N63050 第十二周运维作业
就业和全程班本周学习内容:
二十三、Mysql数据库四
1、MySQL主从复制实现和故障排错(50分钟)
2、MySQL级联复制和主主复制架构实现(51分钟)
3、MySQL的半同步复制和复制过滤器(48分钟)
4、MySQL主从复制问题和MySQL分库分表原理(49分钟)
5、MyCAT实现MySQL读写分离(61分钟)
6、MHA实现MySQL的高可用性(97分钟)
二十四、ANSIBLE运维自动化
1、实现PXC集群和压力测试(65分钟)
2、自动化运维及运维环境介绍(48分钟)
3、ansible的架构和相关文件(45分钟)
4、ansible基本工具使用(55分钟)
5、ansible常用模块(50分钟)
6、ansible常用模块和YAML语言(52分钟)
7、playbook实现常用组件和基本格式(52分钟)
第十二周作业:
1、主从复制及主主复制的实现
1.1 主从复制
1.1.1主服务器环境搭建
[root@centos8 ~]#yum -y install mysql-server
[root@centos8 ~]#systemctl enable --now mysqld
#二进制开启
mysql> select @@log_bin;
+-----------+
| @@log_bin |
+-----------+
| 1 |
+-----------+
1 row in set (0.00 sec)
#修改配置文件
[root@centos8 ~]#vim /etc/my.cnf.d/mysql-server.cnf
[mysqld]
server_id=200 #添加内容
log-bin=/data/mysql/logbin/mysql-bin #添加内容
#创建二进制目录并授权
[root@centos8 ~]#mkdir -p /data/mysql/logbin
[root@centos8 ~]#chown -R mysql.mysql /data/mysql/
[root@centos8 ~]#ll /data/mysql/ -d
drwxr-xr-x 3 mysql mysql 20 Aug 24 06:15 /data/mysql/
[root@centos8 ~]#systemctl restart mysqld
[root@centos8 ~]#ll /data/mysql/logbin
total 8
-rw-r----- 1 mysql mysql 156 Aug 24 06:17 mysql-bin.000001
-rw-r----- 1 mysql mysql 36 Aug 24 06:17 mysql-bin.index
[root@centos8 ~]#ll /data/mysql/logbin/
total 8
-rw-r----- 1 mysql mysql 156 Aug 24 06:17 mysql-bin.000001
-rw-r----- 1 mysql mysql 36 Aug 24 06:17 mysql-bin.index
mysql> select @@server_id;
+-------------+
| @@server_id |
+-------------+
| 200 |
+-------------+
1 row in set (0.00 sec)
查看二进制节点,需记录,等会在从服务器里填写节点号
mysql> show master logs;
+------------------+-----------+-----------+
| Log_name | File_size | Encrypted |
+------------------+-----------+-----------+
| mysql-bin.000001 | 156 | No |
+------------------+-----------+-----------+
1 row in set (0.00 sec)
#创建复制专有账号,并授权
mysql> create user repluser@'10.0.0.%' identified by '123456';
Query OK, 0 rows affected (0.01 sec)
mysql> grant replication slave on *.* to repluser@'10.0.0.%';
Query OK, 0 rows affected (0.01 sec)
1.1.2从服务器配置
[root@centos8 ~]#yum -y install mysql-server
[root@centos8 ~]#systemctl enable --now mysqld
#修改配置文件
[root@centos8 ~]#vim /etc/my.cnf
[mysqld]
server_id=28
read-only
在mysql里找出配置范例,复制出来修改配置
mysql> help change master to
#找到范例相关行
CHANGE MASTER TO
MASTER_HOST='source2.example.com',
MASTER_USER='replication',
MASTER_PASSWORD='password',
MASTER_PORT=3306,
MASTER_LOG_FILE='source2-bin.001',
MASTER_LOG_POS=4,
#更改如下
CHANGE MASTER TO
MASTER_HOST='10.0.0.200',
MASTER_USER='repluser',
MASTER_PASSWORD='123456',
MASTER_PORT=3306,
MASTER_LOG_FILE='mysql-bin.000001',
MASTER_LOG_POS=156;
#在mysql里执行一下
mysql> CHANGE MASTER TO
-> MASTER_HOST='10.0.0.200',
-> MASTER_USER='repluser',
-> MASTER_PASSWORD='123456',
-> MASTER_PORT=3306,
-> MASTER_LOG_FILE='mysql-bin.000001',
-> MASTER_LOG_POS=156;
Query OK, 0 rows affected, 9 warnings (0.02 sec)
#查看从服务器状态
mysql> show slave status\G
*************************** 1. row ***************************
Slave_IO_State:
Master_Host: 10.0.0.200
Master_User: repluser
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 156
Relay_Log_File: centos8-relay-bin.000001
Relay_Log_Pos: 4
Relay_Master_Log_File: mysql-bin.000001
Slave_IO_Running: No #进程没有开启
Slave_SQL_Running: No # 进程灭有开启
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 156
Relay_Log_Space: 156
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: NULL #与主服务器延迟时间
1.1.3开启从服务器进程
mysql> show processlist;
+----+-----------------+-----------+------+---------+------+------------------------+---
| Id | User | Host | db | Command | Time | State | In
+----+-----------------+-----------+------+---------+------+------------------------+---
| 5 | event_scheduler | localhost | NULL | Daemon | 2914 | Waiting on empty queue | NU
| 9 | root | localhost | NULL | Query | 0 | init | sh
+----+-----------------+-----------+------+---------+------+------------------------+---
2 rows in set (0.00 sec)
#开启从服务器进程
mysql> start slave;
Query OK, 0 rows affected, 1 warning (0.01 sec)
mysql> show processlist;
+----+-----------------+-----------------+------+---------+------+----------------------
| Id | User | Host | db | Command | Time | State
+----+-----------------+-----------------+------+---------+------+----------------------
| 5 | event_scheduler | localhost | NULL | Daemon | 2937 | Waiting on empty queu
| 9 | root | localhost | NULL | Query | 0 | init
| 10 | system user | connecting host | NULL | Connect | 13 | Waiting for source to
| 11 | system user | | NULL | Query | 1824 | Replica has read all
+----+-----------------+-----------------+------+---------+------+----------------------
4 rows in set (0.00 sec)
主服务器
[mysql> show processlist;
+----+-----------------+----------------+------+-------------+------+-------------------
| Id | User | Host | db | Command | Time | State
+----+-----------------+----------------+------+-------------+------+-------------------
| 5 | event_scheduler | localhost | NULL | Daemon | 2230 | Waiting on empty q
| 8 | root | localhost | NULL | Query | 0 | init
| 9 | repluser | 10.0.0.8:60480 | NULL | Binlog Dump | 77 | Source has sent al
+----+-----------------+----------------+------+-------------+------+-------------------
3 rows in set (0.00 sec)
[root@centos8 ~]#ss -nt
State Recv-Q Send-Q Local
ESTAB 0 36 10.
ESTAB 0 ]()
1.2主主复制
1.21主节点配置
[root@centos8 ~]#vim /etc/my.cnf
[mysqld]
server-id=8
log-bin=/data/mysql/mysql-bin
auto_increment_offset=1
auto_increment_increment=2
[root@centos8 ~]#mkdir /data/mysql -p ; chown -R mysql.mysql /data/mysql/
[root@centos8 ~]#systemctl restart mysqld
#查看二进制位置
mysql> show master logs;
+------------------+-----------+-----------+
| Log_name | File_size | Encrypted |
+------------------+-----------+-----------+
| mysql-bin.000001 | 179 | No |
| mysql-bin.000002 | 156 | No |
+------------------+-----------+-----------+
2 rows in set (0.00 sec)
CHANGE MASTER TO
MASTER_HOST='10.0.0.88',
MASTER_USER='repluser',
MASTER_PASSWORD='123456',
MASTER_PORT=3306,
MASTER_LOG_FILE='mysql-bin.000002',
MASTER_LOG_POS=156;
#再创建登陆的复制账号,注意:一定先查看位置后建立账号,因为节点位置在前,从节点才能把之后创建的账号拷过去,注意顺序
mysql> create user repluser@'10.0.0.%' identified by '123456';
Query OK, 0 rows affected (0.01 sec)
mysql> grant replication slave on *.* to repluser@'10.0.0.%';
Query OK, 0 rows affected (0.00 sec)
1.2.2从节点配置
[root@centos8 ~]#vim /etc/my.cnf
[mysqld]
server-id=18
log-bin=/data/mysql/mysql-bin
auto_increment_offset=2
auto_increment_increment=2
[root@centos8 ~]#mkdir /data/mysql -p ; chown -R mysql.mysql /data/mysql/
[root@centos8 ~]#systemctl restart mysqld
#进入Mysql把主节点的位置参数执行一下
CHANGE MASTER TO
MASTER_HOST='10.0.0.88',
MASTER_USER='repluser',
MASTER_PASSWORD='123456',
MASTER_PORT=3306,
MASTER_LOG_FILE='mysql-bin.000002',
MASTER_LOG_POS=156;
mysql> start slave;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> show slave status\G
#两个线程yes表示开启
#Slave_IO_Running: Yes
#Slave_SQL_Running: Yes
#Seconds_Behind_Master: 0
mysql> show master logs;
+------------------+-----------+-----------+
| Log_name | File_size | Encrypted |
+------------------+-----------+-----------+
| mysql-bin.000001 | 179 | No |
| mysql-bin.000002 | 705 | No |
+------------------+-----------+-----------+
2 rows in set (0.00 sec)
再返回主节点,把从节点的位置参数执行一下
mysql> show master logs;
+------------------+-----------+-----------+
| Log_name | File_size | Encrypted |
+------------------+-----------+-----------+
| mysql-bin.000001 | 179 | No |
| mysql-bin.000002 | 705 | No |
+------------------+-----------+-----------+
2 rows in set (0.00 sec)
mysql> CHANGE MASTER TO
-> MASTER_HOST='10.0.0.18',
-> MASTER_USER='repluser',
-> MASTER_PASSWORD='123456',
-> MASTER_PORT=3306,
-> MASTER_LOG_FILE='mysql-bin.000002',
-> MASTER_LOG_POS=705;
Query OK, 0 rows affected, 9 warnings (0.01 sec)
mysql> start slave;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> show slave status\G
#两个线程yes表示成功
模拟创建数据冲突
mysql> create database da1;
Query OK, 1 row affected (0.01 sec)
mysql> use da1
Database changed
mysql> create table t1 (id int); #此步骤需要XSHELL多窗口执行同意命令
Query OK, 0 rows affected (0.01 sec)
mysql> show slave status\G
#提示1050出现错误
Replicate_Wild_Ignore_Table:
Last_Errno: 1050
Last_Error: Error 'Table 't2' already exists' on query. Default database: 'da1'. Query: 'create table t2 (id int)'
Skip_Counter: 0
Exec_Master_Log_Pos: 1098
Relay_Log_Space: 727
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: NULL
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 1050
Last_SQL_Error: Error 'Table 't2' already exists' on query. Default database: 'da1'. Query: 'create table t2 (id int)'
#在etc/my.cnf中增加跳过命令
[mysqld]
server-id=8
log-bin=/data/mysql/mysql-bin
auto_increment_offset=1
auto_increment_increment=2
slave_skip_errors=1050 #添加此行,也可以是ALL
#两台机子都要添加,然后重启mysqld,从服务器如果show slave status 看到还是有错误提示,可以等60s或者stop slave 再start slave,冲突平息
2、xtrabackup实现全量+增量+binlog恢复库
#利用xtrabackup8.0 完全,增量备份及还原MySQL8.0,然后二进制还原数据库最新状态
1 备份过程
1)完全备份:
[root@centos8 ~]# xtrabackup -uroot --backup --target-dir=/backup/base
2)第一次修改数据
mysql> insert teacher values(null,'wang',18,'M');
mysql> insert teachers values(null,'mage',18,'M');
3)第一次增量备份
[root@centos8 ~]# xtrabackup -uroot --backup --target-dir=/backup/inc1 --incremental-basedir=/backup/base
4)第二次修改数据
mysql> insert teachers values(null,'zhang',19,'M');
mysql> insert teachers values(null,'jie',20,'M');
5)第二次增量
[root@centos8 ~]# xtrabackup -uroot --backup --target-dir=/backup/inc2 --incremental-basedir=/backup/inc1
#停止并清除数据
[root@centos28 ~]# systemctl stop mysqld
[root@centos28 ~]# rm -rf /var/lib/mysql/*
[root@centos28 ~]# rm -rf /backup/*
6)[root@centos8 ~]# scp -r /backup/* 10.0.0.28:/backup/
#备份过程生成三个备份目录
/backup/{base,inc1,inc2}
2还原过程
1)预准备完成备份,此选项--apply-log-only 阻止回滚未完成的事务
[root@centos28 ~]#yum -y install percona-xtrabackup-24-2.4.20-1.el8.x86_64.rpm
[root@centos28 ~]#xtrabackup --prepare --apply-log-only --target-dir=/backup/base
2)合并第1次增量备份到完全备份
[root@centos28 ~]#xtrabackup --prepare --apply-log-only --target-dir=/backup/base
--incremental-dir=/backup/inc1
3)合并第2次增量备份到完全备份:最后一次还原不需要加选项--apply-log-only
[root@centos28 ~]#xtrabackup --prepare --target-dir=/backup/base --incremental-
dir=/backup/inc2
4)复制到数据库目录,注意数据库目录必须为空,MySQL服务不能启动
[root@centos28 ~]#xtrabackup --copy-back --target-dir=/backup/base
5)还原属性:
[root@centos28 ~]#chown -R mysql:mysql /var/lib/mysql
6)启动服务:
[root@centos28 ~]#systemctl start mysqld
#二进制还原
[root@centos8 ~]# mysqlbinlog /data/mysql/logbin/mysql-bin.000010 > /opt/binlog.sql
[root@centos8 ~]# scp /opt/binlog.sql 10.0.0.28:/root
[root@centos28 ~]# mysql hellodb < binlog.sql
3、MyCAT实现MySQL读写分离
mycat-server 10.0.0.200 #内存建议2G以上
mysql-master 10.0.0.8 MySQL 8.0
mysql-slave 10.0.0.18 MySQL 8.0
3.1 搭建主从复制数据库
[root@master ~]#yum -y install mysql-server
[root@slave ~]#yum -y install mysql-server
#主节点
[root@master ~]# vim /etc/my.cnf.d/mysql-server.cnf
server-id=8
log-bin=/data/mysql/logbin/mysql-bin
[root@master ~]# mkdir -pv /data/mysql/logbin
[root@master ~]# chown -R mysql.mysql /data/mysql/logbin
[root@master ~]# systemctl restart mysqld
#查看二进制文件和位置
mysql> show master logs;
#如果是MySQL 8.0 需要分成下面两步实现
mysql> create user 'repluser'@'10.0.0.%' identified by '123456';
mysql> grant replication slave on *.* to 'repluser'@'10.0.0.%';
#从节点
[root@slave ~]# vim /etc/my.cnf.d/mysql-server.cnf
[mysqld]
server-id=18
read-only
mysql> change master to master_host='10.0.0.8',master_user='repluser',master_password='123456',master_port=3306,master_log_file='centos8-bin.000001',master_log_pos=4,master_connect_retry=681;
mysql> start slave;
mysql> show slave status\G
#进行测试
[root@master ~]# mysql < hellodb_innodb.sql
3.2在MySQL代理服务器10.0.0.8安装mycat并启动
[root@centos8 ~]#yum -y install java
[root@centos8 ~]#wget http://dl.mycat.org.cn/1.6.7.6/20210303094759/Mycat-server-1.6.7.6-release-20210303094759-linux.tar.gz
[root@centos8 ~]#tar xvf Mycat-server-1.6.7.6-release-20210303094759-linux.tar.gz -C /apps
[root@centos8 ~]#echo 'PATH=/apps/mycat/bin:$PATH' > /etc/profile.d/mycat.sh
[root@centos8 ~]#. /etc/profile.d/mycat.sh
[root@centos8 ~]#mycat start
Starting Mycat-server...
[root@centos8 ~]#tail /apps/mycat/logs/wrapper.log
STATUS | wrapper | 2022/09/16 10:56:56 | --> Wrapper Started as Daemon
STATUS | wrapper | 2022/09/16 10:56:56 | Launching a JVM...
INFO | jvm 1 | 2022/09/16 10:56:57 | Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org
INFO | jvm 1 | 2022/09/16 10:56:57 | Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved.
INFO | jvm 1 | 2022/09/16 10:56:57 |
INFO | jvm 1 | 2022/09/16 10:56:58 | MyCAT Server startup successfully. see logs in logs/mycat.log
3.3在mycat 服务器上修改server.xml文件配置Mycat的连接信息
[root@centos8 ~]#vim /apps/mycat/conf/server.xml
#或者删除注释,并修改下面行的8066改为3306
<property name="serverPort">3306</property>
<property name="managerPort">9066</property>
<property name="idleTimeout">300000</property>
<property name="authTimeout">15000</property>
<property name="bindIp">0.0.0.0</property>
<property name="dataNodeIdleCheckPeriod">300000</property>
<property name="frontWriteQueueSize">4096</property> <propertyname="processors">32</property>
.....
<user name="root"> #连接Mycat的用户名
<property name="password">magedu</property> #连接Mycat的密码
<property name="schemas">TESTDB</property> #数据库名要和schema.xml相对应
</user>
</mycat:server>
服务器端千万不要安装mysql,不然改成一样的端口号3306会冲突,导致mycat启动不了
这里使用的是root,密码为magedu,逻辑数据库为TESTDB,这些信息都可以自己随意定义,读写权限都
有,没有针对表做任何特殊的权限。重点关注上面这段配置,其他默认即可。
3.4修改schema.xml实现读写分离策略
[root@centos8 ~]#vim /apps/mycat/conf/schema.xml
<?xml version="1.0"?>
<!DOCTYPE mycat:schema SYSTEM "schema.dtd">
<mycat:schema xmlns:mycat="http://io.mycat/">
<schema name="TESTDB" checkSQLschema="false" sqlMaxLimit="100"
dataNode="dn1">
</schema>
<dataNode name="dn1" dataHost="localhost1" database="hellodb" />
<dataHost name="localhost1" maxCon="1000" minCon="10" balance="1"
writeType="0" dbType="mysql" dbDriver="native" switchType="1"
slaveThreshold="100">
<heartbeat>select user()</heartbeat>
<writeHost host="host1" url="10.0.0.18:3306" user="root"
password="123456">
<readHost host="host2" url="10.0.0.28:3306" user="root"
password="123456" />
</writeHost>
</dataHost>
</mycat:schema>
[root@centos8 ~]#mycat restart
Stopping Mycat-server...
Mycat-server was not running.
Starting Mycat-server...
[root@centos8 ~]#tail /apps/mycat/logs/wrapper.log
INFO | jvm 1 | 2022/09/16 17:10:11 | MyCAT Server startup successfully. see logs in logs/mycat.log
[root@centos8 ~]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 1 127.0.0.1:32000 0.0.0.0:*
LISTEN 0 128 *:3306 *:*
3.5在后端主服务器创建用户并对mycat授权
#master节点
mysql> create user root@'10.0.0.%' identified by '123456';
mysql> grant all on *.* to root@'10.0.0.%';
3.6主从打开通用日志,在客户端连接并测试读写分离
#主服务器和从服务器都要分别打开通用日志才能观察读写分离
mysql> show variables like 'general%';
+------------------+--------------------------+
| Variable_name | Value |
+------------------+--------------------------+
| general_log | OFF |
| general_log_file | /var/lib/mysql/slave.log |
+------------------+--------------------------+
2 rows in set (0.00 sec)
mysql> set global general_log=1;
Query OK, 0 rows affected (0.00 sec)
[root@master ~]#tail -f /var/lib/mysql/master.log
#在客户端mycat上查看并增改数据,观察是否读写分离
MySQL [TESTDB]> use TESTDB;
Database changed
MySQL [TESTDB]> select * from teachers;
MySQL [TESTDB]> update teachers set age=@@server_id where tid=4;
Query OK, 1 row affected (0.01 sec)
Rows matched: 1 Changed: 0 Warnings: 0
从服务器如果挂了,主服务器自动提升兼备读写功能
4、ansible常用模块介绍
4.1 Command 模块
功能:在远程主机执行命令,此为默认模块,可忽略 -m 选项
注意:此命令不支持 $VARNAME < > | ; & 等,可能用shell模块实现
注意:此模块不具有幂等性
范例:
[root@centos8 ansible]#ansible websrvs -m command -a 'chdir=/etc cat centos-release'
10.0.0.8 | CHANGED | rc=0 >>
CentOS Linux release 8.3.2011
10.0.0.7 | CHANGED | rc=0 >>
CentOS Linux release 7.9.2009 (Core)
[root@centos8 data]#ansible websrvs -m command -a 'chdir=/etc touch /data/f1.txt '
10.0.0.8 | CHANGED | rc=0 >>
10.0.0.7 | CHANGED | rc=0 >>
ansible websrvs -m command -a 'service vsftpd start'
ansible websrvs -m command -a 'echo magedu |passwd --stdin wang'
ansible websrvs -m command -a 'rm -rf /data/'
ansible websrvs -m command -a 'echo hello > /data/hello.log'
ansible websrvs -m command -a "echo $HOSTNAME
4.2 Shell模块
功能:和command相似,用shell执行命令,支持各种符号,比如:*,$, >
注意:此模块不具有幂等性
范例:
[root@ansible ~]#ansible websrvs -m shell -a "echo $HOSTNAME"
10.0.0.7 | CHANGED | rc=0 >>
ansible
10.0.0.8 | CHANGED | rc=0 >>
ansible
[root@ansible ~]#ansible websrvs -m shell -a 'echo $HOSTNAME'
10.0.0.7 | CHANGED | rc=0 >>
centos7.wangxiaochun.com
10.0.0.8 | CHANGED | rc=0 >>
centos8.localdomain
[root@ansible ~]#ansible websrvs -m shell -a 'echo centos | passwd --stdin wang'
10.0.0.7 | CHANGED | rc=0 >>
Changing password for user wang.
passwd: all authentication tokens updated successfully.
10.0.0.8 | CHANGED | rc=0 >>
Changing password for user wang.
passwd: all authentication tokens updated successfully.
[root@ansible ~]#ansible websrvs -m shell -a 'ls -l /etc/shadow'
10.0.0.7 | CHANGED | rc=0 >>
---------- 1 root root 889 Mar 2 14:34 /etc/shadow
10.0.0.8 | CHANGED | rc=0 >>
---------- 1 root root 944 Mar 2 14:34 /etc/shadow
[root@ansible ~]#ansible websrvs -m shell -a 'echo hello > /data/hello.log'
10.0.0.7 | CHANGED | rc=0 >>
10.0.0.8 | CHANGED | rc=0 >>
[root@ansible ~]#ansible websrvs -m shell -a 'cat /data/hello.log'
10.0.0.7 | CHANGED | rc=0 >>
hello
10.0.0.8 | CHANGED | rc=0 >>
hello
注意:调用bash执行命令 类似 cat /tmp/test.md | awk -F'|' '{print $1,$2}' &> /tmp/example.txt 这些
复杂命令,即使使用shell也可能会失败,解决办法:写到脚本时,copy到远程,执行,再把需要的结果
拉回执行命令的机器
范例:将shell模块代替command,设为模块
[root@ansible ~]#vim /etc/ansible/ansible.cfg
#修改下面一行
module_name = shell
4.3 Script 模块
功能:在远程主机上运行ansible服务器上的脚本(无需执行权限)
注意:此模块不具有幂等性
范例:
[root@centos8 ~]#cat test.sh
#!/bin/bash
echo 'hello world'
[root@centos8 ~]#ansible websrvs -m script -a test.sh
10.0.0.8 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "",
"stderr_lines": [],
"stdout": "hello world\n",
"stdout_lines": [
"hello world"
]
}
10.0.0.7 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.0.0.7 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.0.0.7 closed."
],
"stdout": "hello world\r\n",
"stdout_lines": [
"hello world"
]
}
4.4 Copy 模块
功能:从ansible服务器主控端复制文件到远程主机
注意: src=file 如果是没指明路径,则为当前目录或当前目录下的files目录下的file文件
[root@centos8 ~]#ansible websrvs -m copy -a 'src=/root/test.sh dest=/tmp/test2.sh owner=lee mode=600 backup=yes'
10.0.0.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "0ac21f72634ab8e3704efaf4aaef00716bbe2ff2",
"dest": "/tmp/test2.sh",
"gid": 0,
"group": "root",
"md5sum": "74cedad3fb0a668270731908c5be59e1",
"mode": "0600",
"owner": "lee",
"size": 31,
"src": "/root/.ansible/tmp/ansible-tmp-1678678155.8365436-5316-10784279046686/source",
"state": "file",
"uid": 1000
}
10.0.0.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "0ac21f72634ab8e3704efaf4aaef00716bbe2ff2",
"dest": "/tmp/test2.sh",
"gid": 0,
"group": "root",
"md5sum": "74cedad3fb0a668270731908c5be59e1",
"mode": "0600",
"owner": "lee",
"size": 31,
"src": "/root/.ansible/tmp/ansible-tmp-1678678155.8526146-5315-4487605815548/source",
"state": "file",
"uid": 1000
}
[root@centos7 tmp]#ll test2.sh
-rw------- 1 lee root 31 Mar 13 11:29 test2.sh
#指定内容,直接生成目标文件
ansible websrvs -m copy -a "content='test line1\ntest line2\n'
dest=/tmp/test.txt"
#复制/etc目录自身,注意/etc/后面没有/
ansible websrvs -m copy -a "src=/etc dest=/backup"
#复制/etc/下的文件,不包括/etc/目录自身,注意/etc/后面有/
ansible websrvs -m copy -a "src=/etc/ dest=/backup"
4.5 Get_url 模块
功能: 用于将文件从http、https或ftp下载到被管理机节点上
常用参数如下:
url: 下载文件的URL,支持HTTP,HTTPS或FTP协议
dest: 下载到目标路径(绝对路径),如果目标是一个目录,就用服务器上面文件的名称,如果目标设置了名
称就用目标设置的名称
owner:指定属主
group:指定属组
mode:指定权限
force: 如果yes,dest不是目录,将每次下载文件,如果内容改变,替换文件。如果否,则只有在目标不存
在时才会下载该文件
checksum: 对目标文件在下载后计算摘要,以确保其完整性
示例: checksum="sha256:D98291AC[...]B6DC7B97",
checksum="sha256:http://example.com/path/sha256sum.txt"
url_username: 用于HTTP基本认证的用户名。 对于允许空密码的站点,此参数可以不使用
`url_password'
url_password: 用于HTTP基本认证的密码。 如果未指定`url_username'参数,则不会使用
`url_password'参数
validate_certs:如果“no”,SSL证书将不会被验证。 适用于自签名证书在私有网站上使用
timeout: URL请求的超时时间,秒为单位
范例:
[root@ansible ~]#ansible websrvs -m get_url -a
'url=http://nginx.org/download/nginx-1.18.0.tar.gz
dest=/usr/local/src/nginx.tar.gz
checksum="md5:b2d33d24d89b8b1f87ff5d251aa27eb8"'
4.6 Fetch 模块
功能:从远程主机提取文件至ansible的主控端,copy相反,目前不支持目录
范例:
ansible websrvs -m fetch -a 'src=/root/test.sh dest=/data/scripts'
范例:
[root@ansible ~]#ansible all -m fetch -a 'src=/etc/redhat-release dest=/data/os'
[root@ansible ~]#tree /data/os/
[root@centos8 ~]#tree /data/os/
/data/os/
├── 10.0.0.17
│ └── etc
│ └── redhat-release
├── 10.0.0.18
│ └── etc
│ └── redhat-release
├── 10.0.0.200
│ └── etc
│ └── redhat-release
├── 10.0.0.7
│ └── etc
│ └── redhat-release
└── 10.0.0.8
└── etc
└── redhat-release
10 directories, 5 files
4.7 File 模块
功能:设置文件属性,创建软链接等
范例:
#创建空文件
ansible all -m file -a 'path=/data/test.txt state=touch'
ansible all -m file -a 'path=/data/test.txt state=absent'
ansible all -m file -a "path=/root/test.sh owner=wang mode=755"
#创建目录
ansible all -m file -a "path=/data/mysql state=directory owner=mysql
group=mysql"
#创建软链接
ansible all -m file -a 'src=/data/testfile path|dest|name=/data/testfile-link
state=link'
#创建目录
ansible all -m file -a 'path=/data/testdir state=directory'
#递归修改目录属性,但不递归至子目录
ansible all -m file -a "path=/data/mysql state=directory owner=mysql
group=mysql"
#递归修改目录及子目录的属性
ansible all -m file -a "path=/data/mysql state=directory owner=mysql group=mysql
recurse=yes"
4.8 stat 模块
功能:检查文件或文件系统的状态
注意:对于Windows目标,请改用win_stat模块
选项:
path:文件/对象的完整路径(必须)
常用的返回值判断:
exists: 判断是否存在
isuid: 调用用户的ID与所有者ID是否匹配
范例:
[root@centos8 ~]#ansible 10.0.0.7 -m stat -a 'path=/etc/passwd'
10.0.0.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"stat": {
"atime": 1678669867.0370069,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 8,
"charset": "us-ascii",
"checksum": "c1aae4905d17d467e39de9e2c4ee3e218d033a9a",
"ctime": 1676960315.1890004,
"dev": 2050,
"device_type": 0,
"executable": false,
"exists": true,
"gid": 0,
"gr_name": "root",
"inode": 201960434,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mimetype": "text/plain",
"mode": "0644",
"mtime": 1676960315.1880004,
"nlink": 1,
"path": "/etc/passwd",
"pw_name": "root",
"readable": true,
"rgrp": true,
"roth": true,
"rusr": true,
"size": 886,
"uid": 0,
"version": "18446744073467396426",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
}
}
4.9 unarchive 模块
功能:解包解压缩
实现有两种用法:
1、将ansible主机上的压缩包传到远程主机后解压缩至特定目录,设置copy=yes,此为默认值,可省略
2、将远程主机上的某个压缩包解压缩到指定路径下,设置copy=no
常见参数
copy:默认为yes,当copy=yes,拷贝的文件是从ansible主机复制到远程主机上,如果设置为copy=no,
会在远程主机上寻找src源文件
remote_src:和copy功能一样且互斥,yes表示在远程主机,不在ansible主机,no表示文件在ansible
主机上
src:源路径,可以是ansible主机上的路径,也可以是远程主机(被管理端或者第三方主机)上的路径,如果
是远程主机上的路径,则需要设置copy=no
dest:远程主机上的目标路径
mode:设置解压缩后的文件权限
[root@centos8 ~]#ansible all -m unarchive -a 'src=/usr/local/src/nginx.tar.gz dest=/data owner=lee group=bin'
[root@centos7 data]#ls
f1.txt f2.txt hello.log nginx-1.18.0 test.txt
[root@centos7 data]#ll nginx-1.18.0/
total 760
drwxr-xr-x 6 lee bin 326 Mar 13 11:59 auto
-rw-r--r-- 1 lee bin 302863 Apr 21 2020 CHANGES
-rw-r--r-- 1 lee bin 462213 Apr 21 2020 CHANGES.ru
drwxr-xr-x 2 lee bin 168 Mar 13 11:59 conf
-rwxr-xr-x 1 lee bin 2502 Apr 21 2020 configure
drwxr-xr-x 4 lee bin 72 Mar 13 11:59 contrib
drwxr-xr-x 2 lee bin 40 Mar 13 11:59 html
-rw-r--r-- 1 lee bin 1397 Apr 21 2020 LICENSE
drwxr-xr-x 2 lee bin 21 Mar 13 11:59 man
-rw-r--r-- 1 lee bin 49 Apr 21 2020 README
drwxr-xr-x 9 lee bin 91 Mar 13 11:59 src
[root@centos7 data]#
ansible all -m unarchive -a 'src=/data/foo.tgz dest=/var/lib/foo owner=wang
group=bin'
ansible all -m unarchive -a 'src=/tmp/foo.zip dest=/data copy=no mode=0777'
ansible all -m unarchive -a 'src=https://example.com/example.zip dest=/data
copy=no'
ansible websrvs -m unarchive -a 'src=https://releases.ansible.com/ansible/ansible-2.1.6.0-0.1.rc1.tar.gz dest=/data/ owner=root remote_src=yes'
ansible websrvs -m unarchive -a 'src=http://nginx.org/download/nginx-
1.18.0.tar.gz dest=/usr/local/src/ copy=no'
4.10 Archive 模块
功能:打包压缩保存在被管理节点
范例:
[root@centos8 ~]#ansible websrvs -m archive -a 'path=/var/log/ dest=/data/log.tar.bz2 format=bz2 owner=lee mode=0600'
[root@centos7 data]#ll /data/
total 612
drwxrwxr-x 8 root lee 239 May 9 2017 ansible-2.1.6.0
-rw-r--r-- 1 root root 0 Mar 13 11:02 f1.txt
-rw-r--r-- 1 root root 0 Mar 13 11:13 f2.txt
-rw-r--r-- 1 root root 6 Mar 13 11:20 hello.log
-rw------- 1 lee root 618805 Mar 13 12:53 log.tar.bz2
drwxr-xr-x 8 lee bin 158 Apr 21 2020 nginx-1.18.0
-rw-r--r-- 1 root root 0 Mar 13 11:48 test.txt
4.11 Hostname 模块
功能:管理主机名(不建议批量改名,会改成一样的名字)
范例:
ansible node1 -m hostname -a "name=websrv"
ansible 10.0.0.18 -m hostname -a 'name=node18.magedu.com'
4.12 Cron 模块
功能:计划任务
支持时间:minute,hour,day,month,weekday
范例:
#备份数据库脚本
[root@centos8 ~]#cat /root/mysql_backup.sh
#!/bin/bash
mysqldump -A -F --single-transaction --master-data=2 -q -uroot |gzip >
/data/mysql_`date +%F_%T`.sql.gz
[root@centos8 ~]#crontab -l
#Ansible: backup mysql
30 2 * * 1-5 /root/mysql_backup.sh
#创建任务
ansible 10.0.0.8 -m cron -a 'hour=2 minute=30 weekday=1-5 name="backup mysql"
job=/root/mysql_backup.sh'
ansible websrvs -m cron -a "minute=*/5 job='/usr/sbin/ntpdate ntp.aliyun.com
&>/dev/null' name=Synctime"
#禁用计划任务
ansible websrvs -m cron -a "minute=*/5 job='/usr/sbin/ntpdate 172.20.0.1
&>/dev/null' name=Synctime disabled=yes"
#启用计划任务
ansible websrvs -m cron -a "minute=*/5 job='/usr/sbin/ntpdate 172.20.0.1
&>/dev/null' name=Synctime disabled=no"
#删除任务
ansible websrvs -m cron -a "name='backup mysql' state=absent"
ansible websrvs -m cron -a 'state=absent name=Synctime'
4.13 Yum 和 Apt 模块
功能:
yum 管理软件包,只支持RHEL,CentOS,fedora,不支持Ubuntu其它版本
apt 模块管理 Debian 相关版本的软件包
范例:
ansible websrvs -m yum -a 'name=httpd state=present' #安装
ansible websrvs -m yum -a 'name=nginx state=present enablerepo=epel' #启用epel源
进行安装
ansible websrvs -m yum -a 'name=* state=lastest exclude=kernel*,foo*' #升级除
kernel和foo开头以外的所有包
ansible websrvs -m yum -a 'name=httpd state=absent' #删除
[root@ansible ~]#ansible websrvs -m yum -a 'name=sl,cowsay'
- centos
[root@ansible ~]#ansible websrvs -m yum -a
"name=https://mirror.tuna.tsinghua.edu.cn/zabbix/zabbix/5.2/rhel/7/x86_64/zabbixagent-5.2.5-1.el7.x86_64.rpm"
- ubuntu
[root@centos8 ~]#ansible 10.0.0.100 -m apt -a
'name=bb,sl,cowsay,cmatrix,oneko,hollywood,boxes,libaa-bin,x11-apps'
[root@centos8 ~]#ansible websrvs -m apt -a 'name=rsync,psmisc state=absent'
范例:查看包
[root@centos8 ~]#ansible localhost -m yum -a "list=tree"
localhost | SUCCESS => {
"ansible_facts": {
"pkg_mgr": "dnf"
},
"changed": false,
"msg": "",
"results": [
{
"arch": "x86_64",
"envra": "0:tree-1.7.0-15.el8.x86_64",
"epoch": "0",
"name": "tree",
"nevra": "0:tree-1.7.0-15.el8.x86_64",
"release": "15.el8",
"repo": "@System",
"version": "1.7.0",
"yumstate": "installed"
},
{
"arch": "x86_64",
"envra": "0:tree-1.7.0-15.el8.x86_64",
"epoch": "0",
"name": "tree",
"nevra": "0:tree-1.7.0-15.el8.x86_64",
"release": "15.el8",
"repo": "baseOS",
"version": "1.7.0",
"yumstate": "available"
}
]
}
4.14 yum_repository 模块
- name: Add multiple repositories into the same file (1/2)
yum_repository:
name: epel
description: EPEL YUM repo
file: external_repos
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
gpgcheck: no
- name: Add multiple repositories into the same file (2/2)
yum_repository:
name: rpmforge
description: RPMforge YUM repo
file: external_repos
baseurl: http://apt.sw.be/redhat/el7/en/$basearch/rpmforge
mirrorlist: http://mirrorlist.repoforge.org/el7/mirrors-rpmforge
enabled: no
- name: Remove repository from a specific repo file
yum_repository:
name: epel
file: external_repos
state: absent
范例: 创建和删除仓库
[root@ansible ~]#cat yum_repo.yml
- hosts: websrvs
tasks:
- name: Add multiple repositories into the same file
yum_repository:
name: test
description: EPEL YUM repo
file: external_repos
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
gpgcheck: no
[root@ansible ~]#ansible-playbook yum_repo.yml
[root@web1 ~]#cat /etc/yum.repos.d/external_repos.repo
[test]
baseurl = https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
gpgcheck = 0
name = EPEL YUM repo
[root@ansible ~]#cat remove_yum_repo.yml
- hosts: websrvs
tasks:
- name: remove repo
yum_repository:
name: test
file: external_repos
state: absent
[root@ansible ~]#ansible-playbook remove_yum_repo.yml
4.15 Service 模块
功能:管理服务
范例:
ansible all -m service -a 'name=httpd state=started enabled=yes'
ansible all -m service -a 'name=httpd state=stopped'
ansible all -m service -a 'name=httpd state=reloaded'
ansible all -m shell -a "sed -i 's/^Listen 80/Listen 8080/'
/etc/httpd/conf/httpd.conf"
ansible all -m service -a 'name=httpd state=restarted'
4.16 User 模块
功能:管理用户
范例:
#创建用户
ansible all -m user -a 'name=user1 comment="test user" uid=2048 home=/app/user1
group=root'
ansible all -m user -a 'name=nginx comment=nginx uid=88 group=nginx
groups="root,daemon" shell=/sbin/nologin system=yes create_home=no
home=/data/nginx non_unique=yes'
#remove=yes表示删除用户及家目录等数据,默认remove=no
ansible all -m user -a 'name=nginx state=absent remove=yes'
#生成123456加密的密码
ansible localhost -m debug -a "msg={{ '123456'|
password_hash('sha512','salt')}}"
localhost | SUCCESS => {
"msg": "$6$salt$MktMKPZJ6t59GfxcJU20DwcwQzfMvOlHFVZiOVD71w."
}
#用上面创建的密码创建用户
ansible websrvs -m user -a 'name=test
password="$6$salt$MktMKPZJ6t59GfxcJU20DwcwQzfMvOlHFVZiOVD71w."'
#创建用户test,并生成4096bit的私钥
ansible websrvs -m user -a 'name=test generate_ssh_key=yes ssh_key_bits=4096
ssh_key_file=.ssh/id_rsa'
4.17Group 模块
功能:管理组
范例:
#创建组
ansible websrvs -m group -a 'name=nginx gid=88 system=yes'
#删除组
ansible websrvs -m group -a 'name=nginx state=absent'
4.18 Lineinfile 模块
ansible在使用sed进行替换时,经常会遇到需要转义的问题,而且ansible在遇到特殊符号进行替换时,
存在问题,无法正常进行替换 。其实在ansible自身提供了两个模块:lineinfile模块和replace模块,可
以方便的进行替换
一般在ansible当中去修改某个文件的单行进行替换的时候需要使用lineinfile模块
regexp参数 :使用正则表达式匹配对应的行,当替换文本时,如果有多行文本都能被匹配,则只有最
后面被匹配到的那行文本才会被替换,当删除文本时,如果有多行文本都能被匹配,这么这些行都会被
删除。
如果想进行多行匹配进行替换需要使用replace模块
功能:相当于sed,可以修改文件内容
范例:
ansible websrvs -m lineinfile -a "path=/etc/httpd/conf/httpd.conf
regexp='^Listen' line='Listen 80'"
ansible all -m lineinfile -a "path=/etc/selinux/config regexp='^SELINUX='
line='SELINUX=disabled'"
ansible all -m lineinfile -a 'dest=/etc/fstab state=absent regexp="^#"'
4.19 Replace 模块
该模块有点类似于sed命令,主要也是基于正则进行匹配和替换,建议使用
范例:
ansible all -m replace -a "path=/etc/fstab regexp='^(UUID.*)' replace='#\1'"
ansible all -m replace -a "path=/etc/fstab regexp='^#(UUID.*)' replace='\1'"
4.20 SELinux 模块
该模块管理 SELInux 策略
范例:
[root@ansible ~]#ansible 10.0.0.8 -m selinux -a 'state=disabled'
[WARNING]: SELinux state temporarily changed from 'enforcing' to 'permissive'.
State change will take effect next reboot.
10.0.0.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"configfile": "/etc/selinux/config",
"msg": "Config SELinux state changed from 'enforcing' to 'disabled'",
"policy": "targeted",
"reboot_required": true,
"state": "disabled"
}
[root@centos8 ~]#grep -v '#' /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
[root@centos8 ~]#getenforce
Permissive
4.21 reboot 模块
[root@ansible ~]#ansible websrvs -m reboot
4.22 mount 挂载和卸载
功能: 挂载和卸载文件系统
范例:
#临时挂载
mount websrvs -m mount -a 'src="UUID=b3e48f45-f933-4c8e-a700-22a159ec9077"
path=/home fstype=xfs opts=noatime state=present'
#临时取消挂载
mount websrvs -m mount -a 'path=/home fstype=xfs opts=noatime state=unmounted'
#永久挂载
ansible websrvs -m mount -a 'src=10.0.0.8:/data/wordpress path=/var/www/html/wpcontent/
uploads opts="_netdev" state=mounted'
#永久卸载
ansible websrvs -m mount -a 'src=10.0.0.8:/data/wordpress path=/var/www/html/wpcontent/
uploads state=absent'
4.23 Setup 模块
功能: setup 模块来收集主机的系统信息,这些 facts 信息可以直接以变量的形式使用,但是如果主机
较多,会影响执行速度
可以使用gather_facts: no 来禁止 Ansible 收集 facts 信息
范例:
ansible all -m setup
ansible all -m setup -a "filter=ansible_nodename"
ansible all -m setup -a "filter=ansible_hostname"
ansible all -m setup -a "filter=ansible_domain"
ansible all -m setup -a "filter=ansible_memtotal_mb"
ansible all -m setup -a "filter=ansible_memory_mb"
ansible all -m setup -a "filter=ansible_memfree_mb"
ansible all -m setup -a "filter=ansible_os_family"
ansible all -m setup -a "filter=ansible_distribution_major_version"
ansible all -m setup -a "filter=ansible_distribution_version"
ansible all -m setup -a "filter=ansible_processor_vcpus"
ansible all -m setup -a "filter=ansible_all_ipv4_addresses"
ansible all -m setup -a "filter=ansible_architecture"
ansible all -m setup -a "filter=ansible_uptime_seconds"
ansible all -m setup -a "filter=ansible_processor*"
ansible all -m setup -a 'filter=ansible_env'
[root@centos8 ~]#ansible all -m setup -a 'filter=ansible_python_version'
10.0.0.8 | SUCCESS => {
"ansible_facts": {
"ansible_python_version": "3.6.8",
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false
}
10.0.0.7 | SUCCESS => {
"ansible_facts": {
"ansible_python_version": "2.7.5",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
10.0.0.18 | SUCCESS => {
"ansible_facts": {
"ansible_python_version": "3.6.8",
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false
}
10.0.0.17 | SUCCESS => {
"ansible_facts": {
"ansible_python_version": "2.7.5",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
10.0.0.200 | SUCCESS => {
"ansible_facts": {
"ansible_python_version": "3.6.8",
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false
}
4.24 debug 模块
此模块可以用于输出信息,并且通过 msg 定制输出的信息内容
注意: msg后面的变量有时需要加 " " 引起来
范例: debug 模块默认输出Hello world
[root@centos8 ~]#ansible 10.0.0.18 -m debug
10.0.0.18 | SUCCESS => {
"msg": "Hello world!"
}
