查看“Ansible基础”的源代码
←
Ansible基础
跳到导航
跳到搜索
因为以下原因,您没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
=进阶= [https://blog.51cto.com/u_10272167/2707282 Ansible 日常使用技巧 - 运维总结] [https://ansible-tran.readthedocs.io/en/latest/docs/intro_getting_started.html Ansible中文权威指南 ] [https://www.jianshu.com/p/0326780d05fc 2021-Ansible学习] [https://blog.csdn.net/weixin_43798031/article/details/115866901 ansible playbook初始化系统基础环境,直接就可以用] [https://blog.51cto.com/u_13520779/2091782 ansible批量部署服务] [https://zhuanlan.zhihu.com/p/149499486 ansible的安装和操作,并编写一个docker部署的示例] [https://blog.csdn.net/weixin_43748870/article/details/88682689 ansible-playbook使用实例(分发文件,执行脚本)] [https://www.cnblogs.com/LiuChang-blog/p/14702939.html Ansible自动化运维应用实战 ] ==变量== <pre> vars: key_file: /etc/nginx/ssl/nginx.key play book - name: copy TLS key copy: src=files/nginx.key dest={{key_file}} owern=root mode=0600 </pre> == Chapter 2 inventory== p48 [https://www.jianshu.com/p/7eb4c8ee8e13 Ansible教程 第三章 Inventory详解] =introduction= Ansible是一种IT自动化工具。它可以配置系统,部署软件以及协调更高级的IT任务,例如持续部署,滚动更新。Ansible适用于管理企业IT基础设施,从具有少数主机的小规模到数千个实例的企业环境。Ansible也是一种简单的自动化语言,可以完美地描述IT应用程序基础结构。 =ins= https://docs.ansible.com/ansible/latest/installation_guide/index.html <pre> #on master pip3 install --user ansible ssh-copy-id -i id_ecdsa.pub root@192.168.88.50 ssh-copy-id -i id_ecdsa.pub root@192.168.88.51 ssh-copy-id -i id_ecdsa.pub root@192.168.88.52 mkdir /etc/ansible vi /etc/ansible/hosts 192.168.88.50 192.168.88.51 192.168.88.52 [intra] 192.168.10.120 192.168.10.121 ansible all -b -u root -a "hostname" 192.168.88.51 | CHANGED | rc=0 >> k8s-node1 192.168.88.50 | CHANGED | rc=0 >> k8s-master 192.168.88.52 | CHANGED | rc=0 >> k8s-node2 ansible all -m ping </pre> == ins on centos use yum == <pre> yum install epel-release yum install ansible </pre> =配置文件= <pre> # 写在自己的home目录 ansible在使用配置文件时按照以下顺序优先配置: export ANSIBLE_CONFIG ./ansible.cfg ~/.ansible.cfg /etc/ansible/ansible.cfg 如果以上顺序没有找到配置文件ansible会自动使用默认配置 关于ansible的配置在/etc/ansible/ansible.cfg文件中,所以关于ansible运行时所使用的ssh配置也可以在此文件中配置。在目前的ansible中,运行ansible时会依次加载 环境变量ANSIBLE_CONFIG,当前目录的ansible.cfg,~/.ansible.cfg,/etc/ansible/ansible.cfg,针对同一个配置项以最先加载到的为准。所以,我们可以单独编写自己的ansible.cfg文件放在当前目录下。 可以去github上把默认配置拿下来: https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg # To generate an example config file (a "disabled" one with all default settings, commented out): # $ ansible-config init --disabled > ansible.cfg # Also you can now have a more complete file by including existing plugins: # ansible-config init --disabled -t all > ansible.cfg 把它放到/etc/ansible/目录 </pre> =日常技巧= ==sudo == === 没密码的sudo=== <pre> cat /etc/ansible/agent.yml --- - hosts: all become: yes become_method: sudo remote_user: ops roles: - ag_conf #当然 shell 里面也要写sudo </pre> [https://blog.51cto.com/u_3379770/1906326 ansible 普通用户执行命令] [https://www.cnblogs.com/fjping0606/p/6952749.html Ansible 使用普通用户远程执行playbook ] ==分组== ansible beta -b -u evan -m shell -a " sudo hostname" 执行ansible-playbook -C /etc/ansible/agent.yml 得在 yml 里面指定 hostip etc <pre> inventory 文件hosts # 非标准的22端口 必须第一列为别外 不然无效哦 January 24 2022 [add] #172.16.0.40 [beta] beta-insurance ansible_host=172.16.0.14 ansible_port=22 [pro] prod-core-mongo ansible_host=172.16.1.40 ansible_port=22 prod-access ansible_host=172.16.1.8 ansible_port=22 prod-insurance-backstage ansible_host=172.16.0.16 ansible_port=22 prod-insurance-crm-mongo ansible_host=172.16.1.37 ansible_port=22 prod-insurance-backstage-count ansible_host=172.16.1.19 ansible_port=22 prod_core ansible_host=172.16.1.9 ansible_port=22 prod_mq ansible_host=172.16.1.12 ansible_port=22 [core] prod_core prod-core-mongo [insure] prod-access prod-insurance-backstage prod-insurance-crm-mongo prod-insurance-backstage-count </pre> == run shell== ansible core -b -u evan -m shell -a "sudo ls /home/evan" ansible insure -m shell -a "sudo cat /etc/ssh/sshd_config | grep Permit" == 常用参数== -m MODULE_NAME #执行模块的名字,默认使用 command 模块,所以如果是只执行单一命令可以不用 -m参数 -u REMOTE_USER #远程用户,默认为 root 用户 查看列表的命令 -m 要执行的模块,默认为command -a 模块的参数 -u ssh连接的用户名,默认用root,ansible.cfg中可以配置 -C, --check don't make any changes; instead, try to predict some of the changes that may occur ==变量== <pre> # 主机和主机组变量(主机变量优先级大于主机组变量) vim /etc/ansible/hosts [webservers] 172.16.1.121:22 ansible_ssh_user=root ansible_ssh_pass='123456' http_port=80 172.16.1.122:22 ansible_ssh_user=root ansible_ssh_pass='123456' [webservers:vars] http_port=8080 server_name=www.baidu.com 实验: ansible webservers -m command -a "echo {{http_port}}" -o 命令说明: ansible webservers -m command -a "echo {{http_port}}" -o ansible:ansible命令 webservers:/etc/ansible/hosts中配置的主机组名称,指定 all (分组和未分组的主机)代表所有主机,指定172.16.1.121代表单台主机。 -m:指定使用的模块,默认是command模块(简单的shell命令),可以省略不写。 -a:指定具体使用的shell指令,比如"echo {{http_port}}"表示在远程主机上打印http_port这个变量。 -o:对ansible的输出的结果进行压缩(即,输出的结果显示在一行) </pre> ==ansible 常用模块== ===主机连通性测试=== ansible web -m ping命令来进行主机连通性测试 === command 模块=== <pre> ansible web -m command -a 'ss -ntl' 命令模块接受命令名称,后面是空格分隔的列表参数。给定的命令将在所有选定的节点上执行。它不会通过shell进行处理,比如$HOME和操作如"<",">","|",";","&" 工作(需要使用(shell)模块实现这些功能)。注意,该命令不支持| 管道命令。 下面来看一看该模块下常用的几个命令: chdir # 在执行命令之前,先切换到该目录 executable # 切换shell来执行命令,需要使用命令的绝对路径 free_form # 要执行的Linux指令,一般使用Ansible的-a参数代替。 creates # 一个文件名,当这个文件存在,则该命令不执行,可以 用来做判断 removes # 一个文件名,这个文件不存在,则该命令不执行 </pre> ===shell 模块=== ===copy 模块=== ===9)service 模块=== <pre> 该模块用于服务程序的管理。 其主要选项如下: arguments #命令行提供额外的参数 enabled #设置开机启动。 name= #服务名称 runlevel #开机启动的级别,一般不用指定。 sleep #在重启服务的过程中,是否等待。如在服务关闭以后等待2秒再启动。(定义在剧本中。) state #有四种状态,分别为:started--->启动服务, stopped--->停止服务, restarted--->重启服务, reloaded--->重载配置 下面是一些例子: ① 开启服务并设置自启动 [root@server ~]# ansible web -m service -a 'name=nginx state=started enabled=true' </pre> ===12)script 模块=== <pre> 万事先man root@myxps:~# ansible-doc -s script - name: Runs a local script on a remote node after transferring it script: chdir: # Change into this directory on the remote node before running the script. cmd: # Path to the local script to run followed by optional arguments. creates: # A filename on the remote node, when it already exists, this step will *not* be run. decrypt: # This option controls the autodecryption of source files using vault. executable: # Name or path of a executable to invoke the script with. free_form: # Path to the local script file followed by optional arguments. removes: # A filename on the remote node, when it does not exist, this step will *not* be run. [evan@ ansible]$ ansible add -m script -a './1.sh' [evan@ ansible]$ cat 1.sh touch /tmp/byevanjan.log </pre> https://blog.51cto.com/noodle/1769474 ===stat 模块=== ansible sftp -m stat -a "path=/etc/passwd" ===firewalld模块=== <pre> service : Name of a service to add/remove to/from firewalld.The service must be listed in output of firewall-cmd --get-services. 指定放行的服务,此服务必须要在firewall-cmd --get-services查询的到。 irewalld模块主要设置火墙对服务和端口的允许 参数:ansible-doc -s firewalld查看一下fetch模块的参数` service参数 必须参数,用于指定要允许服务。 state参数 enabled开机启动 permanent参数 true 永久添加 immediate参数 true 立即生效 # firewall-cmd --list-all public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh /etc/ansible# cat fire.yml --- - hosts: 192.168.10.122 gather_facts: true remote_user: root tasks: - name: "firewalld" firewalld: service: http state: enabled permanent: true immediate: yes ansible-playbook -C fire.yml ansible-playbook fire.yml 运行后 结果如下 多了个 http firewall-cmd --list-all public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client http ssh #直接执行 ansible node1 -m firewalld -a 'service=https permanent=yes state=enabled' ansible node1 -m service -a 'name=firewalld state=restarted' #建议reload 不要动不动restart ansible intra -m service -a 'name=firewalld state=reloaded' ansible intra -m firewalld -a 'port=8081/tcp permanent=yes state=enabled' </pre> [https://www.cnblogs.com/hypj/p/14035206.html ansible firewalld模块详解] ===ansible 用户批量创建与管理=== <pre> 最笨的办法 明显不是我们要的 ansible intra -m command -a 'useradd appl' ansible-doc user -s 最好的办法 playbook /etc/ansible# cat adduser.yml --- - hosts: all remote_user: root tasks: - name: 'Create group lai' group: name: lai state: present - name: create user deployer user: name: "{{ item.user }}" group: "{{ item.user }}" password: "{{ item.pass|password_hash('sha512') }}" state: present update_password: on_create loop: - { user: lai , pass: '2240881'} #密码要用字符 </pre> =Ansible-Playbook之初始化服务器= <pre> init-user init-tools vim task/main.yml - include: user.yml #用户管理 - include: repo.yml #yum源 - include: init_pkg.yml #安装基础组件 - include: profile.yml #环境变量 - include: selinux.yml #selinux - include: dir.yml #基础目录 - include: limits.yml #系统参数 - include: iptables.yml #防火墙 - include: sysctl.yml #内核参数 - include: rc.local.yml #开机启动 - include: dns.yml #dns - include: ntp.yml #ntp - include: rsyslog.yml #日志同步 - include: sshd.yml #ssh优化 - include: safe.yml #安全配置 </pre> [https://juejin.cn/post/6995171921004331038 good-ansible自动化:操作系统初始化具体实现 ] [https://cloud.tencent.com/developer/article/1702876 03 实战 Ansible-Playbook之初始化服务器--有sshd安全相关] https://gitee.com/wanghui1234/ansible_repo [https://blog.csdn.net/weixin_30955341/article/details/101262866 ansible-playbook编写服务器初始化脚本] =ansible配合shell脚本批量编译安装python3.7= https://github.com/evan886/my-ansible 具体安排脚本here https://github.com/evan886/my-ansible/tree/main/ansible4py3.7ins <pre> git clone git@github.com:evan886/my-ansible.git cd ansible4py3.7ins/ 执行playbook 测试 root@myxps:/etc/ansible# ansible-playbook -C python.yml 执行 root@myxps:/etc/ansible# ansible-playbook python.yml </pre> [https://blog.csdn.net/reblue520/article/details/81301223 ansible配合shell脚本批量编译安装python3.6.6] =ansible配合shell脚本批量安装golang= https://golang.org/doc/install <pre> tree . ├── ansible.cfg ├── go.yml ├── hosts └── roles └── go_install ├── files │ └── go1.17.1.linux-amd64.tar.gz ├── tasks │ ├── copy.yml │ ├── install.yml │ └── main.yml └── templates └── go_install.sh 5 directories, 8 files reload environment variable. 怎么搞 要手工不成 不科学 oot@myxps:/etc/ansible# ansible intra -b -u root -a "source /etc/profile" 192.168.10.120 | FAILED | rc=2 >> [Errno 2] 没有那个文件或目录 192.168.10.121 | FAILED | rc=2 >> [Errno 2] 没有那个文件或目录 root@myxps:/etc/ansible# ansible intra -b -u root -a ". /etc/profile" 192.168.10.121 | FAILED | rc=13 >> [Errno 13] 权限不够 192.168.10.120 | FAILED | rc=13 >> [Errno 13] 权限不够 </pre> == run== <pre> #!/usr/bin/env ansible-playbook 加权限后就可以 ./youfile root@myxps:/etc/ansible# ansible-playbook -C go.yml [WARNING]: ansible.utils.display.initialize_locale has not been called, this may result in incorrectly calculated text widths that can cause Display to print incorrect line lengths PLAY [all] ***************************************************************************************************** TASK [Gathering Facts] ***************************************************************************************** ok: [192.168.10.121] ok: [192.168.10.120] TASK [go_install : copy go_tgz to client] ********************************************************************** changed: [192.168.10.120] changed: [192.168.10.121] TASK [go_install : copy install_go_script to client] *********************************************************** changed: [192.168.10.120] changed: [192.168.10.121] TASK [go_install : install go] ********************************************************************************* skipping: [192.168.10.120] skipping: [192.168.10.121] PLAY RECAP ***************************************************************************************************** 192.168.10.120 : ok=3 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 192.168.10.121 : ok=3 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 root@myxps:/etc/ansible# ansible-playbook go.yml [WARNING]: ansible.utils.display.initialize_locale has not been called, this may result in incorrectly calculated text widths that can cause Display to print incorrect line lengths PLAY [all] ****************************************************************************************************************************************************************** TASK [Gathering Facts] ****************************************************************************************************************************************************** ok: [192.168.10.121] ok: [192.168.10.120] TASK [go_install : copy go_tgz to client] *********************************************************************************************************************************** changed: [192.168.10.120] changed: [192.168.10.121] TASK [go_install : copy install_go_script to client] ************************************************************************************************************************ changed: [192.168.10.120] changed: [192.168.10.121] TASK [go_install : install go] ********************************************************************************************************************************************** changed: [192.168.10.120] changed: [192.168.10.121] PLAY RECAP ****************************************************************************************************************************************************************** 192.168.10.120 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.10.121 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 </pre> [https://www.jianshu.com/p/d4e6655ff937 Ansible Role 系统环境 之【go】] =ansible sudo 安装配置zbx agent = https://github.com/evan886/my-ansible #具体脚本 https://github.com/evan886/my-ansible/tree/main/ansible4zbxagent-insconf =ansible sudo 修改ssh配置文件的安全选项 = <pre> cat modify_sshd.yml --- - hosts: cor #- hosts: all gather_facts: true #remote_user: root become: yes become_method: sudo remote_user: evan tasks: - name: "修改ssh配置文件的安全选项" lineinfile: path: /etc/ssh/sshd_config regexp: '{{ item.regexp }}' line: '{{ item.line }}' state: present with_items: - regexp: "^PasswordAuthentication" line: "PasswordAuthentication no" - regexp: "^#PermitRootLogin yes" line: "PermitRootLogin no" - regexp: "^PermitRootLogin yes" line: "PermitRootLogin no" #- regexp: "^#Port 22" # line: "Port 2249" - regexp: "^GSSAPIAuthentication yes" line: "GSSAPIAuthentication no" notify: - restart sshd handlers: - name: restart sshd service: name: sshd state: restarted 直接 ansible all -b --become-method=su --become-user-root -m shell -a "sed 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config" |grep -E "Root|172.16" </pre> =Ansible使用playbook自动化编译安装Nginx= [https://www.linuxidc.com/Linux/2017-10/148058.htm Ansible使用playbook自动化编译安装Nginx] =ansible 创建用户= <pre> useradd jsxge chown -R jsxge.wheel jsxge echo "123456" | passwd --stdin jsxge </pre> [https://www.codenong.com/37333305/ 关于sudoers:Ansible:创建具有sudo特权的用户] =ansible修改hostname modify_hostname= <pre> cat hosts [pro] 172.16.0.8 172.16.0.16 172.16.0.37 172.16.0.19 172.16.0.9 ansible]$ cat modify_hostname.yml --- - name: set hostname hosts: pro #hosts: all become: yes become_method: sudo remote_user: eva gather_facts: false vars: hostnames: - host: 172.16.0.8 name: prod-access - host: 172.16.0.16 name: prod-insurance-backstage - host: 172.16.0.37 name: prod-insurance-crm-mongo - host: 172.16.0.19 name: prod-insurance-backstage-count - host: 172.16.0.9 name: prod-insurance-core tasks: - name: set hostname hostname: name: "{{item.name}}" when: item.host == inventory_hostname loop: "{{hostnames}}" </pre> =ansible and shell= [https://bingostack.com/2021/03/ansible-shell-command/ 使用ansible执行shell命令的正确姿势] =分发文件= <pre> cat /etc/ansible/hosts [intra] 192.168.10.120 192.168.10.121 ansible intra -m copy -a "src=/home/evan/data/devops/node-v14.17.6-linux-x64.tar.xz dest=/root/" ansible 122 -m copy -a "src=/home/evan/data/devops/jdk/jdk-8u212-linux-x64.rpm dest=/root/" </pre> [https://blog.csdn.net/wszll_Alex/article/details/77688224 ansible批量传输文件] [https://www.cxyzjd.com/article/Jailman/78344245 结合P2P软件使用Ansible分发大文件_神棍之路-程序员宅基地] [https://zdyxry.github.io/2019/11/22/%E4%BD%BF%E7%94%A8-Ansible-%E4%BC%A0%E8%BE%93%E6%96%87%E4%BB%B6%E7%9A%84%E5%87%A0%E7%A7%8D%E6%96%B9%E5%BC%8F/ 使用 Ansible 传输文件的几种方式] =troubleshooting= <pre> TASK [ag_conf : install conig zbx agent] ************************************************************************** fatal: [172.16.0.16]: FAILED! => {"changed": true, "cmd": "/bin/bash /tmp/i.sh", "delta": "0:00:00.065791", "end": "2021-10-15 10:54:54.896410", "msg": "non-zero return code", "rc": 127, "start": "2021-10-15 10:54:54.830619", "stderr": "/bin/bash: /tmp/i.sh: 没有那个文件或目录", "stderr_lines": ["/bin/bash: /tmp/i.sh: 没有那个文件或目录"], "stdout": "", "stdout_lines": []} PLAY RECAP ********************************************************************************************************* 172.16.0.16 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 solution 忘记main.yml 加上 copy.yml喽 </pre> [https://al-cui.github.io/2020/04/05/Ansible-playbook%20%E5%85%B3%E4%BA%8Essh%E7%9A%84%E9%85%8D%E7%BD%AE%E5%92%8C%E4%BD%BF%E7%94%A8/ ansible中配置ssh--ssh连接断开时,如何很快获取异常并中断playbook的执行] = Playbook= [https://blog.51cto.com/u_13630803/2154192 Ansible之Playbook详解、案例] =References= [https://www.cnblogs.com/sparkdev/p/9905290.html Ansible 简介] [https://www.jianshu.com/p/e390a01669f8 ansible基础教程] [https://z.itpub.net/article/detail/BFF69D272DEFB9A5C71F2D8F839B4A93 别让运维太忙,一文详解 Ansible 的自动化运维,提高工作效率] [https://blog.wangriyu.wang/2018/08-Jenkins.html Jenkins + Ansible 实现 Golang 自动化编译部署] https://github.com/apenella/go-ansible#install [https://www.cnblogs.com/f-ck-need-u/p/7567417.html Ansible系列(四):playbook应用和roles自动化批量安装示例 ] [https://www.gbgj.net/info/468349.html langroot下载 分享Ansible批量安装golang环境] [https://blog.csdn.net/dghfttgv/article/details/104726454 Ansible(1)—— Ansible详解及inventory文件配置] [https://juejin.cn/post/7050429548495634469 ansible入门 ] [https://zhuanlan.zhihu.com/p/139846936 一分钟了解Ansible] [[category:devops]]
返回至
Ansible基础
。
导航菜单
个人工具
登录
名字空间
页面
讨论
变种
视图
阅读
查看源代码
查看历史
更多
搜索
导航
首页
我的导航
关于我
shell
python
ops
linuxchina.net
blog.linuxchina
最近更改
随机页面
帮助
工具
链入页面
相关更改
特殊页面
页面信息
