标签:存储 exp work suse files been 默认 dep check
7.3.1 根据主机IP地址来进行设置主机清单????105
7.4 ansible的模块讲解(相当于linux命令行的命令)????112
7.5 ansible的剧本讲解(相当于linux编写的脚本)????134
======================================================================
[root@m01 ~] # yum -y install ansible
[root@m01 ~] # ansible --version
ansible 2.8.5
config file = /etc/ansible/ansible.cfg
configured module search path = [u‘/root/.ansible/plugins/modules‘, u‘/usr/share/ansible/plugins/modules‘]
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
[root@m01 ~] #
?
[root@m01 ~] # vim /etc/ansible/hosts
## db-[99:101]-node.example.com
172.16.1.41
172.16.1.7
[root@m01 ~] # ansible all -m ping????????????????查看IP地址是否正常
172.16.1.41 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"????????????????????????????出现ping:pong就是正常的情况
}
172.16.1.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@m01 ~] #
[root@m01 ~] # vim /etc/ansible/hosts
?
172.16.1.41
?
[web_server]????????????????将网站服务器分组,组名为[web_server]
172.16.1.7
"/etc/ansible/hosts" 50L, 1067C written
You have new mail in /var/spool/mail/root
[root@m01 ~] # ansible web_server -m ping????????????????查找指定的组来进行测试
172.16.1.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@m01 ~] #
[root@web01 ~] # vim ~/.ssh/authorized_keys
-dss AAAAB3NzaC1kc3MAAACBAP2/LmC3aM8WowMU81f1PYTFR5l08hATO3LR13RSa6XBw8laM5ih2tqe66FwUOwgpKfEczvOcqtbohCg87ZF3B/1sT25lKrsePysmn7Jr93htinjAMrP36pS5+MG
[root@backup ~] # ssh 172.16.1.7????????????????秘钥已经不正常
root@172.16.1.7‘s password:
[root@m01 ~] # ansible 172.16.1.7 -m ping
172.16.1.7 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).", ????????连接失败
"unreachable": true
}
[root@m01 ~] #
?
172.16.1.7 ansible_user=root ansible_password=123456 ansible_port=22????????设置内置变量来定义用户,密码,端口
"/etc/ansible/hosts" 50L, 1125C written
[root@m01 ~] # ansible 172.16.1.7 -m ping
172.16.1.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"????????????????连接成功
}
[root@m01 ~] #
?
web01 ansible_host=172.16.1.7 ansible_user=root ansible_password=123456 ansible_port=22
"/etc/ansible/hosts"^[[A 50L, 1144C written ????????????????使用ansible_host来进行设置IP对应的主机名
[root@m01 ~] # ansible web01 -m ping
web01 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@m01 ~] #
?
web01 ansible_host=172.16.1.7 ansible_user=oldboy10 ansible_password=123456 ansible_port=22
~
"/etc/ansible/hosts" 51L, 1343C written
[root@m01 ~] # ansible web01 -m command -a "cat /etc/shadow"
web01 | FAILED | rc=1 >>
cat: /etc/shadow: Permission deniednon-zero return code????????????????权限拒绝,因为是普通用户,没有权限打开
?
[root@m01 ~] #
?
?
[root@m01 ~] # vim /etc/ansible/hosts
?
[web_server]
web01 ansible_host=172.16.1.7 ansible_user=oldboy10 ansible_password=123456 ansible_port=22 ansible_become=yes ansible_become_method=su ansible_becom
e_user=root ansible_become_password=123456????????????????是否开启提权操作 使用什么方法来进行提权 使用什么用户进行提权 密码是多少
?
?
[root@m01 ~] # ansible web01 -m command -a "cat /etc/passwd"????????????查看主机名为web01的/etc/passwd,用户为普通用户
web01 | CHANGED | rc=0 >>
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
?
[web_server]
web01 ansible_host=172.16.1.7 ansible_user=oldboy10 ansible_password=123456 ansible_port=22
?
[web_server:vars]????????????????设置他的组变量参数为vars
ansible_become=yes
ansible_become_method=su
ansible_become_user=root
ansible_become_password=123456
?
[root@m01 ~] # ansible web01 -m command -a "cat /etc/shadow"
web01 | CHANGED | rc=0 >>
root:$6$pn3juE2N$C9kmnucSJh08QQ.84BOTUNPqy3MSLez2YFG70N4NHD9gU40ibY8mdT6P05xUiaim2xcuRkjgB1rBohhZ8Y.To.:18178:0:99999:7:::
bin:*:17834:0:99999:7:::
daemon:*:17834:0:99999:7:::
adm:*:17834:0:99999:7:::
lp:*:17834:0:99999:7:::
sync:*:17834:0:99999:7:::
?
[web_backup:children]????????????????????将多个模块合在一起进行查看(children:可以说成是web_backup主模块的子模块配置)
backup_server
web_server
?
[backup_server]????
172.16.1.41
?
[web_server]
172.16.1.7 ansible_user=root ansible_password=123456 ansible_port=22
?
?
[root@m01 ~] # ansible web_backup -m ping
172.16.1.41 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@m01 ~] #
[seq_server]????????????????????连续的情况下使用这个方法
172.16.1.[41:45]
"/etc/ansible/hosts" 59L, 1222C written
?
[root@m01 ~] # ansible seq_server -m ping
172.16.1.41 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.42 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 172.16.1.42 port 22: No route to host",
"unreachable": true
}
172.16.1.44 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 172.16.1.44 port 22: No route to host",
"unreachable": true
}
[root@m01 ~] #
批量管理多个数据执行命令,默认不支持特殊符号的使用
ansible 主机名 -m command -a "hostname"
[root@m01 ~] # ansible web_server -m command -a "hostname"????????????查看主机名
172.16.1.7 | CHANGED | rc=0 >>
web01
?
[root@m01 ~] #
[root@m01 ~] # ansible web_server -m command -a "chdir=/tmp pwd"????????????切换目录
172.16.1.7 | CHANGED | rc=0 >>
/tmp
?
You have new mail in /var/spool/mail/root
[root@m01 ~] #
[root@m01 ~] # ansible web_server -m command -a "creates=/tmp/aa.txt touch33.txt"????????????
172.16.1.7 | SUCCESS | rc=0 >>
skipped, since /tmp/aa.txt exists????????????????跳过,现在aa.txt已经存在,跳过创建33.txt
?
[root@m01 ~] #
?
[root@web01 tmp] # ll
total 0
-rw-r--r-- 1 root root 0 Oct 30 16:33 aa.txt
[root@web01 tmp] #
[root@m01 ~] # ansible 172.16.1.41 -m command -a "removes=/tmp/oldboy.txt touch /tmp/aa.txt"
172.16.1.41 | SUCCESS | rc=0 >>
skipped, since /tmp/oldboy.txt does not exist
?
[root@m01 ~] #
?
[root@backup ~] # ll /tmp????????????????????????????文件不存在
total 4
-rw-r--r-- 1 root root 0 Oct 30 11:19 aa.txt
-rw-r--r-- 1 oldboy01 oldboy01 390 Oct 17 19:10 hosts
批量管理多个数据执行命令,默认支持特殊符号,但是这个命令执行一次就废了,简称幂等法
ansible 主机名 -m shell-a "echo oldboy66 > /tmp/aa.txt"
?
[root@m01 ~] # ansible 172.16.1.41 -m shell -a "echo oldboy66 > /tmp/aa.txt"
172.16.1.41 | CHANGED | rc=0 >>
?
?
[root@m01 ~] #
?
[root@backup ~] # cat /tmp/aa.txt
oldboy66????????????????????????????????????数据已经重定向成功
[root@backup ~] #
可以远程执行脚本文件
ansible IP地址 -m script -a "/server/scripts/1.sh"
[root@m01 scripts] # ansible 172.16.1.41 -m script -a "/server/scripts/1.sh"
172.16.1.41 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.16.1.41 closed.\r\n",
"stderr_lines": [
"Shared connection to 172.16.1.41 closed."
],
"stdout": "",
"stdout_lines": []
}
?
[root@m01 scripts] # ansible 172.16.1.41 -m copy -a "src=/etc/hosts dest=/backup/ mode=666 owner=oldboy10 group=oldboy10"
172.16.1.41 | CHANGED => {
"gid": 1004,
?
}
[root@m01 scripts] #
?
?
[root@backup scripts] # cd /backup/
[root@backup backup] # ll
total 4
-rw-rw-rw- 1 oldboy10 oldboy10 390 Oct 30 19:32 hosts????????????属主.属组修改为了oldboy10,权限为666
[root@backup backup] #
[root@m01 scripts] # ansible 172.16.1.41 -m copy -a "src=/etc/hosts dest=/backup/ mode=777 remote_src=yes"
172.16.1.41 | CHANGED => {????????????remote_src代表的是远程源是否开启
"ansible_facts": {
"changed": true
?
?
[root@backup backup] # ll
total 4
-rwxrwxrwx 1 root root 390 Oct 17 19:10 hosts
[root@backup backup] #
[root@m01 backup] # ansible 172.16.1.41 -m copy -a "content=oldboy66 dest=/backup/hosts mode=777 "
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
?
[root@backup backup] # cat hosts
oldboy66????????????????????????????内容输出正确
[root@m01 backup] # ansible 172.16.1.41 -m copy -a "src=/etc/hosts dest=/backup/hosts mode=111 backup=yes "
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backu
?
?
[root@backup backup] # ll
total 8
---x--x--x 1 root root 390 Oct 30 19:49 hosts????????????????????传输成功
-rwxrwxrwx 1 root root 9 Oct 30 19:45 hosts.9266.2019-10-30@19:49:30~
You have new mail in /var/spool/mail/root
[root@backup backup] #
对已有数据信息进行数据属性的修改
在多台主机上面可以进行创建或者删除的操作
ansible 172.16.1.41 -m file -a "path=指定数据的路径信息 mode=要修改成的权限 owner=要修改成的属主 group=要修改成的属组"
ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要创建的文件 state=touch"
ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要创建的目录 state=directory"
ansible 172.16.1.41 -m file -a "src=远程的文件????path=指定数据的路径信息/要创建硬链接 state=hard"
ansible 172.16.1.41 -m file -a " src=远程的文件????path=指定数据的路径信息/要创建软链接 state=link"
ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要删除的文件 state=absent"
ansible 172.16.1.41 -m file -a "path=指定数据的路径信息/要删除的目录 state=absent"
path????????????????指定要远程创建的文件的具体路径信息
src????????????????指定源文件是哪个
state????????????????指定对查找到的路径下面的文件进行什么操作(touch,directory.,hard,link)
mode????????????指定文件的权限信息
owner????????????指定文件的属主信息
group????????????指定文件的属组信息
[root@m01 backup] # ansible 172.16.1.41 -m file -a "path=/backup/hosts mode=644 owner=oldboy10 group=oldboy10"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
?
[root@backup backup] # ll
total 8
-rw-r--r-- 1 oldboy10 oldboy10 390 Oct 30 19:49 hosts????????????????修改成功
[root@m01 backup] # ansible 172.16.1.41 -m file -a "path=/backup/oldboy10.txt state=touch"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
[root@backup backup] # ll
total 8
-rw-r--r-- 1 oldboy10 oldboy10 390 Oct 30 19:49 hosts
-rw-r--r-- 1 root root 0 Oct 30 20:28 oldboy10.txt????????????????????创建成功
[root@m01 backup] # ansible 172.16.1.41 -m file -a "path=/backup/oldboy state=directory"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
?
[root@backup backup] # ll
total 8
-rw-r--r-- 1 oldboy10 oldboy10 390 Oct 30 19:49 hosts
drwxr-xr-x 2 root root 6 Oct 30 20:31 oldboy????????????创建目录成功
[root@m01 backup] # ansible 172.16.1.41 -m file -a "src=/backup/oldboy10.txt path=/backup/hard_oldboy.txt state=hard"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
69620303 -rw-r--r-- 3 root root 0 Oct 30 20:28 hard_oldboy.txt????????????创建硬链接成功
69620303 -rw-r--r-- 3 root root 0 Oct 30 20:28 oldboy10.txt
[root@m01 backup] # ansible 172.16.1.41 -m file -a "src=/backup/oldboy10.txt path=/backup/link_oldboy01.txt state=link "
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
[root@backup backup] # ll
total 12
lrwxrwxrwx 1 root root 20 Oct 30 20:50 link_oldboy01.txt -> /backup/oldboy10.txt????????创建成功
-rw-r--r-- 4 root root 0 Oct 30 20:28 oldboy10.txt
[root@m01 backup] # ansible 172.16.1.41 -m file -a " path=/backup/oldboy10.txt state=absent"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
?
?
[root@backup backup] # ll????????????????????发现没有oldboy10.txt文件了
total 12
-rw-r--r-- 2 oldboy10 oldboy10 390 Oct 30 19:49 aa
-rw-r--r-- 3 root root 0 Oct 30 20:28 hard_oldboy.txt
[root@backup backup] #
[root@m01 backup] # ansible 172.16.1.41 -m file -a " path=/backup/oldboy state=absent"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
}
You have new mail in /var/spool/mail/root
[root@m01 backup] #
?
[root@backup backup] # ll????????????????????发现没有oldboy10目录
total 12
-rw-r--r-- 2 oldboy10 oldboy10 390 Oct 30 19:49 aa
-rw-r--r-- 3 root root 0 Oct 30 20:28 hard_oldboy.txt
[root@backup backup] #
?
?
将被管理端主机数据进行拉取保存到管理主机上
ansible 172.16.1.41 -m fetch -a " src=被管理机的目录下面的数据信息 dest=管理机指定的目录下面 "
[root@m01 backup] # ansible 172.16.1.41 -m fetch -a " src=/etc/hosts dest=/backup/"
172.16.1.41 | CHANGED => {
"changed": true,
"remote_md5sum": null
}
[root@m01 backup] # ll /backup
total 16
drwxr-xr-x 3 root root 17 Oct 30 20:58 172.16.1.41
[root@m01 backup] # cd 172.16.1.41????????
[root@m01 172.16.1.41] # ll
total 0
drwxr-xr-x 2 root root 19 Oct 30 20:58 etc????????成功
[root@m01 172.16.1.41] #
可以用于批量安装软件
ansible 主机IP -m yum -a "name=htop state=intsalled"
ansible 主机IP -m yum -a "name=htop state=removed"
?
name????????指定远程主机要安装的软件信息
state????????????是否安装软件(installed)或者卸载软件(removed)
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m yum -a "name=htop state=installed"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"htop"
?
?
[root@backup ~] # rpm -qa htop
htop-2.2.0-3.el7.x86_64????????????????安装成功
[root@backup ~] #
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m yum -a "name=htop state=removed"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"removed": [
"htop"
?
[root@backup ~] # rpm -qa htop????????????????卸载成功
可以批量启动/停止/重启/重载服务程序
ansible 主机IP -m service -a "name=启动的服务名称 state=启动/停止/重启/重载"
ansible 主机IP -m service -a "name=启动的服务名称 enabled=yes/no"
?
name????????指定远程主机需要批量启动/停止/重启/重载的服务程序
state????????????指定你要将服务的状态怎么样
enabled????????指定是否要开启开机自启服务
ansible 172.16.1.41 -m service -a "name=rsyncd state=started"????????????启动
[root@backup ~] # systemctl status rsyncd
● rsyncd.service - fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-10-31 15:52:23 CST; 8s ago
Main PID: 3404 (rsync)
?
ansible 172.16.1.41 -m service -a "name=rsyncd state=stopped"????????????停止
[root@backup ~] # systemctl status rsyncd
● rsyncd.service - fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Thu 2019-10-31 15:52:44 CST; 4s ago
?
ansible 172.16.1.41 -m service -a "name=rsyncd state=restarted"????????????重启
[root@backup ~] # systemctl status rsyncd
● rsyncd.service - fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-10-31 15:53:00 CST; 3s ago
[root@backup ~] # systemctl status rsyncd
● rsyncd.service - fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; disabled; vendor preset: disabled)????发现没有开启
Active: active (running) since Thu 2019-10-31 15:53:00 CST; 7min ago
?
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m service -a "name=rsyncd enabled=yes"
?
[root@backup ~] # systemctl status rsyncd
● rsyncd.service - fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)????开启成功
Active: active (running) since Thu 2019-10-31 15:53:00 CST; 8min ago
?
批量设置定时任务
ansible 主机IP -m cron -a "name=注释信息 minute=*/5 job=执行的任务"
ansible 主机IP -m cron -a " minute=*/5 job=执行的任务"
ansible 主机IP -m cron -a "name=注释信息 minute=*/5 job=执行的任务 state=absent/disable"
?
?
minute????????每分钟(0-59)
hour????????????每小时(0-23)
day????????????每天(1-31)
month????????每月(1-12)
weekday????????每周(0-6)
name????????注释的信息
job????????????指定的任务参数
state????????????定义此定时任务的状态信息
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m cron -a "name=定时任务更新时间 minute=*/5 job=‘/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null‘"
[DEPRECATION WARNING]: The ‘name‘ parameter will be required in future releases.. This
]
}
[root@m01 ansible_playbook] #
?
?
[root@backup ~] # crontab -l
#Ansible:定时任务更新时间
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null????????????添加成功
[root@backup ~] #
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m cron -a "name=定时任务更新 minute=*/5 job=‘/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null‘ disabled=yes"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
?
[root@backup ~] # crontab -l
#Ansible: 定时任务更新
#*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null????????????注释成功
[root@backup ~] #
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m cron -a "name=定时任务更新 minute=*/5 job=‘/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null‘ state=absent"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
?
[root@backup ~] # crontab -l????????????????发现定时任务已经删除
#时间同步
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com
?
#nfs打包发送给备份服务
0 20 * * * /bin/sh /server/scripts/backup_server.sh
?
[root@backup ~] #
可以批量的挂载和卸载操作
ansible 主机IP -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=挂载;卸载 "
7.4.3.4.3 参数讲解
src????????????????指定要挂载的设备文件/网络文件
path????????????????指定要挂载在哪个目录上
fstype????????????指定挂载设备的文件类型
state????????????????指定目前你需要的挂载操作
mounted????????????挂载(临时挂载和永久挂载)
unmounted????????卸载(临时卸载)
present????????????挂载(永久挂载)
absent????????????卸载(临时卸载和永久卸载)
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=mounted"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
?
[root@backup ~] # df -h????????????????????????????临时挂载成功
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 99G 5.3G 93G 6% /
172.16.1.31:/data01 99G 5.3G 93G 6% /mnt
[root@backup ~] # tail /etc/fstab
#
#UUID=27104df9-3f54-4b94-acb7-0890b452e99f / xfs defaults 0 0
172.16.1.31:/data01 /mnt nfs defaults 0 0????????????????永久挂载成功
[root@backup ~] #
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=present"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
?
[root@backup ~] # df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 99G 5.3G 93G 6% /
devtmpfs 471M 0 471M 0% /dev
tmpfs 487M 0 487M 0% /dev/shm
tmpfs 487M 8.4M 478M 2% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sda1 197M 160M 37M 82% /boot
tmpfs 98M 12K 98M 1% /run/user/42
tmpfs 98M 0 98M 0% /run/user/0
[root@backup ~] # tail -1 /etc/fstab ????????????????????????发现只有永远挂载,不会临时挂载
172.16.1.31:/data01 /mnt nfs defaults 0 0
[root@backup ~] #
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=unmounted"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
?
[root@backup ~] # df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 99G 5.4G 93G 6% /
devtmpfs 471M 0 471M 0% /dev
tmpfs 487M 0 487M 0% /dev/shm
tmpfs 487M 8.4M 478M 2% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sda1 197M 160M 37M 82% /boot
tmpfs 98M 12K 98M 1% /run/user/42
tmpfs 98M 0 98M 0% /run/user/0????????????发现只能临时卸载,不能永久卸载
[root@backup ~] # tail -1 /etc/fstab
172.16.1.31:/data01 /mnt nfs defaults 0 0????????????????永久卸载失败
[root@backup ~] #
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m mount -a "src=172.16.1.31:/data01 path=/mnt fstype=nfs state=absent"
172.16.1.41 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "Error rmdir /mnt: [Errno 39] Directory not empty: ‘/mnt‘"
}
?
?
[root@backup ~] # df -h????????????????????????????卸载成功
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 99G 5.4G 93G 6% /
devtmpfs 471M 0 471M 0% /dev
tmpfs 487M 0 487M 0% /dev/shm
tmpfs 487M 8.4M 478M 2% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sda1 197M 160M 37M 82% /boot
tmpfs 98M 12K 98M 1% /run/user/42
tmpfs 98M 0 98M 0% /run/user/0
[root@backup ~] # tail -1 /etc/fstab ????????????????????卸载成功
#/dev/sdb1 /mnt ext4 user 0 0
[root@backup ~] #
?
可以批量生成用户信息
ansible 主机IP地址 -m user -a ‘name=创建用户名称 shell=是否进行登录 create_home=yes/no password="密文信息"‘
name????????????指定远程要创建的用户名称
shell????????????????指定用户登录的方式
create_home????????指定用户是否创建家目录
password????????????指定设置用户的密码,需要使用密文信息来设置密码
uid????????????????指定创建的用户的uid‘值
group????????????指定创建的用户的主组信息
groups????????????指定创建的用户的附属组信息
[root@m01 ansible_playbook] #
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m user -a "name=olddog"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true
?
[root@backup ~] # id olddog
uid=1015(olddog) gid=1018(olddog) groups=1018(olddog)????????????创建用户成功
You have new mail in /var/spool/mail/root
[root@backup ~] #
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m user -a "name=oldgirl shell=/sbin/nologin create_home=no"
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
[root@backup ~] # id oldgirl????????????????????????????????创建虚拟用户成功
uid=1016(oldgirl) gid=100(users) groups=100(users)
You have new mail in /var/spool/mail/root
[root@backup ~] # ll /home/oldgirl????????????????????家目录找不到
ls: cannot access /home/oldgirl: No such file or directory
[root@backup ~] # grep oldgirl /etc/passwd
oldgirl:x:1016:100::/home/oldgirl:/sbin/nologin????????????不可以进行用户登录
[root@backup ~] #
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m user -a "name=oldgirl shell=/bin/bash create_home=no password=123456"
[WARNING]: The input password appears not to have been hashed. The ‘password‘ argument must be encrypted for this module to work properly.
?
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"append": false,
"changed": true,
?
?
[root@backup ~] # grep oldgirl /etc/shadow
oldgirl:123456:18200:0:99999:7:::????????????密码是明文的,设置用户密码的时候使用密文信息,不正确
[root@backup ~] #
?
?
????????[root@m01 ansible_playbook] # ansible 172.16.1.41 -m debug -a "msg={{‘123456‘|password_hash(‘sha512‘,‘oldboy‘) }}"
172.16.1.41 | SUCCESS => {
"msg": "$6$oldboy$MVd3DevkLcimrBLdMICrBY8HF82Wtau5cI8D2w4Zs6P1cCfMTcnnyAmmJc7mQaE9zuHxk8JFTRgYMGv9uKW7j1"
}
????????yum install -y python-pip
????????pip install passlib
????????
[root@m01 ansible_playbook] # python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))"????????使用python语言来设置密文信息
Password: ????????????????设置明文密码
$6$XavoWtpBWnfV2sRL$3H8B1SeY76Dca8b.y6OQlBFVVeSHCwM71MQNwcV7Z1ApGVxIGFX9DNGVZU/k.J0/Vo2Rijrbasaku3nuR7qML1
[root@m01 ansible_playbook] # ansible 172.16.1.41 -m user -a ‘name=oldgirl shell=/bin/bash create_home=no password="$6$XavoWtpBWnfV2sRL$3H8B1SeY76Dca8b.y6OQlBFVVeSHCwM71MQNwcV7Z1ApGVxIGFX9DNGVZU/k.J0/Vo2Rijrbasaku3nuR7qML1"‘????????????添加密文信息
172.16.1.41 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
?
[root@backup ~] # grep oldgirl /etc/shadow????????????????查看发现添加成功
oldgirl:$6$XavoWtpBWnfV2sRL$3H8B1SeY76Dca8b.y6OQlBFVVeSHCwM71MQNwcV7Z1ApGVxIGFX9DNGVZU/k.J0/Vo2Rijrbasaku3nuR7qML1:18200:0:99999:7:::
[root@backup ~] #
将多个模块进行整合灵活的使用,实现一键批量化的安装软件
简化了操作的流程
提高了工作效率
降低的公司维护的成本
实现了服务端额自动部署
- hosts: 主机清单
tasks:
- name: 01 安装服务
- hosts: 主机清单????????????????冒号后面要有1个空格
tasks:????????????????????????冒号后面不需要有1个空格
- name: 01 安装服务
- hosts: 主机清单
tasks:
- name: 01 安装服务????????????????空格后面有一个空格
?
[root@m01 auto_yaml] # ansible-playbook --syntax-check auto_rsync_news.yaml ????????测试方法
?
playbook: auto_rsync_news.yaml
[root@m01 auto_yaml] # ansible-playbook -C auto_rsync_news.yaml ????????????模拟执行方法
?
PLAY [backup] **************************************************************************************************************************************
[root@m01 auto_yaml] # ansible-playbook auto_rsync_news.yaml ????????????执行方法
?
PLAY [backup] **************************************************************************************************************************************
?
- hosts: nfs_server
tasks:
- name: 01:install software
yum: name=nfs-utils state=installed
yum: name=rpcbind state=installed
- name: 02:push conf_file to server
copy: src=./nfs/exports dest=/etc/
- name: 03:create data dir
file: path=/data state=directory owner=nfsnobody group=nfsnobody
- name: 04:boot server
service: name=rpcbind state=started enabled=yes
service: name=nfs state=started enabled=yes
?
- hosts: nfs_client
tasks:
- name: 01:install software
yum: name=nfs-utils state=installed
- name: 02:mount data dir
shell: mount -t nfs 172.16.1.31:/data /mnt
- hosts: nfs_server
tasks:
- name: 01:install software
yum:
name:
- nfs-utils
- rpcbind
state: installed
- name: 02:push conf_file to server
copy:
src: ./nfs/exports
dest: /etc/
- name: 03:create data dir
file:
path: /data
state: directory
owner: nfsnobody
group: nfsnobody
- name: 04:boot server rpc
service:
name: rpcbind
state: started
enabled: yes
- name: 05:boot server nfs
service:
name: nfs
state: started
enabled: yes
?
- hosts: nfs_client
tasks:
- name: 01:install software
yum:
name: nfs-utils
state: installed
- name: 02:mount data dir
shell: mount -t nfs 172.16.1.31:/data /mnt????
ansible_all_ipv4_addresses:????????????????仅显示ipv4的信息。
ansible_devices:????????????????????????仅显示磁盘设备信息。
ansible_distribution:????????????????????显示是什么系统,例:centos,suse等。
ansible_distribution_major_version:????????显示是系统主版本。
ansible_distribution_version:????????????仅显示系统版本。
ansible_machine:????????????????????????显示系统类型,例:32位,还是64位。
ansible_eth0:????????????????????????仅显示eth0的信息。
ansible_hostname:????????????????????仅显示主机名。
ansible_kernel:????????????????????????仅显示内核版本。
ansible_lvm:????????????????????????????显示lvm相关信息。
ansible_memtotal_mb:????????????????????显示系统总内存。
ansible_memfree_mb:????????????????????显示可用系统内存。
ansible_memory_mb:????????????????????详细显示内存情况。
ansible_swaptotal_mb:????????????????????显示总的swap内存。
ansible_swapfree_mb:????????????????????显示swap内存的可用内存。
ansible_mounts:????????????????????????显示系统磁盘挂载情况。
ansible_processor:????????????????????显示cpu个数(具体显示每个cpu的型号)。
ansible_processor_vcpus:????????????????显示cpu个数(只显示总的个数)。
[root@m01 test] # vim playbook_判断功能.yaml
- hosts: nfs_server
tasks:
- name: 01 查看df -h信息
shell: df -h
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
when: ansible_eth1.ipv4.address == "172.16.1.31"????????????????设置单个变量when
[root@m01 test] # vim playbook_判断功能.yaml
- hosts: nfs_server
tasks:
- name: 01 查看df -h信息
shell: df -h
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
when: (ansible_eth1.ipv4.address == "172.16.1.31") or/and (ansible_hostname == "nfs")????????使用or/and来判读
- hosts: nfs
tasks:
- name: 01 查看df -h信息
shell: "systemctl status sshd"
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
when: (ansible_eth1.ipv4.address == ["172.16.1.31","172.16.1.41"])????????使用[]来判断
[root@m01 test] # vim playbook_判断功能.yaml
- hosts: nfs_server
tasks:
- name: 01 查看df -h信息
shell: df -h
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
when: ansible_eth1.ipv4.address != "172.16.1.31"????????????????设置单个变量when,排除31
?
- name: 04:重启nfs服务
service: name={{ item }} state=started enabled=yes????????????设置循环的变量
loop:
- rpcbind????????????????设置循环的内容
- nfs
when: ansible_eth1.ipv4.address == "172.16.1.31"
- hosts: nfs
tasks:
- name: 01:创建存储目录
file: path={{ item.path }} state={{ item.state }} owner={{ item.owner }} group={{ item.group }}????????????????????取出你要得到的值
loop:????????????????循环模块
- {path: ‘/data‘, state: ‘directory‘, owner: ‘nfsnobody‘, group: ‘nfsnobody‘}????????设置循环的内容
- {path: ‘/data01‘, state: ‘directory‘, owner: ‘nfsnobody‘, group: ‘nfsnobody‘}
- {path: ‘/data02‘, state: ‘directory‘, owner: ‘oldboy01‘, group: ‘oldboy01‘}
when: ansible_eth1.ipv4.address == "172.16.1.31"
ansible-playbook test_标签功能配置.yml -t oldboy100????????????????只执行标记任务ansible-playbook test_标签功能配置.yml --skip-tags oldboy100????????????跳过标记任务
- hosts: nfs
tasks:
- name: 01:创建用户oldboy
user: name=oldboy1000
tags: oldboy100????????????????????-t:只执行这个模块 --skip-tags:忽略掉这个模块
- name: 02:查看用户oldboy是否创建成功
shell: id oldboy
register: oldboy1000
- name: 03:check info
debug: msg={{ oldboy1000.stdout_lines }}
?
- name: 01:创建用户oldboy
user: name=oldboy1000 state=installed
ignore_errors: yes????????????????????????????忽略上面模块参数的错误,会继续往下面执行
- name: 02:查看用户oldboy是否创建成功
shell: id oldboy
register: oldboy1000
- name: 03:check info
debug: msg={{ oldboy1000.stdout_lines }}
?
[root@m01 test] # vim playbook_触发器.yaml
- hosts: 172.16.1.41
tasks:
- name: 01 安装rsync服务
yum: name=rsync state=installed
- name: 02 将文件传送过去
copy: src=/etc/ansible/ansible_playbook/test/rsyncd.conf dest=/etc
notify:????????????????????????如果传输或者执行的结果有变化,都会触发
- restart_server
- display news info
- check info
- name: 03 重启
service: name=rsyncd state=started
- name: display news info
shell: netstat -anptu | grep rsync
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
handlers:????????????????????????????????触发器
- name: restart_server????????????第一个需要触发的事情
service: name=rsyncd state=restarted
- name: display news info????????第二个需要触发的事情
shell: netstat -anptu | grep rsync
register: oldboy
- name: check info????????????第三个需要触发的事情
debug: msg={{ oldboy.stdout_lines }}
[root@m01 test] # vim playbook_注册信息.yaml
- hosts: 172.16.1.31
tasks:
- name: 01 查看df -h信息
shell: df -h
register: oldboy????????????????????注册信息,输出的信息以oldboy变量来显示
- name: check info
debug: msg={{ oldboy.stdout_lines }}????????将信息输出来
?
?
[root@m01 test] # ansible-playbook playbook_设置变量.yaml
?
PLAY [172.16.1.31] ********************************************************************************************
ok: [172.16.1.31]
?
TASK [01 查看df -h信息] *********************************************************************************************************************************
changed: [172.16.1.31]
?
TASK [check info] ***********************************************************************************************************************************
ok: [172.16.1.31] => {????????????????????????????????执行的结果已经显示出来
"msg": [
"Filesystem Size Used Avail Use% Mounted on",
"/dev/sda3 99G 5.3G 94G 6% /",
"devtmpfs 471M 0 471M 0% /dev",
"tmpfs 487M 0 487M 0% /dev/shm",
"tmpfs 487M 16M 472M 4% /run",
"tmpfs 487M 0 487M 0% /sys/fs/cgroup",
"/dev/sda1 197M 160M 37M 82% /boot",
"tmpfs 98M 16K 98M 1% /run/user/988",
"tmpfs 98M 0 98M 0% /run/user/0"
]
?
[root@m01 test] # vim playbook_设置变量.yaml
- hosts: 172.16.1.31
vars:
name: oldboy100????????????????????设置变量
tasks:
- name: 01 创建oldboy100用户
user: name={{ name }}????????????调用变量
?
?
[root@nfs01 ~] # id oldboy100????????????查看是否创建成功
uid=1000(oldboy100) gid=1004(oldboy100) groups=1004(oldboy100)
You have new mail
[root@m01 test] # ansible-playbook -e name=oldboy50 playbook_设置变量.yaml ????????使用-e指定变量
?
?
PLAY [172.16.1.31] **********************************************************************************************************************************
?
TASK [Gathering Facts] ******************************************************************************************************************************
ok: [172.16.1.31]
?
TASK [01 创建oldboy50用户] *****************************************************************************************************************************
changed: [172.16.1.31]
?
PLAY RECAP ******************************************************************************************************************************************
172.16.1.31 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@nfs01 ~] # id oldboy50????????????????????????查看用户是否创建成功
uid=1001(oldboy50) gid=1001(oldboy50) groups=1001(oldboy50)
[root@nfs01 ~] #
?
172.16.1.31 name=oldboy20????????????????只给主机31设置了变量oldboy20
172.16.1.41
?
[root@m01 test] # ansible-playbook playbook_设置变量.yaml
?
PLAY [172.16.1.31] **********************************************************************************************************************************
?
TASK [Gathering Facts]
?
?
[root@nfs01 ~] # id oldboy20????????????????????????????发现31已经创建成功
uid=1002(oldboy20) gid=1005(oldboy20) groups=1005(oldboy20)
You have new mail in /var/spool/mail/root
?
[root@backup ~] # id oldboy20????????????????????????????发现41 没有创建成功
id: oldboy20: no such user
You have new mail in /var/spool/mail/root
[root@backup ~] #
[backup]????????????????????将31和41创建用户oldboy30
172.16.1.41
172.16.1.31
?
[backup:vars]
name=oldboy30
?
[root@m01 test] # ansible-playbook playbook_设置变量.yaml ????????????
?
PLAY [172.16.1.31] **********************************************************************************************************************************
?
TASK [Gathering Facts]
?
?
[root@nfs01 ~] # id oldboy30????????????????????????????发现31已经创建成功
uid=1002(oldboy30) gid=1005(oldboy30) groups=1005(oldboy30)
You have new mail in /var/spool/mail/root
?
[root@backup ~] # id oldboy30????????????????????????????发现41创建成功
uid=1002(oldboy30) gid=1005(oldboy30) groups=1005(oldboy30)
You have new mail in /var/spool/mail/root
[root@backup ~] #
将3个变量oldboy10、oldboy60 和oldboy80分别设置变量为命令的,主机清单的和剧本中
通过执行发现首先创建oldboy10,其次oldboy80,最后oldboy60
结论:
- hosts: 172.16.1.41
gather_facts: no????????????添加一行,来提高剧本的执行速度(切记:这个是不需要收集服务器信息了,但是如果你是需要判断的,是不能添加的)
tasks:
????- include:auto_rsync.yaml
????- include:auto_nfs.yaml
????- import_playbook: auto_rsync.yaml
????- import_playbook: auto_nfs.yaml
[root@m01 roles] # vim /etc/ansible/roles/hosts
[rsync_server]
172.16.1.41
?
[rsync_client]
172.16.1.31
172.16.1.7
?
[nfs_server]
172.16.1.31
?
[nfs_client]
172.16.1.41
172.16.1.7
[root@m01 roles] # mkdir /etc/ansible/roles/rsync
[root@m01 roles] # mkdir /etc/ansible/roles/nfs
[root@m01 roles] # mkdir /etc/ansible/roles/inotify
[root@m01 roles] # mkdir /etc/ansible/roles/nginx
[root@m01 roles] #
[root@m01 roles] # ansible-galaxy init --force rsync????????????????????使用这个命令来创建子目录
- rsync was created successfully
You have new mail in /var/spool/mail/root
[root@m01 roles] # ls
hosts inotify nfs nginx rsync
[root@m01 roles] # cd rsync/????????????创建的子目录
[root@m01 rsync] # ll
total 4
drwxr-xr-x 2 root root 22 Nov 2 17:41 defaults????????????????保存定义变量的文件(不经常变化的)
drwxr-xr-x 2 root root 6 Nov 2 17:41 files????????????????保存要分发的文件
drwxr-xr-x 2 root root 22 Nov 2 17:41 handlers????????????????保存目录中要触发的事件
drwxr-xr-x 2 root root 22 Nov 2 17:41 meta
-rw-r--r-- 1 root root 1328 Nov 2 17:41 README.md
drwxr-xr-x 2 root root 22 Nov 2 17:41 tasks????????????????定义任务中的剧本信息
drwxr-xr-x 2 root root 6 Nov 2 17:41 templates????????????目录中保存模板的文件
drwxr-xr-x 2 root root 39 Nov 2 17:41 tests
drwxr-xr-x 2 root root 22 Nov 2 17:41 vars????????????????保存定义变量的文件(经常变化的)
[root@m01 rsync] #
[root@m01 tasks] # vim main.yml
- name: 01 安装rsync服务
yum: name={{ install_software }} state=installed
- name: 02 将文件传送过去
copy: src=/etc/ansible/ansible_playbook/test/rsyncd.conf dest=/etc
notify:
- restart_server
- display news info
- check info
- name: 03 重启
service: name=rsyncd state=started
- name: display news info
shell: netstat -anptu | grep rsync
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
[root@m01 tasks] # cat install.yaml ????????????????????????安装服务的模块文件
- name: 01 安装rsync服务
yum: name={{ install_software }} state=installed
?
[root@m01 tasks] # cat transfer.yaml ????????????????????????传输文件的模块文件
- name: 02 将文件传送过去
copy: src=rsyncd.conf dest=/etc
notify:
- restart_server
- display news info
- check info
?
[root@m01 tasks] # cat restart_server.yaml ????????????????重启服务的文件
- name: 03 重启
service: name=rsyncd state=started
- name: display news info
shell: netstat -anptu | grep rsync
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
?
[root@m01 tasks] # cat main.yml????????????????????????整合几个模块
- include_tasks: install.yaml
- include_tasks: transfer.yaml
- include_tasks: restart_server.yaml
[root@m01 tasks] #
[root@m01 rsync] # cp -rf ../../../ansible/ansible_playbook/test/rsyncd.conf ./files/
You have new mail in /var/spool/mail/root
[root@m01 rsync] # cd files/
[root@m01 files] # ll
total 4
-rw-r--r-- 1 root root 577 Nov 2 17:55 rsyncd.conf
[root@m01 files] #
[root@m01 vars] # vim main.yml
install_software: rsync
- name: restart_server
service: name=rsyncd state=restarted
- name: display news info
shell: netstat -anptu | grep rsync
register: oldboy
- name: check info
debug: msg={{ oldboy.stdout_lines }}
- hosts: 172.16.1.41
roles:
- rsync
~
[root@m01 roles] # ansible-playbook site.yaml
mv ../files/rsyncd.conf ../templates/
[root@m01 roles] # cat rsync/templates/rsyncd.conf
uid = rsync
gid = rsync
port = {{ port }}????????????????????设置变量为port
fake super = yes
use chroot = no????????????
max connections = 200
[root@m01 roles] # cat rsync/vars/main.yml
install_software: rsync
port: 879????????????????????定义端口号为879
[root@m01 roles] #
- name: 02 将文件传送过去
template: src=rsyncd.conf dest=/etc????????????????????可以解析你传输的文件里面的变量信息
notify:
- restart_server
- display news info
- check info
标签:存储 exp work suse files been 默认 dep check
原文地址:https://www.cnblogs.com/liangyuxing/p/11962918.html