1 ansible
- Tools for managing servers in bulk
- Acquired by Red Hat in 2015
- Written in the Python language
- Management is based on ssh, so there is no need to install any software on the managed side
- When ansible manages remote hosts, it mainly operates through various modules
1.1 Environment preparation
CPU name | IP address | Role |
---|---|---|
control | 192.168.199.51 | control node master |
node1 | 192.168.199.52 | Controlled node node1 |
node2 | 192.168.199.53 | Controlled node node2 |
1.2 Environmental requirements
- Requirements for the control node:
- configure name resolution, and be able to access all nodes by name
- configure to log in to all nodes through ssh without password
- install ansible
配置域名解析
[root@control ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.199.51 control
192.168.199.52 node1
192.168.199.53 node2
[root@control ~]#
配置免密登录
[root@control ~]# ssh-keygen
[root@control ~]# ssh-copy-id node1
[root@control ~]# ssh-copy-id node2
安装ansible
[root@control ~]# yum install epel-release.noarch -y
[root@control ~]# yum install ansible -y
1.3 Configure ansible management tools
Because the remote hosts to be managed may be different. So configurations with the same management method are placed in a directory.
The default installation directory is /etc/ansible/
# 创建ansible工作目录,目录名自己定义,不是固定的。
[root@control ~]# mkdir ansible
[root@control ~]# cd ansible
# 创建配置文件。默认的配置文件是/etc/ansible/ansible.cfg,但是一般不使用它,而是在工作目录下创建自己的配置文件
[root@control ansible]# vim ansible.cfg # 文件名必须是ansible.cfg
[defaults]
inventory = hosts # 管理的主机,配置在当前目录的hosts文件中,hosts名是自定义的。=号两边空格可有可无。
# 创建主机清单文件。写在[]里的是组名,[]下面的是组内的主机名
[root@control ansible]# vim hosts
[web1]
node1
[web2]
node2
[root@control ansible]# ansible all --list-hosts
hosts (2):
node2
node1
[root@control ansible]#
2 ansible-doc commands
2.1 Grammar
ansible 主机或组列表 -m 模块 -a "参数" # -a是可选的
2.2 ansible module
[root@control ansible]# ansible-doc -l |wc -l
3387
# 查看与yum相关的模块
[root@control ansible]# ansible-doc -l | grep yum
yum Manages packa...
yum_repository Add or remove...
[root@control ansible]#
- The learning module mainly knows which module is needed to realize a certain function.
- Modules are used in the same way. Mainly to see what parameters the module has.
2.3 The difference between command module and shell module
- Ansible default module for executing arbitrary commands on remote hosts
- command does not support shell features such as pipes and redirection.
# 在所有被管主机上创建目录/tmp/demo
[root@control ansible]# ansible all -a "mkdir /tmp/demo"
# 查看node1的ip地址
[root@control ansible]# ansible node1 -a "ip a s"
[root@control ansible]# ansible node1 -a "ip a s | head" # 报错
shell module
- Similar to the command module, but supports shell features such as pipes and redirection
# 查看node1的ip地址,只显示前10行
[root@control ansible]# ansible node1 -m shell -a "ip a s | head"
3 modules in practice
3.1 script module
- Used to execute the script on the remote host, copy the local script to the remote host, and execute
[root@control ansible]# vim test.sh
#!/bin/bash
#author zoey
touch /root/script.txt
echo "this is a script model" >script.txt
[root@control ansible]# ansible all -m script -a "test.sh"
node2 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to node2 closed.\r\n",
"stderr_lines": [
"Shared connection to node2 closed."
],
"stdout": "",
"stdout_lines": []
}
node1 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to node1 closed.\r\n",
"stderr_lines": [
"Shared connection to node1 closed."
],
"stdout": "",
"stdout_lines": []
}
[root@control ansible]#
[root@node1 ~]# cat script.txt
this is a script model
[root@node1 ~]#
3.2 file module
- You can create files, directories, links, etc., and modify permissions, attributes, etc.
- Commonly used options:
- path: specify the file path
- owner: set the file owner
- group: Set the group to which the file belongs
- state: state. touch means to create a file, directory means to create a directory, link means to create a soft link, and absent means to delete
- mode: set permissions
- src: shorthand for source, source
- dest: shorthand for destination, target
# 查看使用帮助
[root@control ansible]# ansible-doc file
EXAMPLES:
- name: Change file ownership, group and permissions
file:
path: /etc/foo.conf
owner: foo
group: foo
mode: '0644'
在WEB1主机上创建/tmp/file.txt
[root@control ansible]# ansible web1 -m file -a "path=/tmp/file.txt state=touch"
删除web1主机上/tmp/file.txt
[root@control ansible]# ansible web1 -m file -a "path=/tmp/file.txt state=absent"
在web1主机上创建/etc/hosts的软链接,目标是/tmp/hosts.txt
[root@control ansible]# ansible web1 -m file -a "src=/etc/hosts dest=/tmp/hosts.txt state=link"
3.3 copy module
- Used to copy files from the control end to the controlled end
- Common options:
- src: source. Control file path
- dest: destination. The file path of the controlled end
- content: content. What needs to be written to the file
[root@control ansible]# echo "AAA" > a3.txt
[root@control ansible]# ansible web1 -m copy -a "src=a3.txt dest=/root/"
#在目标主机上创建/tmp/mytest.txt,内容是Hello World
[root@control ansible]# ansible web1 -m copy -a "content='hello word' dest=/tmp/mytest.txt"
3.4 fetch module
- Contrary to the copy module, copy is upload and fetch is download
- Common options:
- src: source. The file path of the controlled end
- dest: destination. Control file path
# 将web1主机上的/etc/hostname下载到本地用户的家目录下
[root@control ansible]#
[root@control ansible]# ansible web1 -m fetch -a "src=/etc/hostname dest=./"
3.5 lineinfile module
- Used to ensure that there is a certain line of content in the saved target file
- Common options:
- path: the path of the file to be modified
- line: a line to write to the file
- regexp: regular expression, used to find the content in the file
# web1组中的主机,/etc/issue中一定要有一行Hello World。如果该行不存在,则默认添加到文件结尾
[root@control ansible]# ansible web1 -m lineinfile -a "path=/etc/issue line='hello world'"
# web1组中的主机,把/etc/issue中有Hello的行,替换成chi le ma
ansible web1 -m lineinfile -a "path=/etc/issue line='chi le ma' regexp='hello'"
3.6 replace module
- lineinfile will replace a line, and replace can replace keywords
- Common options:
- path: the path of the file to be modified
- replace: Replace the content found by the regular expression with the content of replace
- regexp: regular expression, used to find the content in the file
# 把web1组中主机上/etc/issue文件中的chi,替换成he
[root@control ansible]# ansible web1 -m replace -a "path=/etc/issue regexp='chi' replace='he'"
3.7 Comprehensive exercise of file operation
- All operations take effect on the hosts in the web1 group
- Create the /tmp/mydemo directory on the target host, the owner and group are both adm, and the permissions are 0777
- Upload the /etc/hosts file of the control terminal to the /tmp/mydemo directory of the target host, the owner and group are both adm, and the authority is 0600
- Replace node5 in the target host /tmp/mydemo/hosts file with server5
- Download the target host /tmp/mydemo/hosts file to the current directory of the control terminal
在目标主机上创建/tmp/mydemo目录,属主和属组都是adm,权限为0777
[root@control ansible]# ansible web1 -m file -a "path=/tmp/mydemo owner=adm group=adm mode='0777' state=directory"
将控制端的/etc/hosts文件上传到目标主机的/tmp/mydemo目录中,属主和属组都是adm,权限为0600
[root@control ansible]# ansible web1 -m copy -a "src=/etc/hosts dest=/tmp/mydemo owner=adm group=adm mode='0600'"
[root@node1 ~]# cd /tmp/mydemo/
[root@node1 mydemo]# ls
hosts
[root@node1 mydemo]# cat hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.199.51 control
192.168.199.52 node1
192.168.199.53 node2
[root@node1 mydemo]#
替换目标主机/tmp/mydemo/hosts文件中的node1为server1
[root@control ansible]# ansible web1 -m replace -a "path=/tmp/mydemo/hosts regexp='node1' replace='server1'"
[root@node1 mydemo]# cat hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.199.51 control
192.168.199.52 server1
192.168.199.53 node2
[root@node1 mydemo]#
将目标主机/tmp/mydemo/hosts文件下载到控制端的当前目录
[root@control ansible]# ansible web1 -m fetch -a "src=/tmp/mydemo/hosts dest=."
node1 | CHANGED => {
"changed": true,
"checksum": "442afbbcbd4539223c68db745e45cc99fdbf4382",
"dest": "/root/ansible/node1/tmp/mydemo/hosts",
"md5sum": "79d1195a2aa818f6dbfb940121402e57",
"remote_checksum": "442afbbcbd4539223c68db745e45cc99fdbf4382",
"remote_md5sum": null
}
[root@control ansible]# cd node1/tmp/mydemo/
[root@control mydemo]# ls
hosts
[root@control mydemo]#
3.8 user module
- Implement linux user management
- Common options:
- name: the name of the user to be created
- uid: user ID
- group: set the main group
- groups: set additional groups
- home: set the home directory
- password: set user password
- state: state. present means creation, which is the default option. absent means delete
- remove: delete the home directory, mailbox, etc. The value is yes or true.
在web1组中的主机上,创建tom用户
[root@control ansible]# ansible web1 -m user -a "name=tom"
# 在web1组中的主机上,创建jerry用户。设置其uid为1010,主组是adm,附加组是daemon和root,家目录是/home/jerry
[root@control ansible]# ansible web1 -m user -a "name=jerry uid=1010 group=adm groups=daemon,root home=/home/jerry"
# 设置tom的密码是123456
# {
{}}是固定格式,表示执行命令。password_hash是函数,sha512是加密算法,则password_hash函数将会把123456通过sha512加密变成tom的密码
[root@control ansible]# ansible web1 -m user -a "name=tom password={
{'123456'|password_hash('sha512')}} "
# 删除tom用户,不删除家目录
[root@control ansible]# ansible web1 -m user -a "name=tom state=absent"
# 删除jerry用户,同时删除家目录
[root@control ansible]# ansible web1 -m user -a "name=jerry state=absent remove=yes"
3.9 group module
- Create and delete groups
- Common options:
- name: the name of the group to be created
- gid: the ID number of the group
- state: present means creation, which is the default option. absent means delete
# 在web1组中的主机上创建名为devops的组
[root@control ansible]# ansible web1 -m group -a "name=devops"
# 在web1组中的主机上删除名为devops的组
[root@control ansible]# ansible web1 -m group -a "name=devops state=absent"
3.10 yum module
- Used for rpm package management, such as installation, upgrade, uninstall
- Common options:
- name: package name
- state: state. present means to install, if it is already installed, ignore it; latest means to install or upgrade to the latest version; absent means to uninstall.
#在test组中的主机上安装tar
[root@control ansible]# ansible web1 -m yum -a "name=tar state=present"
# 在web1组中的主机上卸载wget
[root@control ansible]# ansible web1 -m yum -a "name=wget state=absent"
3.11 service
- Used to control services. Startup, shutdown, restart, autostart.
- Common options:
- name: the service name of the control
- state: started means start; stopped means shutdown; restarted means restart
- enabled: yes means to set the boot to start automatically; no means to set the boot to not start automatically.
# 在web1主机上安装httpd
[root@control ansible]# ansible web1 -m yum -a "name=httpd state=latest"
# 在web1主机上启动httpd,并设置它开机自启
[root@control ansible]# ansible web1 -m service -a "name=httpd state=started enabled=yes"
3.12 mount module
- for mounting filesystems
- Common options:
- path: mount point. If the mount point does not exist, it will be created automatically.
- src: the device to be mounted
- fstype: file system type
- state: mounted, means permanently mounted
# 在web1组中的主机上,把/dev/myvg/mylv永久挂载到/data
[root@control ansible]# ansible web1 -m mount -a "path=/data src=/dev/myvg/mylv state=mounted fstype=xfs"
# 在web1组中的主机上,卸载/dev/myvg/mylv
[root@control ansible]# ansible web1 -m mount -a "path=/data state=absent"