Linux——Ansible安装及模块的使用

环境

ansible:192.168.1.20

web:192.168.1.11

nfs:192.168.1.10

rsync:192.168.1.12

关闭每一台服务器的防火墙和更改对应主机名

[root@ansible ~]# systemctl stop firewalld.service 
[root@ansible ~]# systemctl disable firewalld.service 
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@ansible ~]# setenforce 0

Linux图形化安装则nfs、rsync服务自动会安装,则最小化需要手动自己安装

1.部署ansible环境

1.安装ansible服务

(1)配置epel源

epel源(扩展包)

[root@ansible ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo  
--2020-07-13 13:46:48--  http://mirrors.aliyun.com/repo/epel-7.repo
正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)... 1.71.146.244, 1.71.146.238, 1.71.146.239, ...
正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|1.71.146.244|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:664 [application/octet-stream]
正在保存至: “/etc/yum.repos.d/epel.repo”

100%[===============================================>] 664         --.-K/s 用时 0s      

2020-07-13 13:46:48 (279 MB/s) - 已保存 “/etc/yum.repos.d/epel.repo” [664/664])

linux镜像源(组包)

[root@ansible ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
--2020-07-13 13:47:34--  http://mirrors.aliyun.com/repo/Centos-7.repo
正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)... 1.71.146.248, 1.71.146.244, 1.71.146.240, ...
正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|1.71.146.248|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:2523 (2.5K) [application/octet-stream]
正在保存至: “/etc/yum.repos.d/CentOS-Base.repo”

100%[===============================================>] 2,523       --.-K/s 用时 0s      

2020-07-13 13:47:34 (718 MB/s) - 已保存 “/etc/yum.repos.d/CentOS-Base.repo” [2523/2523])

(2)安装ansible

[root@ansible ~]#  yum -y install ansible
[root@ansible ~]#  ansible --version    //查看ansible的版本

2.ansible的配置清单

[root@ansible ~]# vim /etc/ansible/hosts 
......
[web]
192.168.1.11
[nfs]
192.168.1.10
[rsync]
192.168.1.12

[benet:children]
web
nfs
rsync
[root@ansible ~]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.20 ansible
192.168.1.11 web
192.168.1.10 nfs
192.168.1.12 rsync
[root@ansible conf]# ansible benet -m copy -a "src=/etc/hosts dest=/etc/ backup=yes"   #配置清单发送到每一台服务器

3.在ansible上配置ssh秘钥对访问

[root@ansible ~]# ssh-keygen -t rsa   //此处直接回车,则真是环境中不可!
[root@ansible ~]# ssh-copy-id  [email protected]
[root@ansible ~]# ssh-copy-id  [email protected]
The authenticity of host '192.168.1.11 (192.168.1.11)' can't be established.
ECDSA key fingerprint is 7f:30:80:bd:ee:46:9e:2f:2a:84:61:b3:44:ec:f6:3f.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:   //输入192.168.1.11主机的root密码

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@ansible ~]# ssh-copy-id  [email protected]
[root@ansible ~]# ssh-copy-id  [email protected]

2.如何使用ansible模块

2.1 调用

调用模块颜色显示:

  • 翔黄色 更改成功
  • 帽绿色 没有更改
  • 深红色 错误
  • 亮紫色 警告

列出所有模块

[root@ansible ~]# ansible-doc --list
fortios_router_community_list                                 Configure community li...
azure_rm_devtestlab_info                                      Get Azure DevTest Lab ...
ecs_taskdefinition                                            register a task defini...
avi_alertscriptconfig                                         Module for setup of Al...
tower_receive                                                 Receive assets from An...
netapp_e_iscsi_target                                         NetApp E-Series manage...
azure_rm_acs                                                  Manage an Azure Contai...
fortios_log_syslogd2_filter                                   Filters for remote sys...
......

2.2 command模块

command :仅支持简单语法命令,但语句中不能包含管道符等复杂元素

[root@ansible ~]# ansible web -m command -a "hostname"  //查看web主机的主机名
192.168.1.11 | CHANGED | rc=0 >>
web
[root@ansible ~]# ansible web -m command -a "useradd zhangsan"//在web主机创建一个张三用户
192.168.1.11 | CHANGED | rc=0 >>

2.3 shell模块

shell :command升级版,支持复杂语句,但不支持别名

[root@ansible ~]# ansible  web -m shell -a "echo 123 | passwd --stdin zhangsan" //给张三用户添加密码
192.168.1.11 | CHANGED | rc=0 >>
更改用户 zhangsan 的密码 。
passwd:所有的身份验证令牌已经成功更新。

2.4 yum模块

yum:远程安装可需软件

PS : name 安装的软件包名,多个软件","分开

state 服务状态

  • installed,present 安装软件包(二选一)
  • removed,absent 卸载软件包(二选一)
  • latest 安装最新软件包
[root@ansible ~]# ansible web -m yum -a "name=httpd state=installed"  //给web主机安装httpd服务
192.168.1.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "changes": {
        "installed": [
            "httpd"
        ]
    }, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.163.com\n * updates: mirrors.163.com\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-93.el7.centos will be installed\n--> Processing Dependency: httpd-tools = 2.4.6-93.el7.centos for package: httpd-2.4.6-93.el7.centos.x86_64\n--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-93.el7.centos.x86_64\n--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-93.el7.centos.x86_64\n--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-93.el7.centos.x86_64\n--> Running transaction check\n---> Package apr.x86_64 0:1.4.8-5.el7 will be installed\n---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed\n---> Package httpd-tools.x86_64 0:2.4.6-93.el7.centos will be installed\n---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package            Arch          Version                     Repository   Size\n================================================================================\nInstalling:\n httpd              x86_64        2.4.6-93.el7.centos         base        2.7 M\nInstalling for dependencies:\n apr                x86_64        1.4.8-5.el7                 base        103 k\n apr-util           x86_64        1.5.2-6.el7                 base         92 k\n httpd-tools        x86_64        2.4.6-93.el7.centos         base         92 k\n mailcap            noarch        2.1.41-2.el7                base         31 k\n\nTransaction Summary\n================================================================================\nInstall  1 Package (+4 Dependent packages)\n\nTotal download size: 3.0 M\nInstalled size: 10 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal                                              520 kB/s | 3.0 MB  00:05     \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n  Installing : apr-1.4.8-5.el7.x86_64                                       1/5 \n  Installing : apr-util-1.5.2-6.el7.x86_64                                  2/5 \n  Installing : httpd-tools-2.4.6-93.el7.centos.x86_64                       3/5 \n  Installing : mailcap-2.1.41-2.el7.noarch                                  4/5 \n  Installing : httpd-2.4.6-93.el7.centos.x86_64                             5/5 \n  Verifying  : apr-1.4.8-5.el7.x86_64                                       1/5 \n  Verifying  : httpd-tools-2.4.6-93.el7.centos.x86_64                       2/5 \n  Verifying  : mailcap-2.1.41-2.el7.noarch                                  3/5 \n  Verifying  : httpd-2.4.6-93.el7.centos.x86_64                             4/5 \n  Verifying  : apr-util-1.5.2-6.el7.x86_64                                  5/5 \n\nInstalled:\n  httpd.x86_64 0:2.4.6-93.el7.centos                                            \n\nDependency Installed:\n  apr.x86_64 0:1.4.8-5.el7                     apr-util.x86_64 0:1.5.2-6.el7    \n  httpd-tools.x86_64 0:2.4.6-93.el7.centos     mailcap.noarch 0:2.1.41-2.el7    \n\nComplete!\n"
    ]
}

2.5 copy模块

copy:复制,备份

PS:

  • src 源文件路径
  • dest 目标文件路径
  • backup 覆盖到目标文件前,是否提前备份
  • content 添加文件内容
  • group 指定属组
  • owner 指定属主
  • mode 指定权限

案例:在ansible上远程配置rsync服务

(1)修改rsync配置文件,并传递到rsync服务器

[root@ansible ~]# mkdir /etc/ansible/conf
[root@ansible ~]# cd /etc/ansible/conf/
[root@ansible conf]# cp /etc/rsyncd.conf ./
[root@ansible conf]# vim rsyncd.conf 
uid = nobody
gid = nobody
port 873
address = 192.168.1.114
hosts allow = 192.168.1.0/24
max connections = 4
pid file = /var/run/rsyncd.pid
timeout = 900
dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
[backup]
		path = /backup
		read only = no
		auth users = rsync_backup
		secrets file = /etc/rsync.password 
[root@ansible conf]# ansible rsync -m copy -a "src=rsyncd.conf dest=/etc/rsyncd.conf backup=yes //从ansible服务器吧配置文件更新带rsync服务器上

(2)启动rsync服务

[root@ansible conf]# ansible rsync -m shell -a "rsync --daemon"
192.168.1.12 | CHANGED | rc=0 >>

(3)创建目录,并赋权,更改属主属组

[root@ansible conf]# ansible rsync -m file -a "path=/backup owner=root group=root recurse=yes mode=777"
192.168.1.12 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "path": "/backup", 
    "secontext": "unconfined_u:object_r:default_t:s0", 
    "size": 6, 
    "state": "directory", 
    "uid": 0
}

(4)配置rsync服务器的密码文件

[root@ansible conf]# ansible rsync -m copy -a "content='rsync_backup:1' dest=/etc/rsync.password owner=root group=root mode=600"  //创建密码文件
192.168.1.12 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "checksum": "c6e45d8d2843493d4eb37947d3a9f8df32079196", 
    "dest": "/etc/rsync.password", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "70a0afc63f084920453ac5ac3e2d733f", 
    "mode": "0600", 
    "owner": "root", 
    "secontext": "system_u:object_r:etc_t:s0", 
    "size": 14, 
    "src": "/root/.ansible/tmp/ansible-tmp-1594620957.96-17194-94281822352149/source", 
    "state": "file", 
    "uid": 0
}
[root@ansible conf]# ansible rsync -m shell -a "ls -l /etc/rsync.password"
192.168.1.12 | CHANGED | rc=0 >>
-rw-------. 1 root root 14 7月  13 14:15 /etc/rsync.password
[root@ansible conf]# ansible rsync -m shell -a "cat /etc/rsync.password"  //cat查看
192.168.1.12 | CHANGED | rc=0 >>   
rsync_backup:1

(5)配置所有服务器的rsync连接密码文件

[root@ansible conf]# ansible benet -m copy -a "content='1' dest=/etc/pass owner=root group=root mode=600"
192.168.1.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "checksum": "356a192b7913b04c54574d18c28d46e6395428ab", 
    "dest": "/etc/pass", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "c4ca4238a0b923820dcc509a6f75849b", 
    "mode": "0600", 
    "owner": "root", 
    "secontext": "system_u:object_r:etc_t:s0", 
    "size": 1, 
    "src": "/root/.ansible/tmp/ansible-tmp-1594621020.79-17272-130970975871845/source", 
    "state": "file", 
    "uid": 0
}

(6)测试:备份WEB的httpd.conf配置文件

root@ansible conf]# ansible web -m shell -a "rsync  -avz --password-file=/etc/pass /etc/httpd/conf/httpd.conf  rsync_backup@web::backup"
192.168.1.21 | CHANGED | rc=0 >>
sending incremental file list
httpd.conf

sent 4,622 bytes  received 43 bytes  1,866.00 bytes/sec
total size is 11,753  speedup is 2.52

此处备份如果出rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1179) [sender=3.1.2]这个错误请更改rsync的用户!

[root@web backup]# cat /etc/rsyncd.conf
uid = root
gid = root

(7)rsync服务器验证

[root@rsync ~]# cd /backup/
[root@rsync backup]# ls
httpd.conf

5.6 service模块

PS

  • name 指定服务名
  • state 指定服务运行状态
  • started 开启服务
  • stopped 关闭服务
  • reloaded 重载服务
  • restarted 重启服务
  • enabled 是否开机自启
[root@ansible ~]# ansible web -m service -a "name=httpd state=stopped" //将web主机的htppd服务关闭
192.168.1.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "name": "httpd", 
    "state": "stopped", 
    "status": {
        "ActiveEnterTimestamp": "一 2020-07-13 22:49:14 CST", 
        "ActiveEnterTimestampMonotonic": "3573087026", 
        "ActiveExitTimestampMonotonic": "0", 
        "ActiveState": "active", 
        "After": "basic.target network.target remote-fs.target nss-lookup.target system.slice tmp.mount systemd-journald.socket -.mount", 
        "AllowIsolate": "no", 
   .......
    }
}

2.7 group模块

(1)在所有清单主机上创建组www, gid 666

[root@ansible ~]# ansible all -m group -a "name=www gid=666"
192.168.1.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "gid": 666, 
    "name": "www", 
    "state": "present", 
    "system": false
}
192.168.1.12 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "gid": 666, 
    "name": "www", 
    "state": "present", 
    "system": false
}
192.168.1.10 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "gid": 666, 
    "name": "www", 
    "state": "present", 
    "system": false
}

(2)在所有清单主机删除组www

[root@ansible ~]# ansible all -m group -a "name=www gid=666 state=absent"
192.168.1.12 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "name": "www", 
    "state": "absent"
}
192.168.1.10 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "name": "www", 
    "state": "absent"
}
192.168.1.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "name": "www", 
    "state": "absent"
}

2.8 user模块

(1)创建用户wangwu

[root@ansible ~]# ansible web -m user -a "name=wangwu"
192.168.1.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1002, 
    "home": "/home/wangwu", 
    "name": "wangwu", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 1002
}

(2)给wangwu用户创建密码

[root@ansible ~]# ansible web -m shell -a "echo 123 | passwd --stdin wangwu"
192.168.1.11 | CHANGED | rc=0 >>
更改用户 wangwu 的密码 。
passwd:所有的身份验证令牌已经成功更新。

2.9 file模块

(1)创建目录,并赋权,更改属主属组

[root@ansible ~]# ansible rsync -m file -a "path=/www owner=root group=root recurse=yes mode=777"
192.168.1.12 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "path": "/www", 
    "secontext": "unconfined_u:object_r:default_t:s0", 
    "size": 6, 
    "state": "directory", 
    "uid": 0
}

(2)创建文件

[root@ansible ~]# ansible rsync -m file -a "path=/test.txt owner=root group=root state=touch  mode=777"
192.168.1.12 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "dest": "/test.txt", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "secontext": "unconfined_u:object_r:etc_runtime_t:s0", 
    "size": 0, 
    "state": "file", 
    "uid": 0
}

2.10 mount模块

(1)给nfs服务器创建目录并赋予权限更改主属组

[root@ansible ~]# ansible nfs -m file -a "path=/nfs owner=root group=root recurse=yes mode=777"
192.168.1.10 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "path": "/nfs", 
    "secontext": "unconfined_u:object_r:default_t:s0", 
    "size": 6, 
    "state": "directory", 
    "uid": 0
}

(2)添加文件,并发送到nfs服务器,然后重启nfs服务器

[root@ansible ~]# vim exports   //添加文件
/nfs 192.168.1.0/24(rw,sync,no_root_squash)
[root@ansible ~]# ansible nfs -m copy -a "src=exports dest=/etc/exports" //发送到nfs服务器
192.168.1.10 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "checksum": "46637c93837f10d5236bc71b94bd1386cbf5b933", 
    "dest": "/etc/exports", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "ea7e8d2d211a224a69c235939f7ddad8", 
    "mode": "0644", 
    "owner": "root", 
    "secontext": "system_u:object_r:exports_t:s0", 
    "size": 44, 
    "src": "/root/.ansible/tmp/ansible-tmp-1594652379.81-60723-176410814302504/source", 
    "state": "file", 
    "uid": 0
}
[root@ansible ~]# ansible nfs -m service -a "name=nfs state=restarted" /重启nfs服务
192.168.1.10 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
   ......
    }
}
[root@ansible ~]# ansible nfs -m service -a "name=rpcbind state=restarted"  //重启rpcbind服务
192.168.1.10 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    ...... 
    }
}

(3)挂载web下的/var/www/html到nfs服务器的nfs目录

PS

state 挂载状态

  • mounted 挂载
  • unmounted 卸载
[root@ansible ~]# ansible web -m mount -a "src=192.168.1.10:/nfs path=/var/www/html fstype=nfs state=mounted"
192.168.1.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "dump": "0", 
    "fstab": "/etc/fstab", 
    "fstype": "nfs", 
    "name": "/var/www/html", 
    "opts": "defaults", 
    "passno": "0", 
    "src": "192.168.1.10:/nfs"
}

2.11 script模块

在ansible上编写任意测试脚本

[root@ansible ~]# vim ww.sh  //编写脚本
#!/bin/bash
df -hT
[root@ansible ~]# ansible web -m script -a "/root/ww.sh"   //查看web主机的挂载情况
192.168.1.11 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.1.11 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to 192.168.1.11 closed."
    ], 
    "stdout": "文件系统                类型      容量  已用  可用 已用% 挂载点\r\n/dev/mapper/centos-root xfs        17G  1.2G   16G    7% /\r\ndevtmpfs                devtmpfs  898M     0  898M    0% /dev\r\ntmpfs                   tmpfs     910M     0  910M    0% /dev/shm\r\ntmpfs                   tmpfs     910M  9.6M  901M    2% /run\r\ntmpfs                   tmpfs     910M     0  910M    0% /sys/fs/cgroup\r\n/dev/sda1               xfs      1014M  146M  869M   15% /boot\r\ntmpfs                   tmpfs     182M     0  182M    0% /run/user/0\r\n192.168.1.10:/nfs       nfs4       17G  1.2G   16G    7% /var/www/html\r\n", 
    "stdout_lines": [
        "文件系统                类型      容量  已用  可用 已用% 挂载点", 
        "/dev/mapper/centos-root xfs        17G  1.2G   16G    7% /", 
        "devtmpfs                devtmpfs  898M     0  898M    0% /dev", 
        "tmpfs                   tmpfs     910M     0  910M    0% /dev/shm", 
        "tmpfs                   tmpfs     910M  9.6M  901M    2% /run", 
        "tmpfs                   tmpfs     910M     0  910M    0% /sys/fs/cgroup", 
        "/dev/sda1               xfs      1014M  146M  869M   15% /boot", 
        "tmpfs                   tmpfs     182M     0  182M    0% /run/user/0", 
        "192.168.1.10:/nfs       nfs4       17G  1.2G   16G    7% /var/www/html"
    ]
}

你可能感兴趣的:(Linux系列,linux)