運維自動化之ANSIBLE(中級)
上一篇簡單介紹ansible的一些基礎知識,這篇我們來討論下ansible的基本使用,高級階段放到下一篇來講 node
Ansbile
ansible經過ssh實現配置管理、應用部署、任務執行等功能,建議配置ansible端能基於密鑰認證的方式聯繫各被管理節點
ansible <host-pattern> [-m module_name] [-a args]
--version 顯示版本
-m module 指定模塊,默認爲command
-v 詳細過程 –vv -vvv更詳細
--list-hosts 顯示主機列表,可簡寫 --list
-k, --ask-pass 提示輸入ssh鏈接密碼,默認Key驗證
-K, --ask-become-pass 提示輸入sudo時的口令
-C, --check 檢查,並不執行
-T, --timeout=TIMEOUT 執行命令的超時時間,默認10s
-u, --user=REMOTE_USER 執行遠程執行的用戶
-b, --become 代替舊版的sudo 切換 web
ansible的Host-pattern
ansible的Host-pattern
匹配的主機的列表:
All :表示全部Inventory中的全部主機 shell
[root@ansible ~]#ansible all -m ping
172.20.7.50 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.52 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.56 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.54 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.57 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.55 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.53 | SUCCESS => {
"changed": false,
"ping": "pong"
}
* : 通配符 bash
[root@ansible ~]#ansible "*" -a 'echo $HOSTNAME' 172.20.7.56 | SUCCESS | rc=0 >> node6.dklwj.com 172.20.7.54 | SUCCESS | rc=0 >> node4.dklwj.com ..... [root@ansible ~]#ansible 172.20.7.* -a 'echo $HOSTNAME' 172.20.7.53 | SUCCESS | rc=0 >> node3.dklwj.com 172.20.7.56 | SUCCESS | rc=0 >> node6.dklwj.com .... [root@ansible ~]#ansible *srvs -a 'echo $HOSTNAME' 172.20.7.52 | SUCCESS | rc=0 >> node2.dklwj.com 172.20.7.50 | SUCCESS | rc=0 >> ansible ....
或關係 服務器
[root@ansible ~]#ansible "websrvs:dbsrvs" -a 'echo $HOSTNAME' 172.20.7.54 | SUCCESS | rc=0 >> node4.dklwj.com 172.20.7.52 | SUCCESS | rc=0 >> node2.dklwj.com 172.20.7.56 | SUCCESS | rc=0 >> node6.dklwj.com 172.20.7.53 | SUCCESS | rc=0 >> node3.dklwj.com 172.20.7.57 | SUCCESS | rc=0 >> node7.dklwj.com [root@ansible ~]#ansible "172.20.7.50:172.20.7.56" -a 'echo $HOSTNAME' 172.20.7.50 | SUCCESS | rc=0 >> ansible 172.20.7.56 | SUCCESS | rc=0 >> node6.dklwj.com
邏輯與
ansible 「websrvs:&dbsrvs」 –a 'echo $HOSTNAME'
在websrvs組而且在dbsrvs組中的主機app
cat /etc/ansible/hosts [websrvs] 172.20.7.52 172.20.7.56 172.20.7.57 [dbsrvs] 172.20.7.53 172.20.7.54 172.20.7.52 [appsrvs] 172.20.7.50 172.20.7.55 "/etc/ansible/hosts" 54L, 1143C written [root@ansible ~]#ansible "websrvs:&dbsrvs" -a 'echo $HOSTNAME' 172.20.7.52 | SUCCESS | rc=0 >> node2.dklwj.com
邏輯非
ansible ‘websrvs:!dbsrvs’ –a 'echo $HOSTNAME'
在websrvs組,但不在dbsrvs組中的主機
注意:此處爲單引號 運維
[root@ansible ~]#ansible 'websrvs:!dbsrvs' -a 'echo $HOSTNAME' 172.20.7.57 | SUCCESS | rc=0 >> node7.dklwj.com 172.20.7.56 | SUCCESS | rc=0 >> node6.dklwj.com
綜合邏輯
ansible ‘websrvs:dbsrvs:&appsrvs:!ftpsrvs’ –a 'echo $HOSTNAME'dom
cat /etc/ansible/hosts [websrvs] 172.20.7.52 172.20.7.56 172.20.7.57 [dbsrvs] 172.20.7.53 172.20.7.54 172.20.7.52 [appsrvs] 172.20.7.50 172.20.7.52 172.20.7.55 [ftpsrvs] 172.20.7.50 172.20.7.55 "/etc/ansible/hosts" 58L, 1189C written [root@ansible ~]#ansible 'websrvs:dbsrvs:&appsrvs:!ftpsrvs' -a 'echo $HOSTNAME'172.20.7.52 | SUCCESS | rc=0 >> node2.dklwj.com
ansible命令執行過程
ansible命令執行過程
1. 加載本身的配置文件 默認/etc/ansible/ansible.cfg
2. 加載本身對應的模塊文件,如command
3. 經過ansible將模塊或命令生成對應的臨時py文件,並將該 文件傳輸至遠程服務器的對應執行用戶$HOME/.ansible/tmp/ansible-tmp-數字/XXX.PY文件
4. 給文件+x執行
5. 執行並返回結果
6. 刪除臨時py文件,sleep 0退出
執行狀態:
×××:執行成功而且對目標主機作變動
綠色:執行成功而且不須要作改變的操做
紅色:執行失敗
Ansible使用示例
基於一臺主機管理 [root@ansible ~]#ansible 172.20.7.52 -m command -a 'ls /root' 172.20.7.52 | SUCCESS | rc=0 >> anaconda-ks.cfg Desktop Documents Downloads initial-setup-ks.cfg Music Pictures Public Templates Videos 基於組的自動管理 [root@ansible ~]#ansible websrvs -m command -a 'ls /root' 172.20.7.53 | SUCCESS | rc=0 >> anaconda-ks.cfg Desktop Documents Downloads install.log install.log.syslog Music Pictures Public Templates Videos 172.20.7.52 | SUCCESS | rc=0 >> anaconda-ks.cfg Desktop Documents Downloads initial-setup-ks.cfg Music Pictures Public Templates Videos
Ansible經常使用模塊
Command:
在遠程主機執行命令,默認模塊,可忽略-m選項
ansible websrvs -m command -a 'systemctl start httpd' ide
[root@ansible ~]#ansible websrvs -m command -a 'systemctl start httpd' 172.20.7.57 | SUCCESS | rc=0 >> 172.20.7.56 | SUCCESS | rc=0 >> 172.20.7.52 | SUCCESS | rc=0 >>
ansible 172.20.7.52 -m command -a 'echo 123456 |passwd --stdin cobbler'不成功
[root@ansible ~]#ansible 172.20.7.52 -m command -a 'echo 123456|passwd --stdin cobbler' 172.20.7.52 | SUCCESS | rc=0 >> 123456|passwd --stdin cobbler
此命令不支持 $VARNAME < > | ; & 等,用shell模塊實現
Shell:和command類似,用shell執行命令
ansible 172.20.7.52 -m command -a 'echo 123456 |passwd --stdin cobbler'
[root@ansible ~]#ansible 172.20.7.52 -m shell -a 'echo 123456|passwd --stdin cobbler' 172.20.7.52 | SUCCESS | rc=0 >> Changing password for user cobbler. passwd: all authentication tokens updated successfully.
調用bash執行命令 相似 cat /tmp/stanley.md | awk -F‘|’ ‘{print $1,$2}’ &> /tmp/example.txt 這些複雜命令,即便使用shell也可能會失敗,解決辦法:寫到腳本時,copy到遠程,執行,再把須要的結果拉回執行命令的機器
Script:運行腳本
-a "/PATH/TO/SCRIPT_FILE"
ansible websrvs -m script -a f1.sh
[root@ansible ~]#ansible websrvs -m script -a f1.sh
172.20.7.52 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.20.7.52 closed.\r\n",
"stderr_lines": [
"Shared connection to 172.20.7.52 closed."
],
"stdout": "node2.dklwj.com\r\n",
"stdout_lines": [
"node2.dklwj.com"
]
}
172.20.7.56 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.20.7.56 closed.\r\n",
"stderr_lines": [
"Shared connection to 172.20.7.56 closed."
],
"stdout": "node6.dklwj.com\r\n",
"stdout_lines": [
"node6.dklwj.com"
]
}
172.20.7.57 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.20.7.57 closed.\r\n",
"stderr_lines": [
"Shared connection to 172.20.7.57 closed."
],
"stdout": "node7.dklwj.com\r\n",
"stdout_lines": [
"node7.dklwj.com"
]
}
Copy:從服務器複製文件到客戶端
ansible 172.20.7.52 -m copy -a 'src=/root/f1.sh dest=/tmp/f2.sh owner=cobbler mode=600 backup=yes'
如目標存在,默認覆蓋,此處指定先備份
[root@ansible ~]#ansible 172.20.7.52 -m copy -a 'src=/root/f1.sh dest=/tmp/f2.sh owner=cobbler mode=600 backup=yes'
172.20.7.52 | SUCCESS => {
"changed": true,
"checksum": "186e23e2c374f961aae6e4a876791f8ea3fa132a",
"dest": "/tmp/f2.sh",
"gid": 0,
"group": "root",
"mode": "0600",
"owner": "cobbler",
"path": "/tmp/f2.sh",
"size": 29,
"state": "file",
"uid": 1002
}
ansible websrv -m copy -a 「content=‘test content\n’ dest=/tmp/f1.txt」
利用內容,直接生成目標文件
[root@ansible ~]#ansible websrvs -m copy -a 'content="line1\nline2" dest=/tmp/f1.txt'
172.20.7.52 | SUCCESS => {
"changed": true,
"checksum": "05eed6236c8bda5ecf7af09bae911f9d5f90998b",
"dest": "/tmp/f1.txt",
"gid": 0,
"group": "root",
"md5sum": "ee5a58024a155466b43bc559d953e018",
"mode": "0644",
"owner": "root",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1537759297.03-108086848060144/source",
"state": "file",
"uid": 0
}
172.20.7.57 | SUCCESS => {
"changed": true,
"checksum": "05eed6236c8bda5ecf7af09bae911f9d5f90998b",
"dest": "/tmp/f1.txt",
"gid": 0,
"group": "root",
"md5sum": "ee5a58024a155466b43bc559d953e018",
"mode": "0644",
"owner": "root",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1537759297.06-272258279616668/source",
"state": "file",
"uid": 0
}
172.20.7.56 | SUCCESS => {
"changed": true,
"checksum": "05eed6236c8bda5ecf7af09bae911f9d5f90998b",
"dest": "/tmp/f1.txt",
"gid": 0,
"group": "root",
"md5sum": "ee5a58024a155466b43bc559d953e018",
"mode": "0644",
"owner": "root",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1537759297.04-113306386739819/source",
"state": "file",
"uid": 0
}
#查看遠程主機是否成功
[root@ansible ~]#ansible websrvs -a 'cat /tmp/f1.txt'
172.20.7.57 | SUCCESS | rc=0 >>
line1
line2
172.20.7.56 | SUCCESS | rc=0 >>
line1
line2
172.20.7.52 | SUCCESS | rc=0 >>
line1
line2
Fetch:從客戶端取文件至服務器端,copy相反,目錄可先tar
[root@ansible ~]#ansible websrvs -m fetch -a 'src=/data/f1 dest=/data/'
172.20.7.52 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/data/172.20.7.52/data/f1",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
172.20.7.56 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/data/172.20.7.56/data/f1",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
172.20.7.57 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/data/172.20.7.57/data/f1",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
# 查看server端,在這裏ansible作的仍是能夠的 怕傳過來的混淆,用客戶端的IP做爲文件夾以示區分。
[root@ansible ~]#ls /data/
172.20.7.52 172.20.7.56 172.20.7.57
File:設置文件屬性
ansible 172.20.7.52 -m file -a "path=/root/f1.sh owner=cobbler mode=755"
[root@ansible ~]#ansible 172.20.7.52 -m file -a "path=/root/f1.sh owner=cobbler mode=755"
172.20.7.52 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "cobbler",
"path": "/root/f1.sh",
"size": 30,
"state": "file",
"uid": 1002
}
[root@ansible ~]#ansible 172.20.7.52 -a 'ls -l /root/f1.sh'
172.20.7.52 | SUCCESS | rc=0 >>
-rwxr-xr-x 1 cobbler root 30 Sep 23 19:24 /root/f1.sh
ansible websrvs -m file -a ‘src=/app/testfile dest=/app/testfile-link state=link’
# 在websrvs組中全部機器上建立軟鏈接
[root@ansible ~]#ansible websrvs -m file -a 'src=/data/f1 dest=/data/f1-link state=link'
172.20.7.52 | SUCCESS => {
"changed": true,
"dest": "/data/f1-link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 8,
"src": "/data/f1",
"state": "link",
"uid": 0
}
172.20.7.56 | SUCCESS => {
"changed": true,
"dest": "/data/f1-link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 8,
"src": "/data/f1",
"state": "link",
"uid": 0
}
172.20.7.57 | SUCCESS => {
"changed": true,
"dest": "/data/f1-link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 8,
"src": "/data/f1",
"state": "link",
"uid": 0
}
# 查看結果
[root@ansible ~]#ansible websrvs -a 'ls -l /data'
172.20.7.57 | SUCCESS | rc=0 >>
total 0
-rw-r--r-- 1 root root 0 Sep 22 16:45 f1
lrwxrwxrwx 1 root root 8 Sep 24 12:57 f1-link -> /data/f1
172.20.7.56 | SUCCESS | rc=0 >>
total 0
-rw-r--r-- 1 root root 0 Sep 22 16:45 f1
lrwxrwxrwx 1 root root 8 Sep 24 12:57 f1-link -> /data/f1
172.20.7.52 | SUCCESS | rc=0 >>
total 0
-rw-r--r-- 1 root root 0 Sep 25 11:27 f1
lrwxrwxrwx 1 root root 8 Sep 25 12:57 f1-link -> /data/f1
Hostname:管理主機名
ansible node1 -m hostname -a 「name=websrv」
#把單獨一臺遠程主機修改主機名,這種修改是直接生效的若是是6系統的話連/etc/sysconfig/network裏面的都修改了
[root@ansible ~]#ansible 172.20.7.52 -m hostname -a 'name=ansible2'
172.20.7.52 | SUCCESS => {
"ansible_facts": {
"ansible_domain": "",
"ansible_fqdn": "ansible2",
"ansible_hostname": "ansible2",
"ansible_nodename": "ansible2"
},
"changed": true,
"name": "ansible2"
}
[root@ansible ~]#ansible 172.20.7.52 -a 'hostname'
172.20.7.52 | SUCCESS | rc=0 >>
ansible2
Cron:計劃任務
支持時間:minute,hour,day,month,weekday
ansible srv -m cron -a 「minute=*/5 job=‘/usr/sbin/ntpdate 172.16.0.1 &>/dev/null’ name=Synctime」 建立任務
# 給websrvs組中全部主機建立一個時間同步計劃,時間爲每5鍾同步一次
[root@ansible ~]#ansible websrvs -m cron -a 'name="sync time from ntpserver" minute="*/5" job="ntpdate 172.20.0.1 &> /dev/null"'
172.20.7.56 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"sync time from ntpserver"
]
}
172.20.7.52 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"sync time from ntpserver"
]
}
172.20.7.57 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"sync time from ntpserver"
]
}
# 查看websrvs是否建立成功
[root@ansible ~]#ansible websrvs -a 'crontab -l'
172.20.7.57 | SUCCESS | rc=0 >>
#Ansible: sync time from ntpserver
*/5 * * * * ntpdate 172.20.0.1 &> /dev/null
172.20.7.56 | SUCCESS | rc=0 >>
#Ansible: sync time from ntpserver
*/5 * * * * ntpdate 172.20.0.1 &> /dev/null
172.20.7.52 | SUCCESS | rc=0 >>
#Ansible: sync time from ntpserver
*/5 * * * * ntpdate 172.20.0.1 &> /dev/null
ansible srv -m cron -a ‘state=absent name=Synctime’ 刪除任務
後續持續更新中ing.......
相關文章
- 1. 自動化運維之ansible
- 2. 運維自動化之ansible
- 3. 自動化運維之-ansible
- 4. 自動化運維之Ansible
- 5. 運維打怪升級之Ansible自動化運維工具
- 6. 【0725】自動化運維——ansible
- 7. Ansible自動化運維
- 8. 運維自動化-Ansible ( 四 )
- 9. 自動化運維—ansible
- 10. 運維自動化-Ansible roles
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • Spring自動裝配Bean - Spring教程
- • SpringBoot中properties文件不能自動提示解決方法
- • IntelliJ IDEA中SpringBoot properties文件不能自動提示問題解決
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 自動化運維之ansible
- 2. 運維自動化之ansible
- 3. 自動化運維之-ansible
- 4. 自動化運維之Ansible
- 5. 運維打怪升級之Ansible自動化運維工具
- 6. 【0725】自動化運維——ansible
- 7. Ansible自動化運維
- 8. 運維自動化-Ansible ( 四 )
- 9. 自動化運維—ansible
- 10. 運維自動化-Ansible roles