Ansible 服务
Linux System Environment
[root@ansible ~]# cat /etc/redhat-release #==》系统版本
CentOS Linux release 7.5.1804 (Core)
[root@ansible ~]# uname –r #==》系统内核
3.10.0-862.el7.x86_64
[root@ansible ~]# uname -m #==》系统位数
x86_64
[root@ansible ~]# echo $LANG #==》系统字符集
en_US.UTF-8
[root@ansible ~]# ssh –V #==》SSH版本
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@master ~]# ansible –version #==》Ansible版本
ansible 2.4.2.0
[root@master ~]# python –version #==》Python版本
Python 2.7.5
Ansible简介
Ansible是python中的一套模块,系统中的一套自动化工具,只需要配置SSH免密登陆即可用来管理系统、自动化执行命令等任务。Ansible已被红帽收购。
Ansible Function
1、批量命令执行
2、批量安装服务
3、批量配置同步
4、批量任务执行
5、批量代码部署
Ansible Note
1、配置文件/etc/ansible/ansible.cfg(通常不需要配置)
2、不需要启动服务
3、客户端没有需要安装任务Ansible客户端软件(python与 SSH系统默认已经安装)
4、Ansible官方文档地址 [https://docs.ansible.com/](https://docs.ansible.com/)
5、Ansible通过SSH服务进行批量管理,ansible架设前提是SSH服务密钥验证要配置好
6、Ansible 执行的命令能避免重复执行修改或更改的操作
Ansible 命令格式
ansible <host-pattern> -m <module> -a “<command>”
Ansible 主机清单配置文件/etc/ansible/hosts
1、主机支持主机名通配以及正则表达式,例如web[1:3].oldboy.com代表三台主机
2、主机支持基于非标准的SSH端口,例如 web.oldboy.com:6666或172.16.1.31:6666
3、主机支持指定变量,可对个别主机的特殊配置,例如 登陆用户、密码
4、主机组支持指定变量[GroupName:vars],同时支持嵌套组[game:children]
[root@ansible ~]# cat /etc/ansible/hosts
#==》主机组
[webserver01]
172.16.1.31
172.16.1.32
#==》主机+端口+密码
[webserver02]
10.0.0.31 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='123456'
10.0.0.32 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='123456'
#==》主机组定义了变量,变量是免密输入,默认22端口和root用户登陆
[webserver03]
10.0.0.31
10.0.0.32
[webserver03:vars]
ansible_ssh_pass='123456'
一、 Ansible安装
Ansible 命令输出颜色说明
1、绿色 #==》成功执行了命令操作,未做修改
2、红色 #==》执行失败
3、黄色 #==》成功执行了命令操作,做了修改
4、紫色 #==》警告信息
5、蓝色 #==》打印输出详细信息
主机规划
外网IP地址 内网IP地址 计算名 备注
10.0.0.30 172.16.1.30 ansible SSH服务端(私钥),Ansible服务端
10.0.0.31 172.16.1.31 test01 SSH客户端(公钥),Ansible客户端
10.0.0.32 172.16.1.32 test02 SSH客户端(公钥),Ansible客户端
1、配置阿里云yum源
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum makecache
2、配置SSH免密登陆(此操作步骤省略,可查看相关文档)
https://www.jianshu.com/p/a64f76edc607
3、Ansible安装与配置
标注:yum安装ansible会自带把python安装(python系统默认已安装)
[root@ansible ~]# yum -y install ansible
[root@ansible ~]# rpm -qa ansible
ansible-2.8.2-1.el7.noarch
[root@ansible ~]# rpm -qc ansible
/etc/ansible/ansible.cfg #==》Ansible配置文件
/etc/ansible/hosts #==》Ansible主机清单(重点了解)
4、Ansible测试
[root@ansible ~]# ansible webserver01 -m ping
172.16.1.32 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.31 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
二、Ansible常用模块
1、 ping模块
标注:ping模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/ping_module.html#ping-module
#==》测试Ansible主机与其它主机之间网络连通性
[root@ansible ~]# ansible webserver01 -m ping
172.16.1.32 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.31 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
2、command模块
标注:command模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/command_module.html#command-module
[root@ansible ~]# ansible webserver01 -m command -a "hostname"
172.16.1.32 | CHANGED | rc=0 >>
test02
172.16.1.31 | CHANGED | rc=0 >>
test01
#==》不能执行特殊字符或一连串的命令
[root@ansible ~]# ansible webserver01 -m command -a "hostname;ifconfig"
172.16.1.32 | FAILED | rc=2 >>
[Errno 2] No such file or directory
172.16.1.31 | FAILED | rc=2 >>
[Errno 2] No such file or directory
3、shell模块
标注:shell模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/shell_module.html#shell-module
#==》shell模块功能是万能的,基本所有的命令都能执行,但有一些命令是不能执行,例如 awk命令
[root@ansible ~]# ansible webserver01 -m shell -a "hostname;hostname -I"
172.16.1.31 | CHANGED | rc=0 >>
test01
10.0.0.31 172.16.1.31
172.16.1.32 | CHANGED | rc=0 >>
test02
10.0.0.32 172.16.1.32
#==》shell模块指定的命令如果有awk会无效
[root@ansible ~]# ansible webserver01 -m shell -a "hostname;ip a s eth0 | awk -F "[ /]+" 'NR==3{print $3}'"
4、copy模块
标注:copy模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/copy_module.html#copy-module
参数说明:
src #==》源路径
dest #==》目标路径
owner #==》属主
group #==》属组
mode #==》文件权限
[root@ansible ~]# ansible webserver01 -m copy -a "src=/server/scripts/ssh_sent.sh dest=/mnt/ owner=root group=oldboy mode=0644"
172.16.1.32 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "775164bc6f500d44af5ec0509149820811865268",
"dest": "/mnt/ssh_sent.sh",
"gid": 1000,
"group": "oldboy",
"md5sum": "80e8b575172fcd319e04c587ad8895c7",
"mode": "0644",
"owner": "root",
"size": 902,
"src": "/root/.ansible/tmp/ansible-tmp-1565070734.35-85675211898374/source",
"state": "file",
"uid": 0
}
[root@ansible ~]# ansible webserver01 -m shell -a "ls -l /mnt"
172.16.1.31 | CHANGED | rc=0 >>
total 4
-rw-r--r-- 1 root oldboy 902 Aug 6 13:52 ssh_sent.sh
5、file模块
标注:file模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/file_module.html#file-module
参数说明:
path #==》文件或目录的路径
src #==》源路径
dest #==》目标路径
owner #==》属主
group #==》属组
mode #==》文件权限
state #==》文件状态
#==》修改远程主机组的文件属性
[root@ansible ~]# ansible webserver01 -m shell -a "ls -l /mnt"
172.16.1.31 | CHANGED | rc=0 >>
total 4
-rw-r--r-- 1 root oldboy 902 Aug 6 13:52 ssh_sent.sh
[root@ansible ~]# ansible webserver01 -m file -a "path=/mnt/ssh_sent.sh owner=oldboy group=oldboy mode=600"
172.16.1.32 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 1000,
"group": "oldboy",
"mode": "0600",
"owner": "oldboy",
"path": "/mnt/ssh_sent.sh",
"size": 902,
"state": "file",
"uid": 1000
}
[root@ansible ~]# ansible webserver01 -m shell -a "ls -l /mnt"
172.16.1.32 | CHANGED | rc=0 >>
total 4
-rw------- 1 oldboy oldboy 902 Aug 6 13:52 ssh_sent.sh
#==》远程创建软链接文件
[root@ansible ~]# ansible webserver01 -m file -a "src=/mnt/ssh_sent.sh dest=/mnt/ssh_sent_link.sh state=link"
172.16.1.31 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/mnt/ssh_sent_link.sh",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 16,
"src": "/mnt/ssh_sent.sh",
"state": "link",
"uid": 0
}
[root@ansible ~]# ansible webserver01 -m shell -a "ls -l /mnt"
172.16.1.32 | CHANGED | rc=0 >>
total 4
lrwxrwxrwx 1 root root 16 Aug 6 14:15 ssh_sent_link.sh -> /mnt/ssh_sent.sh
-rw------- 1 oldboy oldboy 902 Aug 6 13:52 ssh_sent.sh
6、script模块
标注:script模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/script_module.html#script-module
#==》编写yum安装bash_completion(按Tab键自动补全命令)脚本
[root@ansible ~]# mkdir -p /server/scripts/
[root@ansible ~]# vim /server/scripts/yum_bash-com.sh
#!/bin/bash
yum -y install bash-completion
[root@ansible ~]# ansible webserver01 -m script -a "/server/scripts/yum_bash-com.sh"
172.16.1.31 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.16.1.31 closed.\r\n",
"stderr_lines": [
"Shared connection to 172.16.1.31 closed."
],
"stdout": "Loaded plugins: fastestmirror\r\nLoading mirror speeds from cached hostfile\r\n * base: mirrors.aliyun.com\r\n * extras: mirrors.aliyun.com\r\n * updates: mirrors.aliyun.com\r\nPackage 1:bash-completion-2.1-6.el7.noarch already installed and latest version\r\nNothing to do\r\n",
"stdout_lines": [
"Loaded plugins: fastestmirror",
"Loading mirror speeds from cached hostfile",
" * base: mirrors.aliyun.com",
" * extras: mirrors.aliyun.com",
" * updates: mirrors.aliyun.com",
"Package 1:bash-completion-2.1-6.el7.noarch already installed and latest version",
"Nothing to do"
]
}
7、cron模块
标注:cron模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/cron_module.html#cron-module
参数说明:
name #==》指定定时任务名称(索引),这个任务名称很重要,一定要设置
minute #==》分
hour #==》时
day #==》日
month #==》月
weekday #==》周
job #==》要执行的命令
state #==》状态,absent取消任务,present生成任务(默认值)
[root@ansible ~]# ansible webserver01 -m cron -a 'minute=*/5 hour=*/2 day=10 month=*/2 weekday=* job="/bin/ls -l /etc"'
#==》如果没有指定name参数会警告提示
[DEPRECATION WARNING]: The 'name' parameter will be required in future releases.. This feature will be removed in version 2.12. Deprecation warnings can be
disabled by setting deprecation_warnings=False in ansible.cfg.
172.16.1.32 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"uptime",
"None"
]
}
[root@ansible ~]# ansible webserver01 -m shell -a "crontab -l"
172.16.1.31 | CHANGED | rc=0 >>
#Ansible: uptime
*/5 */2 10 */2 * /usr/bin/uptime
#Ansible: None
*/5 */2 10 */2 * /bin/ls -l /etc
8、user模块
标注:user模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/user_module.html#user-module
参数说明:
uid #==》指定用户的uid
group #==》指定用户组
groups #==》指定附加用户组
password #==》给用户添加密码
shell #==》指定用户登陆shell
create_home #==》是否创建家目录,默认(yes)
comment #==》用户描述信息
[root@ansible ~]# ansible webserver01 -m user -a "name=test group=oldboy shell=/sbin/nologin comment=testuser create_home=no"
172.16.1.31 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "testuser",
"create_home": false,
"group": 1000,
"home": "/home/test",
"name": "test",
"shell": "/sbin/nologin",
"state": "present",
"system": false,
"uid": 1004
}
[root@ansible ~]# ansible webserver01 -m shell -a "tail -1 /etc/passwd"
172.16.1.31 | CHANGED | rc=0 >>
test:x:1004:1000:testuser:/home/test:/sbin/nologin
9、group模块
标注:group模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/group_module.html#group-module
参数说明:
name #==》指定用户组名称
gid #==》指定用户组gid
state #==》absent删除用户组,present创建用户组(默认值)
#==》创建用户组
[root@ansible ~]# ansible webserver01 -m group -a "name=Tom gid=9999"
172.16.1.32 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 9999,
"name": "Tom",
"state": "present",
"system": false
}
[root@ansible ~]# ansible webserver01 -m shell -a "tail -1 /etc/gshadow"
172.16.1.32 | CHANGED | rc=0 >>
Tom:!::
#==》删除用户组
[root@ansible ~]# ansible webserver01 -m group -a "name=Tom state=absent"
172.16.1.31 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "Tom",
"state": "absent"
}
[root@ansible ~]# ansible webserver01 -m shell -a "tail -1 /etc/gshadow"
172.16.1.32 | CHANGED | rc=0 >>
oldgirl:!::