自动化管理工具ansible

  • 一、ansible
  • ansible的架构
  • 二、ansible命令行模块
  • 1、command模块
  • 2、cron模块
  • 3、user模块
  • 4、group模块
  • 5、copy模块
  • 6、file模块
  • 7、ping模块
  • 8、service模块
  • 9、yum模块
  • 10、shell模块
  • 11、script模块
  • 12、setup模块
  • 补充:


一、ansible

ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。

ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:

(1)、连接插件connection plugins:负责和被监控端实现通信;
(2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3)、各种模块核心模块、command模块、自定义模块;
(4)、借助于插件完成记录日志邮件等功能;
(5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。

ansible的架构

连接其他主机默认使用ssh协议

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost yum.repos.d]# yum -y install epel-release.noarch 		#安装epel扩展源
[root@localhost ~]# yum install -y ansible
[root@localhost ~]# ansible --version 			#查看ansible版本
[root@localhost ~]# yum install -y tree
[root@localhost ~]# tree /etc/ansible/			#树状结构
/etc/ansible/
├── ansible.cfg			#ansible配置文件
├── hosts				#管理主机的文件,主机清单
└── roles

1 directory, 2 files
[root@localhost ~]# vim /etc/ansible/hosts				#配置主机清单
[webservers]
192.168.238.20				#主机是什么服务就放在什么标签内
[mysql]
192.168.238.30
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 		#回车
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 					#输入密码123123
Enter same passphrase again: 									#确认密码123123
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:WKpIMqbJgc2JyTz2C351d7bzbDJ83wUsyf1oKXaq82c root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|        .        |
|+= .   +   . +   |
|*B=   o S   + +  |
|==+. o . . o . = |
|oo..o . . + + = o|
|. ...     .B.BE o|
| ...      .+X=...|
+----[SHA256]-----+
[root@localhost ~]# ls -al
drwx------.  2 root root   38 4月   2 08:54 .ssh
[root@localhost ~]# cd .ssh/
[root@localhost .ssh]# ls
id_rsa  id_rsa.pub				#id_rsa,私钥;id_rsa.pub,公钥

[root@localhost .ssh]# ssh-copy-id root@192.168.238.20
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.238.20 (192.168.238.20)' can't be established.
ECDSA key fingerprint is SHA256:eF9/BxUPOh5kKXiMqoF3FIujK3RvuK5hAtkg1HpcJNE.
ECDSA key fingerprint is MD5:43:2d:ee:4a:18:f0:0b:e2:9b:75:69:ee:fa:41:22:29.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.238.20's password: 		#输入登录密码123123

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.238.20'"
and check to make sure that only the key(s) you wanted were added.

被监控端:192.168.238.20

[root@localhost ~]#cd .ssh/
[root@localhost .ssh]#ls
authorized_keys
[root@localhost .ssh]# ansible webserver -m command -a 'date'
-m 指定模块		command 指定command模块
-a 参数,''引起来
webserver	标签可换IP
[root@localhost .ssh]# ansible webservers -m command -a 'date'
Enter passphrase for key '/root/.ssh/id_rsa': 		#输入密码123123
192.168.238.20 | CHANGED | rc=0 >>
2021年 04月 02日 星期五 09:07:01 CST
[root@localhost .ssh]# ansible webservers -m command -a 'ls'
192.168.238.20 | CHANGED | rc=0 >>
anaconda-ks.cfg
initial-setup-ks.cfg
公共
模板
视频
图片
文档
下载
音乐
桌面

ansible Archive 解包 ansible-managed_创建用户

[root@localhost .ssh]# ssh-agent bash		#做免交互,每次输入密码很麻烦
[root@localhost .ssh]# ssh-add 
Enter passphrase for /root/.ssh/id_rsa: 
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)

ansible Archive 解包 ansible-managed_mysql_02

二、ansible命令行模块

1、command模块

命令格式:ansible [主机] [-m 模块] [-a args]

#列出所有已安装的模块,按q退出
ansible-doc -l          

#-s 列出yum模块描述信息和操作动作,按q退出
ansible-doc -s yum      

#指定IP执行命令
ansible 192.168.238.20 -m command -a 'date'
192.168.238.20 | CHANGED | rc=0 >>
2021年 04月 06日 星期二 16:58:36 CST

#指定分类执行命令
ansible mysql -m command -a 'date'
Enter passphrase for key '/root/.ssh/id_rsa': 
192.168.238.30 | CHANGED | rc=0 >>
2021年 04月 06日 星期二 16:58:49 CST

#所有主机执行date命令,其中all可以换成IP或者分类名称,例:192.168.238.20/webserver
ansible all -m command -a 'date'

#不加-m模块,则默认使用command模块
ansible all -a 'date'
ansible all -a 'ls /'

ansible Archive 解包 ansible-managed_mysql_03


ansible Archive 解包 ansible-managed_IP_04


ansible Archive 解包 ansible-managed_ansible_05


ansible Archive 解包 ansible-managed_ansible_06


ansible Archive 解包 ansible-managed_mysql_07

2、cron模块

两种状态(state):present表示添加(可以省略),absent表示移除

#查看cron模块信息
ansible-doc -s cron

#webserver:分类  -m指定模块 -a输出模块内的指令  分钟:每分钟,工作:输出hello,工作名称:test
ansible webserver -m cron -a 'minute="*/1" job="/usr/bin/echo hello world >> /opt/info.txt" name="test cron job"'

#查看计划性任务命令
ansible webserver -a 'crontab -l'

#移除计划性任务,假如该计划任务没有取名字,name=None即可
ansible webserver -m cron -a 'name="test cron job" state=absent'

3、user模块

user模块是请求三条指令,useradd,userdel,usermod
#模块信息
ansible-doc -s user

#创建用户
ansible mysql -m user -a 'name="test01"'

#查看用户账户信息
ansible mysql -m command -a 'tail /etc/passwd'

#移除用户
ansible mysql -m user -a 'name="test01" state=absent'

ansible Archive 解包 ansible-managed_创建用户_08


ansible Archive 解包 ansible-managed_mysql_09


ansible Archive 解包 ansible-managed_IP_10

4、group模块

group模块请求的是groupadd、groupdel、groupmod模块
#查看模块信息
ansible-doc -s group

#system=yes 创建系统组
ansible mysql -m group -a 'name=mysql gid=120 system=yes'

#查看组账户信息
ansible mysql -a 'tail /etc/group'

#创建用户并加入组
ansible mysql -m user -a 'name=test01 uid=306 group=mysql system=yes'

#查看用户账户信息
ansible mysql -a 'tail /etc/passwd'

#查看用户test01的用户id和组id信息
ansible mysql -a 'id test01'

ansible Archive 解包 ansible-managed_ansible_11


ansible Archive 解包 ansible-managed_创建用户_12


ansible Archive 解包 ansible-managed_创建用户_13


ansible Archive 解包 ansible-managed_ansible_14

5、copy模块

对文件进行有效的复制
ansible-doc -s copy

#将/etc目录下的fstab文件复制到/opt目录下,并重命名为fstab.bak,属主root,权限640
ansible mysql -m copy -a 'src=/etc/fstab dest=/opt/fstab.bak owner=root mode=640'

#查看复制是否成功
ansible mysql -a 'ls -l /opt'

#查看文件内容
ansible mysql -a 'cat /opt/fstab.bak'

#以覆盖的方式将hello world写入/opt/fstab.back
ansible mysql -m copy -a 'content="hello world" dest=/opt/fstab.bak'	

#查看文件内容		
ansible mysql -a 'cat /opt/fstab.bak'

ansible Archive 解包 ansible-managed_mysql_15


ansible Archive 解包 ansible-managed_ansible Archive 解包_16


ansible Archive 解包 ansible-managed_ansible_17


ansible Archive 解包 ansible-managed_创建用户_18

6、file模块

ansible-doc -s file

#创建用户
ansible mysql -m user -a 'name=mysql system=yes'

#创建系统组
ansible mysql -m group -a 'name=mysql system=yes'‘

#修改文件属性
ansible mysql -m file -a 'owner=mysql group=mysql mode=644 path=/opt/fstab.bak'	

#查看文件属性
ansible mysql -a 'ls -l /opt/fstab.bak'

#创建软连接,源文件/opt/fstab.bak,链接文件/opt/fstab.link	
ansible mysql -m file -a 'path=/opt/fstab.link src=/opt/fstab.bak state=link'

ansible mysql -a 'ls -l /opt'		

#删除一个文件
ansible mysql -m file -a "path=/opt/fstab.bak state=absent"	

ansible mysql -a 'ls -l /opt'

#创建一个文件
ansible mysql -m file -a "path=/opt/test.txt state=touch"	

ansible mysql -a 'ls -l /opt'

ansible Archive 解包 ansible-managed_IP_19


ansible Archive 解包 ansible-managed_IP_20


ansible Archive 解包 ansible-managed_ansible_21


ansible Archive 解包 ansible-managed_ansible_22

7、ping模块

ansible all -m ping

ansible Archive 解包 ansible-managed_mysql_23

8、service模块

ansible-doc -s service	

#安装httpd软件包	
[ab] yum install -y httpd

#查看web服务器httpd运行状态
[aa] ansible webservers -a 'systemctl status httpd'	

#启动httpd服务	
ansible webservers -m service -a 'enabled=true name=httpd state=started'	

#关闭防火墙	
ansible all -m service -a 'name=firewalld state=stopped'

#查看是否开启		
[ab]systemctl status httpd

ansible Archive 解包 ansible-managed_IP_24


ansible Archive 解包 ansible-managed_创建用户_25


ansible Archive 解包 ansible-managed_创建用户_26


ansible Archive 解包 ansible-managed_ansible Archive 解包_27


ansible Archive 解包 ansible-managed_ansible Archive 解包_28

9、yum模块

ansible Archive 解包 ansible-managed_创建用户_29

ansible-doc -s yum
#在ac服务器上yum安装zsh
[aa]ansible mysql -m yum -a 'name=zsh'			
[ac]rpm -q zsh

[aa]ansible mysql -m yum -a 'name=zsh state=absent'
[ac] rpm -q zsh

ansible Archive 解包 ansible-managed_ansible Archive 解包_30


ansible Archive 解包 ansible-managed_mysql_31


ansible Archive 解包 ansible-managed_ansible_32


ansible Archive 解包 ansible-managed_mysql_33

10、shell模块

ansible-doc -s shell

#创建用户使用免交互模式给用户设置密码
ansible mysql -m shell -a 'echo abc123 | passwd --stdin mysql'

ansible Archive 解包 ansible-managed_IP_34

11、script模块

absible-doc -s script

#在ansible管理端创建脚本
[aa]vi test.sh				
#!/bin/bash
echo "hello world" > /opt/script.txt

#给脚本赋予可执行权限
[aa]chmod +x test.sh

#在ansible被管理端执行test.sh文件
[aa]ansible mysql -m script -a 'test.sh'

#检测文件内容
[ac] cat /opt/script.txt

ansible Archive 解包 ansible-managed_ansible Archive 解包_35


ansible Archive 解包 ansible-managed_ansible Archive 解包_36


ansible Archive 解包 ansible-managed_ansible Archive 解包_37

12、setup模块

ansible-doc -s setup

#获取mysql组主机的facts信息
ansible mysql -m setup

ansible Archive 解包 ansible-managed_IP_38

补充:

[root@localhost .ssh]# systemctl is-enabled httpd.service 			#查看是否开机自启
disabled