您现在的位置是:主页 > news > wordpress 收费 视频/百度有专做优化的没
wordpress 收费 视频/百度有专做优化的没
admin2025/5/13 20:17:33【news】
简介wordpress 收费 视频,百度有专做优化的没,手机网站怎么做域名解析,山东一级造价师ansible 概念: 自动化:减轻运维人员的工作压力 提高工作效率 实现批量部署 分类: 系统自动化:pxeks 程序自动化:ansible saltstack puppet 监控自动化:zabbix 天兔 代码自动化:jenkins puppet…
wordpress 收费 视频,百度有专做优化的没,手机网站怎么做域名解析,山东一级造价师ansible
概念: 自动化:减轻运维人员的工作压力 提高工作效率 实现批量部署 分类: 系统自动化:pxeks 程序自动化:ansible saltstack puppet 监控自动化:zabbix 天兔 代码自动化:jenkins
puppet…
ansible
概念:
自动化:减轻运维人员的工作压力 提高工作效率 实现批量部署
分类:
系统自动化:pxe+ks
程序自动化:ansible saltstack puppet
监控自动化:zabbix 天兔
代码自动化:jenkins
puppet:基于ruby开发的,适用于linux、Windows、unix,支持1000台以上的主机
saltstack:基于python语言开发的,支持统一的管理 比较轻量级 1000台以上的主机
ansible:基于python语言开发的,使用ssh协议进行管理,支持100-200台主机
架构:
puppet/saltstack c/s(client/server) 需要客户端和服务端同时安装服务
ansible 无客户端的模式 ,只需在服务端安装上程序就可以
ansible的特点:
1、无客户端模式,只是在服务端安装服务
2、通过ssh协议来和客户端
ansible的核心模块:
1、ansible core 内核
2、host inventory 主机清单
3、connection plugins ssh
4、playbook 剧本 role角色
5、core modules 核心模块
6、custom modules 自定义模块
ansible和远程主机有连接是因为ssh协议,ansible要对远程主机进行免密登录
ssh免密登录的工作原理:私钥加密 公钥解密
免密登录的原理:
主控端生成一对密钥,将公钥传递到远程主机上,当主控端想要连接远程主机时,远程主机会随时发送一串字符给主控端,主控端将这串字符用私钥加密,返回给远程主机,远程主机使用公钥将加密的字符解密,如果和自己生成的字符一致,则验证通过,可以进行登录
操作:
环境:
| 主机 | ip |
|---|---|
| 主控端 | 192.168.10.3 |
| 远程主机1 | 192.168.10.10 |
| 远程主机2 | 192.168.10.20 |
1、安装ansible
安装ansible有两种方式:(任选其一即可)
方法一:基于软件包安装(不联网安装)
准备以下11个软件包并拖到新建的目录app下(目录名随意)
ansible-2.4.2.0-2.el7.noarch.rpm
libyaml-0.1.4-11.el7_0.x86_64.rpm
python2-jmespath-0.9.0-3.el7.noarch.rpm
python-babel-0.9.6-8.el7.noarch.rpm
python-httplib2-0.9.2-1.el7.noarch.rpm
python-jinja2-2.7.2-2.el7.noarch.rpm
python-markupsafe-0.11-10.el7.x86_64.rpm
python-paramiko-2.1.1-2.el7.noarch.rpm
python-passlib-1.6.5-2.el7.noarch.rpm
PyYAML-3.10-11.el7.x86_64.rpm
sshpass-1.06-2.el7.x86_64.rpm
[root@localhost ~]# createrepo /root/app
Spawning worker 0 with 11 pkgs
Workers Finished
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete[root@localhost ~]# ls /root/app
#查看到里面有repodata即可[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# vim ansible.repo #新建一个yum源
[ansible] #这个名字不可变
name=ansible
baseurl=file:///root/app #直接写软件包所存放的位置即可
enabled=1
gpgcheck=0
[root@localhost yum.repos.d]# yum -y install ansible
[root@localhost yum.repos.d]# ansible --version #查看版本号
ansible 2.4.2.0
方法二:联网安装
前提:确保你的虚拟机已连接到物理网络
[root@localhost ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@localhost ~]# yum -y install ansible
[root@localhost ~]# ansible --version
ansible 2.9.9
2、主控端生成密钥
[root@localhost ~]# ssh-keygen
#直接四次回车即可
[root@localhost ~]# cd /root/.ssh
[root@localhost .ssh]# ls
id_rsa #私钥 id_rsa.pub #公钥
3、将公钥传递到远程主机上
[root@localhost .ssh]# ssh-copy-id root@192.168.10.10
The authenticity of host '192.168.10.10 (192.168.10.10)' can't be established.
ECDSA key fingerprint is 18:90:e5:b2:2d:60:bb:4a:c2:17:8a:a8:19:e7:91:ca.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.10.10's password: Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@192.168.10.10'"
and check to make sure that only the key(s) you wanted were added.[root@localhost .ssh]# ssh-copy-id root@192.168.10.20
注:以下两种方式也能将公钥传递到远程主机上
ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.10.10
ssh-copy-id -i root@192.168.10.10
4、查看远程主机上的公钥
[root@localhost ~]# cd /root/.ssh/
[root@localhost .ssh]# ls
authorized_keys
5、在主控端验证免密登陆是否成功
[root@localhost .ssh]# ssh root@192.168.10.10
Last login: Thu May 7 09:43:44 2020 from 192.168.10.1
[root@localhost ~]# exit
登出
Connection to 192.168.10.10 closed.[root@localhost .ssh]# ssh root@192.168.10.20
Last login: Thu May 7 09:47:20 2020 from 192.168.10.1
[root@localhost ~]# exit
登出
Connection to 192.168.10.20 closed.
如果想要删除密钥,直接删除.ssh目录即可
6、查看主机清单并修改清单文件
[root@localhost .ssh]# cd /etc/ansible/
[root@localhost ansible]# ls
ansible.cfg hosts roles
#hosts 表示主机清单文件
[root@localhost ansible]# vim hosts
#在文件末尾添加
[aaa] #清单名称(自定义)
192.168.10.10 #远程主机的ip
192.168.10.20
[bbb]
192.168.10.10
7、使用模块对远程主机进行操作
7.1、命令格式:
ansible hosts(主机清单) -m module_name(模块名) -a job(对后端主机进行什么样的操作)
ansible的执行结果:
绿色:执行成功
红色:执行失败
黄色:执行成功,并对后端的主机进行了修改
紫色等:警告
7.2、列出ansible的所有模块
[root@localhost ansible]# ansible-doc -l #查看模块的帮助信息
a10_server Manage A10 Networks AX/SoftAX/Thu...
a10_server_axapi3 Manage A10 Networks AX/SoftAX/Thu...
a10_service_group Manage A10 Networks AX/SoftAX/Thu...
a10_virtual_server Manage A10 Networks AX/SoftAX/Thu...
accelerate Enable accelerated mode on remote...
aci_aep Manage attachable Access Entity P...
aci_ap Manage top level Application Prof...
aci_bd Manage Bridge Domains (BD) on Cis...
aci_bd_subnet Manage Subnets on Cisco ACI fabri...
aci_bd_to_l3out Bind Bridge Domain to L3 Out on C...
aci_config_rollback Provides rollback and rollback pr...
aci_config_snapshot Manage Config Snapshots on Cisco ...
aci_contract Manage contract resources on Cisc...
aci_contract_subject Manage initial Contract Subjects ...
aci_contract_subject_to_filter Bind Contract Subjects to Filters...
aci_epg Manage End Point Groups (EPG) on ...
aci_epg_monitoring_policy Manage monitoring policies on Cis...#使用q退出,如果终端死掉或卡住,直接关掉终端即可
ansible-doc -s ping
注:-s 后面跟模块名
模块:
1)、ping 测试主控端和远程主机是否能够连通
[root@localhost ansible]# ansible aaa -m ping #测试aaa主机清单中主机的连接情况
192.168.10.10 | SUCCESS => {"changed": false, "ping": "pong"
}
192.168.10.20 | SUCCESS => {"changed": false, "ping": "pong"
}[root@localhost ansible]# ansible bbb -m ping #测试bbb主机清单中主机的连通情况
192.168.10.10 | SUCCESS => {"changed": false, "ping": "pong"
}[root@localhost ansible]# ansible all -m ping #all 表示所有主机清单中的所有主机
192.168.10.10 | SUCCESS => {"changed": false, "ping": "pong"
}
192.168.10.20 | SUCCESS => {"changed": false, "ping": "pong"
}2)、command 在远程主机上执行指定的命令,但不能使用特殊符号(如:| > >>等)
[root@localhost ansible]# ansible all -m command -a "ls /home" #查看home目录下的所有内容
192.168.10.10 | SUCCESS | rc=0 >>
roo192.168.10.20 | SUCCESS | rc=0 >>
rzh[root@localhost ansible]# ansible all -m command -a "chdir=/home ls" #chdir 切换目录
192.168.10.10 | SUCCESS | rc=0 >>
roo192.168.10.20 | SUCCESS | rc=0 >>
rzhcreates:当指定的文件存在时,命令不执行;当指定的文件不存在时,命令执行
[root@localhost ansible]# ansible all -m command -a "creates=/etc/fstab ls /home"
192.168.10.10 | SUCCESS | rc=0 >>
skipped, since /etc/fstab exists192.168.10.20 | SUCCESS | rc=0 >>
skipped, since /etc/fstab exists[root@localhost ansible]# ansible all -m command -a "creates=/etc/fstabyyy ls /home"
192.168.10.10 | SUCCESS | rc=0 >>
roo
192.168.10.20 | SUCCESS | rc=0 >>
rzh
removes:当指定的文件存在时,命令执行;当指定的命令不存在时,命令不执行
[root@localhost ansible]# ansible all -m command -a "removes=/etc/fstab ls /home"
192.168.10.20 | SUCCESS | rc=0 >>
rzh
192.168.10.10 | SUCCESS | rc=0 >>
roo[root@localhost ansible]# ansible all -m command -a "removes=/etc/fstabaaa ls /home"
192.168.10.10 | SUCCESS | rc=0 >>
skipped, since /etc/fstabaaa does not exist192.168.10.20 | SUCCESS | rc=0 >>
skipped, since /etc/fstabaaa does not exist
3)shell :万能模块 ,在远程主机上可执行所有操作
[root@localhost ansible]# ansible all -m shell -a "touch /home/yy" #在home目录下新建一个txt[WARNING]: Consider using file module with state=touch rather than running
touch
192.168.10.10 | SUCCESS | rc=0 >>
192.168.10.20 | SUCCESS | rc=0 >>[root@localhost ansible]# ansible all -m shell -a "ls /home | grep yy" #查看
192.168.10.10 | SUCCESS | rc=0 >>
yy
192.168.10.20 | SUCCESS | rc=0 >>
yy[root@localhost ansible]# ansible all -m shell -a "echo 'rzh' > /home/yy" #给home下的yy写入内容
192.168.10.20 | SUCCESS | rc=0 >>
192.168.10.10 | SUCCESS | rc=0 >>[root@localhost ansible]# ansible all -m shell -a "cat /home/yy" #查看内容
192.168.10.10 | SUCCESS | rc=0 >>
rzh
192.168.10.20 | SUCCESS | rc=0 >>
rzh
4)user:管理或者创建远程主机上的用户
参数:
name:指定用户名,如果用户不存在 则创建该用户
[root@localhost ansible]# ansible all -m user -a "name=xixi"
192.168.10.10 | SUCCESS => {"changed": true, "comment": "", "createhome": true, "group": 1001, "home": "/home/xixi", "name": "xixi", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1001
}
192.168.10.20 | SUCCESS => {"changed": true, "comment": "", "createhome": true, "group": 1001, "home": "/home/xixi", "name": "xixi", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1001
}
[root@localhost ansible]# ansible all -m shell -a "tail -1 /etc/passwd" #给用户添加密码或修改密码时只能识别加密后的字符
192.168.10.10 | SUCCESS | rc=0 >>
xixi:x:1001:1001::/home/xixi:/bin/bash192.168.10.20 | SUCCESS | rc=0 >>
xixi:x:1001:1001::/home/xixi:/bin/bash[root@localhost ansible]# yum -y install openssl-devel #安装一个加密软件
[root@localhost ansible]# openssl passwd -1 123.com #对密码进行加密
$1$G2bDvfwF$JZSN8G5/q3wj5bMNhXbDn/
[root@localhost ansible]# ansible all -m user -a 'name=xixi password=$1$G2bDvfwF$JZSN8G5/q3wj5bMNhXbDn/'
#给用户添加密码[root@localhost ansible]# ansible all -m user -a "uid=1030 name=test"
#添加用户并指定uid
[root@localhost ansible]# ansible all -m shell -a "tail -1 /etc/passwd"
192.168.10.10 | SUCCESS | rc=0 >>
test:x:1030:1030::/home/test:/bin/bash
192.168.10.20 | SUCCESS | rc=0 >>
test:x:1030:1030::/home/test:/bin/bash#基本组
[root@localhost ansible]# ansible all -m user -a "name=test group=xixi"
[root@localhost ansible]# ansible all -m shell -a "tail -2 /etc/passwd"
192.168.10.10 | SUCCESS | rc=0 >>
xixi:x:1001:1001::/home/xixi:/bin/bash
test:x:1030:1001::/home/test:/bin/bash192.168.10.20 | SUCCESS | rc=0 >>
xixi:x:1001:1001::/home/xixi:/bin/bash
test:x:1030:1001::/home/test:/bin/bash#附加组 如果不写append,默认是全量添加附加组
[root@localhost ansible]# ansible all -m user -a "name=test groups=test"
[root@localhost ansible]# ansible all -m shell -a "tail -2 /etc/group"
192.168.10.10 | SUCCESS | rc=0 >>
xixi:x:1001:
test:x:1030:test192.168.10.20 | SUCCESS | rc=0 >>
xixi:x:1001:
test:x:1030:test#增量添加
[root@localhost ansible]# ansible all -m shell -a "groupadd one"
192.168.10.10 | SUCCESS | rc=0 >>
192.168.10.20 | SUCCESS | rc=0 >>
[root@localhost ansible]# ansible all -m user -a "name=test groups=one append=yes"
[root@localhost ansible]# ansible all -m shell -a "tail -3 /etc/group"
192.168.10.10 | SUCCESS | rc=0 >>
xixi:x:1001:
test:x:1030:test
one:x:1031:test192.168.10.20 | SUCCESS | rc=0 >>
xixi:x:1001:
test:x:1030:test
one:x:1031:test#全量添加
[root@localhost ansible]# ansible all -m user -a "name=test groups=one append=no"
[root@localhost ansible]# ansible all -m shell -a "tail -3 /etc/group"
192.168.10.20 | SUCCESS | rc=0 >>
xixi:x:1001:
test:x:1030:
one:x:1031:test
192.168.10.10 | SUCCESS | rc=0 >>
xixi:x:1001:
test:x:1030:
one:x:1031:test
[root@localhost ansible]# ansible all -m user -a "name=test state=absent remove=yes"
[root@localhost ansible]# ansible all -m shell -a "tail -1 /etc/passwd"
192.168.10.10 | SUCCESS | rc=0 >>
xixi:x:1001:1001::/home/xixi:/bin/bash192.168.10.20 | SUCCESS | rc=0 >>
xixi:x:1001:1001::/home/xixi:/bin/bash[root@localhost ansible]# ansible all -m shell -a "ls /home" #查看home目录下的所有内容
192.168.10.10 | SUCCESS | rc=0 >>
aa
roo
xixi
yy
192.168.10.20 | SUCCESS | rc=0 >>
aa
rzh
xixi
yy参数释义:
state=absent:删除用户,默认不删除家目录
remove=yes:删除用户的同时删除家目录
5)group:创建和管理远程主机上的组
参数:
name 指定组,如果不存在则创建
gid 修改或者指定组的gid
state=absent 删除指定的组
[root@localhost ~]# ansible all -m group -a "name=two"
[root@localhost ~]# ansible all -m shell -a "tail -1 /etc/group"
#查看组是否创建成功
192.168.10.20 | SUCCESS | rc=0 >>
two:x:1032:
192.168.10.10 | SUCCESS | rc=0 >>
two:x:1032:[root@localhost ~]# ansible all -m group -a "name=two gid=1050"
#指定gid
[root@localhost ~]# ansible all -m shell -a "tail -1 /etc/group"
192.168.10.10 | SUCCESS | rc=0 >>
two:x:1050:192.168.10.20 | SUCCESS | rc=0 >>
two:x:1050:[root@localhost ~]# ansible all -m group -a "name=two state=absent" #删除组
[root@localhost ~]# ansible all -m shell -a "tail -1 /etc/group"
#查看是否删除成功
192.168.10.10 | SUCCESS | rc=0 >>
one:x:1031:192.168.10.20 | SUCCESS | rc=0 >>
one:x:1031
6)script:在远程主机上执行主控端的脚本
[root@localhost ~]# vim test.sh
#!/bin/bash
cd /usr
ls | grep src
[root@localhost ~]# chmod +x test.sh
[root@localhost ~]# ansible all -m script -a "creates=/etc/fstab chdir=/root test.sh"
192.168.10.20 | SKIPPED
192.168.10.10 | SKIPPED
[root@localhost ~]# ansible all -m script -a "removes=/etc/fstab chdir=/root test.sh"
#其他目录下 脚本需写成绝对路径
参数释义:
chdir 切换目录 远程主机上的目录
creates 文件存在,脚本不执行
removes 文件存在 脚本执行
7) setup:查看远程主机上的信息 查看自带的变量
参数:
filter:过滤
[root@localhost ~]# ansible all -m setup
#查看远程主机上的所有信息和变量
[root@localhost ~]# ansible all -m setup -a "filter=ansible_all_ipv4_addresses"
#过滤出ip地址
192.168.10.10 | SUCCESS => {"ansible_facts": {"ansible_all_ipv4_addresses": ["192.168.122.1", "192.168.10.10"]}, "changed": false
}
192.168.10.20 | SUCCESS => {"ansible_facts": {"ansible_all_ipv4_addresses": ["192.168.122.1", "192.168.10.20"]}, "changed": false
}
8)copy模块:将主控端的文件复制到远程主机上 可以复制目录 但是目录当中必须有文件
参数:
src:要复制文件的路径(源文件)
dest 将文件复制到目标主机的位置
[root@localhost ~]# touch haha
[root@localhost ~]# ansible all -m copy -a "src=/root/haha dest=/home"
#将文件复制到home目录下
[root@localhost ~]# ansible all -m shell -a "ls /home" #查看是否复制成功
192.168.10.10 | SUCCESS | rc=0 >>
aa
haha
roo
xixi
yy
192.168.10.20 | SUCCESS | rc=0 >>
aa
haha
rzh
xixi
yy[root@localhost ~]# ansible all -m copy -a "content='11111\22222' dest=/home/haha"
#content 写入内容到远程主机上的指定文件,会覆盖原来的内容
[root@localhost ~]# ansible all -m shell -a "cat /home/haha"
192.168.10.10 | SUCCESS | rc=0 >>
11111\22222192.168.10.20 | SUCCESS | rc=0 >>
11111\22222
注:
copy:当没有任何参数的时候,当主控端拷贝的文件和远程主机上的文件名一致但内容不一致时,则会强制覆盖
force=no :当主控端拷贝的文件和远程主机上的文件名一致时,但是内容不一致,则不会覆盖 会放弃拷贝
backup=yes:当主控端拷贝的文件和远程主机上的文件名一致时,但是内容不一致,会覆盖但是会对远程主机的文件进行备份
[root@localhost ~]# echo 1111111 > haha
[root@localhost ~]# ansible all -m copy -a "src=/root/haha dest=/home"
[root@localhost ~]# ansible all -m shell -a "cat /home/haha"
192.168.10.10 | SUCCESS | rc=0 >>
1111111192.168.10.20 | SUCCESS | rc=0 >>
1111111[root@localhost ~]# echo 333333 > haha
[root@localhost ~]# ansible all -m copy -a "src=/root/haha dest=/home force=no"
192.168.10.20 | SUCCESS => {"changed": false, "dest": "/home", "src": "/root/haha"
}
192.168.10.10 | SUCCESS => {"changed": false, "dest": "/home", "src": "/root/haha"
}[root@localhost ~]# ansible all -m shell -a "cat /home/haha"
192.168.10.20 | SUCCESS | rc=0 >>
1111111192.168.10.10 | SUCCESS | rc=0 >>
1111111
复制目录:
[root@localhost ~]# ansible all -m copy -a "src=/root/haha dest=/home backup=yes"
[root@localhost ~]# ansible all -m shell -a "cat /home/haha"
192.168.10.20 | SUCCESS | rc=0 >>
1111111
192.168.10.10 | SUCCESS | rc=0 >>
1111111
[root@localhost ~]# ansible all -m shell -a "ls /home"
192.168.10.10 | SUCCESS | rc=0 >>
aa
haha
haha.63751.2020-06-11@09:37:54~
roo
xixi
yy
192.168.10.20 | SUCCESS | rc=0 >>
aa
haha
haha.63289.2020-06-11@09:37:54~
rzh
xixi
yy
owner:指定文件的属主
group:指定文件的属组
mode:指定文件的权限
[root@localhost ~]# ansible all -m user -a "name=rr"
[root@localhost ~]# touch cc
[root@localhost ~]# ansible all -m copy -a "src=/root/cc dest=/"
[root@localhost ~]# ansible all -m shell -a "ls -l /cc"
192.168.10.20 | SUCCESS | rc=0 >>
-rw-r--r--. 1 root root 0 6月 11 16:33 /cc
192.168.10.10 | SUCCESS | rc=0 >>
-rw-r--r--. 1 root root 0 6月 11 16:33 /cc[root@localhost ~]# ansible all -m copy -a "src=/root/cc dest=/ owner=rr"
#指定文件的属主
[root@localhost ~]# ansible all -m shell -a "ls -l /cc"
192.168.10.20 | SUCCESS | rc=0 >>
-rw-r--r--. 1 rr root 0 6月 11 16:33 /cc
192.168.10.10 | SUCCESS | rc=0 >>
-rw-r--r--. 1 rr root 0 6月 11 16:33 /cc[root@localhost ~]# ansible all -m copy -a "src=/root/cc dest=/ group=rr"
#指定文件的属组
[root@localhost ~]# ansible all -m shell -a "ls -l /cc"
192.168.10.10 | SUCCESS | rc=0 >>
-rw-r--r--. 1 rr rr 0 6月 11 16:33 /cc
192.168.10.20 | SUCCESS | rc=0 >>
-rw-r--r--. 1 rr rr 0 6月 11 16:33 /cc[root@localhost ~]# ansible all -m copy -a "src=/root/cc dest=/ mode=777"
#指定权限
[root@localhost ~]# ansible all -m shell -a "ls -l /cc"
192.168.10.20 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 rr rr 0 6月 11 16:33 /cc
192.168.10.10 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 rr rr 0 6月 11 16:33 /cc
9)yum模块 在远程主机上使用yum安装软件
远程主机上要提前配置好yum
参数:
name:软件名
state:installed 安装软件包
removed 卸载软件包
[root@localhost ~]# ansible all -m yum -a "name=httpd state=installed"
#在远程主机上通过yum安装httpd
[root@localhost ~]# ansible all -m yum -a "name=httpd state=removed"
#卸载已安装的软件包
10)service模块:管理远程主机上的服务
参数:
name 服务名
state started开启 stopped关闭
restarted 重启
reloaded重新加载 (开启服务的时候才能加载)
enabled=yes 加入到开机自启当中
[root@localhost ~]# ansible all -m service -a "name=httpd state=started"
[root@localhost ~]# ansible all -m shell -a "netstat -anput | grep httpd"
192.168.10.10 | SUCCESS | rc=0 >>
tcp6 0 0 :::80 :::* LISTEN 64222/httpd 192.168.10.20 | SUCCESS | rc=0 >>
tcp6 0 0 :::80 :::* LISTEN 63700/httpd [root@localhost ~]# ansible all -m service -a "name=httpd state=stopped"
#关闭
[root@localhost ~]# ansible all -m shell -a "netstat -anput | grep httpd"
192.168.10.20 | FAILED | rc=1 >>
non-zero return code192.168.10.10 | FAILED | rc=1 >>
non-zero return code[root@localhost ~]# ansible all -m service -a "name=httpd state=restarted"
[root@localhost ~]# ansible all -m service -a "name=httpd state=reloaded"[root@localhost ~]# ansible all -m service -a "name=httpd enabled=yes"
#开机自启
[root@localhost ~]# ansible all -m shell -a "systemctl is-enabled httpd"
#查看当前的服务是否在开机自启当中
192.168.10.10 | SUCCESS | rc=0 >>
enabled192.168.10.20 | SUCCESS | rc=0 >>
enabled
11)file 管理远程主机上的文件或者目录
参数:
path:指定路径,如果远程主机上没有该文件名 则创建
state 创建的类型 touch文件 directory 目录 link软链接 hard硬链接
创建软硬链接 必须写绝对路径 src
远程主机上的源文件 path(dest)远程主机上的链接文件
[root@localhost ~]# ansible all -m file -a "state=touch path=/usr/src/hehe"
[root@localhost ~]# ansible all -m file -a "state=directory path=/usr/src/qq"
[root@localhost ~]# ansible all -m file -a "state=link src=/usr/src/qq path=/usr/src/ttt"
[root@localhost ~]# ansible all -m file -a "state=hard src=/usr/src/hehe path=/usr/src/ee"
owner 修改或指定属主
group 修改或指定属组
mode 修改或指定权限
[root@localhost ~]# ansible all -m file -a "path=/yyy state=touch mode=777 owner=rr group=rr"
#修改属组
[root@localhost ~]# ansible all -m shell -a "ls -l /yyy"
192.168.10.20 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 rr rr 0 6月 11 16:56 /yyy
192.168.10.10 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 rr rr 0 6月 11 16:56 /yyy[root@localhost ~]# ansible all -m file -a "path=/yyy mode=755"
#修改权限
[root@localhost ~]# ansible all -m shell -a "ls -l /yyy"
192.168.10.10 | SUCCESS | rc=0 >>
-rwxr-xr-x. 1 rr rr 0 6月 11 16:56 /yyy
192.168.10.20 | SUCCESS | rc=0 >>
-rwxr-xr-x. 1 rr rr 0 6月 11 16:56 /yyy[root@localhost ~]# ansible all -m file -a "path=/yyy owner=root"
#修改属主
[root@localhost ~]# ansible all -m shell -a "ls -l /yyy"
192.168.10.10 | SUCCESS | rc=0 >>
-rwxr-xr-x. 1 root rr 0 6月 11 16:56 /yyy
192.168.10.20 | SUCCESS | rc=0 >>
-rwxr-xr-x. 1 root rr 0 6月 11 16:56 /yyy[root@localhost ~]# ansible all -m file -a "path=/yyy mode=7777"
[root@localhost ~]# ansible all -m shell -a "ls -l /yyy"
删除文件或者目录
state=absent
[root@localhost ~]# ansible all -m file -a "path=/yyy state=absent"
12)cron 在远程主机上添加计划任务
参数:
minute 分钟
hour 小时
day 天
mouth yue
weekday 周
job 执行的命令
name 对计划任务的命名
special_time=hourly 每小时
[root@localhost ~]# ansible all -m cron -a "name=one hour=8 minute=10 job='echo xixi'"
[root@localhost ~]# ansible all -m shell -a "crontab -l"
192.168.10.10 | SUCCESS | rc=0 >>
#Ansible: one
10 8 * * * echo xixi
192.168.10.20 | SUCCESS | rc=0 >>
#Ansible: one
10 8 * * * echo xixi
[root@localhost ~]# ansible all -m shell -a "crontab -r"
192.168.10.10 | SUCCESS | rc=0 >>192.168.10.20 | SUCCESS | rc=0 >>
13)lineinfile 用来给文件中添加内容 或者修改文件中的内容
regexp 正则匹配 ^…… ……$
line 将匹配的内容进行替换
line 单独使用 是在文件的最后添加内容
[root@localhost ~]# ansible all -m file -a "name=/oo state=touch"
[root@localhost ~]# ansible all -m shell -a "echo -e '111111\222222\n33333' > /oo"
[root@localhost ~]# ansible all -m shell -a "cat /oo"
192.168.10.20 | SUCCESS | rc=0 >>
111111\222222
33333
192.168.10.10 | SUCCESS | rc=0 >>
111111\222222
33333[root@localhost ~]# ansible all -m lineinfile -a "line='44444' path=/oo"
[root@localhost ~]# ansible all -m shell -a "cat /oo"[root@localhost ~]# ansible all -m lineinfile -a "regexp="^2" line='5555' path=/oo"
[root@localhost ~]# ansible all -m shell -a "cat /oo"
insertbefore 在匹配行的前面添加内容
insertafter 在匹配行的之后添加
[root@localhost ~]# ansible all -m lineinfile -a "insertbefore='^4' line='22222' path=/oo"
#如果想要添加两次,需要把添加的内容改一下
[root@localhost ~]# ansible all -m shell -a "cat /oo"
[root@localhost ~]# ansible all -m lineinfile -a "insertafter='^5' line='33333' path=/oo"
[root@localhost ~]# ansible all -m shell -a "cat /oo"
playbook
概念:
是由多个模块组成的,yaml语言编写的 ,集合性语言 C语言 python ruby per
后缀: .yaml .yml
语法格式:
— 代表yaml文件
区分大小写;层级是通过缩进 使用空格
#注释
数据类型;集合;列表;字符串;数据;对象
yaml语言编写的playbook剧本中特殊字符的含义:
tasks 任务
handlers 触发器
variables 变量
ansible的变量:
1、本身就有很多的变量 这些变量是可以直接使用的
setup 查看远程主机上的信息 查看自带的变量
参数:filter 过滤
[root@localhost ~]# ansible all -m setup #查看远程主机上的所有信息
[root@localhost ~]# ansible all -m setup -a "filter=ansible_all_ipv4_addresses"
#查看远程主机上的所有ip信息
2、可以通过命令来设置变量 -e
[root@localhost ~]# vim test.yaml
- hosts: aaa #主机清单remote_user: root #用户tasks: #任务- name: touch file #命名shell: echo {{ var }} > haha #创建文件
[root@localhost ~]# ansible-playbook -e "var=haha" test.yaml
[root@localhost ~]# ansible all -m shell -a "cat haha"
3、可以直接将变量写到剧本中
[root@localhost ~]# vim test.yaml
- hosts: aaaremote_user: rootvars:var: hehetasks:- name: touch fileshell: echo {{ var }} > haha
[root@localhost ~]# ansible-playbook test.yaml
[root@localhost ~]# ansible all -m shell -a "cat haha"
192.168.10.10 | SUCCESS | rc=0 >>
hehe
192.168.10.20 | SUCCESS | rc=0 >>
hehe
4、把所有的变量都放在一个文件当中,通过调用文件来使变量
[root@localhost ~]# vim var.yaml
---var1: sambavar2: vsftpd[root@localhost ~]# vim test.yaml---- hosts: aaaremote_user: rootvars_files:- var.yamltasks:- name: touch fileshell: echo {{ var1 }} > haha- name: yumyum: name={{ var2 }} state=installed
[root@localhost ~]# ansible-playbook test.yaml
5、可以在主机清单当中设置变量 但这种方式基本不用,因为会影响主机清单,只针对于一个清单
[root@localhost ~]# cd /etc/ansible/
[root@localhost ansible]# vim hosts
[aaa]
192.168.10.10
192.168.10.20
[aaa:vars]
var3=dhcp
[root@localhost ansible]# cd
[root@localhost ~]# vim test.yaml
---- hosts: aaaremote_user: roottasks:- name: touch fileshell: echo {{ var3 }} > haha[root@localhost ~]# ansible-playbook test.yaml [root@localhost ~]# ansible all -m shell -a "cat haha"
192.168.10.20 | SUCCESS | rc=0 >>
dhcp
192.168.10.10 | SUCCESS | rc=0 >>
dhcp
[root@localhost ~]# vim nginx.yaml
#编写nginx安装
---- hosts: aaaremote_user: roottasks:- name: yum install packageyum: name=pcre-devel,gcc*,zlib,zlib-devel,openssl-devel state=installed- name: copy nginx packagecopy: src=/root/nginx-1.15.4.tar.gz dest=/usr/src/nginx-1.15.4.tar.gz- name: tar packageshell: cd /usr/src && tar -zxf nginx-1.15.4.tar.gz- name: add useruser: name=nginx shell=/sbin/nologin- name: set nginxshell: cd /usr/src/nginx-1.15.4 && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx && make && make install- name: linkfile: path=/usr/local/sbin/nginx state=link src=/usr/local/nginx/sbin/nginx- name: start servershell: nginx
[root@localhost ~]# ansible-playbook nginx.yaml
#测试执行是否成功
角色:
ansible1.2版本之后实现的角色
role把剧本进行规范化
roles:
1、变更主机组频繁
2、命名规范
3、需要使用多个剧本
4、针对于大型的项目
注:
角色有现成的,在官网上有很多编写好的 可以直接下载使用
第一种 下载角色 httpd
前提:能连接上物理机网络并能ping通外网
[root@localhost ~]# ansible-galaxy install robertdebock.httpd
#下载角色
[root@localhost ~]# cd /etc/ansible/roles/robertdebock.httpd/
[root@localhost robertdebock.httpd]# ls
#查看角色的安装位置
CODE_OF_CONDUCT.md defaults LICENSE molecule requirements.yml tasks tox.ini
CONTRIBUTING.md handlers meta README.md SECURITY.md templates vars
[root@localhost robertdebock.httpd]# cd ..
[root@localhost roles]# ls
robertdebock.httpd
有固定格式目录:
files 存放普通文件的目录
vars 自定义变量
tasks 任务目录
handlers 触发器
template 模板文件 存放带变量的文件
[root@localhost roles]# cd /etc/ansible/
[root@localhost ansible]# ls
ansible.cfg hosts roles
[root@localhost ansible]# cd roles/
[root@localhost roles]# mkdir nginx
[root@localhost roles]# ls
nginx robertdebock.httpd
[root@localhost roles]# cd nginx/
[root@localhost nginx]# mkdir tasks
[root@localhost nginx]# mkdir vars
[root@localhost nginx]# mkdir handlers
[root@localhost nginx]# mkdir files
[root@localhost nginx]# mkdir templates
[root@localhost nginx]# ls
files handlers tasks templates vars
[root@localhost nginx]# yum -y install tree
注:在nginx实际环境中,相当于修改nginx的配置文件,主控端把所有的内容都修改好 网页copy直接复制过去
#复制普通文件
[root@localhost nginx]# cd files/
[root@localhost files]# cp /root/nginx-1.15.4.tar.gz .
[root@localhost files]# echo 111111 > index.html
[root@localhost files]# ls
index.html nginx-1.15.4.tar.gz
#金甲模板 文件 带变量的文件
[root@localhost files]# tar -zxf nginx-1.15.4.tar.gz
[root@localhost files]# cd nginx-1.15.4/
[root@localhost nginx-1.15.4]# cd conf/
[root@localhost conf]# cp nginx.conf /etc/ansible/roles/nginx/templates/nginx.conf.j2
[root@localhost conf]# cd /etc/ansible/roles/nginx/templates/
[root@localhost templates]# vim nginx.conf.j2
3 worker_processes {{ ansible_processor_cores }};
13 worker_connections {{ worker_connections }};
36 listen {{ listen }};
#参数释义:
worker_processes 系统中自带的变量,可以获取到远程主机的cpu核心数
worker_connections 每个核心数的最大连接量 自定义的变量
ansible_processor_cores 自定义变量 监听的端口
#变量文件:自定义
[root@localhost templates]# cd ../vars/
[root@localhost vars]# vim main.yaml
---worker_connections: 10240listen: 8080
#任务
[root@localhost vars]# cd ../tasks/
[root@localhost tasks]# vim main.yaml
---- name: yum install packageyum: name=pcre-devel,gcc*,zlib,zlib-devel,openssl-devel state=installed- name: copy nginx packagecopy: src=nginx-1.15.4.tar.gz dest=/usr/src/nginx-1.15.4.tar.gz- name: tar packageshell: cd /usr/src/ && tar -zxf nginx-1.15.4.tar.gz- name: add useruser: name=nginx shell=/sbin/nologin- name: set nginxshell: cd /usr/src/nginx-1.15.4 && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx && make && make install- name: linkfile: path=/usr/local/sbin/nginx state=link src=/usr/local/nginx/sbin/nginx- name: copy index.htmlcopy: src=index.html dest=/usr/local/nginx/html/index.html- name: copy conftemplate: src=nginx.conf.j2 dest=/usr/local/nginx/conf/nginx.confnotify: restart nginx service- name: start servershell: nginx#触发器:
[root@localhost tasks]# cd ../handlers/
[root@localhost handlers]# vim main.yaml
---- name: restart nginx serviceshell: killall -9 nginx && nginx
[root@localhost handlers]# cd ..
[root@localhost nginx]# tree .
.
├── files
│?? ├── index.html
│?? └── nginx-1.6.0.tar.gz
├── handlers
│?? └── main.yaml
├── tasks
│?? └── main.yaml
├── templates
│?? └── nginx.conf.j2
└── vars└── main.yaml
[root@localhost nginx]# cd ..
[root@localhost roles]# ls
nginx robertdebock.httpd
[root@localhost roles]# cd ..
[root@localhost ansible]# ls
ansible.cfg hosts roles
[root@localhost ansible]# vim site.yaml
---- host: aaa #主机清单名remote_user: rootroles:- nginx[root@localhost ansible]# ansible-playbook site.yaml
