Use Ansible-2.9.27 Modular on openEuler

一、Use Ansible-2.9.27 Modular  on openEuler

1 地址

• https://docs.ansible.com/ansible/latest/collections/index.html

2 ad-hoc 概述

ad-hoc是临时命令，执行完就结束了，可以执行简单的任务。如：临时批量查看被控制的机器版本进程拷贝等等。

命令格式：ansible    iyuyixyz    -m      command    -a       'cat /etc/openEuler-release'
格式说明：命令        主机名称    指定模块  模块名称  模块动作      执行命令

返回结果的颜色：绿色，黄色，红色，粉色。

3 ad-hoc模式的模块

command
shell
scripts
yum
yum_repository
copy
file
mount
service
cron
iptables
firewalld
get_url

 

二、常用模块

1 command 模块

官方链接：https://docs.ansible.com/ansible/latest/collections/ansible/builtin/command_module.html#ansible-collections-ansible-builtin-command-module

不支持管道及特殊符号，需使用 shell 模块

[root@manage ~]# ansible 10.0.1.51 -a 'df -h'
###
[root@manage ~]# ansible 10.0.1.51 -a 'ip a |grep ens33'
[WARNING]: Platform linux on host 10.0.1.51 is using the discovered Python interpreter at
/usr/bin/python3, but future installation of another Python interpreter could change this.
See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for
more information.
10.0.1.51 | FAILED | rc=255 >>
Command "|grep" is unknown, try "ip address help".non-zero return code

2 shell 模块

###
[root@manage ~]# ansible 10.0.1.51 -m shell -a 'ip a |grep ens33'
[WARNING]: Platform linux on host 10.0.1.51 is using the discovered Python interpreter at
/usr/bin/python3, but future installation of another Python interpreter could change this.
See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for
more information.
10.0.1.51 | CHANGED | rc=0 >>
3: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 10.0.1.51/24 brd 10.0.1.255 scope global noprefixroute ens33

3 script模块

### 管理节点上创建一个脚本
cat > /opt/xyz.sh << EOF
touch /opt/xyz.txt
EOF
### 
chmod +x /opt/xyz.sh
### 
[root@manage ~]# ansible 10.0.1.51 -m script -a '/opt/xyz.sh'
10.0.1.51 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 10.0.1.51 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 10.0.1.51 closed."
    ],
    "stdout": "",
    "stdout_lines": []
}
### 测试
[root@manage ~]# ansible 10.0.1.51 -m shell -a 'ls -l /opt'
[WARNING]: Platform linux on host 10.0.1.51 is using the discovered Python interpreter at
/usr/bin/python3, but future installation of another Python interpreter could change this.
See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for
more information.
10.0.1.51 | CHANGED | rc=0 >>
total 16
drwxr-xr-x. 2 rsyncxyz rsyncxyz 4096 Nov 24 14:31 backupxyz
drwxr-xr-x  3 root     root     4096 Nov 25 22:19 nfs
drwxr-xr-x. 2 root     root     4096 Nov 23 15:48 software
-rw-r--r--  1 root     root        0 Nov 27 17:10 xyz.txt

4 yum 模块

官方链接：https://docs.ansible.com/ansible/latest/collections/ansible/builtin/yum_module.html#ansible-collections-ansible-builtin-yum-module

yum 模块参数	说明
name	指定安装软件名字，可以安装多个软件
state	状态present 或者 installed 安装，absent或者removed删除，latest更新
exclude	安装软件时，可以排除
enablerepo	安装软件时临时开启被关闭的yum源
disablerepo	安装软件，不从哪些仓库获取，可以多个
download_only=true	仅下载软件包，不安装

### 下载并安装
ansible 10.0.1.51 -m yum -a 'name=https://repo.openeuler.org/openEuler-22.09/everything/x86_64/Packages/httpd-2.4.51-11.oe2209.x86_64.rpm state=installed'
### 安装最新的httpd
ansible 10.0.1.51 -m yum -a 'name=httpd state=latest'
### 删除
ansible 10.0.1.51 -m yum -a 'name=tree state=removed'
###
[root@manage ~]# ansible 10.0.1.51 -m yum -a 'name=lrzsz state=installed download_only=true'
[WARNING]: Platform linux on host 10.0.1.51 is using the discovered Python interpreter at
/usr/bin/python3, but future installation of another Python interpreter could change this.
See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for
more information.
10.0.1.51 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": true,
    "msg": "",
    "rc": 0,
    "results": [
        "Downloaded: lrzsz-0.12.20-46.oe2209.x86_64"
    ]
}
### 在 10.0.1.51 节点上查找 lrzsz 软件包
[root@backup01 ~]# find /var -name lrzsz*
/var/cache/dnf/OS-cf29f1d2ac8cd409/packages/lrzsz-0.12.20-46.oe2209.x86_64.rpm

5 copy 模块

copy 参数	说明
src	源文件信息
dest	目标路径
backup	是否开启备份，目标存在，覆盖之前进行备份
conten	被管理端文件中增加内容
owner	远端文件属主信息
group	远端文件属组信息
mode	远端文件权限信息

echo ' huaxiayuyi copy ' > /opt/tmp.txt
### 智能功能 目录不存在会自动创建
ansible 10.0.1.51 -m copy -a 'src=/opt/tmp.txt dest=/tmp/xyz/'
### 测试
ansible 10.0.1.51 -m command -a 'cat /tmp/tmp.txt'

### backup
echo ' huaxiayuyi backup' > /opt/backup.txt
ansible 10.0.1.51 -m copy -a 'src=/opt/backup.txt dest=/tmp/xyz/ backup=yes'

### 复制并修改所有者与权限
ansible 10.0.1.51 -m copy -a 'src=/opt/tmp.txt dest=/tmp/xyz/ owner=nobody group=nobody mode=666'

### content 非追加操作，重定向 >
ansible 10.0.1.51 -m copy -a 'content=' iyuyi.xyz@aliyun.com ' dest=/tmp/email.txt'
### 测试
ansible 10.0.1.51 -m command -a 'cat /tmp/email.txt'

6 file 模块

### path=路径或者文件
### state=directory,touch,link,absent

### 创建目录
ansible 10.0.1.51 -m file -a 'path=/opt/home/xyz state=directory' 

### 创建文件
ansible 10.0.1.51 -m file -a 'path=/opt/home/xyz.txt state=touch'

### 测试
ansible 10.0.1.51 -m command -a 'll /opt/home'

### 递归修改目录 所有者
### recurse=yes 且 state=directory 才会生效
ansible 10.0.1.51 -m file -a 'path=/opt/home state=directory owner=nobody mode=666 recurse=yes'

### 测试
ansible 10.0.1.51 -m command -a 'll /opt/home'

7 get_url 模块

get_url module – Downloads files from HTTP, HTTPS, or FTP to node

### url   具体链接地址
### dest  下载到被控端的哪个目录下
### checksum 校验

ansible 10.0.1.51 -m get_url -a 'url=xxx dest=/opt/softwate'

8 yum_repository 模块

### 参考 /etc/yum.repos.d/目录下的文件
### name yum源名字
### description 描述信息[必须]
### baseurl
### enabled
### state
###
ansible 10.0.1.51 -m yum_repository -a 'name=docker-iyuyixyz description="docker iyuyixyz repo" baseurl="http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo"' enabled=no state=present

### 测试
ansible 10.0.1.51 -m command -a 'cat /etc/yum.repos.d/docker-iyuyixyz.repo'

9 service 模块

### name 服务名称
### state started,stopped,restarted,reloaded
### enabled

###启动httpd服务，并加入开机启动
ansible 10.0.1.51 -m service -a 'name=httpd stated enabled=yes'

10 user/group 模块

### name 创建的组名
### gid  组的gid
### state absent,present
### 添加组
ansible 10.0.1.51 -m group -a 'name=gapp gid=6666'

### uid      用户uid
### group    用户组名称
### groups   附加组名称
### password 添加密码
### shell	用户登录shell
### create_home 是否创建家目录
### state absent,present

### 添加用户
ansible 10.0.1.51 -m user -a 'name=uapp uid=6666 group=gapp shell=/sbin/nologin create_home=no'
### 查看添加的用户
ansible 10.0.1.51 -a 'id uapp'

### 删除用户
ansible 10.0.1.51 -m user -a 'name=uapp state=absent'

### 生成密码
ansible localhost -m debug -a "msg={{ 'tom' | password_hash('sha512', 'salt')}}"
ansible localhost -m debug -a "msg={{ 'tom' | password_hash('md5', 'salt')}}"

ansible 10.0.1.51 -m user -a "name=tom  password='输入生成密码'"

11 cron 模块

参数	说明
name	This parameter is always required as of ansible-core 2.12.
* * * * *	分时天月周
job	执行的命令 cmd
state	present(default)/absent
disabled	注释定时任务

### 
[root@manage ~]# ansible 10.0.1.51 -m cron -a 'name="exec df -h" minute="*/1" job="df -h &> /tmp/dfh.txt"'
10.0.1.51 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": true,
    "envs": [],
    "jobs": [
        "exec df -h"
    ]
}

### 查看定时任务
[root@manage ~]# ansible 10.0.1.51 -a 'crontab -l'
10.0.1.51 | CHANGED | rc=0 >>
#Ansible: exec df -h
*/1 * * * * df -h &> /tmp/dfh.txt

### 注释定时任务
[root@manage ~]# ansible 10.0.1.51 -m cron -a 'name="exec df -h" state=present disabled=yes job="df -h &> /tmp/dfh.txt"'
10.0.1.51 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": true,
    "envs": [],
    "jobs": [
        "exec df -h"
    ]
}

[root@manage ~]# ansible 10.0.1.51 -a 'crontab -l'
10.0.1.51 | CHANGED | rc=0 >>
#Ansible: exec df -h
#* * * * * df -h &> /tmp/dfh.txt

### 删除定时任务
[root@manage ~]# ansible 10.0.1.51 -m cron -a 'name="exec df -h" state=absent'
10.0.1.51 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": true,
    "envs": [],
    "jobs": []
}

Execute Crond Service on openEuler：https://www.cnblogs.com/huaxiayuyi/p/16931669.html

12 mount 磁盘挂载模块 [综合练习]

1. present ## 开机挂载并将配置写入/etc/fstab
2. mounted ## 挂载设备并将配置写入/etc/fstab
3. unmounted ## 卸载设备，不会清除 /etc/fstab 写入的配置
4. absent    ## 卸载设备，会清除 /etc/fstab 写入的配置

mkdir -p /opt/ansible/config
### 主机清单
### 10.0.1.51 客户端
### 10.0.1.55 服务端
cat > /opt/ansible/config/hosts << EOF
[iyuyixyz]
10.0.1.51 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='xxx'
10.0.1.55 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='xxx'
EOF

### 安装nfs
ansible iyuyixyz -i /opt/ansible/config/hosts -m dnf -a 'name=nfs-utils state=present'
### 创建组
ansible iyuyixyz -i /opt/ansible/config/hosts -m group -a 'name=xyz gid=2003'
### 生成密码：xyz
[root@manage opt]# ansible localhost -m debug -a "msg={{ 'xyz' | password_hash('md5', 'salt')}}"
localhost | SUCCESS => {
    "msg": "$1$salt$ZPEfJLOBIosaDRiGs/P/2/"
}
### 创建用户 并设置密码
ansible iyuyixyz -i /opt/ansible/config/hosts -m user -a 'name=iyuyixyz uid=1004 group=xyz password='$1$salt$ZPEfJLOBIosaDRiGs/P/2/''
### 查询用户和组
ansible iyuyixyz -i /opt/ansible/config/hosts -m command -a 'id iyuyixyz'
###
ansible 10.0.1.55 -m copy -a 'content="/opt/nfs/data 10.0.1.0/24(rw,no_subtree_check,all_squash,anonuid=1004,anongid=2003)" \
dest=/etc/exports backup=yes mode=600'
### 配置重新加载
ansible 10.0.1.55 -m command -a 'exportfs -arv'
### 查看是否备份
ansible 10.0.1.55 -m command -a 'ls -l /etc/exports*'
### 
ansible 10.0.1.55 -m command -a 'cat /etc/exports'

### 创建目录 并修改权限
[root@manage ~]# ansible 10.0.1.55 -i /opt/ansible/config/hosts -m file -a 'path=/opt/nfs/data state=directory owner=iyuyixyz group=xyz'
10.0.1.55 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": true,
    "gid": 2003,
    "group": "xyz",
    "mode": "0755",
    "owner": "iyuyixyz",
    "path": "/opt/nfs/data",
    "size": 4096,
    "state": "directory",
    "uid": 1004
}
### 查看权限是否修改
ansible 10.0.1.55 -m command -a 'ls -l /opt/nfs'

### 启动服务
ansible iyuyixyz -i /opt/ansible/config/hosts -m service -a 'name=rpcbind state=started enabled=yes'
ansible iyuyixyz -i /opt/ansible/config/hosts -m service -a 'name=nfs state=started enabled=yes'

### 本地测试[本地挂载]
[root@manage ~]# ansible 10.0.1.51 -m mount -a 'src=10.0.1.55:/opt/nfs/data path=/opt/buckup/data fstype=nfs state=mounted'
10.0.1.51 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": true,
    "dump": "0",
    "fstab": "/etc/fstab",
    "fstype": "nfs",
    "name": "/opt/buckup/data",
    "opts": "defaults",
    "passno": "0",
    "src": "10.0.1.55:/opt/nfs/data"
}
### 测试是否成功
ansible 10.0.1.51 -m shell -a 'df -h |grep 10.0.1.55'
ansible 10.0.1.51 -m shell -a 'tail -1 /etc/fstab'

### 创建文件
ansible 10.0.1.51 -m shell -a 'touch /opt/buckup/data/xyz{1..10}.txt'
ansible 10.0.1.55 -m command -a 'ls -l /opt/nfs/data'

### 客户端实现挂载
ansible iyuyixyz -i /opt/ansible/config/hosts -m mount -a 'src=10.0.1.55:/opt/nfs/data path=/opt/buckup/data fstype=nfs state=mounted'

Use nfs Storage Service on openEuler：https://www.cnblogs.com/huaxiayuyi/p/16922116.html

Ansible Playbook 部署剧本：https://www.cnblogs.com/huaxiayuyi/p/16933631.html

官方链接：https://docs.ansible.com/ansible/latest/collections/ansible/posix/mount_module.html#ansible-collections-ansible-posix-mount-module

13 iptables 模块

 防火墙管理模块主要分为Selinux与Firewalld

Seliunx 防火墙

ansible ansible iyuyixyz -i /opt/ansible/config/hosts -m selinux -a 'state=disabled' 

Firewalld 防火墙

(补)

 

X、One Step Success

1 帮助命令

### 查询模块
ansible-doc -l
### 查询某个模块
ansible-doc -s ping

### 查询有多少模块
ansible-doc -l | wc -l

 

Y、Error message

 

 

Z、Related Links

Installing Ansible-2.9.27 Inventory Use on openEuler：https://www.cnblogs.com/huaxiayuyi/p/16928621.html

Ansible-2.9.27 Playbook Use on openEuler：https://www.cnblogs.com/huaxiayuyi/p/16933631.html