ansible快速学习（一）

库咔咔

已于 2024-01-20 16:09:11 修改

阅读量359

点赞数 9

文章标签： ansible

于 2024-01-16 01:11:06 首次发布

本文链接：https://blog.csdn.net/weixin_44524966/article/details/135614290

版权

本文详细介绍了使用Ansible进行基础配置管理，包括安装、配置文件管理、服务控制、用户管理、软件包管理、文件操作、远程执行脚本等，并展示了playbook的编写和执行。

摘要由CSDN通过智能技术生成

ansible快速学习（一）

yum install -y epel-release   更新yum仓库

yum install ansible   安装ansible

anisble-doc 参考手册

hosts文件内容

[a]
host1
[b]
host2

[server:children]  # 子分组
a
b

[server:vars]  #组：变量，组内的配置共用
ansible_ssh_user='root'
ansible_ssh_pass='123456'

ansible -i hosts a -m ping   #指定hosts文件的a分组  执行ping

ssh相关

ssh-keygen  #生成公钥
ssh-copy-id {id}  #分发公钥给{id}，免密远程登录

/etc/ssh/sshd_config  #ssh配置文件，可修改默认端口
/root/.ssh/
id_rsa  #公钥文件 
id_rsa.pub  
known_hosts  #ssh连接本地记录

ping模块

ansible-doc ping

ansible server -m ping -o  #-m 模块  -o简要输出

host1 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python2.7"}, "changed": false, "ping": "pong", "warnings": ["Distribution centos 7.4.1708 on host host1
 should use /usr/bin/python, but is using /usr/bin/python2.7, since the discovered platform python interpreter was not present. See https://docs.ansible.com/ansible/2.9/reference_appen
dices/interpreter_discovery.html for more information."]}
host2 | UNREACHABLE!: Failed to connect to the host via ssh: ssh: connect to host host2 port 22: No route to host

ansible的ping是基于ssh的ping，若ssh连接失败，则ansible的ping失败，但本机的ping {id}也可能成功

copy模块

ansible-doc copy

ansible server -m copy -a 'src=/tmp/file1 dest=/tmp/ owner=root group=bin mode=777 backup=yes'
#源  目的   所有者  组  文件权限 7：可读可写可执行 文件变动即备份原文件

用户模块

anisble-doc user


id {user_name} #查看用户

echo '123456' | openssl passwd -1 -stdin #密码加密 通过openssl 1型的标准输入加密密码
$1$JpsqqVms$BIhIQJ19wCkApoq6JXTOA1

ansible host1 -m user -a 'name=yj02 password="$1$JpsqqVms$BIhIQJ19wCkApoq6JXTOA1" state=present'  #添加yj02的用户

ansible host1 -m user -a 'name=yj02 shell=/sbin/nologin append=yes'  #指定shell属性（不能登录）
[root@localhost ~]# ssh yj02@192.168.222.129
yj02@192.168.222.129's password: 
Last login: Sun Jan 14 23:46:09 2024 from 192.168.222.129
This account is currently not available.
Connection to 192.168.222.129 closed.

ansible host1 -m user -a 'name=yj02 shell=/bin/bash append=yes' #恢复，可以登录

ansible host1 -m user -a 'name=yj02 state=absent' #清除用户

软件包模块

ansible server -m yum -a 'name="*" state=latest' #yum安装最新的所有包服务
ansible server -m yum -a 'name="httpd" state=latest' #yum安装最新的httpd服务

ansible-doc yum #往下翻手册，可以看到examples，根据事例写命令

EXAMPLES:

- name: install the latest version of Apache
  yum:
    name: httpd
    state: latest

- name: ensure a list of packages installed
  yum:
    name: "{{ packages }}"
  vars:
    packages:
    - httpd
    - httpd-tools

- name: remove the Apache package
  yum:
    name: httpd
    state: absent

- name: install the latest version of Apache from the testing repo
  yum:
    name: httpd
    enablerepo: testing
    state: present
  .....

ansible host1 -m yum -a 'name="httpd" state=absent'  #卸载包、服务

服务模块

ansible-doc service

ansible server -m service -a 'name=httpd state=started' #启动httpd服务
ansible server -m service -a 'name=httpd state=started enabled=yes' #启动httpd服务，且开机自启动
                                         state=stopped #停止
                                         state=restarted #重启
                                         state=started enabled=no #开启，开机不自启

文件模块

ansible-doc file

anisble host1 -m file -a 'path=/tmp/1.txt mode=777 state=touch' # 创建权限为777的1.txt文件
anisble host1 -m file -a 'path=/tmp/22 mode=777 state=directory' #创建权限为777的22目录

- name: Remove file (delete file)  #删除文件
  file:
    path: /etc/foo.txt
    state: absent

- name: Recursively remove directory  #删除目录
  file:
    path: /etc/foo
    state: absent

收集模块

ansible-doc setup

ansible host1 -m setup -a 'filter=ansible_processor'
#从文档中选择需要的属性过滤

fetch模块

#从远程主机获取文件到本地

ansible-doc fetch

ansible host1 -m fetch -a 'src=/tmp/123 dest=/tmp' #从远端拷贝文件到/tmp目录下，文件存在与本地/tmp下的host1/tmp/123
ansible host1 -m fetch -a 'src=/tmp/123 dest=/tmp/dir flat=yes' #从远端拷贝文件为指定路径下的文件

cron模块

管理crontab计划任务

ansible-doc cron

ansible host1 -m cron -a 'name="sync time from ntpserver" minute="*/10" job="/sbin/ntpdate 192.168.222.130 &> /dev/null"'  #创建定时作业，命名，每个10分钟，同步本机ntp

[root@localhost tmp]# crontab -l
#Ansible: sync time from ntpserver
*/10 * * * * /sbin/ntpdate 192.168.222.130 &> /dev/null

group模块

ansible-doc group

ansible host1 -m group -a 'name=hhh state=present gid=1010' #创建名为hhh的组，gid为1010
                                    state=absent            #删除组

script模块

#远程执行脚本

ansible-doc script

ansible host1 -m script -a '/tmp/test.sh' #在远程主机上执行本地的/tmp/test.txt脚本

unarchive模块

#解压缩模块

ansible-doc unarchive

ansible host1 -m unarchive -a 'src=t.tar.gz dest=/home/' #将本地的t.tar.gz 解压到远程主机的home目录下

shell模块

ansible-doc shell

ansible执行shell命令

playbook剧本

vim apache.yaml
- hosts: host1
  tasks:                    #加s
  - name: install apache pkg #名字随意
    yum: name=httpd state=present
  - name: copy apache conf
    copy: src=./httpd.conf dest=/etc/httpd/conf/httpd.conf
  - name: ensure is running and start with power on
    service: name=httpd state=started enabled=yes
    
    
ansible-playbook apache.yaml --syntax-check  #检查剧本语法是否正确

ansible-playbook apache.yaml --list-tasks  #列出剧本中的任务名称

playbook: apache.yaml

  play #1 (host1): host1        TAGS: []
    tasks:
      install apache pkg        TAGS: []
      copy apache conf  TAGS: []
      ensure is running and start with power on TAGS: []
 
 
ansible-playbook apache.yaml --list-hosts #列出剧本中的目标主机

playbook: apache.yaml

  play #1 (host1): host1        TAGS: []
    pattern: [u'host1']
    hosts (1):
      host1

ansible-playbook apache.yaml #执行剧本

PLAY [host1] ***************************************************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************************************
ok: [host1]

TASK [install apache pkg] **************************************************************************************************************************************************************
changed: [host1]

TASK [copy apache conf] ****************************************************************************************************************************************************************
changed: [host1]

TASK [ensure is running and start with power on] ***************************************************************************************************************************************
changed: [host1]

PLAY RECAP *****************************************************************************************************************************************************************************
host1                      : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
#执行成功

handlers  #灵活设置触发操作

- hosts: host1
  tasks:
  - name: install apache pkg #名字随意
    yum: name=httpd state=present
  - name: copy apache conf
    copy: src=./httpd.conf dest=/etc/httpd/conf/httpd.conf
    notify: restart apache service  #当copy命令改变时，文件改变时，通知handlers中同名下的服务动作
  - name: ensure is running and start with power on
    service: name=httpd state=started enabled=yes
  handlers:
  - name: restart apache service
    service: name=httpd state=restarted