ansible - 技术栈

root@localhost \~\]# yum -y install ansible \[root@localhost \~\]# ansible --version ansible 2.9.27 \[root@localhost \~\]# ssh-keygen \[root@localhost \~\]# ssh-copy-id 192.168.1.31 \[root@localhost \~\]# ssh-copy-id 192.168.1.32 \[root@localhost \~\]# vim /etc/ansible/hosts \[group01

192.168.1.31

192.168.1.32

group02

192.168.1.31

192.168.1.32

192.168.1.41

root@localhost \~\]# ansible 192.168.1.31 -m ping 192.168.1.31 \| SUCCESS =\> { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } \[root@localhost \~\]# ansible group01 -m ping 192.168.1.31 \| SUCCESS =\> { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 192.168.1.32 \| SUCCESS =\> { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } \[root@localhost \~\]# ansible group02 -m ping The authenticity of host '192.168.1.41 (192.168.1.41)' can't be established. ECDSA key fingerprint is SHA256:7AcgA+ICA7nAIGHgupALnjIdI5QMGOVv/qOmgBsQyjc. ECDSA key fingerprint is MD5:88:ca:ca:06:1e:be:21:1f:eb:0a:ca:d4:e8:e1:4a:50. Are you sure you want to continue connecting (yes/no)? 192.168.1.32 \| SUCCESS =\> { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 192.168.1.31 \| SUCCESS =\> { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } yes 192.168.1.41 \| UNREACHABLE! =\> { "changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.1.41' (ECDSA) to the list of known hosts.\\r\\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true } \[root@localhost \~\]# vim /etc/ansible/hosts \[group01

192.168.1.31

192.168.1.32

other ansible_ssh_host=192.168.1.41 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=1

group02

192.168.1.31

192.168.1.32

other

root@localhost \~\]# ansible group02 -m ping 192.168.1.32 \| SUCCESS =\> { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 192.168.1.31 \| SUCCESS =\> { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } other \| SUCCESS =\> { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } \[root@localhost \~\]# ansible other -m ping other \| SUCCESS =\> { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } ansible模块 \[root@localhost \~\]# ansible-doc -l //查看文档 \[root@localhost \~\]# ansible group02 -m hostname -a 'name=ansible02' //修改组内主机名称 \[root@localhost \~\]# ansible group01 -m file -a 'path=/tmp/abc state=directory' //创建目录 \[root@localhost \~\]# ansible group02 -m file -a 'path=/tmp/abc/def state=touch' //创建文件 \[root@localhost \~\]# ansible group02 -m file -a 'path=/tmp/abc recurse=yes owner=bin group=daemon mode=1777' //修改权限 \[root@localhost \~\]# ansible group02 -m file -a 'path=/tmp/abc state=absent' //删除目录、文件 \[root@localhost \~\]# ansible group02 -m file -a 'path=/tmp/aaaa state=touch owner=bin group=daemon mode=1777' //创建文件并修改权限 \[root@localhost \~\]# ansible group02 -m file -a 'src=/etc/fstab path=/tmp/xxx state=link' //创建软链接 \[root@localhost \~\]# ansible group02 -m file -a 'src=/etc/fstab path=/tmp/xxx02 state=hard' //创建硬链接 #path=文件的地址；state=方法（directory：创建目录、touch：创建文件、absent：删除文件、link：创建软链接、hard：创建硬链接） recurse copy模块 \[root@localhost \~\]# ansible group02 -m stat -a 'path=/etc/fstab' //获取/etc/fstab⽂件的状态信息 \[root@localhost \~\]# ansible group02 -m copy -a 'src=./mysql57.tar.gz dest=\~' //拷⻉此⽂件到group01的所有机器上 \[root@localhost \~\]# echo master \> /tmp/222 \[root@localhost \~\]# ansible group02 -m copy -a 'src=/tmp/222 dest=/tmp/333' \[root@localhost \~\]# ansible group02 -m copy -a 'content="haha\\n" dest=/tmp/333' //使⽤content参数直接往远程⽂件⾥写内容（会覆盖原内容） 使⽤force参数控制是否强制覆盖 \[root@localhost \~\]# ansible group02 -m copy -a 'src=/tmp/222 dest=/tmp/333 force=no' //如果⽬标⽂件已经存在，则不覆盖 \[root@localhost \~\]# ansible group02 -m copy -a 'src=/tmp/222 dest=/tmp/333 force=yes' //如果⽬标⽂件已经存在，则会强制覆盖 使⽤backup参数控制是否备份⽂件 \[root@localhost \~\]# ansible group02 -m copy -a 'src=/etc/fstab dest=/tmp/333 backup=yes owner=bin group=daemon mode=1777' //backup=yes表示如果拷⻉的⽂件内容与原内容不⼀样，则会备份⼀份 copy模块拷⻉时要注意拷⻉⽬录后⾯是否带"/"符号 /etc/yum.repos.d后⾯不带/符号，则表示把/etc/yum.repos.d整个⽬录拷⻉到/tmp/⽬录下 /etc/yum.repos.d/后⾯带/符号，则表示把/etc/yum.repos.d/⽬录⾥的所有⽂件拷⻉到/tmp/⽬录下 fetch模块与copy模块类似，但作⽤相反。⽤于把远程机器的⽂件拷⻉到本地。 \[root@localhost \~\]# ansible group02 -m fetch -a 'src=/tmp/333 dest=/tmp' \[root@localhost \~\]# ls /tmp/ 192.168.1.31 192.168.1.32 other user模块 user模块⽤于管理⽤户账号和⽤户属性。 \[root@localhost \~\]# ansible group02 -m user -a 'name=aaa state=present' //创建aaa⽤户,默认为普通⽤户,创建家⽬录 \[root@localhost \~\]# ansible group02 -m user -a 'name=mysql state=present system=yes shell="/sbin/nologin"' //创建mysql系统⽤户,并且登录shell环境为/sbin/nologin \[root@localhost \~\]# ansible group02 -m file -a 'path=/usr/local/mysql/mysql-files state=directory owner=mysql group=mysql mode=1777' \[root@localhost \~\]# ansible group02 -m user -a 'name=ccc uid=2000 state=present password="ccc"' //创建ccc⽤户, 使⽤uid参数指定uid, 使⽤password参数传密码 \[root@localhost \~\]# ansible group02 -m user -a 'name=hadoop generate_ssh_key=yes'//创建⼀个普通⽤户叫hadoop,并产⽣空密码密钥对 \[root@localhost \~\]# ansible group02 -m user -a 'name=aaa state=absent' //删除aaa⽤户,但家⽬录默认没有删除 \[root@localhost \~\]# ansible group02 -m user -a 'name=mysql state=absent remove=yes' //删除bbb⽤户,使⽤remove=yes参数让其删除⽤户的同时也删除家⽬录 group模块 \[root@localhost \~\]# ansible group02 -m group -a 'name=groupagid=3000 state=present' //创建组 \[root@localhost \~\]# ansible group02 -m group -a 'name=groupastate=absent' //删除组（如果有⽤户的gid为此组，则删除不了) cron模块 cron模块⽤于管理周期性时间任务 \[root@localhost \~\]# ansible group02 -m cron -a 'name="testcron1" user=root job="touch /tmp/111" minute=\*/2' //创建⼀个cron任务,不指定user的话,默认就是root \[root@localhost \~\]# ansible group02 -m cron -a 'name="testcron1" state=absent' //删除cron任务 yum_repository模块 yum_repository模块⽤于配置yum仓库。 \[root@localhost \~\]# ansible group02 -m yum_repository -a "name=local description=localyum baseurl=file:///mnt/ enabled=yes gpgcheck=no" //增加⼀个/etc/yum.repos.d/local.repo配置⽂件 注意：此模块只帮助配置yum仓库,但如果仓库⾥没有软件包，安装⼀样会失败。所以可以⼿动去挂载光驱到/mnt⽬录 \[root@localhost \~\]# ansible group02 -m yum_repository -a "name=local state=absent" //删除/etc/yum.repos.d/local.repo配置⽂件 yum模块 yum模块⽤于使⽤yum命令来实现软件包的安装与卸载。 \[root@localhost \~\]# ansible group02 -m yum -a 'name=vsftpd state=present' //使⽤yum安装⼀个软件（前提:group02的机器上的yum配置都已经OK） \[root@localhost \~\]# ansible group02 -m yum -a 'name=httpd,httpddevel state=latest' //使⽤yum安装httpd,httpd-devel软件,state=latest表示安装最新版本 \[root@localhost \~\]# ansible group02 -m yum -a 'name=httpd,httpddevel state=absent' //使⽤yum卸载httpd,httpd-devel软件 service模块 service模块⽤于控制服务的启动,关闭,开机⾃启动等。 \[root@localhost \~\]# ansible group02 -m service -a 'name=vsftpd state=started enabled=on' //启动vsftpd服务，并设为开机⾃动启动 \[root@localhost \~\]# ansible group02 -m service -a 'name=vsftpd state=stopped enabled=false' //关闭vsftpd服务，并设为开机不⾃动启动