ansible批量管理常见的配置方法

时间：2019-11-30 16:29:40 阅读：175 评论：0 收藏：0 [点我收藏+]

标签：存储 exp work suse files been 默认 dep check

第7章 ansible的管理????103

7.1 ansible概念的介绍????103

7.1.1 ansible的概念????104

7.1.2 ansible使用的一些意义????104

7.1.3 ansible拥有哪些服务????104

7.1.4 ansible服务的一些特点????104

7.2 ansible部署过程????104

7.2.1 服务的安装????104

7.2.2 服务版本的检查????105

7.3 ansible的主机清单讲解????105

7.3.1 根据主机IP地址来进行设置主机清单????105

7.3.2 根据分组来进行设置主机清单????106

7.3.3 根据内置环境变量设置主机清单????107

7.3.4 根据组变量来设置主机清单????109

7.3.5 根据组与子组来设置主机清单????110

7.3.6 根据序列来设置主机清单????111

7.4 ansible的模块讲解(相当于linux命令行的命令)????112

7.4.1 命令模块的讲解????112

7.4.2 文件模块的讲解????115

7.4.3 系统模块的讲解????123

7.5 ansible的剧本讲解(相当于linux编写的脚本)????134

7.5.1 剧本的概念????134

7.5.2 剧本编写的注意点(yaml语法)????135

7.5.3 剧本编写常见的格式????135

7.5.4 剧本编写扩展功能????138

7.5.5 剧本的整合功能????147

7.6 剧本的角色功能????148

7.6.1 角色的作用????148

7.6.2 怎么配置角色功能????148

第7章 ansible的管理

7.1 ansible概念的介绍

ansible-playbook –syntax????????????检查语法
ansible-playbook -C????????????????模拟执行剧本
ansible-doc -l????????????????????????列出ansible的一些模块名字
ansible-doc -s 模块名????????????????详细查看指定的模块参数
ansible-doc 模块名????????????????详细查看指定的模块用法

======================================================================

黄色????????????????????????????对系统数据信息有改变
绿色????????????????????????????对系统进行查看操作时
红色????????????????????????????操作过程有严重错误
紫色????????????????????????????建议或者忠告
蓝色????????????????????????????操作执行过程信息

7.1.1 ansible的概念

ansible是基于python开发的,一个批量管理服务器的软件

7.1.2 ansible使用的一些意义

可以批量管理服务器
可以节约公司维护成本
可以减少做一些重复性的工作
提高工作效率,提高工作的精确度

7.1.3 ansible拥有哪些服务

ansible可以批量分发数据信息
ansible可以批量部署服务
ansible可以批量的进行公司资产的统计
ansible可以进行自动管理(代码上线,服务重启)

7.1.4 ansible服务的一些特点

ansible服务不需要启动
ansible软件安装简单
ansible软件功能强大(管理模块众多,剧本编写实现自动化)
客户端不需要配置

7.2 ansible部署过程

7.2.1 服务的安装

[root@m01 ~] # yum -y install ansible

7.2.2 服务版本的检查

[root@m01 ~] # ansible --version

ansible 2.8.5

config file = /etc/ansible/ansible.cfg

configured module search path = [u‘/root/.ansible/plugins/modules‘, u‘/usr/share/ansible/plugins/modules‘]

ansible python module location = /usr/lib/python2.7/site-packages/ansible

executable location = /usr/bin/ansible

python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

[root@m01 ~] #

7.3 ansible的主机清单讲解

7.3.1 根据主机IP地址来进行设置主机清单

7.3.1.1 编辑配置文件,将主机IP地址放入配置文件最后一行

[root@m01 ~] # vim /etc/ansible/hosts

## db-[99:101]-node.example.com

172.16.1.41

172.16.1.7

7.3.1.2 使用ansible命令来测试这几个服务器是否正常

[root@m01 ~] # ansible all -m ping????????????????查看IP地址是否正常

172.16.1.41 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"????????????????????????????出现ping:pong就是正常的情况

}

172.16.1.7 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

[root@m01 ~] #

7.3.2 根据分组来进行设置主机清单

7.3.2.1 只查看网站web服务器的情况

[root@m01 ~] # vim /etc/ansible/hosts

172.16.1.41

[web_server]????????????????将网站服务器分组,组名为[web_server]

172.16.1.7

"/etc/ansible/hosts" 50L, 1067C written

You have new mail in /var/spool/mail/root

[root@m01 ~] # ansible web_server -m ping????????????????查找指定的组来进行测试

172.16.1.7 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

[root@m01 ~] #

7.3.3 根据内置环境变量设置主机清单

7.3.3.1 秘钥不正常,需要使用密码的情况

7.3.3.1.1 破坏分发的公钥

[root@web01 ~] # vim ~/.ssh/authorized_keys

-dss AAAAB3NzaC1kc3MAAACBAP2/LmC3aM8WowMU81f1PYTFR5l08hATO3LR13RSa6XBw8laM5ih2tqe66FwUOwgpKfEczvOcqtbohCg87ZF3B/1sT25lKrsePysmn7Jr93htinjAMrP36pS5+MG

7.3.3.1.2 查看ssh连接看是否秘钥还否正常

[root@backup ~] # ssh 172.16.1.7????????????????秘钥已经不正常

root@172.16.1.7‘s password:

7.3.3.1.3 使用ansible来测试

[root@m01 ~] # ansible 172.16.1.7 -m ping

172.16.1.7 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).", ????????连接失败

"unreachable": true

}

[root@m01 ~] #

172.16.1.7 ansible_user=root ansible_password=123456 ansible_port=22????????设置内置变量来定义用户,密码,端口

"/etc/ansible/hosts" 50L, 1125C written

[root@m01 ~] # ansible 172.16.1.7 -m ping

172.16.1.7 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"????????????????连接成功

}

[root@m01 ~] #

ansible_user????????????????????????????????????指定被管理主机连接的用户信息
ansible_password????????????????????????????????指定被管理主机连接的密码信息
ansible_port????????????????????????????????????指定被管理主机连接的端口信息
ansible_host????????????????????????????????????指定被管理主机IP对应的的用户名????????????????????????????????????????????信息

7.3.3.2 使用用户名来设置主机清单

web01 ansible_host=172.16.1.7 ansible_user=root ansible_password=123456 ansible_port=22

"/etc/ansible/hosts"^[[A 50L, 1144C written ????????????????使用ansible_host来进行设置IP对应的主机名

[root@m01 ~] # ansible web01 -m ping

web01 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

[root@m01 ~] #

7.3.3.3 用户提权来设置主机清单

web01 ansible_host=172.16.1.7 ansible_user=oldboy10 ansible_password=123456 ansible_port=22

"/etc/ansible/hosts" 51L, 1343C written

[root@m01 ~] # ansible web01 -m command -a "cat /etc/shadow"

web01 | FAILED | rc=1 >>

cat: /etc/shadow: Permission deniednon-zero return code????????????????权限拒绝,因为是普通用户,没有权限打开

[root@m01 ~] #

[root@m01 ~] # vim /etc/ansible/hosts

[web_server]

web01 ansible_host=172.16.1.7 ansible_user=oldboy10 ansible_password=123456 ansible_port=22 ansible_become=yes ansible_become_method=su ansible_becom

e_user=root ansible_become_password=123456????????????????是否开启提权操作使用什么方法来进行提权使用什么用户进行提权密码是多少

[root@m01 ~] # ansible web01 -m command -a "cat /etc/passwd"????????????查看主机名为web01的/etc/passwd,用户为普通用户

web01 | CHANGED | rc=0 >>

root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

sync:x:5:0:sync:/sbin:/bin/sync

ansible_become????????????????????????????是否进行提权(yes/no)(true/false)
ansible_become_method????????????????????????提权选择的方法(su/sudo)
ansible_become_user????????????????????????使用什么用户进行提权
ansible_become_password????????????????????指定提权用户密码

7.3.4 根据组变量来设置主机清单

[web_server]

web01 ansible_host=172.16.1.7 ansible_user=oldboy10 ansible_password=123456 ansible_port=22

[web_server:vars]????????????????设置他的组变量参数为vars

ansible_become=yes

ansible_become_method=su

ansible_become_user=root

ansible_become_password=123456

[root@m01 ~] # ansible web01 -m command -a "cat /etc/shadow"

web01 | CHANGED | rc=0 >>

root:$6$pn3juE2N$C9kmnucSJh08QQ.84BOTUNPqy3MSLez2YFG70N4NHD9gU40ibY8mdT6P05xUiaim2xcuRkjgB1rBohhZ8Y.To.:18178:0:99999:7:::

bin:*:17834:0:99999:7:::

daemon:*:17834:0:99999:7:::

adm:*:17834:0:99999:7:::

lp:*:17834:0:99999:7:::

sync:*:17834:0:99999:7:::

7.3.5 根据组与子组来设置主机清单

[web_backup:children]????????????????????将多个模块合在一起进行查看(children:可以说成是web_backup主模块的子模块配置)

backup_server

web_server

[backup_server]????

172.16.1.41

[web_server]

172.16.1.7 ansible_user=root ansible_password=123456 ansible_port=22

[root@m01 ~] # ansible web_backup -m ping

172.16.1.41 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

172.16.1.7 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

[root@m01 ~] #

7.3.6 根据序列来设置主机清单

[seq_server]????????????????????连续的情况下使用这个方法

172.16.1.[41:45]

"/etc/ansible/hosts" 59L, 1222C written

[root@m01 ~] # ansible seq_server -m ping

172.16.1.41 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

172.16.1.42 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: ssh: connect to host 172.16.1.42 port 22: No route to host",

"unreachable": true

}

172.16.1.44 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: ssh: connect to host 172.16.1.44 port 22: No route to host",

"unreachable": true

}

[root@m01 ~] #

7.4 ansible的模块讲解(相当于linux命令行的命令)

7.4.1 命令模块的讲解

7.4.1.1 command命令模块讲解(默认模块)

7.4.1.1.1 作用

批量管理多个数据执行命令,默认不支持特殊符号的使用

7.4.1.1.2 语法

ansible 主机名 -m command -a "hostname"

7.4.1.1.3 使用command来查看各个服务器的主机名

[root@m01 ~] # ansible web_server -m command -a "hostname"????????????查看主机名

172.16.1.7 | CHANGED | rc=0 >>

web01

[root@m01 ~] #

7.4.1.1.4 使用command来切换目录

[root@m01 ~] # ansible web_server -m command -a "chdir=/tmp pwd"????????????切换目录

172.16.1.7 | CHANGED | rc=0 >>

/tmp

You have new mail in /var/spool/mail/root

[root@m01 ~] #

7.4.1.1.5 使用command来创建文件

creates:判断文件数据是否存在,如果存在,则跳过下次的创建,所以不创建33.txt

[root@m01 ~] # ansible web_server -m command -a "creates=/tmp/aa.txt touch33.txt"????????????

172.16.1.7 | SUCCESS | rc=0 >>

skipped, since /tmp/aa.txt exists????????????????跳过,现在aa.txt已经存在,跳过创建33.txt

[root@m01 ~] #

[root@web01 tmp] # ll

total 0

-rw-r--r-- 1 root root 0 Oct 30 16:33 aa.txt

[root@web01 tmp] #

removes:如果文件存在,才会进行创建,现在oldboy.txt文件不存在,所以不会创建

[root@m01 ~] # ansible 172.16.1.41 -m command -a "removes=/tmp/oldboy.txt touch /tmp/aa.txt"

172.16.1.41 | SUCCESS | rc=0 >>

skipped, since /tmp/oldboy.txt does not exist

[root@m01 ~] #

[root@backup ~] # ll /tmp????????????????????????????文件不存在

total 4

-rw-r--r-- 1 root root 0 Oct 30 11:19 aa.txt

-rw-r--r-- 1 oldboy01 oldboy01 390 Oct 17 19:10 hosts

7.4.1.2 shell命令模块的讲解(万能模块)

7.4.1.2.1 作用

批量管理多个数据执行命令，默认支持特殊符号,但是这个命令执行一次就废了，简称幂等法

7.4.1.2.2 语法

ansible 主机名 -m shell-a "echo oldboy66 > /tmp/aa.txt"

7.4.1.2.3 将备份服务器/tmp/aa.txt里面加入数据信息oldboy66

[root@m01 ~] # ansible 172.16.1.41 -m shell -a "echo oldboy66 > /tmp/aa.txt"

172.16.1.41 | CHANGED | rc=0 >>

[root@m01 ~] #

[root@backup ~] # cat /tmp/aa.txt

oldboy66????????????????????????????????????数据已经重定向成功

[root@backup ~] #

7.4.1.3 script命令模块的讲解(脚本模块)

7.4.1.3.1 作用

可以远程执行脚本文件

7.4.1.3.2 语法

ansible IP地址 -m script -a "/server/scripts/1.sh"

7.4.1.3.3 将/server/scripts/1.sh分发到备份服务器上创建出脚本中执行的内容

[root@m01 scripts] # ansible 172.16.1.41 -m script -a "/server/scripts/1.sh"

172.16.1.41 | CHANGED => {

"changed": true,

"rc": 0,

"stderr": "Shared connection to 172.16.1.41 closed.\r\n",

"stderr_lines": [

"Shared connection to 172.16.1.41 closed."

"stdout": "",

"stdout_lines": []

}

7.4.2 文件模块的讲解

7.4.2.1 copy模块的讲解

7.4.2.1.1 作用

将管理主机上的数据分发到其他被管理主机上
可以将被管理主机上的数据进行复制的操作

7.4.2.1.2 语法

ansible 172.16.1.41 -m copy -a "src=路径 dest=路径 mode=权限 owner=属主 group=属组"
ansible 172.16.1.41 -m copy -a "src=路径 dest=路径 remote_src=yes/no mode=权限 owner=属主 group=属组"
ansible 172.16.1.41 -m copy -a "content=内容 dest=路径 mode=权限 owner=属主 group=属组"
ansible 172.16.1.41 -m copy -a "content=内容 dest=路径 mode=权限 owner=属主 group=属组 backup=yes/no"

7.4.2.1.3 参数讲解

src????????????????????????要复制到远程服务器的文件路径
dest????????????????????????指定保存到远程服务器哪个路径下面
remote_src????????????????true:表示src文件在远程服务器上，false表示src文件在本????????????????????????????地上
backup????????????????????传输文件之前，对可能要备份覆盖的文件做备份操作
mode????????????????????传输文件之后对文件权限进行修改操作
owner????????????????????传输文件之后对文件的属主进行修改操作
group????????????????????传输文件之后对文件的属组进行修改操作
content????????????????????在被管理的主机创建文件并且添加新的额内容

7.4.2.1.4 将批量管理服务器的hosts文件备份到备份服务器的backup目录下面

[root@m01 scripts] # ansible 172.16.1.41 -m copy -a "src=/etc/hosts dest=/backup/ mode=666 owner=oldboy10 group=oldboy10"

172.16.1.41 | CHANGED => {

"gid": 1004,

}

[root@m01 scripts] #

[root@backup scripts] # cd /backup/

[root@backup backup] # ll

total 4

-rw-rw-rw- 1 oldboy10 oldboy10 390 Oct 30 19:32 hosts????????????属主.属组修改为了oldboy10，权限为666

[root@backup backup] #

7.4.2.1.5 将备份服务器文件/etc/hosts文件移动到/tmp目录下面

[root@m01 scripts] # ansible 172.16.1.41 -m copy -a "src=/etc/hosts dest=/backup/ mode=777 remote_src=yes"

172.16.1.41 | CHANGED => {????????????remote_src代表的是远程源是否开启

"ansible_facts": {

"changed": true

[root@backup backup] # ll

total 4

-rwxrwxrwx 1 root root 390 Oct 17 19:10 hosts

[root@backup backup] #

7.4.2.1.6 将oldboy66放入到远程备份服务器的/tmp/hosts文件中

[root@m01 backup] # ansible 172.16.1.41 -m copy -a "content=oldboy66 dest=/backup/hosts mode=777 "

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true,

[root@backup backup] # cat hosts

oldboy66????????????????????????????内容输出正确

7.4.2.1.7 将/etc/hosts传输到备份服务器backup目录下

[root@m01 backup] # ansible 172.16.1.41 -m copy -a "src=/etc/hosts dest=/backup/hosts mode=111 backup=yes "

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"backu

[root@backup backup] # ll

total 8

---x--x--x 1 root root 390 Oct 30 19:49 hosts????????????????????传输成功

-rwxrwxrwx 1 root root 9 Oct 30 19:45 hosts.9266.2019-10-30@19:49:30~

You have new mail in /var/spool/mail/root

[root@backup backup] #

7.4.2.2 file模块的讲解

7.4.2.2.1 作用

对已有数据信息进行数据属性的修改

在多台主机上面可以进行创建或者删除的操作

7.4.2.2.2 语法

ansible 172.16.1.41 -m file -a "path=指定数据的路径信息 mode=要修改成的权限 owner=要修改成的属主 group=要修改成的属组"

ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要创建的文件 state=touch"

ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要创建的目录 state=directory"

ansible 172.16.1.41 -m file -a "src=远程的文件????path=指定数据的路径信息/要创建硬链接 state=hard"

ansible 172.16.1.41 -m file -a " src=远程的文件????path=指定数据的路径信息/要创建软链接 state=link"

ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要删除的文件 state=absent"

ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要删除的目录 state=absent"

7.4.2.2.3 参数讲解

path????????????????指定要远程创建的文件的具体路径信息

src????????????????指定源文件是哪个

state????????????????指定对查找到的路径下面的文件进行什么操作(touch,directory.,hard,link)

mode????????????指定文件的权限信息

owner????????????指定文件的属主信息

group????????????指定文件的属组信息

7.4.2.2.4 将远程172.16.1.41服务器的/backup/hosts文件权限修改为644,并且属主.属组为oldboy10

[root@m01 backup] # ansible 172.16.1.41 -m file -a "path=/backup/hosts mode=644 owner=oldboy10 group=oldboy10"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

[root@backup backup] # ll

total 8

-rw-r--r-- 1 oldboy10 oldboy10 390 Oct 30 19:49 hosts????????????????修改成功

7.4.2.2.5 在远程主机172.16.1.4的/backup/目录下面创建文件为oldboy10.txt

[root@m01 backup] # ansible 172.16.1.41 -m file -a "path=/backup/oldboy10.txt state=touch"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true,

[root@backup backup] # ll

total 8

-rw-r--r-- 1 oldboy10 oldboy10 390 Oct 30 19:49 hosts

-rw-r--r-- 1 root root 0 Oct 30 20:28 oldboy10.txt????????????????????创建成功

7.4.2.2.6 在远程主机172.16.1.4的/backup/目录下面创建目录为oldboy

[root@m01 backup] # ansible 172.16.1.41 -m file -a "path=/backup/oldboy state=directory"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true,

[root@backup backup] # ll

total 8

-rw-r--r-- 1 oldboy10 oldboy10 390 Oct 30 19:49 hosts

drwxr-xr-x 2 root root 6 Oct 30 20:31 oldboy????????????创建目录成功

7.4.2.2.7 在远程主机172.16.1.4的/backup/目录下面创建硬链接文件为hard_oldboy.txt

[root@m01 backup] # ansible 172.16.1.41 -m file -a "src=/backup/oldboy10.txt path=/backup/hard_oldboy.txt state=hard"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true,

69620303 -rw-r--r-- 3 root root 0 Oct 30 20:28 hard_oldboy.txt????????????创建硬链接成功

69620303 -rw-r--r-- 3 root root 0 Oct 30 20:28 oldboy10.txt

7.4.2.2.8 在远程主机172.16.1.4的/backup/目录下面创建软链接文件为link_oldboy.txt

[root@m01 backup] # ansible 172.16.1.41 -m file -a "src=/backup/oldboy10.txt path=/backup/link_oldboy01.txt state=link "

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true,

[root@backup backup] # ll

total 12

lrwxrwxrwx 1 root root 20 Oct 30 20:50 link_oldboy01.txt -> /backup/oldboy10.txt????????创建成功

-rw-r--r-- 4 root root 0 Oct 30 20:28 oldboy10.txt

7.4.2.2.9 在远程主机上将oldboy10.txt删除

[root@m01 backup] # ansible 172.16.1.41 -m file -a " path=/backup/oldboy10.txt state=absent"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

[root@backup backup] # ll????????????????????发现没有oldboy10.txt文件了

total 12

-rw-r--r-- 2 oldboy10 oldboy10 390 Oct 30 19:49 aa

-rw-r--r-- 3 root root 0 Oct 30 20:28 hard_oldboy.txt

[root@backup backup] #

7.4.2.2.10 在远程主机上将oldboy目录删除

[root@m01 backup] # ansible 172.16.1.41 -m file -a " path=/backup/oldboy state=absent"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

}

You have new mail in /var/spool/mail/root

[root@m01 backup] #

[root@backup backup] # ll????????????????????发现没有oldboy10目录

total 12

-rw-r--r-- 2 oldboy10 oldboy10 390 Oct 30 19:49 aa

-rw-r--r-- 3 root root 0 Oct 30 20:28 hard_oldboy.txt

[root@backup backup] #

7.4.2.3 fetch模块的讲解

7.4.2.3.1 作用

将被管理端主机数据进行拉取保存到管理主机上

7.4.2.3.2 语法

ansible 172.16.1.41 -m fetch -a " src=被管理机的目录下面的数据信息 dest=管理机指定的目录下面 "

7.4.2.3.3 将/etc/hosts文件拿到批量管理服务器上的/backup目录里面

[root@m01 backup] # ansible 172.16.1.41 -m fetch -a " src=/etc/hosts dest=/backup/"

172.16.1.41 | CHANGED => {

"changed": true,

"remote_md5sum": null

}

[root@m01 backup] # ll /backup

total 16

drwxr-xr-x 3 root root 17 Oct 30 20:58 172.16.1.41

[root@m01 backup] # cd 172.16.1.41????????

[root@m01 172.16.1.41] # ll

total 0

drwxr-xr-x 2 root root 19 Oct 30 20:58 etc????????成功

[root@m01 172.16.1.41] #

7.4.3 系统模块的讲解

7.4.3.1 yum模块的讲解

7.4.3.1.1 作用

可以用于批量安装软件

7.4.3.1.2 语法

ansible 主机IP -m yum -a "name=htop state=intsalled"

ansible 主机IP -m yum -a "name=htop state=removed"

7.4.3.1.3 参数讲解

name????????指定远程主机要安装的软件信息

state????????????是否安装软件(installed)或者卸载软件(removed)

7.4.3.1.4 批量安装htop软件

[root@m01 ansible_playbook] # ansible 172.16.1.41 -m yum -a "name=htop state=installed"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true,

"changes": {

"installed": [

"htop"

[root@backup ~] # rpm -qa htop

htop-2.2.0-3.el7.x86_64????????????????安装成功

[root@backup ~] #

7.4.3.1.5 批量卸载htop软件

[root@m01 ansible_playbook] # ansible 172.16.1.41 -m yum -a "name=htop state=removed"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true,

"changes": {

"removed": [

"htop"

[root@backup ~] # rpm -qa htop????????????????卸载成功

7.4.3.2 service模块的讲解

7.4.3.2.1 作用

可以批量启动/停止/重启/重载服务程序

7.4.3.2.2 语法

ansible 主机IP -m service -a "name=启动的服务名称 state=启动/停止/重启/重载"

ansible 主机IP -m service -a "name=启动的服务名称 enabled=yes/no"

7.4.3.2.3 参数讲解

name????????指定远程主机需要批量启动/停止/重启/重载的服务程序

state????????????指定你要将服务的状态怎么样

enabled????????指定是否要开启开机自启服务

7.4.3.2.4 启动/停止/重启rsync服务

ansible 172.16.1.41 -m service -a "name=rsyncd state=started"????????????启动

[root@backup ~] # systemctl status rsyncd

● rsyncd.service - fast remote file copy program daemon

Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)

Active: active (running) since Thu 2019-10-31 15:52:23 CST; 8s ago

Main PID: 3404 (rsync)

ansible 172.16.1.41 -m service -a "name=rsyncd state=stopped"????????????停止

[root@backup ~] # systemctl status rsyncd

● rsyncd.service - fast remote file copy program daemon

Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)

Active: inactive (dead) since Thu 2019-10-31 15:52:44 CST; 4s ago

ansible 172.16.1.41 -m service -a "name=rsyncd state=restarted"????????????重启

[root@backup ~] # systemctl status rsyncd

● rsyncd.service - fast remote file copy program daemon

Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)

Active: active (running) since Thu 2019-10-31 15:53:00 CST; 3s ago

7.4.3.2.5 开机自启rsync服务

[root@backup ~] # systemctl status rsyncd

● rsyncd.service - fast remote file copy program daemon

Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; disabled; vendor preset: disabled)????发现没有开启

Active: active (running) since Thu 2019-10-31 15:53:00 CST; 7min ago

[root@m01 ansible_playbook] # ansible 172.16.1.41 -m service -a "name=rsyncd enabled=yes"

[root@backup ~] # systemctl status rsyncd

● rsyncd.service - fast remote file copy program daemon

Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)????开启成功

Active: active (running) since Thu 2019-10-31 15:53:00 CST; 8min ago

7.4.3.3 cron模块的讲解

7.4.3.3.1 作用

批量设置定时任务

7.4.3.3.2 语法

ansible 主机IP -m cron -a "name=注释信息 minute=*/5 job=执行的任务"

ansible 主机IP -m cron -a " minute=*/5 job=执行的任务"

ansible 主机IP -m cron -a "name=注释信息 minute=*/5 job=执行的任务 state=absent/disable"

7.4.3.3.3 参数讲解

minute????????每分钟(0-59)

hour????????????每小时(0-23)

day????????????每天(1-31)

month????????每月(1-12)

weekday????????每周(0-6)

name????????注释的信息

job????????????指定的任务参数

state????????????定义此定时任务的状态信息

7.4.3.3.4 在备份服务器上定义每5分钟更新下时间

[root@m01 ansible_playbook] # ansible 172.16.1.41 -m cron -a "name=定时任务更新时间 minute=*/5 job=‘/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null‘"

[DEPRECATION WARNING]: The ‘name‘ parameter will be required in future releases.. This

]

}

[root@m01 ansible_playbook] #

[root@backup ~] # crontab -l

#Ansible:定时任务更新时间

*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null????????????添加成功

[root@backup ~] #

7.4.3.3.5 在备份服务器上将添加的定时任务注释掉

[root@m01 ansible_playbook] # ansible 172.16.1.41 -m cron -a "name=定时任务更新 minute=*/5 job=‘/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null‘ disabled=yes"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true,

[root@backup ~] # crontab -l

#Ansible: 定时任务更新

#*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null????????????注释成功

[root@backup ~] #

7.4.3.3.6 在备份服务器上将定时任务更新任务删除

[root@m01 ansible_playbook] # ansible 172.16.1.41 -m cron -a "name=定时任务更新 minute=*/5 job=‘/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null‘ state=absent"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true,

[root@backup ~] # crontab -l????????????????发现定时任务已经删除

#时间同步

*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com

#nfs打包发送给备份服务

0 20 * * * /bin/sh /server/scripts/backup_server.sh

[root@backup ~] #

7.4.3.4 mount模块的讲解

7.4.3.4.1 作用

可以批量的挂载和卸载操作

7.4.3.4.2 语法

ansible 主机IP -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=挂载;卸载 "

7.4.3.4.3 参数讲解

src????????????????指定要挂载的设备文件/网络文件

path????????????????指定要挂载在哪个目录上

fstype????????????指定挂载设备的文件类型

state????????????????指定目前你需要的挂载操作

mounted????????????挂载(临时挂载和永久挂载)

unmounted????????卸载(临时卸载)

present????????????挂载(永久挂载)

absent????????????卸载(临时卸载和永久卸载)

7.4.3.4.4 将服务端的data01挂载到客户端/mnt目录上(mounted状态的时候)

[root@m01 ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=mounted"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true,

[root@backup ~] # df -h????????????????????????????临时挂载成功

Filesystem Size Used Avail Use% Mounted on

/dev/sda3 99G 5.3G 93G 6% /

172.16.1.31:/data01 99G 5.3G 93G 6% /mnt

[root@backup ~] # tail /etc/fstab

#UUID=27104df9-3f54-4b94-acb7-0890b452e99f / xfs defaults 0 0

172.16.1.31:/data01 /mnt nfs defaults 0 0????????????????永久挂载成功

[root@backup ~] #

7.4.3.4.5 将服务端的data01挂载到客户端/mnt目录上(persent状态的时候)

[root@m01 ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=present"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true,

[root@backup ~] # df -h

Filesystem Size Used Avail Use% Mounted on

/dev/sda3 99G 5.3G 93G 6% /

devtmpfs 471M 0 471M 0% /dev

tmpfs 487M 0 487M 0% /dev/shm

tmpfs 487M 8.4M 478M 2% /run

tmpfs 487M 0 487M 0% /sys/fs/cgroup

/dev/sda1 197M 160M 37M 82% /boot

tmpfs 98M 12K 98M 1% /run/user/42

tmpfs 98M 0 98M 0% /run/user/0

[root@backup ~] # tail -1 /etc/fstab ????????????????????????发现只有永远挂载,不会临时挂载

172.16.1.31:/data01 /mnt nfs defaults 0 0

[root@backup ~] #

7.4.3.4.5 将客户端的挂载点/mnt卸载(unmounted)

[root@m01 ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=unmounted"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true,

[root@backup ~] # df -h

Filesystem Size Used Avail Use% Mounted on

/dev/sda3 99G 5.4G 93G 6% /

devtmpfs 471M 0 471M 0% /dev

tmpfs 487M 0 487M 0% /dev/shm

tmpfs 487M 8.4M 478M 2% /run

tmpfs 487M 0 487M 0% /sys/fs/cgroup

/dev/sda1 197M 160M 37M 82% /boot

tmpfs 98M 12K 98M 1% /run/user/42

tmpfs 98M 0 98M 0% /run/user/0????????????发现只能临时卸载,不能永久卸载

[root@backup ~] # tail -1 /etc/fstab

172.16.1.31:/data01 /mnt nfs defaults 0 0????????????????永久卸载失败

[root@backup ~] #

7.4.3.4.6 将客户端的挂载点/mnt卸载(absent)

[root@m01 ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=absent"

172.16.1.41 | FAILED! => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"msg": "Error rmdir /mnt: [Errno 39] Directory not empty: ‘/mnt‘"

}

[root@backup ~] # df -h????????????????????????????卸载成功

Filesystem Size Used Avail Use% Mounted on

/dev/sda3 99G 5.4G 93G 6% /

devtmpfs 471M 0 471M 0% /dev

tmpfs 487M 0 487M 0% /dev/shm

tmpfs 487M 8.4M 478M 2% /run

tmpfs 487M 0 487M 0% /sys/fs/cgroup

/dev/sda1 197M 160M 37M 82% /boot

tmpfs 98M 12K 98M 1% /run/user/42

tmpfs 98M 0 98M 0% /run/user/0

[root@backup ~] # tail -1 /etc/fstab ????????????????????卸载成功

#/dev/sdb1 /mnt ext4 user 0 0

[root@backup ~] #

7.4.3.5 user模块的讲解

7.4.3.5.1 作用

可以批量生成用户信息

7.4.3.5.2 语法

ansible 主机IP地址 -m user -a ‘name=创建用户名称 shell=是否进行登录 create_home=yes/no password="密文信息"‘

7.4.3.5.3 参数讲解

name????????????指定远程要创建的用户名称

shell????????????????指定用户登录的方式

create_home????????指定用户是否创建家目录

password????????????指定设置用户的密码,需要使用密文信息来设置密码

uid????????????????指定创建的用户的uid‘值

group????????????指定创建的用户的主组信息

groups????????????指定创建的用户的附属组信息

7.4.3.5.4 创建olddog用户

[root@m01 ansible_playbook] #

[root@m01 ansible_playbook] # ansible 172.16.1.41 -m user -a "name=olddog"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true

[root@backup ~] # id olddog

uid=1015(olddog) gid=1018(olddog) groups=1018(olddog)????????????创建用户成功

You have new mail in /var/spool/mail/root

[root@backup ~] #

7.4.3.5.5 创建虚拟用户oldgirl用户

[root@m01 ansible_playbook] # ansible 172.16.1.41 -m user -a "name=oldgirl shell=/sbin/nologin create_home=no"

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true,

[root@backup ~] # id oldgirl????????????????????????????????创建虚拟用户成功

uid=1016(oldgirl) gid=100(users) groups=100(users)

You have new mail in /var/spool/mail/root

[root@backup ~] # ll /home/oldgirl????????????????????家目录找不到

ls: cannot access /home/oldgirl: No such file or directory

[root@backup ~] # grep oldgirl /etc/passwd

oldgirl:x:1016:100::/home/oldgirl:/sbin/nologin????????????不可以进行用户登录

[root@backup ~] #

7.4.3.5.6 创建用户并且设置密码

[root@m01 ansible_playbook] # ansible 172.16.1.41 -m user -a "name=oldgirl shell=/bin/bash create_home=no password=123456"

[WARNING]: The input password appears not to have been hashed. The ‘password‘ argument must be encrypted for this module to work properly.

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"append": false,

"changed": true,

[root@backup ~] # grep oldgirl /etc/shadow

oldgirl:123456:18200:0:99999:7:::????????????密码是明文的,设置用户密码的时候使用密文信息,不正确

[root@backup ~] #

创建密文密码信息
- 方式一:利用ansible命令来设置密文信息

????????[root@m01 ansible_playbook] # ansible 172.16.1.41 -m debug -a "msg={{‘123456‘|password_hash(‘sha512‘,‘oldboy‘) }}"

172.16.1.41 | SUCCESS => {

"msg": "$6$oldboy$MVd3DevkLcimrBLdMICrBY8HF82Wtau5cI8D2w4Zs6P1cCfMTcnnyAmmJc7mQaE9zuHxk8JFTRgYMGv9uKW7j1"

}

方式二:使用python语言来生成密码信息
- 安装pip软件

????????yum install -y python-pip

pip安装passlib软件

????????pip install passlib

????????

[root@m01 ansible_playbook] # python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))"????????使用python语言来设置密文信息

Password: ????????????????设置明文密码

$6$XavoWtpBWnfV2sRL$3H8B1SeY76Dca8b.y6OQlBFVVeSHCwM71MQNwcV7Z1ApGVxIGFX9DNGVZU/k.J0/Vo2Rijrbasaku3nuR7qML1

重新设定oldtea密码信息

[root@m01 ansible_playbook] # ansible 172.16.1.41 -m user -a ‘name=oldgirl shell=/bin/bash create_home=no password="$6$XavoWtpBWnfV2sRL$3H8B1SeY76Dca8b.y6OQlBFVVeSHCwM71MQNwcV7Z1ApGVxIGFX9DNGVZU/k.J0/Vo2Rijrbasaku3nuR7qML1"‘????????????添加密文信息

172.16.1.41 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": true,

[root@backup ~] # grep oldgirl /etc/shadow????????????????查看发现添加成功

oldgirl:$6$XavoWtpBWnfV2sRL$3H8B1SeY76Dca8b.y6OQlBFVVeSHCwM71MQNwcV7Z1ApGVxIGFX9DNGVZU/k.J0/Vo2Rijrbasaku3nuR7qML1:18200:0:99999:7:::

[root@backup ~] #