1.ansible基础
yum install ansible #安装
#1.基于密码方式
vim /etc/ansible/hosts
------------------/etc/ansible/hosts-------------------
[webservers]
172.16.1.31 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='123456'
------------------/etc/ansible/hosts-------------------
#2.基于密钥方式(默认)
ssh-keygen -C 123456@qq.com #在61服务器上生产密钥对,将公钥推送到各个服务器
ll ~/.ssh/#查看密钥
#将公钥推给10.0.0.7的服务器
ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.7#-i 指定公钥的位置
vim /etc/ansible/hosts
------------------/etc/ansible/hosts-------------------
[webservers]
172.16.1.31
------------------/etc/ansible/hosts结束----------------
#3.其他类写法(基于密钥)
vim /etc/ansible/hosts
------------------/etc/ansible/hosts-------------------
[webservers]
web01 ansible_ssh_host=172.16.1.7
web02 ansible_ssh_host=172.16.1.8
------------------/etc/ansible/hosts结束----------------
ansible webservers -m ping #测试能否通信
ansible配置文件查找的顺序:$ANSIBLE_CONFIG→./ansible.conf→当前用户家目录下ansible.conf→/etc/ansible/ansible.conf
2.ansible Ad-hoc [playbook基础]
ansible webservesrs -m command -a 'df -h'
#绿色:正常 黄色:更改了 红色:报错
ad-hoc模块 | |
---|---|
命令 | command |
安装 | yum |
配置 | copy |
启动 | systemd |
挂载 | mount |
定时 | cron |
用户 | user |
防火墙 | selinux |
- command与shell
ansible webservers -m command -a 'ps -ef | grep nginx' #不支持管道
ansible webservers -m shell -a 'ps -ef | grep nginx' #支持管道
- yum模块
name:软件包名称
state:
present:安装
absent:卸载
latest:安装最新版
enablerepo:指定仓库下载
disablerepo:禁止该仓库下载
ansibel webservers -m yum -a 'name=httpd state=present' #安装当前最新软件,存在则不安装
ansible webservers -m yum -a 'name=httpd state=present enablerepo=epel' #通过epel仓库安装
ansible webservers -m yum -a "name=https://mirror.tuna.tsinghua.edu.cn/zabbix/zabbix/5.0/rhel/7/x86_64/zabbix-agent-5.0.0-1.el7.x86_64.rpm state=present" #通过公网安装
ansible webservers -m yum -a "name=httpd state=latest" #安装最新版,存在则更新
ansible webservers -m yum -a 'name=* state=latest exclude=kernel' #更新除了kernel的所有软件
ansible webservers -m yum -a 'name=httpd state=absent' #卸载httpd
- copy模块
copy:
src:要拷贝的文件(相对路径、绝对路径)
dest:拷贝到目标主机的路径
owner:文件的属主
group:文件的属组
mode:文件权限
backup:备份(只有变化时才做备份)
content:往目标主机中增加内容(重定向)
ansible sebservers -m copy -a "src=./export.j2 dest=/etc/exports owner=root group=root mode=644"
ansible webservers -m copy -a "src=./exports.j2 dest=/etc/exports owner=root group=root mode=644 backup=yes"
ansible webservers -m copy -a "content="http-test" dest=/tmp/1.txt"
vim ./exports.j2
---------------------./exports.j2---------------------------
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
---------------------./exports.j2结束---------------------------
ansible webservers -m copy -a 'src=./exports.j2 dest=/etc/exports owner=root group=root mode=644 backup=yes'
- group、user模块
group:
state:present、absent
gid:指定gid
user:
name:用户名
uid:指定uid
group:指定组
groups:附加组append=yes
shell:指定登陆shell
create_home:创建用户家目录
state:present、absent
remove:移除用户相关的文件
ansible webservers -m group -a "name=www gid=666 state=present"
ansible webservers -m user -a "name=www uid=666 create_home=no shell=/no/login group=www state=present"
ansible webservers -m user -a "name=test uid=555"
ansible webservers -m user -a "name=test uid=555 state=absent remove=yes"
#创建jsm用户,为其添加123作为登录密码,并且创建家目录
ansible localhost -m debug -a "msg={{ '123' | password_hash('sha512', 'salt') }}"
ansible webservers -m user -a 'name=jsm password="$6$salt$jkHSO0tOjRlzfzIvKyXeGdOfCBoW1wJZPLyQ9Qx/1" create_home=yes'
- file模块
path:指定被控端的路径
state:touch、directory、link
owner:属主,默认root
group:属组,默认root
mode:文件默认644,目录755
recurse:递归授权
ansible webservers -m file -a "path=/data state=directory owner=www group=www mode=755 recurse=yes"
ansible webservers -m file -a "path=/data/test state=touch owner=www group=www mode=644"
- 启动systemd | service
name:started、reloaded、stoped、restarted
enabled:yes、no是否加入开机自启
ansible webservers -m systemd -a "name=nfs state=started enable=yes"
ansible webservers -m systemd -a "name=nfs state=stop enable=yes"
- 客户端测试mount
path:被控端要挂载的目录
src:设备 | nfs | 磁盘 | 光盘 /dev/sda1
fstype:nfs、xfs、iso9660光盘
otps:ro,noauto、defaults
state:
mounted:挂载设备,并加入开机自启
present:写入fstab,不挂载
absent:卸载设备,会清除/etc/fstab
unmounted:卸载,不清除/etc/fstab
remounted:重新挂载
vim /etc/ansible/ansible.conf
--------------------------/etc/ansible/ansible.conf------------------------------
[webservers]
172.16.1.7
172.16.1.8
[client]
172.16.1.41
-------------------------/etc/ansible/ansible.conf结束----------------------------
ansible client -m mount -a "src=172.16.1.7:/data path=/opt fstype=nfs opts=defaults state=mounted"
ansible client -m mount -a "src=172.16.1.8:/data path=/mnt fstype=nfs opts=defaults state=mounted"
ansible client -m mount -a "path=/mnt src=172.16.1.8:/data fstype=nfs opts=defaults state=unmounted" #会清除/etc/fstab
ansible client -m mount -a "path=/opt src=172.16.1.7:/data fstype=nfs opts=defaults state=absent" #不会清除fstab
- playbook
vim /project/nfs_server_client.yaml
- hosts: webservers
tasks:
- name: Installed NFS Server
yum:
name: nfs-utils
state: present
- name: Configure NFS Server
copy:
src: ./exports.j2
dest: /etc/exports
owner: root
group: root
mode: 644
- name: Init NFS Server Group
group:
name: www
gid: 666
- name: Init NFS Server User
user:
name: www
uid: 666
group: www
- name: Init NFS Server Data
file:
path: /data
state: directory
owner: www
group: www
mode: 755
recurse: yes
- name: Systemd Started NFS Server
systemd:
name: nfs
state: started
enabled: yes
- hosts: client
tasks:
- name: Client Point Data
mount:
src: 172.16.1.7:/data
path: /opt
fstype: nfs
opts: defaults
state: mounted
- name: Client Point Data
mount:
src: 172.16.1.8:/data
path: /mnt
fstype: nfs
opts: defaults
state: mounted