ansible实践01-ansible基本概念以及安装配置和常用模块
1. 安装和配置ansible
1) ssh部署公钥认证(即ssh无密码登录)
利用非交换式工具实现批量分发公钥与批量管理服务器
a. ssh-keygen
b. for i in {2,3}; do ssh-copy-id -i 10.96.211.10$i ; done
2) 安装ansible
a. 安装ansible
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache
yum -y install ansible
b. 查看ansible版本
ansible --version
3) 配置ansible主机清单
主机清单配置文件:/etc/ansible/hosts
[root@elk01 ~]# cat /etc/ansible/hosts
[ansibletest]
10.96.211.102
10.96.211.103
4) 验证ansible
[root@elk01 ~]# ansible ansibletest -m ping
10.96.211.102 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.96.211.103 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
5) ansible 简单操作
[root@elk01 ~]# ansible ansibletest -m command -a "hostname"
10.96.211.102 | CHANGED | rc=0 >>
elk02
10.96.211.103 | CHANGED | rc=0 >>
elk03
[root@elk01 ~]# ansible ansibletest -m command -a "ip a"
10.96.211.102 | CHANGED | rc=0 >>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:44:26:21 brd ff:ff:ff:ff:ff:ff
inet 10.96.211.102/24 brd 10.96.211.255 scope global noprefixroute enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::6aa8:964a:2865:fa94/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::7ee:9127:3555:4cbc/64 scope link noprefixroute
valid_lft forever preferred_lft forever
10.96.211.103 | CHANGED | rc=0 >>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:30:fd:26 brd ff:ff:ff:ff:ff:ff
inet 10.96.211.103/24 brd 10.96.211.255 scope global noprefixroute enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::6aa8:964a:2865:fa94/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::7ee:9127:3555:4cbc/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::7fe4:6160:97a6:c3dd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@elk01 ~]# ansible ansibletest -m shell -a "df -h|grep $"
10.96.211.103 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 17M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/centos-root 36G 3.1G 33G 9% /
/dev/sda1 1014M 151M 864M 15% /boot
tmpfs 379M 0 379M 0% /run/user/0
10.96.211.102 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 17M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/centos-root 36G 3.1G 33G 9% /
/dev/sda1 1014M 151M 864M 15% /boot
tmpfs 379M 0 379M 0% /run/user/0
6) ansible 清单管理
配置ansible主机清单
inventory文件通常用于定义要管理主机的认证信息, 例如ssh登录用户名、密码以及key相关信息。如何配置Inventory文件
实例:
[root@elk01 ~]# cat /etc/ansible/hosts
[test01]
10.96.211.102
[test02]
10.96.211.103
[test03:children]
test01
test02
[root@elk01 ~]# ansible test01 -m ping
10.96.211.102 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@elk01 ~]# ansible test02 -m ping
10.96.211.103 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@elk01 ~]# ansible test03 -m ping
10.96.211.102 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.96.211.103 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
2. ansible架构
3. ansible主要配置文件
/etc/ansible/ansible.cfg #主配置文件,配置ansible工作特性
/etc/ansible/hosts #主机清单
/etc/ansible/roles/ #存放角色的目录
/usr/bin/ansible #主程序,临时命令执行工具
/usr/bin/ansible-doc #查看配置文档,模块功能查看工具
/usr/bin/ansible-galaxy #下载/上传优秀代码或Roles模块的官网平台
/usr/bin/ansible-playbook #定制自动化任务,编排剧本工具
/usr/bin/ansible-pull #远程执行命令的工具
/usr/bin/ansible-vault #文件加密工具
/usr/bin/ansible-console #基于Console界面与用户交互的执行工具
4. ansible 常用模块
在ansible中是指需要快速执行一条命令, 并且不需要保存的命令,对于复杂的命令则为playbook
Ansible注意事项->提示颜色信息说明
翔黄色:对远程节点进行相应修改
帽子绿:对远程节点不进行相应修改,或者只是对远程节点信息进行查看
深红色:操作执行命令有异常
浅紫色:表示对命令执行发出警告信息(可能存在的问题,给你一下建议)
1)command模块
2)shell模块
shell模块是默认的。
shell 和 command模块区别:
command只能调用一条命令,不支持(变量)别名,shell可以使用管道符!
实例01:批量查看磁盘使用情况
[root@elk01 ~]# ansible test03 -m shell -a "df -h|grep $"
10.96.211.103 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 17M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/centos-root 36G 3.1G 33G 9% /
/dev/sda1 1014M 151M 864M 15% /boot
tmpfs 379M 0 379M 0% /run/user/0
10.96.211.102 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 17M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/centos-root 36G 3.1G 33G 9% /
/dev/sda1 1014M 151M 864M 15% /boot
tmpfs 379M 0 379M 0% /run/user/0
实例02:批量创建用户user01,批量修改新创建用户user01的密码
[root@elk01 ~]# ansible test03 -m shell -a "useradd user01"
10.96.211.103 | CHANGED | rc=0 >>
10.96.211.102 | CHANGED | rc=0 >>
[root@elk01 ~]# ansible test03 -m shell -a "id user01"
10.96.211.103 | CHANGED | rc=0 >>
uid=1000(user01) gid=1000(user01) groups=1000(user01)
10.96.211.102 | CHANGED | rc=0 >>
uid=1000(user01) gid=1000(user01) groups=1000(user01)
[root@elk01 ~]# ansible test03 -m shell -a "echo 123456|passwd --stdin user01"
10.96.211.103 | CHANGED | rc=0 >>
Changing password for user user01.
passwd: all authentication tokens updated successfully.
10.96.211.102 | CHANGED | rc=0 >>
Changing password for user user01.
passwd: all authentication tokens updated successfully.
3)yum模块
实例:批量安装apache服务
name ---指定要安装的软件包名称 ,如果有多个,使用“,”隔开
state ---指定使用yum的方法
installed,present ---安装软件包
removed,absent ---移除软件包
latest ---安装最新软件包
[root@elk01 ~]# ansible test01 -m yum -a "name=httpd state=installed"
10.96.211.102 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"httpd"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.bfsu.edu.cn\n * updates: mirrors.bfsu.edu.cn\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-97.el7.centos.4 will be installed\n--> Processing Dependency: httpd-tools = 2.4.6-97.el7.centos.4 for package: httpd-2.4.6-97.el7.centos.4.x86_64\n--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-97.el7.centos.4.x86_64\n--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-97.el7.centos.4.x86_64\n--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-97.el7.centos.4.x86_64\n--> Running transaction check\n---> Package apr.x86_64 0:1.4.8-7.el7 will be installed\n---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed\n---> Package httpd-tools.x86_64 0:2.4.6-97.el7.centos.4 will be installed\n---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n httpd x86_64 2.4.6-97.el7.centos.4 updates 2.7 M\nInstalling for dependencies:\n apr x86_64 1.4.8-7.el7 base 104 k\n apr-util x86_64 1.5.2-6.el7 base 92 k\n httpd-tools x86_64 2.4.6-97.el7.centos.4 updates 94 k\n mailcap noarch 2.1.41-2.el7 base 31 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+4 Dependent packages)\n\nTotal download size: 3.0 M\nInstalled size: 10 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 9.6 MB/s | 3.0 MB 00:00 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : apr-1.4.8-7.el7.x86_64 1/5 \n Installing : apr-util-1.5.2-6.el7.x86_64 2/5 \n Installing : httpd-tools-2.4.6-97.el7.centos.4.x86_64 3/5 \n Installing : mailcap-2.1.41-2.el7.noarch 4/5 \n Installing : httpd-2.4.6-97.el7.centos.4.x86_64 5/5 \n Verifying : httpd-tools-2.4.6-97.el7.centos.4.x86_64 1/5 \n Verifying : apr-1.4.8-7.el7.x86_64 2/5 \n Verifying : mailcap-2.1.41-2.el7.noarch 3/5 \n Verifying : httpd-2.4.6-97.el7.centos.4.x86_64 4/5 \n Verifying : apr-util-1.5.2-6.el7.x86_64 5/5 \n\nInstalled:\n httpd.x86_64 0:2.4.6-97.el7.centos.4 \n\nDependency Installed:\n apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7 \n httpd-tools.x86_64 0:2.4.6-97.el7.centos.4 mailcap.noarch 0:2.1.41-2.el7 \n\nComplete!\n"
]
}
4)copy模块
copy模块常用参数:
src --- 推送数据的源文件信息
dest --- 推送数据的目标路径
backup --- 对推送传输过去的文件,进行备份
content --- 直接批量在被管理端文件中添加内容
group --- 将本地文件推送到远端,指定文件属组信息
owner --- 将本地文件推送到远端,指定文件属主信息
mode --- 将本地文件推送到远端,指定文件权限信息
# 推送文件模块
实例01:把本地/etc/hosts文件批量拷贝到远程主机,并且覆盖原有文件内容。
[root@elk01 ~]# ansible test03 -m shell -a "cat /tmp/test.txt"
10.96.211.102 | CHANGED | rc=0 >>
hello lucy
10.96.211.103 | CHANGED | rc=0 >>
hello lucy
[root@elk01 ~]# ansible test03 -m copy -a "src=/etc/hosts dest=/tmp/test.txt"
10.96.211.103 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "4d802fc842ada690f718eed89ce6289842f019f8",
"dest": "/tmp/test.txt",
"gid": 0,
"group": "root",
"md5sum": "eb32225ecda576f0f6fd0e2ce595c12b",
"mode": "0644",
"owner": "root",
"size": 218,
"src": "/root/.ansible/tmp/ansible-tmp-1645028839.6-23609-170255769954784/source",
"state": "file",
"uid": 0
}
10.96.211.102 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "4d802fc842ada690f718eed89ce6289842f019f8",
"dest": "/tmp/test.txt",
"gid": 0,
"group": "root",
"md5sum": "eb32225ecda576f0f6fd0e2ce595c12b",
"mode": "0644",
"owner": "root",
"size": 218,
"src": "/root/.ansible/tmp/ansible-tmp-1645028839.59-23607-247470112154834/source",
"state": "file",
"uid": 0
}
[root@elk01 ~]# ansible test03 -m shell -a "cat /tmp/test.txt"
10.96.211.103 | CHANGED | rc=0 >>
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.96.211.101 ELK01
10.96.211.102 ELK02
10.96.211.103 ELK03
10.96.211.102 | CHANGED | rc=0 >>
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.96.211.101 ELK01
10.96.211.102 ELK02
10.96.211.103 ELK03
# 在推送覆盖远程端文件前,对远端已有文件进行备份,按照时间信息备份
实例02:把本地/etc/hosts文件批量拷贝到远程主机,并且对远程主机的原文件进行备份。
[root@elk01 ~]# ansible test03 -m shell -a "cat /etc/hosts"
10.96.211.103 | CHANGED | rc=0 >>
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.96.211.102 | CHANGED | rc=0 >>
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@elk01 ~]# ansible test03 -m copy -a "src=/etc/hosts dest=/etc/ backup=yes"
10.96.211.103 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup_file": "/etc/hosts.10276.2022-03-25@09:22:03~",
"changed": true,
"checksum": "4d802fc842ada690f718eed89ce6289842f019f8",
"dest": "/etc/hosts",
"gid": 0,
"group": "root",
"md5sum": "eb32225ecda576f0f6fd0e2ce595c12b",
"mode": "0644",
"owner": "root",
"size": 218,
"src": "/root/.ansible/tmp/ansible-tmp-1645027630.77-23356-229079066255601/source",
"state": "file",
"uid": 0
}
10.96.211.102 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup_file": "/etc/hosts.12216.2022-03-25@09:22:03~",
"changed": true,
"checksum": "4d802fc842ada690f718eed89ce6289842f019f8",
"dest": "/etc/hosts",
"gid": 0,
"group": "root",
"md5sum": "eb32225ecda576f0f6fd0e2ce595c12b",
"mode": "0644",
"owner": "root",
"size": 218,
"src": "/root/.ansible/tmp/ansible-tmp-1645027630.77-23354-125538743118258/source",
"state": "file",
"uid": 0
}
[root@elk01 ~]# ansible test03 -m shell -a "cat /etc/hosts"
10.96.211.102 | CHANGED | rc=0 >>
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.96.211.101 ELK01
10.96.211.102 ELK02
10.96.211.103 ELK03
10.96.211.103 | CHANGED | rc=0 >>
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.96.211.101 ELK01
10.96.211.102 ELK02
10.96.211.103 ELK03
# 直接向远程主机的指定文件内写入内容信息,并且会覆盖远程主机原文件原有内容信息,如果远程主机不存在这个文件,会自动创建此文件。
实例03:
[root@elk01 ~]# ansible test03 -m shell -a "cat /tmp/test.txt"
10.96.211.103 | FAILED | rc=1 >>
cat: /tmp/test.txt: No such file or directorynon-zero return code
10.96.211.102 | FAILED | rc=1 >>
cat: /tmp/test.txt: No such file or directorynon-zero return code
[root@elk01 ~]# ansible test03 -m copy -a "content='hello lucy' dest=/tmp/test.txt"
10.96.211.103 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "37a406b6bf9fd21f714bce97e971f319bbab2fef",
"dest": "/tmp/test.txt",
"gid": 0,
"group": "root",
"md5sum": "bb456ab5a54105eb50f4e47844c8fcce",
"mode": "0644",
"owner": "root",
"size": 10,
"src": "/root/.ansible/tmp/ansible-tmp-1645028660.81-23490-161806525861407/source",
"state": "file",
"uid": 0
}
10.96.211.102 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "37a406b6bf9fd21f714bce97e971f319bbab2fef",
"dest": "/tmp/test.txt",
"gid": 0,
"group": "root",
"md5sum": "bb456ab5a54105eb50f4e47844c8fcce",
"mode": "0644",
"owner": "root",
"size": 10,
"src": "/root/.ansible/tmp/ansible-tmp-1645028660.8-23488-25608247776704/source",
"state": "file",
"uid": 0
}
[root@elk01 ~]# ansible test03 -m shell -a "cat /tmp/test.txt"
10.96.211.103 | CHANGED | rc=0 >>
hello lucy
10.96.211.102 | CHANGED | rc=0 >>
hello lucy
案例:创建某个服务的认证文件,并且向这个文件写入有关内容。修改这个文件所有者,所属组,修改文件权限为644。
[root@elk01 ~]# ansible test01 -m copy -a "content='server.port:9200' dest=/etc/services01.password owner=root group=root mode=644"
10.96.211.102 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "09d9d1adabbc84c82e3e841aaa8e7cdf2211a8f1",
"dest": "/etc/services01.password",
"gid": 0,
"group": "root",
"md5sum": "51f1cf38930a8af93ea4c594d589175b",
"mode": "0644",
"owner": "root",
"size": 16,
"src": "/root/.ansible/tmp/ansible-tmp-1645029884.33-23688-231422970294768/source",
"state": "file",
"uid": 0
}
[root@elk01 ~]# ansible test01 -m shell -a "cat /etc/services01.password"
10.96.211.102 | CHANGED | rc=0 >>
server.port:9200
[root@elk01 ~]# ansible test01 -m shell -a "ls -al /etc/services01.password"
10.96.211.102 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 16 Mar 25 09:59 /etc/services01.password
5)service模块
service模块参数:‘
name # 定义要启动服务的名称
state # 指定服务状态是停止或是运行,停止和运行指令要写成过去时
started # 启动
stopped # 停止
restarted # 重启
reloaded # 重载
enabled # 是否让服务开启自启动
实例:启动清单test01的httpd服务,并且开启htttpd服务开机自启动。
[root@elk01 ~]# ansible test01 -m shell -a "systemctl status httpd"
10.96.211.102 | FAILED | rc=3 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Fri 2022-03-25 10:24:13 CST; 47s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 14390 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Process: 14277 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0/SUCCESS)
Main PID: 14277 (code=exited, status=0/SUCCESS)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
Mar 25 10:23:19 elk02 systemd[1]: Starting The Apache HTTP Server...
Mar 25 10:23:19 elk02 httpd[14277]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.96.211.102. Set the 'ServerName' directive globally to suppress this message
Mar 25 10:23:19 elk02 systemd[1]: Started The Apache HTTP Server.
Mar 25 10:24:12 elk02 systemd[1]: Stopping The Apache HTTP Server...
Mar 25 10:24:13 elk02 systemd[1]: Stopped The Apache HTTP Server.non-zero return code
[root@elk01 ~]# ansible test01 -m service -a "name=httpd state=started enabled=yes"
10.96.211.102 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Fri 2022-03-25 10:23:19 CST",
"ActiveEnterTimestampMonotonic": "43529431964",
"ActiveExitTimestamp": "Fri 2022-03-25 10:24:12 CST",
"ActiveExitTimestampMonotonic": "43582386329",
"ActiveState": "inactive",
"After": "-.mount systemd-journald.socket basic.target tmp.mount nss-lookup.target remote-fs.target network.target system.slice",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "yes",
"AssertTimestamp": "Fri 2022-03-25 10:23:19 CST",
"AssertTimestampMonotonic": "43529400190",
"Before": "multi-user.target shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Fri 2022-03-25 10:23:19 CST",
"ConditionTimestampMonotonic": "43529400190",
"Conflicts": "shutdown.target",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The Apache HTTP Server",
"DevicePolicy": "auto",
"Documentation": "man:httpd(8) man:apachectl(8)",
"EnvironmentFile": "/etc/sysconfig/httpd (ignore_errors=no)",
"ExecMainCode": "1",
"ExecMainExitTimestamp": "Fri 2022-03-25 10:24:13 CST",
"ExecMainExitTimestampMonotonic": "43583433444",
"ExecMainPID": "14277",
"ExecMainStartTimestamp": "Fri 2022-03-25 10:23:19 CST",
"ExecMainStartTimestampMonotonic": "43529400630",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[Fri 2022-03-25 10:23:19 CST] ; stop_time=[Fri 2022-03-25 10:24:13 CST] ; pid=14277 ; code=exited ; status=0 }",
"ExecStop": "{ path=/bin/kill ; argv[]=/bin/kill -WINCH ${MAINPID} ; ignore_errors=no ; start_time=[Fri 2022-03-25 10:24:12 CST] ; stop_time=[Fri 2022-03-25 10:24:12 CST] ; pid=14390 ; code=exited ; status=0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/httpd.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "httpd.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestamp": "Fri 2022-03-25 10:24:13 CST",
"InactiveEnterTimestampMonotonic": "43583433538",
"InactiveExitTimestamp": "Fri 2022-03-25 10:23:19 CST",
"InactiveExitTimestampMonotonic": "43529400659",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "control-group",
"KillSignal": "18",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "4096",
"LimitNPROC": "15063",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "15063",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "0",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "httpd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "main",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "yes",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "system.slice -.mount basic.target",
"RequiresMountsFor": "/var/tmp",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StatusText": "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "18446744073709551615",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "notify",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "enabled",
"WantedBy": "multi-user.target",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
[root@elk01 ~]# ansible test01 -m shell -a "systemctl status httpd"
10.96.211.102 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2022-03-25 10:25:11 CST; 1min 58s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 14390 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 14700 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─14700 /usr/sbin/httpd -DFOREGROUND
├─14701 /usr/sbin/httpd -DFOREGROUND
├─14702 /usr/sbin/httpd -DFOREGROUND
├─14703 /usr/sbin/httpd -DFOREGROUND
├─14704 /usr/sbin/httpd -DFOREGROUND
└─14705 /usr/sbin/httpd -DFOREGROUND
Mar 25 10:25:11 elk02 systemd[1]: Starting The Apache HTTP Server...
Mar 25 10:25:11 elk02 httpd[14700]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.96.211.102. Set the 'ServerName' directive globally to suppress this message
Mar 25 10:25:11 elk02 systemd[1]: Started The Apache HTTP Server.
6)group模块
group模块主要参数:
name # 指定创建的组名
gid # 指定组的gid
state
absent # 移除远端主机的组
present # 创建远端主机的组(默认)
实例1:给test01清单的主机创建一个组,组名:test01group,gid:666。
[root@elk01 ~]# ansible test01 -m group -a "name=test01group gid=666"
10.96.211.102 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 666,
"name": "test01group",
"state": "present",
"system": false
}
[root@elk01 ~]# ansible test01 -m shell -a "cat /etc/group"
10.96.211.102 | CHANGED | rc=0 >>
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
cdrom:x:11:
mail:x:12:postfix
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:33:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
utmp:x:22:
utempter:x:35:
input:x:999:
systemd-journal:x:190:
systemd-network:x:192:
dbus:x:81:
polkitd:x:998:
ssh_keys:x:997:
sshd:x:74:
postdrop:x:90:
postfix:x:89:
ntp:x:38:
user01:x:1000:
apache:x:48:
test01group:x:666:
实例2:删除test01清单里test01group主机组。
[root@elk01 ~]# ansible test01 -m group -a "name=test01group state=absent"
10.96.211.102 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "test01group",
"state": "absent"
}
[root@elk01 ~]# ansible test01 -m shell -a "cat /etc/group"
10.96.211.102 | CHANGED | rc=0 >>
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
cdrom:x:11:
mail:x:12:postfix
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:33:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
utmp:x:22:
utempter:x:35:
input:x:999:
systemd-journal:x:190:
systemd-network:x:192:
dbus:x:81:
polkitd:x:998:
ssh_keys:x:997:
sshd:x:74:
postdrop:x:90:
postfix:x:89:
ntp:x:38:
user01:x:1000:
apache:x:48:
7)user模块
user模块: 可管理远程主机上的 用户,比如创建用户、修改用户、删除用户、为用户创建密钥对等操作。
user模块主要参数:
uid # 指定用户的uid
group # 指定用户组名称
groups # 指定附加组名称
password # 给用户添加密码
shell # 指定用户登录shell
create_home # 是否创建家目录
state: 参数用于指定用户是否存在于远程主机中。
可选值有 present、absent:
默认值为 present,表示用户存在,相当于在远程主机创建用户;
当设置为 absent 时表示用户不存在,相当于在远程主机删除用户。
remove:删除指定用户的家目录。 参数在 state=absent 时使用,等价于 userdel --remove 布尔类型,默认值为 false。
实例1:给test01清单里的主机创建用户:test01user
[root@elk01 ~]# ansible test01 -m user -a "name=test01user"
10.96.211.102 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1001,
"home": "/home/test01user",
"name": "test01user",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1001
}
[root@elk01 ~]# ansible test01 -m command -a "cat /etc/passwd"
10.96.211.102 | CHANGED | rc=0 >>
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
user01:x:1000:1000::/home/user01:/bin/bash
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
test01user:x:1001:1001::/home/test01user:/bin/bash
实例2:删除test01清单里主机的名为user002test用户和这个用户家目录一起删除。(有时候不删除家目录,用户删除不了)
[root@elk01 ~]# ansible test01 -m user -a "name=user002test state=absent remove=yes"
10.96.211.102 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "user002test",
"remove": true,
"state": "absent"
}
[root@elk01 ~]# ansible test01 -m command -a "id user002test"
10.96.211.102 | FAILED | rc=1 >>
id: user002test: no such usernon-zero return code
8)file模块
file模块:创建文件。
path --- 指定远程主机目录或文件信息
recurse --- 递归授权
state ---
directory --- 在远端创建目录
touch --- 在远端创建文件
link --- link或hard表示创建链接文件
absent --- 表示删除文件或目录
mode --- 设置文件或目录权限
owner --- 设置文件或目录属主信息
group --- 设置文件或目录属组信息
实例1:创建空目录
ansible test03 -m file -a "path=/tmp/file01 state=directory"
查看
ansible test03 -m command -a "ls -al /tmp/file01"
实例2:创建空文件
ansible test03 -m file -a "path=/tmp/t1.txt state=touch"
查看
ansible test03 -m command -a "cat /tmp/t1.txt"
实例3:创建链接文件(很少用到)
ansible test03 -m file -a "src=/etc/passwd path=/tmp/passwd_link state=link"
9)crond模块
cron:定时任务模块。
实例:每隔3分钟做一个操作:与阿里云时间同步
ansible test03 -m cron -a "name=crontab01 minute=*/3 job='/usr/sbin/ntpdate ntp1.aliyun.com'"
10)script模块
script模块:执行脚本的。可以把本地脚本复制到远程主机,并且在远程主机执行此脚本。
实例:把本地/root/test.sh脚本复制到指定远程主机,并且执行这个脚本。
ansible test03 -m script -a "/root/test.sh"
