ansible的常見模塊用法
阿新 • • 發佈:2019-04-25
sys oca emp -c 目標 .sh 進行 mode reset 配置文件詳解:
1,主配置文件:/etc/asiable/ansiable.cfg
module_name =command ##ansible的默認模塊是command模塊,但是在使用的時候非常的有局限性,建議改成shell模塊
host_key_checking = False ##檢查對應要控制主機的的host_key,建議取消註釋,以減輕管理時需要輸入的密碼
log_path = /var/log/ansible.log ##ansible的登錄日誌文件所在的位置
executable = /bin/sh ##默認登錄到對方用戶下面使用的shell版本
2,被管理主機的配置文件:/etc/ansible/hosts
green.example.com ##定義單個被管理的主機,可以是FQDN,也可以是IP地址
[webservers] ##把被管理的主機放在一個組中
alpha.example.org
www[001:006].example.com ##支持類似通配符寫法,此項代表從www001.ex ample.com到www006.ex ample.com
之間的所有主機
ansible的使用用法:
前提:
由於ansible默認是基於ssh服務來管理主機的,所以首先要在管理的主機上生成公鑰文件,並傳遞給要管理的主機
之上,才能實現基於密鑰的管理
1,在管理者的主機上生成公鑰文件
[[email protected] ~] ssh-keygen -t rsa ##生成對稱密鑰,出現提示選擇默認即可 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:06qoPmoSy7UGkKie95RnHn6bPOFEnusk/B0m+/+g8C0 [email protected] The key‘s randomart image is: +---[RSA 2048]----+ | | | | |.. | |+ o | |o S o | |o. . o B | |oo+ .o *++oo . | |o=.+..=.*=OE+ . | |+o=oo..ooB+=oo.. | +----[SHA256]-----+
2,把公鑰傳遞給被管理的主機上
[[email protected] ~] ssh-copy-id -i 192.168.1.20 ##傳遞到遠程的主機上進行管理 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host ‘192.168.1.20 (192.168.1.20)‘ can‘t be established. ECDSA key fingerprint is SHA256:htIQABZZdudyHVZbppjWeY2d/pQQ0km8k+i/39SZ04Q. ECDSA key fingerprint is MD5:78:6e:b3:3d:fc:29:b2:b0:fc:2f:6d:d6:ff:3c:63:1a. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]‘s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh ‘192.168.1.20‘" and check to make sure that only the key(s) you wanted were added.
3,把被管理的主機加入到/etc/ansible/hosts文件中
[web] ##給被管理的主機進行分組
192.168.1.19
192.168.1.20
[db]
192.168.1.21
基於模塊的使用方法:
1,ping模塊:查看被管理主機的模塊是否處於在線狀態、
[[email protected] ~] ansible db -m ping ##查看db組中被管理的主機是否在線
192.168.1.21 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[[email protected] ~] ansible all -m ping ##all代表所有被管理的主機
192.168.1.21 | SUCCESS => {
"changed": false,
"ping": "pong" ##如果處於在線狀態,會放回一個pong的提示
}
192.168.1.19 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.20 | SUCCESS => {
"changed": false,
"ping": "pong"
}
2,user模塊:在遠程主機上創建用戶
[[email protected] ~] ansible db -m user -a ‘name=mysql state=present‘ ##present表示建立,創建一個用戶名為mysql
的用戶
192.168.1.21 | CHANGED => {
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/mysql",
"name": "mysql",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
[[email protected] ~] ansible db -m user -a ‘name=mariadb state=present system=yes‘ ##創建一個用戶名為mariadb的
系統用戶
192.168.1.21 | CHANGED => {
"changed": true,
"comment": "",
"create_home": true,
"group": 994,
"home": "/home/mariadb",
"name": "mariadb",
"shell": "/bin/bash",
"state": "present",
"system": true,
"uid": 997
}
[[email protected] ~] ansible db -m user -a ‘name=mysql state=absent‘ ##absent代表移除,刪除用戶名為mysql的用戶
192.168.1.21 | CHANGED => {
"changed": true,
"force": false,
"name": "mysql",
"remove": false,
"state": "absent"
}
3,group模塊:在遠程主機上創建用戶組
[[email protected] ~] ansible db -m group -a ‘name=tomcat state=present‘ ##創建組和創建用戶的方法差不多,只是用
的模塊上有些差異,此命令為創建一個普通的用戶組
192.168.1.21 | CHANGED => {
"changed": true,
"gid": 1000,
"name": "tomcat",
"state": "present",
"system": false
}
[[email protected] ~] ansible db -m group -a ‘name=tomcat state=absent‘ ##移除用戶組
192.168.1.21 | CHANGED => {
"changed": true,
"name": "tomcat",
"state": "absent"
}
4,copy模塊:拷貝文件到遠程主機
[[email protected] ~] ansible db -m copy -a ‘src=/root/test dest=/root/‘ ##拷貝一個test文件到對方主機的root目錄下,src
指定源文件,dest指定目標文件的存放目錄
192.168.1.21 | CHANGED => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/root/test",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1556108167.92-277769296604040/source",
"state": "file",
"uid": 0
}
5,yum模塊:在遠程主機上安裝軟件(需要在遠程主機上安裝好yum源,才能夠安裝軟件)
[[email protected] ~] ansible db -m yum -a "name=vsftpd" ##安裝vsftpd
192.168.1.21 | CHANGED => {
"ansible_facts": {
"pkg_mgr": "yum"
},
"changed": true,
"msg": "Repository ‘cdrom‘ is missing name in configuration, using id\n",
"rc": 0, ##rc返回值為0代表執行成功
......
[[email protected] ~] ansible db -m yum -a ‘name=vsftpd state=absent‘ ##刪除已安裝的軟件包
192.168.1.21 | CHANGED => {
"ansible_facts": {
"pkg_mgr": "yum"
},
"changed": true,
"msg": "Repository ‘cdrom‘ is missing name in configuration, using id\n",
"rc": 0,
"results": [
......
6,shell模塊:可以在遠程主機上執行shell命令
[[email protected] ~] ansible db -m shell -a ‘hostname‘ ##在遠程主機上執行hostname命令
192.168.1.21 | CHANGED | rc=0 >>
localhost.localdomain
7,script模塊:在遠程主機上執行shell腳本,不用把腳本傳遞到遠程主機上即可執行
編寫一個test腳本
[[email protected] ~] vim test.sh
#!/bin/bash
wall hello word
不用給創建的腳本執行權限,就可以使遠程主機執行腳本
[[email protected] ~] ansible db -m script -a /root/test.sh ##讓遠程主機執行腳本
192.168.1.21 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.1.21 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.1.21 closed."
],
"stdout": "",
"stdout_lines": []
}
8,File:設置文件屬性
[[email protected] ~] ansible db -m file -a ‘path=/root/test owner=mariadb mode=700‘ ##給遠程主機的文件設置屬主,
和權限
192.168.1.21 | CHANGED => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0700",
"owner": "mariadb",
"path": "/root/test",
"size": 0,
"state": "file",
"uid": 997
}
[[email protected] ~] ansible db -m file -a ‘src=/root/test dest=/root/test-link state=link‘
192.168.1.21 | CHANGED => { ##給文件創建軟鏈接,當然也可以創建名為test-link硬鏈接,需要把link改成hard
"changed": true,
"dest": "/root/test-link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/root/test",
"state": "link",
"uid": 0
}
9,Cron:計劃任務
[[email protected] ~] ansible db -m shell -a ‘rpm -qa | grep crontabs‘ ##查看被管理的主機是否安裝crontabs軟件
[[email protected] ~] ansible db -m shell -a ‘systemctl status crond‘ ##查看計劃任務服務是否啟動
[[email protected] ~] ansible db -m cron -a ‘minute=*/5 job="/usr/bin/wall hello word"‘ ##設置計劃任務,每五分鐘執行一
次hello word,還可以指定小時,天,月,星期,如果沒指定,默認是*
在對方主機上執行查看是否有計劃任務
[[email protected] ~] crontab -l
#Ansible: None
*/5 * * * * /usr/bin/wall hello word
10,service模塊
[[email protected] ~] ansible db -m service -a ‘name=httpd state=started‘ #安裝http服務
192.168.1.21 | CHANGED => {
"changed": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
......
[[email protected] ~] ansible db -a ‘systemctl status httpd‘ #查看http服務是否啟動
192.168.1.21 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2019-04-24 21:54:56 EDT; 42s ago
......
[[email protected] ~] ansible db -m service -a ‘name=httpd state=stopped‘ #停止http服務
192.168.1.21 | CHANGED => {
"changed": true,
"name": "httpd",
"state": "stopped",
"status": {
......
ansible的常見模塊用法