虚拟机版本:Rocky Linux release 8.6 (Green Obsidian)
准备几台虚拟机
ipv4地址 | 主机名 |
192.168.137.13 | center |
192.168.137.14 | sp-1 |
192.168.137.15 | sp-2 |
192.168.137.16 | sp-3 |
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.137.13 center
192.168.137.14 sp-1
192.168.137.15 sp-2
192.168.137.16 sp-3
yum -y install ansible-core
3-1. 新建ansible目录,进入该目录,整个剧本操作都在ansible目录中完成
mkdir ansible
cd ansible
3-2. vim ansible.cfg
[defaults]
inventory=inventory
host_key_checking=False
注意事项,如果不是root用户,是sudo免密提权的普通用户alice可以这么写:
[defaults]
inventory=/home/alice/ansible/inventory #清单文件
roles_path=/home/alice/ansible/roles #角色目录
collections_paths=/home/alice/ansible/collections
#collection 目录,多个目录冒号:分隔(仅适用于 RHEL9)
remote_user=alice #远程用户
[privilege_escalation] #sudo 提权
become=True #是否提权
become_method=sudo #提权方式
become_user=root #提权用户
become_ask_pass=False #是否需要密码
3-3.vim inventory
[master]
center
[minions]
center
sp-[1:3]
[master:vars]
ansible_connection=local
[minions:vars]
ansible_ssh_pass=a
检查ansible是否配置成功:
[root@localhost ansible]# ansible all -m ping
[WARNING]: Platform linux on host center is using the discovered Python interpreter at /usr/bin/python3.8,
but future installation of another Python interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-core/2.12/reference_appendices/interpreter_discovery.html for more
information.
center | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3.8"
},
"changed": false,
"ping": "pong"
}
sp-2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
sp-3 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
sp-1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
注意:这步失败的话,如果检查前面的代码也没问题,可以把第二步免密ssh登录做了再试试
3-4. vim install.yml
---
- hosts: all
gather_facts: false
tasks:
- name: get salt.repo
shell: |
sudo rpm --import https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub
sudo curl -fsSL https://repo.saltproject.io/py3/redhat/8/x86_64/latest.repo | tee /etc/yum.repos.d/salt.repo
sudo yum clean all
become: true
- name: get master name
set_fact:
master_name: "{{ groups['master'][0] }}"
- name: get master ip
shell: "cat /etc/hosts | grep {{ master_name }} | awk '{print $1}'"
register: shell_out
- name: set master_ip
set_fact:
master_ip: "{{ shell_out.stdout }}"
- name: debug master_name and master_ip
debug:
msg: "master_name = {{ master_name }}, master_ip = {{ master_ip }}"
- hosts: master
gather_facts: false
tasks:
- name: install salt-master
yum:
name: salt-master
state: present
become: true
- name: change master configuration
shell: "sed -i 's/^#interface.*/interface: {{ master_ip }}/' /etc/salt/master"
become: true
- name: start salt-master
service:
name: salt-master
enabled: yes
state: started
become: true
- hosts: minions
gather_facts: false
tasks:
- name: copy hosts to minions(为了获取salt-key)
copy:
src: /etc/hosts
dest: /etc/hosts
- name: install salt-minion
yum:
name: salt-minion
state: present
become: true
- name: change minion configuration
shell: "sed -i 's/^#master:.*/master: {{ master_name }}/' /etc/salt/minion"
become: true
- name: start salt-minion
service:
name: salt-minion
enabled: yes
state: started
become: true
3-5.执行剧本
ansible-playbook install.yml
[root@localhost ansible]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
sp-1
sp-2
sp-3
Proceed? [n/Y] y
Key for minion sp-1 accepted.
Key for minion sp-2 accepted.
Key for minion sp-3 accepted.
[root@localhost ansible]# salt-key -L
Accepted Keys:
center
sp-1
sp-2
sp-3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
salt-key -a sp-1,sp-2,sp-3
[root@localhost ansible]# salt '*' test.ping
sp-3:
True
sp-1:
True
sp-2:
True
center:
True
#使用正则表达式,加-E参数
[root@localhost ansible]# salt 'sp-.*' -E test.ping
sp-1:
True
sp-3:
True
sp-2:
True
#-L参数,将字符串以空格或者,号分隔开,再每个匹配展示
[root@localhost ansible]# salt 'sp-1,sp-2,sp-3' -L test.ping
sp-1:
True
sp-3:
True
sp-2:
True
#或
[root@localhost ansible]# salt 'sp-1 sp-2 sp-3' -L test.ping
sp-1:
True
sp-3:
True
sp-2:
True
#-G 选项用于基于 minion 的 grains 数据来进行目标定位(targeting)。Grains 是 SaltStack 中的一种数据结构,它允许 minion 收集有关自身的信息,并将这些信息报告给 master。Grains 可以包括操作系统类型、内核版本、硬件信息等各种系统元数据。使用 -G 选项,您可以根据这些 grains 数据来选择特定的 minion 执行命令
[root@localhost ansible]# salt 'fqdn:sp-1' -G test.ping
sp-1:
True
#-C(大写)选项,混合方式
[root@localhost ansible]# salt 'G@host:center or E@sp-[1-2]' -C test.ping
sp-2:
True
center:
True
sp-1:
True
[root@localhost ansible]# salt '*' test.version
sp-2:
3005.5
sp-1:
3005.5
center:
3005.5
sp-3:
3005.5
#grains,采集硬件信息
[root@localhost ansible]# salt 'sp-1' grains.ls
[root@localhost ansible]# salt 'sp-1' grains.items
#只要具体的几项:
[root@localhost ansible]# salt 'sp-1' grains.item host fqdn selinux master
sp-1:
----------
fqdn:
sp-1
host:
sp-1
master:
center
selinux:
----------
enabled:
False
enforced:
Disabled
拒绝所有:
[root@localhost ansible]# salt-key -R
拒绝指定的一个或多个minion:
salt-key -r sp-1,sp-2,sp-3
4-6.删除已接受的minion
拒绝所有:
[root@localhost ansible]# salt-key -D
批量删除已接受的具体某些minion:
[root@localhost ansible]# salt-key -d center,sp-1,sp-2,sp-3
5-1.配置nodegroups
使用/etc/salt/master配置nodegroups
[root@localhost ansible]# vim /etc/salt/master
加上
nodegroups:
sp_group: L@sp-1,sp-2,sp-3
[root@localhost ansible]# systemctl restart salt-master
[root@localhost ansible]# salt -N sp_group cmd.run "ls"
sp-3:
anaconda-ks.cfg
sp-2:
anaconda-ks.cfg
sp-1:
anaconda-ks.cfg
cmd.exec_code,cmd.exec_code_all 可以指定解释器执行命令:
[root@localhost ansible]# salt sp-1 cmd.exec_code_all sh "echo hello"
sp-1:
----------
pid:
14927
retcode:
0
stderr:
stdout:
hello
[root@localhost ansible]# salt sp-1 cmd.exec_code sh "echo hello"
sp-1:
hello
在center主机执行:
ssh-keygen一路回车
ssh-copy-id sp-1
有yes/no选项的=》yes
输入密码,回车
ssh-copy-id sp-2
同上
ssh-copy-id sp-3
同上
然后依然在center主机使用
ssh sp-1
到该主机后命令行输入exit返回center主机
ssh sp-2
同上
ssh sp-3
同上
三、salt模块
列出所有的模块
[root@localhost ansible]# salt sp-1 sys.list_modules
sp-1:
- acl
- aliases
- alternatives
- archive
- artifactory
- at
- baredoc
- beacons
- bigip
- btrfs
- buildout
- chroot
- cloud
- cmd
- composer
- config
- consul
- container_resource
- cp
- cron
- cryptdev
- data
- defaults
- devinfo
- devmap
- dig
- disk
- django
- dnsmasq
- dnsutil
- drbd
- environ
- ethtool
- event
- extfs
- file
- freezer
- gem
- genesis
- glassfish
- glusterfs
- gnome
- google_chat
- grafana4
- grains
- group
- hashutil
- helm
- highstate_doc
- hosts
- http
- hue
- incron
- ini
- inspector
- introspect
- iosconfig
- ip
- iptables
- jboss7
- jboss7_cli
- jinja
- k8s
- kernelpkg
- key
- keyboard
- kmod
- kubeadm
- locale
- locate
- log
- logrotate
- lowpkg
- lvm
- mandrill
- match
- mattermost
- mine
- minion
- modjk
- mount
- msteams
- nagios_rpc
- namecheap_domains
- namecheap_domains_dns
- namecheap_domains_ns
- namecheap_ssl
- namecheap_users
- network
- nexus
- nfs3
- nova
- nspawn
- nxos
- nxos_api
- nxos_upgrade
- openscap
- openstack_config
- opsgenie
- out
- pagerduty
- pagerduty_util
- pam
- parallels
- partition
- peeringdb
- pillar
- pip
- pkg
- pkg_resource
- ps
- publish
- pushover
- pyenv
- qemu_img
- qemu_nbd
- quota
- raid
- random
- random_org
- rbenv
- rest_sample_utils
- restartcheck
- ret
- rsync
- rvm
- s3
- s6
- salt_proxy
- salt_version
- saltcheck
- saltutil
- schedule
- scsi
- sdb
- seed
- selinux
- serverdensity_device
- service
- shadow
- slack
- slsutil
- smbios
- smtp
- solrcloud
- sqlite3
- ssh
- state
- status
- statuspage
- supervisord
- sys
- sysctl
- sysfs
- syslog_ng
- system
- telegram
- telemetry
- temp
- test
- timezone
- tuned
- udev
- uptime
- user
- vault
- vbox_guest
- virtualenv
- vsphere
- x509
- xfs
- xml
- zabbix
- zenoss
查看cmd的方法有哪些?
[root@localhost ansible]# salt 'sp-1' sys.list_functions cmd
sp-1:
- cmd.exec_code
- cmd.exec_code_all
- cmd.has_exec
- cmd.powershell
- cmd.powershell_all
- cmd.retcode
- cmd.run
- cmd.run_all
- cmd.run_bg
- cmd.run_chroot
- cmd.run_stderr
- cmd.run_stdout
- cmd.script
- cmd.script_retcode
- cmd.shell
- cmd.shell_info
- cmd.shells
- cmd.tty
- cmd.which
- cmd.which_bin
查看cmd.run的帮助文档
[root@localhost ansible]# salt sp-1 sys.doc cmd.run
cmd.run使用示例:
[root@localhost ansible]# salt 'sp-1' cmd.run "ls -l;hostname"
sp-1:
total 4
-rw-------. 1 root root 1039 May 16 16:06 anaconda-ks.cfg
sp-1
#批量执行
[root@localhost ansible]# salt '*' cmd.run "hostname"
sp-3:
sp-3
sp-2:
sp-2
sp-1:
sp-1
center:
center
2.cp模块(复制)
查看帮助文档:
[root@localhost ansible]# salt sp-1 sys.doc cp
修改/etc/salt/master配置:
file_roots:
base:
- /srv/salt
重启salt-master
systemctl restart salt-master
cp.get_file(获取文件)
[root@localhost ansible]# mkdir -p /srv/salt/files/
[root@localhost ansible]# vim /srv/salt/files/test_get.txt
这是master文件
#使用示例:
[root@localhost ansible]# salt sp-2 cp.get_file salt://files/test_get.txt /root/test.txt
sp-2:
/root/test.txt
[root@localhost ansible]# salt sp-2 cmd.run "ls /root"
sp-2:
anaconda-ks.cfg
test.txt
[root@localhost ansible]# salt sp-2 cmd.run 'cat /root/test.txt'
sp-2:
这个是master节点的文件!!!
cp.get_dir
#注意:不能是空目录,至少要有一个文件的目录才能使用这个方法
[root@localhost ansible]# mkdir -p /srv/salt/test_dirs
[root@localhost ansible]# salt sp-2 cp.get_dir salt://test_dirs/ /root/ sp-2:
#没有复制过去,因为是空目录
#给该目录加一个文件就可以了
[root@localhost ansible]# echo hello > /srv/salt/test_dirs/1.txt
[root@localhost ansible]# salt sp-2 cp.get_dir salt://test_dirs/ /root/
sp-2:
- /root//test_dirs/1.txt
[root@localhost ansible]# salt sp-2 cmd.run 'ls /root/'
sp-2:
anaconda-ks.cfg
test.txt
test_dirs
[root@localhost ansible]# salt sp-2 cmd.run 'ls /root/test_dirs'
sp-2:
1.txt
cp.push
[root@localhost ansible]# vim /etc/salt/master
file_recv: True
[root@localhost ansible]# systemctl restart salt-master
[root@localhost ansible]# salt sp-2 cp.push /root/test.txt
sp-2:
True
[root@localhost ansible]# ls /var/cache/salt/master/minions/sp-2/files/root/
test.txt
[root@localhost ansible]# salt sp-2 cp.push /root/test.txt upload_path=/test/file/file.txt
sp-2:
True
[root@localhost ansible]# find / -name 'file.txt'
...
/var/cache/salt/master/minions/sp-2/files/test/file/file.txt
[root@localhost ansible]# ls /var/cache/salt/master/minions/sp-2/files/test/file/
file.txt
查看某个模块的剧本示例帮助
#查看帮助文档
salt sp-1 sys.list_state_functions pkg
salt sp-1 sys.state_doc pkg.installed
salt sp-1 sys.list_state_functions service
salt sp-1 sys.state_doc service.dead
编辑nginx下载启动服务剧本
mkdir /srv/salt/state/
cd /srv/salt/state/
mkdir nginx
cd nginx
vim nginx_install.sls
#剧本内容
nginx-install:
pkg.installed:
- name: nginx
nginx-service:
service.running:
- name: nginx
- enable: True
- require:
- pkg: nginx-install
#执行nginx_install.sls剧本
salt sp-1 state.sls state.nginx.nginx_install
#检测是否成功
salt sp-1 cmd.run 'ps -ef | grep nginx'
salt sp-1 cmd.run 'service nginx status'
关闭nginx服务
vim nginx_stop.sls
#关闭nginx
stop_nginx_service:
service.dead:
- name: nginx
[root@localhost nginx]# salt sp-1 state.sls state.nginx.nginx_stop
sp-1:
----------
ID: stop_nginx_service
Function: service.dead
Name: nginx
Result: True
Comment: Service nginx was killed
Started: 08:20:02.938253
Duration: 358.058 ms
Changes:
----------
nginx:
False
Summary for sp-1
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 358.058 ms
[root@localhost nginx]# salt sp-1 cmd.run 'service nginx status'