Ansible配置
转载至珂儿吖
Ansible执行流程
Ansible执行流程如图所示:
简单理解就是Ansible在运行时, 首先读取ansible.cfg中的配置, 根据规则获取Inventory中的管理主机列表, 并行的在这些主机中执行配置的任务, 最后等待执行返回的结果。
Ansible命令执行过程
- 加载自己的配置文件,默认
/etc/ansible/ansible.cfg; - 查找对应的主机配置文件,找到要执行的主机或者组;
- 加载自己对应的模块文件,如command;
- 通过ansible将模块或命令生成对应的临时py文件(python脚本), 并将该文件传输至远程服务器;
- 对应执行用户的家目录的.ansible/tmp/XXX/XXX.PY文件;
- 给文件 +x 执行权限;
- 执行并返回结果;
- 删除临时py文件,sleep 0退出;
Ansible配置详解
Ansible程序结构
安装目录如下(yum安装):
配置文件目录:/etc/ansible
执行文件目录:/uar/bin
Lib库依赖目录:/usr/lib/pythonX.X/site-packages/ansible/
Help文档目录:/usr/share/doc/ansible-X.X.X/
Man文档目录:/usr/share/man/man1/
Ansible配置文件
Ansible的默认配置文件为/etc/ansible/ansible.cfg,Ansible有许多参数:
inventory = /etc/ansible/hosts #这个参数表示资源清单inventory文件的位置
library = /usr/share/ansible #指向存放Ansible模块的目录,支持多个目录方式,只要用冒号(:)隔开就可以
forks = 5 #并发连接数,默认为5
sudo_user = root #设置默认执行命令的用户
remote_port = 22 #指定连接被管节点的管理端口,默认为22端口,建议修改,能够更加安全
host_key_checking = False #设置是否检查SSH主机的密钥,值为True/False。关闭后第一次连接不会提示配置实例
timeout = 60 #设置SSH连接的超时时间,单位为秒
log_path = /var/log/ansible.log #指定一个存储ansible日志的文件(默认不记录日志)
Ansible主机清单
在配置文件中,提到了资源清单(/etc/ansible/hosts),这个就是ansible的主机清单,里面保存的是一些ansible需要连接管理的主机列表,其定义方式如下:
- 直接指定主机地址或主机名:
## green.example.com#
# blue.example.com#
# 192.168.100.1
# 192.168.100.10
- 定义一组主机组[组名]把地址或主机名加进去
[web]
192.168.50.153
192.168.50.154
[test]
192.168.50.154
需要注意的是,组成员可以使用通配符来匹配。
Ansible常用命令
Ansible命令集
/usr/bin/ansibleAnsibe AD-Hoc 临时命令执行工具,常用于临时命令的执行;
/usr/bin/ansible-docAnsible 模块功能查看工具;
/usr/bin/ansible-galaxy下载/上传优秀代码或Roles模块 的官网平台,基于网络的;
/usr/bin/ansible-playbookAnsible 定制自动化的任务集编排工具;
/usr/bin/ansible-pullAnsible远程执行命令的工具,拉取配置而非推送配置(使用较少,海量机器时使用,对运维的架构能力要求较高);
/usr/bin/ansible-vaultAnsible 文件加密工具;
/usr/bin/ansible-consoleAnsible基于Linux Consoble界面可与用户交互的命令执行工具;
其中,比较常用的是/usr/bin/ansible和/usr/bin/ansible-playbook。
ansible-doc命令
ansible-doc 命令常用于获取模块信息及其使用帮助,一般用法如下:
ansible-doc -l #获取全部模块的信息
ansible-doc -s MOD_NAME #获取指定模块的使用帮助
ansible命令详解
命令的具体格式如下:
ansible [-f forks] [-m module_name] [-a args]
也可以通过ansible -h来查看帮助,下面是一些比较常用的选项:
-a MODULE_ARGS #模块的参数,如果执行默认COMMAND的模块,即是命令参数,如: “date”,“pwd”等等;
-k,--ask-pass #ask for SSH password。登录密码,提示输入SSH密码而不是假设基于密钥的验证;
--ask-su-pass #ask for su password。su切换密码;
-K,--ask-sudo-pass #ask for sudo password。提示密码使用sudo,sudo表示提权操作;
--ask-vault-pass #ask for vault password。假设我们设定了加密的密码,则用该选项进行访问;
-B SECONDS #后台运行超时时间;
-C #模拟运行环境并进行预运行,可以进行查错测试;
-c #CONNECTION #连接类型使用;
-f FORKS #并行任务数,默认为5;
-i INVENTORY #指定主机清单的路径,默认为/etc/ansible/hosts;
--list-hosts #查看有哪些主机组;
-m MODULE_NAME #执行模块的名字,默认使用 command 模块,所以如果是只执行单一命令可以不用 -m参数;
-o #压缩输出,尝试将所有结果在一行输出,一般针对收集工具使用;
-S #用 su 命令;
-R SU_USER #指定 su 的用户,默认为 root 用户;
-s #用 sudo 命令;
-U SUDO_USER #指定 sudo 到哪个用户,默认为 root 用户;
-T TIMEOUT #指定 ssh 默认超时时间,默认为10s,也可在配置文件中修改;
-u REMOTE_USER #远程用户,默认为 root 用户;
-v #查看详细信息,同时支持-vvv,-vvvv可查看更详细信息;
Ansible配置公私钥
ansible是基于ssh协议实现的,配置公私钥的方式与ssh协议的方式相同,操作步骤如下:
# ssh-keygen
# ssh-copy-id [email protected]
# ssh-copy-id [email protected]
Ansible常用模块
1.主机连通性测试
使用ansible test -m ping命令来进行主机连通性测试:
# ansible test -m ping
192.168.50.154 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
这样就说明主机是连通状态的。接下来的操作才可以正常进行。
2.command模块
该模块可以直接在远程主机上执行命令,并将结果返回至主机。
# ansible web -m command -a 'ss -ntl'
192.168.50.153 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
192.168.50.154 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
命令模块接受命令名称,后面是空格分隔的列表参数。给定的命令将在所有选定的节点上执行。它不会通过shell进行处理,比如$HOME和操作如">","<","|",";","&"工作(需要使用shell模块实现这些功能)。
该命令不支持管道命令"|".
该模块下常用的几个命令:
chdir #在执行命令之前,先切换至该目录;
executable #切换shell来执行命令,需要使用命令的绝对路径;
free_form #要执行的Linux命令,一般使用Ansible的-a参数代替;
creates #一个文件名,当这个文件存在,则该命令不执行,可以用来判断;
removes #一个文件名,当这个文件不存在,则该命令不执行;
# ansible web -m command -a 'chdir=/usr/share/nginx/ ls' #先切换至/usr/share/nginx/,再执行ls命令
192.168.50.153 | CHANGED | rc=0 >>
html
modules
192.168.50.154 | CHANGED | rc=0 >>
html
modules
3.shell模块
shell模块可以在远程主机上调用shell解释器运行命令,支持shell的各种功能,例如管道等。
# ansible web -m shell -a 'cat /etc/passwd |grep "root"'
192.168.50.153 | CHANGED | rc=0 >>
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
192.168.50.154 | CHANGED | rc=0 >>
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
4.copy模块
该模块用于将文件复制到远程主机,同时支持给定内容生成文件和修改权限等。
其相关选项如下:
src #被复制到远程主机的本地文件。可以是绝对路径,也可以是相对路径。如果路径是一个目录,则会递归复制,用法类似于`rsync`;
content #用于替换`src`,可以直接指定文件的值;
dest #必选项,将源文件复制到的远程主机的绝对路径;
backup #当文件内容发生改变后,在覆盖之前把源文件备份,备份文件包含时间信息;
directory_mode #递归设定目录的权限,默认为系统默认权限;
force #当目标主机包含该文件,但内容不同时,设为"yes",表示强制覆盖;设为"no",表示目标主机的目标位置不存在该文件才复制。默认为"yes";
others #所有的 file 模块中的选项可以在这里使用;
- 复制文件
# ansible web -m copy -a "src=~/hello dest=/opt/hello"
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/opt/hello",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1560850165.84-176650353793278/source",
"state": "file",
"uid": 0
}
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/opt/hello",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1560850165.84-231759056515823/source",
"state": "file",
"uid": 0
}
- 给定内容生成文件,并制定权限
# ansible web -m copy -a 'content="I am keer\n" dest=/opt/name mode=666'
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "0421570938940ea784f9d8598dab87f07685b968",
"dest": "/opt/name",
"gid": 0,
"group": "root",
"md5sum": "497fa8386590a5fc89090725b07f175c",
"mode": "0666",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 10,
"src": "/root/.ansible/tmp/ansible-tmp-1560850477.79-94922536424769/source",
"state": "file",
"uid": 0
}
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "0421570938940ea784f9d8598dab87f07685b968",
"dest": "/opt/name",
"gid": 0,
"group": "root",
"md5sum": "497fa8386590a5fc89090725b07f175c",
"mode": "0666",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 10,
"src": "/root/.ansible/tmp/ansible-tmp-1560850477.77-220007163533908/source",
"state": "file",
"uid": 0
}
可以去查看一下生成的文件权限:
# ansible web -m shell -a 'ls -l /opt/'
192.168.50.153 | CHANGED | rc=0 >>
总用量 4
-rw-rw-rw-. 1 root root 10 6月 18 17:34 name
192.168.50.154 | CHANGED | rc=0 >>
总用量 4
-rw-rw-rw-. 1 root root 10 6月 18 17:34 name
- 覆盖
把文件的内容修改一下,然后选择覆盖备份:
# ansible web -m copy -a 'content="I am csdnic"\n backup=yes dest=/opt/name mode=666'
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup_file": "/opt/name.9505.2019-06-18@17:40:11~",
"changed": true,
"checksum": "acfe3e8431c695412dc0a4d1d8170983bb672641",
"dest": "/opt/name",
"gid": 0,
"group": "root",
"md5sum": "4dcb2e56d9a3353b7cf1aa0af33450cc",
"mode": "0666",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1560850810.29-21696054337299/source",
"state": "file",
"uid": 0
}
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup_file": "/opt/name.40184.2019-06-18@17:40:11~",
"changed": true,
"checksum": "acfe3e8431c695412dc0a4d1d8170983bb672641",
"dest": "/opt/name",
"gid": 0,
"group": "root",
"md5sum": "4dcb2e56d9a3353b7cf1aa0af33450cc",
"mode": "0666",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1560850810.31-201361505040102/source",
"state": "file",
"uid": 0
}
查看一下:
# ansible web -m shell -a 'ls -l /opt/'
192.168.50.153 | CHANGED | rc=0 >>
总用量 8
-rw-rw-rw-. 1 root root 11 6月 18 17:40 name
-rw-rw-rw-. 1 root root 10 6月 18 17:34 name.9505.2019-06-18@17:40:11~
192.168.50.154 | CHANGED | rc=0 >>
总用量 8
-rw-rw-rw-. 1 root root 11 6月 18 17:40 name
-rw-rw-rw-. 1 root root 10 6月 18 17:34 name.40184.2019-06-18@17:40:11~
可以看出,源文件已经被备份,我们还可以查看一下name文件的内容:
# ansible web -m shell -a 'cat /opt/name'
192.168.50.153 | CHANGED | rc=0 >>
I am csdnic
192.168.50.154 | CHANGED | rc=0 >>
I am csdnic
5.file模块
该模块主要用于设置文件的属性,比如创建文件、创建链接文件、删除文件等。
其相关选项如下:
force #需要在两种情况下强制创建软链接,一种是源文件不存在,但之后会建立的情况下;另一种是目标软链接已存在,需要先取消之前的软链,然后创建新的软链,有两个选项:`yes|no`;
group #定义文件/目录的属组。后面可以加上`mode`:定义文件/目录的权限;
owner #定义文件/目录的属主。后面必须跟上`path`:定义文件/目录的路径;
recurse #递归设置文件的属性,只对目录有效,后面跟上src:被链接的源文件路径,只应用于state=link的情况;
dest #被链接到的路径,只应用于state=link的情况;
state #状态,有以下选项:
directory #如果目录不存在,就创建目录;
file #即使文件不存在,也不会被创建;
link #创建软链接;
hard #创建硬链接;
touch #如果文件不存在,则会创建一个新的文件,如果文件或目录已存在,则更新其最后修改时间;
absent #删除目录、文件或者取消链接文件;
- 创建目录:
# ansible web -m file -a 'path=/data/app state=directory'
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/data/app",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/data/app",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
去查看一下是否创建成功:
# ansible web -m shell -a 'ls -l /data/'
192.168.50.154 | CHANGED | rc=0 >>
总用量 0
drwxr-xr-x. 2 root root 6 6月 20 17:10 app
192.168.50.153 | CHANGED | rc=0 >>
总用量 0
drwxr-xr-x. 2 root root 6 6月 20 17:10 app
- 创建链接文件:
# ansible web -m file -a 'path=/data/a1.gif src=a2.gif state=link'
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/data/a1.gif",
"src": "a2.gif"
}
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/data/a1.gif",
"src": "a2.gif"
}
去查看一下是否创建成功:
# ansible web -m shell -a 'ls -l /data/'
192.168.50.153 | CHANGED | rc=0 >>
总用量 0
lrwxrwxrwx. 1 root root 6 6月 20 17:18 a1.gif -> a2.gif
drwxr-xr-x. 2 root root 6 6月 20 17:10 app
192.168.50.154 | CHANGED | rc=0 >>
总用量 0
lrwxrwxrwx. 1 root root 6 6月 20 17:18 a1.gif -> a2.gif
drwxr-xr-x. 2 root root 6 6月 20 17:10 app
- 删除文件:
# ansible web -m file -a 'path=/data/app state=absent'
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/data/app",
"state": "absent"
}
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/data/app",
"state": "absent"
}
去查看一下是否删除成功:
# ansible web -m shell -a 'ls -l /data/'
192.168.50.153 | CHANGED | rc=0 >>
总用量 0
lrwxrwxrwx. 1 root root 6 6月 20 17:18 a1.gif -> a2.gif
192.168.50.154 | CHANGED | rc=0 >>
总用量 0
lrwxrwxrwx. 1 root root 6 6月 20 17:18 a1.gif -> a2.gif
6.fetch模块
该模块用于从远程某主机获取(复制)文件到本地。
有两个选项:
dest #用来存放文件的目录;
src #用来远程拉取的文件,并且必须是一个文件,不能是目录;
示例如下:
# ansible web -m fetch -a 'src=/opt/hello dest=/opt'
192.168.50.154 | CHANGED => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/opt/192.168.50.154/opt/hello",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
192.168.50.153 | CHANGED => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/opt/192.168.50.153/opt/hello",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
在本机上查看一下文件是否复制成功,需要注意的是,文件保存的路径是设置的接受目录下的被管制IP目录下:
# tree /opt/
/opt/
├── 192.168.50.153
│ └── opt
│ └── hello
└── 192.168.50.154
└── opt
└── hello
4 directories, 2 files
7.cron模块
该模块是用于管理cron计划任务的。
其使用的语法跟我们的crontab文件中的语法一致,
其相关选项如下:
day #日;
hour #小时;
minute #分钟;
month #月;
weekday #周;
job #指明运行的命令是什么;
name #定时任务描述;
reboot #任务在重启时运行,不建议使用,建议使用special_time;
special_time #特殊的时间范围,参数:reboot(重启时),annually(每年),monthly(每月),weekly(每周),daily(每天),hourly(每小时);
state #指定状态,present表示添加定时任务,也是默认设置,absent表示删除定时任务;
user #指定以哪个用户身份执行;
- 添加计划任务
# ansible web -m cron -a 'name="ntp update every 5 min" minute=*/5 job="/sbin/ntpdate 172.17.0.1 &> /dev/null"'
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"ntp update every 5 min"
]
}
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"ntp update every 5 min"
]
}
去查看一下是否创建成功:
# ansible web -m shell -a 'crontab -l'
192.168.50.153 | CHANGED | rc=0 >>
#Ansible: ntp update every 5 min
*/5 * * * * /sbin/ntpdate 172.17.0.1 &> /dev/null
192.168.50.154 | CHANGED | rc=0 >>
#Ansible: ntp update every 5 min
*/5 * * * * /sbin/ntpdate 172.17.0.1 &> /dev/null
可以看到,计划任务已经创建成功了。
- 删除计划任务
如果想要删除计划任务,想要删除的话,则执行以下操作:
首先去查看一下现有的计划任务:
# ansible web -m shell -a 'crontab -l'
192.168.50.153 | CHANGED | rc=0 >>
#Ansible: ntp update every 5 min
*/5 * * * * /sbin/ntpdate 172.17.0.1 &> /dev/null
192.168.50.154 | CHANGED | rc=0 >>
#Ansible: ntp update every 5 min
*/5 * * * * /sbin/ntpdate 172.17.0.1 &> /dev/null
然后执行删除操作:
]# ansible web -m cron -a 'name="ntp update every 5 min" minute=*/5 job="/sbin/ntpdate 172.17.0.1 &> /dev/null" state=absent'
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
删除完成后,查看一下现在的计划任务,确认是否删除:
# ansible web -m shell -a 'crontab -l'
192.168.50.153 | CHANGED | rc=0 >>
192.168.50.154 | CHANGED | rc=0 >>
8.yum模块
该模块主要用于软件的安装。
其相关选项如下:
name #所安装的包的名称;
state #`present`--->安装,`latest`--->安装最新的,`absent`---> 卸载软件;
update_cache #强制更新yum的缓存;
conf_file #指定远程yum安装时所依赖的配置文件(安装本地已有的包);
disable_pgp_check #是否禁止`GPG checking`,只用于`presentor`或`latest`;
disablerepo #临时禁止使用yum库,只用于安装或更新时;
enablerepo #临时使用的yum库。只用于安装或更新时;
如下所示,安装htop包:
# ansible web -m yum -a 'name=htop state=present'
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"htop"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.cn99.com\n * epel: mirror01.idc.hinet.net\n * extras: mirrors.163.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package htop.x86_64 0:2.2.0-3.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n htop x86_64 2.2.0-3.el7 epel 103 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 103 k\nInstalled size: 218 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : htop-2.2.0-3.el7.x86_64 1/1 \n Verifying : htop-2.2.0-3.el7.x86_64 1/1 \n\nInstalled:\n htop.x86_64 0:2.2.0-3.el7 \n\nComplete!\n"
]
}
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"htop"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.cn99.com\n * epel: mirror01.idc.hinet.net\n * extras: mirrors.163.com\n * updates: mirrors.163.com\nResolving Dependencies\n--> Running transaction check\n---> Package htop.x86_64 0:2.2.0-3.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n htop x86_64 2.2.0-3.el7 epel 103 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 103 k\nInstalled size: 218 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : htop-2.2.0-3.el7.x86_64 1/1 \n Verifying : htop-2.2.0-3.el7.x86_64 1/1 \n\nInstalled:\n htop.x86_64 0:2.2.0-3.el7 \n\nComplete!\n"
]
}
安装成功。
9.service模块
该模块主要用于服务程序的管理。
其相关选项如下:
arguments #命令行提供额外的参数;
enabled #设置开机启动;
name #服务名称;
runlevel #开机启动的级别,一般不用指定;
sleep #在重启服务的过程中,是否等待,如在服务关闭后等待2秒再启动(定义在剧本中);
state #有四种状态,分别为:
started #启动服务;
stopped #停止服务;
restarted #重启服务;
reloaded #重新加载配置;
- 启动nginx服务并设置开机自启:
# ansible web -m service -a 'name=nginx state=started enabled=true'
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"enabled": true,
"name": "nginx",
"state": "started",
···
}
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"enabled": true,
"name": "nginx",
"state": "started",
···
}
去查看一下端口是否打开:
# ansible web -m shell -a 'ss -ntl'
192.168.50.153 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
192.168.50.154 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
可以看到,80端口已经打开。
- 关闭服务
# ansible web -m service -a 'name=nginx state=stopped'
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "nginx",
"state": "stopped",
···
}
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "nginx",
"state": "stopped",
···
}
同样的,去查看一下端口:
# ansible web -m shell -a 'ss -ntl | grep 80'
192.168.50.153 | FAILED | rc=1 >>
non-zero return code
192.168.50.154 | FAILED | rc=1 >>
non-zero return code
10.user模块
该模块主要用于管理用户账号。
其相关选项如下:
comment #用户的描述信息;
createhome #是否创建家目录
force #在使用state=absent时,行为与userdel -force一致;
group #指定基本组
groups #指定附加组,
home #指定用户家目录;
move_home #如果设置为home=时,试图将用户主目录移动到指定的目录;
name #指定用户名;
non_unique #该选项允许改变非唯一的用户ID值;
password #指定用户密码;
remove #在使用state=absent时,行为是与userdel -remove一致;
shell #指定默认shell
state #设置账号状态,不指定为创建,指定值为absent表示删除;
system #当创建一个用户,设置这个用户是系统用户,这个设置不能更改现有用户;
uid #指定用户的uid
- 创建一个用户,并指定其uid:
# ansible web -m user -a 'name=keer uid=11111'
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 11111,
"home": "/home/keer",
"name": "keer",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 11111
}
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 11111,
"home": "/home/keer",
"name": "keer",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 11111
}
添加完成,去查看一下是否添加成功:
# ansible web -m shell -a 'cat /etc/passwd |grep keer'
192.168.50.154 | CHANGED | rc=0 >>
keer:x:11111:11111::/home/keer:/bin/bash
192.168.50.153 | CHANGED | rc=0 >>
keer:x:11111:11111::/home/keer:/bin/bash
- 删除用户:
# ansible web -m user -a 'name=keer state=absent'
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "keer",
"remove": false,
"state": "absent"
}
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "keer",
"remove": false,
"state": "absent"
}
同样的,去查看一下:
# ansible web -m shell -a 'cat /etc/passwd |grep keer'
192.168.50.154 | FAILED | rc=1 >>
non-zero return code
192.168.50.153 | FAILED | rc=1 >>
non-zero return code
可以看到,已经没有该用户了。
11.group 模块
该模块主要用于添加或删除组。
其相关选项如下:
gid= #设置组的GID号;
name= #指定组的名称;
state= #指定组的状态,默认为创建,设置值为absent为删除;
system= #设置值为yes时,表示创建为系统组。
- 创建组:
# ansible web -m group -a 'name=sanguo gid=12222'
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 12222,
"name": "sanguo",
"state": "present",
"system": false
}
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 12222,
"name": "sanguo",
"state": "present",
"system": false
}
创建完成后,去查看一下:
# ansible web -m shell -a 'cat /etc/group | grep 12222'
192.168.50.153 | CHANGED | rc=0 >>
sanguo:x:12222:
192.168.50.154 | CHANGED | rc=0 >>
sanguo:x:12222:
- 删除组:
# ansible web -m group -a 'name=sanguo state=absent'
192.168.50.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "sanguo",
"state": "absent"
}
192.168.50.154 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "sanguo",
"state": "absent"
}
同样的,去查看一下:
# ansible web -m shell -a 'cat /etc/group | grep 12222'
192.168.50.153 | FAILED | rc=1 >>
non-zero return code
192.168.50.154 | FAILED | rc=1 >>
non-zero return code
已经没有这个组的相关信息了。
12.script模块
该模块主要用于将本机的脚本在被管理端的机器上运行,使用时直接指定脚本的路径即可。
首先,编写一个脚本,并给其加上执行权限:
cat > /tmp/df.sh <<EOF
#!/bin/bash
date >> /tmp/disk_total.log
df -lh >> /tmp/disk_total.log
EOF
# chmod +x /tmp/df.sh
然后,直接运行命令在被管理端执行该脚本:
# ansible web -m script -a '/tmp/df.sh'
192.168.50.153 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.50.153 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.50.153 closed."
],
"stdout": "",
"stdout_lines": []
}
192.168.50.154 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.50.154 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.50.154 closed."
],
"stdout": "",
"stdout_lines": []
}
查看一下文件内容:
# ansible web -m shell -a 'cat /tmp/disk_total.log'
192.168.50.153 | CHANGED | rc=0 >>
2019年 07月 22日 星期一 20:54:44 CST
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/centos-root 17G 1.7G 16G 10% /
devtmpfs 476M 0 476M 0% /dev
tmpfs 488M 0 488M 0% /dev/shm
tmpfs 488M 7.7M 480M 2% /run
tmpfs 488M 0 488M 0% /sys/fs/cgroup
/dev/sda1 1014M 160M 855M 16% /boot
tmpfs 98M 0 98M 0% /run/user/0
192.168.50.154 | CHANGED | rc=0 >>
2019年 07月 22日 星期一 20:54:44 CST
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/centos-root 17G 1.7G 16G 10% /
devtmpfs 476M 0 476M 0% /dev
tmpfs 488M 0 488M 0% /dev/shm
tmpfs 488M 7.7M 480M 2% /run
tmpfs 488M 0 488M 0% /sys/fs/cgroup
/dev/sda1 1014M 160M 855M 16% /boot
tmpfs 98M 0 98M 0% /run/user/0
可以看出脚本已经执行成功了。
13.setup模块
该模块主要用于收集信息,是通过调用facts组件来实现的。
facts组件是Ansible用于采集被管机器设备的一个功能,可以使用setup模块查看机器的所有facts信息,可以使用filter来查看指定信息。
整个facts信息被包装在一个JSON格式的数据结构中,ansible_facts是最上层的值。
facts就是变量,内建变量。每个主机的各种信息,cpu颗数、内存大小等。会存在facts的某个变量中,调用后返回很多主机的信息,在后面的操作中可以根据不同的信息来做不同的操作。如Debian系列用apt安装软件,Redhat系列用yum安装。
- 查看信息:
可以直接用命令获取到变量的值:
# ansible web -m setup -a 'filter="*mem*"' #查看内存
192.168.50.154 | SUCCESS => {
"ansible_facts": {
"ansible_memfree_mb": 168,
"ansible_memory_mb": {
"nocache": {
"free": 689,
"used": 285
},
"real": {
"free": 168,
"total": 974,
"used": 806
},
"swap": {
"cached": 0,
"free": 2047,
"total": 2047,
"used": 0
}
},
"ansible_memtotal_mb": 974,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.50.153 | SUCCESS => {
"ansible_facts": {
"ansible_memfree_mb": 162,
"ansible_memory_mb": {
"nocache": {
"free": 693,
"used": 281
},
"real": {
"free": 162,
"total": 974,
"used": 812
},
"swap": {
"cached": 0,
"free": 2047,
"total": 2047,
"used": 0
}
},
"ansible_memtotal_mb": 974,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
可以通过命令查看一下内存的大小以确认一下是否一致:
# ansible web -m shell -a 'free -m'
192.168.50.153 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 974 148 162 7 663 596
Swap: 2047 0 2047
192.168.50.154 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 974 152 169 7 653 593
Swap: 2047 0 2047
可以看出,信息是一致的。
- 保存信息:
setup模块还有一个很好用的功能就是可以保存所筛选的信息至主机上,同时,文件名为被管制主机的IP,这样就方便查找是哪台机器出现问题。
# ansible web -m setup -a 'filter="*mem*"' --tree /tmp/facts
192.168.50.153 | SUCCESS => {
"ansible_facts": {
"ansible_memfree_mb": 160,
"ansible_memory_mb": {
"nocache": {
"free": 693,
"used": 281
},
"real": {
"free": 160,
"total": 974,
"used": 814
},
"swap": {
"cached": 0,
"free": 2047,
"total": 2047,
"used": 0
}
},
"ansible_memtotal_mb": 974,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.50.154 | SUCCESS => {
"ansible_facts": {
"ansible_memfree_mb": 166,
"ansible_memory_mb": {
"nocache": {
"free": 689,
"used": 285
},
"real": {
"free": 166,
"total": 974,
"used": 808
},
"swap": {
"cached": 0,
"free": 2047,
"total": 2047,
"used": 0
}
},
"ansible_memtotal_mb": 974,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
然后,去查看一下:
# cd /tmp/facts/
# ls
192.168.50.153 192.168.50.154
# cat 192.168.50.153
{"ansible_facts": {"ansible_memfree_mb": 160, "ansible_memory_mb": {"nocache": {"free": 693, "used": 281}, "real": {"free": 160, "total": 974, "used": 814}, "swap": {"cached": 0, "free": 2047, "total": 2047, "used": 0}}, "ansible_memtotal_mb": 974, "discovered_interpreter_python": "/usr/bin/python"}, "changed": false}