一、Ansible的概念
1.Ansible的优势
容易学习,操作灵活,简单易用,安全可靠,移植性高
2.Ansible架构
1.控制端
2.被控端
3.连接协议-ssh
4.inventory
5.ad-hoc
6.playbook
3.Ansible的安装
yum install ansible -y
Ansible配置文件/etc/ansible/ansible.cfg
配置文件查找的优先顺序
1.$ANSIBLE_CONFIG
2.当前目录下的ansible.cfg
3.当前用户家目录下的.ansible.cfg
4.查找/etc/ansible/ansible.cfg
二、ansible基本操作
1.定义主机清单
1.定义主机清单
[root@manager ~]# cat /etc/ansible/hosts
[webservers]
172.16.1.7
172.16.1.8
2.推送 公钥给各个节点
[root@manager ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.7
[root@manager ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.8
3.执行ansible ad-hoc 测试 是否能与该清单定义的节点通讯
[root@manager ~]# ansible webservers -m ping
Ansible Inventory 主机清单
1.基于密码的方式
[webservers]
172.16.1.31 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='123456'
2.基于秘钥的方式(默认)
[webservers]
172.16.1.31
3.其他类写法
[webservers]
web[1:99].oldboy.com
基于秘钥
[webservers]
172.16.1.31 hostname=nfs
172.16.1.7 hostname=web01
172.16.1.8 hostname=web02
[webservers]
web01 ansible_ssh_host=172.16.1.7
web02 ansible_ssh_host=172.16.1.8
三.Ansible Ad-Hoc [playbook基础]
临时命令,执行完即结束,并不会保存。
场景:
比如查看多个机器的某个进程是否启动,将某个文件拷贝到多个机器中。
ansible webserbers -m 模块 -a ‘动作’
[root@manager ansible_adhoc]# ansible webservers -m command -a ‘df -h’
提示:
绿色:正常
黄色:被控端发生了更改
红色:报错
ad-hoc模块:
0.命令 command | shell
1.安装 yum | yum_repository
2.配置 copy | file
3.启动 systemd | service
4.挂载 mount
5.定时 cron
6.用户 user | group
7.防火墙 selinux | firewalld
1.command与shell: 执行命令的模块(Shell)
[root@manager ansible_adhoc]# ansible webservers -m command -a 'ps -ef |grep nginx' (不支持管道)
[root@manager ansible_adhoc]# ansible webservers -m shell -a 'ps -ef |grep nginx' (支持管道)
实现用ansible安装nfs服务
安装yum、配置copy、初始化group、user、file、启动systemd、 客户端测试mount)
name: 软件包名称
state:
present 安装
absent 卸载
latest 安装最新版
enablerepo:指定通过那个仓库下载
disablerepo:禁止从哪个仓库下载
#示例一、安装当前最新的Apache软件,如果存在则不安装
# ansible webservers -m yum -a "name=httpd state=present"
#示例二、安装当前最新的Apache软件,通过epel仓库安装
# ansible webservers -m yum -a "name=httpd state=present enablerepo=epel"
#示例三、通过公网URL安装rpm软件
# ansible webservers -m yum -a "name=https://mirror.tuna.tsinghua.edu.cn/zabbix/zabbix/5.0/rhel/7/x86_64/zabbix-agent-5.0.0-1.el7.x86_64.rpm state=present"
#示例四、安装最新版本的Apache软件,如果存在则更新Apache
# ansible webservers -m yum -a "name=httpd state=latest"
#示例五、更新所有的软件包,但排除和kernel相关的
# ansible webservers -m yum -a "name=* state=latest exclude=kernel"
#示例六、删除Apache软件
# ansible webservers -m yum -a "name=httpd state=absent"
3.copy模块:文件配置
copy: 拷贝当前目录下的文件到被控端指定的路径
src 要拷贝的文件(相对路径 绝对路径)
dest 拷贝到目标主机的哪个路径下
owner 设定文件的属主
group 设定文件的数组
mode 设定文件的权限
backup 备份(只有有变化时候会做备份)
content 往目标主机文件中增加内容(重定向)
[root@manager ansible_adhoc]# ansible webservers -m copy -a "src=./exports.j2 dest=/etc/exports owner=root group=root mode=644"
[root@manager ansible_adhoc]# ansible webservers -m copy -a "src=./exports.j2 dest=/etc/exports owner=root group=root mode=644 backup=yes"
[root@manager ansible_adhoc]# #ansible webservers -m copy -a "content="http-test" dest=/tmp/1.txt"
4.group、user模块:创建用户组和用户
group
state: present、absent
gid:指定gid
[root@manager ansible_adhoc]# ansible webservers -m group -a "name=www gid=666 state=present"
user
name: 用户名称
uid: uid
group:指定组
groups:指定附加组 append = yes
shell: 指定登陆shell
create_home: 创建用户家目录
state:
present 创建
absent 删除
remove:移除用户相关的文件
[root@manager ansible_adhoc]# ansible webservers -m user -a "name=www uid=666 create_home=no shell=/no/login group=www state=present"
示例一、创建test用户、uid为555
[root@manager ansible_adhoc]# ansible webservers -m user -a "name=test uid=555"
示例二、移除test用户,同时移除家目录
[root@manager ansible_adhoc]# ansible webservers -m user -a "name=test uid=555 state=absent remove=yes"
重新在修改nfs的配置 文件:
[root@manager ansible_adhoc]# cat ./exports.j2
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
[root@manager ansible_adhoc]# ansible webservers -m copy -a 'src=./exports.j2 dest=/etc/exports owner=root group=root mode=644 backup=yes'
5.file模块( 创建文件或、目录、授权 )
path:指定被控端的路径
state:
touch
directory
link
owner:属主 默认root
group:属组 默认root
mode:文件默认644、目录755
recurse:递归授权
创建目录,/data 权限为755 属主www 属组www
[root@manager ~]# ansible webservers -m file -a "path=/data state=directory owner=www group=www mode=755 recurse=yes"
创建文件,/data/test 权限644 属主www 属组www
[root@manager ~]# ansible webservers -m file -a "path=/data/test state=touch owner=www group=www mode=644"
6.启动systemd | service (一摸一样的模块)
name: 服务名称 nfs | httpd | nginx
state:
started
reloaded
stopped
restarted
enabled:
yes 加入开机自启动
no 关闭开机自启动
启动nfs服务,并加入开机自启动
[root@manager ansible_adhoc]# ansible webservers -m systemd -a "name=nfs-utils state=started enabled=yes"
停止nfs服务
[root@manager ansible_adhoc]# ansible webservers -m systemd -a "name=nfs-utils state=stopped enabled=yes"
7.客户端测试mount
path: 被控端要挂载的目录 /data
src: 设备| nfs|磁盘| 光盘 /dev/sda1
fstype:
iso9660 光盘
nfs
xfs
opts:
ro,noauto
defaults
state:
mounted:挂载设备,并加入开机自启动 ***
present:写入fstab,不挂载
absent:卸载设备,会清除/etc/fstab ***
unmounted:卸载,不会清除/etc/fstab
remounted:重新在挂载一次
ansible去控制172.16.1.31:
172.16.1.7 /data 挂载到 172.16.1.31 /opt
172.16.1.8 /data 挂载到 172.16.1.31 /mnt
[root@manager ansible_adhoc]# ansible client -m mount -a "src=172.16.1.7:/data path=/opt fstype=nfs opts=defaults state=mounted"
[root@manager ansible_adhoc]# ansible client -m mount -a "src=172.16.1.8:/data path=/mnt fstype=nfs opts=defaults state=mounted"
会清除/etc/fstab
[root@manager ansible_adhoc]# ansible client -m mount -a "path=/mnt src=172.16.1.8:/data fstype=nfs opts=defaults state=unmounted"
不会清除fstab
[root@manager ansible_adhoc]# ansible client -m mount -a "path=/opt src=172.16.1.7:/data fstype=nfs opts=defaults state=absent"
8.cron模块
- name # 定时任务的描述
minute # 分
hour # 时
day # 日
month # 月
weekday # 周
job # 任务
state # 添加和删除
user # 任务由某个具体的用户执行 [ 默认 root]
*/5 * * * * /bin/bash /server/script/check_web.sh &>/dev/null
[root@mananger ~]# ansible webservers -m cron -a "name=backups minute=*/5 hour=* day=* month=* weekday=* job='/bin/bash /server/script/check_web.sh &>/dev/null' state=present"
[root@mananger ~]# ansible webservers -m cron -a "name=backups minute=*/5 hour=* day=* month=* weekday=* job='/bin/bash /server/script/check_web.sh &>/dev/null' state=absent"
9.selinux模块
[root@mananger ~]# ansible all -m selinux -a 'state=disabled' -i /etc/ansible/hosts
10.firewalld模块
- rich_rule: rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443
zone # 区域
service # 服务
port # 端口
permanent # 永久生效
state #
enabled
disabled
masquerade # 转发
immediate # 立即生效
放行8080端口:
[root@mananger ~]# ansible webservers -m systemd -a 'name=firewalld state=started'
[root@mananger ~]# ansible webservers -m systemd -a 'name=nginx state=started'
[root@mananger ~]# ansible webservers -m firewalld -a 'port=80/tcp state=enabled immediate=yes' # 添加
[root@mananger ~]# ansible webservers -m firewalld -a 'port=80/tcp state=disabled immediate=yes' # 移除
开启转发功能
[root@mananger ~]# ansible webservers -m firewalld -a 'masquerade=yes state=enabled immediate=yes permanent=yes'
练习题
0.停止Nginx systemd
1.安装http服务 yum
2.编写简单网页测试内容 copy content
3.启动服务不加入开机自启 systemd
4.放行对应的端口 systemd | firewalld
①ad-hoc方式
[root@mananger ~]# ansible webservers -m systemd -a 'name=nginx state=stopped'
[root@mananger ~]# ansible webservers -m yum -a 'name=httpd state=present'
[root@mananger ~]# ansible webservers -m copy -a 'content="ansible web site" dest=/var/www/html/index.html'
[root@mananger ~]# ansible webservers -m systemd -a 'name=httpd state=started'
[root@mananger ~]# ansible webservers -m systemd -a 'name=firewalld state=started'
[root@mananger ~]# ansible webservers -m firewalld -a 'port=80/tcp state=enabled immediate=yes'
②playbook方式
[root@mananger ~]# cat httpd_play.yaml
- hosts: webservers
tasks:
- name: Stopped Nginx Server
systemd:
name: nginx
state: stopped
- name: Installed Httpd Server
yum:
name: httpd
state: present
- name: Copy WebSite Directory
copy:
content: 'Ansible Playbook Web Site'
dest: /var/www/html/index.html
owner: root
group: root
mode: 0644
- name: Systemd Httpd Server
systemd:
name: httpd
state: started
- name: Systemd Firewalld Server
systemd:
name: firewalld
state: started
- name: Configure Firewalld Rule
firewalld:
port: 80/tcp
state: enabled
immediate: yes