1.什么是ansible
可以通過(guò)一個(gè)命令行完成一系列的操作
2.ansible優(yōu)點(diǎn)和特點(diǎn)
(1)優(yōu)點(diǎn):
①批量執(zhí)行遠(yuǎn)程命令
②批量配置軟件服務(wù)
③實(shí)現(xiàn)軟件開(kāi)發(fā)功能
④編排高級(jí)的IT任務(wù)
(2)特點(diǎn)
①容易學(xué)習(xí)绝页,無(wú)代理模式
②操作靈活
③簡(jiǎn)單易用
④安全可用
⑤移植性高
3.ansible 基礎(chǔ)架構(gòu)---控制端 被控端 inventory ad-hoc playbook 連接協(xié)
議
4.ansible 配置文件 優(yōu)先級(jí)
ANSIBLE_CONFIG
ansible.cfg ---當(dāng)前項(xiàng)目目錄中
.ansible.cfg ---當(dāng)前執(zhí)行用戶的家目錄
/etc/ansible/ansible.cfg
例題:
[root@manager ~]# export
ANSIBLE_CONFIG="/tmp/ansible.cfg"
[root@manager ~]# touch /tmp/ansible.cfg
[root@manager ~]# mkdir /project1
[root@manager ~]# cd /project1/
[root@manager project1]# touch ansible.cfg
[root@manager project2]# ansible --version
ansible 2.8.5
config file = /project1/ansible.cfg
[root@manager /]# mkdir /project2
[root@manager /]# cd /project2/
[root@manager project2]# touch ansible.cfg
[root@manager project1]# ansible --version
ansible 2.8.5
config file = /project2/ansible.cfg
[root@manager tmp]# touch ~/.ansible.cfg
[root@manager tmp]# ansible --version
ansible 2.8.5
config file = /root/.ansible.cfg
5.ansible inventory主機(jī)清單
(1)基于ip地址+密碼的方式
yum install ansible -y
mkdir projectl
cd projectl
cp /etc/ansible/ansible.cfg ansible.cfg
vi ansible.cfg
host_key_checking = False
vi hosts
[webservers]
172.16.1.7 ansible_ssh_user='root'
ansible_ssh_pass='1'
172.16.1.8 ansible_ssh_user='root'
ansible_ssh_pass='1'
(2)基于密鑰連接妆距,需要先創(chuàng)建公鑰和私鑰凰锡,并下發(fā)公鑰至被
控端
ssh-keygen t rsa -C"111"
[root@manager ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub
root@172.16.1.7
[root@manager ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub
root@172.16.1.8
①主機(jī)+端口+密鑰
[root@manager ~]# cat hosts
[webservers]
172.16.1.7
172.16.1.8
ansible webservers --list-hosts -i hosts(查看成員)
例如:[root@manager project1]# ansible webservers --listhosts -i hosts
hosts (2):
172.16.1.7
ansible webservers -m ping -i hosts(ping客戶機(jī)通不通)
(3)主機(jī)組使用方式
[lbservers] #定義lbservers組
172.16.1.5
172.16.1.6
[webservers] #定義webserver組
172.16.1.7
172.16.1.8
[servers:children] #定義servers組包括兩個(gè)子組
[lbservers,webserver]
lbservers
webserver
Ansible Ad-Hoc
6.ansible ad-Hoc 單條命令
(1)模塊名稱
command (執(zhí)行命令 默認(rèn) 不支持管道)
shell (執(zhí)行命令 支持管道)
yum_reposity (yum倉(cāng)庫(kù)配置)
yum (yum安裝軟件)
get_url (和linux的wget一致)
copy (拷貝配置文件)
service|systemd (啟動(dòng)服務(wù))
user(創(chuàng)建用戶)
group(創(chuàng)建組)
file (創(chuàng)建目錄 創(chuàng)建文件 遞歸授權(quán))
mount (掛載)
cron (定時(shí)任務(wù))
firewalld (防火墻)
selinux (selinuix)
7.command
ansible webservers -a "ps axu|grep nginx" -i hosts
#不支持管道(簡(jiǎn)單命令)
8.shell
ansible webservers -m shell -a "ps axu|grep nginx" -
i hosts #支持管道
9.yum
state:
present 安裝
absent 卸載
latest 最新
enablerepo #指定使用按個(gè)倉(cāng)庫(kù)
disablerepo #排除使用哪個(gè)倉(cāng)庫(kù)
①安裝最新的httpd服務(wù)
[root@manager project1]# ansible webservers -m yum
-a "name=httpd state=latest disablerepo=webtaticphp" -i hosts
②移除httpd服務(wù)
[root@manager project1]# ansible webservers -m yum
-a "name=httpd state=absent disablerepo=webtaticphp" -i hosts
③安裝httpd指定從按個(gè)倉(cāng)庫(kù)安裝
- name: install the latest version of Apache from
the testing repo
[root@manager project1]# ansible webservers -m yum
-a "name=httpd state=latest enablerepo=testing" -i
hosts
④通過(guò)URL方式進(jìn)行安裝
[root@manager project1]# ansible webservers -m yum
-a
"name=https://mirrors.aliyun.com/zabbix/zabbix/3.0/
rhel/7/x86_64/zabbix-agent-3.0.0-1.el7.x86_64.rpm
state=present disablerepo=webtatic-php" -i hosts
⑤軟件包必須在被控端主機(jī)
- name: install nginx rpm from a local file (軟件包
必須在被控端主機(jī))
[root@manager project1]# ansible webservers -m yum
-a "name=/root/zabbix-agent-4.0.0-2.el7.x86_64.rpm
state=present disablerepo=webtatic-php" -i hosts
10.copy
src ---本地路徑,可以是相對(duì),可以是絕對(duì)
dest ---目標(biāo)位置
owner ---屬主
group ---屬組
mode ---權(quán)限
backup ---備份
例題:
①[root@manager project1]# ansible webservers -m copy
-a "src=./file/ansible.oldxu.com.conf
dest=/etc/nginx/conf.d/ansible.oldxu.com.conf
owner=root group=root mode=644" -i hosts
②[root@manager project1]# ansible webservers -m copy
-a "src=./file/ansible.oldxu.com.conf
dest=/etc/nginx/conf.d/ansible.oldxu.com.conf
owner=root group=root mode=644 backup=yes" -i hosts
11.service|systemd
state
started #啟動(dòng)
stopped #停止
restarted #重啟
reloaded #重載
enabled #是否開(kāi)機(jī)自啟
yes #是
no #否
例題:
[root@manager project1]# ansible webservers -m
systemd -a "name=nginx state=restarted enabled=yes"
-i hosts
12.file
* 創(chuàng)建 /code/ansible
path ---路徑
state
touch ---創(chuàng)建文件
directory ---創(chuàng)建目錄
owner ---屬主
group ---屬組
mode ---權(quán)限
例題:
①準(zhǔn)備站點(diǎn)
[root@manager project1]# ansible webservers -m file
-a "path=/code/ansible state=directory mode=755
owner=www group=www" -i hosts
②準(zhǔn)備站點(diǎn)代碼
[root@manager project1]# ansible webservers -m copy
-a "src=./file/index.html
dest=/code/ansible/index.html owner=www group=www
mode=644" -i hosts
13.user group
(1)group 整數(shù)int 小數(shù) flot dasdsa str 真|假
bool
例題:
[root@manager project1]# ansible webservers -m
group -a "name=www gid=666 state=present" -i hosts
(2)user
name #名稱
uid #uid
group #組名或gid
create_home #是否創(chuàng)建家目錄
system #是否作為系統(tǒng)組
shell #指定登錄shell
state
present
absent
remove
groups
append
password
例題:
① 程序使用 www 666 666 /sbin/nologin /home
-->無(wú)
[root@manager project1]# ansible webservers -m user
-a "name=www uid=666 group=666 create_home=no
shell=/sbin/nologin state=present" -i hosts
②正常用戶 oldxu 1000 1000 /bin/bash
/home/oldxu
[root@manager project1]# ansible webservers -m user
-a "name=oldxu" -i hosts
③移除oldxu用戶,并刪除家目錄所有內(nèi)容.
[root@manager project1]# ansible webservers -m user
-a "name=oldxu state=absent remove=yes" -i hosts
④ 創(chuàng)建 other用戶.有兩個(gè)附加組root bin,創(chuàng)建家目錄,指定登錄
shell,設(shè)定密碼123
生成一個(gè)密碼
ansible all -i localhost, -m debug -a "msg={{ '123'
| password_hash('sha512', 'mysecretsalt') }}"
[root@manager project1]# ansible webservers -m user
-a 'name=other groups='root,bin' create_home=yes
shell=/bin/bash
password="$6$mysecretsalt$gIIYs0Xgc7sSQkH.zKaz8/Afa
MomYzR1QZYtccwmJcUt8VpLq4D055UCCX4MlwgePOP80ZRwhppv
BF72RIAVi/"' -i hosts
14. mount
例題:
(1)提前準(zhǔn)備好nfs服務(wù)端
[root@web01 ~]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data/zrlog 172.16.1.0/24
/data/zh 172.16.1.0/24
/data/edu 172.16.1.0/24
/data/blog 172.16.1.0/24
(2)用管理端操作被控端,讓被控端掛載nfs存儲(chǔ)數(shù)據(jù)
present #寫入/etc/fstab
absent #卸載/etc/fstab
mounted #臨時(shí)掛載
unmounted #卸載當(dāng)前掛載
①掛載過(guò)程中,如果目錄不存在,則會(huì)創(chuàng)建該目錄
[root@manager project1]# ansible webservers -m
mount -a "src=172.16.1.31:/data/zrlog
path=/test_zrlog fstype=nfs opts=defaults
state=mounted" -i hosts
[root@manager project1]# ansible webservers -m
mount -a "src=172.16.1.31:/data/zrlog
path=/test_zrlog fstype=nfs opts=defaults
state=unmounted" -i hosts
15.cron
minute --分
hour ---時(shí)
day --日
month ---月
week ---周
job
例題:
[root@manager project1]# ansible webservers -m cron
-a 'name=test_job minute=00 hour=02 job="/bin/bash
/server/scripts/client_to_data_server.sh
&>/dev/null"' -i hosts
[root@manager project1]# ansible webservers -m cron
-a 'name=test job="/bin/bash
/server/scripts/test.sh &>/dev/null"' -i hosts
[root@manager project1]# ansible webservers -m
cron -a 'name=test job="/bin/bash
/server/scripts/test.sh &>/dev/null" state=absent'
-i hosts
16.firewalld
例題:
[root@manager project1]# ansible webservers -m
systemd -a "name=firewalld state=started" -i hosts
①針對(duì)服務(wù)
[root@manager project1]# ansible webservers -m
firewalld -a "service=http state=enabled" -i hosts
②針對(duì)端口
[root@manager project1]# ansible webservers -m
firewalld -a "port=9999/tcp state=enabled" -i hosts
17.selinux
例題:
[root@manager project1]# ansible webservers -m
selinux -a "state=disabled" -i hosts