ansible

m0

root@localhost \~# yum -y install ansible

root@localhost \~# ansible --version

ansible 2.9.27

root@localhost \~# ssh-keygen

root@localhost \~# ssh-copy-id 192.168.1.31

root@localhost \~# ssh-copy-id 192.168.1.32

root@localhost \~# vim /etc/ansible/hosts

group01

192.168.1.31

192.168.1.32

group02

192.168.1.31

192.168.1.32

192.168.1.41

root@localhost \~# ansible 192.168.1.31 -m ping

192.168.1.31 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

root@localhost \~# ansible group01 -m ping

192.168.1.31 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

192.168.1.32 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

root@localhost \~# ansible group02 -m ping

The authenticity of host '192.168.1.41 (192.168.1.41)' can't be established.

ECDSA key fingerprint is SHA256:7AcgA+ICA7nAIGHgupALnjIdI5QMGOVv/qOmgBsQyjc.

ECDSA key fingerprint is MD5:88:ca:ca:06:1e:be:21:1f:eb:0a:ca:d4:e8:e1:4a:50.

Are you sure you want to continue connecting (yes/no)? 192.168.1.32 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

192.168.1.31 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

yes

192.168.1.41 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.1.41' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",

"unreachable": true

}

root@localhost \~# vim /etc/ansible/hosts

group01

192.168.1.31

192.168.1.32

other ansible_ssh_host=192.168.1.41 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=1

group02

192.168.1.31

192.168.1.32

other

root@localhost \~# ansible group02 -m ping

192.168.1.32 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

192.168.1.31 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

other | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

root@localhost \~# ansible other -m ping

other | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

ansible模块

root@localhost \~# ansible-doc -l //查看文档

root@localhost \~# ansible group02 -m hostname -a 'name=ansible02' //修改组内主机名称

root@localhost \~# ansible group01 -m file -a 'path=/tmp/abc state=directory' //创建目录

root@localhost \~# ansible group02 -m file -a 'path=/tmp/abc/def state=touch' //创建文件

root@localhost \~# ansible group02 -m file -a 'path=/tmp/abc recurse=yes owner=bin group=daemon mode=1777' //修改权限

root@localhost \~# ansible group02 -m file -a 'path=/tmp/abc state=absent' //删除目录、文件

root@localhost \~# ansible group02 -m file -a 'path=/tmp/aaaa state=touch owner=bin group=daemon mode=1777' //创建文件并修改权限

root@localhost \~# ansible group02 -m file -a 'src=/etc/fstab path=/tmp/xxx state=link' //创建软链接

root@localhost \~# ansible group02 -m file -a 'src=/etc/fstab path=/tmp/xxx02 state=hard' //创建硬链接

#path=文件的地址;state=方法(directory:创建目录、touch:创建文件、absent:删除文件、link:创建软链接、hard:创建硬链接)

recurse

copy模块

root@localhost \~# ansible group02 -m stat -a 'path=/etc/fstab' //获取/etc/fstab⽂件的状态信息

root@localhost \~# ansible group02 -m copy -a 'src=./mysql57.tar.gz dest=~' //拷⻉此⽂件到group01的所有机器上

root@localhost \~# echo master > /tmp/222

root@localhost \~# ansible group02 -m copy -a 'src=/tmp/222 dest=/tmp/333'

root@localhost \~# ansible group02 -m copy -a 'content="haha\n" dest=/tmp/333' //使⽤content参数直接往远程⽂件⾥写内容(会覆盖原内容)

使⽤force参数控制是否强制覆盖

root@localhost \~# ansible group02 -m copy -a 'src=/tmp/222 dest=/tmp/333 force=no' //如果⽬标⽂件已经存在,则不覆盖

root@localhost \~# ansible group02 -m copy -a 'src=/tmp/222 dest=/tmp/333 force=yes' //如果⽬标⽂件已经存在,则会强制覆盖

使⽤backup参数控制是否备份⽂件

root@localhost \~# ansible group02 -m copy -a 'src=/etc/fstab dest=/tmp/333 backup=yes owner=bin group=daemon mode=1777' //backup=yes表示如果拷⻉的⽂件内容与原内容不⼀样,则会备份⼀份

copy模块拷⻉时要注意拷⻉⽬录后⾯是否带"/"符号

/etc/yum.repos.d后⾯不带/符号,则表示把/etc/yum.repos.d整个⽬录拷⻉到/tmp/⽬录下

/etc/yum.repos.d/后⾯带/符号,则表示把/etc/yum.repos.d/⽬录⾥的所有⽂件拷⻉到/tmp/⽬录下

fetch模块与copy模块类似,但作⽤相反。⽤于把远程机器的⽂件拷⻉到本地。

root@localhost \~# ansible group02 -m fetch -a 'src=/tmp/333 dest=/tmp'

root@localhost \~# ls /tmp/

192.168.1.31

192.168.1.32

other

user模块

user模块⽤于管理⽤户账号和⽤户属性。

root@localhost \~# ansible group02 -m user -a 'name=aaa state=present' //创建aaa⽤户,默认为普通⽤户,创建家⽬录

root@localhost \~# ansible group02 -m user -a 'name=mysql state=present system=yes shell="/sbin/nologin"' //创建mysql系统⽤户,并且登录shell环境为/sbin/nologin

root@localhost \~# ansible group02 -m file -a 'path=/usr/local/mysql/mysql-files state=directory owner=mysql group=mysql mode=1777'

root@localhost \~# ansible group02 -m user -a 'name=ccc uid=2000 state=present password="ccc"' //创建ccc⽤户, 使⽤uid参数指定uid, 使⽤password参数传密码

root@localhost \~# ansible group02 -m user -a 'name=hadoop generate_ssh_key=yes'//创建⼀个普通⽤户叫hadoop,并产⽣空密码密钥对

root@localhost \~# ansible group02 -m user -a 'name=aaa state=absent' //删除aaa⽤户,但家⽬录默认没有删除

root@localhost \~# ansible group02 -m user -a 'name=mysql state=absent remove=yes' //删除bbb⽤户,使⽤remove=yes参数让其删除⽤户的同时也删除家⽬录

group模块

root@localhost \~# ansible group02 -m group -a 'name=groupagid=3000 state=present' //创建组

root@localhost \~# ansible group02 -m group -a 'name=groupastate=absent' //删除组(如果有⽤户的gid为此组,则删除不了)

cron模块

cron模块⽤于管理周期性时间任务

root@localhost \~# ansible group02 -m cron -a 'name="testcron1" user=root job="touch /tmp/111" minute=*/2' //创建⼀个cron任务,不指定user的话,默认就是root

root@localhost \~# ansible group02 -m cron -a 'name="testcron1" state=absent' //删除cron任务

yum_repository模块

yum_repository模块⽤于配置yum仓库。

root@localhost \~# ansible group02 -m yum_repository -a "name=local description=localyum baseurl=file:///mnt/ enabled=yes gpgcheck=no" //增加⼀个/etc/yum.repos.d/local.repo配置⽂件

注意:此模块只帮助配置yum仓库,但如果仓库⾥没有软件包,安装⼀样会失败。所以可以⼿动去挂载光驱到/mnt⽬录

root@localhost \~# ansible group02 -m yum_repository -a "name=local state=absent" //删除/etc/yum.repos.d/local.repo配置⽂件

yum模块

yum模块⽤于使⽤yum命令来实现软件包的安装与卸载。

root@localhost \~# ansible group02 -m yum -a 'name=vsftpd state=present' //使⽤yum安装⼀个软件(前提:group02的机器上的yum配置都已经OK)

root@localhost \~# ansible group02 -m yum -a 'name=httpd,httpddevel state=latest' //使⽤yum安装httpd,httpd-devel软件,state=latest表示安装最新版本

root@localhost \~# ansible group02 -m yum -a 'name=httpd,httpddevel state=absent' //使⽤yum卸载httpd,httpd-devel软件

service模块

service模块⽤于控制服务的启动,关闭,开机⾃启动等。

root@localhost \~# ansible group02 -m service -a 'name=vsftpd state=started enabled=on' //启动vsftpd服务,并设为开机⾃动启动

root@localhost \~# ansible group02 -m service -a 'name=vsftpd state=stopped enabled=false' //关闭vsftpd服务,并设为开机不⾃动启动

相关推荐
有毒的教程4 天前
Ansible批量操作自动化完整教程:批量部署服务、配置同步、软件更新实战
运维·自动化·ansible
Hy行者勇哥9 天前
用Cursor智能编写Ansible/Terraform脚本,打通CI/CD链路
ci/cd·ansible·terraform
芷栀夏11 天前
飞牛NAS怎么部署Immich?家庭照片自动备份与远程访问教程
服务器·nginx·ansible
悠然南风21 天前
Ansible常见模块总结及LDAP Role 编写与调试
ansible
祺风挽楠1 个月前
ansible编辑
网络·ansible
芳心粽伙饭1 个月前
Ansible课后作业
ansible
烁3471 个月前
Ansible初识
ansible
烁3471 个月前
Ansible安装部署调试
ansible
烁3471 个月前
Ansible命令
ansible
小义_1 个月前
【Ansible】(三)基础配置与连接设置
云原生·ansible