲解

7.4.2.2.1 作用

对已有数据信息进行数据属性的修改

在多台主机上面可以进行创建或者删除的操作

7.4.2.2.2 语法

ansible 172.16.1.41 -m file -a "path=指定数据的路径信息 mode=要修改成的权限 owner=要修改成的属主 group=要修改成的属组"

ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要创建的文件 state=touch"

ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要创建的目录 state=directory"

ansible 172.16.1.41 -m file -a "src=远程的文件????path=指定数据的路径信息/要创建硬链接 state=hard"

ansible 172.16.1.41 -m file -a " src=远程的文件????path=指定数据的路径信息/要创建软链接 state=link"

ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要删除的文件 state=absent"

ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要删除的目录 state=absent"

7.4.2.2.3 参数讲解

path????????????????指定要远程创建的文件的具体路径信息

src????????????????指定源文件是哪个

state????????????????指定对查找到的路径下面的文件进行什么操作(touch,directory.,hard,link)

mode????????????指定文件的权限信息

owner????????????指定文件的属主信息

group????????????指定文件的属组信息

7.4.2.2.4 将远程172.16.1.41服务器的/backup/hosts文件权限修改为644,并且属主.属组为oldboy10

[[email protected] backup] # ansible 172.16.1.41 -m file -a "path=/backup/hosts mode=644 owner=oldboy10 group=oldboy10"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

?

[[email protected] backup] # ll

total 8

-rw-r--r-- 1 oldboy10 oldboy10 390 Oct 30 19:49 hosts????????????????修改成功

7.4.2.2.5 在远程主机172.16.1.4的/backup/目录下面创建文件为oldboy10.txt

[[email protected] backup] # ansible 172.16.1.41 -m file -a "path=/backup/oldboy10.txt state=touch"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

?

[[email protected] backup] # ll

total 8

-rw-r--r-- 1 oldboy10 oldboy10 390 Oct 30 19:49 hosts

-rw-r--r-- 1 root root 0 Oct 30 20:28 oldboy10.txt????????????????????创建成功

7.4.2.2.6 在远程主机172.16.1.4的/backup/目录下面创建目录为oldboy

[[email protected] backup] # ansible 172.16.1.41 -m file -a "path=/backup/oldboy state=directory"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

?

?

[[email protected] backup] # ll

total 8

-rw-r--r-- 1 oldboy10 oldboy10 390 Oct 30 19:49 hosts

drwxr-xr-x 2 root root 6 Oct 30 20:31 oldboy????????????创建目录成功

7.4.2.2.7 在远程主机172.16.1.4的/backup/目录下面创建硬链接文件为hard_oldboy.txt

[[email protected] backup] # ansible 172.16.1.41 -m file -a "src=/backup/oldboy10.txt path=/backup/hard_oldboy.txt
state=hard"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

?

69620303 -rw-r--r-- 3 root root 0 Oct 30 20:28 hard_oldboy.txt????????????创建硬链接成功

69620303 -rw-r--r-- 3 root root 0 Oct 30 20:28 oldboy10.txt

7.4.2.2.8 在远程主机172.16.1.4的/backup/目录下面创建软链接文件为link_oldboy.txt

[[email protected] backup] # ansible 172.16.1.41 -m file -a "src=/backup/oldboy10.txt path=/backup/link_oldboy01.txt state=link "

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

?

[[email protected] backup] # ll

total 12

lrwxrwxrwx 1 root root 20 Oct 30 20:50 link_oldboy01.txt -> /backup/oldboy10.txt????????创建成功

-rw-r--r-- 4 root root 0 Oct 30 20:28 oldboy10.txt

7.4.2.2.9 在远程主机上将oldboy10.txt删除

[[email protected] backup] # ansible 172.16.1.41 -m file -a " path=/backup/oldboy10.txt state=absent"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

?

?

[[email protected] backup] # ll????????????????????发现没有oldboy10.txt文件了

total 12

-rw-r--r-- 2 oldboy10 oldboy10 390 Oct 30 19:49 aa

-rw-r--r-- 3 root root 0 Oct 30 20:28 hard_oldboy.txt

[[email protected] backup] #

7.4.2.2.10 在远程主机上将oldboy目录删除

[[email protected] backup] # ansible 172.16.1.41 -m file -a " path=/backup/oldboy state=absent"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

}

You have new mail in /var/spool/mail/root

[[email protected] backup] #

?

[[email protected] backup] # ll????????????????????发现没有oldboy10目录

total 12

-rw-r--r-- 2 oldboy10 oldboy10 390 Oct 30 19:49 aa

-rw-r--r-- 3 root root 0 Oct 30 20:28 hard_oldboy.txt

[[email protected] backup] #

?

?

7.4.2.3 fetch模块的讲解

7.4.2.3.1 作用

将被管理端主机数据进行拉取保存到管理主机上

7.4.2.3.2 语法

ansible 172.16.1.41 -m fetch -a " src=被管理机的目录下面的数据信息 dest=管理机指定的目录下面 "

7.4.2.3.3 将/etc/hosts文件拿到批量管理服务器上的/backup目录里面

[[email protected] backup] # ansible 172.16.1.41 -m fetch -a " src=/etc/hosts dest=/backup/"

172.16.1.41 | CHANGED => {

"changed": true,

"remote_md5sum": null

}

[[email protected] backup] # ll /backup

total 16

drwxr-xr-x 3 root root 17 Oct 30 20:58 172.16.1.41

[[email protected] backup] # cd 172.16.1.41????????

[[email protected] 172.16.1.41] # ll

total 0

drwxr-xr-x 2 root root 19 Oct 30 20:58 etc????????成功

[[email protected] 172.16.1.41] #

7.4.3 系统模块的讲解

7.4.3.1 yum模块的讲解

7.4.3.1.1 作用

可以用于批量安装软件

7.4.3.1.2 语法

ansible 主机IP -m yum -a "name=htop state=intsalled"

ansible 主机IP -m yum -a "name=htop state=removed"

?

7.4.3.1.3 参数讲解

name????????指定远程主机要安装的软件信息

state????????????是否安装软件(installed)或者卸载软件(removed)

7.4.3.1.4 批量安装htop软件

[[email protected] ansible_playbook] # ansible 172.16.1.41 -m yum -a "name=htop state=installed"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

"changes": {

"installed": [

"htop"

?

?

[[email protected] ~] # rpm -qa htop

htop-2.2.0-3.el7.x86_64????????????????安装成功

[[email protected] ~] #

7.4.3.1.5 批量卸载htop软件

[[email protected] ansible_playbook] # ansible 172.16.1.41 -m yum -a "name=htop state=removed"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

"changes": {

"removed": [

"htop"

?

[[email protected] ~] # rpm -qa htop????????????????卸载成功

7.4.3.2 service模块的讲解

7.4.3.2.1 作用

可以批量启动/停止/重启/重载服务程序

7.4.3.2.2 语法

ansible 主机IP -m service -a "name=启动的服务名称 state=启动/停止/重启/重载"

ansible 主机IP -m service -a "name=启动的服务名称 enabled=yes/no"

?

7.4.3.2.3 参数讲解

name????????指定远程主机需要批量启动/停止/重启/重载的服务程序

state????????????指定你要将服务的状态怎么样

enabled????????指定是否要开启开机自启服务

7.4.3.2.4 启动/停止/重启rsync服务

ansible 172.16.1.41 -m service -a "name=rsyncd state=started"????????????启动

[[email protected] ~] # systemctl status rsyncd

● rsyncd.service - fast remote file copy program daemon

Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)

Active: active (running) since Thu 2019-10-31 15:52:23 CST; 8s ago

Main PID: 3404 (rsync)

?

ansible 172.16.1.41 -m service -a "name=rsyncd state=stopped"????????????停止

[[email protected] ~] # systemctl status rsyncd

● rsyncd.service - fast remote file copy program daemon

Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)

Active: inactive (dead) since Thu 2019-10-31 15:52:44 CST; 4s ago

?

ansible 172.16.1.41 -m service -a "name=rsyncd state=restarted"????????????重启

[[email protected] ~] # systemctl status rsyncd

● rsyncd.service - fast remote file copy program daemon

Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)

Active: active (running) since Thu 2019-10-31 15:53:00 CST; 3s ago

7.4.3.2.5 开机自启rsync服务

[[email protected] ~] # systemctl status rsyncd

● rsyncd.service - fast remote file copy program daemon

Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; disabled; vendor preset: disabled)????发现没有开启

Active: active (running) since Thu 2019-10-31 15:53:00 CST; 7min ago

?

[[email protected] ansible_playbook] # ansible 172.16.1.41 -m service -a "name=rsyncd enabled=yes"

?

[[email protected] ~] # systemctl status rsyncd

● rsyncd.service - fast remote file copy program daemon

Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)????开启成功

Active: active (running) since Thu 2019-10-31 15:53:00 CST; 8min ago

?

7.4.3.3 cron模块的讲解

7.4.3.3.1 作用

批量设置定时任务

7.4.3.3.2 语法

ansible 主机IP -m cron -a "name=注释信息 minute=*/5 job=执行的任务"

ansible 主机IP -m cron -a " minute=*/5 job=执行的任务"

ansible 主机IP -m cron -a "name=注释信息 minute=*/5 job=执行的任务 state=absent/disable"

?

?

7.4.3.3.3 参数讲解

minute????????每分钟(0-59)

hour????????????每小时(0-23)

day????????????每天(1-31)

month????????每月(1-12)

weekday????????每周(0-6)

name????????注释的信息

job????????????指定的任务参数

state????????????定义此定时任务的状态信息

7.4.3.3.4 在备份服务器上定义每5分钟更新下时间

[[email protected] ansible_playbook] # ansible 172.16.1.41 -m cron -a "name=定时任务更新时间
minute=*/5 job=‘/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null‘"

[DEPRECATION WARNING]: The ‘name‘ parameter will be required in future releases.. This

]

}

[[email protected] ansible_playbook] #

?

?

[[email protected] ~] # crontab -l

#Ansible:定时任务更新时间

*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null????????????添加成功

[[email protected] ~] #

7.4.3.3.5 在备份服务器上将添加的定时任务注释掉

[[email protected] ansible_playbook] # ansible 172.16.1.41 -m cron -a "name=定时任务更新 minute=*/5 job=‘/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null‘ disabled=yes"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

?

?

[[email protected] ~] # crontab -l

#Ansible: 定时任务更新

#*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null????????????注释成功

[[email protected] ~] #

7.4.3.3.6 在备份服务器上将定时任务更新任务删除

[[email protected] ansible_playbook] # ansible 172.16.1.41 -m cron -a "name=定时任务更新 minute=*/5 job=‘/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null‘ state=absent"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

?

?

[[email protected] ~] # crontab -l????????????????发现定时任务已经删除

#时间同步

*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com

?

#nfs打包发送给备份服务

0 20 * * * /bin/sh /server/scripts/backup_server.sh

?

[[email protected] ~] #

7.4.3.4 mount模块的讲解

7.4.3.4.1 作用

可以批量的挂载和卸载操作

7.4.3.4.2 语法

ansible 主机IP -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=挂载;卸载 "

7.4.3.4.3 参数讲解

src????????????????指定要挂载的设备文件/网络文件

path????????????????指定要挂载在哪个目录上

fstype????????????指定挂载设备的文件类型

state????????????????指定目前你需要的挂载操作

mounted????????????挂载(临时挂载和永久挂载)

unmounted????????卸载(临时卸载)

present????????????挂载(永久挂载)

absent????????????卸载(临时卸载和永久卸载)

7.4.3.4.4 将服务端的data01挂载到客户端/mnt目录上(mounted状态的时候)

[[email protected] ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=mounted"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

?

?

[[email protected] ~] # df -h????????????????????????????临时挂载成功

Filesystem Size Used Avail Use% Mounted on

/dev/sda3 99G 5.3G 93G 6% /

172.16.1.31:/data01 99G 5.3G 93G 6% /mnt

[[email protected] ~] # tail /etc/fstab

#

#UUID=27104df9-3f54-4b94-acb7-0890b452e99f / xfs defaults 0 0

172.16.1.31:/data01 /mnt nfs defaults 0 0????????????????永久挂载成功

[[email protected] ~] #

7.4.3.4.5 将服务端的data01挂载到客户端/mnt目录上(persent状态的时候)

[[email protected] ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=present"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

?

?

[[email protected] ~] # df -h

Filesystem Size Used Avail Use% Mounted on

/dev/sda3 99G 5.3G 93G 6% /

devtmpfs 471M 0 471M 0% /dev

tmpfs 487M 0 487M 0% /dev/shm

tmpfs 487M 8.4M 478M 2% /run

tmpfs 487M 0 487M 0% /sys/fs/cgroup

/dev/sda1 197M 160M 37M 82% /boot

tmpfs 98M 12K 98M 1% /run/user/42

tmpfs 98M 0 98M 0% /run/user/0

[[email protected] ~] # tail -1 /etc/fstab ????????????????????????发现只有永远挂载,不会临时挂载

172.16.1.31:/data01 /mnt nfs defaults 0 0

[[email protected] ~] #

7.4.3.4.5 将客户端的挂载点/mnt卸载(unmounted)

[[email protected] ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=unmounted"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

?

?

[[email protected] ~] # df -h

Filesystem Size Used Avail Use% Mounted on

/dev/sda3 99G 5.4G 93G 6% /

devtmpfs 471M 0 471M 0% /dev

tmpfs 487M 0 487M 0% /dev/shm

tmpfs 487M 8.4M 478M 2% /run

tmpfs 487M 0 487M 0% /sys/fs/cgroup

/dev/sda1 197M 160M 37M 82% /boot

tmpfs 98M 12K 98M 1% /run/user/42

tmpfs 98M 0 98M 0% /run/user/0????????????发现只能临时卸载,不能永久卸载

[[email protected] ~] # tail -1 /etc/fstab

172.16.1.31:/data01 /mnt nfs defaults 0 0????????????????永久卸载失败

[[email protected] ~] #

7.4.3.4.6 将客户端的挂载点/mnt卸载(absent)

[[email protected] ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=absent"

172.16.1.41 | FAILED! => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"msg": "Error rmdir /mnt: [Errno 39] Directory not empty: ‘/mnt‘"

}

?

?

[[email protected] ~] # df -h????????????????????????????卸载成功

Filesystem Size Used Avail Use% Mounted on

/dev/sda3 99G 5.4G 93G 6% /

devtmpfs 471M 0 471M 0% /dev

tmpfs 487M 0 487M 0% /dev/shm

tmpfs 487M 8.4M 478M 2% /run

tmpfs 487M 0 487M 0% /sys/fs/cgroup

/dev/sda1 197M 160M 37M 82% /boot

tmpfs 98M 12K 98M 1% /run/user/42

tmpfs 98M 0 98M 0% /run/user/0

[[email protected] ~] # tail -1 /etc/fstab ????????????????????卸载成功

#/dev/sdb1 /mnt ext4 user 0 0

[[email protected] ~] #

?

7.4.3.5 user模块的讲解

7.4.3.5.1 作用

可以批量生成用户信息

7.4.3.5.2 语法

ansible 主机IP地址 -m user -a ‘name=创建用户名称 shell=是否进行登录 create_home=yes/no password="密文信息"‘

7.4.3.5.3 参数讲解

name????????????指定远程要创建的用户名称

shell????????????????指定用户登录的方式

create_home????????指定用户是否创建家目录

password????????????指定设置用户的密码,需要使用密文信息来设置密码

uid????????????????指定创建的用户的uid‘值

group????????????指定创建的用户的主组信息

groups????????????指定创建的用户的附属组信息

7.4.3.5.4 创建olddog用户

[[email protected] ansible_playbook] #

[[email protected] ansible_playbook] # ansible 172.16.1.41 -m user -a "name=olddog"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true

?

[[email protected] ~] # id olddog

uid=1015(olddog) gid=1018(olddog) groups=1018(olddog)????????????创建用户成功

You have new mail in /var/spool/mail/root

[[email protected] ~] #

7.4.3.5.5 创建虚拟用户oldgirl用户

[[email protected] ansible_playbook] # ansible 172.16.1.41 -m user -a "name=oldgirl shell=/sbin/nologin create_home=no"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

?

[[email protected] ~] # id oldgirl????????????????????????????????创建虚拟用户成功

uid=1016(oldgirl) gid=100(users) groups=100(users)

You have new mail in /var/spool/mail/root

[[email protected] ~] # ll /home/oldgirl????????????????????家目录找不到

ls: cannot access /home/oldgirl: No such file or directory

[[email protected] ~] # grep oldgirl /etc/passwd

oldgirl:x:1016:100::/home/oldgirl:/sbin/nologin????????????不可以进行用户登录

[[email protected] ~] #

7.4.3.5.6 创建用户并且设置密码

[[email protected] ansible_playbook] # ansible 172.16.1.41 -m user -a "name=oldgirl shell=/bin/bash create_home=no password=123456"

[WARNING]: The input password appears not to have been hashed. The ‘password‘ argument must be encrypted for this module to work properly.

?

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"append": false,

"changed": true,

?

?

[[email protected] ~] # grep oldgirl /etc/shadow

oldgirl:123456:18200:0:99999:7:::????????????密码是明文的,设置用户密码的时候使用密文信息,不正确

[[email protected] ~] #

?

?

  • 创建密文密码信息

    • 方式一:利用ansible命令来设置密文信息

????????[[email protected] ansible_playbook] # ansible 172.16.1.41 -m debug -a "msg={{‘123456‘|password_hash(‘sha512‘,‘oldboy‘) }}"

172.16.1.41 | SUCCESS => {

"msg": "$6$oldboy$MVd3DevkLcimrBLdMICrBY8HF82Wtau5cI8D2w4Zs6P1cCfMTcnnyAmmJc7mQaE9zuHxk8JFTRgYMGv9uKW7j1"

}

  • 方式二:使用python语言来生成密码信息

    • 安装pip软件

????????yum install -y python-pip

  • pip安装passlib软件

????????pip install passlib

????????

[[email protected] ansible_playbook] # python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))"????????使用python语言来设置密文信息

Password: ????????????????设置明文密码

$6$XavoWtpBWnfV2sRL$3H8B1SeY76Dca8b.y6OQlBFVVeSHCwM71MQNwcV7Z1ApGVxIGFX9DNGVZU/k.J0/Vo2Rijrbasaku3nuR7qML1

  • 重新设定oldtea密码信息

[[email protected] ansible_playbook] # ansible 172.16.1.41 -m user -a ‘name=oldgirl shell=/bin/bash create_home=no password="$6$XavoWtpBWnfV2sRL$3H8B1SeY76Dca8b.y6OQlBFVVeSHCwM71MQNwcV7Z1ApGVxIGFX9DNGVZU/k.J0/Vo2Rijrbasaku3nuR7qML1"‘????????????添加密文信息

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

?

[[email protected] ~] # grep oldgirl /etc/shadow????????????????查看发现添加成功

oldgirl:$6$XavoWtpBWnfV2sRL$3H8B1SeY76Dca8b.y6OQlBFVVeSHCwM71MQNwcV7Z1ApGVxIGFX9DNGVZU/k.J0/Vo2Rijrbasaku3nuR7qML1:18200:0:99999:7:::

[[email protected] ~] #

7.5 ansible的剧本讲解(相当于linux编写的脚本)

7.5.1 剧本的概念

将多个模块进行整合灵活的使用,实现一键批量化的安装软件

简化了操作的流程

提高了工作效率

降低的公司维护的成本

实现了服务端额自动部署

7.5.2 剧本编写的注意点(yaml语法)

7.5.2.1 缩进规范:2个空格表示一个缩进

- hosts: 主机清单

tasks:

- name: 01 安装服务

7.5.2.2 冒号后面要有空格(如果是冒号后面会在下面一行输入内容,则不需要)

原文地址:https://www.cnblogs.com/liangyuxing/p/11962918.html

时间: 11-30

ansible批量管理常见的配置方法的相关文章

ansible批量管理远程服务器

使用ansible批量管理远程服务器 背景 本地需要管理远程的一批服务器,主要执行以下任务: 1) 将本地的文件复制到远端所有服务器:  2) 需要在远程服务器中执行一个个命令: 远端服务器路径并非完全一致,一般访问通过环境变量中定义的变量路径访问:  比如在.bashrc中定义$app_path=/opt/app/bin 最终选择ansible,使用这个自动化运维工具可以满足我的需求:  下面介绍下对于我这种场景需要使用的ansible的主要模块:  关于ansible是什么以及安装配置请自行

使用ansible批量管理远程服务器

使用ansible批量管理远程服务器 背景 本地需要管理远程的一批服务器,主要执行以下任务: 1) 将本地的文件复制到远端所有服务器: 2) 需要在远程服务器中执行一个个命令: 远端服务器路径并非完全一致,一般访问通过环境变量中定义的变量路径访问: 比如在.bashrc中定义$app_path=/opt/app/bin 最终选择ansible,使用这个自动化运维工具可以满足我的需求: 下面介绍下对于我这种场景需要使用的ansible的主要模块: 关于ansible是什么以及安装配置请自行百度:

免密码交互方式+ansible批量管理服务介绍

介绍了ssh服务 1) 远程连接加密传输数据协议,实现远程连接登录,默认端口222)ssh远程连接原理依赖于锁头(公钥)和钥匙(私钥),实现远程加密连接3)ssh基于秘钥远程登录原理a 管理服务器创建秘钥対,将公钥传输发送给给管理端b 管理端请求与被管理端建立连接c 被管理向管理端发送公钥质询d 管理端处理质询信息,实现管理与被管理端免密码交互4)基于ssh协议相关命令ssh scp sftp netstat -lntup |egrep sshd 查看ssh端口 1.1 部署ssh+key (免

通过ansible批量管理Linux服务器:配置Inventory和批量执行命令

ansible是一款比较新的自动化运维工具,基于Python开发,集合了众多运维工具(puppet.cfengine.chef.func.fabric)的优点,实现了批量系统配置.批量程序部署.批量运行命令等功能.ansible是基于模块工作的,本身没有批量部署的能力.真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架.主要包括:(1).连接插件connection plugins:负责和被监控端实现通信:(2).host inventory:指定操作的主机,是一个配

ansible批量管理服务详解

在开始之前我们先试想一个场景,你的公司有成百上千台的服务器,这时候领导要求在所有服务器上都添加一个定时任务,或者是执行某个命令,你可能会说用xshell一个一个去连或者是编写一个shell脚本,但是如果过你经历过类似的事情,你一定可以体会到其中的痛苦,因为这么多服务器你用xshell去连的话工作量将变得特别大,但如果你是选择写一个脚本的话也会特别的麻烦,因为每执行一个不同的东西你就要去修改脚本的类容,而且批量脚本一般采用循环的方式去执行一些任务,如果节点太多的话,执行的效率会变得比较低,而批量管

Linux中ansible批量管理软件部署及剧本编写

服务器版本信息: Centos6.9 [[email protected] ~]# uname -a Linux db02 2.6.32-696.el6.x86_64 #1 SMP Tue Mar 21 19:29:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux ansible软件介绍 ansible是一个基于Python开发的自动化运维工具! 其功能实现基于SSH远程连接服务! ansible可以实现批量系统配置.批量软件部署.批量文件拷贝.批量运行命令等

w9 Ansible批量管理与维护

ssh秘钥认证 基于口令的安全验证 [[email protected] ~]# ssh 10.0.0.41 hostname [email protected]'s password: backup [[email protected] ~]# ssh 10.0.0.41 whoami [email protected]'s password: root [[email protected] ~]# ssh [email protected] whoami [email protected]'

Linux(11):期中架构(3)--- SSH远程管理服务 & ansible 批量管理服务

SSH远程管理服务 1. 远程管理服务知识介绍 # 1.1 SSH远程登录服务介绍说明 SSH是Secure Shell Protocol的简写,由 IETF 网络工作小组(Network Working Group)制定: 在进行数据传输之前,SSH先对联机数据包通过加密技术进行加密处理,加密后在进行数据传输.确保了传递的数据安全. SSH是专为远程登录会话和其他网络服务提供的安全性协议. 利用SSH协议可以有效的防止远程管理过程中的信息泄露问题,在当前的生产环境运维工作中, 绝大多数企业普遍

利用ansible批量管理windows2008 R2 以上dns服务器

准备:安装dns服务器net3.5  PowerShell DnsShell插件用到.DnsShell插件附件里面 ansible 支持环境也要安装的 ansible 目录结构说明: . ├── DnsShell #PowerShell dns支持模块 cp to C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules 正在文件夹 │   ├── DNSShell.dll │   ├── DnsShell.Format.ps1xml │   ├──