linux批量运维工具ansible学习

最新推荐文章于 2023-09-09 22:58:37 发布

小张0071

最新推荐文章于 2023-09-09 22:58:37 发布

阅读量249

点赞数

文章标签： linux 运维 ansible

本文链接：https://blog.csdn.net/weixin_42408060/article/details/128165600

版权

ansible学习

centos7配置yum源

mkdir bak
ls
mv *.repo bak/
wget   -O   /etc/yum.repos.d/CentOS-Base.repo    http://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum makecache
yum  -y   install   epel-release
yum clean all
yum makecache

安装ansible

[root@client yum.repos.d]# yum install ansible -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * epel: mirror.01link.hk
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.9.27-1.el7 will be installed
......
......

Installed:
  ansible.noarch 0:2.9.27-1.el7
Dependency Installed:
  python-babel.noarch 0:0.9.6-8.el7                python-jinja2.noarch 0:2.7.2-4.el7
  python-markupsafe.x86_64 0:0.11-10.el7           python-paramiko.noarch 0:2.1.1-9.el7
  python2-httplib2.noarch 0:0.18.1-3.el7           python2-jmespath.noarch 0:0.9.4-2.el7
  sshpass.x86_64 0:1.06-2.el7

Complete!
[root@client yum.repos.d]#

查看ansible版本信息
[root@client ~]# ansible --version
ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

ansible相关文件

[root@client ~]# ll /etc/ansible/
total 24
-rw-r--r--. 1 root root 19985 Jan 16  2022 ansible.cfg
-rw-r--r--. 1 root root  1016 Jan 16  2022 hosts
drwxr-xr-x. 2 root root     6 Jan 16  2022 roles
/etc/ansible/ansible.cfg  主机配置文件
/etc/ansible/hosts        主机清单
/etc/ansible/roles        存放角色目录

ansible命令

#列出所有模块
ansible-doc -l
#查看指定模块的帮助用法
ansible-doc ping
#查看指定模块的帮助用法
ansible-doc -s ping
选项说明:
--version          #显示版本
-m module          #指定模块。默认为command
-v                 #详细过程 -vv -vvv更详细
--list-hosts       #显示主机列表 可简写 --list
-k，--ask-pass     #提示输入ssh连接密码。默认key验证
-c，--check        #检查，并不执行
-T，--timeout=     #执行命令的超时时间，默认10s
-u，--user=user    #执行远程执行的用户
-b，--become       #代替旧版的sudo切换
--become-user=user #指定sudo用的runas用户，默认root
-k，--ask-become-pass#提示输入sudo时的口令


#配置文件的主机名称
[root@ansible ~]# cat /etc/ansible/hosts
文件最后位置
## db-[99:101]-node.example.com
[websrvs]
192.168.160.[129:130]

[dbsrvs]
192.168.160.130

[appssrvs]
192.168.160.[128:130]

#ping主机
ALL：表示所有inventory中的所有主机
[root@ansible ~]# ansible all  -m  ping
192.168.160.129 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
192.168.160.130 | SUCCESS => {
......
}
192.168.160.128 | SUCCESS => {
 ......
}

#查看分组机器信息
[root@ansible ~]# ansible appssrvs --list-hosts
  hosts (3):
    192.168.160.128
    192.168.160.129
    192.168.160.130

#通配符 * 
ansible "*" -m ping
ansible 192.168.160.* -m ping
ansible "*" --list-hosts
或关系
128或130
ansible 192.168.160.128:192.168.160.130 -m ping
ansible "websrvs:dbsrvs" -m ping
逻辑与
在websrvs组并且在dbsrvs组中的主机
ansible "websrvs:&dbsrvs" -m ping
逻辑非
在websrvs组中，单不在dbsrvs组中的主机（单引号）
ansible 'websrvs:!dbsrvs' -m ping
正则表达式
ansible "~(web|db)srvs" -m ping
以wang用户执行ping存活检测
ansible all -m ping -u wang -k

ansible命令执行过程

1.加载自己的配置文件默认/etc/ansible/ansible.cfg
2.加载自己对应的模块文件，如：command
3.通过ansible将模块或命令生成对应的临时py文件，并将该文件传输只远程服务器的对应执行用户
$HOME/.ansible/tmp/ansible-tmp-数字/xxx.py文件
4.给文件+x执行
5.执行并返回结果
6.删除临时py文件，退出
#查看执行过程
ansible "~(web|db)srvs" -v -m  ping
ansible "~(web|db)srvs" -vv -m  ping
ansible "~(web|db)srvs" -vvv -m  ping

ansible相关模块

ansible-galaxy

#查看
ansible-galaxy list
#安装
ansible-galaxy install geerlingguy.mysql
#卸载
ansible-galaxy remove  geerlingguy.mysql

ansible-playbook

ansible-vault encrypt hello.yml #加密文件
ansible-vault decrypt hello.yml #解密文件
ansible-vault rekey hello.yml   #修改加密密码

ansible-console

[root@ansible ~]# ansible-console
Welcome to the ansible console.
Type help or ? to list commands.

root@all (3)[f:5]$ list
192.168.160.130
192.168.160.128
192.168.160.129
root@all (3)[f:5]$ cd appssrvs
root@appssrvs (3)[f:5]$ list
192.168.160.128
192.168.160.129
192.168.160.130
root@appssrvs (3)[f:5]$ cd websrvs
root@websrvs (2)[f:5]$ list
192.168.160.129
192.168.160.130

切换组：cd 主机组 
设置并发数；forks n  
列出当前组主机列表：list

ansible-常用模块

commadn模块

功能：远程主机上执行命令，默认模块，可以忽略-m选项
[root@ansible ~]# ansible websrvs -m command -a 'cat /etc/redhat-release'
192.168.160.129 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
192.168.160.130 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
[root@ansible ~]# ansible websrvs -m command -a 'chdir=/etc cat redhat-release'
192.168.160.129 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
192.168.160.130 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)

[root@ansible ~]# ansible all -m command -a 'removes=/tmp/test.txt cat /etc/redhat-release'
192.168.160.130 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
192.168.160.128 | SUCCESS | rc=0 >>
skipped, since /tmp/test.txt does not exist
192.168.160.129 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
[root@ansible ~]# ansible all -m command -a 'creates=/tmp/test.txt cat /etc/redhat-release'
192.168.160.130 | SUCCESS | rc=0 >>
skipped, since /tmp/test.txt exists
192.168.160.129 | SUCCESS | rc=0 >>
skipped, since /tmp/test.txt exists
192.168.160.128 | CHANGED | rc=0 >>
CentOS Linux release 7.6.1810 (Core)

shell模块

功能：和command类似，用shell执行命令
#查看主机名
[root@ansible ~]# ansible all -m shell -a 'echo $HOSTNAME'
192.168.160.130 | CHANGED | rc=0 >>
clinet1
192.168.160.128 | CHANGED | rc=0 >>
ansible
192.168.160.129 | CHANGED | rc=0 >>
client
#修改密码
[root@ansible ~]# ansible all -m shell -a 'echo 123456| passwd --stdin root '
192.168.160.130 | CHANGED | rc=0 >>
Changing password for user root.
passwd: all authentication tokens updated successfully.
192.168.160.129 | CHANGED | rc=0 >>
Changing password for user root.
passwd: all authentication tokens updated successfully.
192.168.160.128 | CHANGED | rc=0 >>
Changing password for user root.
passwd: all authentication tokens updated successfully.

[root@ansible ~]# ansible all -m shell -a 'echo hello >/tmp/hello.log '
192.168.160.128 | CHANGED | rc=0 >>

192.168.160.130 | CHANGED | rc=0 >>

192.168.160.129 | CHANGED | rc=0 >>

[root@ansible ~]# ansible all -m shell -a 'ls -l /tmp/hello.log '
192.168.160.128 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 6 Dec  1 20:51 /tmp/hello.log
192.168.160.129 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 6 Dec  1 20:51 /tmp/hello.log
192.168.160.130 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 6 Dec  1 20:51 /tmp/hello.log




#查看文件removes文件存在就执行后面的命令
[root@ansible ~]# ansible all -m shell -a ' chdir=/tmp  removes=/etc/issue cat /tmp/hello.log '
192.168.160.130 | CHANGED | rc=0 >>
hello
192.168.160.128 | CHANGED | rc=0 >>
hello
192.168.160.129 | CHANGED | rc=0 >>
hello
#查看文件，文件存在就不执行后面的命令（creates）
[root@ansible ~]# ansible all -m shell -a ' chdir=/tmp  creates=/etc/issue cat /tmp/hello.log '
192.168.160.128 | SUCCESS | rc=0 >>
skipped, since /etc/issue exists
192.168.160.130 | SUCCESS | rc=0 >>
skipped, since /etc/issue exists
192.168.160.129 | SUCCESS | rc=0 >>
skipped, since /etc/issue exists

#修改ansible默认模块为shell模块
[root@ansible ~]# vim /etc/ansible/ansible.cfg
# default module name for /usr/bin/ansible
#module_name = command
module_name = shell

script模块

功能：在远程主机上运行ansible服务器上的脚本

ansible websrvs -m script -a  '/root/test.sh'

copy模块

功能：将ansible服务器主控端复制文件到远程主机
#直接在远端生成文件
ansible websrvs -m copy -a "content='test line1\ntest line2' dest=/tmp/test.txt"
#拷贝文件到远端服务器
ansible websrvs -m copy -a "src=/etc/redhat-release dest=/tmp/os.txt"
#拷贝文件夹到远端
ansible websrvs -m copy -a "src=/etc/sysconfig dest=/tmp/"

fetch模块

功能：从远程主机提取文件到ansible的主控端，copy相反，目前不支持目录
#提取远程主机版本信息
ansible all -m fetch -a 'src=/etc/redhat-release dest=/tmp/release'

[root@ansible ~]# tree /tmp/release/
/tmp/release/
├── 192.168.160.128
│   └── etc
│       └── redhat-release
├── 192.168.160.129
│   └── etc
│       └── redhat-release
└── 192.168.160.130
    └── etc
        └── redhat-release

6 directories, 3 files

file模块

功能：设置文件属性
#创建空文件
ansible websrvs -m file -a 'path=/tmp/test111.txt state=touch'
#删除文件
ansible websrvs -m file -a 'path=/tmp/test111.txt state=absent'
#创建目录并修改目录属性
ansible websrvs -m file -a "path=/tmp/ceshi state=directory owner=test group=test"
#创建软连接
ansible websrvs -m file -a 'src=/tmp/test.txt dest=/tmp/os.txt-link state=link'

[root@client ~]# ll /tmp/
total 16
drwxr-xr-x  2 test test    6 Dec  2 19:42 ceshi
drwxr-xr-x  2 root root    6 Dec  2 19:39 mysql
-rw-r--r--  1 root root   38 Dec  2 12:31 os.txt
lrwxrwxrwx  1 root root   13 Dec  2 19:45 os.txt-link -> /tmp/test.txt
drwx------  3 root root   17 Dec  2 12:09 systemd-private-da01c930b85a45cd9c96230851426d44-chronyd.service-tu4Vts
drwx------  3 root root   17 Dec  2 12:09 systemd-private-da01c930b85a45cd9c96230851426d44-cups.service-0Fldo3
drwxr-xr-x  2 root root    6 Dec  2 19:41 test
-rw-r--r--  1 root root   21 Dec  2 12:29 test.txt
drwx------  2 root root    6 Dec  1 10:20 vmware-root_6190-1002485829
drwx------  2 root root    6 Dec  2 12:09 vmware-root_6266-692817840
-rw-------. 1 root root 1927 Nov 30 10:03 yum_save_tx.2022-11-30.10-03.xDXfGb.yumtx
-rw-------. 1 root root 1927 Nov 30 10:10 yum_save_tx.2022-11-30.10-10.NBMhSW.yumtx
[root@client ~]#

unarchive模块

功能：解包解压缩
两种用法：
1.将ansible主机上的压缩包传到远程主机后解压缩至特定目录，设置copy=yes
2.将远程主机上的某个压缩包解压到指定路径下，设置copy=no
#将etc打包
tar zcvf /root/etc.tar.gz /etc
#将ansible主机上etc.tar.gz 用户解压到目标主机目录下，并修改所属用户
ansible websrvs -m unarchive -a 'src=/root/etc.tar.gz dest=/tmp/data/ owner=test'
#将压缩包拷贝到远程主机
ansible websrvs -m copy -a 'src=/root/etc.tar.gz dest=/tmp/data'
#本地解压压缩包到/opt目录下，需要添加copy=no参数，说明包在本地不需要拷贝过去
ansible websrvs -m unarchive -a 'src=/tmp/data/etc.tar.gz dest=/opt/  mode=700 copy=no'

archive模块

功能：打包压缩
#将ansible主机的的/var/log/打包压缩并复制到远端主机的目录下
ansible websrvs -m archive -a 'path=/var/log/ dest=/tmp/data/log.tar.gz format=tar owner=test mode=0600'
#查看打包的文件
[root@ansible ~]# ansible websrvs  -a 'ls -l /tmp/data'
192.168.160.129 | CHANGED | rc=0 >>
total 22016
-rw-r--r--   1 root root 11756951 Dec  3 15:05 etc.tar.gz
-rw-------   1 test root 10772480 Dec  3 15:14 log.tar.gz
192.168.160.130 | CHANGED | rc=0 >>
total 22216
-rw-r--r-- 1 root root 11756951 Dec  3 15:05 etc.tar.gz
-rw------- 1 test root 10987520 Dec  3 15:14 log.tar.gz

hostname模块

功能：管理主机名
#修改主机名
ansible 192.168.160.130 -m hostname -a 'name=centos7-study'
ansible 192.168.160.129 -m hostname -a  'name=centos7-study_1'
#查看修改后主机名
[root@ansible ~]# ansible all -a  'hostname'
192.168.160.129 | CHANGED | rc=0 >>
centos7-study_1
192.168.160.130 | CHANGED | rc=0 >>
centos7-study
192.168.160.128 | CHANGED | rc=0 >>
ansible

cron模块

功能：计划任务
支持时间：minute.hour.day.month.weekday
分-小时-天-月-周

#创建计划任务
ansible dbsrvs -m cron -a 'hour=2 minute=30 weekday=1-5 name="backup" job=/root/backup.sh'
#查看计划任务
[root@ansible ~]# ansible dbsrvs -a 'crontab -l'
192.168.160.130 | CHANGED | rc=0 >>
#Ansible: backup
30 2 * * 1-5 /root/backup.sh
#2点30 每周一到周五
#禁用计划任务
ansible dbsrvs -m cron -a 'hour=2 minute=30 weekday=1-5 name="backup" job=/root/backup.sh disabled=yes''

[root@ansible ~]# ansible dbsrvs -a 'crontab -l'
192.168.160.130 | CHANGED | rc=0 >>
#Ansible: backup
#30 2 * * 1-5 /root/backup.sh

#启用计划任务
ansible dbsrvs -m cron -a 'hour=2 minute=30 weekday=1-5 name="backup" job=/root/backup.sh disabled=no'

删除计划任务
ansible dbsrvs -m cron -a 'name='backup' state=absent'

yum模块

功能:管理软件包，只支持rehl，centos 不支持ubuntu其他版本
#安装yum包
ansible websrvs -m yum -a "name=httpd"
#卸载软件包
ansible websrvs -m yum -a "name=httpd state=absent"

service模块

功能：管理服务
#启动服务
ansible websrvs -m service -a "name=httpd state=started"
#停止服务
ansible websrvs -m service -a "name=httpd state=stopped"
#启动服务设置开机启动
ansible websrvs -m service -a "name=httpd state=started enabled=yes"
#修改端口
ansible websrvs -m shell -a "sed -i 's/^Listen 80/Listen 8080/' /etc/httpd/conf/httpd.conf"
#重启服务
ansible websrvs -m service -a "name=httpd state=restarted"
#查看端口
ss -ntl

group模块

功能：管理组
#新建组并指定id
ansible websrvs -m group -a 'name=ceshi gid=88 system=yes'
#删除组
ansible websrvs -m group -a 'name=ceshi state=absent'

user模块

功能：管理用户
#新建用户指定用户组和家目录
ansible websrvs -m user -a 'name=user1 comment="test user" uid=2048 home=/tmp/user1 group=test'
#删除用户寄家目录
ansible websrvs -m user -a 'name=user1 state=absent remove=yes'

lineinfile模块

功能：相当于sed，可以修改文件内容
#修改文件内容
ansible all -m lineinfile -a "path=/etc/selinux/config regexp='^SELINUX=' line='SELINUX=enforcing'"
ansible all -m lineinfile -a "path=/etc/selinux/config regexp='^SELINUX=' line='SELINUX=disabled'"
#将fstab文件注释行删除
ansible  all -m lineinfile -a 'dest=/etc/fstab state=absent regexp="^#"'

replace模块

功能：类似于sed，主要基于正则进行匹配和替换
#修改文件将uuid开头全部注释
ansible all -m replace -a "path=/etc/fstab regexp='^(UUID.*)' replace='#\1'"
#修改文件将#开头全部改回
ansible all -m replace -a "path=/etc/fstab regexp='^#(.*)' replace='\1'"

setup模块

功能：用来收集主机的系统信息
#查看主机全部信息
ansible websrvs -m setup
#过滤信息
ansible all -m setup -a 'filter=ansible_distribution_major_version'
ansible all -m setup -a 'filter=ansible_python_version'
ansible all -m setup -a 'filter=ansible_nodename'
ansible all -m setup -a 'filter=ansible_domain'
ansible all -m setup -a 'filter=ansible_memory_mb'
ansible all -m setup -a 'filter=ansible_memtotal_mb'
ansible all -m setup -a 'filter=ansible_nodename'
ansible all -m setup -a 'filter=ansible_domain'
ansible all -m setup -a 'filter=ansible_memory_mb'
ansible all -m setup -a 'filter=ansible_os_family'
ansible all -m setup -a 'filter=ansible_all_ipv4_addresses'
ansible all -m setup -a 'filter=ansible_processor_vcpus'

有兴趣的小伙伴关注微信公众号一起学习