ansible batch automated management tool (1)

ansible installation:

ignore

Master and client ssh are not encrypted:

Need to modify the ssh configuration file /etc/ssh/ssh_config

1.	#进行ping模块的连接测试
3.	[root@ansible python]# ansible nginx -m ping
4.	webB | FAILED! => {
    
             #我们发现webB还是没链接成功，这是因为本机的known_hosts文件还没有记录对方主机的信息。
5.	    "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."
6.	}

想要解决known_hosts的问题，只需要修改ssh的配置文件/etc/ssh/ssh_config即可
1.	#修改ssh配置文件
2.	[root@ansible .ssh]# sed -n '35p' /etc/ssh/ssh_config
3.	#   StrictHostKeyChecking ask
4.	[root@ansible .ssh]# vim /etc/ssh/ssh_config
5.	[root@ansible .ssh]# sed -n '35p' /etc/ssh/ssh_config
6.	   StrictHostKeyChecking no     #去掉注释，修改成这样
7.	
8.	#重启ssh服务
9.	[root@ansible .ssh]# systemctl reload sshd.service

/etc/ansible/hosts file configuration

Setting method one:

4.	[all_remote]         #被管理的主机组名称
5.	webA ansible_ssh_host=192.168.200.132 ansible_ssh_port=22 ansible_ssh_user=root #第一台主机
6.	webB ansible_ssh_host=192.168.200.138 ansible_ssh_port=22 ansible_ssh_user=root  ansible_ssh_pass=666666    #第二台主机
7.	
8.	【注意】
9.	如果是免密的那么铭文密码就不需要了
10.	ansible_ssh_pass=

Execution command demonstration:

ansible all_remote  -m shell -a "pushd ~/;ls /etc | tail -3;popd"

---

Setting method two:

[all_remote]
#当前面是ansible_ssh_host=，需要前面加上web01等等
web01 ansible_ssh_host=11.222.76.9 ansible_ssh_port=22
#默认前面直接加ip，后面指定端口可以使用ansible_ssh_port或者ansible_port
11.222.76.9  ansible_ssh_port=22

Execution command demonstration:

ansible all_remote  -m shell -a "pushd ~/;ls /etc | tail -3;popd" -u myuser

【注意】
由于hosts没有指定用户，所有命令行-u来指定

Parameter Description:

8.	特别提示：
9.	WebA  ===> 主机名
10.	ansible_ssh_host ===>主机IP
11.	ansible_ssh_port ===>ssh的默认端口
12.	ansible_ssh_user ===>ssh的用户名
13.	ansible_ssh_pass ===>ssh的用户的连接密码

Ansible common module usage:

Use the ping module to check whether the server is connected normally:

ansible -i /etc/ansible/hosts web01:web02 -m ping -u user
[Parameter]:
-i specifies the path of the hosts
web01:web02 is the web01 and web02 machines in the specified hosts

ansible all_remote:!web01 -m ping -u user
[parameters]:
!web01 refers to the troubleshooting web01 machine

ansible webA:webB -m ping -u user

Ansible module command (pipes are not supported, not recommended):

#Correct usage: ansible all_remote -m command -a “pwd”

#command module does not support pipe operation:
[error] ansible all -m command -a "echo test | grep t"

The command module does not support redirection operation
[error] ansible all -m command -a "echo bb >> /tmp/test

Ansible module shell (supports pipes, supports redirection):

#shell module supports pipe characters
[correct] ansible all -m shell -a "echo albitest | grep a"

#shell support redirection
[correct] ansible all -m shell -a "echo bb >> /tmp/testansib

#If you encounter special symbols, you need to add \ escape, so that ansible can run normally
[correct]
ansible all -m shell -a "cat /etc/passwd | awk -F":"'{print $1}'"

Ansible module raw, the most primitive way to run commands (does not rely on python, only through ssh):

#Clear yum cache ansible all -m raw -a “yum -y clean all”

Create yum cache
ansible all -m raw -a "yum makecache"

#yum装nmap包
ansible all -m raw -a “yum -y install nmap”

Ansible's copy module distributes files or folders in batches:

The parameters of the copy module, ansible host group -m module -a command

•	
o	src：指定源文件或目录
o	dest：指定目标服务器的文件或目录
o	backup：是否要备份
o	owner：拷贝到目标服务器后，文件或目录的所属用户
o	group：拷贝到目标服务器后，文件或目录的所属群组
o	mode：文件或目录的权限

src===>Source file path dest=Target path location:

ansible all -m copy -a “src=/root/test.txt dest=/tmp/”

The copy module copies the folder:

特别提示： 
如果目标路径里有与我拷贝的文件同名文件的话，会直接覆盖目标路径下的文件

#拷贝/service/scripts/  目录下所有内容到dest的路径下（注意两条命令的对比）
ansible webA -m copy -a "src=/service/scripts/ dest=/service/scripts/"

#拷贝/service/scripts目录本身及其内部的所有内容到dest的路径下（注意两条命令的对比）
ansible webA -m copy -a "src=/service/scripts dest=/service/scripts/  backup=yes"

Use the copy module to enter data for the remote machine file (created if it does not exist):

ansible -i /etc/ansible/hosts web01 -m copy -a "content="haha" dest=/root/dockerfile" -u user

When copying a file, the copy module specifies the owner of the file. Note that the corresponding user must exist on the remote host:

ansible ansible-demo3 -m copy -a "src=/testdir/copytest dest=/testdir/ owner=jenkins"

When the copy module copies files, specify file permissions:

ansible ansible-demo3 -m copy -a "src=/testdir/copytest dest=/testdir/ mode=0644

Ansible's script module runs scripts in batches:

Ansible's script module enables remote servers to run local shell scripts in batches

34.	ansible $Group -m script -a "/service/scripts/auto_nginx.sh"

Ansible error summary:

Permission problem: (ansible user problem)

[root@VM20201125-0 ~]# ansible -i /etc/ansible/hosts all_remote -m ping
11.269.21.21 | UNREACHABLE! => {
    
    
    "changed": false,
    "msg": "Failed to connect to the host via ssh: [email protected]: Permission denied (publickey,password).",
    "unreachable": true
}

【注意】
原因可能是hosts中没有设置ansible_host_user或者命令行执行ansible没有执行-u +用户

The /etc/ansible/hosts file was not found correctly

[root@kVM20208925-0 ~]# ansible -i /etc/ansible/hostss all_remote -m ping -u myself
[WARNING]: Unable to parse /etc/ansible/hostss as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: all_remote