ansible及AD-HOK

远程执行和配置管理工具

安装：先装epel源，yum安装即可

配置文件：/etc/ansible/ansible.cfg

在/etc/ansible/hosts 文件里加名称与ip

生成密钥对：ssh-keygen -t rsa

ssh-copy-id -i id_rsa.pub 192.168.15.21

客户端需要有python2

测试通不通：ansible 192.168.15.22 -m ping

1、ssh协议

2、密钥方式

ansible有三种方式

1、AD-HOK 一次性命令 使用ansible命令+被控端主机+-m 模块名称 【-a '模块方法'】

2、playbook 剧本 ansible-playbook 【opstion】playbook_file

· 3、ansible-roles 角色 角色是playbook的集合，执行也是playbook命令

ansible-playbook rolesfile

ansible-doc ping 打印详细信息 -s 简略打印

常用模块：

-m command 默认模块 后面跟-a "linux命令行"

argv: # Passes the command as a list rather than a string. Use `argv' to avoid quoting values that would otherwise be interpreted incorrectly (for example "user name"). Only the string or the list form can be provided, not both. One or the other must be provided. chdir: # Change into this directory before running the command. cmd: # The command to run. creates: # A filename or (since 2.0) glob pattern. If it already exists, this step *won't* be run. free_form: # The command module takes a free form command to run. There is no actual parameter named 'free form'. removes: # A filename or (since 2.0) glob pattern. If it already exists, this step *will* be run. stdin: # Set the stdin of the command directly to the specified value. stdin_add_newline: # If set to `yes', append a newline to stdin data. strip_empty_ends: # Strip empty lines from the end of stdout/stderr in result. warn: # Enable or disable task warnings.

-m shell 超级命令/

shell: chdir: # Change into this directory before running the command. cmd: # The command to run followed by optional arguments. creates: # A filename, when it already exists, this step will *not* be run. executable: # Change the shell used to execute the command. This expects an absolute path to the executable. free_form: # The shell module takes a free form command to run, as a string. There is no actual parameter named 'free form'. See the examples on how to use this module. removes: # A filename, when it does not exist, this step will *not* be run. stdin: # Set the stdin of the command directly to the specified value. stdin_add_newline: # Whether to append a newline to stdin data. warn: # Whether to enable task warnings.

ansible 192.168.15.21 -m shell -a "echo 123 > test1"

script模块 被控端运行脚本，但是脚本在服务端上（本机）

script: chdir: # Change into this directory on the remote node before running the script. cmd: # Path to the local script to run followed by optional arguments. creates: # A filename on the remote node, when it already exists, this step will *not* be run. decrypt: # This option controls the autodecryption of source files using vault. executable: # Name or path of a executable to invoke the script with. free_form必选: # Path to the local script file followed by optional arguments. removes: # A filename on the remote node, when it does not exist, this step will *not* be run.

copy模块 从主控端传输文件或者目录到被控端

backup: # Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.名字重复备份，否则覆盖 checksum: # SHA1 checksum of the file being transferred. Used to validate that the copy of the file was successful. If this is not provided, ansible will use the local calculated checksum of the src file. content: 直接创建文件 # When used instead of `src', sets the contents of a file directly to the specified value. Works only when `dest' is a file. Creates the file if it does not exist. For advanced formatting or if `content' contains a variable, use the [template] module. decrypt: 自动加密 # This option controls the autodecryption of source files using vault. dest: 路径 # (required) Remote absolute path where the file should be copied to. If `src' is a directory, this must be a directory too. If `dest' is a non-existent path and if either `dest' ends with "/" or `src' is a directory, `dest' is created. If `dest' is a relative path, the starting directory is determined by the remote host. If `src' and `dest' are files, the parent directory of `dest' is not created and the task fails if it does not already exist. directory_mode:设置权限 # When doing a recursive copy set the mode for the directories. If this is not set we will use the system defaults. The mode is only set on directories which are newly created, and will not affect those that already existed. follow: 打flag # This flag indicates that filesystem links in the destination, if they exist, should be followed. force: 强制 # Influence whether the remote file must always be replaced. If `yes', the remote file will be replaced when contents are different than the source. If `no', the file will only be transferred if the destination does not exist. Alias `thirsty' has been deprecated and will be removed in 2.13. group: 组 # Name of the group that should own the file/directory, as would be fed to `chown'. local_follow: # This flag indicates that filesystem links in the source tree, if they exist, should be followed. mode: 权限 # The permissions of the destination file or directory. For those used to `/usr/bin/chmod' remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like `0644' or `01777')or quote it (like `'644'' or `'1777'') so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results. As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, `u+rwx' or `u=rw,g=r,o=r'). As of Ansible 2.3, the mode may also be the special string `preserve'. `preserve' means that the file will be given the same permissions as the source file. owner: # Name of the user that should own the file/directory, as would be fed to `chown'. remote_src: # Influence whether `src' needs to be transferred or already is present remotely. If `no', it will search for `src' at originating/master machine. If `yes' it will go to the remote/target machine for the `src'. `remote_src' supports recursive copying as of version 2.8. `remote_src' only works with `mode=preserve' as of version 2.6.

ansible test1 -m copy -a "content='test1 \r\ntest2' dest=/tmp/test1 owner=root group=root mode=644 backup=yes" 直接创建文件

ansible test1 -m copy -a "src=/etc/fstab dest=/tmp/fstab1 owner=root group=root mode=644 backup=yes" 传输文件

ansible test1 -m copy -a "src=/etc/ansible dest=/tmp/ansible mode=644 backup=yes" 传输目录

fetch模块 把被控端文件搞到主控端服务器上

fetch: dest: # (required) A directory to save the file into. For example, if the `dest' directory is `/backup' a `src' file named `/etc/profile' on host `host.example.com', would be saved into `/backup/host.example.com/etc/profile'. The host name is based on the inventory name. fail_on_missing: # When set to `yes', the task will fail if the remote file cannot be read for any reason. Prior to Ansible 2.5, setting this would only fail if the source file was missing. The default was changed to `yes' in Ansible 2.5. flat: # Allows you to override the default behavior of appending hostname/path/to/file to the destination. If `dest' ends with '/', it will use the basename of the source file, similar to the copy module. This can be useful if working with a single host, or if retrieving files that are uniquely named per host. If using multiple hosts with the same filename, the file will be overwritten for each host. src: # (required) The file on the remote system to fetch. This `must' be a file, not a directory. Recursive fetching may be supported in a later release. validate_checksum: # Verify that the source and destination checksums match after the files are fetched.

ansible test1 -m fetch -a "src=/etc/ssh/sshd_config dest=/tmp /sshd"

file模块 创建文件或目录的模块

path:必选 # (required) Path to the file being managed. recurse 递归 state

ansible 192.168.15.21 -m file -a "path=/root/test.txt state=touch" 无法创建多级目录

ansible 192.168.15.21 -m file -a "path=/root/wwn/zmy recurse=yes state=directory"创建目录但不能创建文件

ansible 192.168.15.21 -m file -a "path=/root/test.txt state=absent" 删除操作

ansible 192.168.15.21 -m file -a "src=/root/test1 dest=/root/test-link state=link"给目录创建一个软连接

unarchive模块 压缩解压缩

ansible 192.168.15.21 -m unarchive -a "src=./redis-5.0.14.tar.gz dest=/tmp copy=yes 如yes src在主控端 dest在被控端上"

ansible 192.168.15.21 -m unarchive -a "src=./redis-5.0.14.tar.gz dest=/tmp copy=no 如copy=no，src与dest都在被控端上寻找"

archive 压缩

ansible 192.168.10.21 -m archive -a "path=/var/log dest=/tmp/log.tar.gz owner=root group=root"

hostname 模块 改主机名

cron 模块 定时任务

可以不加时间加special time 每周一次 weekly reboot重启

ansible ip -m cron -a "'name=crontab test' minute=5 hour=1 day=*/3 job= "

加backup=yes是备份 在tmp下

删除 state=absent

注释：：

yum 模块 安装和卸载

ansible 192.168.15.21 -m yum -a "name=iftop" 安装 卸载加state=absent

services 模块

ansible 192.168.15.21 -m service -a "name=nginx state=started enable=yes"

group模块 创建组

ansible 192.168.15.21 -m group -a "name=nginx gid=1020 system=yes（系统用户）"

user模块

ansible 192.168.15.21 -m user -a "name=nginx group=1020 uid=1020 system=yes

shell=/sbin/nologin

lineinfile 模块 文件修改文件过滤

ansible 192.168.15.20 -m lineinfile -a "path=/testdir/test line='test lineinfile'" 追加到末尾

ansible 192.168.15.20 -m lineinfile -a "path=/testdir/test regexp= ‘^line' line='test lineinfile' " 替换，但只能替换一行，且改变的是、靠后的一行，没有匹配到的话会直接追加

ansible 192.168.15.20 -m lineinfile -a "path=/testdir/test line='test lineinfile' state=absent 精确匹配（line）regexp是模糊匹配"

replace模块

setup模块 查看系统信息