ansible的inventory文件
文件定义了ansible管理的主机,或主机组
静态inventory文件
用txt文本记录的文件,包括主机的ip地址,域名等信息,只要不修改inventory文件内容,被管理的主机就不会发生变化
动态inventory文件
从数据库获取动态信息,信息随着数据库的变化而变化,大多数情况下以json格式输出
inventory文件
一个简单的inventory文件
192.168.0.1
servera
serverb
定义主机组
通过方括号[]括起来,一个主机文件可以属于多个组
# 定义一个student组
[student]
servera
serverb
# serverb属于home组
[home]
serverb
组里面能嵌套组
# 格式如下
# [组名:children]
# 子组A
# 子组B
[good:children]
student
home
定义主机范围
使用[start:end]定义范围
# IP地址方式
192.168.0.[1:10]
# 域名方式
www.hello.com.ha[a:c]
# 主机名方式
server[a:c]
注意事项
如果主机和主机组重名了,ansible会忽略主机组,选择主机名,配置inventory文件尽量避免这件事发生。
查看主机信息
命令: ansible 主机名or组名 -i 路径 --list-hosts
| 参数 | 含义 |
|---|---|
| -i | 指定inventory文件路径,默认路径是/etc/ansible/hosts,不指定该参数,会进入默认路径查找 |
| --list-hosts | 列出主机信息 |
| all | 列出所有主机组信息 |
| ungrouped | 列出非主机组信息 |
[student@workstation ~]$ cat inventory
# 定义一个student组
[student]
servera
serverb
# serverb属于home组
[home]
serverb
# 嵌套主机组
[good:children]
student
home
# 查看servera清单
[student@workstation ~]$ ansible servera -i inventory --list-hosts
hosts (1):
servera
# 查看student清单
[student@workstation ~]$ ansible student -i inventory --list-hosts
hosts (2):
servera
serverb
# 查看good清单
[student@workstation ~]$ ansible good -i inventory --list-hosts
hosts (2):
servera
serverb
# 查看所有主机信息
[student@workstation ~]$ ansible all -i inventory --list-hosts
hosts (2):
servera
serverb
# 查看非组信息
[student@workstation ~]$ ansible ungrouped -i inventory --list-hosts
[WARNING]: No hosts matched, nothing to do
hosts (0):
ansible的配置文件
ansible配置文件不是全局的,任何用户都可以拥有自己的ansible配置文件
配置文件的优先级
| 路径 | 优先级 |
|---|---|
| /etc/ansible/ansible.cfg | 最低 |
| ~/.ansible.cfg(家目录下) | 低 |
| ./ansible.cfg(当前目录下) | 中(建议使用) |
| ANSIBLE_CONFIG(全局变量指定) | 高 |
ANSIBLE_CONFIG不建议使用,一旦使用,所有的用户都会指向该路径
# 使用方式
$export ANSIBLE_CONFIG=指定路径
$ansible --version
指定路径
使用默认的ansible.cfg
[student@workstation ~]$ ansible --version
ansible 2.8.0
config file = /etc/ansible/ansible.cfg
使用家目录下的.ansible.cfg
[student@workstation ~]$ cp /etc/ansible/ansible.cfg .ansible.cfg
[student@workstation ~]$ ansible --version
ansible 2.8.0
config file = /home/student/.ansible.cfg
使用当前目录下ansible.cfg
[student@workstation ansible]$ pwd
/home/student/ansible
[student@workstation ansible]$ cp /etc/ansible/ansible.cfg .
[student@workstation ansible]$ ansible --version
ansible 2.8.0
config file = /home/student/ansible/ansible.cfg
ansible配置文件的相关参数
[student@workstation ansible]$ grep -v "#" ansible.cfg | grep -v "^$"
[defaults]
[inventory]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]
[diff]
ansible按照selector划分,每一个方框表示一个sector
[defaults]
inventory = /etc/ansible/hosts # 清单文件路径
remote_user = XX # 使用XX用户登录
ask_pass = true # 使用XX用户ssh时无需输入密码
[privilege_escalation]
# 如果remote_user的用户是root,不需要提权,如果不是root用户,则需要提权
# 提取权限,提权方式sudo,提权到root用户,提权输入密码
become = true
become_method = sudo
become_user = root
become_ask_pass = false
ansible配置文件练习
-
创建目录/home/student/deploy-manage
-
目录下有ansible.cfg文件,Inventory文件也在该目录下
-
Inventory文件的主机组如下
[myself] 拥有主机localhost
[intranetweb] 拥有主机 servera.lab.example.com
[internetweb] 拥有主机 serverb.lab.example.com
[web] 嵌套组拥有主机组 intranetweb 和 internetweb
-
在ansible.cfg增加[privilege_escalation]选项,能够使用sudo方式提权,提权到root用户,并且输入密码
[student@workstation ~]$ mkdir /home/student/deploy-manage
[student@workstation ~]$ ls
deploy-manage
[student@workstation ~]$ cd deploy-manage/
[student@workstation deploy-manage]$ cat > ansible.cfg <<END
> [defaults]
> inventory = ./inventory
> END
[student@workstation deploy-manage]$ cat ansible.cfg
[defaluts]
inventory = ./inventory
[student@workstation deploy-manage]$ cat >> inventory <<END
> [myself]
> localhost
>
> [intranetweb]
> servera.lab.example.com
>
> [internetweb]
> serverb.lab.example.com
>
> [web:children]
> intranetweb
> internetweb
> END
[student@workstation deploy-manage]$ cat inventory
[myself]
localhost
[intranetweb]
servera.lab.example.com
[internetweb]
serverb.lab.example.com
[web:children]
intranetweb
internetweb
[student@workstation deploy-manage]$ cat >> ansible.cfg <<END
> [privilege_escalation]
> become = true
> become_method = sudo
> become_user = root
> become_ask_pass = true
> END
[student@workstation deploy-manage]$ cat ansible.cfg
[defaults]
inventory = ./inventory
[privilege_escalation]
become = true
become_method = sudo
become_user = root
become_ask_pass = true
# 测试
[student@workstation deploy-manage]$ ansible myself --list-hosts
hosts (1):
localhost
[student@workstation deploy-manage]$ ansible intranetweb --list-hosts
hosts (1):
servera.lab.example.com
[student@workstation deploy-manage]$ ansible internetweb --list-hosts
hosts (1):
serverb.lab.example.com
[student@workstation deploy-manage]$ ansible web --list-hosts
hosts (2):
servera.lab.example.com
serverb.lab.example.com
ansible ad hoc 命令
ad hoc:临时的,一行通过ansible开头执行的命令,使用起来非常的简单,快速。
使用格式: ansible host-pattern -m moudle [-a 'moudle arguments'] [-i inventory]
| 模块分类 | 模块 |
|---|---|
| 文件模块 | copy、file、lineinfile、synchronize |
| 软件包模块 | package、yum、apt、dnf、gem、pip |
| 系统模块 | firewalld、service、user、reboot |
| Net工具 | get_url(下载)、nmcli(设置网卡)、uri(与web交互) |
ad hoc方式,使用ping模块
# 检查配置文件
[student@workstation deploy-manage]$ cat ansible.cfg
[defaults]
inventory = ./inventory
ask_pass = false
[privilege_escalation]
become = true
become_method = sudo
become_user = root
become_ask_pass = false
[student@workstation deploy-manage]$ cat inventory
[intranetweb]
servera
# 使用ping模块
[student@workstation deploy-manage]$ ansible intranetweb -m ping
servera | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
ad hoc方式,使用user模块添加用户
# 添加一个mmx的用户
[student@workstation deploy-manage]$ ansible intranetweb -m user -a 'name=mmx'
servera | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1002,
"home": "/home/mmx",
"name": "mmx",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1002
}
[student@workstation deploy-manage]$ ssh mmx@servera
Activate the web console with: systemctl enable --now cockpit.socket
ad hoc方式,使用user模块移除用户
# 移除mmx这个用户
[student@workstation deploy-manage]$ ansible intranetweb -m user -a 'name=mmx state=absent'
servera | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"force": false,
"name": "mmx",
"remove": false,
"state": "absent"
}
ad hoc方式,使用copy模块
# 复制一段内容hello到~/hello.txt
[student@workstation deploy-manage]$ ansible intranetweb -m copy -a 'content=hello dest=~/hello.txt'
servera | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d",
"dest": "/root/hello.txt",
"gid": 0,
"group": "root",
"md5sum": "5d41402abc4b2a76b9719d911017c592",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:admin_home_t:s0",
"size": 5,
"src": "/home/student/.ansible/tmp/ansible-tmp-1659244105.6575258-258948112696495/source",
"state": "file",
"uid": 0
}
ad hoc方式,使用command模块1
ad hoc缺省值就是command,使用的时候可省略 -m command参数
# 使用command模块查看该文件
[student@workstation deploy-manage]$ ansible intranetweb -a "cat ~/hello.txt"
servera | CHANGED | rc=0 >>
hello
| 配置文件参数 | command选项 |
|---|---|
| inventory | -i |
| remote_user | -u |
| become | --become,-b |
| become_method | --become-method |
| become_user | --become-user |
| become_ask_pass | --ask-become-pass,-K |
ad hoc方式,使用command模块2
# 使用不同的用户查看id信息
[student@workstation deploy-adhoc]$ ansible localhost -a 'id' -u devops
localhost | CHANGED | rc=0 >>
uid=1001(devops) gid=1001(devops) groups=1001(devops) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[student@workstation deploy-adhoc]$ ansible localhost -a 'id' -u student
localhost | CHANGED | rc=0 >>
uid=1000(student) gid=1000(student) groups=1000(student),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
# 用到root用户时,需要提权,增加--becom
[student@workstation deploy-adhoc]$ ansible localhost -a 'id' --become
localhost | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
ad hoc相关练习
1、 查看ansible版本
2、 新建文件夹/home/student/deploy-review
3、 在文件夹内创建ansible.cfg,指定inventory目录为:/home/student/deploy-review/inventory,指定登录用户为devops
4 、创建子目录/home/student/deploy-review/inventory,inventory文件从:从http://materials.example.com/labs/deploy-review/inventory下载
5、 使用ansible ad hoc 中command模块查看主机id信息
6、 使用ansible ad hoc 中copy模块将文本:This server is managed by Ansible. \n 输出到/etc/motd中
7、 再次运行题目6相同的ad hoc,查看现象
8、 使用ansible ad hoc 中command模块查看/etc/motd中的信息
[student@workstation ~]$ ansible --version
ansible 2.8.0
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/student/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Apr 3 2019, 17:26:03) [GCC 8.2.1 20180905 (Red Hat 8.2.1-3)]
[student@workstation ~]$ mkdir deploy-review/
mkdir: cannot create directory ‘deploy-review/’: File exists
[student@workstation ~]$ cd deploy-review/
[student@workstation deploy-review]$ touch ansible.cfg
[student@workstation deploy-review]$ mkdir inventory
[student@workstation deploy-review]$ ls
ansible.cfg inventory
[student@workstation deploy-review]$ cat > ansible.cfg <<END
> [defaults]
> inventory = ./inventory
> remote_user = devops
>
> [privilege_escalation]
> become = true
> become_method = sudo
> become_user = root
> become_ask_pass = false
> END
# 从http://materials.example.com/labs/deploy-review/inventory下载inventory文件
[student@workstation deploy-review]$ cd inventory/
[student@workstation inventory]$ wget http://materials.example.com/labs/deploy-review/inventory .
--2022-07-31 14:05:50-- http://materials.example.com/labs/deploy-review/inventory
Resolving materials.example.com (materials.example.com)... 172.25.254.254
Connecting to materials.example.com (materials.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 125
Saving to: ‘inventory’
inventory 100%[=========================================================================================================>] 125 --.-KB/s in 0s
2022-07-31 14:05:50 (29.7 MB/s) - ‘inventory’ saved [125/125]
--2022-07-31 14:05:50-- http://./
Resolving . (.)... failed: Name or service not known.
wget: unable to resolve host address ‘.’
FINISHED --2022-07-31 14:05:50--
Total wall clock time: 0.05s
Downloaded: 1 files, 125 in 0s (29.7 MB/s)
[student@workstation inventory]$ ls
inventory
[student@workstation inventory]$ cat inventory
[internetweb]
serverb.lab.example.com
[intranetweb]
servera.lab.example.com
serverc.lab.example.com
serverd.lab.example.com
# 5、使用ansible ad hoc 中command模块查看主机id信息
[student@workstation deploy-review]$ ansible all -a 'id'
servera.lab.example.com | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
serverb.lab.example.com | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
serverc.lab.example.com | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
serverd.lab.example.com | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
# 6、 使用ansible ad hoc 中copy模块将文本:This server is managed by Ansible. \n 输出到/etc/motd中
[student@workstation deploy-review]$ ansible all -m copy -a 'content="This is server is managed by Ansible. \n" dest=/etc/motd' --become
serverd.lab.example.com | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "47d0841ab71f80320f014336f9b1a7b36166e9c4",
"dest": "/etc/motd",
"gid": 0,
"group": "root",
"md5sum": "ee36787d8189924d2ad0c5602cd5846f",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:etc_t:s0",
"size": 39,
"src": "/home/devops/.ansible/tmp/ansible-tmp-1659247875.1398184-73524257684693/source",
"state": "file",
"uid": 0
}
…………类似输出,省略不写
# 7、 再次运行题目6相同的ad hoc,查看现象,发现change:true --》 false
[student@workstation deploy-review]$ ansible all -m copy -a 'content="This is server is managed by Ansible. \n" dest=/etc/motd' --become
servera.lab.example.com | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"checksum": "47d0841ab71f80320f014336f9b1a7b36166e9c4",
"dest": "/etc/motd",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/etc/motd",
"secontext": "unconfined_u:object_r:etc_t:s0",
"size": 39,
"state": "file",
"uid": 0
}
…………类似输出,省略不写
# 8、使用ansible ad hoc 中command模块查看/etc/motd中的信息
[student@workstation deploy-review]$ ansible all -a 'cat /etc/motd' --become
serverb.lab.example.com | CHANGED | rc=0 >>
This is server is managed by Ansible.
servera.lab.example.com | CHANGED | rc=0 >>
This is server is managed by Ansible.
serverd.lab.example.com | CHANGED | rc=0 >>
This is server is managed by Ansible.
serverc.lab.example.com | CHANGED | rc=0 >>
This is server is managed by Ansible.
小结
1、 管理ansible节点的两种方式ad hoc 和 playbook
2、 如何编辑ansible.cfg文件,ansible.cfg的位置不同,作用域也不同
3、inventory文件如何编写,静态和动态inventory文件的区别
4、 可以通过ad hoc命令管理受管节点
5、 执行ad hoc命令的时候,如果是一些特殊命令,可以使用ansible的提权功能
