Ansible:
Ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet,cfengine,chef,func,fabric)的优点,实现了批量系统配置,批量程序部署,批量运行命令等功能。
Ansible是基于模块工作的,本身没有批量部署的能力,真正具有批量部署的是Ansible所运行的模块,Ansible只是提供一种框架。
自动化运维工具:
- puppet:基于ruby语言开发,属于C/S架构,兼容linux,windows,unix,支持1000台主机以上。
- saltstack:基于python语言开发,属于C/S架构,统一管理,轻量级,支持1000台主机以上。
- ansible:基于python语言开发,属于无客户端模式,使用ssh协议管理,支持100台以上。
Ansible特性:
- 模块化:调用特定的模块,完成特定任务。
- 有Paramiko,PyYAML,Jinja2(模板语言)三个关键模块。
- 支持自定义模块。
- 基于Python语言实现。
- 部署简单:基于Python和SSH(默认已安装),agentless。
- 安全:基于OpenSSH。
- 支持playbook编排任务。
- 幂等性:一个任务执行一遍和执行N遍效果一样,不因重复执行带来意外状况。
- 无需代理不依赖PKI(无需ssl)。
- 可使用任何编程语言写模块。
- YAML格式,编排任务,支持丰富的数据结构。
- 较强大的多层解决方案。
Ansible组成部分:
- Ansible core:Ansible核心程序。
- HostInventory:记录有Ansible管理的主机信息,包括端口,密码,IP等。
- ConnectionPlugins:连接插件,用来和被控端通信。
- Playbook:剧本,YAML格式文件,多个任务定义在一个文件中。
- CoreModules:核心模块。
- CustomModules:自定义模块。
ssh原理:
私钥加密,公钥解密:
在主控端生成一对密钥,把公钥传递到远程的主机上,当主控端想要去连接远程主机,远程主机会随机发送一串字符给主控端,主控端将这串字符加密,发送给远程主机,远程主机用公钥来进行解密,解密出的字符如果和自己生成的字符一直,则主控端验证通过。
安装Ansible:
Host | 网络信息: |
---|---|
主控端 | ens33:192.168.43.23 |
Host1 | ens33:192.168.43.241 |
Host1 | ens33:192.168.43.104 |
主控端:
方法一:
[root@localhost ansible]# ls
ansible-2.4.2.0-2.el7.noarch.rpm python-httplib2-0.9.2-1.el7.noarch.rpm python-passlib-1.6.5-2.el7.noarch.rpm
libyaml-0.1.4-11.el7_0.x86_64.rpm python-jinja2-2.7.2-2.el7.noarch.rpm pyyaml-3.10-11.el7.x86_64.rpm
python2-jmespath-0.9.0-3.el7.noarch.rpm python-markupsafe-0.11-10.el7.x86_64.rpm sshpass-1.06-2.el7.x86_64.rpm
python-babel-0.9.6-8.el7.noarch.rpm python-paramiko-2.1.1-2.el7.noarch.rpm
[root@localhost ansible]# pwd
/root/ansible
[root@localhost ansible]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# vim ansible.repo
[ansible]
name=ansible
baseurl=file:///root/ansible
enabled=1
gpgcheck=0
[root@localhost yum.repos.d]# createrepo /root/ansible
Spawning worker 0 with 6 pkgs
Spawning worker 1 with 5 pkgs
Workers Finished
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete
[root@localhost yum.repos.d]# yum -y install ansible
[root@localhost yum.repos.d]# ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
方法二:
[root@localhost ~]# yum -y install ansible.noarch
[root@localhost ~]# ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
ssh免密登录:
[root@localhost yum.repos.d]# yum -y install openssh openssh-devel openssl openssl-devel
[root@localhost yum.repos.d]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:zzj2bNrD0MsJi0jLBXRqY4STyNYcqa5FXmAqnW0bRnI root@localhost
The key's randomart image is:
+---[RSA 2048]----+
|..o+o |
|.oB+E . |
|.+.@ o |
|o.+ % |
|oo * = S. |
| .o o . o+. |
|.. o + .+*oo |
|. + ...=B |
| .o+. |
+----[SHA256]-----+
[root@localhost yum.repos.d]# ssh-copy-id root@192.168.43.23
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.43.23 (192.168.43.23)' can't be established.
ECDSA key fingerprint is SHA256:PjbUpTdGG1FtiYjG1P2DIADe646/IxZq5ge0sQybAhE.
ECDSA key fingerprint is MD5:86:09:71:21:24:06:f4:9b:ae:08:08:ea:4c:31:84:8f.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.43.23's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.43.23'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost yum.repos.d]# ssh-copy-id root@192.168.43.241
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.43.241 (192.168.43.241)' can't be established.
ECDSA key fingerprint is SHA256:pQXV+j1JjfR1c2ESn2FEtfxeC5Oumv14JQMnR7S5Yic.
ECDSA key fingerprint is MD5:23:72:5e:ea:11:13:c2:b7:c4:8f:1b:0f:a4:d7:05:9b.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.43.241's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.43.241'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost yum.repos.d]# ssh-copy-id root@192.168.43.104
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.43.104 (192.168.43.104)' can't be established.
ECDSA key fingerprint is SHA256:VUy72dDXxHUZFcfqyGGlGYX3IGBI++aL7uNlufMJAsQ.
ECDSA key fingerprint is MD5:02:89:1d:f4:9b:66:c4:a9:a9:9e:5f:8d:d9:48:9e:f1.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.43.104's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.43.104'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost yum.repos.d]# ssh root@192.168.43.241
Last login: Wed Nov 6 14:00:13 2019 from desktop-a1km2p9
[root@localhost ~]# exit
logout
Connection to 192.168.43.241 closed.
[root@localhost yum.repos.d]# ssh root@192.168.43.104
Last login: Wed Nov 6 14:00:48 2019 from desktop-a1km2p9
[root@localhost ~]# exit
logout
Connection to 192.168.43.104 closed.
Ansible主目录:
[root@localhost yum.repos.d]# cd /etc/ansible/
[root@localhost ansible]# ls
ansible.cfg hosts roles
#ansible.cfg:配置文件
#hosts:主机清单
#roles:角色
[root@localhost ansible]# vim hosts
添加:
[webserver]
192.168.43.104
192.168.43.241
[dbserver]
192.168.43.241
Ansible命令:
格式:
ansible Hosts(主机) -module_name(模块名) -a job(对主机进行的命令操作)
Ansible消息级别所对应的颜色:
- 绿色:代表执行成功。
- 红色:代表执行失败。
- 黄色:代表执行成功,对远程主机的数据进行了修改。
- 紫色:代表警告。
列出Ansible中的所有模块:
[root@localhost ansible]# ansible-doc --list
a10_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' server object.
a10_server_axapi3 Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
a10_service_group Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' service groups.
a10_virtual_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' virtual servers...
accelerate Enable accelerated mode on remote node
... ...
... ...
查看指定模块的帮助信息:
[root@localhost mysql-5.7.22]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
ping:
data: # Data to return for the `ping' return value. If this parameter is set to `crash', the
module will cause an exception.
Ansible常用模块:
ping:
检查指定节点机器是否还能连通,用法很简单,不涉及参数,主机如果在线,则回复pong。
[root@localhost ~]# ansible webserver -m ping
192.168.43.104 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.43.241 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@localhost ~]# ansible dbserver -m ping
192.168.43.241 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@localhost ~]# ansible all -m ping
192.168.43.241 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.43.104 | SUCCESS => {
"changed": false,
"ping": "pong"
}
command:
用于在各被管理节点运行指定的命令,shell和command的区别在于shell模块可以使用特殊字符,而command是不支持。
[root@localhost ~]# ansible all -m command -a 'hostname'
192.168.43.241 | SUCCESS | rc=0 >>
localhost
192.168.43.104 | SUCCESS | rc=0 >>
localhost
参数:
-
chdir:指定当前所在目录。
[root@localhost ~]# ansible all -m command -a ‘chdir=/home ls’
192.168.43.104 | SUCCESS | rc=0 >>
gsb192.168.43.241 | SUCCESS | rc=0 >>
shaobo -
creates:当指定文件存在时,命令不执行,当指定文件不存在时,则命令执行。
[root@localhost ~]# ansible all -m command -a ‘creates=/etc/fstab cat /etc/fstab’
192.168.43.241 | SUCCESS | rc=0 >>
skipped, since /etc/fstab exists192.168.43.104 | SUCCESS | rc=0 >>
skipped, since /etc/fstab exists -
removes:当指定文件存在时,命令执行,当指定文件不存在时,则命令不执行。
[root@localhost ~]# ansible all -m command -a ‘removes=/etc/fstab cat /etc/fstab’
192.168.43.241 | SUCCESS | rc=0 >>/etc/fstab
Created by anaconda on Tue Nov 5 20:30:33 2019
Accessible filesystems, by reference, are maintained under ‘/dev/disk’
See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
/dev/mapper/cl-root / xfs defaults 0 0
UUID=0698a74d-300d-4aea-a8c9-c6b7c7c449f4 /boot xfs defaults 0 0
/dev/mapper/cl-swap swap swap defaults 0 0192.168.43.104 | SUCCESS | rc=0 >>
/etc/fstab
Created by anaconda on Mon Mar 4 21:27:17 2019
Accessible filesystems, by reference, are maintained under ‘/dev/disk’
See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
/dev/mapper/cl-root / xfs defaults 0 0
UUID=f20cd398-f878-40e5-a5d9-f7f683aabe77 /boot xfs defaults 0 0
/dev/mapper/cl-swap swap swap defaults 0 0
shell:
在远程主机上执行命令 可以指定特殊的字符。
[root@localhost ~]# ansible all -m shell -a 'ls /usr | grep src'
192.168.43.241 | SUCCESS | rc=0 >>
src
192.168.43.104 | SUCCESS | rc=0 >>
src
user:
user模块用来对远程主机上的用户进行操作,user模块所对应的请求命令是useradd, userdel, usermod。
参数:
-
name:指定创建的用户名,如果没有这个用户,就自动创建。
[root@localhost ~]# ansible all -m user -a "name=testuser "
192.168.43.104 | SUCCESS => {
“changed”: true,
“comment”: “”,
“createhome”: true,
“group”: 1001,
“home”: “/home/testuser”,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“system”: false,
“uid”: 1001
}
192.168.43.241 | SUCCESS => {
“changed”: true,
“comment”: “”,
“createhome”: true,
“group”: 1001,
“home”: “/home/testuser”,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“system”: false,
“uid”: 1001
}
[root@localhost ~]# ansible all -m shell -a “ls /home | grep test”
192.168.43.104 | SUCCESS | rc=0 >>
testuser192.168.43.241 | SUCCESS | rc=0 >>
testuser -
password:用来指定创建用户的密码。
[root@localhost ~]# openssl passwd -1 123.com
1 1 1BI5o3s0e$05rvmfSuWXfsb0i3r93wd1
[root@localhost ~]# ansible all -m user -a “name=testuser password= 1 1 1BI5o3s0e$05rvmfSuWXfsb0i3r93wd1”
192.168.43.104 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 1001,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“password”: “NOT_LOGGING_PASSWORD”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1001
}
192.168.43.241 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 1001,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“password”: “NOT_LOGGING_PASSWORD”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1001
}
[root@localhost ~]# ansible all -m shell -a “cat /etc/shadow | grep testuser”
192.168.43.104 | SUCCESS | rc=0 >>
testuser:-bash5rvmfSuWXfsb0i3r93wd1:18206:0:99999:7:::192.168.43.241 | SUCCESS | rc=0 >>
testuser:-bash5rvmfSuWXfsb0i3r93wd1:18206:0:99999:7::: -
uid:用来指定创建用户的UID。
[root@localhost ~]# ansible all -m user -a “uid=1020 name=testuser”
192.168.43.104 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 1001,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
192.168.43.241 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 1001,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
[root@localhost ~]# ansible all -m shell -a “cat /etc/passwd | grep testuser”
192.168.43.104 | SUCCESS | rc=0 >>
testuser❌1020:1001::/home/testuser:/bin/bash192.168.43.241 | SUCCESS | rc=0 >>
testuser❌1020:1001::/home/testuser:/bin/bash -
group:用来指定创建用户的基本组。
[root@localhost ~]# ansible all -m user -a “group=root name=testuser”
192.168.43.104 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 0,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
192.168.43.241 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 0,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
[root@localhost ~]# ansible all -m shell -a “groups testuser”
192.168.43.104 | SUCCESS | rc=0 >>
testuser : root192.168.43.241 | SUCCESS | rc=0 >>
testuser : root -
groups(append):用来指定创建用户的附加组。
[root@localhost ~]# ansible all -m user -a “groups=adm name=testuser”
192.168.43.241 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 0,
“groups”: “adm”,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
192.168.43.104 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 0,
“groups”: “adm”,
“home”: “/home/testuser”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
[root@localhost ~]# ansible all -m shell -a “groups testuser”
192.168.43.241 | SUCCESS | rc=0 >>
testuser : root adm192.168.43.104 | SUCCESS | rc=0 >>
testuser : root adm -
home:用来指定创建用户的家目录。
[root@localhost ~]# ansible all -m shell -a “mkdir /home/truehome”
[WARNING]: Consider using file module with state=directory rather than running mkdir192.168.43.104 | SUCCESS | rc=0 >>
192.168.43.241 | SUCCESS | rc=0 >>
[root@localhost ~]# ansible all -m user -a “name=testuser home=/home/truehome”
192.168.43.104 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 0,
“home”: “/home/truehome”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
192.168.43.241 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 0,
“home”: “/home/truehome”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
[root@localhost ~]# ansible all -m shell -a “cat /etc/passwd | grep testuser”
192.168.43.104 | SUCCESS | rc=0 >>
testuser❌1020:0::/home/truehome:/bin/bash192.168.43.241 | SUCCESS | rc=0 >>
testuser❌1020:0::/home/truehome:/bin/bash -
remove=yes或者state=absent:删除用户。
[root@localhost ~]# ansible all -m user -a “name=testuser remove=yes”
192.168.43.104 | SUCCESS => {
“append”: false,
“changed”: false,
“comment”: “”,
“group”: 0,
“home”: “/home/truehome”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
192.168.43.241 | SUCCESS => {
“append”: false,
“changed”: false,
“comment”: “”,
“group”: 0,
“home”: “/home/truehome”,
“move_home”: false,
“name”: “testuser”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 1020
}
group:
group模块主要用来对远程主机上的组进行操作,group模块所对应的请求命令是groupadd, groupdel, groupmod。
参数:
- name:用来指定创建组的名字,如果没有这个组,则自动创建。
- gid:用来指定创建组的gid。
- state=absent:删除组。
创建组:
[root@localhost ~]# ansible all -m group -a "name=one gid=1030"
192.168.43.241 | SUCCESS => {
"changed": true,
"gid": 1030,
"name": "one",
"state": "present",
"system": false
}
192.168.43.104 | SUCCESS => {
"changed": true,
"gid": 1030,
"name": "one",
"state": "present",
"system": false
}
查看结果:
[root@localhost ~]# ansible all -m shell -a "cat /etc/group | grep one"
192.168.43.241 | SUCCESS | rc=0 >>
one:x:1030:
192.168.43.104 | SUCCESS | rc=0 >>
one:x:1030:
删除组:
[root@localhost ~]# ansible all -m group -a "name=one state=absent"
192.168.43.241 | SUCCESS => {
"changed": true,
"name": "one",
"state": "absent"
}
192.168.43.104 | SUCCESS => {
"changed": true,
"name": "one",
"state": "absent"
}
script:
用来在远程主机上执行主控端的脚本。
创建脚本,并在远程主机上执行:
[root@localhost ~]# vim test.sh
#! /bin/bash
touch /tmp/scriptfile
echo "hello world" > /tmp/scriptfile
cat /tmp/scriptfile
[root@localhost ~]# chmod +x test.sh
[root@localhost ~]# ansible all -m script -a "chdir=/root test.sh"
192.168.43.104 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.43.104 closed.\r\n",
"stdout": "hello world\r\n",
"stdout_lines": [
"hello world"
]
}
192.168.43.241 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.43.241 closed.\r\n",
"stdout": "hello world\r\n",
"stdout_lines": [
"hello world"
]
}
copy:
用来将主控端主机的文件复制到远程主机。
参数:
- src:指定要复制文件的源地址。
- dest:指定复制文件的目标地址。
创建测试文件并拷贝到远程主机:
[root@localhost ~]# touch testfile
[root@localhost ~]# echo "hello world" > testfile
[root@localhost ~]# ansible all -m copy -a "src=/root/testfile dest=/tmp"
192.168.43.104 | SUCCESS => {
"changed": true,
"checksum": "22596363b3de40b06f981fb85d82312e8c0ed511",
"dest": "/tmp/testfile",
"gid": 0,
"group": "root",
"md5sum": "6f5902ac237024bdd0c176cb93063dc4",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 12,
"src": "/root/.ansible/tmp/ansible-tmp-1573027196.14-194603345129606/source",
"state": "file",
"uid": 0
}
192.168.43.241 | SUCCESS => {
"changed": true,
"checksum": "22596363b3de40b06f981fb85d82312e8c0ed511",
"dest": "/tmp/testfile",
"gid": 0,
"group": "root",
"md5sum": "6f5902ac237024bdd0c176cb93063dc4",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 12,
"src": "/root/.ansible/tmp/ansible-tmp-1573027196.16-53338356328815/source",
"state": "file",
"uid": 0
}
查看结果:
[root@localhost ~]# ansible all -m shell -a "cat /tmp/testfile"
192.168.43.104 | SUCCESS | rc=0 >>
hello world
192.168.43.241 | SUCCESS | rc=0 >>
hello world
- content:用来添加或修改远程主机文件的内容(双引号套单引号,/n为换行符)。
修改远程主机文件中的内容:
[root@localhost ~]# ansible all -m copy -a "content='new\nstr' dest=/tmp/testfile"
192.168.43.241 | SUCCESS => {
"changed": true,
"checksum": "b117bd2a83c362c24fb99d886f62da015a836922",
"dest": "/tmp/testfile",
"gid": 0,
"group": "root",
"md5sum": "5622de4dea7dadc42530691bbb296da5",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 7,
"src": "/root/.ansible/tmp/ansible-tmp-1573027455.72-143535204445616/source",
"state": "file",
"uid": 0
}
192.168.43.104 | SUCCESS => {
"changed": true,
"checksum": "b117bd2a83c362c24fb99d886f62da015a836922",
"dest": "/tmp/testfile",
"gid": 0,
"group": "root",
"md5sum": "5622de4dea7dadc42530691bbb296da5",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 7,
"src": "/root/.ansible/tmp/ansible-tmp-1573027455.72-221471957710822/source",
"state": "file",
"uid": 0
}
查看结果:
[root@localhost ~]# ansible all -m shell -a "cat /tmp/testfile"
192.168.43.241 | SUCCESS | rc=0 >>
new
str
192.168.43.104 | SUCCESS | rc=0 >>
new
str
- force=no:当主控端拷贝的文件名和目标名一致,但是内容不一致的时,放弃拷贝。
- backup=yes:当主控端拷贝的文件名和目标名一致,但是内容不一致时,对目标文件进行备份。
对文件进行备份:
[root@localhost ~]# ansible all -m copy -a "src=/root/testfile dest=/tmp force=no"
192.168.43.241 | SUCCESS => {
"changed": false,
"dest": "/tmp",
"src": "/root/testfile"
}
192.168.43.104 | SUCCESS => {
"changed": false,
"dest": "/tmp",
"src": "/root/testfile"
}
[root@localhost ~]# ansible all -m copy -a "src=/root/testfile dest=/tmp backup=yes"
192.168.43.104 | SUCCESS => {
"backup_file": "/tmp/testfile.42050.2019-11-06@16:09:25~",
"changed": true,
"checksum": "22596363b3de40b06f981fb85d82312e8c0ed511",
"dest": "/tmp/testfile",
"gid": 0,
"group": "root",
"md5sum": "6f5902ac237024bdd0c176cb93063dc4",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 12,
"src": "/root/.ansible/tmp/ansible-tmp-1573027763.91-233828879526500/source",
"state": "file",
"uid": 0
}
192.168.43.241 | SUCCESS => {
"backup_file": "/tmp/testfile.42217.2019-11-06@16:09:23~",
"changed": true,
"checksum": "22596363b3de40b06f981fb85d82312e8c0ed511",
"dest": "/tmp/testfile",
"gid": 0,
"group": "root",
"md5sum": "6f5902ac237024bdd0c176cb93063dc4",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 12,
"src": "/root/.ansible/tmp/ansible-tmp-1573027763.92-123506317381226/source",
"state": "file",
"uid": 0
}
查看结果:
[root@localhost ~]# ansible all -m shell -a "ls /tmp | grep testfile"
192.168.43.241 | SUCCESS | rc=0 >>
testfile
testfile.42217.2019-11-06@16:09:23~
192.168.43.104 | SUCCESS | rc=0 >>
testfile
testfile.42050.2019-11-06@16:09:25~
- owner:指定文件的属主。
- group:指定文件的属组。
- mode: 指定文件的权限。
修改文件的属主,属组为root并且赋予755权限:
[root@localhost ~]# touch testfile_new
[root@localhost ~]# ansible all -m copy -a "src=/root/testfile_new dest=/tmp owner=root group=root mode=755"
192.168.43.241 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/testfile_new",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0755",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1573028049.42-128576015175073/source",
"state": "file",
"uid": 0
}
192.168.43.104 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/testfile_new",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0755",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1573028049.41-132072472051321/source",
"state": "file",
"uid": 0
}
查看结果:
[root@localhost ~]# ansible all -m shell -a "ls -l /tmp/ | grep test"
192.168.43.104 | SUCCESS | rc=0 >>
-rw-r--r--. 1 root root 12 Nov 6 16:09 testfile
-rw-r--r--. 1 root root 7 Nov 6 16:04 testfile.42050.2019-11-06@16:09:25~
-rwxr-xr-x. 1 root root 0 Nov 6 16:14 testfile_new
192.168.43.241 | SUCCESS | rc=0 >>
-rw-r--r--. 1 root root 12 Nov 6 16:09 testfile
-rw-r--r--. 1 root root 7 Nov 6 16:04 testfile.42217.2019-11-06@16:09:23~
-rwxr-xr-x. 1 root root 0 Nov 6 16:14 testfile_new
YUM:
这个模块时用于REHL或者Centos系统作为远端节点的时候,控制远程主机使用YUM安装应用。
- name:指定要安装的应用的名字。
- state=present|lastest|absent:安装|安装最新版|删除
- disablerepo:禁用某个repo源。
- enablerepo:启用某个repo源。
- disable_gpg_check:关闭gpg验证。
安装samba:
[root@localhost ~]# ansible all -m yum -a "name=samba state=installed"
192.168.43.104 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"samba-4.9.1-6.el7.x86_64 providing samba is already installed"
]
}
192.168.43.241 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"samba-4.9.1-6.el7.x86_64 providing samba is already installed"
]
}
启动smb服务:
[root@localhost ~]# ansible all -m shell -a "systemctl start smb"
192.168.43.104 | SUCCESS | rc=0 >>
192.168.43.241 | SUCCESS | rc=0 >>
查看结果:
[root@localhost ~]# ansible all -m shell -a "netstat -anput | grep smb"
192.168.43.104 | SUCCESS | rc=0 >>
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3315/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 3315/smbd
tcp6 0 0 :::139 :::* LISTEN 3315/smbd
tcp6 0 0 :::445 :::* LISTEN 3315/smbd
192.168.43.241 | SUCCESS | rc=0 >>
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3072/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 3072/smbd
tcp6 0 0 :::139 :::* LISTEN 3072/smbd
tcp6 0 0 :::445 :::* LISTEN 3072/smbd
service:
用于管理远程主机的服务进程。
参数:
- name:服务名。
- state=started|restarted|reload|stopped|enable:开启|重启|重载|停止|开机自启/
- sleep:如果执行了restarted,则在stop和start之间沉睡几秒钟。
- runlevel:运行级别。
关闭smb服务:
[root@localhost ~]# ansible all -m service -a "name=smb state=stopped"
[root@localhost ~]# ansible all -m shell -a "netstat -anput | grep smb"
192.168.43.104 | FAILED | rc=1 >>
non-zero return code
192.168.43.241 | FAILED | rc=1 >>
non-zero return code
file:
file模块主要用于对远程主机上的文件进行操作。
参数:
- mode:指定创建文件的权限。
- group:指定创建文件的属组。
- owner:指定创建文件的属性。
- path:指定创建文件的路径。
- recurse:只用于创建目录时,递归目录的属性。
- src:要被链接的源文件路径,只用于创建软链接或硬链接时。
- dest:要被链接到的路径,只用于创建软链接或硬链接时。
- state=directory|touch|link|hard|absent:创建一个目录|创建一个文件|创建软连接|软件硬连接|删除文件或目录。
创建目录:
[root@localhost ~]# ansible all -m file -a "path=/testdirectory state=directory"
192.168.43.241 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/testdirectory",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
192.168.43.104 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/testdirectory",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
创建文件:
[root@localhost ~]# ansible all -m file -a "path=/testdirectory/testfile.txt state=touch"
192.168.43.104 | SUCCESS => {
"changed": true,
"dest": "/testdirectory/testfile.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
192.168.43.241 | SUCCESS => {
"changed": true,
"dest": "/testdirectory/testfile.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
创建新目录:
[root@localhost ~]# ansible all -m file -a "path=/newdirectory/ state=directory"
192.168.43.241 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/newdirectory/",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
192.168.43.104 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/newdirectory/",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
将文件软链接到新目录:
[root@localhost ~]# ansible all -m file -a "path=/newdirectory/newtestfile.txt src=/testdirectory/testfile.txt state=link"
192.168.43.104 | SUCCESS => {
"changed": true,
"dest": "/newdirectory/newtestfile.txt",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 27,
"src": "/testdirectory/testfile.txt",
"state": "link",
"uid": 0
}
192.168.43.241 | SUCCESS => {
"changed": true,
"dest": "/newdirectory/newtestfile.txt",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 27,
"src": "/testdirectory/testfile.txt",
"state": "link",
"uid": 0
}
查看结果:
[root@localhost ~]# ansible all -m shell -a "ls -l /newdirectory/"
192.168.43.241 | SUCCESS | rc=0 >>
total 0
lrwxrwxrwx. 1 root root 27 Nov 6 21:18 newtestfile.txt -> /testdirectory/testfile.txt
192.168.43.104 | SUCCESS | rc=0 >>
total 0
lrwxrwxrwx. 1 root root 27 Nov 6 21:18 newtestfile.txt -> /testdirectory/testfile.txt
cron:
cron这个模块用来对远程主机执行计划任务。
参数:
-
minute:分钟。
-
hour:小时。
-
day:天。
-
month:月。
-
weekday:周。
-
job:执行的命令。
-
name:对计划任务的命名。
-
special_time=hourly|reboot|yearly|monthly|weekly|daily|:每小时执行一次|重启时执行一次|每年执行一次|每月执行一次|每周执行一次|每天执行一次。
[root@localhost ~]# ansible all -m cron -a “name=one hour=8 minute=10 job=‘echo hello world’”
192.168.43.241 | SUCCESS => {
“changed”: true,
“envs”: [],
“jobs”: [
“one”
]
}
192.168.43.104 | SUCCESS => {
“changed”: true,
“envs”: [],
“jobs”: [
“one”
]
}
[root@localhost ~]# ansible all -m shell -a “crontab -l”
192.168.43.104 | SUCCESS | rc=0 >>
#Ansible: one
10 8 * * * echo hello world192.168.43.241 | SUCCESS | rc=0 >>
#Ansible: one
10 8 * * * echo hello world
lineinfile:
正则匹配,lineinfile这个模块用来将文件中中匹配的内容更改为指定的内容。
-
regexp:定义正则。
-
line:替换掉匹配的内容。
-
path:文件路径。
[root@localhost ~]# ansible all -m file -a “path=/tmp/newfile state=touch”
192.168.43.104 | SUCCESS => {
“changed”: true,
“dest”: “/tmp/newfile”,
“gid”: 0,
“group”: “root”,
“mode”: “0644”,
“owner”: “root”,
“secontext”: “unconfined_u:object_r:user_tmp_t:s0”,
“size”: 0,
“state”: “file”,
“uid”: 0
}
192.168.43.241 | SUCCESS => {
“changed”: true,
“dest”: “/tmp/newfile”,
“gid”: 0,
“group”: “root”,
“mode”: “0644”,
“owner”: “root”,
“secontext”: “unconfined_u:object_r:user_tmp_t:s0”,
“size”: 0,
“state”: “file”,
“uid”: 0
}
[root@localhost ~]# ansible all -m shell -a “echo ‘hello world’ > /tmp/newfile”
192.168.43.241 | SUCCESS | rc=0 >>192.168.43.104 | SUCCESS | rc=0 >>
[root@localhost ~]# ansible all -m shell -a “cat /tmp/newfile”
192.168.43.104 | SUCCESS | rc=0 >>
hello world192.168.43.241 | SUCCESS | rc=0 >>
hello world
[root@localhost ~]# ansible all -m lineinfile -a “regexp=’^h’ line=‘hello newworld’ path=/tmp/newfile”
192.168.43.104 | SUCCESS => {
“backup”: “”,
“changed”: true,
“msg”: “line replaced”
}
192.168.43.241 | SUCCESS => {
“backup”: “”,
“changed”: true,
“msg”: “line replaced”
}
[root@localhost ~]# ansible all -m shell -a “cat /tmp/newfile”
192.168.43.104 | SUCCESS | rc=0 >>
hello newworld192.168.43.241 | SUCCESS | rc=0 >>
hello newworld
剧本(Playbook):
Playbook是由多个模块组成的。
yaml:yaml语言是由多个而语言集合而成的,包括C语言,Python,Ruby,Perl等,后缀名为yaml,yml。层级缩进不能使用tab,只能使用空格,#表示注释。
yaml数据类型:
- 对象: name: value。
- 数组:-food,代表组。
- 字符串。
- 数字。
yaml文件中的含义:
task 任务 要调用模块完成的操作。
variables 变量。
handlers 触发器。
使用剧本安装nginx:
[root@localhost ~]# vim nginx.yml
---
- hosts: webserver
remote_user: root
tasks:
- yum: name=pcre,pcre-devel,gcc,gcc-c++,zlib,zlib-devel,openssl,openssl-devel state=installed
- copy: src=/root/nginx-1.14.2.tar.gz dest=/usr/src/nginx-1.14.2.tar.gz
- shell: tar -zxvf /usr/src/nginx-1.14.2.tar.gz -C /usr/src && useradd nginx -s /sbin/nologin && cd /usr/src/nginx-1.14.2/ && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module && make && make install && ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/nginx
- file: path=/etc/systemd/system/nginx.service state=touch
- copy: content='[Unit]\nDescription=nginx\nAfter=network.target\n[Service]\nType=forking\nPIDFile=/usr/local/nginx/logs/nginx.pid\nExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf\nExecStop=/usr/local/nginx/sbin/nginx -s stop -c /usr/local/nginx/conf/nginx.conf\nExecReload= /usr/local/nginx/sbin/nginx -s reload -c /usr/local/nginx/conf/nginx.conf\nPrivateTmp=ture\n[Install]\nWantedBy=multi-user.target' dest=/etc/systemd/system/nginx.service
- shell: systemctl daemon-reload && systemctl start nginx.service
- shell: netstat -anput | grep 80
[root@localhost ~]# vim nginx.yml
[root@localhost ~]# ansible-playbook --syntax-check nginx.yml
playbook: nginx.yml
[root@localhost ~]# ansible-playbook nginx.yml
PLAY [webserver] *****************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [yum] ***********************************************************************************************************
ok: [192.168.43.241]
ok: [192.168.43.104]
TASK [copy] **********************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] *******************************************************************************************************
[WARNING]: Consider using unarchive module rather than running tar
changed: [192.168.43.241]
changed: [192.168.43.104]
TASK [file] **********************************************************************************************************
changed: [192.168.43.241]
changed: [192.168.43.104]
TASK [copy] **********************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] *******************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] *******************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
PLAY RECAP ***********************************************************************************************************
192.168.43.104 : ok=8 changed=6 unreachable=0 failed=0
192.168.43.241 : ok=8 changed=6 unreachable=0 failed=0
[root@localhost ~]# curl 192.168.43.104
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@localhost ~]# curl 192.168.43.241
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
使用剧本安装mysqld:
[root@localhost ~]# vim mysql.yml
---
- hosts: webserver
remote_user: root
tasks:
- yum: name=ncurses-devel,bison,cmake state=installed
- yum: name=libzip state=absent
- copy: src=/root/mysql-5.7.22.tar.gz dest=/usr/src/mysql-5.7.22.tar.gz
- copy: src=/root/boost_1_59_0.tar.gz dest=/usr/src/boost_1_59_0.tar.gz
- shell: useradd mysql -s /sbin/nologin
- shell: tar -zxvf /usr/src/mysql-5.7.22.tar.gz -C /usr/src && tar -zxvf /usr/src/boost_1_59_0.tar.gz -C /usr/local/ && mv /usr/local/boost_1_59_0 /usr/local/boost && rm -rf /usr/local/boost_1_59_0
- shell: cd /usr/src/mysql-5.7.22 && cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DMYSQL-USER=mysql -DMYSQL_DATADIR=/usr/local/mysql/data -DDOWNLOAD_BOOST=1 -DWITH_BOOST=/usr/local/boost -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_FEDERATED_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITHOUT_EXAMPLE_STORAGE_ENGINE=1 -DWITH_PARTITION_STORAGE_ENGINE=1 -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 && make && make install
- shell: mkdir /usr/local/mysql/data && chmod 755 /usr/local/mysql/data -R && chown mysql:mysql /usr/local/mysql/data -R && cp /usr/src/mysql-5.7.22/support-files/mysql.server /etc/init.d/mysqld && chmod +x /etc/init.d/mysqld
- shell: echo 'export PATH=$PATH:/usr/local/mysql/bin/' > /etc/profile.d/mysql.sh
- shell: cd /usr/local/mysql && ./bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data
- file: path=/etc/systemd/system/mysqld.service state=touch
- copy: content='[Unit]\nDescription=mysqld\nAfter=network.target\n[Service]\nType=forking\nPIDFile=/usr/local/mysql/data/localhost.pid\nExecStart=/etc/init.d/mysqld start\nExecStop=/etc/init.d/mysqld stop\nExecReload=/etc/init.d/mysqld reload\nPrivateTmp=ture\n[Install]\nWantedBy=multi-user.target' dest=/etc/systemd/system/mysqld.service
- shell: systemctl daemon-reexec && systemctl daemon-reload && systemctl start mysqld.service
[root@localhost ~]# ansible-playbook --syntax-check mysql.yml
playbook: mysql.yml
[root@localhost ~]# ansible-playbook mysql.yml
PLAY [webserver] *****************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [yum] ***********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [yum] ***********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [copy] **********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [copy] **********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [command] *******************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] *******************************************************************************************************
[WARNING]: Consider using unarchive module rather than running tar
changed: [192.168.43.241]
changed: [192.168.43.104]
TASK [command] *******************************************************************************************************
changed: [192.168.43.241]
changed: [192.168.43.104]
TASK [command] *******************************************************************************************************
[WARNING]: Consider using file module with state=directory rather than running mkdir
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] *******************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] *******************************************************************************************************
changed: [192.168.43.241]
changed: [192.168.43.104]
TASK [file] **********************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [copy] **********************************************************************************************************
changed: [192.168.43.241]
changed: [192.168.43.104]
TASK [command] *******************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
PLAY RECAP ***********************************************************************************************************
192.168.43.104 : ok=12 changed=7 unreachable=0 failed=0
192.168.43.241 : ok=12 changed=7 unreachable=0 failed=0
[root@localhost ~]# ansible all -m shell -a "netstat -anput | grep 3306"
192.168.43.104 | SUCCESS | rc=0 >>
tcp6 0 0 :::3306 :::* LISTEN 54760/mysqld
192.168.43.241 | SUCCESS | rc=0 >>
tcp6 0 0 :::3306 :::* LISTEN 47609/mysqld
使用剧本安装php:
[root@localhost ~]# vim php.yml
---
- hosts: webserver
remote_user: root
tasks:
- yum: name=libxml2,libxml2-devel,bzip2,bzip2-devel,libcurl,libcurl-devel,libjpeg,libjpeg-devel,libpng,libpng-devel,freetype,freetype-devel,gmp,gmp-devel,readline,readline-devel,libxslt,libxslt-devel state=installed
- yum: name=libzip,cmake state=absent
- copy: src=/root/php-7.3.9.tar.gz dest=/usr/src/php-7.3.9.tar.gz
- copy: src=/root/cmake-3.15.3.tar.gz dest=/usr/src/cmake-3.15.3.tar.gz
- copy: src=/root/libzip-1.5.1.tar.gz dest=/usr/src/libzip-1.5.1.tar.gz
- shell: tar -zxvf /usr/src/php-7.3.9.tar.gz -C /usr/src && tar -zxvf /usr/src/cmake-3.15.3.tar.gz -C /usr/src && tar -zxvf /usr/src/libzip-1.5.1.tar.gz -C /usr/src
- shell: cd /usr/src/cmake-3.15.3/ && ./bootstrap --prefix=/usr/local/cmake && gmake && gmake install && ln -s /usr/local/cmake/bin/* /usr/sbin/
- shell: mkdir /usr/src/libzip-1.5.1/build && cd /usr/src/libzip-1.5.1/build && cmake .. && make && make install
- shell: cd /usr/src//php-7.3.9/ && ./configure --enable-fpm --prefix=/usr/local/php --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir --with-mysqli --with-openssl --with-pcre-regex --with-pdo-mysql --with-pdo-sqlite --with-pear --with-png-dir --with-jpeg-dir --with-xmlrpc --with-xsl --with-zlib --with-openssl --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-mbregex --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip && make && make install && ln -s /usr/local/php/bin/php /usr/bin/
- shell: cd /usr/local/php/etc/ && cp php-fpm.conf.default php-fpm.conf && cd php-fpm.d/ && cp www.conf.default www.conf && cp /usr/src/php-7.3.9/php.ini-development /usr/local/php/etc/php.ini
- shell: cd /usr/local/php/sbin/ && ./php-fpm -c /usr/local/php/etc/php.ini
[root@localhost ~]# ansible-playbook php.yml
PLAY [webserver] *********************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [yum] ***********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [yum] ***********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [copy] **********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [copy] **********************************************************************************************************
ok: [192.168.43.104]
ok: [192.168.43.241]
TASK [command] ***********************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] ***********************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
TASK [command] ***********************************************************************************************************
changed: [192.168.43.104]
changed: [192.168.43.241]
PLAY RECAP ***************************************************************************************************************
192.168.43.104 : ok=4 changed=3 unreachable=0 failed=0
192.168.43.241 : ok=4 changed=3 unreachable=0 failed=0
[root@localhost ~]# ansible all -m shell -a "netstat -anput | grep php-fpm"
192.168.43.241 | SUCCESS | rc=0 >>
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 34304/php-fpm: mast
192.168.43.104 | SUCCESS | rc=0 >>
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 45370/php-fpm: mast