自動化管理工具ansible
- 一、ansible
- ansible的架構
- 二、ansible命令列模塊
- 1、command模塊
- 2、cron模塊
- 3、user模塊
- 4、group模塊
- 5、copy模塊
- 6、file模塊
- 7、ping模塊
- 8、service模塊
- 9、yum模塊
- 10、shell模塊
- 11、script模塊
- 12、setup模塊
- 補充:
一、ansible
ansible是新出現的自動化運維工具,基于Python開發,集合了眾多運維工具(puppet、cfengine、chef、func、fabric)的優點,實作了批量系統配置、批量程式部署、批量運行命令等功能,
ansible是基于模塊作業的,本身沒有批量部署的能力,真正具有批量部署的是ansible所運行的模塊,ansible只是提供一種框架,主要包括:
(1)、連接插件connection plugins:負責和被監控端實作通信;
(2)、host inventory:指定操作的主機,是一個組態檔里面定義監控的主機;
(3)、各種模塊核心模塊、command模塊、自定義模塊;
(4)、借助于插件完成記錄日志郵件等功能;
(5)、playbook:劇本執行多個任務時,非必需可以讓節點一次性運行多個任務,
ansible的架構
連接其他主機默認使用ssh協議
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost yum.repos.d]# yum -y install epel-release.noarch #安裝epel擴展源
[root@localhost ~]# yum install -y ansible
[root@localhost ~]# ansible --version #查看ansible版本
[root@localhost ~]# yum install -y tree
[root@localhost ~]# tree /etc/ansible/ #樹狀結構
/etc/ansible/
├── ansible.cfg #ansible組態檔
├── hosts #管理主機的檔案,主機清單
└── roles
1 directory, 2 files
[root@localhost ~]# vim /etc/ansible/hosts #配置主機清單
[webservers]
192.168.238.20 #主機是什么服務就放在什么標簽內
[mysql]
192.168.238.30
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #回車
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): #輸入密碼123123
Enter same passphrase again: #確認密碼123123
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:WKpIMqbJgc2JyTz2C351d7bzbDJ83wUsyf1oKXaq82c root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| . |
|+= . + . + |
|*B= o S + + |
|==+. o . . o . = |
|oo..o . . + + = o|
|. ... .B.BE o|
| ... .+X=...|
+----[SHA256]-----+
[root@localhost ~]# ls -al
drwx------. 2 root root 38 4月 2 08:54 .ssh
[root@localhost ~]# cd .ssh/
[root@localhost .ssh]# ls
id_rsa id_rsa.pub #id_rsa,私鑰;id_rsa.pub,公鑰
[root@localhost .ssh]# ssh-copy-id root@192.168.238.20
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.238.20 (192.168.238.20)' can't be established.
ECDSA key fingerprint is SHA256:eF9/BxUPOh5kKXiMqoF3FIujK3RvuK5hAtkg1HpcJNE.
ECDSA key fingerprint is MD5:43:2d:ee:4a:18:f0:0b:e2:9b:75:69:ee:fa:41:22:29.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.238.20's password: #輸入登錄密碼123123
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.238.20'"
and check to make sure that only the key(s) you wanted were added.
被監控端:192.168.238.20
[root@localhost ~]#cd .ssh/
[root@localhost .ssh]#ls
authorized_keys
[root@localhost .ssh]# ansible webserver -m command -a 'date'
-m 指定模塊 command 指定command模塊
-a 引數,''引起來
webserver 標簽可換IP
[root@localhost .ssh]# ansible webservers -m command -a 'date'
Enter passphrase for key '/root/.ssh/id_rsa': #輸入密碼123123
192.168.238.20 | CHANGED | rc=0 >>
2021年 04月 02日 星期五 09:07:01 CST
[root@localhost .ssh]# ansible webservers -m command -a 'ls'
192.168.238.20 | CHANGED | rc=0 >>
anaconda-ks.cfg
initial-setup-ks.cfg
公共
模板
視頻
圖片
檔案
下載
音樂
桌面
[root@localhost .ssh]# ssh-agent bash #做免互動,每次輸入密碼很麻煩
[root@localhost .ssh]# ssh-add
Enter passphrase for /root/.ssh/id_rsa:
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
二、ansible命令列模塊
1、command模塊
命令格式:ansible [主機] [-m 模塊] [-a args]
?
#列出所有已安裝的模塊,按q退出
ansible-doc -l
?
#-s 列出yum模塊描述資訊和操作動作,按q退出
ansible-doc -s yum
#指定IP執行命令?
ansible 192.168.238.20 -m command -a 'date'
192.168.238.20 | CHANGED | rc=0 >>
2021年 04月 06日 星期二 16:58:36 CST
#指定分類執行命令
ansible mysql -m command -a 'date'
Enter passphrase for key '/root/.ssh/id_rsa':
192.168.238.30 | CHANGED | rc=0 >>
2021年 04月 06日 星期二 16:58:49 CST
#所有主機執行date命令,其中all可以換成IP或者分類名稱,例:192.168.238.20/webserver
?ansible all -m command -a 'date'
#不加-m模塊,則默認使用command模塊
ansible all -a 'date'
ansible all -a 'ls /'
2、cron模塊
兩種狀態(state):present表示添加(可以省略),absent表示移除
#查看cron模塊資訊
ansible-doc -s cron
?
#webserver:分類 -m指定模塊 -a輸出模塊內的指令 分鐘:每分鐘,作業:輸出hello,作業名稱:test
ansible webserver -m cron -a 'minute="*/1" job="/usr/bin/echo hello world >> /opt/info.txt" name="test cron job"'
?
#查看計劃性任務命令
ansible webserver -a 'crontab -l'
?
#移除計劃性任務,假如該計劃任務沒有取名字,name=None即可
ansible webserver -m cron -a 'name="test cron job" state=absent'
3、user模塊
user模塊是請求三條指令,useradd,userdel,usermod
#模塊資訊
ansible-doc -s user
?
#創建用戶
ansible mysql -m user -a 'name="test01"'
?
#查看用戶賬戶資訊
ansible mysql -m command -a 'tail /etc/passwd'
?
#移除用戶
ansible mysql -m user -a 'name="test01" state=absent'
4、group模塊
group模塊請求的是groupadd、groupdel、groupmod模塊
#查看模塊資訊
ansible-doc -s group
?
#system=yes 創建系統組
ansible mysql -m group -a 'name=mysql gid=120 system=yes'
?
#查看組賬戶資訊
ansible mysql -a 'tail /etc/group'
?
#創建用戶并加入組
ansible mysql -m user -a 'name=test01 uid=306 group=mysql system=yes'
?
#查看用戶賬戶資訊
ansible mysql -a 'tail /etc/passwd'
#查看用戶test01的用戶id和組id資訊
ansible mysql -a 'id test01'
5、copy模塊
對檔案進行有效的復制
ansible-doc -s copy
#將/etc目錄下的?fstab檔案復制到/opt目錄下,并重命名為fstab.bak,屬主root,權限640
ansible mysql -m copy -a 'src=/etc/fstab dest=/opt/fstab.bak owner=root mode=640'
#查看復制是否成功
ansible mysql -a 'ls -l /opt'
#查看檔案內容
ansible mysql -a 'cat /opt/fstab.bak'
#以覆寫的方式將hello world寫入/opt/fstab.back
ansible mysql -m copy -a 'content="hello world" dest=/opt/fstab.bak'
#查看檔案內容
ansible mysql -a 'cat /opt/fstab.bak'
6、file模塊
ansible-doc -s file
#創建用戶
ansible mysql -m user -a 'name=mysql system=yes'
#創建系統組
ansible mysql -m group -a 'name=mysql system=yes'‘
#修改檔案屬性
ansible mysql -m file -a 'owner=mysql group=mysql mode=644 path=/opt/fstab.bak'
#查看檔案屬性
ansible mysql -a 'ls -l /opt/fstab.bak'
#創建軟連接,源檔案/opt/fstab.bak,鏈接檔案/opt/fstab.link
ansible mysql -m file -a 'path=/opt/fstab.link src=/opt/fstab.bak state=link'
ansible mysql -a 'ls -l /opt'
#洗掉一個檔案
ansible mysql -m file -a "path=/opt/fstab.bak state=absent"
ansible mysql -a 'ls -l /opt'
#創建一個檔案
ansible mysql -m file -a "path=/opt/test.txt state=touch"
ansible mysql -a 'ls -l /opt'
7、ping模塊
ansible all -m ping
8、service模塊
ansible-doc -s service
#安裝httpd軟體包
[ab] yum install -y httpd
#查看web服務器httpd運行狀態
[aa] ansible webservers -a 'systemctl status httpd'
#啟動httpd服務
ansible webservers -m service -a 'enabled=true name=httpd state=started'
#關閉防火墻
ansible all -m service -a 'name=firewalld state=stopped'
#查看是否開啟
[ab]systemctl status httpd
9、yum模塊
ansible-doc -s yum
#在ac服務器上yum安裝zsh
[aa]ansible mysql -m yum -a 'name=zsh'
[ac]rpm -q zsh
[aa]ansible mysql -m yum -a 'name=zsh state=absent'
[ac] rpm -q zsh
10、shell模塊
ansible-doc -s shell
#創建用戶使用免互動模式給用戶設置密碼
ansible mysql -m shell -a 'echo abc123 | passwd --stdin mysql'
11、script模塊
absible-doc -s script
#在ansible管理端創建腳本
[aa]vi test.sh
#!/bin/bash
echo "hello world" > /opt/script.txt
#給腳本賦予可執行權限
[aa]chmod +x test.sh
#在ansible被管理端執行test.sh檔案
[aa]ansible mysql -m script -a 'test.sh'
#檢測檔案內容
[ac] cat /opt/script.txt
12、setup模塊
ansible-doc -s setup
#獲取mysql組主機的facts資訊
ansible mysql -m setup
補充:
[root@localhost .ssh]# systemctl is-enabled httpd.service #查看是否開機自啟
disabled
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/273626.html
標籤:其他