1、Ansible自动化配置管理
安装 配置 启动 nginx redhat红帽 ( 收购 ansible -->Ansible自动化运维配
置管理专家)
2、Ansible介绍及配置
#1.什么是ansible? 可以通过一个命令行完成一系列的操作。
#2.ansible 优点 特点?
#3.ansible 基础架构? 控制端 被控端 inventory ad-hoc playbook 连接协
议?
#4.ansible 配置文件 优先级
ANSIBLE_CONFIG
ansible.cfg #当前项目目录中
.ansible.cfg #当前执行用户的家目录
/etc/ansible/ansible.cfg
[root@manager ~]# export ANSIBLE_CONFIG="/tmp/ansible.cfg"
[root@manager ~]# touch /tmp/ansible.cfg
[root@manager ~]# mkdir /project1
[root@manager ~]# cd /project1/
[root@manager project1]# touch ansible.cfg
[root@manager project2]# ansible --version
ansible 2.8.5
config file = /project1/ansible.cfg
[root@manager /]# mkdir /project2
[root@manager /]# cd /project2/
[root@manager project2]# touch ansible.cfg
[root@manager project1]# ansible --version
ansible 2.8.5
config file = /project2/ansible.cfg
[root@manager tmp]# touch ~/.ansible.cfg
[root@manager tmp]# ansible --version
ansible 2.8.5
config file = /root/.ansible.cfg
#5.ansible inventory主机清单?
#1.基于IP地址+密码的方式
[webservers]
172.16.1.7 ansible_ssh_user='root' ansible_ssh_pass='1'
172.16.1.8 ansible_ssh_user='root' ansible_ssh_pass='1'
#2.场景二、基于密钥连接,需要先创建公钥和私钥,并下发公钥至被 控端
[root@manager ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.7
[root@manager ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.8
#方式一、主机+端口+密钥
[root@manager ~]# cat hosts
[webservers]
172.16.1.7
172.16.1.8
#3.场景三、主机组使用方式
[lbservers] #定义lbservers组
172.16.1.5
172.16.1.6
[webservers] #定义webserver组
172.16.1.7
172.16.1.8
[servers:children] #定义servers组包括两个子组 [lbservers,webserver]
lbservers
webserver
[root@manager project1]# ansible webservers --list- hosts -i hosts
hosts (2):
172.16.1.7
172.16.1.8
3、Ansible Ad-Hoc
#1.ansible ad-Hoc? 单条命令
command #执行命令 默认 不支持管道
shell #执行命令 支持管道
yum_reposity #yum仓库配置
yum #yum安装软件
get_url #和linux的wget一致
copy #拷贝配置文件
service|systemd #启动服务
user
group
file #创建目录 创建文件 递归授权
mount #挂载
cron #定时任务
firewalld #防火墙
selinux #selinuix 1234
1.command
ansible webservers -a "ps axu|grep nginx" -i hosts #不支持管道(简单命令)
2.shell
ansible webservers -m shell -a "ps axu|grep nginx" - i hosts #支持管道
3.yum
state:
present 安装
absent 卸载
latest 最新
enablerepo #指定使用按个仓库
disablerepo #排除使用哪个仓库
#1.安装最新的httpd服务
[root@manager project1]# ansible webservers -m yum -a "name=httpd state=latest disablerepo=webtatic- php" -i hosts
#2.移除httpd服务
[root@manager project1]# ansible webservers -m yum -a "name=httpd state=absent disablerepo=webtatic- php" -i hosts
#3.安装httpd指定从按个仓库安装
- name: install the latest version of Apache from the testing repo
[root@manager project1]# ansible webservers -m yum -a "name=httpd state=latest enablerepo=testing" -i hosts
#4.通过URL方式进行安装
[root@manager project1]# ansible webservers -m yum -a"name=https://mirrors.aliyun.com/zabbix/zabbix/3.0/ rhel/7/x86_64/zabbix-agent-3.0.0-1.el7.x86_64.rpm state=present disablerepo=webtatic-php" -i hosts
- name: install nginx rpm from a local file (软件包 必须在被控端主机)
[root@manager project1]# ansible webservers -m yum -a "name=/root/zabbix-agent-4.0.0-2.el7.x86_64.rpm state=present disablerepo=webtatic-php" -i host
4.copy
src #本地路径,可以是相对,可以是绝对
dest #目标位置
owner #属主
group #属组
mode #权限
backup #备份
[root@manager project1]# ansible webservers -m copy -a "src=./file/ansible.oldxu.com.conf dest=/etc/nginx/conf.d/ansible.oldxu.com.conf owner=root group=root mode=644" -i hosts
[root@manager project1]# ansible webservers -m copy -a "src=./file/ansible.oldxu.com.conf dest=/etc/nginx/conf.d/ansible.oldxu.com.conf owner=root group=root mode=644 backup=yes" -i hosts
5.service|systemd
state
started #启动
stopped #停止
restarted #重启
reloaded #重载
enabled #是否开机自启
yes #是
no #否
[root@manager project1]# ansible webservers -m systemd -a "name=nginx state=restarted enabled=yes" -i hosts
6.file
#创建 /code/ansible
path #路径
state
touch #创建文件
directory #创建目录
owner #属主
group #属组
mode #权限
#准备站点
[root@manager project1]# ansible webservers -m file -a "path=/code/ansible state=directory mode=755 owner=www group=www" -i hosts
#准备站点代码
[root@manager project1]# ansible webservers -m copy -a "src=./file/index.html dest=/code/ansible/index.html owner=www group=www mode=644" -i hosts
7.user group
#group 整数int 小数 flot dasdsa str 真|假 bool
[root@manager project1]# ansible webservers -m group -a "name=www gid=666 state=present" -i hosts
#user
name #名称
uid #uid
group #组名或gid
create_home #是否创建家目录
system #是否作为系统组
shell #指定登录shell
state
present
absent
remove
groups
append
password
#-------------------------------------------------- ------------->
# 程序使用 www 666 666 /sbin/nologin /home -->无
[root@manager project1]# ansible webservers -m user -a "name=www uid=666 group=666 create_home=no shell=/sbin/nologin state=present" -i hosts
# 正常用户 oldxu 1000 1000 /bin/bash /home/oldxu
[root@manager project1]# ansible webservers -m user -a "name=oldxu" -i hosts
# 移除oldxu用户,并删除家目录所有内容.
[root@manager project1]# ansible webservers -m user -a "name=oldxu state=absent remove=yes" -i hosts
# 创建 other用户.有两个附加组root bin,创建家目录,指定登录 shell,设定密码123
#生成一个密码
ansible all -i localhost, -m debug -a "msg={{ '123' | password_hash('sha512', 'mysecretsalt') }}"
[root@manager project1]# ansible webservers -m user -a 'name=other groups='root,bin' create_home=yes shell=/bin/bash password="$6$mysecretsalt$gIIYs0Xgc7sSQkH.zKaz8/Afa MomYzR1QZYtccwmJcUt8VpLq4D055UCCX4MlwgePOP80ZRwhppv BF72RIAVi/"' -i hosts
8.mount
#提前准备好nfs服务端
[root@web01 ~]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data/zrlog 172.16.1.0/24
/data/zh 172.16.1.0/24
/data/edu 172.16.1.0/24
/data/blog 172.16.1.0/24
#用管理端操作被控端,让被控端挂载nfs存储数据
present #写入/etc/fstab
absent #卸载/etc/fstab
mounted #临时挂载
unmounted #卸载当前挂载
#挂载过程中,如果目录不存在,则会创建该目录
[root@manager project1]# ansible webservers -m mount -a "src=172.16.1.31:/data/zrlog path=/test_zrlog fstype=nfs opts=defaults state=mounted" -i hosts
[root@manager project1]# ansible webservers -m mount -a "src=172.16.1.31:/data/zrlog path=/test_zrlog fstype=nfs opts=defaults state=unmounted" -i hosts
9.cron
minute #分
hour #时
day #日
month #月
week #周
job #
[root@manager project1]# ansible webservers -m cron -a 'name=test_job minute=00 hour=02 job="/bin/bash /server/scripts/client_to_data_server.sh &>/dev/null"' -i hosts
[root@manager project1]# ansible webservers -m cron -a 'name=test job="/bin/bash /server/scripts/test.sh &>/dev/null"' -i hosts
[root@manager project1]# ansible webservers -m cron -a 'name=test job="/bin/bash /server/scripts/test.sh &>/dev/null" state=absent' -i hosts
10.firewalld
[root@manager project1]# ansible webservers -m systemd -a "name=firewalld state=started" -i hosts
#针对服务
[root@manager project1]# ansible webservers -m firewalld -a "service=http state=enabled" -i hosts
#针对端口
[root@manager project1]# ansible webservers -m firewalld -a "port=9999/tcp state=enabled" -i hosts
#针对source来源
#针对rule
11.selinux
[root@manager project1]# ansible webservers -m selinux -a "state=disabled" -i hosts
