ansible自动化

实验环境

centos7.9_x64

ansible_server  192.168.10.98

ansible_slave    192.168.10.99

软件安装

yum install  -y  yum-utils  lsof   openssh-server  ansible   chrony

systemctl enable chronyd && hwclock -w  &&  ansible --version

ansible 2.6.20

ssh开启持久化

cp -pv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak   

echo ClientAliveInterval 600 >> /etc/ssh/sshd_config

echo ClientAliveCountMax 100 >> /etc/ssh/sshd_config

systemctl reload sshd  && systemctl enable sshd --now

tail -n2 /etc/ssh/sshd_config

ClientAliveInterval 600

ClientAliveCountMax 100

ansible配置优化

cp -pv  /etc/ansible/ansible.cfg /etc/ansible/ansible.cfg.bak

sed -i 's/#log_path/log_path/g' /etc/ansible/ansible.cfg

sed -i 's/#inventory/inventory/g' /etc/ansible/ansible.cfg

sed -i 's/#remote_user/remote_user/g' /etc/ansible/ansible.cfg

sed -i 's/#host_key_checking /host_key_checking/g' /etc/ansible/ansible.cfg

sed -i 's/# command_warnings/command_warnings/g' /etc/ansible/ansible.cfg

ansible资源配置

cp -pv  /etc/ansible/hosts /etc/ansible/hosts.bak  &&  touch /var/log/ansible.log

cat /etc/ansible/hosts

[anserver]                                                                                    自定义群集组名

192.168.10.98  ansible_ssh_user=root ansible_ssh_port=22 ansible_ssh_pass=3bhMTzgNCvRks   

192.168.10.99  ansible_ssh_user=root ansible_ssh_port=22 ansible_ssh_pass=3bhMTzgNCvRks

ansible_ssh_user=root   指定用户名  ansible_ssh_port=22   指定端口号  

ansible_ssh_pass=3bhMTzgNCvRks   指定root密码

ansible命令使用

ansible anserver --list   查看anserver群组 主机

 hosts (2):

   an1

   an2

ansible  anserver  -m ping     测试主机连通性

an1 | SUCCESS => {

   "ansible_facts": {

       "discovered_interpreter_python": "/usr/bin/python"

   },  

   "changed": false,  

   "ping": "pong"

}

an2 | SUCCESS => {

   "ansible_facts": {

       "discovered_interpreter_python": "/usr/bin/python"

   },  

   "changed": false,  

   "ping": "pong"

}

 ansible anserver -a "uptime"   查看群主系统信息  ls df -Th均可使用

an2 | CHANGED | rc=0 >>

09:38:43 up 18 min,  2 users,  load average: 0.00, 0.01, 0.01

an1 | CHANGED | rc=0 >>

09:38:45 up 18 min,  2 users,  load average: 0.00, 0.01, 0.05

ansible an2 -a "uptime"           查看群集中主机系统信息

an2 | CHANGED | rc=0 >>

09:44:00 up 23 min,  2 users,  load average: 0.00, 0.01, 0.01

ansible -i /etc/ansible/hosts anserver -m ping --ask-vault-pass    测试群组统一密码 正确性

Vault password:  

an1 | SUCCESS => {

   "ansible_facts": {

       "discovered_interpreter_python": "/usr/bin/python"

   },  

   "changed": false,  

   "ping": "pong"

}

an2 | SUCCESS => {

   "ansible_facts": {

       "discovered_interpreter_python": "/usr/bin/python"

   },  

   "changed": false,  

   "ping": "pong"

}

ansible -i /etc/ansible/hosts an2 -m ping --ask-vault-pass   用于群组中主机密码不同 密码验证

Vault password:  

an2 | SUCCESS => {

   "ansible_facts": {

       "discovered_interpreter_python": "/usr/bin/python"

   },  

   "changed": false,  

   "ping": "pong"

}

ansible常用模块命令操作

命令模块

ansible anserver -m shell -a "uptime"      系统信息收集

ansible anserver -m shell -a "df -Th"      系统信息收集

文件模块

ansible anserver -m file  -a  "dest=/root/test.txt state=touch"     创建文件

ansible anserver -m file -a "dest=/root/test.txt state=absent"      删除文件

ansible anserver -m copy -a "src=/root/tests/  dest=/root/tests"  复制文件

ansible anserver -m file -a "dest=/root/tests  mode=755 owner=root group=root state=directory"   创建目录

ansible anserver -m file -a "dest=/home/tests state=absent"       删除目录

ansible anserver -m unarchive  -a "src=/root/test1.tar.gz  dest=/root/ mode=0755     force=yes  copy=yes"  远程解压覆盖文件

ansible anserver -m file -a 'src=/root/test.txt dest=/usr/local/test state=link'   创建软链接

脚本模块

ansible anserver -m copy  -a  "src=/home/test.sh  dest=/tmp/ owner=root group=root mode=0755" 批量复制脚本 

ansible anserver  -m shell -a   "/bin/bash /tmp/test.sh"                              执行脚本

ansible  anserver -m shell -a   "/bin/bash /tmp/test.sh"  --sudo                       sudo提权执行脚本

服务模块

ansible anserver -m  yum -a "name=nginx state=installed disable_gpg_check=yes"  安装服务

ansible anserver -m  service  -a "name=nginx state=started/restarted/stopped  enabled=yes" 

启动服务  设置开机启动

ansible anserver -m yum -a "name=nginx state=absent"     删除服务

ansible anserver  -m shell  -a "rpm -qa  nginx"  查看安装rpm包

ansible anserver -m shell -a "netstat -tuplna | grep nginx" 查看服务状态

用户模块

ansible anserver -m user -a 'name=test state=present' 创建用户 不设置密码

ansible anserver -m shell -a "echo '321321' | passwd --stdin test"   批量修改test用户密码为321321

ansible  anserver -m command -a "id test" 查看用户

ansible anserver -m user -a "name=test remove=yes state=absent"  删除用户同时删除用户家目录

ansible anserver -m group  -a "name=test state=present system=yes"  创建用户组

ansible anserver -m shell  -a "cat /etc/group | grep test"          查看创建用户组

ansible anserver -m group -a "name=test state=absent"              删除用户组

ansible anserver  -m user -a "name=test  shell=/bin/bash groups=test"  test用户拉到test用户组

ansible  anserver  -a "/sbin/reboot" -f 10 --sudo -K  重启       --sudo 为普通用户sudo权限

ansibles配置playbook

touch /etc/ansible/roles/mysql.yml

cat /etc/ansible/roles/mysql.yml 

- hosts: server

  remote_user: root

  tasks:

    - name: install mysql-server package

      yum: name=mysql-server state=present

    - name: starting mysqld service

      service: name=mysql state=started

ansible-playbook /etc/ansible/roles/mysql.yml --syntax-check

playbook: /etc/ansible/roles/mysql.yml

ansible-playbook /etc/ansible/roles/mysql.yml 

netstat -tuplna | grep chronyd

udp        0      0 127.0.0.1:323           0.0.0.0:*                           1565/chronyd