ansible批量管理工具学习

ansible批量管理工具学习（一）

小张的知识杂货铺 2022-12-03 19:48 发表于浙江

收录于合集#ansible2个

centos7配置yum源

mkdir baklsmv *.repo bak/wget   -O   /etc/yum.repos.d/CentOS-Base.repo    http://mirrors.aliyun.com/repo/Centos-7.repoyum clean allyum makecacheyum  -y   install   epel-releaseyum clean allyum makecache

安装ansible

root@client yum.repos.d]# yum install ansible -yLoaded plugins: fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: mirrors.aliyun.com * epel: mirror.01link.hk * extras: mirrors.aliyun.com * updates: mirrors.aliyun.comResolving Dependencies--> Running transaction check---> Package ansible.noarch 0:2.9.27-1.el7 will be installed............
Installed:  ansible.noarch 0:2.9.27-1.el7Dependency Installed:  python-babel.noarch 0:0.9.6-8.el7                python-jinja2.noarch 0:2.7.2-4.el7  python-markupsafe.x86_64 0:0.11-10.el7           python-paramiko.noarch 0:2.1.1-9.el7  python2-httplib2.noarch 0:0.18.1-3.el7           python2-jmespath.noarch 0:0.9.4-2.el7  sshpass.x86_64 0:1.06-2.el7
Complete![root@client yum.repos.d]#
查看ansible版本信息[root@client ~]# ansible --versionansible 2.9.27  config file = /etc/ansible/ansible.cfg  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']  ansible python module location = /usr/lib/python2.7/site-packages/ansible  executable location = /usr/bin/ansible  python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

ansible相关文件

[root@client ~]# ll /etc/ansible/total 24-rw-r--r--. 1 root root 19985 Jan 16  2022 ansible.cfg-rw-r--r--. 1 root root  1016 Jan 16  2022 hostsdrwxr-xr-x. 2 root root     6 Jan 16  2022 roles/etc/ansible/ansible.cfg  主机配置文件/etc/ansible/hosts        主机清单/etc/ansible/roles        存放角色目录   

ansible命令

#列出所有模块ansible-doc -l#查看指定模块的帮助用法ansible-doc ping#查看指定模块的帮助用法ansible-doc -s ping选项说明:--version          #显示版本-m module          #指定模块。默认为command-v                 #详细过程 -vv -vvv更详细--list-hosts       #显示主机列表 可简写 --list-k，--ask-pass     #提示输入ssh连接密码。默认key验证-c，--check        #检查，并不执行-T，--timeout=     #执行命令的超时时间，默认10s-u，--user=user    #执行远程执行的用户-b，--become       #代替旧版的sudo切换--become-user=user #指定sudo用的runas用户，默认root-k，--ask-become-pass#提示输入sudo时的口令

#配置文件的主机名称[root@ansible ~]# cat /etc/ansible/hosts文件最后位置## db-[99:101]-node.example.com[websrvs]192.168.160.[129:130]
[dbsrvs]192.168.160.130
[appssrvs]192.168.160.[128:130]
#ping主机ALL：表示所有inventory中的所有主机[root@ansible ~]# ansible all  -m  ping192.168.160.129 | SUCCESS => {    "ansible_facts": {        "discovered_interpreter_python": "/usr/bin/python"    },    "changed": false,    "ping": "pong"}192.168.160.130 | SUCCESS => {......}192.168.160.128 | SUCCESS => { ......}
#查看分组机器信息[root@ansible ~]# ansible appssrvs --list-hosts  hosts (3):    192.168.160.128    192.168.160.129    192.168.160.130
#通配符 * ansible "*" -m pingansible 192.168.160.* -m pingansible "*" --list-hosts或关系128或130ansible 192.168.160.128:192.168.160.130 -m pingansible "websrvs:dbsrvs" -m ping逻辑与在websrvs组并且在dbsrvs组中的主机ansible "websrvs:&dbsrvs" -m ping逻辑非在websrvs组中，单不在dbsrvs组中的主机（单引号）ansible 'websrvs:!dbsrvs' -m ping正则表达式ansible "~(web|db)srvs" -m ping以wang用户执行ping存活检测ansible all -m ping -u wang -k

ansible命令执行过程

1.加载自己的配置文件默认/etc/ansible/ansible.cfg2.加载自己对应的模块文件，如：command3.通过ansible将模块或命令生成对应的临时py文件，并将该文件传输只远程服务器的对应执行用户$HOME/.ansible/tmp/ansible-tmp-数字/xxx.py文件4.给文件+x执行5.执行并返回结果6.删除临时py文件，退出#查看执行过程ansible "~(web|db)srvs" -v -m  pingansible "~(web|db)srvs" -vv -m  pingansible "~(web|db)srvs" -vvv -m  ping

ansible相关模块

ansible-galaxy

#查看ansible-galaxy list#安装ansible-galaxy install geerlingguy.mysql#卸载ansible-galaxy remove  geerlingguy.mysql

ansible-playbook

ansible-vault encrypt hello.yml #加密文件ansible-vault decrypt hello.yml #解密文件ansible-vault rekey hello.yml   #修改加密密码

ansible-console

[root@ansible ~]# ansible-consoleWelcome to the ansible console.Type help or ? to list commands.
root@all (3)[f:5]$ list192.168.160.130192.168.160.128192.168.160.129root@all (3)[f:5]$ cd appssrvsroot@appssrvs (3)[f:5]$ list192.168.160.128192.168.160.129192.168.160.130root@appssrvs (3)[f:5]$ cd websrvsroot@websrvs (2)[f:5]$ list192.168.160.129192.168.160.130
切换组：cd 主机组 设置并发数；forks n  列出当前组主机列表：list

ansible-常用模块

commadn模块

功能：远程主机上执行命令，默认模块，可以忽略-m选项[root@ansible ~]# ansible websrvs -m command -a 'cat /etc/redhat-release'192.168.160.129 | CHANGED | rc=0 >>CentOS Linux release 7.6.1810 (Core)192.168.160.130 | CHANGED | rc=0 >>CentOS Linux release 7.6.1810 (Core)[root@ansible ~]# ansible websrvs -m command -a 'chdir=/etc cat redhat-release'192.168.160.129 | CHANGED | rc=0 >>CentOS Linux release 7.6.1810 (Core)192.168.160.130 | CHANGED | rc=0 >>CentOS Linux release 7.6.1810 (Core)
[root@ansible ~]# ansible all -m command -a 'removes=/tmp/test.txt cat /etc/redhat-release'192.168.160.130 | CHANGED | rc=0 >>CentOS Linux release 7.6.1810 (Core)192.168.160.128 | SUCCESS | rc=0 >>skipped, since /tmp/test.txt does not exist192.168.160.129 | CHANGED | rc=0 >>CentOS Linux release 7.6.1810 (Core)[root@ansible ~]# ansible all -m command -a 'creates=/tmp/test.txt cat /etc/redhat-release'192.168.160.130 | SUCCESS | rc=0 >>skipped, since /tmp/test.txt exists192.168.160.129 | SUCCESS | rc=0 >>skipped, since /tmp/test.txt exists192.168.160.128 | CHANGED | rc=0 >>CentOS Linux release 7.6.1810 (Core)

shell模块

功能：和command类似，用shell执行命令#查看主机名[root@ansible ~]# ansible all -m shell -a 'echo $HOSTNAME'192.168.160.130 | CHANGED | rc=0 >>clinet1192.168.160.128 | CHANGED | rc=0 >>ansible192.168.160.129 | CHANGED | rc=0 >>client#修改密码[root@ansible ~]# ansible all -m shell -a 'echo 123456| passwd --stdin root '192.168.160.130 | CHANGED | rc=0 >>Changing password for user root.passwd: all authentication tokens updated successfully.192.168.160.129 | CHANGED | rc=0 >>Changing password for user root.passwd: all authentication tokens updated successfully.192.168.160.128 | CHANGED | rc=0 >>Changing password for user root.passwd: all authentication tokens updated successfully.
[root@ansible ~]# ansible all -m shell -a 'echo hello >/tmp/hello.log '192.168.160.128 | CHANGED | rc=0 >>
192.168.160.130 | CHANGED | rc=0 >>
192.168.160.129 | CHANGED | rc=0 >>
[root@ansible ~]# ansible all -m shell -a 'ls -l /tmp/hello.log '192.168.160.128 | CHANGED | rc=0 >>-rw-r--r-- 1 root root 6 Dec  1 20:51 /tmp/hello.log192.168.160.129 | CHANGED | rc=0 >>-rw-r--r-- 1 root root 6 Dec  1 20:51 /tmp/hello.log192.168.160.130 | CHANGED | rc=0 >>-rw-r--r-- 1 root root 6 Dec  1 20:51 /tmp/hello.log#查看文件removes文件存在就执行后面的命令[root@ansible ~]# ansible all -m shell -a ' chdir=/tmp  removes=/etc/issue cat /tmp/hello.log '192.168.160.130 | CHANGED | rc=0 >>hello192.168.160.128 | CHANGED | rc=0 >>hello192.168.160.129 | CHANGED | rc=0 >>hello#查看文件，文件存在就不执行后面的命令（creates）[root@ansible ~]# ansible all -m shell -a ' chdir=/tmp  creates=/etc/issue cat /tmp/hello.log '192.168.160.128 | SUCCESS | rc=0 >>skipped, since /etc/issue exists192.168.160.130 | SUCCESS | rc=0 >>skipped, since /etc/issue exists192.168.160.129 | SUCCESS | rc=0 >>skipped, since /etc/issue exists
#修改ansible默认模块为shell模块[root@ansible ~]# vim /etc/ansible/ansible.cfg# default module name for /usr/bin/ansible#module_name = commandmodule_name = shell

script模块

功能：在远程主机上运行ansible服务器上的脚本
ansible websrvs -m script -a  '/root/test.sh'

copy模块

功能：将ansible服务器主控端复制文件到远程主机#直接在远端生成文件ansible websrvs -m copy -a "content='test line1\ntest line2' dest=/tmp/test.txt"#拷贝文件到远端服务器ansible websrvs -m copy -a "src=/etc/redhat-release dest=/tmp/os.txt"#拷贝文件夹到远端ansible websrvs -m copy -a "src=/etc/sysconfig dest=/tmp/"

fetch模块

功能：从远程主机提取文件到ansible的主控端，copy相反，目前不支持目录#提取远程主机版本信息ansible all -m fetch -a 'src=/etc/redhat-release dest=/tmp/release'
[root@ansible ~]# tree /tmp/release//tmp/release/├── 192.168.160.128│   └── etc│       └── redhat-release├── 192.168.160.129│   └── etc│       └── redhat-release└── 192.168.160.130    └── etc        └── redhat-release
6 directories, 3 file

file模块

功能：设置文件属性#创建空文件ansible websrvs -m file -a 'path=/tmp/test111.txt state=touch'#删除文件ansible websrvs -m file -a 'path=/tmp/test111.txt state=absent'#创建目录并修改目录属性ansible websrvs -m file -a "path=/tmp/ceshi state=directory owner=test group=test"#创建软连接ansible websrvs -m file -a 'src=/tmp/test.txt dest=/tmp/os.txt-link state=link'
[root@client ~]# ll /tmp/total 16drwxr-xr-x  2 test test    6 Dec  2 19:42 ceshidrwxr-xr-x  2 root root    6 Dec  2 19:39 mysql-rw-r--r--  1 root root   38 Dec  2 12:31 os.txtlrwxrwxrwx  1 root root   13 Dec  2 19:45 os.txt-link -> /tmp/test.txtdrwx------  3 root root   17 Dec  2 12:09 systemd-private-da01c930b85a45cd9c96230851426d44-chronyd.service-tu4Vtsdrwx------  3 root root   17 Dec  2 12:09 systemd-private-da01c930b85a45cd9c96230851426d44-cups.service-0Fldo3drwxr-xr-x  2 root root    6 Dec  2 19:41 test-rw-r--r--  1 root root   21 Dec  2 12:29 test.txtdrwx------  2 root root    6 Dec  1 10:20 vmware-root_6190-1002485829drwx------  2 root root    6 Dec  2 12:09 vmware-root_6266-692817840-rw-------. 1 root root 1927 Nov 30 10:03 yum_save_tx.2022-11-30.10-03.xDXfGb.yumtx-rw-------. 1 root root 1927 Nov 30 10:10 yum_save_tx.2022-11-30.10-10.NBMhSW.yumtx[root@client ~

unarchive模块

功能：解包解压缩两种用法：1.将ansible主机上的压缩包传到远程主机后解压缩至特定目录，设置copy=yes2.将远程主机上的某个压缩包解压到指定路径下，设置copy=no#将etc打包tar zcvf /root/etc.tar.gz /etc#将ansible主机上etc.tar.gz 用户解压到目标主机目录下，并修改所属用户ansible websrvs -m unarchive -a 'src=/root/etc.tar.gz dest=/tmp/data/ owner=test'#将压缩包拷贝到远程主机ansible websrvs -m copy -a 'src=/root/etc.tar.gz dest=/tmp/data'#本地解压压缩包到/opt目录下，需要添加copy=no参数，说明包在本地不需要拷贝过去ansible websrvs -m unarchive -a 'src=/tmp/data/etc.tar.gz dest=/opt/  mode=700 copy=no'

archive模块

功能：打包压缩#将ansible主机的的/var/log/打包压缩并复制到远端主机的目录下ansible websrvs -m archive -a 'path=/var/log/ dest=/tmp/data/log.tar.gz format=tar owner=test mode=0600'#查看打包的文件[root@ansible ~]# ansible websrvs  -a 'ls -l /tmp/data'192.168.160.129 | CHANGED | rc=0 >>total 22016-rw-r--r--   1 root root 11756951 Dec  3 15:05 etc.tar.gz-rw-------   1 test root 10772480 Dec  3 15:14 log.tar.gz192.168.160.130 | CHANGED | rc=0 >>total 22216-rw-r--r-- 1 root root 11756951 Dec  3 15:05 etc.tar.gz-rw------- 1 test root 10987520 Dec  3 15:14 log.tar.gz

hostname模块

功能：管理主机名#修改主机名ansible 192.168.160.130 -m hostname -a 'name=centos7-study'ansible 192.168.160.129 -m hostname -a  'name=centos7-study_1'#查看修改后主机名[root@ansible ~]# ansible all -a  'hostname'192.168.160.129 | CHANGED | rc=0 >>centos7-study_1192.168.160.130 | CHANGED | rc=0 >>centos7-study192.168.160.128 | CHANGED | rc=0 >>ansible

cron模块

功能：计划任务支持时间：minute.hour.day.month.weekday分-小时-天-月-周
#创建计划任务ansible dbsrvs -m cron -a 'hour=2 minute=30 weekday=1-5 name="backup" job=/root/backup.sh'#查看计划任务[root@ansible ~]# ansible dbsrvs -a 'crontab -l'192.168.160.130 | CHANGED | rc=0 >>#Ansible: backup30 2 * * 1-5 /root/backup.sh#2点30 每周一到周五#禁用计划任务ansible dbsrvs -m cron -a 'hour=2 minute=30 weekday=1-5 name="backup" job=/root/backup.sh disabled=yes''
[root@ansible ~]# ansible dbsrvs -a 'crontab -l'192.168.160.130 | CHANGED | rc=0 >>#Ansible: backup#30 2 * * 1-5 /root/backup.sh
#启用计划任务ansible dbsrvs -m cron -a 'hour=2 minute=30 weekday=1-5 name="backup" job=/root/backup.sh disabled=no'
删除计划任务ansible dbsrvs -m cron -a 'name='backup' state=absent'

yum模块

功能:管理软件包，只支持rehl，centos 不支持ubuntu其他版本#安装yum包ansible websrvs -m yum -a "name=httpd"#卸载软件包ansible websrvs -m yum -a "name=httpd state=absent

service模块

功能：管理服务#启动服务ansible websrvs -m service -a "name=httpd state=started"#停止服务ansible websrvs -m service -a "name=httpd state=stopped"#启动服务设置开机启动ansible websrvs -m service -a "name=httpd state=started enabled=yes"#修改端口ansible websrvs -m shell -a "sed -i 's/^Listen 80/Listen 8080/' /etc/httpd/conf/httpd.conf"#重启服务ansible websrvs -m service -a "name=httpd state=restarted"#查看端口ss -ntl

group模块

功能：管理组#新建组并指定idansible websrvs -m group -a 'name=ceshi gid=88 system=yes'#删除组ansible websrvs -m group -a 'name=ceshi state=absent'

user模块

功能：管理用户#新建用户指定用户组和家目录ansible websrvs -m user -a 'name=user1 comment="test user" uid=2048 home=/tmp/user1 group=test'#删除用户寄家目录ansible websrvs -m user -a 'name=user1 state=absent remove=yes'

lineinfile模块

功能：相当于sed，可以修改文件内容#修改文件内容ansible all -m lineinfile -a "path=/etc/selinux/config regexp='^SELINUX=' line='SELINUX=enforcing'"ansible all -m lineinfile -a "path=/etc/selinux/config regexp='^SELINUX=' line='SELINUX=disabled'"#将fstab文件注释行删除ansible  all -m lineinfile -a 'dest=/etc/fstab state=absent regexp="^#"'

replace模块

功能：类似于sed，主要基于正则进行匹配和替换#修改文件将uuid开头全部注释ansible all -m replace -a "path=/etc/fstab regexp='^(UUID.*)' replace='#\1'"#修改文件将#开头全部改回ansible all -m replace -a "path=/etc/fstab regexp='^#(.*)' replace='\1'"

setup模块

功能：用来收集主机的系统信息#查看主机全部信息ansible websrvs -m setup#过滤信息ansible all -m setup -a 'filter=ansible_distribution_major_version'ansible all -m setup -a 'filter=ansible_python_version'ansible all -m setup -a 'filter=ansible_nodename'ansible all -m setup -a 'filter=ansible_domain'ansible all -m setup -a 'filter=ansible_memory_mb'ansible all -m setup -a 'filter=ansible_memtotal_mb'ansible all -m setup -a 'filter=ansible_nodename'ansible all -m setup -a 'filter=ansible_domain'ansible all -m setup -a 'filter=ansible_memory_mb'ansible all -m setup -a 'filter=ansible_os_family'ansible all -m setup -a 'filter=ansible_all_ipv4_addresses'ansible all -m setup -a 'filter=ansible_processor_vcpus'

 

 

 

小张的知识杂货铺

日常学习技术分享，带你体会学习的乐趣

15篇原创内容

公众号

关注小张的知识杂货铺，让我们一起学习一起进步

 

 

 

收录于合集 #ansible

 2个

上一篇自动化运维工具ansible

阅读 184

分享收藏

赞在看

 

小张的知识杂货铺

15篇原创内容

关注