ansible - 技术栈

[root@localhost ~]# yum -y install ansible

[root@localhost ~]# ansible --version

ansible 2.9.27

[root@localhost ~]# ssh-keygen

[root@localhost ~]# ssh-copy-id 192.168.1.31

[root@localhost ~]# ssh-copy-id 192.168.1.32

[root@localhost ~]# vim /etc/ansible/hosts

[group01]

192.168.1.31

192.168.1.32

[group02]

192.168.1.31

192.168.1.32

192.168.1.41

[root@localhost ~]# ansible 192.168.1.31 -m ping

192.168.1.31 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

[root@localhost ~]# ansible group01 -m ping

192.168.1.31 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

192.168.1.32 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

[root@localhost ~]# ansible group02 -m ping

The authenticity of host '192.168.1.41 (192.168.1.41)' can't be established.

ECDSA key fingerprint is SHA256:7AcgA+ICA7nAIGHgupALnjIdI5QMGOVv/qOmgBsQyjc.

ECDSA key fingerprint is MD5:88:ca:ca:06:1e:be:21:1f:eb:0a:ca:d4:e8:e1:4a:50.

Are you sure you want to continue connecting (yes/no)? 192.168.1.32 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

192.168.1.31 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

yes

192.168.1.41 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.1.41' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",

"unreachable": true

}

[root@localhost ~]# vim /etc/ansible/hosts

[group01]

192.168.1.31

192.168.1.32

other ansible_ssh_host=192.168.1.41 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=1

[group02]

192.168.1.31

192.168.1.32

other

[root@localhost ~]# ansible group02 -m ping

192.168.1.32 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

192.168.1.31 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

other | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

[root@localhost ~]# ansible other -m ping

other | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

ansible模块

[root@localhost ~]# ansible-doc -l //查看文档

[root@localhost ~]# ansible group02 -m hostname -a 'name=ansible02' //修改组内主机名称

[root@localhost ~]# ansible group01 -m file -a 'path=/tmp/abc state=directory' //创建目录

[root@localhost ~]# ansible group02 -m file -a 'path=/tmp/abc/def state=touch' //创建文件

[root@localhost ~]# ansible group02 -m file -a 'path=/tmp/abc recurse=yes owner=bin group=daemon mode=1777' //修改权限

[root@localhost ~]# ansible group02 -m file -a 'path=/tmp/abc state=absent' //删除目录、文件

[root@localhost ~]# ansible group02 -m file -a 'path=/tmp/aaaa state=touch owner=bin group=daemon mode=1777' //创建文件并修改权限

[root@localhost ~]# ansible group02 -m file -a 'src=/etc/fstab path=/tmp/xxx state=link' //创建软链接

[root@localhost ~]# ansible group02 -m file -a 'src=/etc/fstab path=/tmp/xxx02 state=hard' //创建硬链接

#path=文件的地址；state=方法（directory：创建目录、touch：创建文件、absent：删除文件、link：创建软链接、hard：创建硬链接）

recurse

copy模块

[root@localhost ~]# ansible group02 -m stat -a 'path=/etc/fstab' //获取/etc/fstab⽂件的状态信息

[root@localhost ~]# ansible group02 -m copy -a 'src=./mysql57.tar.gz dest=~' //拷⻉此⽂件到group01的所有机器上

[root@localhost ~]# echo master > /tmp/222

[root@localhost ~]# ansible group02 -m copy -a 'src=/tmp/222 dest=/tmp/333'

[root@localhost ~]# ansible group02 -m copy -a 'content="haha\n" dest=/tmp/333' //使⽤content参数直接往远程⽂件⾥写内容（会覆盖原内容）

使⽤force参数控制是否强制覆盖

[root@localhost ~]# ansible group02 -m copy -a 'src=/tmp/222 dest=/tmp/333 force=no' //如果⽬标⽂件已经存在，则不覆盖

[root@localhost ~]# ansible group02 -m copy -a 'src=/tmp/222 dest=/tmp/333 force=yes' //如果⽬标⽂件已经存在，则会强制覆盖

使⽤backup参数控制是否备份⽂件

[root@localhost ~]# ansible group02 -m copy -a 'src=/etc/fstab dest=/tmp/333 backup=yes owner=bin group=daemon mode=1777' //backup=yes表示如果拷⻉的⽂件内容与原内容不⼀样，则会备份⼀份

copy模块拷⻉时要注意拷⻉⽬录后⾯是否带"/"符号

/etc/yum.repos.d后⾯不带/符号，则表示把/etc/yum.repos.d整个⽬录拷⻉到/tmp/⽬录下

/etc/yum.repos.d/后⾯带/符号，则表示把/etc/yum.repos.d/⽬录⾥的所有⽂件拷⻉到/tmp/⽬录下

fetch模块与copy模块类似，但作⽤相反。⽤于把远程机器的⽂件拷⻉到本地。

[root@localhost ~]# ansible group02 -m fetch -a 'src=/tmp/333 dest=/tmp'

[root@localhost ~]# ls /tmp/

192.168.1.31

192.168.1.32

other

user模块

user模块⽤于管理⽤户账号和⽤户属性。

[root@localhost ~]# ansible group02 -m user -a 'name=aaa state=present' //创建aaa⽤户,默认为普通⽤户,创建家⽬录

[root@localhost ~]# ansible group02 -m user -a 'name=mysql state=present system=yes shell="/sbin/nologin"' //创建mysql系统⽤户,并且登录shell环境为/sbin/nologin

[root@localhost ~]# ansible group02 -m file -a 'path=/usr/local/mysql/mysql-files state=directory owner=mysql group=mysql mode=1777'

[root@localhost ~]# ansible group02 -m user -a 'name=ccc uid=2000 state=present password="ccc"' //创建ccc⽤户, 使⽤uid参数指定uid, 使⽤password参数传密码

[root@localhost ~]# ansible group02 -m user -a 'name=hadoop generate_ssh_key=yes'//创建⼀个普通⽤户叫hadoop,并产⽣空密码密钥对

[root@localhost ~]# ansible group02 -m user -a 'name=aaa state=absent' //删除aaa⽤户,但家⽬录默认没有删除

[root@localhost ~]# ansible group02 -m user -a 'name=mysql state=absent remove=yes' //删除bbb⽤户,使⽤remove=yes参数让其删除⽤户的同时也删除家⽬录

group模块

[root@localhost ~]# ansible group02 -m group -a 'name=groupagid=3000 state=present' //创建组

[root@localhost ~]# ansible group02 -m group -a 'name=groupastate=absent' //删除组（如果有⽤户的gid为此组，则删除不了)

cron模块

cron模块⽤于管理周期性时间任务

[root@localhost ~]# ansible group02 -m cron -a 'name="testcron1" user=root job="touch /tmp/111" minute=*/2' //创建⼀个cron任务,不指定user的话,默认就是root

[root@localhost ~]# ansible group02 -m cron -a 'name="testcron1" state=absent' //删除cron任务

yum_repository模块

yum_repository模块⽤于配置yum仓库。

[root@localhost ~]# ansible group02 -m yum_repository -a "name=local description=localyum baseurl=file:///mnt/ enabled=yes gpgcheck=no" //增加⼀个/etc/yum.repos.d/local.repo配置⽂件

注意：此模块只帮助配置yum仓库,但如果仓库⾥没有软件包，安装⼀样会失败。所以可以⼿动去挂载光驱到/mnt⽬录

[root@localhost ~]# ansible group02 -m yum_repository -a "name=local state=absent" //删除/etc/yum.repos.d/local.repo配置⽂件

yum模块

yum模块⽤于使⽤yum命令来实现软件包的安装与卸载。

[root@localhost ~]# ansible group02 -m yum -a 'name=vsftpd state=present' //使⽤yum安装⼀个软件（前提:group02的机器上的yum配置都已经OK）

[root@localhost ~]# ansible group02 -m yum -a 'name=httpd,httpddevel state=latest' //使⽤yum安装httpd,httpd-devel软件,state=latest表示安装最新版本

[root@localhost ~]# ansible group02 -m yum -a 'name=httpd,httpddevel state=absent' //使⽤yum卸载httpd,httpd-devel软件

service模块

service模块⽤于控制服务的启动,关闭,开机⾃启动等。

[root@localhost ~]# ansible group02 -m service -a 'name=vsftpd state=started enabled=on' //启动vsftpd服务，并设为开机⾃动启动

[root@localhost ~]# ansible group02 -m service -a 'name=vsftpd state=stopped enabled=false' //关闭vsftpd服务，并设为开机不⾃动启动