ansible是基于python2的,python3不行
0.配置文件
1)ansible.cfg(一般不需要更改)
/etc/ansible/ansible.cfg
2)主机清单inventory 此处命令为hosts.cfg(没有后缀名限制)
①方式一(只要~/.ssh/config配置好,只需要主机组[servers]+名字就可以)
[servers]
test1
test2
~/.ssh/config配置格式如下:
host test1
hostname 127.0.0.1
port 22
user root
identityfile ~/.ssh/id_rsa
1. 不验证ssh指纹
修改/etc/ansible/ansible.cfg
取消注释
host_key_checking = False
2. ad-hoc 临时命令
命令 主机组名称 指定模块 命令模块 模块动作 具体命令 [指定配置文件]
ansible servers -m command -a 'df -h' [-i hosts.cfg]
-f 5 并发数 (配置文件:forks)
ansible servers -m ping -i hosts.cfg
②方式二
[servers]
127.0.0.1
168.192.1.1
[all:vars]
ansible_user=root
ansible_ssh_private_key_file=~/.ssh/id_rsa
③方式三
[servers]
127.0.0.1 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="password"
168.192.1.1 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='password'
3.模块
命令 command shell scripts
安装 yum
配置 copy file
启动 service systemd
用户 user group
任务 cron
挂载 mount
防火墙 firewall selinux
command 不能用管道符 换shell
ansible servers -m shell -a 'systemctl status nginx' -i hosts.cfg
查看模块方法
ansible-doc yum
EXAMPLES 示例
1.yum模块 (安装 present 卸载 absent 升级 latest 排除 exclude 指定仓库 enablerepo)
1)示例:安装最新版apache软件,如果存在则更新
ansible servers -i hosts.cfg -m yum -a 'name=httpd state=latest'
不要求最新,安装上就行
ansible servers -i hosts.cfg -m yum -a 'name=httpd state=present'
2)示例:安装最新版apache软件,通过epel仓库安装
ansible servers -i hosts.cfg -m yum -a 'name=httpd state=latest enablerepo=epel'
3)示例:通过公网URL安装rpm软件(不能有依赖的)
ansible servers -i hosts.cfg -m yum -a 'name=https://mirrors.aliyun.com/zabbix/zabbix/5.0/rhel/7/x86_64/zabbix-agent-5.0.15-1.el7.x86_64.rpm state=latest'
4)示例:更新所有软件包,但排除和kernel相关的
ansible servers -i hosts.cfg -m yum -a 'name="*" state=latest exclude=kernel*'
更新所有软件包,但排除和kernel和foo相关的
ansible servers -i hosts.cfg -m yum -a 'name="*" state=latest exclude=kernel*,foo*'
5)示例:更新所有软件包,但排除和kernel相关的
ansible servers -i hosts.cfg -m yum -a 'name=httpd state=absent'
2. cope模块
ansible-doc cope
1)示例:复制本地文件到远程主机
ansible servers -i hosts.cfg -m copy -a 'src=./hosts.cfg dest=/root owner=root group=root mode=644'
2)示例:复制本地文件到远程主机,如果原来有文件,并且与发送的有变化,会备份原来的文件
ansible servers -i hosts.cfg -m copy -a 'src=/root/hosts.cfg dest=/root owner=root group=root mode=644 backup=yes'
3)示例:向远程主机写个文件
ansible servers -i hosts.cfg -m copy -a 'content="test aaa" dest=/root/hosts.test owner=root group=root mode=644'
示例:内容不一样,则备份
ansible servers -i hosts.cfg -m copy -a 'content="test aaabbb" dest=/root/hosts.test owner=root group=root mode=644 backup=yes'
3.get_cul模块
支持http https ftp
1)示例:下载网上文件
ansible servers -i hosts.cfg -m get_url -a 'url=https://pic.cnblogs.com/avatar/2189493/20201201164611.png dest=/root/'
2)示例:下载网上文件,并进行md5效验(MD5值对才下载)
ansible servers -i hosts.cfg -m get_url -a 'url=https://pic.cnblogs.com/avatar/2189493/20201201164611.png dest=/root/ checksum=md5:fb1b256b1647d029fc0348600a5136ca'
4.file模块
path status touch directory owner group mode
1)示例:创建文件
ansible servers -i hosts.cfg -m file -a 'path=/root/test.test state=touch owner=root group=root mode=644'
2)示例:创建目录(修改权限)
ansible servers -i hosts.cfg -m file -a 'path=/root/test state=directory owner=root group=root mode=755'
3)示例:递归修改所属权限(如果带mode则mode也设置了,一般不带,让文件访问权限不变)
ansible servers -i hosts.cfg -m file -a 'path=/root/test state=directory owner=root group=root recurse=yes'
5.service模块
1)示例:启动nginx服务
ansible servers -i hosts.cfg -m service -a 'name=nginx state=started'
2)示例:重新加载nginx服务配置
ansible servers -i hosts.cfg -m service -a 'name=nginx state=reloaded'
3)示例:重启nginx服务
ansible servers -i hosts.cfg -m service -a 'name=nginx state=restarted'
4)示例:停止nginx服务
ansible servers -i hosts.cfg -m service -a 'name=nginx state=stopped'
5)示例:启动nginx服务,并加入开机自启
ansible servers -i hosts.cfg -m service -a 'name=nginx state=started enabled=yes'
验证:去服务器使用命令 systemctl is-enabled nginx
示例:关闭开机自启
ansible servers -i hosts.cfg -m service -a 'name=nginx state=started enabled=yes'
6.group模块(先有组,再有用户)
1)示例:创建news基本组,指定gid为9999
ansible servers -i hosts.cfg -m group -a 'name=news gid=9999'
ansible servers -i hosts.cfg -m group -a 'name=news gid=9999 state=present'
2)示例:创建news2系统组,指定gid为8888
ansible servers -i hosts.cfg -m group -a 'name=news2 system=yes gid=8888 state=present'
3)示例:删除news组
ansible servers -i hosts.cfg -m group -a 'name=news state=absent'
7.user模块(先有组,再有用户)
1)示例:创建tset11用户,指定uid为1040,组为adm(保证组存在,没有的话先创建组)
ansible servers -i hosts.cfg -m user -a 'name=test11 uid=1040 group=adm'
验证:id test11
2)示例:创建tset11用户,登录shell为/sbin/nologin,追加组为bin,sys组
ansible servers -i hosts.cfg -m user -a 'name=test11 shell=/bin/bash groups=bin,sys'
3)示例:创建tset22用户,设置密码为123,并且创建家目录(添加密码得两步)
密码是加密的,不能直接写(避坑"sha512","salt"只能双引号)
ansible localhost -m debug -a 'msg={{"123"|password_hash("sha512","salt")}}'
然后添加用户(password为生成的密钥)
ansible servers -i hosts.cfg -m user -a 'name=test22 password=$6$salt$jkHSO0tOjmLW0S1NFlw5veSIDRAVsiQQMTrkOKy4xdCCLPNIsHhZkIRlzfzIvKyXeGdOfCBoW1wJZPLyQ9Qx/1 create_home=yes'
3)示例:删除tset22用户(remove会连带家目录一起删,一般不带)
ansible servers -i hosts.cfg -m user -a 'name=test22 state=absent'
ansible servers -i hosts.cfg -m user -a 'name=test22 state=absent remove=yes'
8.cron模块
1)示例:添加定时任务,每分钟执行一次ls命令
ansible servers -i hosts.cfg -m corn -a 'name=cron1 job="ls >/dev/null"'
2)示例:添加定时任务,每天2点5点执行一次ls命令
ansible servers -i hosts.cfg -m corn -a 'name=cron2 minute=0 hour=2,5 job="ls >/dev/null"'
3)示例:关闭定时任务,使定时任务失效
ansible servers -i hosts.cfg -m corn -a 'name=cron2 minute=0 hour=2,5 job="ls >/dev/null" disabled=yes'
9.mount模块
state=(临时挂载 mounted 临时卸载absent 永久挂载present 永久卸载 unmounted)
示例:
将本机设置为nfs服务端
ansible localhost -m yum -a 'name=nfs-utils state=present'
ansible localhost -m file -a 'path=/ops state=directory'
ansible localhost -m copy -a 'content="/opt 0.0.0.0/24(rw,sync)" dest=/etc/exports'
ansible localhost -m service -a 'name=nfs state=restarted'
1)示例一:挂载nfs存储至本地的/opt目录,并实现开机自动挂载
ansible servers -i hosts.cfg -m mount -a 'src=47.121.131.1:/ops path=/opt fstype=nfs opts=defaults state=mounted'
2)示例二:挂载nfs存储至本地的/opt目录,并实现开机自动挂载
ansible servers -i hosts.cfg -m mount -a 'src=47.121.131.1:/ops path=/opt fstype=nfs opts=defaults state=unmounted'
3)示例三:挂载nfs存储至本地的/opt目录,并实现开机自动挂载
ansible servers -i hosts.cfg -m mount -a 'src=47.121.131.1:/ops path=/opt fstype=nfs opts=defaults state=absent'
10.selinux模块
1)示例一:关闭selinux模块
ansible servers -i hosts.cfg -m selinux -a 'state=disabled'