自动化之Ansible

server/2025/1/18 18:05:09/

一、Ansible介绍

Ansible是一个同时管理多个远程主机的软件(任何可以通过SSH协议登录的机器),因此Ansible可以管理 运程虚拟机、物理机,也可以是本地主机(linux、windows)。
Ansible通过SSH协议实现 管理节点、远程节点的通信。
只要是能够SSH登录的主机完成的操作,都可以通Ansible自动化操作,比如批量复制、批量除、批量修改、批量查看、批量安装、重启、更新等。

1.ansible是基于python语言开发的自动运维工具(由于python是解释器的特点,机器上必须要安装python运行环境)


2.ansible基于ssh协议实现安全通信。

ansible%E5%AE%89%E8%A3%85%E9%83%A8%E7%BD%B2">二、ansible安装部署

1、准备机器

master-61        10.0.0.61        管理主机

web-7               10.0.0.7          web服务器

web-8               10.0.0.8          web服务器

web-9               10.0.0.9          web服务器

rsync                10.0.0.41        备份服务器

nfs                     10.0.0.31       存储服务器

注:以上机器在后续中会使用到,如何创建这些机器可以看这篇教程Linux 网站架构_soft.aijiaer11.cn-CSDN博客

master-61管理主机安装ansible和python

yum install -y epel-release ansible libselinux-python

ansible%E5%9F%BA%E4%BA%8E%E5%85%AC%E7%A7%81%E9%92%A5%E8%AE%A4%E8%AF%81">2、ansible基于公私钥认证

2.1将master-61的公钥复制到对应机器上

[master-61 root ~] # ssh-copy-id root@10.0.0.7
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.7 (10.0.0.7)' can't be established.
ECDSA key fingerprint is SHA256:p+Y8oREDmNYotbNk8uqZv6KTTFKFnLhOxXp3D+Jet6Q.
ECDSA key fingerprint is MD5:d4:45:1d:1c:9f:5f:9f:8e:c7:86:d3:03:ee:f1:78:f4.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.7's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@10.0.0.9'"
and check to make sure that only the key(s) you wanted were added.另外两台机器也是一样的
[master-61 root ~] # ssh-copy-id root@10.0.0.8
[master-61 root ~] # ssh-copy-id root@10.0.0.9

2.2 配置.ssh/config 配置文件,方便ssh登录

[master-61 root ~] # cat .ssh/config 
Host web-7HostName 10.0.0.7User rootPort 22IdentityFile ~/.ssh/id_rsaHost web-8HostName 10.0.0.8User rootPort 22IdentityFile ~/.ssh/id_rsaHost web-9HostName 10.0.0.8User rootPort 22IdentityFile ~/.ssh/id_rsa

2.3 测试是否免密登录成功

[master-61 root ~] # ssh web-7
Last login: Thu Jan  9 15:40:38 2025 from 172.16.1.61
[web-7 root ~] # exit
logout
Connection to 10.0.0.7 closed.
[master-61 root ~] # ssh web-8
Last login: Thu Jan  9 15:40:37 2025 from 172.16.1.61
[web-8 root ~] # exit
logout
Connection to 10.0.0.8 closed.
[master-61 root ~] # ssh web-9
Last login: Thu Jan  9 15:40:36 2025 from 172.16.1.61
[web-9 root ~] # exit
logout
Connection to 10.0.0.9 closed.
[master-61 root ~] #

ansible%E4%B8%BB%E6%9C%BA%E6%B8%85%E5%8D%95%E6%96%87%E4%BB%B6">3、配置ansible主机清单文件

[master-61 root ~] # cat  /etc/ansible/hosts
[web]
172.16.1.7
172.16.1.8
172.16.1.9[nfs]
172.16.1.31[backup]
172.16.1.41

ansible管理所有主机组(all),管理对应主机组(定义的主机组名如:web,nfs,bakcup)

ansible 语法

ansible <组名> -m <模块> -a <参数列表>
 

nfs和backup主机没有开机所以执行报错了

4、基于密码认证

ansible主机清单配置文件语法

https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#connecting-to-hosts-behavioral-inventory-parameters

参数参数类型参数说明
ansible_host主机地址远程主机ip
ansible_port主机端口设置SSH连接端口,默认22
ansible_user主机用户默认SSH远程连接的用户身份
ansible_password用户密码指定SSH远程主机密码

4.1给rsync机器,添加密码,端口信息

[master-61 root ~] # tail -2  /etc/ansible/hosts
[backup]
172.16.1.41  ansible_port=22  ansible_user=root ansible_password='1' 如果被管理主机更改l用户,密码,端口,这里也需要更改成相同的

测试执行

[master-61 root ~] # ansible backup -m ping
172.16.1.41 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}

4.2添加web机器组的信息

[master-61 root ~] # cat  /etc/ansible/hosts
[web]
172.16.1.7 ansible_port=22 ansible_user=root ansible_password=1
172.16.1.8 ansible_port=22 ansible_user=root ansible_password=1
172.16.1.9 ansible_port=22 ansible_user=root ansible_password=1测试是否能通
[master-61 root ~] # ansible web -m ping
172.16.1.7 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}
172.16.1.8 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}
172.16.1.9 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}

ansible%E6%95%85%E9%9A%9C%E9%97%AE%E9%A2%98%E8%A7%A3%E5%86%B3">4.3 ansible故障问题解决

如果出现机器的指纹问题确认,如下

[master-61 root ~] # ansible web -m ping
172.16.1.7 | FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."
}
172.16.1.8 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}
172.16.1.9 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}

解决办法1,手动ssh连接,进行指纹确认,写入到本机的

[master-61 root ~] # ssh root@172.16.1.7
The authenticity of host '172.16.1.7 (172.16.1.7)' can't be established.
ECDSA key fingerprint is SHA256:p+Y8oREDmNYotbNk8uqZv6KTTFKFnLhOxXp3D+Jet6Q.
ECDSA key fingerprint is MD5:d4:45:1d:1c:9f:5f:9f:8e:c7:86:d3:03:ee:f1:78:f4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.1.7' (ECDSA) to the list of known hosts.
root@172.16.1.7's password: 
Last login: Fri Jan 10 09:35:07 2025 from 172.16.1.61
[web-7 root ~] # exit
logout
Connection to 172.16.1.7 closed.
[master-61 root ~] # ansible web -m ping
172.16.1.9 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}
172.16.1.8 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}
172.16.1.7 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}

解决办法2,ansible配置文件中忽略指纹确认

将配置文件中注释取消掉
[master-61 root ~] # grep 'host_key_checking' /etc/ansible/ansible.cfg
#host_key_checking = False
[master-61 root ~] # 

4.4 公共变量配置

当主机清单里,很多主机组,有相同的变量属性,可以写成公共变量

[master-61 root ~] # vim /etc/ansible/hosts
[web:vars]
ansible_port=22
ansible_user=root
ansible_password=1[web]
172.16.1.7
172.16.1.8
172.16.1.9[master-61 root ~] # ansible web -m ping
172.16.1.7 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}
172.16.1.8 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}

ansible远程执行命令

在web的所有机器/opt/目录下创建test1.txt文件
[master-61 root ~] # ansible web -m shell -a "touch /opt/test1.txt"
[WARNING]: Consider using the file module with state=touch rather than running 'touch'.  If you need
to use command because file is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
172.16.1.8 | CHANGED | rc=0 >>172.16.1.9 | CHANGED | rc=0 >>172.16.1.7 | CHANGED | rc=0 >>[master-61 root ~] # 

ansible%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%96%B9%E5%BC%8F%EF%BC%88%E4%B8%BB%E8%A6%81%EF%BC%89">三、ansible命令执行方式(主要)

ansible执行命令结果(状态颜色)

命令成功:

绿色:命令以用户期望的执行了,但是状态没有发生改变;

黄色:命令以用户期望的执行了,并且状态发生了改变;

命令没有执行成功:

紫色:警告信息,说明ansible提示你有更合适的用法;出现了warning警告

红色:命令错误,执行失败;

蓝色: 详细的执行过程;

ansible%E5%91%BD%E4%BB%A4">1、ansible命令

语法:

ansible <host-pattern> -m <module> -a "<module-arguments>"

<host-pattern>:指定主机或主机组,可以是单个主机、主机组或模式(如 all、web、db)。
-m <module>:指定 Ansible 模块,比如 ping、command、copy 等。
-a "<module-arguments>":指定模块的参数。

command模块是ansible默认的模块,也就是默认就指定了 -m command。

该模块作用:在远程节点上执行一个命令

执行 command 模块,获取 web 主机组中主机的主机名

ansible web -m command -a "hostname"

ansible-playbook%20%E5%91%BD%E4%BB%A4">2、ansible-playbook 命令

用于运行 Ansible Playbook,Playbook 是一组预定义的任务,它描述了如何配置远程主机。

语法:

ansible-playbook <playbook.yml> [options]

<playbook.yml>:指定要执行的 playbook 文件。
[options]:可选参数,如 -i 指定库存文件,-u 指定用户等。

ansible-inventory%20%E5%91%BD%E4%BB%A4">3、ansible-inventory 命令

用于查看和管理 Ansible 的库存(inventory)。可以列出、检查库存的内容,以及验证库存文件的格式。

语法:

ansible-inventory [options]

图形化的方式展示主机和组的关系;列出所有的主机组

ansible-inventory --graph

ansible-inventory --list

ansible-galaxy%20%E5%91%BD%E4%BB%A4">4、ansible-galaxy 命令

用于管理 Ansible Galaxy 上的角色和集合。可以使用它来安装、创建和管理 Ansible 角色

语法:

ansible-galaxy <command> [options]

ansible-doc%20%E5%91%BD%E4%BB%A4">5、ansible-doc 命令

用于查看 Ansible 模块的文档。

语法:

ansible-doc <module>

ansible-vault%20%E5%91%BD%E4%BB%A4">6、ansible-vault 命令

用于加密和解密敏感信息(如密码)。它允许你安全地管理 playbook 中的敏感数据

语法:

ansible-vault <command> [options]

[master-61 root ~] # ansible-vault -help
usage: ansible-vault [-h] [--version] [-v]
                     {create,decrypt,edit,view,encrypt,encrypt_string,rekey}
                     ...
ansible-vault: error: argument -h/--help: ignored explicit argument u'elp'

ansible-console%20%E5%91%BD%E4%BB%A4">7、ansible-console 命令

ansible-console 提供了一个交互式命令行界面,可以在其中执行 Ansible 模块命令,非常适合调试和快速执行

语法:

ansible-console

执行后会出现很多的命令

ansible-config%20%E5%91%BD%E4%BB%A4">8、ansible-config 命令

用于查看和管理 Ansible 配置。可以检查当前的配置设置,或者创建和编辑自定义的配置文件

语法:

ansible-config <command> [options]

列出所有的 Ansible 配置选项,截图只截取了一部分

四、ansible模块

1、command 命令模块

ansible.buildin.command 模块 – 在目标上执行命令 — Ansible 社区文档icon-default.png?t=O83Ahttps://docs.ansible.com/ansible/latest/collections/ansible/builtin/command_module.html#ansible-collections-ansible-builtin-command-module

该模块作用:在远程节点上执行一个命令

        command模块是ansible默认的模块,也就是默认就指定了 -m command
        只支持简单命令命令执行,比如你想远程看下服务器的资源信息,普通的linux命令

command模块是ansible命令基本模块

        使用command模块执行远程命令,命令不得用变量($HOME)

        不得出现特殊符号

        < 、>、|、;、&

远程查看web主机内存

ansible web -a "free -m"

远程创建文件、查看文件

ansible web  -m command -a "touch /opt/haha.log"

ansible web  -m command -a "cat /opt/haha.log"

远程获取机器负载

ansible web -a "uptime"

关闭告警信息,执行不会出现WARNING警告

command提供的专有命令

这些命令用于编写ansible-playbook,完成服务器部署的各种复杂条件限定。

选项参数选项说明
chdir在执行命令执行,通过cd命令进入指定目录
creates定义一个文件是否存在,若不存在,则运行相应命令;存在则跳过
free_form(必须)参数信息中可以输入任何系统命令,实现远程管理
removes定义一个文件是否存在,如果存在,则运行相应命令;如果不存在则跳过

2、shell 命令模块(万能模块)

ansible.builtin.shell module – Execute shell commands on targets — Ansible Community Documentationicon-default.png?t=O83Ahttps://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html#ansible-collections-ansible-builtin-shell-modulev

shell模块可以识别特殊符号,就等于远程执行命令

远程过滤ssh进程信息

ansible web -m shell -a "ps -ef|grep ssh"

使用重定向符号,创建文件

远程获取时间信息,且写入到文件中

command模块就没法使用重定向

ansible web -m command -a "date > /tmp/date.log"

远程执行复杂的Linux命令

  • 创建文件夹

  • 生成sh脚本文件(查看主机名)

  • 赋予脚本可执行权限

  • 执行脚本

  • 忽略warning信息

ansible web  -m shell  -a "mkdir /0110/;echo 'hostname' > /0110/hostname.sh;chmod +x /0110/hostname.sh;/0110/hostname.sh;  warn=false"

3、copy命令模块

copy模块是远程推送数据模块,只能把数据推送给远程主机节点,无法拉取数据到本地。

语法:ansible 主机组 -m copy -a "参数"

src                  地文件或目录的路径

dest                目标主机上的文件或目录路径

mode              文件的权限模式(类似于 chmod)

owner             设置目标文件的拥有者,可以是用户名或用户ID

group              设置目标文件的所属组,可以是组名或组ID

backup            是否在文件复制之前备份目标文件

force                是否强制复制文件,忽略现有文件是否相同

recurse            是否递归复制目录

directory_mode        当复制一个目录时,设置目标目录的权限

3.1 发送文件到对应机器目录

[master-61 root ~] # ansible web -m copy -a "src=/tmp/61-dnf.log dest=/tmp/web-dnf.log"
172.16.1.9 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "checksum": "48579c730bab923a58386c5cb48fe95a025dd4be", "dest": "/tmp/web-dnf.log", "gid": 0, "group": "root", "md5sum": "88da829f8dad48fa08e9328591dda9db", "mode": "0644", "owner": "root", "size": 5, "src": "/root/.ansible/tmp/ansible-tmp-1736494608.32-11558-63842889014971/source", "state": "file", "uid": 0
}
172.16.1.8 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "checksum": "48579c730bab923a58386c5cb48fe95a025dd4be", "dest": "/tmp/web-dnf.log", "gid": 0, "group": "root", "md5sum": "88da829f8dad48fa08e9328591dda9db", "mode": "0644", "owner": "root", "size": 5, "src": "/root/.ansible/tmp/ansible-tmp-1736494608.32-11555-248987136082372/source", "state": "file", "uid": 0
}
172.16.1.7 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "checksum": "48579c730bab923a58386c5cb48fe95a025dd4be", "dest": "/tmp/web-dnf.log", "gid": 0, "group": "root", "md5sum": "88da829f8dad48fa08e9328591dda9db", "mode": "0644", "owner": "root", "size": 5, "src": "/root/.ansible/tmp/ansible-tmp-1736494608.27-11554-90016176294629/source", "state": "file", "uid": 0
}
[master-61 root ~] # 
[web-7 root ~] # ls /tmp/web-dnf.log -l
-rw-r--r-- 1 root root 5 Jan 10 15:36 /tmp/web-dnf.log[web-8 root ~] # ls /tmp/web-dnf.log -l
-rw-r--r-- 1 root root 5 Jan 10 15:36 /tmp/web-dnf.log[web-9 root ~] # ls /tmp/web-dnf.log -l
-rw-r--r-- 1 root root 5 Jan 10 15:36 /tmp/web-dnf.log

3.2 发送文件且指定文件属性,权限改为600,修改为www用户

先创建用户
[master-61 root ~] # ansible web -m user -a "name=www state=present"
172.16.1.9 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "comment": "", "create_home": true, "group": 1000, "home": "/home/www", "name": "www", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1000
}
172.16.1.7 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "comment": "", "create_home": true, "group": 1000, "home": "/home/www", "name": "www", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1000
}
172.16.1.8 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "comment": "", "create_home": true, "group": 1000, "home": "/home/www", "name": "www", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1000
}修改所属主为www和文件权限为600
[master-61 root ~] # ansible web -m copy -a "src=/tmp/61-dnf.log dest=/tmp/web-dnf.log group=www owner=www mode=600"
172.16.1.9 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "checksum": "48579c730bab923a58386c5cb48fe95a025dd4be", "dest": "/tmp/web-dnf.log", "gid": 1000, "group": "www", "mode": "0600", "owner": "www", "path": "/tmp/web-dnf.log", "size": 5, "state": "file", "uid": 1000
}
172.16.1.8 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "checksum": "48579c730bab923a58386c5cb48fe95a025dd4be", "dest": "/tmp/web-dnf.log", "gid": 1000, "group": "www", "mode": "0600", "owner": "www", "path": "/tmp/web-dnf.log", "size": 5, "state": "file", "uid": 1000
}
172.16.1.7 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "checksum": "48579c730bab923a58386c5cb48fe95a025dd4be", "dest": "/tmp/web-dnf.log", "gid": 1000, "group": "www", "mode": "0600", "owner": "www", "path": "/tmp/web-dnf.log", "size": 5, "state": "file", "uid": 1000
}

远程检查文件信息

3.3 发送文件且先做好备份

[master-61 root ~] # ansible web -m copy -a "src=/tmp/61-dnf.log  dest=/tmp/web-dnf.log backup=yes"
172.16.1.9 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "checksum": "48579c730bab923a58386c5cb48fe95a025dd4be", "dest": "/tmp/web-dnf.log", "gid": 1000, "group": "www", "mode": "0600", "owner": "www", "path": "/tmp/web-dnf.log", "size": 5, "state": "file", "uid": 1000
}
172.16.1.8 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "checksum": "48579c730bab923a58386c5cb48fe95a025dd4be", "dest": "/tmp/web-dnf.log", "gid": 1000, "group": "www", "mode": "0600", "owner": "www", "path": "/tmp/web-dnf.log", "size": 5, "state": "file", "uid": 1000
}
172.16.1.7 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "checksum": "48579c730bab923a58386c5cb48fe95a025dd4be", "dest": "/tmp/web-dnf.log", "gid": 1000, "group": "www", "mode": "0600", "owner": "www", "path": "/tmp/web-dnf.log", "size": 5, "state": "file", "uid": 1000
}

4、 file文件操作模块

file模块主要用于创建文件、目录数据,以及对现有的文件、目录权限进行修改对文件属性各种操作。

file专门用于在远程机器上,关于文件的所有操作

官网:

ansible.builtin.file module – Manage files and file properties — Ansible Community Documentationicon-default.png?t=O83Ahttps://docs.ansible.com/ansible/latest/modules/file_module.html#file-module

命令查看帮助

ansible-doc -s file

file文件模块主要参数

path(必填)         指定文件、目录或符号链接的路径。

state (必填)        定义文件或目录的目标状态

mode                设置文件的权限模式,类似于 chmod 命令中的权限设置

owner                设置文件或目录的所有者。

group                设置文件或目录的用户组

4.1 远程在web服务器中,创建一个文本hello_ansible.log

[master-61 root ~] # ansible web -m file -a "path=/opt/hello_ansible.log state=touch"
172.16.1.9 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "dest": "/opt/hello_ansible.log", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "size": 0, "state": "file", "uid": 0
}
172.16.1.8 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "dest": "/opt/hello_ansible.log", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "size": 0, "state": "file", "uid": 0
}
172.16.1.7 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "dest": "/opt/hello_ansible.log", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "size": 0, "state": "file", "uid": 0
}

4.2 远程创建文件夹

[master-61 root ~] # ansible web -m file -a "path=/opt/hello_ansible state=directory"
172.16.1.7 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/hello_ansible", "size": 6, "state": "directory", "uid": 0
}
172.16.1.9 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/hello_ansible", "size": 6, "state": "directory", "uid": 0
}
172.16.1.8 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/hello_ansible", "size": 6, "state": "directory", "uid": 0
}

4.3 创建文件且设定所属组和文件权限

[master-61 root ~] # ansible web -m file -a "path=/opt/hello-test.log state=touch owner=www group=www mode=777"
172.16.1.8 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "dest": "/opt/hello-test.log", "gid": 1000, "group": "www", "mode": "0777", "owner": "www", "size": 0, "state": "file", "uid": 1000
}
172.16.1.9 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "dest": "/opt/hello-test.log", "gid": 1000, "group": "www", "mode": "0777", "owner": "www", "size": 0, "state": "file", "uid": 1000
}
172.16.1.7 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "dest": "/opt/hello-test.log", "gid": 1000, "group": "www", "mode": "0777", "owner": "www", "size": 0, "state": "file", "uid": 1000
}

file模块中playbook写法,yaml写法

ansible.builtin.file module – Manage files and file properties — Ansible Community Documentation

5、script脚本模块

script模块的功能参数

选项参数选项说明
creates定义一个文件是否存在,若不存在,则运行相应命令;存在则跳过
free_form(必须)参数信息中可以输入任何系统命令,实现远程管理
removes定义一个文件是否存在,如果存在,则运行相应命令;如果不存在则跳过

例如:打印一下基本的信息,脚本如下

[master-61 root ~] # ansible web -m script -a "/root/server_info.sh"
172.16.1.9 | CHANGED => {"changed": true, "rc": 0, "stderr": "Shared connection to 172.16.1.9 closed.\r\n", "stderr_lines": ["Shared connection to 172.16.1.9 closed."], "stdout": "", "stdout_lines": []
}
172.16.1.7 | CHANGED => {"changed": true, "rc": 0, "stderr": "Shared connection to 172.16.1.7 closed.\r\n", "stderr_lines": ["Shared connection to 172.16.1.7 closed."], "stdout": "", "stdout_lines": []
}
172.16.1.8 | CHANGED => {"changed": true, "rc": 0, "stderr": "Shared connection to 172.16.1.8 closed.\r\n", "stderr_lines": ["Shared connection to 172.16.1.8 closed."], "stdout": "", "stdout_lines": []
}

cat查看对应的log内容 

查看命令执行的详细过程

-vvvvv参数显示详细过程,v越多,越详细

[master-61 root ~] # ansible web -v  -m shell -a "free -h"
Using /etc/ansible/ansible.cfg as config file
172.16.1.9 | CHANGED | rc=0 >>total        used        free      shared  buff/cache   available
Mem:           1.9G        131M        1.7G        9.5M        101M        1.7G
Swap:            0B          0B          0B
172.16.1.8 | CHANGED | rc=0 >>total        used        free      shared  buff/cache   available
Mem:           1.9G        130M        1.7G        9.5M        100M        1.7G
Swap:            0B          0B          0B
172.16.1.7 | CHANGED | rc=0 >>total        used        free      shared  buff/cache   available
Mem:           1.9G        132M        1.7G        9.5M        103M        1.7G
Swap:            0B          0B          0B
[master-61 root ~] # ansible web -vv  -m shell -a "free -h"
ansible 2.9.27config file = /etc/ansible/ansible.cfgconfigured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']ansible python module location = /usr/lib/python2.7/site-packages/ansibleexecutable location = /usr/bin/ansiblepython version = 2.7.5 (default, Jun 28 2022, 15:30:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
Using /etc/ansible/ansible.cfg as config file
Skipping callback 'actionable', as we already have a stdout callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Skipping callback 'json', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'null', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Skipping callback 'selective', as we already have a stdout callback.
Skipping callback 'skippy', as we already have a stdout callback.
Skipping callback 'stderr', as we already have a stdout callback.
Skipping callback 'unixy', as we already have a stdout callback.
Skipping callback 'yaml', as we already have a stdout callback.
META: ran handlers
172.16.1.7 | CHANGED | rc=0 >>total        used        free      shared  buff/cache   available
Mem:           1.9G        132M        1.7G        9.5M        103M        1.7G
Swap:            0B          0B          0B
172.16.1.8 | CHANGED | rc=0 >>total        used        free      shared  buff/cache   available
Mem:           1.9G        130M        1.7G        9.5M        100M        1.7G
Swap:            0B          0B          0B
172.16.1.9 | CHANGED | rc=0 >>total        used        free      shared  buff/cache   available
Mem:           1.9G        133M        1.7G        9.5M        101M        1.7G
Swap:            0B          0B          0B
META: ran handlers
META: ran handlers
[master-61 root ~] # 

6、cron定时任务模块

官网文档:

https://docs.ansible.com/ansible/latest/modules/cron_module.html#cron-moduleicon-default.png?t=O83Ahttps://docs.ansible.com/ansible/latest/modules/cron_module.html#cron-module

cron模块用于管理定时任务的记录,编写任务

定时任务的记录,语法格式

* * * * *   要执行的命令

主要参数

name (必填)               定时任务的名称,通常是对任务的描述

job (必填)                   指定要执行的命令或脚本

minute                        指定定时任务的分钟部分,取值范围为 0-59

hour                            指定定时任务的小时部分,取值范围为 0-23

day                             指定定时任务的日期部分,取值范围为 1-31

month                         指定定时任务的月份部分,取值范围为 1-12

weekday                     指定定时任务的星期几部分,取值范围为 0-7,其中 0 和 7 都代表星期天

state                           指定定时任务的状态

user                            指定哪个用户的 crontab 中创建或修改该任务

添加ntpdate定时任务

添加每5分钟执行一次和阿里云时间同步

*/5  * * * *            ntpdate -u ntp.aliyun.com

ansible nfs -m cron -a "name='ntp aliyun' minute=*/5 job='ntpdate -u ntp.aliyun'"

删除定时任务

ansible nfs -m cron -a "name='ntp aliyun'  state=absent"

创建没分钟执行的任务;修改指定名称的定时任务

ansible nfs -m cron -a "name='test' job='echo "hello-world" >>/tmp/hello.log'"

ansible nfs -m cron -a "name='test' minute=30 hour=23  job='echo "hello-world" >>/tmp/hello.log'"

7、group模块

管理系统用户组的模块

官方文档:

ansible.builtin.group module – Add or remove groups — Ansible Community Documentationicon-default.png?t=O83Ahttps://docs.ansible.com/ansible/latest/collections/ansible/builtin/group_module.html#group

模块参数      参数描述
name            创建指定的组名
gid                组的GID
state             absent,移除远程主机的组
                     present,创建远端主机的组

创建nfs_ops组,gid=1234

ansible nfs -m group -a "name=nfs_ops gid=1234"

删除组

ansible nfs -m group -a "name=nfs_ops gid=1234 state=absent"

8、user用户模块

用户管理,也就是关于用户的

- uid
- 用户名
- 用户主组
- 用户附加组
- 创建用户
- 删除用户
- 创建关于用户的公私钥
- 用户过期时间
- 用户密码过期时间

官网文档:

ansible.builtin.user module – Manage user accounts — Ansible Community Documentationicon-default.png?t=O83Ahttps://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html#user-module

语法参数:

模块参数参数描述
create_home创建家目录,设置no则不创建家目录
group创建用户组
name创建用户的名字
password创建用户的密码
uid创建用户的UID
shell用户登录解释器
stateAbsent(删除用户)present(默认参数,创建)
expires账户过期时间

8.1创建一个test01用户,uid为8888

ansible nfs -m user -a "name=test01 uid=8888"

8.2创建test02用户,用户组,以及设置权限

[master-61 root ~] # ansible nfs -m group -a "name=test02 gid=1999"
172.16.1.31 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "gid": 1999, "name": "test02", "state": "present", "system": false
}
[master-61 root ~] # ansible nfs -m user -a "name=test02 uid=1999 group=1999 create_home=no shell=/sbin/nologin"
172.16.1.31 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "comment": "", "create_home": false, "group": 1999, "home": "/home/test02", "name": "test02", "shell": "/sbin/nologin", "state": "present", "system": false, "uid": 1999
}[master-61 root ~] # ansible nfs -m shell -a "id test02"
172.16.1.31 | CHANGED | rc=0 >>
uid=1999(test02) gid=1999(test02) groups=1999(test02)
[master-61 root ~] # 

9、yum模块

yum模块就是一个专门用于管理软件的模块。

官方文档:

ansible.builtin.yum_repository module – Add or remove YUM repositories — Ansible Community Documentationicon-default.png?t=O83Ahttps://docs.ansible.com/ansible/latest/collections/ansible/builtin/yum_repository_module.html#ansible-collections-ansible-builtin-yum-repository-module

语法参数:

name                安装、升级或卸载的软件包的名称,可以是单个包名,也可以是包名列表

state                  present:确保包已安装。如果包未安装,会进行安装。
                          absent:确保包已卸载。如果包安装了,会被卸载。
                          latest:确保包已安装最新版本。如果当前安装的版本不是最新,进行升级

list                      用于列出软件包的状态

                           installed:列出已安装的软件包。
                           updates:列出可用的更新包。
                            available:列出可安装的包

安装和卸载net-tools最新版本

ansible backup -m yum -a "name=net-tools state=latest"

ansible backup -m yum -a "name=net-tools state=absent"

10、mount挂载模块

官方文档:

ansible.posix.mount module – Control active and configured mount points — Ansible Community Documentationicon-default.png?t=O83Ahttps://docs.ansible.com/ansible/latest/collections/ansible/posix/mount_module.html#mount-

参数:

mounted         挂载设备且写入fstab
present           仅写入fstab 不挂载
absent            卸载且删除fstab记录
umounted       只卸载不删除fstab记录

给web-7机器挂载nfs目录(立即挂载且写入/etc/fstab)

[master-61 root ~] # ansible web -m mount -a "src='172.16.1.31:/nfs-data' path=/nfs-test fstype=nfs state=mounted"172.16.1.7 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "dump": "0", "fstab": "/etc/fstab", "fstype": "nfs", "name": "/nfs-test", "opts": "defaults", "passno": "0", "src": "172.16.1.31:/nfs-data"
}[master-61 root ~] # ansible web -a "df -h"
172.16.1.7 | CHANGED | rc=0 >>
Filesystem               Size  Used Avail Use% Mounted on
devtmpfs                 979M     0  979M   0% /dev
tmpfs                    991M     0  991M   0% /dev/shm
tmpfs                    991M  9.6M  981M   1% /run
tmpfs                    991M     0  991M   0% /sys/fs/cgroup
/dev/mapper/centos-root   37G  2.0G   35G   6% /
/dev/sda1               1014M  140M  875M  14% /boot
tmpfs                    199M     0  199M   0% /run/user/0
172.16.1.31:/nfs-data     37G  2.1G   35G   6% /nfs-test[master-61 root ~] # ansible web -a "cat /etc/fstab"
172.16.1.7 | CHANGED | rc=0 >>#
# /etc/fstab
# Created by anaconda on Mon Dec  2 16:09:14 2024
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=be2d80b1-e200-4660-9df5-23fcd50e25cb /boot                   xfs     defaults        0 0
#/dev/mapper/centos-swap swap                    swap    defaults        0 0
172.16.1.31:/nfs-data /nfs-test nfs defaults 0 0

取消挂载,只需要把state的mounted改成absent即可

11、archive压缩模块

官方文档:

community.general.archive module – Creates a compressed archive of one or more files or trees — Ansible Community Documentationicon-default.png?t=O83Ahttps://docs.ansible.com/ansible/latest/collections/community/general/archive_module.html

支持压缩类型

bz2

gz ← (default)

tar

xz

zip 

压缩/etc配置文件到指定路径

[master-61 root ~] # ansible web -m archive -a "path=/etc dest=/opt/etc.tgz"
172.16.1.7 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "archived": [
......], "arcroot": "//", "changed": true, "dest": "/opt/etc.tgz", "expanded_exclude_paths": [], "expanded_paths": ["/etc"], "gid": 0, "group": "root", "missing": [], "mode": "0644", "owner": "root", "size": 10278190, "state": "file", "uid": 0
}检查是否压缩成功
[master-61 root ~] # ansible web -a "ls /opt -l"
172.16.1.7 | CHANGED | rc=0 >>
total 10044
-rw-r--r-- 1 root root 10278190 Jan 16 15:24 etc.tgz[master-61 root ~] # ansible web -a "file /opt/etc.tgz"
172.16.1.7 | CHANGED | rc=0 >>
/opt/etc.tgz: gzip compressed data, was "/opt/etc.tgz", last modified: Thu Jan 16 15:24:14 2025, max compression

12、unarchive解压缩模块

官网文档:


ansible.builtin.unarchive module – Unpacks an archive after (optionally) copying it from the local machine — Ansible Community Documentationicon-default.png?t=O83Ahttps://docs.ansible.com/ansible/latest/collections/ansible/builtin/unarchive_module.html#examples

解压缩etc.tgz到指定目录(远程解压)

remote_src远程数据源

检查指定目录必须存在
[master-61 root ~] # ansible web -m file -a "path=/opt/etc_file state=directory"
172.16.1.7 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/etc_file", "size": 6, "state": "directory", "uid": 0
}解压缩etc.tgz
[master-61 root ~] # ansible web -m unarchive -a "src=/opt/etc.tgz dest=/opt/etcfile/ remote_src=yes"
172.16.1.7 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "dest": "/opt/etcfile/", "extract_results": {"cmd": ["/usr/bin/gtar", "--extract", "-C", "/opt/etcfile/", "-z", "-f", "/opt/etc.tgz"], "err": "", "out": "", "rc": 0}, "gid": 0, "group": "root", "handler": "TgzArchive", "mode": "0755", "owner": "root", "size": 17, "src": "/opt/etc.tgz", "state": "directory", "uid": 0
}查看是否解压缩成功
[master-61 root ~] # ansible web -a "ls /opt/etcfile/etc/"
172.16.1.7 | CHANGED | rc=0 >>
adjtime
......


http://www.ppmy.cn/server/159415.html

相关文章

接口防篡改+防重放攻击

接口防止重放攻击&#xff1a;重放攻击是指攻击者截获了一次有效请求(如交易请求),并在之后的时间里多次发送相同的请求&#xff0c;从而达到欺骗系统的目的。为了防止重放攻击&#xff0c;通常需要在系统中引入一种机制&#xff0c;使得每个请求都有一个唯一的标识符(如时间戳…

基础IO -- 动静态库(1)

目录 一、认识库 ​编辑 二、静态库 1&#xff09;粗略认识 2&#xff09;理解 一、认识库 C语言标准库&#xff1a; C标准库&#xff1a; 下面才是C的标准库&#xff0c;上面的只是配置过Vim后显示出来的 在Linux中&#xff0c;一般动态库以 .so结尾、静态库以 .a结尾 而在…

ZooKeeper 核心知识全解析:架构、角色、节点与应用

1.ZooKeeper 分布式锁怎么实现的 ZooKeeper 是一个高效的分布式协调服务&#xff0c;它提供了简单的原语集来构建更复杂的同步原语和协调数据结构。利用 ZooKeeper 实现分布式锁主要依赖于它的顺序节点&#xff08;Sequential Node&#xff09;特性以及临时节点&#xff08;Ep…

【SpringBoot】【log】 自定义logback日志配置

前言&#xff1a;默认情况下&#xff0c;SpringBoot内部使用logback作为系统日志实现的框架&#xff0c;将日志输出到控制台&#xff0c;不会写到日志文件。如果在application.properties或application.yml配置&#xff0c;这样只能配置简单的场景&#xff0c;保存路径、日志格…

【腾讯云】AI驱动TDSQL-C Serveress 数据库技术实战营-如何是从0到1体验电商可视化分析小助手得统计功能,一句话就能输出目标统计图

欢迎来到《小5讲堂》 这是《腾讯云》系列文章&#xff0c;每篇文章将以博主理解的角度展开讲解。 温馨提示&#xff1a;博主能力有限&#xff0c;理解水平有限&#xff0c;若有不对之处望指正&#xff01; 目录 背景效果图流程图创建数据库 基本信息数据库配置设置密码控制台开…

分频器code

理论学习 数字电路中时钟占有非常重要的地位。时间的计算都依靠时钟信号作为基本单元。一般而言&#xff0c;一块板子只有一个晶振&#xff0c;即只有一种频率的时钟&#xff0c;但是数字系统中&#xff0c;经常需要对基准时钟进行不同倍数的分频&#xff0c;进而得到各模块所需…

linux OutOfMemoryError 内存溢出排查

前言 内存溢出我会先分成两种情况。 一种是8g内存服务器分配给服务2g内存&#xff0c;导致服务内存溢出。 一种是8g内存服务器把内存全部分给服务导致的内存溢出。 也就是说一种是给服务加配置&#xff0c;一种需要调整服务的代码处理。 思路整理 日志排查 第一步应该是日志…

使用redis-cli命令实现redis crud操作

项目场景&#xff1a; 线上环境上redis中的key影响数据展示&#xff0c;需要删除。但环境特殊没办法通过 redis客户端工具直连。只能使用redis-cli命令来实现。 操作步骤&#xff1a; 1、确定redis安装的服务器&#xff1b; 2、找到redis的安装目录下 ##找到redis安装目…