ansible

1.ansible准备
配置yum
Yum install ansible-core.x86_64 -y
Vim /etc/host
192.168.101.128 ansible
192.168.101.129 host1
192.168.101.130 host2
192.168.101.131 host3
192.168.101.132 host4

Vim /etc/ ansible/hosts(主机清单)
Host1
Host2
Host3
Host4

Ssh-keygen(生成密钥)
Ssh-copy-id 192.168.101.129（发送密钥）
Ssh root@192.168.101.129（登录）
Vim /etc/ansible/hosts(主机清单)
Ansible localhost -m ping
Ansible host1 -m ping
Ansible host2 -m ping -o （-o简洁输出)
Ansible host2 -m ping -o -u root -k (免密)

2.分组管理
Vim /etc/ansible/hosts(主机清单)

[webserver]
192.168.101.128 ansible
192.168.101.129 host1
192.168.101.130 host2
192.168.101.131 host3
192.168.101.132 host4
Ansible webserver -m ping -o -u root -k

[webserver]
192.168.101.128 ansible_ssh_user=’root’ ansible_ansible_ssh_pass=’123’
192.168.101.129 host1_ssh_user=’root’ host1_ssh_pass=’123’
192.168.101.130 host2_ssh_user=’root’ host2_ssh_pass=’123’
192.168.101.131 host3_ssh_user=’root’ host3_ssh_pass=’123’
192.168.101.132 host4_ssh_user=’root’ host4_ssh_pass=’123’
[webserver]
192.168.101.128 ansible
192.168.101.131 host3
192.168.101.132 host4
192.168.101.131 host3
192.168.101.132 host4
[webserver:vars]
host1_ssh_user=’root’
host1_ssh_pass=’123

子分组
[apacheserver]
192.168.101.129 host1
192.168.101.130 host2
[tomcatserver]
192.168.101.131 host3
192.168.101.132 host4
[webserver:children]
apacheserver
tomcatserver

3.自定义主机列表
Mv /etc/ansible/hosts /opt
Ansible -i hosts webserver -m ping -o (用-i指出并连接)
Copy
ansible w -m copy -a 'src=/etc/hosts dest=/opt/B.txt owner=root group=bin mode=777'
Src:源
Dest：目的地
ansible w -m copy -a 'src=/etc/hosts dest=/opt/B.txt owner=root group=bin mode=777 backup=yes'
backup=yes：备份
4.用户管理
创建fff
ansible w -m user -a ‘name=fff state=present’
密码
Echo ‘321’ |openssl passwd -1 -stdin (openssl--加密 1--加密类型 stdin--标准输入)

$1$P5OpkLeF$RbuecC9KVuhfR8mqHdBxB.

Ansible w -m user -a ‘name=fff password=”$1$P5OpkLeF$RbuecC9KVuhfR8mqHdBxB.”’
修改shell
ansible all -m user -a "name=student shell=/sbin/nologin create_home=yes"
(/sbin/nologin --不可登录 /sbin/bash--可登录 )
host1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1003,
"home": "/home/student",
"name": "student",
"shell": "/sbin/nologin",
"state": "present",
"system": false,
"uid": 1003
}
删除用户
ansible all -m user -a "name=student state=absent"

6.软件包管理
ansible w -m yum -a 'name="bind" state=latest'
ansible w -m yum -a 'name="" state=latest'
（全部安装）

ansible w -m yum -a 'name="httpd" state=latest'
ansible w -m service -a 'name="httpd" state=started'

7.文件模块
ansible w -m file -a 'path=/tmp/99.txt mode=777 state=touch '
ansible w -m file -a 'path=/tmp/9 mode=777 state=directory
8.收集模块
ansible host1 -m setup
ansible host1 -m setup -a 'filter=ansible_processor'(收集cpu信息)
ansible host1 -m setup -a 'filter=ansible_all_ipv4.addresses'
8.fetch
ansible host1 -m fetch -a 'src=/tmp/A/e.txt dest=/'
Src：在远程拉取的文件，必须是一个file，不能是目录
Dest：本地
Fetch：从远程主机获取文件到本地
9.Cron 创建任务计划
Crontab -l(被控制主机查询任务计划)
ansible host1 -m cron -a "name='sync time from ntpserver' minute='*/10' job='/sbin/ntpdate 192.168.101.129 >> /dev/null 2>&1'"
[root@host1 ~]# crontab -l

Ansible: sync time from ntpserver

*/10 * * * * /sbin/ntpdate 192.168.101.129 >> /dev/null 2>&1

10.Group
[root@localhost ~]#ansible host5 -m group -a 'name=g1 gid=1010 state=present'
[root@host5 ~]# grep g1 /etc/group
g1❌1010:

11.Script
[root@localhost ~]# vim wan.sh
Date &> /tmp/time.sh
[root@localhost ~]# ansible host1 -m script -a '/root/wan.sh'
host1 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to host1 closed.\r\n",
"stderr_lines": [
"Shared connection to host1 closed."
],
"stdout": "",
"stdout_lines": []
}
[root@host1 ~]# ls /tmp/time.txt
/tmp/time.txt
[root@host1 ~]# cat /tmp/time.txt
Sun May 19 03:11:53 PM CST 2024

12Unarchive

解压缩
默认，将本地压缩包拷贝到远程主机解压，当设置remote_src=yes
.表示解压远程主机的压缩包
相关选项：src必选 要解压的包名
Dest:必选解压到哪个目录下
Remote_src: yes 解压到远程主机的包 No;将管理机上的包传到远程主机上解压
Tar-cjf 1.tar/etc
tar -cjf 111.tar /etc
ls 111.tar
ansible w -m unarchive -a 'src=/etc/111.tar dest=/opt'

12.Shell
ansible w -m shell -a 'yum install httpd -y'
ansible w -m shell -a 'uptime'
13.Yaml
通过yaml编写一个简单剧本，完成web的部署，配置，启动的全过程

Ansible服务器{
准备
ansible all -m yum -a ‘name=httpd state=removed’ -o
Yum install -y httpd
Mkdir apache
Cd apache
Cp -rf /etc/httpd/conf/httpd.conf .(注意复制到当前目录-- . )
编写剧本
Vim apache.yaml

• hosts: host2
  tasks:
  • name: Install apache packages
    yum:
    name: httpd
    state: present
  • name: Copy apache conf
    copy:
    src: ./httpd.conf
    dest: /etc/httpd/conf/httpd.conf
  • name: Ensure apache is running
    service:
    name: httpd
    state: started
    enabled: yes
    (在YAML文件中，每个task都应该是一个以-开头的列表项，并且后面跟着一个字典，字典中的键和值使用冒号和空格分隔。
    如果你是在一个变量中定义这些tasks，并且想要动态地传递给某个Ansible模块或函数，你需要确保这个变量是一个包含字典的列表，而不是一个包含字符串的列表。
    )
    测试
    ansible-playbook apache.yaml --syntax-check 检验语法
    ansible-playbook apache.yaml -C（模拟执行，检查错误）
    ansible-playbook apache.yaml --list-tasks 列出任务
    ansible-playbook apache.yaml --list-hosts 列出主机
    ansible-playbook apache.yaml 执行
    检查端口
    Netstat -anpt
    [root@localhost ~]# netstat -anpt
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address e PID/Program name
    tcp 0 0 0.0.0.0:22 0.0.0.0:* EN 1079/sshd: /usr/sbi
    tcp 0 0 127.0.0.1:631 0.0.0.0:* EN 1074/cupsd
    tcp 0 0 127.0.0.1:6010 0.0.0.0:* EN 41173/sshd: root@pt
    tcp 0 0 127.0.0.1:6013 0.0.0.0:* EN 39428/sshd: root@pt
    tcp 0 248 192.168.101.130:22 192.168.101.1:5536BLISHED 41168/sshd: root [p
    tcp 0 0 192.168.101.130:22 192.168.101.1:5370BLISHED 39424/sshd: root [p
    tcp6 0 0 :::80 ::😗 EN 42721/httpd
    tcp6 0 0 :::22 ::😗 EN 1079/sshd: /usr/sbi
    tcp6 0 0 ::1:631 ::😗 EN 1074/cupsd
    tcp6 0 0 ::1:6010 ::😗 EN 41173/sshd: root@pt
    tcp6 0 0 ::1:6013 ::😗 EN 39428/sshd: root@pt
    tcp6 0 0 192.168.101.130:80 192.168.101.1:5599_WAIT -

http：//192.168.101.130:80/

Handlers
(setenforce 0
Firewall-cmd --permanent --add-service=httpd
firewall--cmd --reload)
如果配置文件发生变化 httpd.conf
Listen80→listen=90

• hosts: host2
  tasks:

  • name: Install apache packages
    yum:
    name: httpd
    state: present
  • name: Copy apache conf
    copy:
    src: ./httpd.conf
    dest: /etc/httpd/conf/httpd.conf
    notify: restart apache service # 修改了这里，使用英文冒号
  • name: Ensure apache is running
    service:
    name: httpd
    state: started
    enabled: yes

  handlers: # handlers 与 tasks 同级

  • name: restart apache service
    service:
    name: httpd
    state: restarted
    ~
    再次执行，配置生效，触发成功