Ansible常用命令

1.Ansible搭建

yum install ansible

查看版本  ansible --version

检验

[root@ansible-server ~]# ansible test-host -m shell -a "hostname" 

2.配置免密登录

cat push.ssh.ymal 
 # Using alternate directory locations:
  - hosts: AZURE-IT
    user: mylog
    tasks:
     - name: ssh-copy
       authorized_key: user=mylog  key="{{ lookup('file', '/home/mylog/.ssh/id_rsa.pub') }}"
       tags:
         - sshkey

   ssh-keygen

ansible-playbook push.ssh.ymal 

**PS 😗*如果用户配置了/etc/sudoers，sudo仍然需要输入密码，需要修改这里：

## Allow root to run any commands anywhere 
root	ALL=(ALL) 	ALL
mylog  ALL=(ALL)      NOPASSWD: ALL
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
mylog  ALL=(ALL)      NOPASSWD: ALL```


##  3. 在分组客户机安装Apache，或者批量安装软件：
1. 批量安装Apache
```powershell
ansible IDC-DELIVERY -m yum yum -a "name=httpd state=present" -b
启动httpd服务只需要执行：
ansible web -b -m service -a "name=httpd enabled=yes"
started以启动服务，restarted以重新启动服务，stop来停止服务：
ansible webservers -b -m service -a "name=httpd state=started"

2. 安装指定几个软件

下面是一个综合多个任务的多个play的playbook，实现
安装apche服务器。
在Web服务器组中启用并启动httpd服务。
在所有客户机上安装git。
其内容如下：

---
- hosts: web
remote_user: ansible
become: yes
tasks:
- name: Installing apache
yum:
name: httpd
state: latest
- name: Enabling httpd service
service:
name: httpd
enabled: yes
notify:
- name: restart httpd
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
- hosts: all
remote_user: ansible
become: yes
tasks:
- name: Installing git
yum:
name: git
state: latest

4. 批量拷贝文件到指定目录

[mylog@zabbix-server ~]$ ansible test-host -m copy -a "src=/tmp/111.test dest=/tmp"

5. 批量安装指定软件

注意用户要提前配置好sudo免密切换到root

[mylog@zabbix-server ansible]$ cat push.ssh.ymal
  - hosts: IDC2
    remote_user: mylog
    become: yes
   # become_method: su
    become_method: sudo 
    #become_ask_pass: False
    become_user: root
    tasks:
     - name: install lrzsz
       shell: yum -y install lrzsz    
   #action: yum name=lrzsz state=present
   #sudo: yes
[mylog@zabbix-server ansible]$ ansible-playbook push.ssh.ymal

6. 常规命令库

File Transfer
ansible通过scp可以将文件传输到远程主机上
#ansible webservers -m copy -a "src=/etc/hosts dest=/tmp/hosts"
将本机的/etc/hosts文件拷贝到远程主机组webservers中所有主机的 /tmp/hosts下。
file模块可以改变文件的权限和所属用户组
#ansible webservers -m file -a "dest=/usr/local/src/test mode=600 owner=www group=www"
file模块还可以创建目录，类似mkdir -p
#ansible webservers -m file -a "dest=/a/b/c/d mode=755 owner=www group=www state=new"
同样也可以删除文件
#ansible webserver -m file -a "dest=/tmp/hosts state=absent"

 Managing Packages
ansible同样提供了yum模块来安装软件包
确保一个包已经安装，但是不进行update操作
#ansible webservers -m yum -a "name=acme state=installed"
查看已经安装了指定版本的软件包
#ansible webservers -m yum -a "name=acme-1.5 state=installed"
查看安装软件包是否为最新版本
#ansible webservers -m yum -a "name=acme state=latest"
确保一个软件包是没有安装的
#ansible webservers -m yum -a “name=acme state=removed"
ansible在platform上提供了模块用于包管理，如果你要安装的软件包在模块中不可用，你可以通过commond模块来安装包。

Users & Groups
'user'模块可以方便的创建或者操作一个用户帐号，同样的也可以删除一个用户
#ansible all -m user -a "name=test password=<abc>"
#ansible all -m user -a "name=test state=absent"

Managing Services
确定服务都是开启的
#ansible all -m service -a "name=httpd state=started"
重启服务
#ansibel all -m service -a "name=httpd state=restarted"
关闭服务
#ansible all -m service -a "name=httpd state=stoped"

7.修改远程主机mylog密码

[mylog@zabbix-server ansible]$ cat push.ssh.ymal
  - hosts: IDC2
    remote_user: mylog
    become: yes
   # become_method: su
    become_method: sudo 
    #become_ask_pass: False
    become_user: root
    tasks:
    - name: change user passwd
      user: name={{ item.name }} password={{ item.chpass | password_hash('sha512') }}         update_password=always
      with_items:
           - { name: 'root', chpass: 'mylog@123!' }
           - { name: 'mylog', chpass: 'bjop123' }

执行ansible-play

[root@ansible-server ~]# ansible-playbook /opt/push.ssh.ymal

8.查看linux资源使用率

[root@localhost playbook]# cat first_play.yml
---
- hosts: all
  remote_user: root
  gather_facts: no
  tasks:
    - name: ping test
      ping: 

    - name: execute remote shell
      shell: ps -eo pcpu,user,args | sort -r -k1 | head -n3
      register: ret
    - name: create file
      command: touch /tmp/111.txt   
    - name: output msg
      debug: var=ret.stdout_lines


加上-v（-vv -vvv）参数可以有更详细的信息输出：

[root@localhost playbook]# ansible-playbook -v first_play.yml 

9. 服务器巡检

(1)巡检内存使用率

[mylog@azure-funeng2 ansible]$ ansible AZURE-PROJECT -a "free -g" > /tmp/mem0813-1.txt

这个脚本要改
[mylog@azure-funeng2 ansible]$ cat free.mem.ymal 
 # Using alternate directory locations:
  - hosts: AZURE-PROJECT
    user: mylog
    tasks:
     - name: know the use of memory
       command: free -m

(2) 巡检内存、磁盘、网络等(待验证)

#!/bin/bash
# 巡检内存

rm -rf ./xj*.log

ansible $1 -m shell -a "free -m" > ./xj.log

split -l 4 xj.log -d -a 2 xj_

echo -e "\n" >> ./message.txt
echo `date` >> ./message.txt

for i in `ls ./xj_*`
  do
    #cat $i
    name=`cat $i |grep rc=0|awk '{print $1}'`
    free=`cat $i|grep Mem:|awk '{print $3}'`
    total=`cat xj_00|grep Mem:|awk '{print $2}'`
    userage=$(echo "scale=1; $free / $total * 100" | bc)
    echo "MEM:  $name memory usage percent ${userage}%" >> ./message.txt
  done

# 巡检网络

num=`ansible $1 -m ping|grep "|"|grep -v "SUCCESS" |wc -l`

if [ $num -gt 0 ];then
 for j in `ansible $1 -m ping|grep "|"|grep -v "SUCCESS" | awk '{print $1}'`
   do 
    echo "NET:  $j net is error" >> ./message.txt
   done
else
echo "NET:  all node net is SUCCESS" >> ./message.txt
fi

# 巡检磁盘

for node_name in `ansible $1 -m shell -a "hostname"|grep "|"|awk '{print $1}'`
 do

  # for循环 默认是按照空格分隔的，这里按照\n分隔
  IFS=$'\n\n'
  for line in  `ansible $node_name -m shell -a "df -PH"|grep -v "$node_name"|grep -v "Filesystem"|awk '{print $1,$5}'`
     do
       bfb=`echo $line|awk '{print $2}'`
       sz=`echo $bfb|awk -F "%" '{print $1}'`
       #echo $sz
       if [ $sz -gt 80 ];then
         echo "$node_name DISK:  $line is dangerous" >> ./message.txt
       fi
     done
 done

10 .批量执行shell脚本

写好shell脚本
批量拷贝shell脚本到各台服务器
批量执行shell脚本

(1)编写一个检查磁盘使用率的脚本

[root@server81 ansible]# vim check_disk.sh 

#!/bin/bash
basedir=$(cd `dirname $0`;pwd)

diskmax=10 # 磁盘的阈值

function check_max(){
   local disk_size=$1
   if [ $disk_size -ge $diskmax ]
   then
      echo "unhealth"
   else
      echo "health"
   fi
}

function check_disk_info(){
   df -h | grep -v /dev/loop0 | grep -v /dev/sr0 | awk 'NR > 1 {print $5}' | cut -d '%' -f 1 | while read disk_size
   do
        echo ""
        echo "disk_size=$disk_size%"
        check_max $disk_size
   done
}

check_disk_info

(2)

***先远程创建好准备拷贝过去的文件目录***
[root@azure-funeng2 ansible]# ansible servers -m shell -a "mkdir -p /work/ansible"
***file命令执行创建文件夹***
[root@azure-funeng2 ansible]# ansible servers -m file -a "path=/work/file state=directory  mode=0755"
***批量拷贝shell脚本到各台服务器***
[root@azure-funeng2 ansible]# ansible servers -m copy -a "src=/root/ansible/check_disk.sh dest=/work/file/check_disk.sh mode=0755"
***批量执行shell脚本***
[root@azure-funeng2 ansible]# ansible servers -m shell -a "/work/file/check_disk.sh"

（3）批量执行shell脚本–验证可以使用

[root@zabbix-server ansible]# cat edr0929-DELIVERY.ymal 
  - hosts: IDC-DELIVERY
    remote_user: mylog
    become: yes
    become_method: sudo 
    become_user: root
    tasks:
    - name: mkdir /tmp/edr 
      file: path=/tmp/edr state=directory mode=0775 
    - name: copy edr_installer0929.sh
      template: src=/etc/ansible/edr_installer0929.sh dest=/tmp/edr/
    - name: excute edr_installer0929.sh
      command: chdir=/tmp/edr sh edr_installer0929.sh

[root@zabbix-server ansible]# cat idcedr_installer0929.sh 
mkdir /tmp/edr
cd /tmp/edr
wget --no-check-certificate https://10.x.x.x/html/linux_edr_installer.tar.gz
tar -xzvf linux_edr_installer.tar.gz
./agent_installer.sh