Ansible入门及常用模块介绍

4. Ansible及常用模块介绍

4.1 初识Ansible

4.1.1 概述

Ansible是自动化运维工具,基于Python开发,集合了众多运维工linux系统安装具(puppet、chef、func、fabric)的优点,实现了批linux系统量系python下载统配置、批量程序部署、批量运行命令等功能。Ansible提供一种框架,,本身没有批量python代码画樱花部署的能力,它基于模块化工作,所有的功能都是通过对应的模块来实现的。Ansible是基于ssh来和远程主机通讯的,因此不需要在远程主机上安装client/agents。linux重启命令
Ansible目前已经已经被红帽官方收购,是大家认可度最高的自动化运维工具,并且上手容易,学习简python123平台登录单,是每位运维工程师必须掌握的技能之一。

  • 官方网站:https://www.ansible.com/
  • 官方文档:https://docs.ansible.com/
  • 国内最专业的Ansible中文官方学习手册 http://www.ansible.com.python是什么意思cn/index.html

4.1linux必学的60个命令.2 ansible 功能

  • 批量执行远程命令,python编程可以对远程的多台主机同时进行命令的执行
  • 批量安装和配置软件服务,可以对远程的多台主机进行自动化的方式配置和管理各种服务
  • 编排高级的企业级复杂的IT架构任务, Ansible的Playbook和role可以轻松实现python怎么读大型的IT复杂架构
  • 提供自动化运维工具的开发API, 有很多运维工具,如jumpserver就是基于 ansible 实现自动化管理

4.1.3 Ansible 特性

  • 模块化:调用系统运维工资一般多少特定的模块完成linux操作系统基础知识特定任务,支持自定义模块,可使用任何编程语言写模块
  • Paramiko(python对ssh的实现),PyYAML,Jinja2(模板语linux是什么操作系统言)三个关键模块
  • 基于Python语言实现
  • 部署简单,基于python和SSH(默认已安装)系统/运维,agentpythonless,无需代理不依赖PKI(无需ssl)
  • 安全,基于OpenSSH
  • 幂等性:一个任务执行1遍和执行nlinux删除文件命令遍效果一样,不因重复执行带来意外ansible详解情况,此特性非绝对
  • 支持plinux常用命令laybook编排任务,YAML格式,编排任务,支持丰富的数据结构
  • 较强大的多层解决方案 role

4.1.4 Ansible 组成

组合INVENTORY、API、MOansible详解DAnsibleULES、PLUGINS的Ansible模块绿框,为ansible命令工具,其为核心执行工具

  • INVENTORY:Ansible管理主机的清单/etc/anaible/hansible定义变量规则olinux删除文件命令sts
  • MODULES:Apython是什么意思nsible执行命令的功能模块,多数为内置核心模块,也可自定义
  • PLUGI系统/运维NS:模块功能的补充,如连接类型插件、循环插件、变量插件、过滤插件等,python是什么意思该功能不常用
  • API:ansibleplaybook供第三方程序调用的应用程序编程接口

4.2 安装及入门

4.2.1 Ansible安装

Ansible的安装方法有多种,包括:包安装、编译安装、Git安装、ansible定义变量规则pip安装等。其中:pip 是安装Python包的管理器,类似 yum。

本文先以包安装方式在CentAnsible入门OS8.4上完成安装

# 修改主机名、同步时间等
[root@CentOS84 ]#hostnamectl set-hostname Ansible-PRI
[root@CentOS84 ]#exit
[root@Ansible-PRI ]#
[root@Ansible-PRI ]#systemctl enable --now chronyd.service

[root@Ansible-PRI ]#yum info ansible
Last metadata expiration check: 1 day, 16:01:55 ago on Fri 25 Feb 2022 10:12:49 PM CST.
Available Packages
Name : ansible
Version : 2.9.27
Release : 1.el8
Architecture : noarch
Size : 17 M
Source : ansible-2.9.27-1.el8.src.rpm
Repository : EPEL # Ansible 走的是EPEL源,如果没配置的话需要配置或者启用
Summary : SSH-based configuration management, deployment, and task execution system
URL : http://ansible.com
License : GPLv3+
Description : Ansible is a radically simple model-driven configuration management,
: multi-node deployment, and remote task execution system. Ansible works
: over SSH and does not require any software or daemons to be installed
: on remote nodes. Extension modules can be written in any language and
: are transferred to managed machines automatically.

[root@Ansible-PRI ]#yum -y install ansible
........................
Complete!

4.2.2 确认安装

[root@Ansible-PRI ]#ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Mar 19 2021, 05:13:41) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]

[root@Ansible-PRI ]#whereis ansible
ansible: /usr/bin/ansible /etc/ansible /usr/share/ansible /usr/share/man/man1/ansible.1.gz

[root@Ansible-PRI ]#file /usr/bin/ansible
/usr/bin/ansible: Python script, ASCII text executable
看到是Python script

[root@Ansible-PRI ]#cat /usr/bin/ansible
#!/usr/bin/python3.6
从文件内容可以考到是python3.6开发的
[root@Ansible-PRI ]#

4.3 Ansible 相关配置文件

  • /etc/ansible/ansible.cfg 主配置文件,配置ansible工作特性,也可以在项目的目录中创建此文件,当前目录下如果也有anpython可以做什么工作sible.cfg,则此文件优先生效,建议每个项ansibleplaybook目目录下,创建独有的ansible.cfg文件
  • /etc/ansible/hosts 主机清单linux系统
  • /etc/ansible/roles/ 存放角色的目录

4.4 Ansible部署及hosts文件配置

任务内容:实现Ansible主控端(IP192.1python下载68.250.48)和被控端之间的基于key的认证;配置Ansible的pythonhosts文件;验证前面配置效果

4.4.1 实现主控端ansible定义变量规则和被控端基于key认证

### 利用编写好的ssh_key.sh脚本,实现在本网段范围内的所有主机之间双向的基于key认证
[root@Ansible-PRI ]#vim ssh_key.sh
[root@Ansible-PRI ]#cat ssh_key.sh
#!/bin/bash
#
#********************************************************************************************<strong>
#Author: WuDongWuXia
#QQ: 1050572574@qq.com
#Date: 2022-02-27
#FileName: ssh_key.sh
#URL: www.shoneinfo.cn
#Description: The Test Script
#Copyright (C):2022 All rights reserved
#</strong>*******************************************************************************************
#
PASS=88XXXX88
#设置网段最后的地址,4-255之间,越小扫描越快
END=254

IP=`ip a s eth0 | awk -F'[ /]+''NR==3{print $3}'`
NET=${IP%.*}.

rm -f /root/.ssh/id_rsa
[ -e ./SCANIP.log ] && rm -f SCANIP.log
for((i=3;i<="$END";i++));do
ping -c 1 -w 1 ${NET}$i &> /dev/null && echo "${NET}$i" >> SCANIP.log &
done
wait

ssh-keygen -P "" -f /root/.ssh/id_rsa
rpm -q sshpass || yum -y install sshpass
sshpass -p $PASS ssh-copy-id -o StrictHostKeyChecking=no $IP

AliveIP=(`cat SCANIP.log`)
for n in ${AliveIP[*]};do
sshpass -p $PASS scp -o StrictHostKeyChecking=no -r /root/.ssh root@${n}:
done

#把.ssh/known_hosts拷贝到所有主机,使它们第一次互相访问时不需要输入回车
for n in ${AliveIP[*]};do
scp /root/.ssh/known_hosts ${n}:.ssh/
done

[root@Ansible-PRI ]#chmod a+x ssh_key.sh
# 运行脚本
[root@Ansible-PRI ]#bash ssh_key.sh

# 查看通过PING扫描到的所有存活主机
[root@Ansible-PRI ]#cat SCANIP.log
192.168.250.18
192.168.250.17
192.168.250.7
192.168.250.48 #Ansible 主控端
192.168.250.8
192.168.250.28
192.168.250.38
192.168.250.68
192.168.250.58

4.4.2 配置Ansible的hosts文件

# 下面是在默认文件基础上,增加了些行
[root@Ansible-PRI ]#cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
[centos7]
192.168.250.7
192.168.250.17

[centos8]
192.168.250.8
192.168.250.18
192.168.250.28
192.168.250.38
192.168.250.58
192.168.250.68
# If you have multiple hosts following a pattern you can specify
# them like this:
## www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group

## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
[mysql8]
192.168.250.58
192.168.250.68
# Here's another example of host ranges, this time there are no
# leading 0s:

## db-[99:101]-node.example.com

[root@Ansible-PRI ]#

4.4.3 配置Ansible的hosts文件

### 根据主机类别配置好hosts文件
[root@Ansible-PRI ]#ansible all --list-hosts
hosts (8):
192.168.250.7
192.168.250.17
192.168.250.8
192.168.250.18
192.168.250.28
192.168.250.38
192.168.250.58
192.168.250.68
[root@Ansible-PRI ]#

[root@Ansible-PRI ]#ansible all -m ping
192.168.250.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.250.17 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.250.8 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.250.28 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.250.18 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.250.58 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.250.38 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.250.68 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@Ansible-PRI ]#

### 说明:至此就完成了Ansible的安装部署。步骤:(1)安装Ansible;(2)在主控端和所有被控端之间建立基于key的认证; (3)配置Ansible的hosts文件

4.5 Ansible模块及常用模块简介

4.5.1 Ansible模块

2015年底270多个模块,2016年达到540个,2018年01月12日有1378个模块,2018年07月15日1852个模块,2019年05月25日(ansible 2.7.10)时2080个模块,2020年03月02python代码大全日有3387个模块。虽然模块居多,但最常用的模块也就二三十个。
常用模块帮助文档参考 [Ansible All modules Documentation]: https://docs.ansible.com/ansiansible定义变量规则ble/2.9/modupython可以做什么工作les/list_of_all_modules.html

# 统计Ansible 2.9.27 所有的模块的总数量
[root@Ansible-PRI ]#ansible-doc -l |wc -l
3387
[root@Ansible-PRI ]#

# ansible-doc 工具可以列出某个模块的用法
[root@Ansible-PRI ]#ansible-doc ping
> PING (/usr/lib/python3.6/site-packages/ansible/modules/system/ping.py)

A trivial test module, this module always returns `pong' on successful contact. It does not make sense
in playbooks, but it is useful from `/usr/bin/ansible' to verify the ability to login and that a usable
Python is configured. This is NOT ICMP ping, this is just a trivial test module that requires Python on
the remote-node. For Windows targets, use the [win_ping] module instead. For Network targets, use the
[net_ping] module instead.

* This module is maintained by The Ansible Core Team
OPTIONS (= is mandatory):

- data
Data to return for the `ping' return value.
If this parameter is set to `crash', the module will cause an exception.
[Default: pong]
type: str


SEE ALSO:
* Module net_ping
The official documentation on the net_ping module.
https://docs.ansible.com/ansible/2.9/modules/net_ping_module.html
* Module win_ping
The official documentation on the win_ping module.
https://docs.ansible.com/ansible/2.9/modules/win_ping_module.html


AUTHOR: Ansible Core Team, Michael DeHaan
METADATA:
status:
- stableinterface
supported_by: core


EXAMPLES:

# Test we can logon to 'webservers' and execute python with json lib.
# ansible webservers -m ping

# Example from an Ansible Playbook
- ping:

# Induce an exception to see what happens
- ping:
data: crash


RETURN VALUES:

ping:
description: value provided with the data parameter
returned: success
type: str
sample: pong

4.5.2 常用模块简介

4.5.2python.1 command 模块

功能:在远程主机执行命令,此为默认模ansible常用模块块,可忽略 -m 选项
注意:此模块不具有幂等性

### 用command 模块创建文件
# 范例:创建
[root@Ansible-PRI ]#ansible all -m command -a 'touch /data/test.ansible.commad'
[WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. #这个警告的意思是告知有专门的file模块可以创建文件
192.168.250.8 | CHANGED | rc=0 >>

192.168.250.28 | CHANGED | rc=0 >>

192.168.250.18 | CHANGED | rc=0 >>

192.168.250.7 | CHANGED | rc=0 >>

192.168.250.17 | CHANGED | rc=0 >>

192.168.250.58 | CHANGED | rc=0 >>

192.168.250.68 | CHANGED | rc=0 >>

192.168.250.38 | CHANGED | rc=0 >>

# 验证
[root@Ansible-PRI ]#ansible all -m command -a 'ls -l /data/test.ansible.commad'
192.168.250.28 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 Feb 26 19:03 /data/test.ansible.commad
192.168.250.18 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 Feb 26 19:03 /data/test.ansible.commad
192.168.250.8 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 Feb 26 19:03 /data/test.ansible.commad
192.168.250.7 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 Feb 26 19:03 /data/test.ansible.commad
192.168.250.17 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 Feb 26 06:03 /data/test.ansible.commad
192.168.250.38 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 Feb 26 19:03 /data/test.ansible.commad
192.168.250.58 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 Feb 26 19:03 /data/test.ansible.commad
192.168.250.68 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 Feb 26 19:03 /data/test.ansible.commad
[root@Ansible-PRI ]#

### command模块功能有限的,不支持重定向和管道,如下例
# 范例:重定向
[root@Ansible-PRI ]#ansible all -m command -a 'echo hello > /data/hello.txt'
192.168.250.28 | CHANGED | rc=0 >>
hello > /data/hello.txt #这行的意思是将 hello > /data/hello.txt 在屏幕打印出来了,不是重定向到文件
192.168.250.8 | CHANGED | rc=0 >>
hello > /data/hello.txt
192.168.250.18 | CHANGED | rc=0 >>
hello > /data/hello.txt
192.168.250.7 | CHANGED | rc=0 >>
hello > /data/hello.txt
192.168.250.17 | CHANGED | rc=0 >>
hello > /data/hello.txt
192.168.250.38 | CHANGED | rc=0 >>
hello > /data/hello.txt
192.168.250.68 | CHANGED | rc=0 >>
hello > /data/hello.txt
192.168.250.58 | CHANGED | rc=0 >>
hello > /data/hello.txt
# 验证
[root@Ansible-PRI ]#ansible all -m command -a 'ls -l /data/hello.txt'
192.168.250.8 | FAILED | rc=2 >>
ls: cannot access '/data/hello.txt': No such file or directorynon-zero return code
192.168.250.28 | FAILED | rc=2 >>
ls: cannot access '/data/hello.txt': No such file or directorynon-zero return code
192.168.250.17 | FAILED | rc=2 >>
ls: cannot access /data/hello.txt: No such file or directorynon-zero return code
192.168.250.7 | FAILED | rc=2 >>
ls: cannot access /data/hello.txt: No such file or directorynon-zero return code
192.168.250.18 | FAILED | rc=2 >>
ls: cannot access '/data/hello.txt': No such file or directorynon-zero return code
192.168.250.38 | FAILED | rc=2 >>
ls: cannot access '/data/hello.txt': No such file or directorynon-zero return code
192.168.250.58 | FAILED | rc=2 >>
ls: cannot access '/data/hello.txt': No such file or directorynon-zero return code
192.168.250.68 | FAILED | rc=2 >>
ls: cannot access '/data/hello.txt': No such file or directorynon-zero return code
[root@Ansible-PRI ]#
4.5.2.2 shansible常用命令ell模块

功能:和command相似,用shell执行命令,支持各种符号,比如:*,$, >
注意:此模块不具有幂等性

# 范例:command模块不支持echo重定向,但是shell支持
[root@Ansible-PRI ]#ansible centos8 -m shell -a 'echo hello > /data/hello.txt'
192.168.250.28 | CHANGED | rc=0 >>

192.168.250.18 | CHANGED | rc=0 >>

192.168.250.58 | CHANGED | rc=0 >>

192.168.250.38 | CHANGED | rc=0 >>

192.168.250.8 | CHANGED | rc=0 >>

192.168.250.68 | CHANGED | rc=0 >>

[root@Ansible-PRI ]#ansible centos8 -m command -a 'cat /data/hello.txt'
192.168.250.28 | CHANGED | rc=0 >>
hello
192.168.250.18 | CHANGED | rc=0 >>
hello
192.168.250.58 | CHANGED | rc=0 >>
hello
192.168.250.38 | CHANGED | rc=0 >>
hello
192.168.250.8 | CHANGED | rc=0 >>
hello
192.168.250.68 | CHANGED | rc=0 >>
hello
[root@Ansible-PRI ]#

# 范例:command模块不支持变量,但是shell支持
[root@Ansible-PRI ]#ansible centos8 -m shell -a 'echo $HOSTNAME'
192.168.250.28 | CHANGED | rc=0 >>
MariaDB-Slave
192.168.250.18 | CHANGED | rc=0 >>
MariaDB-Master
192.168.250.38 | CHANGED | rc=0 >>
CentOS84
192.168.250.8 | CHANGED | rc=0 >>
Mycat-Server
192.168.250.58 | CHANGED | rc=0 >>
MySQLPri
192.168.250.68 | CHANGED | rc=0 >>
MySQL-Bak
[root@Ansible-PRI ]#
4.5.2.3 Script 模块

功能ansible模块:在远系统运维工程师程主机上运行ansible服务器上的脚本(无需执行权限)
注意:此模块不具有幂等性

# 范例:准备一个脚本,在ansible内远程执行
[root@Ansible-PRI ]#cat ansible-script-test.sh
#!/bin/bash
#
#********************************************************************************************<strong>
#Author: WuDongWuXia
#QQ: 1050572574@qq.com
#Date: 2022-02-27
#FileName: ansible-script-test.sh
#URL: www.shoneinfo.cn
#Description: The Test Script
#Copyright (C):2022 All rights reserved
#</strong>*******************************************************************************************

hostname -I

[root@Ansible-PRI ]#

[root@Ansible-PRI ]#chmod +x ansible-script-test.sh
[root@Ansible-PRI ]#ansible centos7 -m script -a './ansible-script-test.sh'
192.168.250.17 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.250.17 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.250.17 closed."
],
"stdout": "192.168.250.17 \r\n",
"stdout_lines": [
"192.168.250.17 "
]
}
192.168.250.7 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.250.7 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.250.7 closed."
],
"stdout": "192.168.250.7 \r\n",
"stdout_lines": [
"192.168.250.7 "
]
}
[root@Ansible-PRI ]#
4.5.2.4 copy模块

功能:从ansible服务器主控端复制文件到linux重启命令远程主机
注意: src=file 如果是没指明路径,则为当前目录或当前目录下的files目录下的file文件

# 复制文件到远程主机  可以修改权属等等
[root@Ansible-PRI ]#ansible centos7 -m copy -a "src=TestCopy.Ansible dest=/tmp/TestCopy.Ansible.Tmp owner=bin group=bin mode=777 backup=yes" 192.168.250.17 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/TestCopy.Ansible.Tmp",
"gid": 1,
"group": "bin",
"mode": "0777",
"owner": "bin",
"path": "/tmp/TestCopy.Ansible.Tmp",
"size": 0,
"state": "file",
"uid": 1
}
192.168.250.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/TestCopy.Ansible.Tmp",
"gid": 1,
"group": "bin",
"mode": "0777",
"owner": "bin",
"path": "/tmp/TestCopy.Ansible.Tmp",
"size": 0,
"state": "file",
"uid": 1
}

# 验证
[root@Ansible-PRI ]#ansible centos7 -m shell -a 'ls -l /tmp/Tes*'
192.168.250.7 | CHANGED | rc=0 >>
-rwxrwxrwx 1 bin bin 0 Feb 26 19:51 /tmp/TestCopy.Ansible.Tmp
192.168.250.17 | CHANGED | rc=0 >>
-rwxrwxrwx 1 bin bin 0 Feb 26 06:51 /tmp/TestCopy.Ansible.Tmp
[root@Ansible-PRI ]#

[root@client-centos79 /]# hostname -I
192.168.250.7
[root@client-centos79 /]# ll /tmp/Test*
-rwxrwxrwx 1 bin bin 0 Feb 26 19:51 /tmp/TestCopy.Ansible.Tmp
[root@client-centos79 /]#


### 拷贝文件夹
[root@Ansible-PRI ]#ansible centos7 -m copy -a "src=/data dest=/tmp"
192.168.250.17 | CHANGED => {
"changed": true,
"dest": "/tmp/",
"src": "/data"
}
192.168.250.7 | CHANGED => {
"changed": true,
"dest": "/tmp/",
"src": "/data"
}
[root@Ansible-PRI ]#
4.5.2.5 get_url 模块

功能: 用于将文件从http、https或ftp下载到被管理机节点上

# 范例
# 基本思路:先下载目标安装包或者文件(nginx-1.18.0.tar.gz),用md5sum算出md5值,再通过get_url 模块实现远程下载
[root@Ansible-PRI ]#wget http://nginx.org/download/nginx-1.18.0.tar.gz

[root@Ansible-PRI ]#ll
total 1072
-rw-r--r-- 1 root root 1039530 Apr 21 2020 nginx-1.18.0.tar.gz

[root@Ansible-PRI ]#md5sum nginx-1.18.0.tar.gz
b2d33d24d89b8b1f87ff5d251aa27eb8 nginx-1.18.0.tar.gz

# 被控端的机器的目录为空
[root@Ansible-PRI ]#ansible centos7 -m shell -a 'ls -l /usr/local/src/'
192.168.250.17 | CHANGED | rc=0 >>
total 0
192.168.250.7 | CHANGED | rc=0 >>
total 0

# get_url模块开启远程下载并改文件名,并校对
[root@Ansible-PRI ]#ansible centos7 -m get_url -a 'url=http://nginx.org/download/nginx-1.18.0.tar.gz dest=/usr/local/src/nginx.tar.gz checksum="md5:b2d33d24d89b8b1f87ff5d251aa27eb8"'
192.168.250.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum_dest": null,
"checksum_src": "47b2c5ccd12e2a7088b03d629ff6b9ab18215180",
"dest": "/usr/local/src/nginx.tar.gz",
"elapsed": 21,
"gid": 0,
"group": "root",
"md5sum": "b2d33d24d89b8b1f87ff5d251aa27eb8",
"mode": "0644",
"msg": "OK (1039530 bytes)",
"owner": "root",
"size": 1039530,
"src": "/root/.ansible/tmp/ansible-tmp-1645964654.5544794-11749-76882419001838/tmpToYAi5",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "http://nginx.org/download/nginx-1.18.0.tar.gz"
}
192.168.250.17 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum_dest": null,
"checksum_src": "47b2c5ccd12e2a7088b03d629ff6b9ab18215180",
"dest": "/usr/local/src/nginx.tar.gz",
"elapsed": 108,
"gid": 0,
"group": "root",
"md5sum": "b2d33d24d89b8b1f87ff5d251aa27eb8",
"mode": "0644",
"msg": "OK (1039530 bytes)",
"owner": "root",
"size": 1039530,
"src": "/root/.ansible/tmp/ansible-tmp-1645964654.5535538-11751-229417615447938/tmp6DXLVA",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "http://nginx.org/download/nginx-1.18.0.tar.gz"
}
[root@Ansible-PRI ]#
# 验证下载
[root@Ansible-PRI ]#ansible centos7 -m shell -a 'ls -l /usr/local/src/'
192.168.250.17 | CHANGED | rc=0 >>
total 1016
-rw-r--r-- 1 root root 1039530 Feb 26 07:30 nginx.tar.gz
192.168.250.7 | CHANGED | rc=0 >>
total 1016
-rw-r--r-- 1 root root 1039530 Feb 26 20:29 nginx.tar.gz
[root@Ansible-PRI ]#
4.5.2.6 fetch模ansible怎么读

功能linux系统:从远程主机提取文件至ansible的主控端,clinux命令opy相反,目前不支python代码画樱花持目录

范例:从被控端复制日志文件到主控端
[root@Ansible-PRI ]#ansible centos7 -m fetch -a 'src=/var/log/messages dest=/data/log'
192.168.250.17 | CHANGED => {
"changed": true,
"checksum": "a5998d9bce790ee4ee3798d5650f465d6e601153",
"dest": "/data/log/192.168.250.17/var/log/messages",
"md5sum": "0258bd85b45e7fc2de5b5c57324c1428",
"remote_checksum": "a5998d9bce790ee4ee3798d5650f465d6e601153",
"remote_md5sum": null
}
192.168.250.7 | CHANGED => {
"changed": true,
"checksum": "9f43ca8d1e03467dbe98482f967a98d2339808e5",
"dest": "/data/log/192.168.250.7/var/log/messages",
"md5sum": "d9e6abe8ac14115a9e730b1b538345f8",
"remote_checksum": "9f43ca8d1e03467dbe98482f967a98d2339808e5",
"remote_md5sum": null
}
[root@Ansible-PRI ]#ll /data/
total 84
drwxr-xr-x 4 root root 49 Feb 27 20:38 log

[root@Ansible-PRI ]#ll /data/log
total 0
drwxr-xr-x 3 root root 17 Feb 27 20:38 192.168.250.17
drwxr-xr-x 3 root root 17 Feb 27 20:38 192.168.250.7
[root@Ansible-PRI ]#tree /data/
/data/
├── back_etc.sh
├── hello.sh
├── log
│ ├── 192.168.250.17
│ │ └── var
│ │ └── log
│ │ └── messages
│ └── 192.168.250.7
│ └── var
│ └── log
│ └── messages


7 directories, 16 files
[root@Ansible-PRI ]#
4.5.2.7 file模块

功能:设置文件属性,创建软链接ansibleplaybook

范例一: 在mysql8的两台远程被控主机上创建两个文件
# 创建文件
[root@Ansible-PRI ]#ansible mysql8 -m file -a 'path=/data/aaa.txt state=touch owner=mysql'
192.168.250.58 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/data/aaa.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "mysql",
"size": 0,
"state": "file",
"uid": 27
}
192.168.250.68 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/data/aaa.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "mysql",
"size": 0,
"state": "file",
"uid": 27
}
[root@Ansible-PRI ]#

# 验证
[root@MySQLPri ]#hostname -I
192.168.250.58 192.168.122.1
[root@MySQLPri ]#
[root@MySQLPri ]#ll /data/
total 876076
-rw-r--r-- 1 mysql root 0 Feb 26 20:49 aaa.txt

范例二: 在mysql8的两台远程被控主机上创建两个文件夹
# 创建文件夹
[root@Ansible-PRI ]#ansible mysql8 -m file -a 'path=/data/mysql8026 state=directory'
192.168.250.58 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/data/mysql8026",
"size": 6,
"state": "directory",
"uid": 0
}
192.168.250.68 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/data/mysql8026",
"size": 6,
"state": "directory",
"uid": 0
}
[root@Ansible-PRI ]#

# 验证
[root@MySQLPri ]#ll /data/
total 876076
drwxr-xr-x 2 root root 6 Feb 26 20:55 mysql8026
[root@MySQLPri ]#
4.5.2.8 stat 模块

功能:检查文件或文件系统的状态
注意:对于Windows目标,请改用win_stat模块linux重启命令

范例:通过stat检查/data/mysql状态,输出信息
[root@Ansible-PRI ]#cat stat.yml
---
- hosts: all

tasks:
- name: check file
stat: path=/data/mysql
register: st
- name: debug
debug:
msg: "/data/mysql is not exist"
when: not st.stat.exists
[root@Ansible-PRI ]#ansible-playbook stat.yml

PLAY [all] ********************************************************************************************************************************<strong>

TASK [Gathering Facts] </strong>******************************************************************************************************************<strong>
ok: [192.168.250.28]
ok: [192.168.250.18]
ok: [192.168.250.58]
ok: [192.168.250.38]
ok: [192.168.250.68]
ok: [192.168.250.8]
ok: [192.168.250.7]
ok: [192.168.250.17]

TASK [check file] </strong>***********************************************************************************************************************<strong>
ok: [192.168.250.17]
ok: [192.168.250.7]
ok: [192.168.250.28]
ok: [192.168.250.18]
ok: [192.168.250.8]
ok: [192.168.250.38]
ok: [192.168.250.58]
ok: [192.168.250.68]

TASK [debug] </strong>****************************************************************************************************************************<strong>
ok: [192.168.250.7] => {
"msg": "/data/mysql is not exist"
}
ok: [192.168.250.17] => {
"msg": "/data/mysql is not exist"
}
ok: [192.168.250.8] => {
"msg": "/data/mysql is not exist"
}
ok: [192.168.250.18] => {
"msg": "/data/mysql is not exist"
}
ok: [192.168.250.28] => {
"msg": "/data/mysql is not exist"
}
ok: [192.168.250.38] => {
"msg": "/data/mysql is not exist"
}
ok: [192.168.250.58] => {
"msg": "/data/mysql is not exist"
}
ok: [192.168.250.68] => {
"msg": "/data/mysql is not exist"
}

PLAY RECAP </strong>********************************************************************************************************************************
192.168.250.17 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.250.18 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.250.28 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.250.38 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.250.58 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.250.68 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.250.7 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.250.8 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

[root@Ansible-PRI ]#
4.5.2.9 unarchive模块

功能:解包解压缩
实现有两种用法:
1、将ansible主机上的压缩包python可以做什么工作传到远程主机后解压缩至特定目录,设置copy=yes,此为默认值,可省略
2、将远程主机上的某个压缩包解压缩到指定路径下,设置copy=nansible模块o

范例:将nginx-1.18.0.tar.gz文件复制到被控主机,并解压缩到/usr/local/src文件夹下
[root@Ansible-PRI ]#ansible centos7 -m unarchive -a 'src=nginx-1.18.0.tar.gz dest=/usr/local/src owner=bin group=bin'
192.168.250.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/usr/local/src",
"extract_results": {
"cmd": [
"/usr/bin/gtar",
"--extract",
"-C",
"/usr/local/src",
"-z",
"--owner=bin",
"--group=bin",
"-f",
"/root/.ansible/tmp/ansible-tmp-1645967591.4567246-12420-39345136056227/source"
],
"err": "",
"out": "",
"rc": 0
},
"gid": 0,
"group": "root",
"handler": "TgzArchive",
"mode": "0755",
"owner": "root",
"size": 46,
"src": "/root/.ansible/tmp/ansible-tmp-1645967591.4567246-12420-39345136056227/source",
"state": "directory",
"uid": 0
}
192.168.250.17 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/usr/local/src",
"extract_results": {
"cmd": [
"/usr/bin/gtar",
"--extract",
"-C",
"/usr/local/src",
"-z",
"--owner=bin",
"--group=bin",
"-f",
"/root/.ansible/tmp/ansible-tmp-1645967591.4806275-12422-182709160194514/source"
],
"err": "",
"out": "",
"rc": 0
},
"gid": 0,
"group": "root",
"handler": "TgzArchive",
"mode": "0755",
"owner": "root",
"size": 46,
"src": "/root/.ansible/tmp/ansible-tmp-1645967591.4806275-12422-182709160194514/source",
"state": "directory",
"uid": 0
}
[root@Ansible-PRI ]#

#验证:
[root@client-centos79 <sub>]# hostname -I
192.168.250.7
[root@client-centos79 </sub>]# ll /usr/local/src
total 1016
drwxr-xr-x 8 bin bin 158 Apr 21 2020 nginx-1.18.0
-rw-r--r-- 1 root root 1039530 Feb 26 20:29 nginx.tar.gz
[root@client-centos79 ~]#
4.5.2.10 Archive 模块

功能:打包压缩保存在被管理节点

范例:将被控服务器的日志打包并存放在被控端本地的/data/目录下
# 打包
[root@Ansible-PRI ]#ansible centos7 -m archive -a 'path=/var/log/ dest=/data/log.tar.bz2 format=bz2 owner=root mode=0755'
192.168.250.17 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"archived": [
"/var/log/tallylog",
"/var/log/grubby_prune_debug",
"/var/log/lastlog",
"/var/log/wtmp",
"/var/log/boot.log",
"/var/log/vmware-vmtoolsd-root.log",
"/var/log/vmware-vmsvc-root.log",
"/var/log/vmware-vgauthsvc.log.0",
"/var/log/firewalld",
"/var/log/dmesg.old",
"/var/log/messages-20220206",
"/var/log/spooler-20220206",
"/var/log/cron-20220213",
"/var/log/maillog",
"/var/log/secure",
"/var/log/boot.log-20220114",
"/var/log/spooler-20220213",
"/var/log/messages-20220220",
"/var/log/yum.log-20220114",
"/var/log/yum.log",
"/var/log/vmware-network.8.log",
"/var/log/vmware-network.7.log",
"/var/log/vmware-network.6.log",
"/var/log/vmware-network.5.log",
"/var/log/vmware-network.4.log",
"/var/log/vmware-network.3.log",
"/var/log/vmware-network.2.log",
"/var/log/vmware-network.1.log",
"/var/log/vmware-network.log",
"/var/log/dmesg",
"/var/log/cron-20220130",
"/var/log/maillog-20220130",
"/var/log/messages-20220130",
"/var/log/secure-20220130",
"/var/log/spooler-20220130",
"/var/log/btmp-20220201",
"/var/log/maillog-20220206",
"/var/log/maillog-20220213",
"/var/log/secure-20220213",
"/var/log/maillog-20220220",
"/var/log/spooler-20220220",
"/var/log/vmware-network.9.log",
"/var/log/boot.log-20220115",
"/var/log/messages-20220213",
"/var/log/cron-20220220",
"/var/log/secure-20220220",
"/var/log/btmp",
"/var/log/cron-20220206",
"/var/log/secure-20220206",
"/var/log/cron",
"/var/log/messages",
"/var/log/spooler",
"/var/log/tuned/tuned.log",
"/var/log/audit/audit.log",
"/var/log/anaconda/anaconda.log",
"/var/log/anaconda/syslog",
"/var/log/anaconda/X.log",
"/var/log/anaconda/program.log",
"/var/log/anaconda/packaging.log",
"/var/log/anaconda/storage.log",
"/var/log/anaconda/ifcfg.log",
"/var/log/anaconda/ks-script-ItbPHE.log",
"/var/log/anaconda/ks-script-_0NY_T.log",
"/var/log/anaconda/journal.log"
],
"arcroot": "/var/log/",
"changed": true,
"dest": "/data/log.tar.bz2",
"expanded_exclude_paths": [],
"expanded_paths": [
"/var/log/"
],
"gid": 0,
"group": "root",
"missing": [],
"mode": "0755",
"owner": "root",
"size": 457398,
"state": "file",
"uid": 0
}
192.168.250.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"archived": [
"/var/log/tallylog",
"/var/log/grubby_prune_debug",
"/var/log/lastlog",
"/var/log/wtmp",
"/var/log/boot.log",
"/var/log/vmware-vmtoolsd-root.log",
"/var/log/vmware-vmsvc-root.log",
"/var/log/vmware-vgauthsvc.log.0",
"/var/log/firewalld",
"/var/log/dmesg.old",
"/var/log/maillog-20220130",
"/var/log/messages-20220130",
"/var/log/secure-20220130",
"/var/log/spooler-20220130",
"/var/log/btmp-20220201",
"/var/log/cron-20220206",
"/var/log/messages-20220206",
"/var/log/secure-20220206",
"/var/log/spooler-20220206",
"/var/log/cron-20220213",
"/var/log/secure-20220213",
"/var/log/spooler-20220213",
"/var/log/messages-20220220",
"/var/log/spooler",
"/var/log/boot.log-20220114",
"/var/log/cron-20220220",
"/var/log/secure",
"/var/log/yum.log-20220114",
"/var/log/yum.log",
"/var/log/cron",
"/var/log/messages",
"/var/log/dmesg",
"/var/log/vmware-network.7.log",
"/var/log/vmware-network.6.log",
"/var/log/vmware-network.5.log",
"/var/log/vmware-network.4.log",
"/var/log/vmware-network.3.log",
"/var/log/vmware-network.2.log",
"/var/log/vmware-network.1.log",
"/var/log/vmware-network.log",
"/var/log/boot.log-20220115",
"/var/log/maillog-20220220",
"/var/log/spooler-20220220",
"/var/log/cron-20220130",
"/var/log/btmp",
"/var/log/maillog-20220206",
"/var/log/maillog-20220213",
"/var/log/messages-20220213",
"/var/log/maillog",
"/var/log/secure-20220220",
"/var/log/tuned/tuned.log",
"/var/log/audit/audit.log",
"/var/log/anaconda/anaconda.log",
"/var/log/anaconda/syslog",
"/var/log/anaconda/X.log",
"/var/log/anaconda/program.log",
"/var/log/anaconda/packaging.log",
"/var/log/anaconda/storage.log",
"/var/log/anaconda/ifcfg.log",
"/var/log/anaconda/ks-script-ItbPHE.log",
"/var/log/anaconda/ks-script-_0NY_T.log",
"/var/log/anaconda/journal.log"
],
"arcroot": "/var/log/",
"changed": true,
"dest": "/data/log.tar.bz2",
"expanded_exclude_paths": [],
"expanded_paths": [
"/var/log/"
],
"gid": 0,
"group": "root",
"missing": [],
"mode": "0755",
"owner": "root",
"size": 459006,
"state": "file",
"uid": 0
}
[root@Ansible-PRI ]#

#验证
[root@centos79 <sub>]# hostname -I
192.168.250.17
[root@centos79 </sub>]# ll /data/
total 448
-rwxr-xr-x 1 root root 457398 Feb 26 08:42 log.tar.bz2
[root@centos79 ~]#
4.5.2.11 Hostname 模块

功能:管理主机名,一般多用python代码大全来检系统运维工资一般多少查远端被控服务器的信息,修改用的比较少,一般python怎么读不会批量将主机修改成相同的主机名称

范例:修改远端被控服务器192.168.250.7的名称
# 记录修改前的状态
[root@Ansible-PRI ]#ansible centos7 -m shell -a 'hostname'
192.168.250.17 | CHANGED | rc=0 >>
centos79
192.168.250.7 | CHANGED | rc=0 >>
client-centos79

#修改
[root@Ansible-PRI ]#ansible 192.168.250.7 -m hostname -a 'name=CentOS7-Ansible'
192.168.250.7 | CHANGED => {
"ansible_facts": {
"ansible_domain": "",
"ansible_fqdn": "CentOS7-Ansible",
"ansible_hostname": "CentOS7-Ansible",
"ansible_nodename": "CentOS7-Ansible",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "CentOS7-Ansible"
}
[root@Ansible-PRI ]#

#验证
[root@Ansible-PRI ]#ansible centos7 -m shell -a 'hostname'
192.168.250.7 | CHANGED | rc=0 >>
CentOS7-Ansible
192.168.250.17 | CHANGED | rc=0 >>
centos79
[root@Ansible-PRI ]#
4.5.2.12python怎么读 Cron 模块

功能:计划任务
支持时间:minute,hour,day,month,weekday

范例:定时运行一个数据库备份脚本
[root@Ansible-PRI ]#ansible mysql8 -m cron -a 'hour=2 minute=30 weekday=1-5 name="backup mysql" job=/root/mysql_backup.sh'
192.168.250.58 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"envs": [],
"jobs": [
"backup mysql"
]
}
192.168.250.68 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"envs": [],
"jobs": [
"backup mysql"
]
}
[root@Ansible-PRI ]#
4.5.2.13 yum模块ansible怎么读和apt模块

功能:yum模块:管理软件包,只支持RHEL,Centlinux系统安装OS,fedora,不支持Ubuntu其它版本。apt模块:apt 模块管理 Debian 相关版本的软件包。

范例:用yum  在被控服务器上安装一个小火车程序sl
[root@Ansible-PRI ]#ansible centos7 -m yum -a 'name=sl'
192.168.250.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"sl"
]
},
................ #删除屏显内容
]
}
192.168.250.17 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"sl"
]
},
................ #删除屏显内容
]
}
[root@Ansible-PRI ]#

# 验证:在被控服务器上运行 sl 可以看到屏幕有小火车开出来
4.5.2.14 其他一些需要了解和ansible详解关注的常用模块
  • service 模块

功能:管理服务

  • user 模块与ansible定义变量规则group模块

功能:管理用户和组

  • Lineinfile 模块和Replace 模块ansible详解

ansible在使用sed进行替换时,经常会遇到需要转义的问题python123平台登录,而且ansible在遇到特殊符python基础教程号进行替换时,存在问题,无法正常进行替换 。其实在ansible自身提供了两个模块:lineinfile模块和replace模块,可以方便的进行替换。
一般在ansibpython可以做什么工作le当中去修改某个文件的单行进行替换的时候需要使用lineinfile模块
regexp参数 :使用正则表达式匹配对应的行,当替换文本时,如果有多行文本都能被匹配,则只有最后面被匹配到的那行文本才linux必学的60个命令会被替换,当删除文本时,如果有多行文本都能被匹配,这么这些行都会被删除python
如果想进行多行匹ansible怎么读配进行替换需要使用replace模块,Replace 模块有点类似于sed命令,主要也是基于正则进行匹配和替换,推荐使用。

  • SELinux 模块

功能:该模python下载块管理 SELInux 策略

  • mount 挂载和卸载

功能: 挂载和卸载文件系统

  • Setup 模块

功能: setup 模块来收集主机的系统信息,这些 facts 信息可以直接以变量的形式使用,但是如果主机较多,会影ansible常用模块响执行速度,可以使用gather_flinux操作系统基础知识acts: no 来禁止 Ansible 收集 facts 信息。

  • debug 模块

此模块可以用于输出信息,并且通过 msg 定制输出的信息内容。 注意: msg后面的变量有时需要加 " " 引起来

  • ping模块;raw模块;piAnsiblep模块;synchronize模块;templatAnsible入门e模块;yum_repository 模块;reboot 模块等等