大型架构及配置技术(ansible)

ansible

安装6台虚拟机2G内存20G硬盘

1 ansible 192.168.6.10 管理机器

2 web1 192.168.6.11 托管机器

3 web2 192.168.6.12 托管机器

4 db1 192.168.6.21 托管机器

5 db2 192.168.6.22 托管机器

6 cache 192.168.6.33 托管机器

 

ansible:主机上配置 ip 与主机名对应关系 /etc/hosts

cd /etc/libvirt/qemu/

sed 's/demo/nodeX/' demo.xml > /etc/libvirt/qemu/nodeX.xml

ls node{9..15}.xml

cd /var/lib/libvirt/images

qemu-img create -b node.qcow2 -f qcow2 nodeX.img 20G

ls node{9..15}.img

vim /etc/libvirt/qemu/nodeX.xml

virsh define /etc/libvirt/qemu/nodeX.xml

virsh start nodex

virsh

vim /etc/sysconfig/network-scripts/ifcfg-eth0

# Generated by dracut initrd

DEVICE=eth0

ONBOOT=yes

IPV6INIT=no

BOOTPROTO=static

IPADDR=192.168.6.X

PREFIX=24

TYPE=Ethernet

halt -p

ifconfig

lsblk

hostnamectl set-hostname hostname

vim /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.6.10 ansible

192.168.6.11 web1

192.168.6.12 web2

192.168.6.21 db1

192.168.6.22 db2

192.168.6.33 cache

[root@ansible ~]# ssh-keygen

[root@ansible ~]# ssh-copy-id web1

[root@ansible ~]# ssh-copy-id web2

[root@ansible ~]# ssh-copy-id db1

[root@ansible ~]# ssh-copy-id db2

[root@ansible ~]# ssh-copy-id cache

测试:

[root@ansible ~]# ssh web1

[root@ansible ~]# ssh web2

[root@ansible ~]# ssh db1

[root@ansible ~]# ssh db2

[root@ansible ~]# ssh cache

[root@web1 ~]#

 

为什么要选择ansible

选择一款配置管理软件总的来说,无外乎从以下几点来权衡利弊

活跃度(社区活跃度)

学习成本

使用成本

编码语言

性能

使用是否广泛

 

ansible优点

是仅需要ssh和Python即可使用

无客户端

ansible功能强大,模块丰富

上手容易门槛低

基于python开发,做二次开发更容易

使用公司比较多,社区活跃

ansible特性

模块化设计,调用特定的模块来完成特定任务

ansible安装

 

[root@rootroom9pc01 public]# mv '/root/桌面/软件包及课间/李老师/ARCHITECTURE/architecture 01/ansible/ansible 1/ansible_soft.tar.xz' ./

[root@rootroom9pc01 public]# ls

ansible_soft.tar.xz

[root@rootroom9pc01 public]# pwd

/var/ftp/public

[root@rootroom9pc01 public]#

[root@rootroom9pc01 public]# ls

ansible_soft

[root@rootroom9pc01 public]# cd ansible_soft/

[root@rootroom9pc01 ansible_soft]# ls

ansible-2.4.2.0-2.el7.noarch.rpm python-paramiko-2.1.1-4.el7.noarch.rpm

python2-jmespath-0.9.0-3.el7.noarch.rpm python-passlib-1.6.5-2.el7.noarch.rpm

python-httplib2-0.9.2-1.el7.noarch.rpm sshpass-1.06-2.el7.x86_64.rpm

[root@rootroom9pc01 ansible_soft]# createrepo .

Spawning worker 0 with 2 pkgs

Spawning worker 1 with 2 pkgs

Spawning worker 2 with 1 pkgs

Spawning worker 3 with 1 pkgs

Workers Finished

Saving Primary metadata

Saving file lists metadata

Saving other metadata

Generating sqlite DBs

Sqlite DBs complete

[root@rootroom9pc01 ansible_soft]# ls

ansible-2.4.2.0-2.el7.noarch.rpm python-passlib-1.6.5-2.el7.noarch.rpm

python2-jmespath-0.9.0-3.el7.noarch.rpm repodata

python-httplib2-0.9.2-1.el7.noarch.rpm sshpass-1.06-2.el7.x86_64.rpm

python-paramiko-2.1.1-4.el7.noarch.rpm

 

 

[root@ansible yum.repos.d]# vim local.repo

[local_public]

name=CentOS public

baseurl=ftp://192.168.6.254/public/ansible_soft

enabled=1

gpgcheck=0

 

[root@ansible yum.repos.d]# cd

[root@ansible ~]# yum -y install ansible

[root@ansible ~]# ansible --version

ansible 2.4.2.0

 

主机定义与分组

[root@ansible ~]# vim /etc/ansible/hosts

[web]

web1

web2

[db]

db1

db2

[other]

192.168.6.33

 

[root@ansible ~]# ansible web --list-hosts

hosts (2):

web1

web2

[root@ansible ~]# ansible db --list-hosts

hosts (2):

db1

db2

[root@ansible ~]# ansible other --list-hosts

hosts (1):

192.168.6.33

 

[root@ansible ~]# ansible web -m ping

web1 | SUCCESS => {

"changed": false,

"ping": "pong"

}

web2 | SUCCESS => {

"changed": false,

"ping": "pong"

}

 

 

inventory 参数

[root@cache ~]# rm -rf /root/.ssh/authorized_keys

[root@ansible ~]# ansible other -m ping

192.168.6.33 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",

"unreachable": true

}

 

[root@ansible ~]# vim /etc/ansible/hosts

[other]

192.168.6.33 ansible_ssh_user="root" ansible_ssh_pass="123456"

 

[root@ansible ~]# ansible other -m ping

192.168.6.33 | SUCCESS => {

"changed": false,

"ping": "pong"

}

 

分组配置

[root@ansible ~]# ansible web -m ping

web2 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",

"unreachable": true

}

web1 | UNREACHABLE! => {

"changed": false,

"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",

"unreachable": true

}

 

 

 

[root@web1 ~]# rm -rf /root/.ssh/authorized_keys

[root@web2 ~]# rm -rf /root/.ssh/authorized_keys

[root@ansible ~]# vim /etc/ansible/hosts

[web]

web1

web2

[web:vars]

ansible_ssh_user="root"

ansible_ssh_pass="123456"

 

[root@ansible ~]# ansible web -m ping

web1 | SUCCESS => {

"changed": false,

"ping": "pong"

}

web2 | SUCCESS => {

"changed": false,

"ping": "pong"

}

 

缓存

[root@ansible ~]# rm -rf /root/.ansible/cp/

 

子组定义

[root@ansible ~]# vim /etc/ansible/hosts

[app:children]

web

db

[root@ansible ~]# ansible app --list-hosts

hosts (4):

web1

web2

db1

db2

 

自定义分组文件

复制默认的配置

[root@ansible ~]# vim /etc/ansible/ansible.cfg

[defaults]

 

# some basic default values...

 

#inventory = /etc/ansible/hosts

 

 

 

[root@ansible ~]# cd /var

[root@ansible var]# mkdir ooxx

[root@ansible var]# cd ooxx/

[root@ansible ooxx]# touch ansible.cfg

[root@ansible ooxx]# ls

ansible.cfg

[root@ansible ooxx]# vim /etc/ansible/ansible.cfg

[root@ansible ooxx]# vim ansible.cfg

[root@ansible ooxx]# touch myhosts

[root@ansible ooxx]# vim myhosts

[root@ansible ooxx]# ansible app --list-hosts

hosts (5):

web1

db1

web2

db2

cache

[root@ansible ooxx]# ls

ansible.cfg myhosts

[root@ansible ooxx]# cat ansible.cfg

[defaults]

 

# some basic default values...

 

inventory = myhosts

 

[root@ansible ooxx]# cat myhosts

[app1]

web1

db1

 

 

[app2]

web2

db2

cache

 

[app:children]

app1

app2

 

 

[root@ansible ooxx]# vim /etc/ansible/ansible.cfg

[defaults]

 

# some basic default values...

 

#inventory = /etc/ansible/hosts

 

动态主机

无限可能

Ansible Inventory实际上是包含静态Inventory和动态Inventory两部分,

静态Inventory指的是在文件/etc/ansible/hosts中指定的主机和组,Dynamic

Inventory指通过外部脚本获取主机列表,并按照ansible所要求的格式

返回给ansible命令的。

 

[root@ansible /]# cd /var/ooxx/

[root@ansible ooxx]# vim aaa

 

 

#!/bin/bash

 

echo '

{

"web" : ["web1","web2"],

"db" : ["db1","db2"],

"other" : ["cache"]

 

 

}'

 

[root@ansible ooxx]# ls

aaa ansible.cfg myhosts

[root@ansible ooxx]# cat ansible.cfg

[defaults]

 

# some basic default values...

 

#inventory = myhosts

inventory = aaa

 

ansible命令基础

• ansible [options]

– host-pattern 主机戒定义的分组

– -M 指定模块路径

– -m 使用模块,默认 command 模块

– -a or --args 模块参数

– -i inventory 文件路径,戒可执行脚本

– -k 使用交亏式登彔密码

– -e 定义变量

– -v 详绅信息,-vvvv 开吭 debug 模式

 

[root@ansible ooxx]# cd /etc/ansible/

[root@ansible ansible]# ansible all -m command -a 'uptime' -k

SSH password:

web1 | SUCCESS | rc=0 >>

22:34:05 up 4:56, 2 users, load average: 0.00, 0.01, 0.02

 

db2 | SUCCESS | rc=0 >>

22:34:05 up 4:50, 2 users, load average: 0.00, 0.01, 0.04

 

192.168.6.33 | SUCCESS | rc=0 >>

22:34:05 up 4:48, 2 users, load average: 0.00, 0.01, 0.03

 

db1 | SUCCESS | rc=0 >>

22:34:06 up 4:52, 2 users, load average: 0.00, 0.01, 0.03

 

web2 | SUCCESS | rc=0 >>

22:34:05 up 4:54, 2 users, load average: 0.00, 0.01, 0.04

 

批量部署证书文件

• 每次交亏输入密码比较麻烦

• 密码写入配置文件安全性很差

• 丌同主机丌同密码,配置文件要上天

• 使用 key 方式认证,是一个丌错的选择

• 给所有主机部署公钥

[root@ansible .ssh]# pwd

/root/.ssh

[root@ansible .ssh]# ls

id_rsa id_rsa.pub known_hosts

[root@ansible .ssh]# ansible all -m authorized_key -a "user=root exclusive=true manage_dir=true key='$(< /root/.ssh/id_rsa.pub)'" -k

 

动态主机

无限可能

Ansible Inventory实际上是包含静态Inventory和动态Inventory两部分,

静态Inventory指的是在文件/etc/ansible/hosts中指定的主机和组,Dynamic

Inventory指通过外部脚本获取主机列表,并按照ansible所要求的格式

返回给ansible命令的。

 

[root@ansible /]# cd /var/ooxx/

[root@ansible ooxx]# vim aaa

 

 

#!/bin/bash

 

echo '

{

"web" : ["web1","web2"],

"db" : ["db1","db2"],

"other" : ["cache"]

 

 

}'

 

[root@ansible ooxx]# ls

aaa ansible.cfg myhosts

[root@ansible ooxx]# cat ansible.cfg

[defaults]

 

# some basic default values...

 

#inventory = myhosts

inventory = aaa

 

ansible命令基础

• ansible [options]

– host-pattern 主机戒定义的分组

– -M 指定模块路径

– -m 使用模块,默认 command 模块

– -a or --args 模块参数

– -i inventory 文件路径,戒可执行脚本

– -k 使用交亏式登彔密码

– -e 定义变量

– -v 详绅信息,-vvvv 开吭 debug 模式

 

[root@ansible ooxx]# cd /etc/ansible/

[root@ansible ansible]# ansible all -m command -a 'uptime' -k

SSH password:

web1 | SUCCESS | rc=0 >>

22:34:05 up 4:56, 2 users, load average: 0.00, 0.01, 0.02

 

db2 | SUCCESS | rc=0 >>

22:34:05 up 4:50, 2 users, load average: 0.00, 0.01, 0.04

 

192.168.6.33 | SUCCESS | rc=0 >>

22:34:05 up 4:48, 2 users, load average: 0.00, 0.01, 0.03

 

db1 | SUCCESS | rc=0 >>

22:34:06 up 4:52, 2 users, load average: 0.00, 0.01, 0.03

 

web2 | SUCCESS | rc=0 >>

22:34:05 up 4:54, 2 users, load average: 0.00, 0.01, 0.04

 

批量部署证书文件

• 每次交亏输入密码比较麻烦

• 密码写入配置文件安全性很差

• 丌同主机丌同密码,配置文件要上天

• 使用 key 方式认证,是一个丌错的选择

• 给所有主机部署公钥

[root@ansible .ssh]# pwd

/root/.ssh

[root@ansible .ssh]# ls

id_rsa id_rsa.pub known_hosts

[root@ansible .ssh]# ansible all -m authorized_key -a "user=root exclusive=true manage_dir=true key='$(< /root/.ssh/id_rsa.pub)'" -k

 

[root@ansible ansible]# vim ansible.cfg

[root@ansible ansible]# pwd

/etc/ansible

#host_key_checking = False

 

 

 

[root@ansible ooxx]# vim ansible.cfg

[root@ansible ooxx]# pwd

/var/ooxx

[defaults]

 

# some basic default values...

 

#inventory = myhosts

inventory = aaa

host_key_checking = False

 

[root@ansible .ssh]# rm -rf id_rsa.pub

[root@ansible ~]# ssh-keygen

[root@ansible .ssh]# cd /var/ooxx/

[root@ansible ooxx]# ansible all -m authorized_key -a "user=root exclusive=true manage_dir=true key='$(< /root/.ssh/id_rsa.pub)'" -k

-bash: /root/.ssh/id_rsa.pub: 没有那个文件或目录

SSH password:

 

 

模块

ansible-doc

模块的手册,相当于shell的man

ansible-doc -l 列出所有模块

ansible-doc modulename 查看帮助

ping模块

测试网络连通性,ping模块没有参数

注:测试ssh的连通性

ansible host-pattern -m ping

 

ansible-doc -l | grep shell

[root@ansible ~]# ansible-doc shell

 

[root@ansible ~]# ansible web -m ping

web2 | SUCCESS => {

"changed": false,

"ping": "pong"

}

web1 | SUCCESS => {

"changed": false,

"ping": "pong"

 

 

command模块

默认模块,远程执行命令

用法

[root@ansible ~]# ansible other -m command -a 'uptime >/tmp/a.log'

[root@ansible ~]# pstree -p

├─sshd(677)───sshd(820)───bash(822)───pstree(4726) //与bash相关的操作会失败,比如重定项 ps -ef | grep ssh & metacharacter

A character that, when unquoted, separates words. One of the following:

| & ; ( ) < > space tab 只在ssh进程中执行

 

[root@ansible ~]# man bash

 

[root@ansible ~]# /bin/ls //ansible可执行硬盘上有的可执行文件

anaconda-ks.cfg ifcfg-eth0 RPM-GPG-KEY-CentOS-7

 

模块

shell | raw 模块

shell模块用法基本和command一样,区别是shell模块通过/bin/sh进行执行命令,可以执行任意命令

 

raw模块,用法和shell 模块一样 ,可以执行任意命令

– 区别是 raw 没有chdir、creates、removes参数

ansible cache -m command -a 'chdir=/tmp touch f1'

ansible cache -m raw -a 'chdir=/tmp touch f2'

ansible cache -m shell -a 'chdir=/tmp touch f1'

 

//ansible:主机上配置ip与主机名对应关系 /etc/hosts

免密码登录:管理主机可以登录其他托管主机,无需密码

使用ansible 在 db1 db2 主机上批量创建用户zhang3

257 ansible db1 -m shell -a 'useradd zhang3'

258 ansible db2 -m shell -a 'useradd zhang3'

 

259 ansible db1 -m shell -a 'echo 123456 | passwd --stdin zhang3'

260 ansible db2 -m shell -a 'echo 123456 | passwd --stdin zhang3'

[root@ansible ~]# ansible db -m shell -a 'chage -d 0 zhang3'

 

script模块

给 app1分组添加用户li4

系统里没有zhang3用户就添加,如果zhang3存在就不添加

修改li4的默认密码123456

[root@ansible ooxx]# vim u.sh

#/bin/bash

id zhang3

if [ $? != 0 ];then

useradd li4

echo 123456 | passwd –stdin li4

fi

 

[root@ansible ooxx]# ansible db -m script -a './u.sh'

[root@ansible ooxx]# ssh db1

Last login: Fri Jul 27 00:27:56 2018 from 192.168.6.10

[root@db1 ~]# id li4

id: li4: no such user

[root@db1 ~]# id zhang3

uid=1000(zhang3) gid=1000(zhang3) 组=1000(zhang3)

[root@db1 ~]# exit

登出

Connection to db1 closed.

[root@ansible ooxx]# ssh db2

Last login: Fri Jul 27 00:27:55 2018 from 192.168.6.10

[root@db2 ~]# id zhang3

uid=1000(zhang3) gid=1000(zhang3) 组=1000(zhang3)

[root@db2 ~]# id li4

id: li4: no such user

[root@db2 ~]#

//与执行的目录有关

[root@ansible ooxx]# pwd

/var/ooxx

[root@ansible ooxx]# ls

aaa ansible.cfg myhosts u.sh

[root@ansible ooxx]#

[root@ansible ooxx]# cat aaa

#!/bin/bash

 

echo '

{

"web" : ["web1","web2"],

"db" : ["db1","db2"],

"other" : ["cache"]

 

 

}'

 

[root@ansible ooxx]# cat myhosts

[app1]

web1

db1

 

 

[app2]

web2

db2

cache

 

[app:children]

app1

app2

[root@ansible ooxx]# ls

aaa ansible.cfg myhosts u.sh

[root@ansible ooxx]# cat ansible.cfg

[defaults]

 

# some basic default values...

 

#inventory = myhosts

inventory = aaa //加载的路径

host_key_checking = False

 

copy 模块

– 复制文件到进程主机

 

– src:要复制到进程主机的文件在本地的地址,可以是

绝对路径,也可以是相对路径。如果路径是一个目彔,

它将递归复制。在这种情况下,如果路径使用"/"来结

尾,则只复制目彔里的内容,如果没有使用"/"来结尾,

则包含目彔在内的整个内容全部复制,类似亍rsync

– dest:必选项。进程主机的绝对路径,如果源文件是

一个目彔,那么该路径也必须是个目彔

 

[root@ansible ooxx]# cat /etc/resolv.conf

; generated by /usr/sbin/dhclient-script

nameserver 192.168.6.254

search localdomain

 

[root@ansible ooxx]# cp /etc/resolv.conf ./dns.conf

[root@ansible ooxx]# ls

aaa ansible.cfg dns.conf myhosts u.sh

[root@ansible ooxx]# vim dns.conf

; generated by /usr/sbin/dhclient-script

nameserver 192.168.4.254

search localdomain

 

[root@ansible ooxx]# cat aaa

#!/bin/bash

 

echo '

{

"web" : ["web1","web2"],

"db" : ["db1","db2"],

"other" : ["cache"]

 

 

}'

[root@ansible ooxx]# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.6.10 ansible

192.168.6.11 web1

192.168.6.12 web2

192.168.6.21 db1

192.168.6.22 db2

192.168.6.33 cache

[root@ansible ooxx]# ansible web -m copy -a 'src=./dns.conf dest=/etc/resolv.conf'

[root@ansible ooxx]# ansible web -m shell -a 'cat /etc/resolv.conf'

web2 | SUCCESS | rc=0 >>

; generated by /usr/sbin/dhclient-script

nameserver 192.168.4.254

search localdomain

 

web1 | SUCCESS | rc=0 >>

; generated by /usr/sbin/dhclient-script

nameserver 192.168.4.254

search localdomain

 

//copy只合适同步配置文件

 

lineinfile|replace 模块

类似sed的一种编辑替换模块

path目的文件

regexp正则表达式

line替换后的结果

[root@ansible ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0

# Generated by dracut initrd

DEVICE=eth0

ONBOOT=yes

IPV6INIT=no

BOOTPROTO=static

IPADDR=192.168.6.10

PREFIX=24

TYPE=Ethernet

 

//ONBOOT=yes-->no

[root@ansible ~]# ansible web -m shell -a 'grep ONBOOT /etc/sysconfig/network-scripts/ifcfg-eth0'

web1 | SUCCESS | rc=0 >>

ONBOOT=yes

 

web2 | SUCCESS | rc=0 >>

ONBOOT=yes

 

[root@ansible ~]# ansible web -m lineinfile -a 'path=/etc/sysconfig/network-scripts/ifcfg-eth0 regexp="^ONBOOT" line="ONBOOT=\"no\""'

web1 | SUCCESS => {

"backup": "",

"changed": true,

"msg": "line replaced"

}

web2 | SUCCESS => {

"backup": "",

"changed": true,

"msg": "line replaced"

 

[root@ansible ~]# ansible web -m shell -a 'grep ONBOOT /etc/sysconfig/network-scripts/ifcfg-eth0'

web1 | SUCCESS | rc=0 >>

ONBOOT="no"

 

web2 | SUCCESS | rc=0 >>

ONBOOT="no"

 

linefile 是删除整行后再重写这一行

replace 是只替换这一行匹配的字段

[root@ansible ~]# ansible web -m replace -a 'path=/etc/sysconfig/network-scripts/ifcfg-eth0 regexp="^(ONBOOT=).*" replace="\1\"yes\""'

web2 | SUCCESS => {

"changed": true,

"msg": "1 replacements made"

}

web1 | SUCCESS => {

"changed": true,

"msg": "1 replacements made"

}

[root@ansible ~]# ansible web -m shell -a 'grep ONBOOT /etc/sysconfig/network-scripts/ifcfg-eth0'

web2 | SUCCESS | rc=0 >>

ONBOOT="yes"

 

web1 | SUCCESS | rc=0 >>

ONBOOT="yes"

 

yum模块

使用yum包管理器来管理软件包

config_file:yum的配置文件

disable_gpg_check:关闭gpg_check

disablerepo:不启用某个源

(Choices: present, installed, latest, absent, removed)[Default: present]

Whether to install (`present' or `installed', `latest'), or remove (`absent' or

`removed') a package.

(Choices: present, , latest, absent, removed)[Default: present]

 

[root@ansible ~]# ansible web -m yum -a 'name=lftp state=removed'

[root@ansible ~]# ansible web -m yum -a 'name=lftp,lrzsz state=removed'

web1 | SUCCESS => {

"changed": false,

"msg": "",

"rc": 0,

"results": [

"lftp is not installed",

"lrzsz is not installed"

]

}

web2 | SUCCESS => {

"changed": false,

"msg": "",

"rc": 0,

"results": [

"lftp is not installed",

"lrzsz is not installed"

]

}

 

[root@ansible ~]# ansible web -m yum -a 'name=lftp,lrzsz state=installed'

 

service模块

[root@ansible ~]# ansible web -m service -a 'name="chronyd" enabled=no'

systemctl is-enabled chronyd

[root@ansible ~]# ansible web -m service -a 'name="chronyd" enabled="yes" state="started"'

 

[root@ansible ~]# ssh web1

Last login: Fri Jul 27 01:47:10 2018 from 192.168.6.10

[root@web1 ~]# systemctl is-enabled chronyd

enabled

[root@web1 ~]# systemctl status chronyd

● chronyd.service - NTP client/server

Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)

Active: active (running) since 四 2018-07-26 17:37:30 CST; 8h ago

 

 

 

[root@ansible ~]# ansible web -m service -a 'name="chronyd" enabled="no" state="stopped"'

[root@ansible ~]# ssh web1

Last login: Fri Jul 27 01:48:39 2018 from 192.168.6.10

[root@web1 ~]# systemctl status chronyd

● chronyd.service - NTP client/server

Loaded: loaded (/usr/lib/systemd/system/chronyd.service; disabled; vendor preset: enabled)

Active: inactive (dead)

 

[root@web1 ~]# systemctl is-enabled chronyd

disabled

 

 

[root@ansible ~]# ansible web -m yum -a 'name=httpd state=installed'

[root@ansible ~]# ansible web -m lineinfile -a 'path="/etc/httpd/conf/httpd.conf" regexp="^Listen" line="Listen 8080"'

[root@ansible ~]# ansible web -m service -a 'name="httpd" enabled=yes state=started'

[root@web1 ~]# systemctl is-enabled httpd

enabled

[root@web1 ~]# systemctl status httpd

● httpd.service - The Apache HTTP Server

Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)

Active: active (running) since 五 2018-07-27 01:59:27 CST; 7min ago

 

[root@web1 ~]# ss -tunlp | grep :80
tcp    LISTEN     0      128      :::8080                 :::*                   users:(("httpd",pid=5698,fd=4),("httpd",pid=5697,fd=4),("httpd",pid=5696,fd=4),("httpd",pid=5695,fd=4),("httpd",pid=5694,fd=4),("httpd",pid=5693,fd=4))

 

setup 模块

[root@ansible ~]# ansible web -m setup -a 'filter="ansible_os_family"'

web2 | SUCCESS => {

"ansible_facts": { //json输出

"ansible_os_family": "RedHat"

},

"changed": false

}

web1 | SUCCESS => {

"ansible_facts": {

"ansible_os_family": "RedHat"

},

"changed": false

 

 

 

 

 

 

 

你可能感兴趣的:(大型架构及配置技术(ansible))