ansible

分类:Ansible作者:编程之家用户

1.1批量管理服务知识介绍

a. ansible是一个基于Python开发的自动化运维工具
b. ansible是一个基于ssh协议实现远程管理的工具
c. ansible软件可以实现多种批量管理操作(批量系统配置、批量软件部署、批量文件拷贝、批量运行命令)

1.2批量管理服务特征介绍

a ansible软件服务端(管理端):不需要启动任何服务 默认服务端不需要任何的配置
b ansible软件客户端(受控端):没有客户端软件安装

1.3ansible软件安装部署

1.3.1 ansible软件自动化环境架构规划

  管理主机1台:
  10.0.0.61   m01
  受控主机3台:
  10.0.0.41   backup
  10.0.0.31   nfs01
  10.0.0.7    web01
  Linux系统 6.9

1.3.2ansible软件自动化部署条件

1.ssh密钥对创建(管理主机)
ssh-keygen -t dsa
影响免交互创建密钥对创建因素:
1)需要指定私钥存放路径
   -f /root/.ssh/id_dsa
2)需要进行私钥文件密码设定
   -N/-P  
   -N ""/-P ""

2.免交互创建密钥对方法
ssh-keygen -t dsa -f /root/.ssh/id_dsa -N ""

3.分发公钥文件(管理主机进行分发)
ssh-copy-id -i /root/.ssh/id_dsa.pub 172.16.1.31
影响免交互批量分发密钥因素
1)需要有确认连接过程,需要输入yes/no
   man ssh查找到下面的-o选项
   -o StrictHostKeyChecking=no
   sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 172.16.1.31"

2)需要解决密码问题
   sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub 172.16.1.31
   Now try logging into the machine, with "ssh '172.16.1.31'", and check in:

     .ssh/authorized_keys

   to make sure we haven't added extra keys that you weren't expecting.

3.免交互批量分发公钥脚本
#!/bin/bash
rm /root/.ssh/id_dsa
ssh-keygen -t dsa -f /root/.ssh/id_dsa -N ""

for ip in 31 41 7
do
sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 172.16.1.$ip"
done

4.检查是否可以进行基于密钥远程管理
ssh 172.16.1.31 uptime
免交互批量检查测试脚本
#!/bin/bash
#description:back file to the directory of /backup
#author:vita
#time:2019-03-04
[ $# -ne 1 ]&&echo "you should use this script like sh fenfa_check.sh pwd"&&exit
for ip in 31 41 7
do
    echo "start to excute 172.16.1.$ip"
    ssh 172.16.1.$ip $1
    echo "172.16.1.$ip end"
done

5.服务器端口默认不是22怎样执行ssh-copy-id 
[root@m01 scripts]# which ssh-copy-id
/usr/bin/ssh-copy-id    
[root@m01 scripts]# vim /usr/bin/ssh-copy-id            
{ eval "$GET_ID" ; } | ssh $1 "exec sh -c 'cd; umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys >/dev/null 2>&1 || true)'" || exit 1
方法一:
{ eval "$GET_ID" ; } | ssh -p52113 $1 "exec sh -c 'cd; umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys >/dev/null 2>&1 || true)'" || exit 1
1.临时设置umask值
2.利用脚本创建.ssh目录 test -d ~/.ssh||mkdir ~/.ssh
3.将本地公钥文件中的信息重定向到远程主机的.ssh/authorized_keys文件中,并授权为600
说明:通过对ssh-copy-id命令文件信息改写,是可以实现被管理主机不同端口号情况,顺利分发公钥信息
上面方法不是最好,如果别人不了解这个知识,修改了端口后又要重新处理。

方法二:
最好的方法
ssh-copy-id -i /root/.ssh/id_sda.pub "172.16.1.31 -p52113"

详细解析如下:
shift要在脚本中应用时,会将传参的参数依次向前推进
#!/bin/bash
#description:back file to the directory of /backup
#author:vita
#time:2019-03-04
until [ $# -eq 0 ]
do
    echo $*
    shift
done

[root@m01 scripts]# sh shift.sh 1 2 3 4 5
1 2 3 4 5
2 3 4 5
3 4 5
4 5
5      
由于/usr/bin/ssh-copy-id脚本中上面用了两个shift,
if [ "-i" = "$1" ]; then
  shift
  # check if we have 2 parameters left, if so the first is the new ID file
  if [ -n "$2" ]; then
    if expr "$1" : ".*\.pub" > /dev/null ; then
      ID_FILE="$1"
    else
      ID_FILE="$1.pub"
    fi
    shift         # and this should leave $1 as the target name
  fi
所以
ssh-copy-id -i /root/.ssh/id_sda.pub "172.16.1.31 -p52113"中 "172.16.1.31 -p52113"就变成了$1,
所以{ eval "$GET_ID" ; } | ssh $1 "exec sh -c 'cd; umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys >/dev/null 2>&1 || true)'" || exit 1这里的-p52113就给了这里的ssh命令
这也是上面脚本sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 172.16.1.31"这样书写的原因

1.3.3ansible软件下载安装

ansible管理主机软件安装:
yum install -y ansible
ansible受控主机软件安装:(可选)
yum install -y libselinux-python

1.3.4ansible软件受控主机添加配置

cat /etc/ansible/hosts
[oldboy]
172.16.1.7
172.16.1.31
172.16.1.41

vim /etc/ansible/hosts
[oldboy]
172.16.1.7
172.16.1.31 ansible_user=root ansible_password=123456
172.16.1.41
ansible 172.16.1.31 -m command -a "hostname" -k     --- 实现口令交互式远程管理
SSH password: 
172.16.1.31 | SUCCESS | rc=0 >>
nfs01

1.4ansible软件模块详解

ansible软件模块
ansible-doc -l|wc -l
1378

ansible 管理主机信息或者主机组信息  -m 模块名称 -a 相关模块参数

主机信息:远程主机IP地址  远程主机组名称  远程所有主机all
-m 指定相应模块
-a 利用模块中某些参数功能

1.4.1第一个模块:command

官方参考链接:http://docs.ansible.com/ansible/latest/modules/command_module.html
参数:chdir---在执行莫个命令前,先切换目录
[root@m01 ansible]# ansible 172.16.1.31 -m command -a "chdir=/tmp/ pwd"
172.16.1.31 | SUCCESS | rc=0 >>
/tmp

[root@m01 ansible]# ansible 172.16.1.31 -m command -a "chdir=/etc/ pwd"
172.16.1.31 | SUCCESS | rc=0 >>
/etc

参数:creates---判断一个文件是否存在,如果已经存在了,后面的命令就不会执行
[root@m01 ansible]# ansible 172.16.1.41 -m command -a "creates=/etc/rsyncd.conf hostname"
172.16.1.41 | SUCCESS | rc=0 >>
skipped, since /etc/rsyncd.conf exists

[root@m01 ansible]# ansible 172.16.1.41 -m command -a "creates=/etc/rsyncd.conf.bak hostname"
172.16.1.41 | SUCCESS | rc=0 >>
skipped, since /etc/rsyncd.conf.bak exists

[root@m01 ansible]# ansible 172.16.1.41 -m command -a "creates=/etc/rsyncd.123456 hostname"
172.16.1.41 | SUCCESS | rc=0 >>
backup

参数:removes---判断一个文件是否存在,如果不存在,后面的命令就不会执行
[root@m01 ansible]# ansible 172.16.1.41 -m command -a "removes=/etc/rsyncd.conf hostname"
172.16.1.41 | SUCCESS | rc=0 >>
backup

[root@m01 ansible]# ansible 172.16.1.41 -m command -a "removes=/etc/rsyncd.1212213123 hostname"
172.16.1.41 | SUCCESS | rc=0 >>
skipped, since /etc/rsyncd.1212213123 does not exist

参数(必须要有的):free_form---表示执行command模块时,必须要有linux合法命令信息
ansible 172.16.1.41 -m command -a "ls"
172.16.1.41 | SUCCESS | rc=0 >>
1
anaconda-ks.cfg
dead.letter
heqing

1.4.2第二个模块:shell模块(万能模块)

参数:chdir---在执行莫个命令前,先切换目录
参数:creates---判断一个文件是否存在,如果已经存在了,后面的命令就不会执行
参数:removes---判断一个文件是否存在,如果不存在,后面的命令就不会执行
参数(必须要有的):free_form---表示执行command模块时,必须要有linux合法命令信息
[root@m01 ansible]# ansible 172.16.1.41 -m shell -a "ls;pwd"
172.16.1.41 | SUCCESS | rc=0 >>
1
anaconda-ks.cfg
dead.letter
/root
说明:shell模块可以满足command模块所有功能,并且可以支持识别特殊字符信息 < > | ; 
[root@m01 ~]# ansible oldboy -m shell -a "cd /oldboy;ls -l"
172.16.1.41 | SUCCESS | rc=0 >>
total 4
drwxr-xr-x 2 root root 4096 Mar 11 17:58 sftp

172.16.1.31 | SUCCESS | rc=0 >>
total 12
-rw-r--r-- 1 root   root    285 Mar 11 17:59 back.sh
-rw-r--r-- 1 root   root      0 Mar 12 09:14 sftp
-rw-r--r-- 1 oldboy oldboy   20 Mar 11 17:39 test.log
drwxr-xr-x 3 root   root   4096 Mar  7 17:11 tmp

1.4.3第三个模块:script---在远程服务器上运行ansible服务端的脚本,远端不需要有该脚本

参数:chdir---在执行莫个命令前,先切换目录
参数:creates---判断一个文件是否存在,如果已经存在了,后面的命令就不会执行
参数:removes---判断一个文件是否存在,如果不存在,后面的命令就不会执行
参数(必须要有的):free_form---表示执行command模块时,必须要有linux合法命令信息

script模块与shell模块执行脚本的区别:
script模块只需要在管理主机本地有一个脚本,脚本中的命令就会在远程主机中执行
shell模块执行脚本,需要每个远程主机都有相同的脚本,否则无法执行

shell模块
[root@m01 ~]# ansible oldboy -m shell -a "cd /server/scripts;mv sum.sh sum.sh.bak"
172.16.1.31 | SUCCESS | rc=0 >>

172.16.1.41 | SUCCESS | rc=0 >>

[root@m01 ~]# ansible oldboy -m shell -a "cd /server/scripts;ls -l"
172.16.1.31 | SUCCESS | rc=0 >>
total 40
-rw-r--r--  1 root root  168 Mar 21  2019 sum.sh.bak
drwxr-xr-x  3 root root 4096 Mar 20  2019 var

172.16.1.41 | SUCCESS | rc=0 >>
total 36
-rw-r--r--  1 root root  168 Mar 21  2019 sum.sh.bak
drwxr-xr-x  3 root root 4096 Mar 20  2019 var
[root@m01 ~]# ansible oldboy -m shell -a "cd /server/scripts;sh sum.sh"
172.16.1.41 | FAILED | rc=127 >>
sh: sum.sh: No such file or directorynon-zero return code

172.16.1.31 | FAILED | rc=127 >>
sh: sum.sh: No such file or directorynon-zero return code
script模块
[root@m01 ~]# ansible oldboy -m script -a "/server/scripts/sum.sh"
172.16.1.31 | SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 172.16.1.31 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to 172.16.1.31 closed."
    ], 
    "stdout": "5050\r\n", 
    "stdout_lines": [
        "5050"
    ]
}
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 172.16.1.41 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to 172.16.1.41 closed."
    ], 
    "stdout": "5050\r\n", 
    "stdout_lines": [
        "5050"
    ]
}
[root@m01 ~]# ll /server/scripts/sum.sh 
-rw-r--r-- 1 root root 168 Mar 21  2019 /server/scripts/sum.sh

1.4.4copy----复制模块

参数:src---定义要推送数据信息
参数:dest---定义将数据推送到远程主机什么目录中
[root@m01 ansible]# touch /tmp/file01.txt
[root@m01 ansible]# ansible 172.16.1.41 -m copy -a "src=/tmp/file01.txt dest=/tmp/"
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", 
    "dest": "/tmp/file01.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "d41d8cd98f00b204e9800998ecf8427e", 
    "mode": "0644", 
    "owner": "root", 
    "size": 0, 
    "src": "/root/.ansible/tmp/ansible-tmp-1522682948.27-60532389065095/source", 
    "state": "file", 
    "uid": 0
}

参数:backup---对数据信息进行备份
[root@m01 ansible]# ansible 172.16.1.41 -m copy -a "src=/tmp/file01.txt dest=/tmp/ backup=yes"
172.16.1.41 | SUCCESS => {
    "backup_file": "/tmp/file01.txt.71887.2018-04-02@23:33:19~", 
    "changed": true, 
    "checksum": "029b054db136cc36d5605e3818305825ff4b8ffb", 
    "dest": "/tmp/file01.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "434660b5ad7deeba8815349f71409405", 
    "mode": "0644", 
    "owner": "root", 
    "size": 6, 
    "src": "/root/.ansible/tmp/ansible-tmp-1522683197.05-52744169892601/source", 
    "state": "file", 
    "uid": 0
}

[root@m01 ansible]# ansible 172.16.1.41 -m shell -a "ls -l /tmp/"
172.16.1.41 | SUCCESS | rc=0 >>
total 24
-rw-r--r-- 1 root root    0 Apr  2 23:29 file01.txt
-rw-r--r-- 1 root root    0 Apr  2 23:29 /tmp/file01.txt.71887.2018-04-02@23:33:19~
参数:owner---设置复制后的文件属主权限
参数:group---设置复制后的文件属组权限
参数:mode---设置复制后的文件权限(600 755)

1.4.5file----文件属性修改/目录创建/文件创建

参数:owner---设置复制后的文件属主权限
参数:group---设置复制后的文件属组权限
参数:mode---设置复制后的文件权限(600 755)
ansible 172.16.1.41 -m file -a "dest=/tmp/file01.txt owner=oldboy group=oldboy mode=600"
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "gid": 500, 
    "group": "oldboy", 
    "mode": "0600", 
    "owner": "oldboy", 
    "path": "/tmp/file01.txt", 
    "size": 6, 
    "state": "file", 
    "uid": 500
}

参数:state---用于指定创建目录或文件
创建文件
ansible 172.16.1.41 -m file -a "dest=/tmp/file01.txt state=touch"
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "dest": "/tmp/file01.txt", 
    "gid": 0, 
    "group": "root", 
    "mode": "0644", 
    "owner": "root", 
    "size": 0, 
    "state": "file", 
    "uid": 0
}

创建目录:
ansible 172.16.1.41 -m file -a "dest=/tmp/dir01 state=directory"
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0755", 
    "owner": "root", 
    "path": "/tmp/dir01", 
    "size": 4096, 
    "state": "directory", 
    "uid": 0
}

1.4.6包管理模块yum---安装软件包模块

name:执行要安装软件的名称,以及软件的版本
state:installed安装  absent(卸载)
ansible 172.16.1.41 -m yum -a "name=iftop state=installed"
ansible 172.16.1.41 -m yum -a "name=iftop state=absent"

list:指定软件名称,查看软件是否可以安装,以及是否已经安装过了
ansible 172.16.1.41 -m yum -a "list=iftop"

[root@m01 ~]# ansible 172.16.1.41 -m yum -a "name=iftop state=installed"
172.16.1.41 | SUCCESS => {
    "changed": false, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "iftop-1.0-0.14.pre4.el6.x86_64 providing iftop is already installed"
    ]
}
[root@m01 ~]# ansible 172.16.1.41 -m yum -a "name=iftop state=absent"
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "Loaded plugins: fastestmirror, security\nSetting up Remove Process\nResolving Dependencies\n--> Running transaction check\n---> Package iftop.x86_64 0:1.0-0.14.pre4.el6 will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package        Arch            Version                    Repository      Size\n================================================================================\nRemoving:\n iftop          x86_64          1.0-0.14.pre4.el6          @epel           89 k\n\nTransaction Summary\n================================================================================\nRemove        1 Package(s)\n\nInstalled size: 89 k\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r  Erasing    : iftop-1.0-0.14.pre4.el6.x86_64                               1/1 \n\r  Verifying  : iftop-1.0-0.14.pre4.el6.x86_64                               1/1 \n\nRemoved:\n  iftop.x86_64 0:1.0-0.14.pre4.el6                                              \n\nComplete!\n"
    ]
}
[root@m01 ~]# ansible 172.16.1.41 -m yum -a "name=iftop state=installed"
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "Loaded plugins: fastestmirror, security\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package iftop.x86_64 0:1.0-0.14.pre4.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package        Arch            Version                     Repository     Size\n================================================================================\nInstalling:\n iftop          x86_64          1.0-0.14.pre4.el6           epel           49 k\n\nTransaction Summary\n================================================================================\nInstall       1 Package(s)\n\nTotal download size: 49 k\nInstalled size: 89 k\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r  Installing : iftop-1.0-0.14.pre4.el6.x86_64                               1/1 \n\r  Verifying  : iftop-1.0-0.14.pre4.el6.x86_64                               1/1 \n\nInstalled:\n  iftop.x86_64 0:1.0-0.14.pre4.el6                                              \n\nComplete!\n"
    ]
}
[root@m01 ~]# ansible 172.16.1.41 -m yum -a "list=iftop"
172.16.1.41 | SUCCESS => {
    "changed": false, 
    "results": [
        {
            "arch": "x86_64", 
            "envra": "0:iftop-1.0-0.14.pre4.el6.x86_64", 
            "epoch": "0", 
            "name": "iftop", 
            "release": "0.14.pre4.el6", 
            "repo": "epel", 
            "version": "1.0", 
            "yumstate": "available"
        }, 
        {
            "arch": "x86_64", 
            "envra": "0:iftop-1.0-0.14.pre4.el6.x86_64", 
            "epoch": "0", 
            "name": "iftop", 
            "release": "0.14.pre4.el6", 
            "repo": "installed", 
            "version": "1.0", 
            "yumstate": "installed"
        }
    ]
}
[root@m01 ~]# ansible 172.16.1.41 -m yum -a "list=ift"
172.16.1.41 | SUCCESS => {
    "changed": false, 
    "results": []
}
[root@m01 ~]#

1.4.7系统模块service---管理服务状态模块

name: 指定要管理的服务名称(管理的服务一定在chkconfig中可以看到)
state:stopped started restarted reloaded
enabled:yes表示服务开机自启动 no表示服务开机不要自动启动

ansible 172.16.1.41 -m service -a "name=crond state=started enabled=yes"

[root@m01 ~]# ansible 172.16.1.41 -m service -a "name=crond state=stopped enabled=no"
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "enabled": false, 
    "name": "crond", 
    "state": "stopped"
}
[root@m01 ~]# ansible 172.16.1.41 -m shell -a "chkconfig --list|grep crond"
172.16.1.41 | SUCCESS | rc=0 >>
crond           0:off   1:off   2:off   3:off   4:off   5:off   6:off

[root@m01 ~]# ansible 172.16.1.41 -m shell -a "service crond status"
172.16.1.41 | FAILED | rc=3 >>
crond is stoppednon-zero return code

[root@m01 ~]# ansible 172.16.1.41 -m service -a "name=crond state=started enabled=yes"
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "enabled": true, 
    "name": "crond", 
    "state": "started"
}
[root@m01 ~]# ansible 172.16.1.41 -m shell -a "service crond status"
172.16.1.41 | SUCCESS | rc=0 >>
crond (pid  8420) is running...

[root@m01 ~]# ansible 172.16.1.41 -m shell -a "chkconfig --list|grep crond"
172.16.1.41 | SUCCESS | rc=0 >>
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off

[root@m01 ~]#

1.4.8cron---定时任务模块

minute=0-59 * */n , -   hour  day  month weekday  job='/bin/sh /server/scripts/test.sh &>/dev/null'

添加定时任务
ansible 172.16.1.41 -m cron -a "minute=0 hour=0 job='/bin/sh /server/scripts/test.sh &>/dev/null'"
ansible 172.16.1.41 -m cron -a "name=oldboy02 minute=0 hour=0 job='/bin/sh /server/scripts/test.sh &>/dev/null'"

删除定时任务
ansible 172.16.1.41 -m cron -a "name=oldboy02 minute=0 hour=0 job='/bin/sh /server/scripts/test.sh &>/dev/null' state=absent"
ansible 172.16.1.41 -m cron -a "name=oldboy01 state=absent"

注释定时任务
ansible 172.16.1.41 -m cron -a "name=oldboy01 minute=0 hour=0 job='/bin/sh /server/scripts/test.sh &>/dev/null' disabled=yes"
ansible 172.16.1.41 -m cron -a "name=oldboy01 job='/bin/sh /server/scripts/test.sh &>/dev/null' disabled=no"

[root@m01 ~]# ansible 172.16.1.41 -m cron -a "name=oldboy01 minute=*/1 hour=* day=* month=* weekday=* job='/bin/sh  /server/scripts/sum.sh >dev/null 2>&1'"
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "oldboy01"
    ]
}
[root@m01 ~]# ansible 172.16.1.41 -m shell -a "crontab -l"
172.16.1.41 | SUCCESS | rc=0 >>
#Ansible: oldboy01
*/1 * * * * /bin/sh  /server/scripts/sum.sh >dev/null 2>&1

[root@m01 ~]# ansible 172.16.1.41 -m cron -a "name=oldboy01 state=absent"
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": []
}
[root@m01 ~]# ansible 172.16.1.41 -m shell -a "crontab -l"
172.16.1.41 | SUCCESS | rc=0 >>

[root@m01 ~]# ansible 172.16.1.41 -m cron -a "name=oldboy01 minute=*/1 hour=* day=* month=* weekday=* job='/bin/sh  /server/scripts/sum.sh >dev/null 2>&1'"
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "oldboy01"
    ]
}
[root@m01 ~]# ansible 172.16.1.41 -m shell -a "crontab -l"
172.16.1.41 | SUCCESS | rc=0 >>
#Ansible: oldboy01
*/1 * * * * /bin/sh  /server/scripts/sum.sh >dev/null 2>&1

[root@m01 ~]# ansible 172.16.1.41 -m cron -a "name=oldboy01 disabled=yes"
172.16.1.41 | FAILED! => {
    "changed": false, 
    "msg": "You must specify 'job' to install a new cron job or variable"
}
[root@m01 ~]# ansible 172.16.1.41 -m cron -a "name=oldboy01 minute=*/1 hour=* day=* month=* weekday=* job='/bin/sh  /server/scripts/sum.sh >dev/null 2>&1' disabled=yes"
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "oldboy01"
    ]
}
[root@m01 ~]# ansible 172.16.1.41 -m shell -a "crontab -l"
172.16.1.41 | SUCCESS | rc=0 >>
#Ansible: oldboy01
#*/1 * * * * /bin/sh  /server/scripts/sum.sh >dev/null 2>&1

[root@m01 ~]# ansible 172.16.1.41 -m cron -a "name=oldboy01 minute=*/1 hour=* day=* month=* weekday=* job='/bin/sh  /server/scripts/sum.sh >dev/null 2>&1' disabled=no"
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "oldboy01"
    ]
}
[root@m01 ~]# ansible 172.16.1.41 -m shell -a "crontab -l"
172.16.1.41 | SUCCESS | rc=0 >>
#Ansible: oldboy01
*/1 * * * * /bin/sh  /server/scripts/sum.sh >dev/null 2>&1

[root@m01 ~]#

1.5command play-book

- hosts: 172.16.1.41
  tasks:
    - name: step01:install rsync
      yum: name=rsync state=installed
    - name: step02:edit rsync conf file
      copy: src=/etc/ansible/conf/rsync_conf/rsyncd.conf dest=/etc/
    - name: step03:create rsync user
      user: name=rsync state=present createhome=no shell=/sbin/nologin
    - name: step04:create auth file
      copy: src=/etc/ansible/conf/rsync_conf/rsync.password dest=/etc/ mode=600
    - name: step05:create backup dir
      file: dest=/backup state=directory owner=rsync group=rsync
    - name: step06:boot rsync server
      shell: rsync --daemon creates=/var/run/rsyncd.pid

- hosts: 172.16.1.31
  tasks:
    - name: step01:create auth file
      copy: src=/etc/ansible/conf/rsync_conf/rsync_client.password dest=/etc/rsync.password mode=600
执行脚本方法:
ansible-playbook /etc/ansible/ansible-playbook/test.yaml
模拟执行yaml
ansible-playbook -C /etc/ansible/ansible-playbook/test.yaml

1.6ansible实现互相的免密码

**管理机:**
172.16.1.61

**被管理机:**
172.16.1.31
172.16.1.41
172.16.1.7

***下面是在管理机61上进行操作***
**管理机和被管理机都要安装sshpass**
[root@m01 ansible]#yum install -y sshpass
[root@m01 ansible]# ansible oldboy -m yum -a "name=sshpass"

**管理机上首先执行fenfa_key.sh实现管理机对其他主机的免密码登录,并执行fenfa_chek.sh进行验证:**
[root@m01 scripts]# cat fenfa_key.sh 
#!/bin/bash
#description:back file to the directory of /backup
#author:vita
#time:2019-03-04
rm -rf /root/.ssh/id_dsa
ssh-keygen -f /root/.ssh/id_dsa -N ""
for ip in 31 41 7 61
do
    sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 172.16.1.$ip"
done
[root@m01 scripts]# 

[root@m01 scripts]# cat fenfa_check.sh 
#!/bin/bash
#description:back file to the directory of /backup
#author:vita
#time:2019-03-04
[ $# -ne 1 ]&&echo "you should use this script like sh fenfa_check.sh pwd"&&exit
for ip in 31 41 7 61
do
    echo "start to excute 172.16.1.$ip"
    ssh 172.16.1.$ip $1
    echo "172.16.1.$ip end"
done

**管理机上执行上面脚本**
[root@m01 ansible]#sh /server/scripts/fenfa_key.sh
[root@m01 ansible]#sh /server/scripts/fenfa_check.sh pwd

**被管理机上执行脚本**
[root@m01 ansible]# ansible oldboy -m script -a "/server/scripts/fenfa_key.sh"
[root@m01 scripts]# ansible oldboy -m script -a "/server/scripts/fenfa_check.sh pwd"

验证成功,即可互相通信

原文地址:https://blog.51cto.com/10983441/2425724

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

相关推荐

1_0-ansible-authorized_root.yml
----name:setpublickeyonremotehosts&setreomtehostssudoersfilehosts:all#此脚本要求所有的主机root用户密码相同become:noremote_user:rootvars:-remoteuser:user1:rhcetasks:-name:setsecondarygroupforrhce
install ansible2.10 for centos7
环境准备#cat/etcedhat-releaseCentOSLinuxrelease7.9.2009(Core)#pythonPython3.7.11(default,Jul312022,16:12:35)[GCC4.8.520150623(RedHat4.8.5-44)]onlinuxType"help","copyright","credits"or"li
openshift 容器云从入门到崩溃之二安装openshift
准备好环境,在安装之前请先了解openshift提供的ansible有大量的安装选项文档地址:https://docs.okd.io/latest/install/configuring_inventory_file.html1、配置/etc/ansible/hosts 
Ansible介绍2
Ansible:运维工作:系统安装(物理机、虚拟机)-->程序包安装、配置、服务启动-->批量操作-->程序发布-->监控OSProvisioning:物理机:PXE、Cobbler虚拟机:ImageTemplatesConfigration:puppet(ruby)saltstack(python)chefcfengineCommandand
ansible学习
ansible与salt对比相同都是为了同时在多台机器上执行相同的命令都是python开发不同agent(saltstack需要安装、ansible不需要)配置(salt配置麻烦,ansible基本不用配置)学习路线(salt比较陡峭,ansible比较平缓)第三方工具(salt比较少)开源社区的对接(salt比较少)现有用户(salt还是an
playbook文件内容解释
[root@node1playbook]#catnginx.yml-hosts:test\\主机组,要和nginx.yml在同一个目录下remote_user:root\\远端执行任务的用户tasks:\\任务-name:installhttpd\\任务描述command:yum-yinstallhttpd\\调用ansible的command模块安装httpd-na
ansible模块编写
一直不知道这个模块到底在哪,并且也挺想搞清楚官方那些模块到底在哪个目录下。1.使用grep-rl"copy.py"/usr/lib/python2.7/site-packages/ansible(这个目录是专门放ansible源码目录的)然后找到是/usr/lib/python2.7/site-packages/ansible/modules/files/copy.py这个文件,这里需要
ansible使用心得
ansile作为去除安装agent的自动化工具,通过ssh协议的简单功能强大的自动化工作。在ansile使用的过程中,有三种用途1、ansible自行一次性任务,即执行命令如:ansible10.59.87.11-mping*ansible"dev-hdp"-mcopy-a"src=oot/HfHadoopHiveUdf.jardest=/data1/opt/cloudera/par
ansible-playbook(1)
ansible-playbook(1) Ansible组成部分InventoryModulesAdHocCommandsplaybooksplaybooks:Tasks:任务,即调用的模块完成的某操作variables:变量Templates:模版Roles:角色 基本结构:-host:webserverremote_user:tasks:
ansible报错
报错:[root@jenkins~]#ansiblego_activity-mcron-a"name='log_clear'minute=0hour=2job=find/home/golanger/log/-typef-name'log$(date+\%d-d-1day)'-delete"ERROR!thistask'cron'hasextraparams,wh
rhel6.9安装ansible自动化运维工具
一、测试环境说明1、系统:rhel6.92、ip地址:20.20.20.24/2420.20.20.41/2420.20.20.42/243、以下操作使用root身份进行,也可以使用具有sudo权限的用户进行相关操作二、环境准备1、关闭iptables防火墙、selinux#/etc/init.d/iptablesstop#
ansible常用模块
ansible常用模块安装:依赖于epel源yuminstallansible-y配置文件:/etc/ansible/ansible.cfgInvertoory:/etc/ansible/hosts 如何查看模块帮助:ansible-doc-lansible-doc-sMODULE_NAME` ansible命令应用基础:语法:ansible<host-pattern>[options]-fforks
ansible copy 模块的使用
copycopy模块是将ansible管理主机上的文件拷贝上远程主机中,与fetch相反,如果目标路径不存在,则自动创建,如果src的目录带“/”则复制该目录下的所有东西,如果src的目录不带“/”则连同该目录一起复制到目标路径;常用模块src参数:用于指定需要copy的文件或目录
ansible YAML
9.YAML9.1简介(1)YAML是一个可读性高的用来表达资料序列的格式。(2)YAML参考了其它多种语言。包括:XML、C语言、python、perl以及电子邮件格式的RFC2822等。ClarkEvans在2001年首次发表了这种语言。(3)YAML不是XML,在开发这种语言时,YAML的意思其实是:yetanothermarkuplanguage,9.2特性(1)YA
ansible 模块
了解ansibleansible批量在远程主机上执行命令ansible主要是为了进行操作多个主机而进行的#!/bin/envpython文件中直接指向python文件#!/bin/base 指行脚本一.ansible第一步.下载epel源wget-O/etc/yum.repos.d/epel.repohttp://mirrors.aliyun.comepo/epel-7.repo
使用expect完成免密认证
背景:在私有云环境下,遇到要开通某个项目,则需要快速的响应创建虚拟机,并且做一些基础的配置。为了提高效率以及减少手工犯错的概率,一般会采取ansible批量部署,但是使用ansible的前提是预先配置好免密。在密码一致的场景中,可以使用expect优化做免密的过程解决方案:1.
ansible-playbook(2)
简单例子1:vars定义变量-hosts:allremote_user:rootvars:-package:nginx-service:nginx tasks:-name:installnginxpackage yum:name={{package}}state=latest-name:installconfigurationfileforhttpd copy:src=/etcginxginx
​ansible基础模块及playbook简单示例讲解
 ansible自动化运维工具的介绍      ansible结构特性:            模块化,调用特定的模块,完成特定的任务;        基于Python语言实现,由Paramiko、PyYAML和Jinja2三个关键模块;        部署简单,agentless        主从模
ansible Templates:模版
---恢复内容开始---Templates:模版 cat/etc/ansible/hosts  cattemplatesginx.conf.j2 -hosts:testremote_user:rootvars:-package:httpd-service:httpdtasks:-name:installnginxpackage yum:name={{package}}state=la
ansible使用sudo
1、配置资源清单inventory文件[root@test1~]#cat>/etc/ansible/hosts<<EOF[k8s]192.168.0.92ansible_ssh_port=22ansible_ssh_user=k8sansible_ssh_pass='123'ansible_become_pass='123456'EOF解释:ansible_ssh_pass='123'
pythonJavaScriptjavaHTMLPHPreactjsC#AndroidCSSNode.jssqlrpython-3.xMysqLjQueryc++pandasFlutterangularIOSdjangolinuxswifttypescript路由器JSON路由器设置无线路由器h3c华三华三路由器设置华三路由器电脑软件教程arraysdocker软件图文教程Cvue.jslaravelspring-boot