Ansible 基础

LinuxAnsible
,

一、Ansible 部署

1. 环境准备

ip hostname 备注
10.4.7.136 linux136 主控端
10.4.7.128 linux128
10.4.7.129 linux129

2. 密钥认证

1
2
3
4
5
6
7
8
9
10
11
#!/bin/bash
ip_list="10.4.7.136 10.4.7.128 10.4.7.129"

echo '------ 创建key ------'
ssh-keygen -f ~/.ssh/id_rsa -P ''

echo '------ 分发key ------'
for ip in $ip_list
do
  sshpass -p111111 ssh-copy-id -i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no root@$ip
done

3. 部署 Ansible

1
2
3
4
5
6
7
8
9
$ apt install -y ansible

$ yum install -y epel-release
$ yum install -y ansible

# 查看支持的模块
$ ansible-doc -l
# 查看某个模块的具体用法
$ ansible-doc -s copy

4. 配置主机清单

1
2
3
4
5
6
7
8
9
10
11
$ cat /etc/ansible/hosts
[my]
10.4.7.136
[db]
10.4.7.128 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='111111'
[web]
10.4.7.128
10.4.7.129
[data:children]
my
db

5. 测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
$ ansible all -m ping
10.4.7.136 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
10.4.7.128 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
10.4.7.129 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}

$ ansible data -m command -a 'hostname -I'
10.4.7.136 | CHANGED | rc=0 >>
10.4.7.136
10.4.7.128 | CHANGED | rc=0 >>
10.4.7.128

$ ansible 10.4.7.136 -m command -a 'hostname'
10.4.7.136 | CHANGED | rc=0 >>
linux136
  • 红色:错误
  • 紫色:警告
  • 黄色:正常,有状态变化
  • 绿色:正常

二、Ansible 常用模块

1. command

  • 默认模块,仅支持简单命令,不支持管道符、反引号、大括号等特殊符号
1
$ ansible all -a 'free -h'

2. shell

  • 与 command 类似,支持管道符等特殊符号
1
$ ansible all -m shell -a 'cat /etc/passwd | grep root'

3. script

  • 将主控端脚本传输到被控端执行(不保留文件)
1
2
3
$ cat /root/test.sh
echo $1 $PWD
$ ansible all -m script -a '/root/test.sh haha'

4. file

  • 管理⽂件、⽬录、软连接
1
2
3
4
5
6
7
8
9
10
11
12
# 创建目录/文件/软链接
$ ansible all -m file -a 'path=/root/mydir state=directory'
$ ansible all -m file -a 'path=/root/mydir/mytxt state=touch'
$ ansible all -m file -a 'src=/root/mydir/mytxt path=/root/mydir/mytxt.soft state=link'

# 删除软链接/文件/目录
$ ansible all -m file -a 'path=/root/mydir/mytxt.soft state=absent'
$ ansible all -m file -a 'path=/root/mydir/mytxt state=absent'
$ ansible all -m file -a 'path=/root/mydir state=absent'

# 指定所有权等属性
$ ansible all -m file -a 'path=/root/mytxt owner=root group=root mode=755 state=touch'

5. lineinfile

  • 操作文件
1
2
3
4
5
6
7
8
9
10
11
12
13
# 如果匹配到行则修改,否则添加到末尾(如果没匹配到不想做修改,可加参数`backrefs=yes`)
$ ansible all -m lineinfile -a 'path=/etc/selinux/config regex="^SELINUX=" line="SELINUX=disabled"'
$ ansible all -m lineinfile -a 'path=/etc/selinux/config regex="^#test" line="#haha"'

# 在匹配行前后追加内容
$ ansible all -m lineinfile -a 'path=/etc/hosts insertbefore="^127\.0\.0\.1" line="10.4.7.130 linux130"'
$ ansible all -m lineinfile -a 'path=/etc/hosts insertafter="^127\.0\.0\.1" line="10.4.7.129 linux129"'

# 删除匹配行
$ ansible all -m lineinfile -a 'path=/etc/hosts regex="^10\.4\.7\.129" state=absent'

# 末尾添加一行(多次执行不会重复添加)
$ ansible all -m lineinfile -a 'path=/etc/hosts line="10.4.7.129 linux129"'

6. copy

  • 将主控端文件传输到被控端
1
2
3
4
# 拷贝文件并指定权限
$ ansible all -m copy -a 'src=/root/test.sh dest=/root/ mode=777'
# 拷贝文件并备份
$ ansible all -m copy -a 'src=/root/test.sh dest=/root/ backup=yes'

7. get_url

  • 从指定 URL 下载文件到本地
1
$ ansible all -m get_url -a "url=http://www.baidu.com dest=/tmp/index.html mode=0440 force=yes"

8. systemd

  • 系统服务管理(CentOS 6 及以下可用 service 模块管理,用法差不多)
1
2
3
4
5
6
# 关闭防火墙
$ ansible all -m systemd -a 'name=firewalld enabled=no state=stopped'
# 开启sshd服务
$ ansible all -m systemd -a 'name=sshd enabled=yes state=started'
# 重启Docker并重载配置文件
$ ansible all -m systemd -a 'name=docker enabled=yes state=restarted daemon-reload=yes'

9. yum_repository

  • 管理 yum 源
1
2
3
4
5
6
7
8
9
# 添加Nginx源
$ ansible all -m yum_repository -a 'name=nginx description="nginx stable repo" baseurl="http://nginx.org/packages/centos/$releasever/$basearch/" gpgcheck=no enabled=yes'

$ cat /etc/yum.repos.d/nginx.repo
[nginx]
name = nginx stable repo
baseurl = http://nginx.org/packages/centos/$releasever/$basearch/
enabled = 1
gpgcheck = 0

10. yum

  • 安装/移除软件
1
2
$ ansible all -m yum -a 'name=lrzsz,aalib state=installed'
$ ansible all -m yum -a 'name=lrzsz,aalib state=removed'

11. mount

  • 分区挂载
1
2
3
$ ansible all -m mount -a "fstype=ext4 src=/dev/sd0 path=/mnt/data opts=ro state=present"

$ ansible all -m mount -a 'fstype=nfs src="10.4.7.200:/data" path=/root/test state=mounted'
state 描述
absent 卸载并修改 /etc/fstab
unmounted 卸载但不修改 /etc/fstab
present 仅修改 /etc/fstab 但不挂载
mounted 挂载并修改 /etc/fstab
remounted 重新挂载

12. cron

  • 定时任务
1
2
3
4
5
# */2 * * * * /sbin/ntpdate ntp1.aliyun.com &>/dev/null
$ ansible all -m cron -a 'name="sync time" minute="*/2" job="/sbin/ntpdate ntp1.aliyun.com &>/dev/null" state=present'

# * 5,2 * * * ls -alh > /dev/null
$ ansible all -m cron -a "name='check dirs' hour='5,2' job='ls -alh > /dev/null' state=absent"

13. user

  • 用户管理
1
2
3
$ ansible all -m user -a 'name=tengine uid=10086 shell=/sbin/nologin create_home=no state=present'

$ ansible all -m user -a "name=tengine state=absent remove=yes"