Ansible-Shell
2021-11-09 本文已影响0人
小李飞刀_lql
Ansible安装
001依赖包安装
yum install centos-release-ansible-29 -y
002 依赖包查看
[root@localhost .ssh]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
CentOS-SIG-ansible-29.repo
003 安装ansible
yum install yum install ansible
主机清单
001 位置
/etc/ansible/hosts
002 设置
[root@localhost ansible]# vi hosts
192.168.153.17
[webservers]
192.168.153.18
[dbservers]
192.168.153.19
003 远程登录(指纹验证需要)
ssh root@192.168.153.18
004 ansible命令
[root@localhost ansible]# ansible webservers -m shell -a "df -h" -k
SSH password: root
192.168.153.18 | CHANGED | rc=0 >>
文件系统 容量 已用 可用 已用% 挂载点
/dev/sda3 16G 974M 15G 7% /
devtmpfs 1.4G 0 1.4G 0% /dev
tmpfs 1.4G 0 1.4G 0% /dev/shm
tmpfs 1.4G 12M 1.4G 1% /run
tmpfs 1.4G 0 1.4G 0% /sys/fs/cgroup
/dev/sda1 297M 117M 180M 40% /boot
tmpfs 280M 0 280M 0% /run/user/0
005 去掉指纹验证
host_key_checking = False
006 查看所有机器
[root@localhost ansible]# ansible all -m shell -a "df -h" -k
SSH password:
192.168.153.19 | CHANGED | rc=0 >>
文件系统 容量 已用 可用 已用% 挂载点
/dev/sda3 16G 973M 15G 7% /
devtmpfs 1.4G 0 1.4G 0% /dev
tmpfs 1.4G 0 1.4G 0% /dev/shm
tmpfs 1.4G 12M 1.4G 1% /run
tmpfs 1.4G 0 1.4G 0% /sys/fs/cgroup
/dev/sda1 297M 117M 180M 40% /boot
tmpfs 280M 0 280M 0% /run/user/0
192.168.153.17 | CHANGED | rc=0 >>
文件系统 容量 已用 可用 已用% 挂载点
/dev/sda3 16G 1.4G 15G 9% /
devtmpfs 1.4G 0 1.4G 0% /dev
tmpfs 1.4G 124K 1.4G 1% /dev/shm
tmpfs 1.4G 12M 1.4G 1% /run
tmpfs 1.4G 0 1.4G 0% /sys/fs/cgroup
/dev/sda1 297M 117M 180M 40% /boot
tmpfs 280M 0 280M 0% /run/user/0
192.168.153.18 | CHANGED | rc=0 >>
文件系统 容量 已用 可用 已用% 挂载点
/dev/sda3 16G 975M 15G 7% /
devtmpfs 1.4G 0 1.4G 0% /dev
tmpfs 1.4G 0 1.4G 0% /dev/shm
tmpfs 1.4G 12M 1.4G 1% /run
tmpfs 1.4G 0 1.4G 0% /sys/fs/cgroup
/dev/sda1 297M 117M 180M 40% /boot
tmpfs 280M 0 280M 0% /run/user/0
变量
001 设置
[webservers]
192.168.153.18 http_port=80
192.168.153.19 http_port=8080
002 验证
[root@localhost ansible]# ansible webservers -m shell -a "echo {{http_port}}" -k
SSH password:
192.168.153.19 | CHANGED | rc=0 >>
8080
192.168.153.18 | CHANGED | rc=0 >>
80
[root@localhost ansible]# ansible webservers -m shell -a "mkdir /tmp/{{http_port}}" -k
SSH password:
192.168.153.18 | CHANGED | rc=0 >>
192.168.153.19 | CHANGED | rc=0 >>
003 组变量
[webservers:vars]
ntp_server=ntp.example.com
[root@localhost ansible]# ansible webservers -m shell -a "echo {{ntp_server}}" -k
SSH password:
192.168.153.18 | CHANGED | rc=0 >>
ntp.example.com
192.168.153.19 | CHANGED | rc=0 >>
ntp.example.com
004 变量优先级
主机变量优先于组变量
005 变量到特定文件
[root@localhost ansible]# mkdir /etc/ansible/group_vars
hosts文件中有两个组:[webservers] [dbservers]
配置每个组的变量:
vi /etc/ansible/group_vars/webservers.yaml
webhello: webservers
vi /etc/ansible/group_vars/dbservers.yaml
dbhello: dbwebserver
验证:
[root@localhost ansible]# ansible webservers -m shell -a "echo {{webhello}}" -k
SSH password:
192.168.153.19 | CHANGED | rc=0 >>
webservers
192.168.153.18 | CHANGED | rc=0 >>
webservers
[root@localhost ansible]# ansible dbservers -m shell -a "echo {{dbhello}}" -k
SSH password:
192.168.153.19 | CHANGED | rc=0 >>
dbwebserver
006 SSH密码认证
[webservers]
192.168.153.18 http_port=80 ansible_ssh_user=root ansible_ssh_pass='root'
192.168.153.19 http_port=8080 ansible_ssh_user=root ansible_ssh_pass='root'
----------------------------------------------------------------------------------
[root@localhost ~]# ansible webservers -m shell -a "df -h"
192.168.153.18 | CHANGED | rc=0 >>
文件系统 容量 已用 可用 已用% 挂载点
/dev/sda3 16G 975M 15G 7% /
...
192.168.153.19 | CHANGED | rc=0 >>
文件系统 容量 已用 可用 已用% 挂载点
/dev/sda3 16G 973M 15G 7% /
...
ad-hoc 模式常用模块
001 ping 快速检查
[root@localhost ~]# ansible webservers -m ping
192.168.153.19 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.153.18 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
002 command 和 shell 模块
ansible 在远程主机执行 shell 命令,默认使用的 command 模块
[root@localhost ~]# ansible webservers -a 'pwd'
192.168.153.19 | CHANGED | rc=0 >>
/root
192.168.153.18 | CHANGED | rc=0 >>
/root
[root@localhost ~]# ansible webservers -m shell -a 'pwd'
192.168.153.19 | CHANGED | rc=0 >>
/root
192.168.153.18 | CHANGED | rc=0 >>
/root
#只能写一行
[root@localhost ~]# ansible webservers -m shell -a 'ps -ef|grep nginx'
192.168.153.19 | CHANGED | rc=0 >>
root 1762 1761 0 14:22 pts/0 00:00:00 /bin/sh -c ps -ef|grep nginx
root 1764 1762 0 14:22 pts/0 00:00:00 grep nginx
192.168.153.18 | CHANGED | rc=0 >>
root 1813 1812 0 14:23 pts/0 00:00:00 /bin/sh -c ps -ef|grep nginx
root 1815 1813 0 14:23 pts/0 00:00:00 grep nginx
003 copy模块
#把ansible主机的文件src分发到其他机器的位置dest上
[root@localhost ~]# ansible webservers -m copy -a "src=/root/a.txt dest=/root/a.txt"
192.168.153.19 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "52ff4c80d0659228eb7a31a0a64363767aee66e0",
"dest": "/root/a.txt",
"gid": 0,
"group": "root",
"md5sum": "7752c52bf2e741b90a06d5f0a88d7b4c",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:admin_home_t:s0",
"size": 6,
"src": "/root/.ansible/tmp/ansible-tmp-1632465652.83-2277-46172232455861/source",
"state": "file",
"uid": 0
}
192.168.153.18 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "52ff4c80d0659228eb7a31a0a64363767aee66e0",
"dest": "/root/a.txt",
"gid": 0,
"group": "root",
"md5sum": "7752c52bf2e741b90a06d5f0a88d7b4c",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:admin_home_t:s0",
"size": 6,
"src": "/root/.ansible/tmp/ansible-tmp-1632465652.82-2275-104737455575439/source",
"state": "file",
"uid": 0
}
004 定时任务
#每 5 分钟同步一下服务器的时间
[root@localhost ~]# ansible webservers -m cron -a "minute='*/5' job='ntpdate time.window.com &>/dev/null' name='sync time' "
192.168.153.19 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"sync time"
]
}
192.168.153.17 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"sync time"
]
}
192.168.153.18 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"sync time"
]
}
#删除定时任务
[root@localhost ~]# crontab -l
#Ansible: sync time
*/5 * * * * ntpdate time.window.com &>/dev/null
[root@localhost ~]# ansible webservers -m cron -a "minute='*/5' job='ntpdate time.window.com &>/dev/null' name='sync time' state=absent "
192.168.153.19 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
192.168.153.17 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
192.168.153.18 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
005 yum
#安装httpd
ansible webservers -m yum -a "name=httpd state=present"
present,latest:表示安装
absent
#卸载httpd
ansible webservers -m yum -a "name=httpd state=absent"
006 管理服务
ansible webservers -m service -a "name=httpd state=started enabled=yes"
state 可选值:started、stopped、restarted
enabled=true 设置开机启动 = systemctl enable httpd
ansible webservers -m service -a "name=httpd state=restarted enabled=yes daemon_reload=yes"
daemon_reload=yes 重新加载配置文件 = systemctl daemon-reload
007 信息收集setup
#全部信息
ansible webservers -m setup
#过滤信息
ansible webservers -m setup -a "filter=ansible_all_ipv4_addresses"
