24.ansible批量管理与维护之进阶部分
1.ansible模块使用指南--命令模块与复制模块
注意:设定的用户和组oldboy在所有客户端必须存在;指定目标目录不存在则自动创建;可以改文件名。
[root@m01 ~]# id oldboy
uid=500(oldboy) gid=500(oldboy) groups=500(oldboy)
[root@m01 ~]# echo "#oldboyedu" >>/etc/sysconfig/network
[root@m01 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=m01
#oldboyedu
利用ansible远程批量拷贝文件或者目录:
[root@m01 ~]# ansible oldboy -m copy -a "src=/etc/sysconfig/network dest=/opt owner=oldboy mode=0755" //
10.0.0.41 | SUCCESS => {
"changed": true,
"checksum": "d565e98c0298c46844e619b23a8fa39c90c42f21",
"dest": "/opt/network",
"gid": 0,
"group": "root",
"md5sum": "0fe09a5f5c54e56337ea3fde562a28e0",
"mode": "0755",
"owner": "oldboy",
"size": 39,
"src": "/root/.ansible/tmp/ansible-tmp-1517832363.64-208087046049572/source",
"state": "file",
"uid": 500
}
10.0.0.31 | SUCCESS => {
"changed": true,
"checksum": "d565e98c0298c46844e619b23a8fa39c90c42f21",
"dest": "/opt/network",
"gid": 0,
"group": "root",
"md5sum": "0fe09a5f5c54e56337ea3fde562a28e0",
"mode": "0755",
"owner": "oldboy",
"size": 39,
"src": "/root/.ansible/tmp/ansible-tmp-1517832363.62-84040911180755/source",
"state": "file",
"uid": 500
}
说明:文件变化后复制成功则显示为屎黄色。
测试:
[root@m01 ~]# ansible oldboy -m command -a "ls -ld /opt/network"
10.0.0.41 | SUCCESS | rc=0 >>
-rwxr-xr-x 1 oldboy root 39 Feb 5 20:06 /opt/network
10.0.0.31 | SUCCESS | rc=0 >>
-rwxr-xr-x 1 oldboy root 39 Feb 5 20:06 /opt/network
如果目的文件存在则备份,默认不备份。
[root@m01 ~]# echo "#oldboyedu1" >>/etc/sysconfig/network
[root@m01 ~]# ansible oldboy -m copy -a "src=/etc/sysconfig/network dest=/opt backup=yes"
10.0.0.31 | SUCCESS => {
"backup_file": "/opt/network.7696.2018-02-05@20:13:27~",
"changed": true,
"checksum": "901c3df197e26a1fd7e8fc0ef50df56deedef760",
"dest": "/opt/network",
"gid": 0,
"group": "root",
"md5sum": "ffd8c21ec93c4683990bea753bb42a3c",
"mode": "0755",
"owner": "oldboy",
"size": 51,
"src": "/root/.ansible/tmp/ansible-tmp-1517832806.07-76284925993172/source",
"state": "file",
"uid": 500
}
10.0.0.41 | SUCCESS => {
"backup_file": "/opt/network.4934.2018-02-05@20:13:28~",
"changed": true,
"checksum": "901c3df197e26a1fd7e8fc0ef50df56deedef760",
"dest": "/opt/network",
"gid": 0,
"group": "root",
"md5sum": "ffd8c21ec93c4683990bea753bb42a3c",
"mode": "0755",
"owner": "oldboy",
"size": 51,
"src": "/root/.ansible/tmp/ansible-tmp-1517832806.09-175191185258058/source",
"state": "file",
"uid": 500
}
2.ansible之脚本模块使用
法一:拷贝、执行脚本文件:
[root@m01 ~]# ansible oldboy -m copy -a "src=/server/scripts/yum-htop.sh dest=/server/scripts/" //
[root@m01 ~]# ansible oldboy -m shell -a "/bin/sh /server/scripts/yum-htop.sh" //
法二:一次性执行脚本文件:
[root@m01 ~]# ansible-doc -s script
[root@m01 ~]# ansible oldboy -m script -a "/server/scripts/yum-iotop.sh" //
测试是否执行成功:
[root@m01 ~]# ansible oldboy -m command -a "rpm -qa tree htop iotop iftop"
[root@m01 ~]# ansible oldboy -a "rpm -qa tree htop iotop iftop"
3.ansible模块小结
每个模块就代表一种功能。
ansible oldboy -m service -a "name=crond state-started enabled=yes"
ansible 主机组 模块 操作的内容
command(默认的模块):执行命令模块。不支持管道、特殊符号、通配符等(得用shell模块)。
shell:执行shell脚本模块。
script:把脚本发到客户端,然后执行。
copy:把本地文件发送到远端。
file:设定文件属性模块。
service:系统服务管理模块。
cron:计划任务管理模块。
yum:yum软件包安装管理模块。
syncronize:使用rsync同步文件模块。
注意:ansible也可以自己配置密钥认证:
authorized_key:增加或者移动一个ssh密钥认证。
查看ansible帮助:
参数详解:
法一:ctrl+f查找
http://docs.ansible.com/ansible/latest/list_of_all_modules.html
法二:
[root@m01 ~]# ansible-doc -l|wc -l //列出所有的模块
1378
[root@m01 ~]# ansible-doc -s copy //查看指定模块用法
4.ansible之定时任务模块使用
ansible特点:
a.配置管理;
b.批量部署;
c.ad-hoc批量执行命令;ansible oldboy -m command -a "hostname"
d.编写playbook剧本-脚本。
核心功能:
a.PyYAML-剧本的语言;
b.paramiko-远程连接与数据传输;
c.Jinjia2。(模板)
定时任务管理模块:cron
[root@m01 ~]# ansible oldboy -m cron -a "name='restart network' minute=00 hour=00 job='/etc/init.d/network restart >/dev/null 2>&1'" //
10.0.0.41 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"restart network"
]
}
10.0.0.31 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"restart network"
]
}
测试:
[root@m01 ~]# ansible oldboy -a "crontab -l"
10.0.0.31 | SUCCESS | rc=0 >>
#time sync by lidao at 2017-03-08
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
#Ansible: restart network
00 00 * * * /etc/init.d/network restart >/dev/null 2>&1
10.0.0.41 | SUCCESS | rc=0 >>
#time sync by lidao at 2017-03-08
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
#check & send result by cr at 2018-01-24
00 03 * * * /bin/bash /service/scripts/check.sh >/dev/null 2>&1
#Ansible: restart network
00 00 * * * /etc/init.d/network restart >/dev/null 2>&1
删除:state=absent
[root@m01 ~]# ansible oldboy -m cron -a "name='restart network' state=absent"
10.0.0.41 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": []
}
10.0.0.31 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": []
}
测试:
[root@m01 ~]# ansible oldboy -a "crontab -l"
5.ansible-playbook指南
play-book写法步骤:
剧本举例:批量执行命令1
[root@m01 ~]# mkdir -p /server/playbook
[root@m01 ~]# cd /server/playbook/
[root@m01 playbook]# vim ifconfig.yml
[root@m01 playbook]# cat ifconfig.yml
- hosts: oldboy
tasks:
- command: ifconfig
- shell: ifconfig >/opt/ip.log
[root@m01 playbook]# ansible --help
检查语法与模拟运行:-C
[root@m01 playbook]# ansible-playbook -C ifconfig.yml
执行命令:
[root@m01 playbook]# ansible-playbook ifconfig.yml
测试是否成功:
[root@m01 playbook]# ansible oldboy -a "cat /opt/ip.log"
6.ansible-playbook实现基础命令
剧本举例:批量执行命令2
把所有服务器的IP地址追加到/opt/ip.log中。
[root@m01 playbook]# vim ip.yml
[root@m01 playbook]# cat ip.yml
- hosts: oldboy
tasks:
- name: get ip address
shell: ifconfig eth0|awk -F "[ :]+" 'NR==2{print $4}' >>/opt/ip.log
检查语法:
[root@m01 playbook]# ansible-playbook -C ip.yml
执行命令:
[root@m01 playbook]# ansible-playbook ip.yml
测试是否成功:
[root@m01 playbook]# ansible oldboy -a "tail -1 /opt/ip.log"
7.ansible-playbook模块的不同书写格式
剧本举例:批量执行定时任务之重启网络
[root@m01 ~]# ansible oldboy -m cron -a "name='restart network' minute=00 hour=00 job='/etc/init.d/network restart >/dev/null 2>&1' state=present"
以上方式转换为一下方式:
法一:普通写法
[root@m01 playbook]# vim add-cron.yml
[root@m01 playbook]# cat add-cron.yml - hosts: all tasks: - name: add restart network cron cron: name="restart network" minute=00 hour=00 job="/etc/init.d/network restart >/dev/null 2>&1" state=present
[root@m01 playbook]# ansible-playbook -C add-cron.yml
[root@m01 playbook]# ansible-playbook add-cron.yml
测试成功:
[root@m01 playbook]# ansible all -a "crontab -l"
http://docs.ansible.com/ansible/latest/cron_module.html
法二:官方写法
[root@m01 playbook]# vim add-cron-gf.yml
[root@m01 playbook]# cat add-cron-gf.yml - hosts: all tasks: - name: add restart network cron cron: name: restart network minute: 00 hour: 00 job: /etc/init.d/network restart >/dev/null 2>&1 state: present
[root@m01 playbook]# ansible-playbook -C add-cron-gf.yml
[root@m01 playbook]# ansible-playbook add-cron-gf.yml
[root@m01 playbook]# ansible all -a "crontab -l"
8.ansible-playbook使用新模块与执行多个命令
剧本举例:在同一个剧本中对同一台机器配置多个任务:重启网络,安装软件,显示时间信息到文件。
重点:去官网查找相应模块使用方法:
http://docs.ansible.com/ansible/latest/service_module.html
[root@m01 playbook]# vim manage.yml
[root@m01 playbook]# cat manage.yml
- hosts: all
tasks:
- name: restart network
service:
name: network
state: restarted
- name: install tree nmap lrzsz iftop htop iotop nc
shell: yum install tree nmap lrzsz iftop htop iotop nc
- name: print date to file
shell: date +%F >>/opt/date.log
[root@m01 playbook]# ansible-playbook -C manage.yml
[root@m01 playbook]# ansible-playbook manage.yml
TASK [install tree nmap lrzsz iftop htop iotop nc] **********************************************************************************
[WARNING]: Consider using yum module rather than running yum
......
[root@m01 playbook]# ansible all -a "rpm -qa tree nmap lrzsz iftop htop iotop nc"
[root@m01 playbook]# ansible all -a "cat /opt/date.log"
9.ansible-playbook模块之在同一剧本中,在不同主机IP执行不同的命令
剧本举例:在同一剧本中,在不同主机IP执行不同的命令
[root@m01 playbook]# vim hosts.yml
[root@m01 playbook]# cat hosts.yml
- hosts: 10.0.0.41
tasks:
- name: mkdir
shell: mkdir -p /oldboy/backup
- hosts: 10.0.0.31
tasks:
- name: find
shell: find /etc -type f -name "*.conf" >>/opt/name.log
[root@m01 playbook]# ansible-playbook -C hosts.yml
浙公网安备 33010602011771号