Ansible 服务

Linux System Environment

[root@ansible ~]# cat /etc/redhat-release                      #==》系统版本

CentOS Linux release 7.5.1804 (Core)

[root@ansible ~]# uname –r                                     #==》系统内核

3.10.0-862.el7.x86_64

[root@ansible ~]# uname -m                                     #==》系统位数

x86_64

[root@ansible ~]# echo $LANG                                   #==》系统字符集

en_US.UTF-8

[root@ansible ~]# ssh –V                                       #==》SSH版本

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@master ~]# ansible –version                              #==》Ansible版本
ansible 2.4.2.0
[root@master ~]# python –version                               #==》Python版本
Python 2.7.5

Ansible简介

 Ansible是python中的一套模块，系统中的一套自动化工具，只需要配置SSH免密登陆即可用来管理系统、自动化执行命令等任务。Ansible已被红帽收购。

Ansible Function

1、批量命令执行
2、批量安装服务
3、批量配置同步
4、批量任务执行
5、批量代码部署

Ansible Note

1、配置文件/etc/ansible/ansible.cfg（通常不需要配置）
2、不需要启动服务
3、客户端没有需要安装任务Ansible客户端软件（python与 SSH系统默认已经安装）
4、Ansible官方文档地址 [https://docs.ansible.com/](https://docs.ansible.com/)
5、Ansible通过SSH服务进行批量管理，ansible架设前提是SSH服务密钥验证要配置好
6、Ansible 执行的命令能避免重复执行修改或更改的操作

Ansible 命令格式

ansible    -m    -a  “”

Ansible 主机清单配置文件/etc/ansible/hosts

1、主机支持主机名通配以及正则表达式，例如web[1:3].oldboy.com代表三台主机
2、主机支持基于非标准的SSH端口，例如 web.oldboy.com:6666或172.16.1.31:6666
3、主机支持指定变量，可对个别主机的特殊配置，例如 登陆用户、密码
4、主机组支持指定变量[GroupName:vars]，同时支持嵌套组[game:children]

[root@ansible ~]# cat /etc/ansible/hosts
#==》主机组
[webserver01]
172.16.1.31
172.16.1.32
#==》主机+端口+密码
[webserver02]
10.0.0.31 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='123456'
10.0.0.32 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='123456'
#==》主机组定义了变量，变量是免密输入，默认22端口和root用户登陆
[webserver03]
10.0.0.31
10.0.0.32
[webserver03:vars]
ansible_ssh_pass='123456'

一、 Ansible安装

Ansible 命令输出颜色说明

1、绿色            #==》成功执行了命令操作，未做修改
2、红色            #==》执行失败
3、黄色            #==》成功执行了命令操作，做了修改
4、紫色            #==》警告信息
5、蓝色            #==》打印输出详细信息

主机规划

外网IP地址  内网IP地址      计算名       备注
10.0.0.30         172.16.1.30       ansible       SSH服务端（私钥），Ansible服务端
10.0.0.31         172.16.1.31       test01        SSH客户端（公钥），Ansible客户端
10.0.0.32         172.16.1.32       test02        SSH客户端（公钥），Ansible客户端

1、配置阿里云yum源

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum makecache

2、配置SSH免密登陆（此操作步骤省略，可查看相关文档）

https://www.jianshu.com/p/a64f76edc607

3、Ansible安装与配置
标注：yum安装ansible会自带把python安装（python系统默认已安装）

[root@ansible ~]# yum -y install ansible
[root@ansible ~]# rpm -qa ansible
ansible-2.8.2-1.el7.noarch
[root@ansible ~]# rpm -qc ansible
/etc/ansible/ansible.cfg                 #==》Ansible配置文件
/etc/ansible/hosts                       #==》Ansible主机清单（重点了解）

4、Ansible测试

[root@ansible ~]# ansible webserver01 -m ping 
172.16.1.32 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
172.16.1.31 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

二、Ansible常用模块

1、 ping模块
标注：ping模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/ping_module.html#ping-module

#==》测试Ansible主机与其它主机之间网络连通性
[root@ansible ~]# ansible webserver01 -m ping 
172.16.1.32 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
172.16.1.31 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

2、command模块
标注：command模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/command_module.html#command-module

[root@ansible ~]# ansible webserver01 -m command -a "hostname"
172.16.1.32 | CHANGED | rc=0 >>
test02
172.16.1.31 | CHANGED | rc=0 >>
test01

#==》不能执行特殊字符或一连串的命令
[root@ansible ~]# ansible webserver01 -m command -a "hostname;ifconfig"
172.16.1.32 | FAILED | rc=2 >>
[Errno 2] No such file or directory
172.16.1.31 | FAILED | rc=2 >>
[Errno 2] No such file or directory

3、shell模块
标注：shell模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/shell_module.html#shell-module

#==》shell模块功能是万能的，基本所有的命令都能执行，但有一些命令是不能执行，例如 awk命令
[root@ansible ~]# ansible webserver01 -m shell -a "hostname;hostname -I"
172.16.1.31 | CHANGED | rc=0 >>
test01
10.0.0.31 172.16.1.31 

172.16.1.32 | CHANGED | rc=0 >>
test02
10.0.0.32 172.16.1.32

#==》shell模块指定的命令如果有awk会无效
[root@ansible ~]# ansible webserver01 -m shell -a "hostname;ip a s eth0 | awk -F "[ /]+" 'NR==3{print $3}'"

4、copy模块
标注：copy模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/copy_module.html#copy-module

参数说明：
src     #==》源路径 
dest    #==》目标路径 
owner   #==》属主
group   #==》属组
mode    #==》文件权限

[root@ansible ~]# ansible webserver01 -m copy -a "src=/server/scripts/ssh_sent.sh dest=/mnt/ owner=root group=oldboy mode=0644"
172.16.1.32 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "checksum": "775164bc6f500d44af5ec0509149820811865268", 
    "dest": "/mnt/ssh_sent.sh", 
    "gid": 1000, 
    "group": "oldboy", 
    "md5sum": "80e8b575172fcd319e04c587ad8895c7", 
    "mode": "0644", 
    "owner": "root", 
    "size": 902, 
    "src": "/root/.ansible/tmp/ansible-tmp-1565070734.35-85675211898374/source", 
    "state": "file", 
    "uid": 0
}
[root@ansible ~]# ansible webserver01 -m shell -a "ls -l /mnt"
172.16.1.31 | CHANGED | rc=0 >>
total 4
-rw-r--r-- 1 root oldboy 902 Aug  6 13:52 ssh_sent.sh

5、file模块
标注：file模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/file_module.html#file-module

参数说明：

path    #==》文件或目录的路径
src     #==》源路径 
dest    #==》目标路径 
owner   #==》属主
group   #==》属组
mode    #==》文件权限
state   #==》文件状态

#==》修改远程主机组的文件属性
[root@ansible ~]# ansible webserver01 -m shell -a "ls -l /mnt"
172.16.1.31 | CHANGED | rc=0 >>
total 4
-rw-r--r-- 1 root oldboy 902 Aug  6 13:52 ssh_sent.sh
[root@ansible ~]# ansible webserver01 -m file -a "path=/mnt/ssh_sent.sh owner=oldboy group=oldboy mode=600"
172.16.1.32 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "gid": 1000, 
    "group": "oldboy", 
    "mode": "0600", 
    "owner": "oldboy", 
    "path": "/mnt/ssh_sent.sh", 
    "size": 902, 
    "state": "file", 
    "uid": 1000
}
[root@ansible ~]# ansible webserver01 -m shell -a "ls -l /mnt"
172.16.1.32 | CHANGED | rc=0 >>
total 4
-rw------- 1 oldboy oldboy 902 Aug  6 13:52 ssh_sent.sh

#==》远程创建软链接文件
[root@ansible ~]# ansible webserver01 -m file -a "src=/mnt/ssh_sent.sh dest=/mnt/ssh_sent_link.sh state=link"
172.16.1.31 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "dest": "/mnt/ssh_sent_link.sh", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "size": 16, 
    "src": "/mnt/ssh_sent.sh", 
    "state": "link", 
    "uid": 0
}
[root@ansible ~]# ansible webserver01 -m shell -a "ls -l /mnt"
172.16.1.32 | CHANGED | rc=0 >>
total 4
lrwxrwxrwx 1 root   root    16 Aug  6 14:15 ssh_sent_link.sh -> /mnt/ssh_sent.sh
-rw------- 1 oldboy oldboy 902 Aug  6 13:52 ssh_sent.sh

6、script模块
标注：script模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/script_module.html#script-module

#==》编写yum安装bash_completion（按Tab键自动补全命令）脚本
[root@ansible ~]# mkdir -p /server/scripts/
[root@ansible ~]# vim /server/scripts/yum_bash-com.sh 
#!/bin/bash
yum -y install bash-completion
[root@ansible ~]# ansible webserver01 -m script -a "/server/scripts/yum_bash-com.sh"
172.16.1.31 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 172.16.1.31 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to 172.16.1.31 closed."
    ], 
    "stdout": "Loaded plugins: fastestmirror\r\nLoading mirror speeds from cached hostfile\r\n * base: mirrors.aliyun.com\r\n * extras: mirrors.aliyun.com\r\n * updates: mirrors.aliyun.com\r\nPackage 1:bash-completion-2.1-6.el7.noarch already installed and latest version\r\nNothing to do\r\n", 
    "stdout_lines": [
        "Loaded plugins: fastestmirror", 
        "Loading mirror speeds from cached hostfile", 
        " * base: mirrors.aliyun.com", 
        " * extras: mirrors.aliyun.com", 
        " * updates: mirrors.aliyun.com", 
        "Package 1:bash-completion-2.1-6.el7.noarch already installed and latest version", 
        "Nothing to do"
    ]
}

7、cron模块
标注：cron模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/cron_module.html#cron-module

参数说明：

name        #==》指定定时任务名称（索引），这个任务名称很重要，一定要设置
minute      #==》分 
hour        #==》时
day         #==》日
month       #==》月
weekday     #==》周
job         #==》要执行的命令
state       #==》状态，absent取消任务，present生成任务(默认值)

[root@ansible ~]# ansible webserver01 -m cron -a 'minute=*/5 hour=*/2 day=10 month=*/2 weekday=* job="/bin/ls -l /etc"'
#==》如果没有指定name参数会警告提示
[DEPRECATION WARNING]: The 'name' parameter will be required in future releases.. This feature will be removed in version 2.12. Deprecation warnings can be 
disabled by setting deprecation_warnings=False in ansible.cfg.
172.16.1.32 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": [
        "uptime", 
        "None"
    ]
}
[root@ansible ~]# ansible webserver01 -m shell -a "crontab -l"
172.16.1.31 | CHANGED | rc=0 >>
#Ansible: uptime
*/5 */2 10 */2 * /usr/bin/uptime
#Ansible: None
*/5 */2 10 */2 * /bin/ls -l /etc

8、user模块
标注：user模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/user_module.html#user-module

参数说明：

uid             #==》指定用户的uid
group           #==》指定用户组 
groups          #==》指定附加用户组
password        #==》给用户添加密码
shell           #==》指定用户登陆shell
create_home     #==》是否创建家目录，默认（yes）
comment         #==》用户描述信息
[root@ansible ~]# ansible webserver01 -m user -a "name=test group=oldboy shell=/sbin/nologin comment=testuser create_home=no"
172.16.1.31 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "testuser", 
    "create_home": false, 
    "group": 1000, 
    "home": "/home/test", 
    "name": "test", 
    "shell": "/sbin/nologin", 
    "state": "present", 
    "system": false, 
    "uid": 1004
}
[root@ansible ~]# ansible webserver01 -m shell -a "tail -1 /etc/passwd"
172.16.1.31 | CHANGED | rc=0 >>
test:x:1004:1000:testuser:/home/test:/sbin/nologin

9、group模块
标注：group模块技术文档网址
https://docs.ansible.com/ansible/latest/modules/group_module.html#group-module

参数说明：

name        #==》指定用户组名称
gid         #==》指定用户组gid
state       #==》absent删除用户组，present创建用户组(默认值)

#==》创建用户组
[root@ansible ~]# ansible webserver01 -m group -a "name=Tom gid=9999"
172.16.1.32 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "gid": 9999, 
    "name": "Tom", 
    "state": "present", 
    "system": false
}
[root@ansible ~]# ansible webserver01 -m shell -a "tail -1 /etc/gshadow"
172.16.1.32 | CHANGED | rc=0 >>
Tom:!::
#==》删除用户组
[root@ansible ~]# ansible webserver01 -m group -a "name=Tom state=absent"
172.16.1.31 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "name": "Tom", 
    "state": "absent"
}
[root@ansible ~]# ansible webserver01 -m shell -a "tail -1 /etc/gshadow"
172.16.1.32 | CHANGED | rc=0 >>
oldgirl:!::