1.Ansible搭建
yum install ansible
查看版本 ansible --version
检验
[root@ansible-server ~]# ansible test-host -m shell -a "hostname"
2.配置免密登录
cat push.ssh.ymal
# Using alternate directory locations:
- hosts: AZURE-IT
user: mylog
tasks:
- name: ssh-copy
authorized_key: user=mylog key="{{ lookup('file', '/home/mylog/.ssh/id_rsa.pub') }}"
tags:
- sshkey
ssh-keygen
ansible-playbook push.ssh.ymal
**PS 😗*如果用户配置了/etc/sudoers,sudo仍然需要输入密码,需要修改这里:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
mylog ALL=(ALL) NOPASSWD: ALL
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
mylog ALL=(ALL) NOPASSWD: ALL```
## 3. 在分组客户机安装Apache,或者批量安装软件:
1. 批量安装Apache
```powershell
ansible IDC-DELIVERY -m yum yum -a "name=httpd state=present" -b
启动httpd服务只需要执行:
ansible web -b -m service -a "name=httpd enabled=yes"
started以启动服务,restarted以重新启动服务,stop来停止服务:
ansible webservers -b -m service -a "name=httpd state=started"
- 安装指定几个软件
下面是一个综合多个任务的多个play的playbook,实现
安装apche服务器。
在Web服务器组中启用并启动httpd服务。
在所有客户机上安装git。
其内容如下:
---
- hosts: web
remote_user: ansible
become: yes
tasks:
- name: Installing apache
yum:
name: httpd
state: latest
- name: Enabling httpd service
service:
name: httpd
enabled: yes
notify:
- name: restart httpd
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
- hosts: all
remote_user: ansible
become: yes
tasks:
- name: Installing git
yum:
name: git
state: latest
4. 批量拷贝文件到指定目录
[mylog@zabbix-server ~]$ ansible test-host -m copy -a "src=/tmp/111.test dest=/tmp"
5. 批量安装指定软件
注意用户要提前配置好sudo免密切换到root
[mylog@zabbix-server ansible]$ cat push.ssh.ymal
- hosts: IDC2
remote_user: mylog
become: yes
# become_method: su
become_method: sudo
#become_ask_pass: False
become_user: root
tasks:
- name: install lrzsz
shell: yum -y install lrzsz
#action: yum name=lrzsz state=present
#sudo: yes
[mylog@zabbix-server ansible]$ ansible-playbook push.ssh.ymal
6. 常规命令库
File Transfer
ansible通过scp可以将文件传输到远程主机上
#ansible webservers -m copy -a "src=/etc/hosts dest=/tmp/hosts"
将本机的/etc/hosts文件拷贝到远程主机组webservers中所有主机的 /tmp/hosts下。
file模块可以改变文件的权限和所属用户组
#ansible webservers -m file -a "dest=/usr/local/src/test mode=600 owner=www group=www"
file模块还可以创建目录,类似mkdir -p
#ansible webservers -m file -a "dest=/a/b/c/d mode=755 owner=www group=www state=new"
同样也可以删除文件
#ansible webserver -m file -a "dest=/tmp/hosts state=absent"
Managing Packages
ansible同样提供了yum模块来安装软件包
确保一个包已经安装,但是不进行update操作
#ansible webservers -m yum -a "name=acme state=installed"
查看已经安装了指定版本的软件包
#ansible webservers -m yum -a "name=acme-1.5 state=installed"
查看安装软件包是否为最新版本
#ansible webservers -m yum -a "name=acme state=latest"
确保一个软件包是没有安装的
#ansible webservers -m yum -a “name=acme state=removed"
ansible在platform上提供了模块用于包管理,如果你要安装的软件包在模块中不可用,你可以通过commond模块来安装包。
Users & Groups
'user'模块可以方便的创建或者操作一个用户帐号,同样的也可以删除一个用户
#ansible all -m user -a "name=test password=<abc>"
#ansible all -m user -a "name=test state=absent"
Managing Services
确定服务都是开启的
#ansible all -m service -a "name=httpd state=started"
重启服务
#ansibel all -m service -a "name=httpd state=restarted"
关闭服务
#ansible all -m service -a "name=httpd state=stoped"
7.修改远程主机mylog密码
[mylog@zabbix-server ansible]$ cat push.ssh.ymal
- hosts: IDC2
remote_user: mylog
become: yes
# become_method: su
become_method: sudo
#become_ask_pass: False
become_user: root
tasks:
- name: change user passwd
user: name={{ item.name }} password={{ item.chpass | password_hash('sha512') }} update_password=always
with_items:
- { name: 'root', chpass: 'mylog@123!' }
- { name: 'mylog', chpass: 'bjop123' }
执行ansible-play
[root@ansible-server ~]# ansible-playbook /opt/push.ssh.ymal
8.查看linux资源使用率
[root@localhost playbook]# cat first_play.yml
---
- hosts: all
remote_user: root
gather_facts: no
tasks:
- name: ping test
ping:
- name: execute remote shell
shell: ps -eo pcpu,user,args | sort -r -k1 | head -n3
register: ret
- name: create file
command: touch /tmp/111.txt
- name: output msg
debug: var=ret.stdout_lines
加上-v(-vv -vvv)参数可以有更详细的信息输出:
[root@localhost playbook]# ansible-playbook -v first_play.yml
9. 服务器巡检
(1)巡检内存使用率
[mylog@azure-funeng2 ansible]$ ansible AZURE-PROJECT -a "free -g" > /tmp/mem0813-1.txt
这个脚本要改
[mylog@azure-funeng2 ansible]$ cat free.mem.ymal
# Using alternate directory locations:
- hosts: AZURE-PROJECT
user: mylog
tasks:
- name: know the use of memory
command: free -m
(2) 巡检内存、磁盘、网络等(待验证)
#!/bin/bash
# 巡检内存
rm -rf ./xj*.log
ansible $1 -m shell -a "free -m" > ./xj.log
split -l 4 xj.log -d -a 2 xj_
echo -e "\n" >> ./message.txt
echo `date` >> ./message.txt
for i in `ls ./xj_*`
do
#cat $i
name=`cat $i |grep rc=0|awk '{print $1}'`
free=`cat $i|grep Mem:|awk '{print $3}'`
total=`cat xj_00|grep Mem:|awk '{print $2}'`
userage=$(echo "scale=1; $free / $total * 100" | bc)
echo "MEM: $name memory usage percent ${userage}%" >> ./message.txt
done
# 巡检网络
num=`ansible $1 -m ping|grep "|"|grep -v "SUCCESS" |wc -l`
if [ $num -gt 0 ];then
for j in `ansible $1 -m ping|grep "|"|grep -v "SUCCESS" | awk '{print $1}'`
do
echo "NET: $j net is error" >> ./message.txt
done
else
echo "NET: all node net is SUCCESS" >> ./message.txt
fi
# 巡检磁盘
for node_name in `ansible $1 -m shell -a "hostname"|grep "|"|awk '{print $1}'`
do
# for循环 默认是按照空格分隔的,这里按照\n分隔
IFS=$'\n\n'
for line in `ansible $node_name -m shell -a "df -PH"|grep -v "$node_name"|grep -v "Filesystem"|awk '{print $1,$5}'`
do
bfb=`echo $line|awk '{print $2}'`
sz=`echo $bfb|awk -F "%" '{print $1}'`
#echo $sz
if [ $sz -gt 80 ];then
echo "$node_name DISK: $line is dangerous" >> ./message.txt
fi
done
done
10 .批量执行shell脚本
写好shell脚本
批量拷贝shell脚本到各台服务器
批量执行shell脚本
(1)编写一个检查磁盘使用率的脚本
[root@server81 ansible]# vim check_disk.sh
#!/bin/bash
basedir=$(cd `dirname $0`;pwd)
diskmax=10 # 磁盘的阈值
function check_max(){
local disk_size=$1
if [ $disk_size -ge $diskmax ]
then
echo "unhealth"
else
echo "health"
fi
}
function check_disk_info(){
df -h | grep -v /dev/loop0 | grep -v /dev/sr0 | awk 'NR > 1 {print $5}' | cut -d '%' -f 1 | while read disk_size
do
echo ""
echo "disk_size=$disk_size%"
check_max $disk_size
done
}
check_disk_info
(2)
***先远程创建好准备拷贝过去的文件目录***
[root@azure-funeng2 ansible]# ansible servers -m shell -a "mkdir -p /work/ansible"
***file命令执行创建文件夹***
[root@azure-funeng2 ansible]# ansible servers -m file -a "path=/work/file state=directory mode=0755"
***批量拷贝shell脚本到各台服务器***
[root@azure-funeng2 ansible]# ansible servers -m copy -a "src=/root/ansible/check_disk.sh dest=/work/file/check_disk.sh mode=0755"
***批量执行shell脚本***
[root@azure-funeng2 ansible]# ansible servers -m shell -a "/work/file/check_disk.sh"
(3)批量执行shell脚本–验证可以使用
[root@zabbix-server ansible]# cat edr0929-DELIVERY.ymal
- hosts: IDC-DELIVERY
remote_user: mylog
become: yes
become_method: sudo
become_user: root
tasks:
- name: mkdir /tmp/edr
file: path=/tmp/edr state=directory mode=0775
- name: copy edr_installer0929.sh
template: src=/etc/ansible/edr_installer0929.sh dest=/tmp/edr/
- name: excute edr_installer0929.sh
command: chdir=/tmp/edr sh edr_installer0929.sh
[root@zabbix-server ansible]# cat idcedr_installer0929.sh
mkdir /tmp/edr
cd /tmp/edr
wget --no-check-certificate https://10.x.x.x/html/linux_edr_installer.tar.gz
tar -xzvf linux_edr_installer.tar.gz
./agent_installer.sh