ansible笔记
ansible学习笔记
学习各种模块的语法,参数
模块较多,参数较多,需要做好笔记,以及一定的背诵,敲打记忆
基础篇学习路线
- 1.主机清单语法,学会如何批量管理服务器组,配置服务器认证,服务器变量
- 2.学习常见的模块,语法,参数,用法
- 3.改造shell脚本为ansible模块
自动化运维好处
- 提高工作效率,减少重复性工作
- 大大减少认为出错的可能性
- 数据化管理,数据化汇报,问题可追溯
ansible
saltstack
这两个自动化运维工具
master-61机器,管理了100台机器
指标
shell 脚本结合for循环处理者100台机器
每一个指标就是每一个命令
free -m > xxx.file
cpuinfo
shell,命令导出的数据就是一堆普通的文本字符串,难以加工处理
如果能导出为数据交换格式,如json,如yaml,如xml 就可以很轻松的发给各种片成语言,实现数据加工,格式化处理,发给前端去做网页展示,
ansible几条命令就可以实现
平且
ansible导出的服务器信息,如内存,磁盘,网卡,等等一堆信息,可以直接导出为json数据
json数据就可以直接发给前端,前端就可以展示出服务器的信息
这就是语文内开发做的事
后端python+ansible获取数据,导出json,发给前端
前端写heml,js,对json数据展示
运维平台就出来了
如何学习ansible
1.打开ansibie官网,查看所有最新的功能,不要看其他的文档,可能已经很陈旧了,python3也已经更新了很多,导致用法变化等
https://docs.ansible.com/ansible/latest/
最新官网文档
nfs服务
rsync服务
shell脚本,堆砌了各种部署的命令
↓
把这个脚本,所有的操作,全部替换为ansible的模块
2.你可能执行的各种命令,ansible都提供好了模块,如拷贝文件,如安装软件,服务重启等
3.你使用ansible,必须严格按照ansible提供的语法来,否则只有报错
4.先学语法,语法基本功扎实后,面对千遍万花的需求,才能游刃有余
5.多动手,ansible需要记忆的操作比较多
ansible安装部署
yum install epel-release ansible libselinux-python -y
前提你配置好了阿里云的epel源可以直接安装
yum install ansible -y
查看ansible的信息
[root@master-61 ~]#ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
其他被管理的机器
- 全部初始化,还原sshd原本的配置即可
- 用于学习ansible的主机连接配置参数
主机清单文件(主机分组)
把综合架构需要用到的机器,进行分组
主机清单配置文件
[root@master-61 ~]#vim /etc/ansible/hosts
[web]
172.16.1.7
172.16.1.8
172.16.1.9
[nfs]
172.16.1.31
[backup]
172.16.1.41
主机分组后,执行命令测试,批量管理一组机器
管理所有的机器,使用特殊主机组,all
让所有的主机,远程运行hostname,返回主机名信息
[root@master-61 ~]#ansible all -m shell -a "hostname"
但是默认没配置认证方式,权限被拒绝
ansible主机登录认证
ansible批量管理主机有两种方式
传统的密码认证
公钥认证
ansible基于公私钥认证
-
1.将master-61机器的公钥,分发给想免密登录的机器
-
2,后续在对该机器操作,就直接进行ssh的公钥认证了,就可以免密码,直接远程执行
ssh免密协议登录情况下 [root@master-61 ~]#ssh-copy-id root@172.16.1.41 [root@master-61 ~]#ansible backup -a "hostname" 172.16.1.41 | CHANGED | rc=0 >> rsync-41 [root@master-61 ~]#ssh-copy-id root@172.16.1.31 [root@master-61 ~]#ansible nfs -m shell -a "hostname" 172.16.1.31 | CHANGED | rc=0 >> nfs-31 [root@master-61 ~]#ssh-copy-id root@172.16.1.7 [root@master-61 ~]#ssh-copy-id root@172.16.1.8 [root@master-61 ~]#ssh-copy-id root@172.16.1.9 查看web组的内存情况 [root@master-61 ~]#ansible web -a "free -m" 172.16.1.7 | CHANGED | rc=0 >> total used free shared buff/cache available Mem: 1821 98 1585 9 136 1564 Swap: 0 0 0 172.16.1.8 | CHANGED | rc=0 >> total used free shared buff/cache available Mem: 1821 104 1580 9 137 1559 Swap: 0 0 0 172.16.1.9 | CHANGED | rc=0 >> total used free shared buff/cache available Mem: 1821 100 1584 9 137 1563 Swap: 0 0 0 查看所有机器是否存活 [root@master-61 ~]#ansible all -m ping 172.16.1.9 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 172.16.1.7 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 172.16.1.8 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 172.16.1.41 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 172.16.1.31 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" }
基于密码认证
- 在你的客户端机器,修改了ssh默认端口,以及密码需要修改主机清单文件才可以正确连接
- 注意你得配置文件允许免密登录才能进行如下测试,
ansible主机清单配置文件语法(重要)
/etc/ansible/hosts 主机清单文件
注意,部分资料里的主机配置文件语法,旧版如下
Ansible 2.0 has deprecated the “ssh” from ansible_ssh_user, ansible_ssh_host, and ansible_ssh_port to become
这是旧版本的用法
ansible_ssh_host
ansible_ssh_port
ansible_ssh_user
ansible_ssh_password
最新的,去掉了中间的_ssh
新版参数
ansible_user
ansible_host
ansible_port
如果你写旧版本的语法,新版也也认识
新版参数
| 参数 | 参数类型 | 参数说明 |
|---|---|---|
| ansible_host | 主机地址 | 远程主机ip |
| ansible_port | 主机端口 | 设置SSH连接端口,默认22 |
| ansible_user | 主机用户 | 默认SSH远程连接的用户身份 |
| ansible_password | 用户密码 | 指定SSH远程主机密码 |
给rsync机器,进行免密认证
1.给rsync机器,添加密码,端口信息
[backup]
172.16.1.41 ansible_port=22 ansible_password='123456'
2.如果目标机器的ssh信息都被改了,这里也得改
172.16.1.41 ansible_port=22999 ansible_password='123123'
添加rsync机器的ssh信息
ansible软件使用的前提事ssh+key免密验证的环境,如果没有配置也可以使用ansible,如下
[root@master-61 ~]#tail -2 /etc/ansible/hosts
[backup]
172.16.1.41 ansible_port=22 ansible_password='123456'
测试执行
[root@master-61 ~]#ansible backup -m ping
172.16.1.41 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
添加web机器组的信息
[root@master-61 ~]#tail /etc/ansible/hosts
[web]
172.16.1.7 ansible_port=22 ansible_password='123456'
172.16.1.8 ansible_port=22 ansible_password='123456'
172.16.1.9 ansible_port=22 ansible_password='123456'
[nfs]
172.16.1.31
[backup]
172.16.1.41 ansible_port=22 ansible_password='123456'
测试执行
[root@master-61 ~]#ansible web -m ping
172.16.1.9 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.8 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
拿web机器测试(单独操作某主机)
指定单个机器,且添加了密码和端口
[web]
172.16.1.7 ansible_port=22999 ansible_password='123456'
172.16.1.8
172.16.1.9
[nfs]
172.16.1.31
[backup]
172.16.1.41
[root@master-61 ~]#ansible 172.16.1.7 -m shell -a "hostname"
172.16.1.7 | CHANGED | rc=0 >>
web-7
故障解决
你可能会遇见如下问题,关于新机器的指纹确认问题。
[root@master-61 ~]#
[root@master-61 ~]#ansible 172.16.1.9 -m ping
172.16.1.9 | FAILED! => {
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
}
解决办法1,手动ssh连接,进行指纹确认,写入到本机的
[root@master-61 ~]#cat ~/.ssh/known_hosts
解决办法2,ansible配置文件中忽略指纹确认
[root@master-61 ~]#grep 'host_key_checking' /etc/ansible/ansible.cfg
host_key_checking = False
问题以及解决,可以正确操作web-9机器
[root@master-61 ~]#ansible 172.16.1.9 -m ping
172.16.1.9 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
踩坑记录(ansible缓存)
由于ansible在对远程主机操作之前,默认会先通过setup模块获取机器的facts(静态属性),并且会生成缓存,便于加速远程主机的操作;
但缓存也会导致一些奇怪的现象,比如客户端的机器信息更新了,服务端依旧使用的是旧数据,那就不准确了,因此可以删除缓存。
关于缓存导致bug的文章,https://serverfault.com/questions/630253/ansible-stuck-on-gathering-facts
清理ansible的缓存目录即可
[root@master-61 ~]#rm -rf ~/.ansible/cp/*
同一组连续的ip
可以修改主机清单文件如下,前提是该些主机的配置一致
[web]
172.16.1.[7:9]
公共变量
当主机清单里,很多主机组,有相同的变量属性,可以写成公共变量
这部分配置是针对web主机组,抽象的变量
[root@master-61 ~]#grep -vE '^#|^$' /etc/ansible/hosts
[web:vars]
ansible_ssh_port=22999
ansible_ssh_user=root
ansible_ssh_pass=123123
[web]
172.16.1.[7:9]
[nfs]
172.16.1.31 ansible_ssh_port=22999
[backup]
172.16.1.41 ansible_ssh_port=22999 ansible_ssh_user=root ansible_ssh_pass=123123
测试web组和backup组是否可用
1.主机清单
[web:vars]
ansible_port=22
ansible_password='123456'
[web]
172.16.1.[7:9]
[nfs]
172.16.1.31
[backup]
172.16.1.41 ansible_port=22 ansible_password='123456'
2.ansible ad-hoc命令
web机器组
[root@master-61 ~]#ansible web -m ping
172.16.1.9 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.8 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
rsync机器
[root@master-61 ~]#ansible backup -m shell -a "touch /opt/全力学习linux warn=false"
172.16.1.41 | CHANGED | rc=0 >>
[root@master-61 ~]#
[root@master-61 ~]#ansible backup -m shell -a "ls /opt/"
172.16.1.41 | CHANGED | rc=0 >>
全力学习linux
获取主机名
[root@master-61 ~]#ansible web -m shell -a hostname
172.16.1.9 | CHANGED | rc=0 >>
web-9
172.16.1.7 | CHANGED | rc=0 >>
web-7
172.16.1.8 | CHANGED | rc=0 >>
web-8
所有主机都生效的变量(最终版)
指定主机组名all,即可针对所有主机名生效,前提是,你要确保这个信息是所有主机通用的。
[root@master-61 ~]#grep -vE '^#|^$' /etc/ansible/hosts
[all:vars]
ansible_port=22
ansible_password='123456'
[web]
172.16.1.7
172.16.1.8
172.16.1.9
[nfs]
172.16.1.31
[backup]
172.16.1.41
远程执行命令
[root@master-61 ~]#ansible all -m shell -a hostname
172.16.1.31 | CHANGED | rc=0 >>
nfs-31
172.16.1.7 | CHANGED | rc=0 >>
web-7
172.16.1.41 | CHANGED | rc=0 >>
rsync-41
172.16.1.9 | CHANGED | rc=0 >>
web-9
172.16.1.8 | CHANGED | rc=0 >>
web-8
关于ansible连接指纹确认的问题
1.master-61需要确认目标机器的指纹,记录到本地known——hosts文件
ls ~/.ssh/known_hosts文件中 这里就存放了目标机器的指纹信息
可以进行认证方式,密码,还是公钥
2.首次远程连接,需要指纹确认,可以忽略该指纹
ssh的连接参数,忽略指纹的确认
ansible的配置文件中也有一个参数忽略指纹的确认
一般用法是
总之ansible就是以ssh连接标准来的
1.指纹确认 yes/no
2.密码认证/公钥认证
关于ansible如何初始化的使用,有三个方案
方案一
已经基于ssh完成了指纹确认,认证方式
ansible直接用就可以
你可以先一键分发公钥,实现批量化免密登录,再ansible免密远程执行命令
方案2
ssh root@172.16.1.7
手动确认yes 写入到本地的known_hosts
你可以手动ssh连接,确认指纹后,再ansible去远程操作,选择认证方式就行
方案3.
你可以直接忽略指纹确认,在主机清单文件中定义好ssh连接配置参数
这个就是最简单的,修改ansible配置文件,打开忽略指纹确认的参数即可
修改如下参数即可
72 # uncomment this to disable SSH key host checking
73 host_key_checking = False
后续就进入了认证方式阶段,选择密码,还是公钥,
常见错误
- 端口错了
- 密码错了
- 用户错了
如果出错
1.找ansible的/etc/ansible/hosts中语法是否出错
2.看目标机器,到底提供了什么样的ssh连接形式(sshd_config)
ansible命令执行的方式
ansible提供了多少个模块呢?
[root@master-61 ~]#ansible-doc -l |wc -l
3387
ansible实现批量管理主机的模式主要有两
- 利用ansible命令实现批量管理(ad-hoc)模式
- 利用ansible剧本实现批量管理(playbook)模式
ad-hoc和playbook的关闭就好比shell命令与shell scripts的关系
ad-hoc模式
Ansible的ad-hoc模式也就是ansible的命令行模式,该模式通常用来临时处理一些任务。例如
- 临时批量查看所有被管控机器的内存、负载、磁盘
- 临时批量分发某个特定文件
playbook模式
Ansible的playbook模式就是针对特定的具体较大的任务,事先写好执行剧本,然后在其他机器上批量执行相同的任务,属于定制化的批量执行任务,例如
- 一键安装Rsync
- 一键搭建LNMP集群等
ansible-doc命令
列出ansible所有支持的模块,这就是ansible这个万能工具所有的零件了
[root@master-61 ~]#ansible-doc -l |grep ^ping
ping Try to connect to h...
pingdom Pause/unpause Pingd...
[root@master-61 ~]#ansible-doc -l |grep ^shell
shell Execute shell comma...
当前ansible支持3387个模块
[root@master-61 ~]#ansible-doc -l |wc -l
3387
查看某个模块的具体用法
[root@master-61 ~]#ansible-doc -s shell
[root@master-61 ~]#ansible-doc -s ping
[root@master-61 ~]#ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
ping:
data: # Data to return for the `ping' return value. If this
parameter is set to
`crash', the module
will cause an
exception.
[root@master-61 ~]#ansible-doc -s shell
- name: Execute shell commands on targets
shell:
chdir: # Change into this directory before running the command.
cmd: # The command to run followed by optional arguments.
creates: # A filename, when it already exists, this step will
*not* be run.
executable: # Change the shell used to execute the command. This
expects an absolute
path to the executable.
free_form: # The shell module takes a free form command to run, as
a string. There is no
actual parameter named
'free form'. See the
examples on how to use
this module.
removes: # A filename, when it does not exist, this step will
*not* be run.
stdin: # Set the stdin of the command directly to the specified
value.
stdin_add_newline: # Whether to append a newline to stdin data.
warn: # Whether to enable task warnings.
ansible核心内容(模块学习)
ansible执行命令结果(状态颜色)
可以使用模块操作,会有不同的颜色结果,都是由意义的
运维远程执行命令,有2个方式
shell脚本,远程执行
ansible模块,远程执行
区别在于
shell脚本不够智能,不会记录上一次的执行状态,以及修改的状态,因此导致,傻瓜式的,重复性执行,效率的极其低下,不做状态记录,
ansible的模块,yum模块会记录执行的状态
第一次执行,装完之后,的却对目标机器产生了修改的状态,会给master-61返回一个命令执行结果,执行状态,存储下来
ansible web -m yum -a "name=rsync state=installed"
ansible会检测目标机器,对比这个状态,如果状态没变,ansible就不会再执行该命令,因此效率很高
ansible web -m yum -a "name=rsync state=installed"
ansible的状态,颜色区分,看到不同的状态
这俩是命令成功了
绿色:命令以用户期望的执行了,但是状态没有发生改变;
黄色:命令以用户期望的执行了,并且状态发生了改变;
紫色:警告信息,说明ansible提示你有更合适的用法;出现了warning警告
红色:命令错误,执行失败;
蓝色: 详细的执行过程;
官网文档
如果说学ansible该去哪找正确玩法
1.看官网
2.看于超老师博客(😄)
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/index.html#plugins-in-ansible-builtin
Ansible自动化软件的核心功能就在于其众多的模块,可以说学习Ansible就是学习模块的使用。
剩余的是对Ansible剧本编写的熟练度。
ping测试连通性
通过master-61机器,查看目标机器是否运行
[root@master-61 ~]#ansible all -m ping
172.16.1.8 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.31 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.9 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.41 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
命令语法
ansible 主机组 -m 模块名 [模块参数]
查看模块解释
[root@master-61 ~]#ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
ping:
data: # Data to return for the `ping' return value. If this
parameter is set to
`crash', the module
will cause an
exception.
[root@master-61 ~]#
执行
[root@master-61 ~]#ansible web -m ping
172.16.1.8 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.9 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
command 简单命令模块
语法
[root@master-61 ~]#ansible-doc -s command
ansible 主机组 -m command -a "需要批量执行的命令"
该模块作用,在远程节点上执行一个命令
- command模块是ansible默认的模块,也就是默认就指定了 -m command
- 只支持简单命令命令执行,比如你想远程看下服务器的资源信息,普通的linux命令command模块是ansible命令基本模块
- 使用command模块执行远程命令,命令不得用变量($HOME)
- 不得出现特殊符号
< > | ; &
否则无法识别,需要则使用shell模块实现
- 也就是无法使用复杂的linux命令
远程查看主机名
两个方法
[root@master-61 ~]#ansible web -m command -a "hostname"
172.16.1.7 | CHANGED | rc=0 >>
web-7
172.16.1.9 | CHANGED | rc=0 >>
web-9
172.16.1.8 | CHANGED | rc=0 >>
web-8
简写,command是ansible的基础模块,默认就是 -m command
[root@master-61 ~]#ansible web -a "hostname"
172.16.1.9 | CHANGED | rc=0 >>
web-9
172.16.1.8 | CHANGED | rc=0 >>
web-8
172.16.1.7 | CHANGED | rc=0 >>
web-7
远程查看主机内存
[root@master-61 ~]#ansible web -a "free -m"
172.16.1.8 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 1821 100 1579 9 141 1561
Swap: 0 0 0
172.16.1.9 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 1821 100 1579 9 141 1560
Swap: 0 0 0
172.16.1.7 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 1821 98 1581 9 141 1562
Swap: 0 0 0
远程创建文件,查看文件
[root@master-61 ~]#ansible web -m command -a "touch /opt/666.log"
[WARNING]: Consider using the file module with state=touch rather than running
'touch'. If you need to use command because file is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid
of this message.
172.16.1.7 | CHANGED | rc=0 >>
172.16.1.8 | CHANGED | rc=0 >>
172.16.1.9 | CHANGED | rc=0 >>
里面没有东西,
[root@master-61 ~]#ansible web -m command -a "cat /opt/666.log"
172.16.1.8 | CHANGED | rc=0 >>
172.16.1.7 | CHANGED | rc=0 >>
172.16.1.9 | CHANGED | rc=0 >>
远程获取机器负载
[root@master-61 ~]#ansible web -a "uptime"
172.16.1.8 | CHANGED | rc=0 >>
20:09:39 up 3:27, 2 users, load average: 0.00, 0.02, 0.05
172.16.1.7 | CHANGED | rc=0 >>
20:09:39 up 3:27, 2 users, load average: 0.00, 0.01, 0.05
172.16.1.9 | CHANGED | rc=0 >>
20:09:39 up 3:27, 2 users, load average: 0.01, 0.03, 0.05
关闭告警信息
[root@master-61 ~]#ansible web -m command -a "touch /opt/666.log warn=false "
172.16.1.8 | CHANGED | rc=0 >>
172.16.1.9 | CHANGED | rc=0 >>
172.16.1.7 | CHANGED | rc=0 >>
在所有机器上,创建wenjie01用户
[root@master-61 ~]#ansible web -m command -a "useradd wenjie01"
172.16.1.9 | CHANGED | rc=0 >>
172.16.1.7 | CHANGED | rc=0 >>
172.16.1.8 | CHANGED | rc=0 >>
使用command提供的专有命令
这些命令用于编写ansible-playbook,完成服务器部署的各种复杂条件限定
| 选项参数 | 选项说明 |
|---|---|
| chdir | 在执行命令执行,通过cd命令进入指定目录 |
| creates | 定义一个文件是否存在,若不存在,则运行相应命令;存在则跳过 |
| free_form(必须) | 参数信息中可以输入任何系统命令,实现远程管理 |
| removes | 定义一个文件是否存在,如果存在,则运行相应命令;如果不存在则跳过 |
command练习
备份/var/log日志目录,需要先进入根目录
cd /&& tar -zcf /opt/log.tgz /var/log
注意在备份文件存放的文件夹是否存在
[root@master-61 ~]#ansible web -m command -a "tar -zcf /opt/log.tgz /var/log chdir=/"
[WARNING]: Consider using the unarchive module rather than running 'tar'. If you
need to use command because unarchive is insufficient you can add 'warn: false' to
this command task or set 'command_warnings=False' in ansible.cfg to get rid of this
message.
172.16.1.7 | CHANGED | rc=0 >>
tar: Removing leading `/' from member names
172.16.1.9 | CHANGED | rc=0 >>
tar: Removing leading `/' from member names
172.16.1.8 | CHANGED | rc=0 >>
tar: Removing leading `/' from member names
在/opt下创建wenjie666
2个写法
[root@master-61 ~]#ansible web -a "touch /opt/wenjie666"
[WARNING]: Consider using the file module with state=touch rather than running
'touch'. If you need to use command because file is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid
of this message.
172.16.1.9 | CHANGED | rc=0 >>
172.16.1.8 | CHANGED | rc=0 >>
172.16.1.7 | CHANGED | rc=0 >>
[root@master-61 ~]#ansible web -a "touch wenjie666 chdir=/opt"
[WARNING]: Consider using the file module with state=touch rather than running
'touch'. If you need to use command because file is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid
of this message.
172.16.1.8 | CHANGED | rc=0 >>
172.16.1.9 | CHANGED | rc=0 >>
172.16.1.7 | CHANGED | rc=0 >>
备份/etc所有配置文件到/backup_config/etc.tgz
[root@master-61 ~]#ansible web -a "tar -zcf /backup_config/etc.tgz etc chdir=/"
[WARNING]: Consider using the unarchive module rather than running 'tar'. If you
need to use command because unarchive is insufficient you can add 'warn: false' to
this command task or set 'command_warnings=False' in ansible.cfg to get rid of this
message.
172.16.1.9 | FAILED | rc=-13 >>
tar (child): /backup_config/etc.tgz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting nownon-zero return code
172.16.1.7 | FAILED | rc=-13 >>
tar (child): /backup_config/etc.tgz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting nownon-zero return code
172.16.1.8 | FAILED | rc=-13 >>
tar (child): /backup_config/etc.tgz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting nownon-zero return code
目录不存在则会报错
创建目录即可
[root@master-61 ~]#ansible web -a "mkdir backup_config chdir=/"
可以正确执行了
[root@master-61 ~]#ansible web -a "tar -zcf /backup_config/etc.tgz etc chdir=/"
[WARNING]: Consider using the unarchive module rather than running 'tar'. If you
need to use command because unarchive is insufficient you can add 'warn: false' to
this command task or set 'command_warnings=False' in ansible.cfg to get rid of this
message.
172.16.1.7 | CHANGED | rc=0 >>
172.16.1.8 | CHANGED | rc=0 >>
172.16.1.9 | CHANGED | rc=0 >>
练习removes命令
1.这里就得提前考虑 /backup_config文件夹是否存在,必须先有文件夹,才能执行该备份命令
2.判断如果文件夹不存在,则不执行备份
目标文件夹不存在,这个命令不会对目标机器产生任何修改,因此绿色结果
[root@master-61 ~]#ansible web -a "tar -zcf /backup_config/etc.tgz etc chdir=/ removes=/backup_config"
3.你必须先创建该文件夹
ansible web -a "mkdir -p /backup_config"
4.再次执行命令
ansible web -a "tar -zcf /backup_config/etc.tgz etc chdir=/ removes=/backup_config"
测试creates命令,如果目标目录已经存在了,就别创建该目录了
绿色结果
[root@master-61 ~]#ansible backup -m command -a "mkdir /opt creates=/opt"
172.16.1.41 | SUCCESS | rc=0 >>
skipped, since /opt exists
远程过滤进程信息,无法使用,因为command不支持特殊符号
想用特殊符号,更复杂的linux命令用shell模块
虽然ansible提供了大量的模块
万能模块shell
但是在学习阶段,还是尽量的用专有的模块
shell模块(万能模块)
shell模块功能,在远程节点上执行命令(复杂的命令)
也就是等于你在linux上直接执行任何复杂的命令都可以
但是ansible的使用理念是,人家提供了几千个模块,并且有很复杂的功能,你在用shell模块之前,先查一查是否有对应的模块
你如果想使用ansible提供的状态功能,记录你每次执行命令的结果,你就必须得使用专有的模块,否则无法使用该功能
shell练习
shell模块可以识别特殊符号,就等于远程执行命令了
远程过滤ssh进程信息
[root@master-61 ~]#ansible all -m shell -a "ps -ef | grep ssh"
172.16.1.9 | CHANGED | rc=0 >>
root 977 1 0 16:42 ? 00:00:00 /usr/sbin/sshd -D
root 1496 977 0 16:57 ? 00:00:00 sshd: root@pts/0
root 4614 977 4 20:45 ? 00:00:00 sshd: root@pts/1
root 4672 4671 0 20:45 pts/1 00:00:00 /bin/sh -c ps -ef | grep ssh
root 4674 4672 0 20:45 pts/1 00:00:00 grep ssh
使用重定向符号,创建文件
>>
>
远程获取时间信息,且写入到文件中
command
command不认识重定向
# ansible web -m command -a "date > /tmp/date.log"
[root@master-61 ~]#ansible web -m shell -a "date '+%F %T' > /tmp/date.log"
172.16.1.7 | CHANGED | rc=0 >>
172.16.1.8 | CHANGED | rc=0 >>
172.16.1.9 | CHANGED | rc=0 >>
[root@master-61 ~]#ansible web -m shell -a 'cat /tmp/date.log'
172.16.1.8 | CHANGED | rc=0 >>
2022-05-06 20:48:25
172.16.1.7 | CHANGED | rc=0 >>
2022-05-06 20:48:25
172.16.1.9 | CHANGED | rc=0 >>
2022-05-06 20:48:25
远程执行复杂linux命令
这个命令就无法在command中执行
通过一条命令,做如下事情
- 创建文件夹
- 生成sh脚本文件(查看主机名)
- 赋予脚本可执行权限
- 执行脚本
- 忽略warning信息
[root@master-61 ~]#ansible web -m shell -a "mkdir /0224/;echo 'hostname' > /0224/hostname.sh;chmod +x /0224/hostname.sh;/0224/hostname.sh; warn=false"
172.16.1.8 | CHANGED | rc=0 >>
web-8mkdir: cannot create directory ‘/0224/’: File exists
172.16.1.7 | CHANGED | rc=0 >>
web-7mkdir: cannot create directory ‘/0224/’: File exists
172.16.1.9 | CHANGED | rc=0 >>
web-9mkdir: cannot create directory ‘/0224/’: File exists
小结shell模块
shell命令别过度依赖,那就等于用ansible远程帮你执行了个普通的shell命令
应该夺取琢磨其他模块,如文件模块,拷贝模块,脚本模块,定时任务模块,yum模块等等等
copy拷贝模块
copy模块是远程推送数据模块,只能把数据推送给远程主机节点,无法拉取数据到本地
既然是文件拷贝,可用参数也就是围绕文件属性
将master-61管理机上的数据,拷贝到目标机器上
copy练习
语法
ansible 主机组 -m copy -a "参数"
简单发送文件
src
dest
参数练习
并且ansible的模块记录了文件属性,文件的md5值,得到了文件的唯一校验值,判断文件内容是否变化,如果为变化,不做处理,提升批量管理的效率
[root@master-61 ~]#touch /tmp/61-cf.log
将master-61管理机上的数据,拷贝到目标机器上
[root@master-61 ~]#ansible web -m copy -a "src=/tmp/61-cf.log dest=/tmp/web-cf.log"
172.16.1.9 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/web-cf.log",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1651842836.03-6332-143268317083740/source",
"state": "file",
"uid": 0
}
172.16.1.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/web-cf.log",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1651842836.03-6329-32950887924847/source",
"state": "file",
"uid": 0
}
172.16.1.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/web-cf.log",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1651842836.03-6331-75949782588670/source",
"state": "file",
"uid": 0
}
发送文件且指定文件属性
61
↓
web机器组(属性变化 www 600)
权限改为600,修改为www用户(要求目标机器存在该用户)
创建www用户
[root@master-61 ~]#ansible web -m shell -a "useradd www"
172.16.1.8 | CHANGED | rc=0 >>
172.16.1.7 | CHANGED | rc=0 >>
172.16.1.9 | CHANGED | rc=0 >>
远程拷贝文件,且修改权限,为600
[root@master-61 ~]#ansible web -m copy -a "src=/tmp/61-cf.log dest=/opt/web-cf.log group=www owner=www mode=600"
172.16.1.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "3a93854261b2082f7c23d867effd83b8fa4a8226",
"dest": "/opt/web-cf.log",
"gid": 3052,
"group": "www",
"md5sum": "4de86af44537779b79dd0ed313a6e286",
"mode": "0600",
"owner": "www",
"size": 9,
"src": "/root/.ansible/tmp/ansible-tmp-1651843611.74-6809-151872020409304/source",
"state": "file",
"uid": 3052
}
172.16.1.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "3a93854261b2082f7c23d867effd83b8fa4a8226",
"dest": "/opt/web-cf.log",
"gid": 1001,
"group": "www",
"md5sum": "4de86af44537779b79dd0ed313a6e286",
"mode": "0600",
"owner": "www",
"size": 9,
"src": "/root/.ansible/tmp/ansible-tmp-1651843611.73-6807-201600337094063/source",
"state": "file",
"uid": 1001
}
172.16.1.9 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "3a93854261b2082f7c23d867effd83b8fa4a8226",
"dest": "/opt/web-cf.log",
"gid": 1001,
"group": "www",
"md5sum": "4de86af44537779b79dd0ed313a6e286",
"mode": "0600",
"owner": "www",
"size": 9,
"src": "/root/.ansible/tmp/ansible-tmp-1651843611.73-6810-118061606094315/source",
"state": "file",
"uid": 1001
}
远程检查文件信息
[root@master-61 ~]#ansible web -m shell -a "ls -l /opt/web-cf.log"
172.16.1.8 | CHANGED | rc=0 >>
-rw------- 1 www www 9 May 6 21:26 /opt/web-cf.log
172.16.1.9 | CHANGED | rc=0 >>
-rw------- 1 www www 9 May 6 21:26 /opt/web-cf.log
172.16.1.7 | CHANGED | rc=0 >>
-rw------- 1 www www 9 May 6 21:26 /opt/web-cf.log
发送文件且先做好备份
使用backup参数,防止覆盖远程文件,丢失备份,提前备份目标机器的数据
1.检查目标机器的文件
[root@master-61 ~]#ansible web -m shell -a "ls -l /opt/web-cf.log"
172.16.1.8 | CHANGED | rc=0 >>
-rw------- 1 www www 9 May 6 21:26 /opt/web-cf.log
172.16.1.9 | CHANGED | rc=0 >>
-rw------- 1 www www 9 May 6 21:26 /opt/web-cf.log
172.16.1.7 | CHANGED | rc=0 >>
-rw------- 1 www www 9 May 6 21:26 /opt/web-cf.log
2.远程拷贝文件,且做好备份
[root@master-61 ~]#ansible web -m copy -a "src=/tmp/61-cf.log dest=/opt/web-cf.log backup=yes"
172.16.1.9 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup_file": "/opt/web-cf.log.6235.2022-05-06@21:35:30~",
"changed": true,
"checksum": "b2a0e1913df5abaa8d0fffc2be656058dd325da6",
"dest": "/opt/web-cf.log",
"gid": 1001,
"group": "www",
"md5sum": "70e1c0b68ecf740809380feb8da916f5",
"mode": "0600",
"owner": "www",
"size": 25,
"src": "/root/.ansible/tmp/ansible-tmp-1651844130.23-7243-37766259209642/source",
"state": "file",
"uid": 1001
}
172.16.1.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup_file": "/opt/web-cf.log.6269.2022-05-06@21:35:30~",
"changed": true,
"checksum": "b2a0e1913df5abaa8d0fffc2be656058dd325da6",
"dest": "/opt/web-cf.log",
"gid": 1001,
"group": "www",
"md5sum": "70e1c0b68ecf740809380feb8da916f5",
"mode": "0600",
"owner": "www",
"size": 25,
"src": "/root/.ansible/tmp/ansible-tmp-1651844130.22-7240-279215248937807/source",
"state": "file",
"uid": 1001
}
172.16.1.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup_file": "/opt/web-cf.log.5873.2022-05-06@21:35:30~",
"changed": true,
"checksum": "b2a0e1913df5abaa8d0fffc2be656058dd325da6",
"dest": "/opt/web-cf.log",
"gid": 3052,
"group": "www",
"md5sum": "70e1c0b68ecf740809380feb8da916f5",
"mode": "0600",
"owner": "www",
"size": 25,
"src": "/root/.ansible/tmp/ansible-tmp-1651844130.22-7242-211655069148680/source",
"state": "file",
"uid": 3052
}
3.发现ansible帮你做好了备份,
[root@master-61 ~]#ansible web -m shell -a "ls -l /opt/web*"
172.16.1.7 | CHANGED | rc=0 >>
-rw------- 1 www www 25 May 6 21:35 /opt/web-cf.log
-rw------- 1 www www 9 May 6 21:26 /opt/web-cf.log.6269.2022-05-06@21:35:30~
172.16.1.8 | CHANGED | rc=0 >>
-rw------- 1 www www 25 May 6 21:35 /opt/web-cf.log
-rw------- 1 www www 9 May 6 21:26 /opt/web-cf.log.5873.2022-05-06@21:35:30~
172.16.1.9 | CHANGED | rc=0 >>
-rw------- 1 www www 25 May 6 21:35 /opt/web-cf.log
-rw------- 1 www www 9 May 6 21:26 /opt/web-cf.log.6235.2022-05-06@21:35:30~
指定数据写入到远程文件中
content参数
[root@master-61 ~]#ansible web -m copy -a "content='努力学习中linux' dest=/opt/web-cf.log"
172.16.1.9 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "3845981fd2c84b0968fb6658f62efd04a8c90d86",
"dest": "/opt/web-cf.log",
"gid": 1001,
"group": "www",
"md5sum": "67a0b5bff6921ecfce61dbd87617bdad",
"mode": "0600",
"owner": "www",
"size": 20,
"src": "/root/.ansible/tmp/ansible-tmp-1651844403.88-7448-187450795172234/source",
"state": "file",
"uid": 1001
}
172.16.1.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "3845981fd2c84b0968fb6658f62efd04a8c90d86",
"dest": "/opt/web-cf.log",
"gid": 1001,
"group": "www",
"md5sum": "67a0b5bff6921ecfce61dbd87617bdad",
"mode": "0600",
"owner": "www",
"size": 20,
"src": "/root/.ansible/tmp/ansible-tmp-1651844403.87-7445-214535570004903/source",
"state": "file",
"uid": 1001
}
172.16.1.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "3845981fd2c84b0968fb6658f62efd04a8c90d86",
"dest": "/opt/web-cf.log",
"gid": 3052,
"group": "www",
"md5sum": "67a0b5bff6921ecfce61dbd87617bdad",
"mode": "0600",
"owner": "www",
"size": 20,
"src": "/root/.ansible/tmp/ansible-tmp-1651844403.87-7447-9187121544716/source",
"state": "file",
"uid": 3052
}
查看文件内容
[root@master-61 ~]#ansible web -m shell -a "cat /opt/web-cf.log"
172.16.1.9 | CHANGED | rc=0 >>
努力学习中linux
172.16.1.8 | CHANGED | rc=0 >>
努力学习中linux
172.16.1.7 | CHANGED | rc=0 >>
努力学习中linux
注意像这样得覆盖操作,还是添加备份参数更合适
[root@master-61 ~]#ansible web -m copy -a "content='努力学习中linux' dest=/opt/web-cf.log backup=yes"
[root@master-61 ~]#ansible web -m shell -a "ls -l /opt/web*"
172.16.1.8 | CHANGED | rc=0 >>
-rw------- 1 www www 20 May 6 21:40 /opt/web-cf.log
-rw------- 1 www www 9 May 6 21:26 /opt/web-cf.log.5873.2022-05-06@21:35:30~
172.16.1.7 | CHANGED | rc=0 >>
-rw------- 1 www www 20 May 6 21:40 /opt/web-cf.log
-rw------- 1 www www 9 May 6 21:26 /opt/web-cf.log.6269.2022-05-06@21:35:30~
172.16.1.9 | CHANGED | rc=0 >>
-rw------- 1 www www 20 May 6 21:40 /opt/web-cf.log
-rw------- 1 www www 9 May 6 21:26 /opt/web-cf.log.6235.2022-05-06@21:35:30~
复制文件夹,注意结尾斜杠
练习src,dest,以及分隔符得添加
远程拷贝/opt/下的所有内容到目标机器
[root@master-61 ~]#ansible web -m copy -a "src=/opt/ dest=/tmp/"
172.16.1.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/11111.log",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1651845247.25-8016-85327270207765/source",
"state": "file",
"uid": 0
}
172.16.1.9 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/11111.log",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1651845247.26-8019-165319529957984/source",
"state": "file",
"uid": 0
}
172.16.1.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/11111.log",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1651845247.26-8018-235237969042808/source",
"state": "file",
"uid": 0
}
远程拷贝/opt 整个目录到目标机器
[root@master-61 ~]#ansible web -m copy -a "src=/opt dest=/tmp/"
172.16.1.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/opt/11111.log",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1651845302.83-8139-244442059135315/source",
"state": "file",
"uid": 0
}
172.16.1.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/opt/11111.log",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1651845302.82-8137-79542699476130/source",
"state": "file",
"uid": 0
}
172.16.1.9 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/opt/11111.log",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1651845302.82-8140-83016067172179/source",
"state": "file",
"uid": 0
}
目前已学的模块
ping 检测目标机器是否存活
command 远程执行简单linux命令不支持特殊符号
shell 万能模块,远程执行简单linux命令,支持特殊符号
copy 批量分发文件,master-61机器要给所有被管理的机器,批量的发送,更新某文件,某文件夹
/etc/hosts文件 master-61机器上,所有被管理机器集群,都可以使用这个本地
hosts 域名解析
ansible all -m copy -a "src=/etc/hosts dest=/etc/hosts backup=yes"
准备了一些列的数据文件,网站的所有静态页面,图片等
master-61机器的 /www目录下 ,全部发给共享存储/nginx-html/,提供给web服务器组使用
/www/static/logo.png
/www/html/index.html
ansible nfs -m copy -a "src=/www/ dest=/nginx-html/"
file文件操作模块
copy区别开
file模块作用是创建 ,以及设置文件目录属性
copy模块 ,src(管理机器上 ) dest(目标机器上 )
file专门用于在远程机器上,关于文件的操作
file src(目标机器上的文件) dest(目标机器上的文件)
file模块主要用于创建文件,目录数据,以及对现有的文件,目录权限进行修改
对文件的属性各种操作的
请看官网
https://docs.ansible.com/ansible/latest/modules/file_module.html#file-module
直接看examples示例用法即可
或者看命令帮助
[root@master-61 ~]#ansible-doc -s file
远程创建文件
ansible每次命令的执行,都会记录下来当前的状态
state参数,path参数
远程在web服务器组中,创建一个文本, hello_ansible.log
[root@master-61 ~]#ansible web -m file -a "path=/opt/hello_ansible.log state=touch"
172.16.1.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hello_ansible.log",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
172.16.1.9 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hello_ansible.log",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
172.16.1.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hello_ansible.log",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
远程查看一下
[root@master-61 ~]#ansible web -m shell -a "ls -ld /opt/hello*"
172.16.1.8 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 May 6 22:10 /opt/hello_ansible.log
172.16.1.7 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 May 6 22:10 /opt/hello_ansible.log
172.16.1.9 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 May 6 22:10 /opt/hello_ansible.log
创建文件夹
state参数,path参数
[root@master-61 ~]#ansible web -m file -a "path=/opt/hello_ansible state=directory"
172.16.1.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/opt/hello_ansible",
"size": 6,
"state": "directory",
"uid": 0
}
172.16.1.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/opt/hello_ansible",
"size": 6,
"state": "directory",
"uid": 0
}
172.16.1.9 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/opt/hello_ansible",
"size": 6,
"state": "directory",
"uid": 0
}
远程查看
[root@master-61 ~]#ansible web -m shell -a "ls -ld /opt/hello_ansible"
172.16.1.8 | CHANGED | rc=0 >>
drwxr-xr-x 2 root root 6 May 6 22:13 /opt/hello_ansible
172.16.1.9 | CHANGED | rc=0 >>
drwxr-xr-x 2 root root 6 May 6 22:13 /opt/hello_ansible
172.16.1.7 | CHANGED | rc=0 >>
drwxr-xr-x 2 root root 6 May 6 22:13 /opt/hello_ansible
创建文件且设定权限
state参数,path参数,owner参数,group参数
psth=/opt/hello-linux.log
[root@master-61 ~]#ansible web -m file -a "path=/opt/hello-linux.log state=touch owner=www group=www "
172.16.1.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hello-linux.log",
"gid": 3052,
"group": "www",
"mode": "0644",
"owner": "www",
"size": 0,
"state": "file",
"uid": 3052
}
172.16.1.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hello-linux.log",
"gid": 1001,
"group": "www",
"mode": "0644",
"owner": "www",
"size": 0,
"state": "file",
"uid": 1001
}
172.16.1.9 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hello-linux.log",
"gid": 1001,
"group": "www",
"mode": "0644",
"owner": "www",
"size": 0,
"state": "file",
"uid": 1001
}
远程修改文件属性
[root@master-61 ~]#ansible web -m file -a "path=/opt/hello-linux.log state=touch owner=www group=www mode=666"
172.16.1.9 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hello-linux.log",
"gid": 1001,
"group": "www",
"mode": "0666",
"owner": "www",
"size": 0,
"state": "file",
"uid": 1001
}
172.16.1.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hello-linux.log",
"gid": 1001,
"group": "www",
"mode": "0666",
"owner": "www",
"size": 0,
"state": "file",
"uid": 1001
}
172.16.1.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hello-linux.log",
"gid": 3052,
"group": "www",
"mode": "0666",
"owner": "www",
"size": 0,
"state": "file",
"uid": 3052
}
创软连接文件
软连接,也就是在目标机器上,指定源文件,创建软连接
src dest state
给web服务器组的/etc/hosts文件,添加软连接到/opt/hosts文件
[root@master-61 ~]#ansible web -m file -a "src=/etc/hosts dest=/opt/hosts state=link"
172.16.1.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hosts",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/etc/hosts",
"state": "link",
"uid": 0
}
172.16.1.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hosts",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/etc/hosts",
"state": "link",
"uid": 0
}
172.16.1.9 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/hosts",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/etc/hosts",
"state": "link",
"uid": 0
}
强制性创建文件(软连接)
意义不大,查看force参数的作用
[root@master-61 ~]#ansible web -m file -a "src=/etc/hostsss dest=/opt/hosts state=link force=yes "
修改已存在文件/文件夹的属性
修改文件 path mode
[root@master-61 ~]#ansible 172.16.1.7 -m file -a "path=/opt/666.log owner=www group=www mode=666"
172.16.1.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 1001,
"group": "www",
"mode": "0666",
"owner": "www",
"path": "/opt/666.log",
"size": 0,
"state": "file",
"uid": 1001
}
修改文件夹,path mode owner group
[root@master-61 ~]#ansible 172.16.1.7 -m file -a "path=/opt/hello_ansible owner=www group=www"
172.16.1.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 1001,
"group": "www",
"mode": "0755",
"owner": "www",
"path": "/opt/hello_ansible",
"size": 6,
"state": "directory",
"uid": 1001
}
关于file模块的所有参数作用
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html#parameters
关于file模块的实例用法
playbook剧本的写法,yaml写法
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html#examples
script脚本模块
一键部署rsync,nfs,nginx等
1.把脚本发送到目标机器上执行
2.远程执行,目标机器上不需要存在这个脚本
官网
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/script_module.html#ansible-collections-ansible-builtin-script-module
模块功能:把本地脚本传输到远程节点上并运行脚本
比起shell模块,script模块功能更强大,管理机本地有一份脚本,就可以在所有机器上运行。
scripts模块的功能参数
| 选项参数 | 选项说明 |
|---|---|
| creates | 定义一个文件是否存在,若不存在,则运行相应命令;存在则跳过 |
| free_form(必须) | 参数信息中可以输入任何系统命令,实现远程管理 |
| removes | 定义一个文件是否存在,如果存在,则运行相应命令;如果不存在则跳过 |
远程执行脚本
为什么要用ansible,主要是ansible使用对应的模块,执行完命令后,记录了每一次修改的状态,这个状态,一是让你更清晰文件的情况,二是也防止反复修改文件,提升效率
为什么需要用scripts模块
script模块
反复执行命令,远程执行脚本
1.管理机创建测试脚本
master-61创建该脚本
[root@master-61 ~]#cat echo_server_info.sh
echo "$(hostname -I)" >> /tmp/server_info.log
echo "$(uptime)" >> /tmp/server_info.log
echo "$(free -m)" >> /tmp/server_info.sh
2.添加执行权限
[root@master-61 ~]#chmod +x echo_server_info.sh
3.远程执行
发送nfs机器去执行
[root@master-61 ~]#ansible nfs -m script -a "/root/echo_server_info.sh"
172.16.1.31 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.16.1.31 closed.\r\n",
"stderr_lines": [
"Shared connection to 172.16.1.31 closed."
],
"stdout": "",
"stdout_lines": []
}
4.检查结果
[root@nfs-31 ~]#cat /tmp/server_info.log
10.0.0.31 172.16.1.31
22:40:45 up 5:58, 2 users, load average: 0.00, 0.01, 0.05
利用script模块批量让所有被管理机器执行脚本,该脚本不用在远程主机上存在
远程在目标机器执行脚本
远程安装nginx脚本
[root@master-61 ~]#cat install_nginx.sh
yum install nginx -y
[root@master-61 ~]#ansible nfs -m script -a "/root/install_nginx.sh"
卸载nginx
[root@master-61 ~]#cat install_nginx.sh
#yum install nginx -y
yum remove nginx -y
[root@master-61 ~]#ansible nfs -m script -a "/root/install_nginx.sh"
查看命令执行详细过程
-vvvvv参数显示详细过程,v越多,越详细
[root@master-61 ~]#ansible nfs -vvvvv -m shell -a "df -h"
显示命令执行的详细过程,开启了debug日志模式
记住ansible的语法
记住模块的名字
记住对应模块完成功能的参数
cron定时任务模块
官网文档
https://docs.ansible.com/ansible/latest/modules/cron_module.html#cron-module
cron模块用于管理定时任务的记录,编写任务
定时任务的记录,语法格式
* * * * * 要执行的命令
对比ansible的cron模块,和crontab
常见的参数如此,使用ansible编写定时任务,和直接编写是没有什么区别的
添加ntpdate定时任务
添加每5分钟执行一次和阿里云时间同步
*/5 * * * * ntpdate -u ntp.aliyun.com
name、job、minute参数
cron模块创建定时任务
[root@master-61 ~]#ansible nfs -m cron -a "name='ntp aliyun' minute=*/5 job='ntpdate -u ntp.aliyun.com'"
172.16.1.31 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"ntp aliyun"
]
}
查看远程机器的crontab记录
[root@master-61 ~]#ansible nfs -m shell -a "crontab -l"
172.16.1.31 | CHANGED | rc=0 >>
* * * * * /usr/sbin/ntpdate time1.aliyun.com > /dev/null 2>&1
#Ansible: ntp aliyun
*/5 * * * * ntpdate -u ntp.aliyun.com
删除定时任务
只能基于cron模块指定名字的修改
name参数,state参数
先检查远程的定时任务
[root@master-61 ~]#ansible nfs -m shell -a "crontab -l"
172.16.1.31 | CHANGED | rc=0 >>
* * * * * /usr/sbin/ntpdate time1.aliyun.com > /dev/null 2>&1
#Ansible: ntp aliyun
*/5 * * * * ntpdate -u ntp.aliyun.com
正统用法
[root@master-61 ~]#ansible nfs -m cron -a "name='ntp aliyun' state=absent"
172.16.1.31 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
歪门邪道
[root@master-61 ~]#ansible nfs -m shell -a "crontab -r"
172.16.1.31 | CHANGED | rc=0 >>
创建每分钟执行的任务
不指定任何时间规则,默认是每分钟
[root@master-61 ~]#ansible nfs -m cron -a "name='12345' job='echo "大鹏" >>/tmp/hello.log'"
172.16.1.31 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"12345"
]
}
[root@master-61 ~]#ansible nfs -m shell -a "crontab -l"
172.16.1.31 | CHANGED | rc=0 >>
#Ansible: 12345
* * * * * echo 大鹏 >>/tmp/hello.log
修改指定名称的定时任务
[root@master-61 ~]#ansible nfs -m cron -a "name='12345' minute=30 hour=23 job='echo 大鹏 >>/tmp/hello.log'"
172.16.1.31 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"12345"
]
}
[root@master-61 ~]#ansible nfs -m shell -a "crontab -l"
172.16.1.31 | CHANGED | rc=0 >>
#Ansible: 12345
30 23 * * * echo 大鹏 >>/tmp/hello.log
group模块
管理系统用户组的模块
https://docs.ansible.com/ansible/latest/modules/group_module.html#group-
官网文档
语法
模块参数 参数描述
name 创建指定的组名
gid 组的GID
state absent 移除远程主机的组
present 创建远程主机的组
对组管理,也就是创建,删除,查看
创建wenjie_ops组,gid=1234
name。gid
[root@master-61 ~]#ansible nfs -m group -a "name=wenjie_ops gid=1234"
172.16.1.31 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 1234,
"name": "wenjie_ops",
"state": "present",
"system": false
}
删除组
name,gid,state
[root@master-61 ~]#ansible nfs -m group -a "name=wenjie_ops gid=1234 state=absent"
172.16.1.31 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "wenjie_ops",
"state": "absent"
}
user用户模块
用户管理,也就是关于用户的
- uid
- 用户名
- 用户主组
- 用户附加组
- 创建用户
- 删除用户
- 创建关于用户的公私钥
- 用户过期时间
- 用户密码过期时间
https://docs.ansible.com/ansible/latest/modules/user_module.html#user-module
官网文档
语法参数
实例用法
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html#examples
| 模块参数 | 参数描述 |
|---|---|
| create_home | 创建家目录,设置no则不创建家目录 |
| group | 创建用户组 |
| name | 创建用户的名字 |
| password | 创建用户的密码 |
| uid | 创建用户的UID |
| shell | 用户登录解释器 |
| state | Absent(删除用户)present(默认参数,创建) |
| expires | 账户过期时间 |
创建wenjie01用户,uid为8888
[root@master-61 ~]#ansible nfs -m user -a "name=wenjie01 uid=8888"
172.16.1.31 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 8888,
"home": "/home/wenjie01",
"name": "wenjie01",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 8888
}
创建用户cc01
- uid,gid为1777
- 没有家目录
注意该用户组是否存在,否则报错
group,name,gid
[root@master-61 ~]#ansible nfs -m group -a "name=cc01 gid=1777"
创建用户,设置权限
user naem uid group create_home shell
[root@master-61 ~]#ansible nfs -m group -a "name=cc01 gid=1777"
[root@master-61 ~]#ansible nfs -m user -a "name=cc01 uid=1777 group=1777 create_home=no shell=/sbin/nologin "
172.16.1.31 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 1777,
"home": "/home/cc01",
"name": "cc01",
"shell": "/sbin/nologin",
"state": "present",
"system": false,
"uid": 1777
}
检查用户
[root@master-61 ~]#ansible nfs -m shell -a "id cc01"
172.16.1.31 | CHANGED | rc=0 >>
uid=1777(cc01) gid=1777(cc01) groups=1777(cc01)
yum安装软件
yum模块明显就是一个专门用于管理软件的模块
官网文档示例用法
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/yum_module.html#examples
yum模块其实就是在远程节点上,执行yum命令,你可以快速登录到目标机器,查看进程
安装net-tools最新版本
latest参数也用于升级软件包
[root@master-61 ~]#ansible backup -m yum -a "name=net-tools state=latest"
卸载net-rools软件
[root@master-61 ~]#ansible backup -m yum -a "name=net-tools state=absent"
安装rsync服务
[root@master-61 ~]#ansible backup -m yum -a "name=rsync state=installed"
检查rsync
[root@master-61 ~]#ansible backup -m shell -a "rpm -qa rsync warn=false"
172.16.1.41 | CHANGED | rc=0 >>
rsync-3.1.2-10.el7.x86_64
service/systemd模块
该模块作用是针对yum包管理
service适用于centos6前的系统
systemd命令适用于centos7系统
要注意的是service模块依旧对centos7有效,但是建议大家使用systemd模块
- systemd模块用于控制远程主机的systemd服务,说白了,就是Linux下的systemd命令。需要远程主机支持systemd
- 用法和service模块基本相同
systemd模块参数
如果使用systemctl 管理程序的话,可以使用systemd模块,systenctl 可以 控制程序启/停 reload 开机启动 观察程序状态(status)等,掌握使用后管理就更方便了
主要参数
daemon_reload:在执行任何其他操作之前运行守护进程重新加载,以确保systemd已经读取其他更改
enabled:服务是开机自动启动yue|no,enabled和state至少要有一个被定义
masked:是否将服务设置为masked状态,被mask的服务是无法启动的
name:比选项,服务名称
no_block(2.3后新增):不要同步等待操作请求完成
state:对当前服务执行启动,停止,重启,重新加载等操作(started,stopped,restarted,reloaded)
user:使用服务的调用者运行systemctl,而不是系统的服务管理者
安装,启动nginx服务
1.安装nginx服务
[root@master-61 ~]#ansible web -m yum -a "name=nginx state=installed"
2.启动服务
[root@master-61 ~]#ansible web -m systemd -a "name=nginx state=started"
3.查询状态,这里ansible为直接提供status参数,可以借助command模块即可
[root@master-61 ~]#ansible web -a "systemctl status nginx"
4.停止nginx服务
[root@master-61 ~]#ansible web -m systemd -a "name=nginx state=stopped"
5.设置nginx开机自启
[root@master-61 ~]#ansible web -m systemd -a "name=nginx state=started enabled=yes"
6.检查nginx状态
[root@master-61 ~]#ansible web -a "systemctl is-enabled nginx"
172.16.1.8 | CHANGED | rc=0 >>
enabled
172.16.1.9 | CHANGED | rc=0 >>
enabled
172.16.1.7 | CHANGED | rc=0 >>
enabled
[root@master-61 ~]#ansible web -a "systemctl status nginx"
7.关闭开机自启,且停止服务
[root@master-61 ~]#ansible web -m systemd -a "name=nginx state=stopped enabled=no"
8.再次检查状态
[root@master-61 ~]#ansible web -m shell -a "systemctl is-enabled nginx;systemctl status nginx"
mount挂载模块
官网
https://docs.ansible.com/ansible/latest/collections/ansible/posix/mount_module.html#mount-
给web机器组挂载nfs目录(只写入/etc/fstab而不挂载)
[root@master-61 ~]#ansible web -m mount -a "src='172.16.1.31:/nfs-nginx-data' path=/usr/share/nginx/html fstype=nfs state=present"
172.16.1.8 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "nfs",
"name": "/usr/share/nginx/html",
"opts": "defaults",
"passno": "0",
"src": "172.16.1.31:/nfs-nginx-data"
}
172.16.1.9 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "nfs",
"name": "/usr/share/nginx/html",
"opts": "defaults",
"passno": "0",
"src": "172.16.1.31:/nfs-nginx-data"
}
172.16.1.7 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "nfs",
"name": "/usr/share/nginx/html",
"opts": "defaults",
"passno": "0",
"src": "172.16.1.31:/nfs-nginx-data"
}
给web机器组挂载nfs目录(立即挂载且写入/etc/fstab)
[root@master-61 ~]#ansible web -m mount -a "src='172.16.1.31:/nfs-nginx-data' path=/usr/share/nginx/html fstype=nfs state=mounted"
检查
[root@master-61 ~]#ansible web -a "df -h"
[root@master-61 ~]#ansible web -a "cat /etc/fstab"
取消挂载,以及删除fstab记录
[root@master-61 ~]#ansible web -m mount -a "src='172.16.1.31:/nfs-nginx-data' path=/usr/share/nginx/html fstype=nfs state=absent"
验证
[root@master-61 ~]#ansible web -a "df -h"
[root@master-61 ~]#ansible web -a "cat /etc/fstab"
取消挂载,不删除fstab记录
[root@master-61 ~]#ansible web -m mount -a "src='172.16.1.31:/nfs-nginx-data' path=/usr/share/nginx/html fstype=nfs state=umounted"
总结参数
mounted 挂载设备且写入fstab
present 仅写入fstab 不挂载
absent 卸载且删除fstab记录
umounted 只卸载不删除fstab记录
archive压缩模块
官网文档
https://docs.ansible.com/ansible/latest/collections/community/general/archive_module.html
支持压缩类型
bz2
gz ← (default)
tar
xz
zip
用法文档
https://docs.ansible.com/ansible/latest/collections/community/general/archive_module.html#examples
指定format即可
压缩/etc配置文件到指定路径
[root@master-61 ~]#ansible web -m archive -a "path=/etc dest=/opt/etc.tgz"
查看
[root@master-61 ~]#ansible web -a "ls /opt -l"
172.16.1.7 | CHANGED | rc=0 >>
total 10092
-rw-rw-rw- 1 www www 0 May 6 20:11 666.log
-rw-r--r-- 1 root root 9679353 May 7 20:36 etc.tgz
drwxr-xr-x 2 www www 6 May 6 22:13 hello_ansible
-rw-r--r-- 1 root root 0 May 6 22:10 hello_ansible.log
-rw-rw-rw- 1 www www 0 May 6 22:20 hello-linux.log
lrwxrwxrwx 1 root root 10 May 6 22:22 hosts -> /etc/hosts
-rw-r--r-- 1 root root 640923 May 6 20:17 log.tgz
-rw------- 1 www www 20 May 6 21:40 web-cf.log
-rw------- 1 www www 9 May 6 21:26 web-cf.log.6269.2022-05-06@21:35:30~
-rw-r--r-- 1 root root 0 May 6 20:19 wenjie666
172.16.1.8 | CHANGED | rc=0 >>
total 10392
查看文件类型
[root@master-61 ~]#ansible web -a "file /opt/etc.tgz"
172.16.1.7 | CHANGED | rc=0 >>
/opt/etc.tgz: gzip compressed data, was "/opt/etc.tgz", last modified: Sat May 7 20:36:34 2022, max compression
172.16.1.9 | CHANGED | rc=0 >>
/opt/etc.tgz: gzip compressed data, was "/opt/etc.tgz", last modified: Sat May 7 20:36:34 2022, max compression
172.16.1.8 | CHANGED | rc=0 >>
/opt/etc.tgz: gzip compressed data, was "/opt/etc.tgz", last modified: Sat May 7 20:36:34 2022, max compression
unarchive解压缩模块
注意了,现在是远程解压缩,而不是载本机直接解压缩
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/unarchive_module.html#examples
解压缩etc.tgz到指定目录(远程解压)
remote_src远程数据源
指定目录必须存在
[root@master-61 ~]#ansible web -m file -a "path=/opt/etc_file state=directory"
解压缩
[root@master-61 ~]#ansible web -m unarchive -a "src=/opt/etc.tgz dest=/opt/etc_file remote_src=yes"
查看
[root@master-61 ~]#ansible web -a "ls /opt/etc_file/etc/"
将管理机的压缩包,解压到远程机器上
将master-61的压缩文件,压缩到web组机器上
1.生成etc.tgz数据
[root@master-61 ~]#cd / && tar -zcf /opt/etc.tgz etc
[root@master-61 /]#ls /opt/
etc.tgz
2.远程解压到web组机器上
[root@master-61 /]#ansible web -m unarchive -a "src=/opt/etc.tgz dest=/tmp/"
3.检查
[root@master-61 /]#ansible web -a "ls /tmp/etc/"
浙公网安备 33010602011771号