一·自动化配置
公司的服务器越来越多,维护一些简单的事情都会变得很繁琐。用shel脚本来管理少量服务器效率还行,服务器多了之后,shell脚本无法实现高效率运维。这种情况下,我们需要引入自动化运维工具,对多台服务器实现高效运维。
1、管理内容的主要分类
文件目录管理(包括文件的创建,删除,修改,查看状态,远程拷贝等)
**用户和组管理*
cron时间任务管理I
yum源配置与通过yum管理软件包
服务管理
远程执行脚本
远程执行命令
2、常见的开源自动化运维工具比较
(1)puppet(拓展)
基于ruby语言,成熟稳定。适合于大型架构,相对于ansible和saltstack会复杂些。
(2)saltstack(拓展)
基于python语言。相对简单,大并发能力比ansible要好,需要维护被管理端的服务。如果服务断开,连接就会出问题。
(3)ansible
基于python语言。简单快捷,被管理端不需要启服务。直接走ssh协议,需要验证所以机器多的话速度会较慢。
二、搭建自动化部署
M0:
[root@M0 ~]# yum list installed | grep epel
[root@M0 ~]# yum -y install epel-release
[root@M0 ~]# yum -y install ansible
[root@m0 ~]# vim /etc/ansible/hosts
[group01]
192.168.2.60
192.168.2.61
[group02]
192.168.2.60
192.168.2.61
192.168.2.62
[root@m0 ~]# ansible 192.168.2.60 -m ping
192.168.2.60 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@m0 ~]# ansible group01 -m ping
192.168.2.60 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.2.61 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@m0 ~]# ansible group02 -m ping
[root@m0 ~]# vim /etc/ansible/hosts
[group01]
192.168.2.60
192.168.2.61
other ansible_ssh_host=192.168.2.62 ansible_ssh_port=22 ansible_ssh_user=root ansible_s
sh_pass=root
[group02]
192.168.2.60
192.168.2.61
other
不需要免密也可以进行连接
ansible 主机ip|域名|组名|别名 -m ping|copy|...'参数'
(1)查看所有支持的模块
[root@m0 ~]# ansible-doc -l
(2)hostname 模块
用于修改主机名称
[root@M0 ~]# ansible group02 -m hostname -a 'name=ab.lxe.er'
#将group02组中的主机名称分别改为ab lxe er
(3)file模块(重点)
file模块用于对文件相关的操作(创建,删除,软硬钟接等)
[root@M0 ~]# ansible group01 -m file -a 'path=/tmp/abc state=directory'
[root@s0 ~]# ls /tmp/
abc
[root@s1 ~]# ls /tmp/
abc
[root@s2 ~]# ls /tmp
abc
[root@m0 ~]# ansible group02 -m file -a 'path=/tmp/abc/def state=touch'
递归修改 recurse=yes(递归的效果)
ansible group02 -m file -a 'path=/tmp/abc recurse=yes owner=bin group=daemon mode=1777'
修改其权限,再在s0查看
[root@m0 ~]# ansible group02 -m file -a 'path=/tmp/abc state=absent' 删除目录(及里面所有文件)
[root@m0 ~]# ansible group02 -m file -a 'path=/tmp/aaaa state=touch owner=bin group=daemon mode=1777' 创建目录,并且赋予权限
创建软连接文件
[root@m0 ~]# ansible group02 -m file -a 'src=/etc/fstab path=/tmp/xxx state=link'
创建硬链接文件
[root@m0 ~]# ansible group02 -m file -a 'src=/etc/fstab path=/tmp/xxx2 state=hard'
硬链接创建文件,软连接指向硬链接
[root@m0 ~]# ansible group02 -m stat -a 'path=/etc/fstab'
[root@m0 ~]# ls
anaconda-ks.cfg mysql-5.7.44-linux-glibc2.12-x86_64.tar.gz
[root@m0 ~]#
[root@m0 ~]# mv mysql-5.7.44-linux-glibc2.12-x86_64.tar.gz my57.tar.gz
[root@m0 ~]# ls
anaconda-ks.cfg my57.tar.gz
[root@m0 ~]# ansible group02 -m copy -a 'src=./my57.tar.gz dest=~'在s0机器查看
copy模块(重点)
86 ansible group02 -m copy -a 'src=./ dest=~ force=no'
87 ansible group02 -m copy -a 'src=./tst dest=~ force=no'
88 ansible group02 -m copy -a 'src=./tst dest=~ force=yes'
89 ansible group02 -m copy -a 'content="test11111" dest=/tmp/a.txt'
90 ansible group02 -m copy -a 'src=/etc/fstab desc=/tmp/a.txt backup=yes owner=bin group=daemon mode=1777'
91 ansible group02 -m copy -a 'src=/etc/fstab dest=/tmp/a.txt backup=yes owner=bin group=daemon mode=1777'
92 cd /etc/yum.repos.d/
93 ls
94 cd
95 ansible group02 -m copy 'src=/etc/yum.repos.d dest=/etc/yum.repos.d/ backup=yes'
96 ansible group02 -m copy -a 'src=/etc/yum.repos.d dest=/etc/yum.repos.d/ backup=yes'
fetch模块
97 ansible group02 -m fetch -a 'src=/etc/sysconfig/network-scripts/ifcg-ens33 dest=/tmp/'
98 ansible group02 -m fetch -a 'src=/etc/sysconfig/network-scripts/ifcg-ens33 dest=/tmp'
99 ansible group02 -m fetch -a 'src=/etc/sysconfig/network-scripts/ifcfg-ens33 dest=/tmp'
100 ansible group02 -m fetch -a 'src=/etc/sysconfig/network-scripts/ifcfg-ens160 dest=/tmp'
101 ls
102 ansible other -m fetch -a 'src=/etc/sysconfig/network-scripts/ifcfg-ens160 dest=/tmp'
[root@m0 ~]# ansible group02 -m copy -a 'content="test11111" dest=/tmp/a.txt'
[root@m0 ~]# ansible group02 -m copy -a 'src=/etc/fstab dest=/tmp/a.txt backup=yes owner=bin group=daemon mode=1777'在s0查看
[root@s0 ~]# cat /tmp/a.txt
#
# /etc/fstab
# Created by anaconda on Sat May 25 17:55:29 2024
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=23faf7f1-f5fd-42cb-850a-ee830d556c2f /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0/dev/cdrom /mnt iso9660 defaults 0 0
[root@s0 ~]# cat /tmp/a.txt.12901.2024-08-16\@15\:30\:48~
test11111[root@s0 ~]# 内容不一样账户创建
[root@m0 ~]# ansible group02 -m user -a 'name=aaaa state=present '
[root@s0 ~]# grep aaa /etc/passwd
aaaa:x:1001:1001::/home/aaaa:/bin/bash[root@m0 ~]# ansible group02 -m user -a 'name=mysql state=present system=yes shell="/sbin/nologin"'
[root@m0 ~]# ansible group02 -m file -a 'path=/usr/local/mysql state=directory'
[root@m0 ~]# ansible group02 -m file -a 'path=/usr/local/mysql/mysql-files state=directory owner=mysql group=mysql mode=750'[root@m0 ~]# ansible group02 -m user -a 'name=abc state=present uid=1999 password=abc'
group模块创建组
master# ansible group1 -m group -a 'name=groupa gid=3000 state=present'
删除组(如果有⽤户的gid为此组,则删除不了)
master# ansible group1 -m group -a 'name=groupa state=absent'
cron模块
master# ansible group1 -m cron -a 'name="test cron1" user=root job="touch /tmp/111" minute=*/2'
删除cron任务
master# ansible group1 -m cron -a 'name="test cron1" state=absent'
yum_repository模块
master# ansible group1 -m yum_repository -a "name=local description=localyum baseurl=file:///mnt/ enabled=yes gpgcheck=no"
删除/etc/yum.repos.d/local.repo配置⽂件
master# ansible group1 -m yum_repository -a "name=local state=absent"
yum模块(重点)
master# ansible group1 -m yum -a 'name=vsftpd state=present'
117 ansible group02 -m yum -a 'name=ntpdate state=present'
118 ansible group02 -m yum -a 'name=rsync state=present'
service模块(重点)ansible group02 -m service -a 'name=firewalld state=stopped enabled=false'
master# ansible group1 -m service -a 'name=vsftpd state=started enabled=on
555
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
