自動化メンテナンスツールansibleインストールとコマンドラインモジュールの使用

9884 ワード

概要
ansibleはPythonに基づいて開発された自動化メンテナンスツールであり、多くのメンテナンスツールの利点を集め、一括システム構成、一括プログラム配置、一括実行コマンドなどの機能を実現し、ansibleはモジュールに基づいて動作し、それ自体に一括配置の能力がない.本当に一括配置があるのはansibleが実行するモジュールで、ansibleはただ1種のフレームワークを提供して、SSHDプロトコルを通じて複数台のクライアントを管理します
じっけんはいち
1、実験計画
ホスト名
IPアドレス
义齿
192.168.7.192
Client 1(被管理端)
192.168.7.189
Client 2(被管理側)
192.168.7.134
2、ansibleサービスのインストール
#  epel 
[root@ansible ~]# yum install -y epel-release
#  ansible
[root@ansible ~]# yum install ansible -y
#    
[root@ansible ~]# ansible --version
ansible 2.9.10
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
#ansible     
[root@ansible ~]# tree /etc/ansible/
/etc/ansible/
├── ansible.cfg	#ansible     
├── hosts	 	#ansible    ,                  
└── roles		#  
#        
[root@ansible ~]# vim /etc/ansible/hosts
#      
[client1]
192.168.7.189
[client2]
192.168.7.134

3、sshのインタラクティブなログインを免除する
[root@ansible ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:GQr5RqmhTULNgMirHxqonG2NjQXnId8W36FNB3rQJKA root@ansible
The key's randomart image is:
+---[RSA 2048]----+
|o.o+   ...o.     |
|oo  o... ..o     |
|  o =Eo . o .    |
| . B O o + + .   |
|o . O * S * o    |
|+ .  = o o o     |
|o+o.* .          |
|oo.= o           |
|  .              |
+----[SHA256]-----+
[root@ansible ~]# ssh-copy-id [email protected]
[root@ansible ~]# ssh-copy-id [email protected]
#       
[root@ansible ~]# ssh-agent bash
[root@ansible ~]# ssh-add
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)

4、ansibleコマンドラインモジュール(1)commandモジュール
#    
ansible [  ] [-m   ] [-a args]
#  
[root@ansible ~]# ansible client1 -m command -a 'date'
192.168.7.189 | CHANGED | rc=0 >>
2020  07  11      16:17:58 CST
#    -m  ,     command  
#  hosts      ,     all
[root@ansible ~]# ansible all -a 'date'
192.168.7.134 | CHANGED | rc=0 >>
2020  07  11      16:19:12 CST
192.168.7.189 | CHANGED | rc=0 >>
2020  07  11      16:19:12 CST

(2)cronモジュール
  • 計画タスク、ターゲットホストに計画タスクを追加可能
  • の2つの状態(state):presentは追加(省略可能)absentは削除
  • を表す.
    #  
    [root@ansible ~]# ansible client1 -m cron -a \
    > 'minute="*/1" \
    > job="/usr/bin/echo hello >> /opt/hello.txt" \
    > name="test cron job"'
    192.168.7.189 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "envs": [], 
        "jobs": [
            "test cron job"
        ]
    }
    [root@ansible ~]# ansible client1 -a 'crontab -l'
    192.168.7.189 | CHANGED | rc=0 >>
    #Ansible: test cron job
    */1 * * * * /usr/bin/echo hello >> /opt/hello.txt
    #       
    #    ,            ,name=None  
    [root@ansible ~]# ansible client1 -m cron -a 'name="test cron job" state=absent'
    192.168.7.189 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "envs": [], 
        "jobs": []
    }
    [root@ansible ~]# ansible client1 -a 'crontab -l'
    192.168.7.189 | CHANGED | rc=0 >>
    

    (3)userモジュール
  • userモジュールが要求するのはuseradd,userdel,usermodの3つの命令
  • である.
    #  
    #    test1
    [root@ansible ~]# ansible client1 -m user -a 'name="test1"'
    #          
    [root@ansible ~]# ansible client -a 'tail -3 /etc/passwd'
    [WARNING]: Could not match supplied host pattern, ignoring: client
    [WARNING]: No hosts matched, nothing to do
    [root@ansible ~]# ansible client1 -a 'tail -3 /etc/passwd'
    192.168.7.189 | CHANGED | rc=0 >>
    tcpdump:x:72:72::/:/sbin/nologin
    larry:x:1000:1000:Larry:/home/larry:/bin/bash
    test1:x:1001:1001::/home/test1:/bin/bash
    #    test1
    [root@ansible ~]# ansible client1 -m user -a 'name="test1" state=absent'
    192.168.7.189 | CHANGED => {
    [root@ansible ~]# ansible client1 -a 'tail -3 /etc/passwd'
    192.168.7.189 | CHANGED | rc=0 >>
    postfix:x:89:89::/var/spool/postfix:/sbin/nologin
    tcpdump:x:72:72::/:/sbin/nologin
    larry:x:1000:1000:Larry:/home/larry:/bin/bash
    

    (4)グループモジュール
  • groupモジュールが要求するのはgroupadd,groupdel,groupmodの3つの命令
  • である.
    #  
    [root@ansible ~]# ansible client1 -m group -a 'name=client1 gid=306 system=yes'
    [root@ansible ~]# ansible client1 -a 'tail -3 /etc/group'
    192.168.7.189 | CHANGED | rc=0 >>
    tcpdump:x:72:
    larry:x:1000:
    client1:x:306:
    [root@ansible ~]# ansible client1 -m user -a 'name=test01 uid=306 system=yes 
    [root@ansible ~]# ansible client1 -a 'tail -3 /etc/passwd'
    192.168.7.189 | CHANGED | rc=0 >>
    tcpdump:x:72:72::/:/sbin/nologin
    larry:x:1000:1000:Larry:/home/larry:/bin/bash
    test01:x:306:306::/home/test01:/bin/bash
    [root@ansible ~]# ansible client1 -a 'id test01'    
    192.168.7.189 | CHANGED | rc=0 >>
    uid=306(test01) gid=306(client1)  =306(client1)
    

    (5)copyモジュール
    #  
    [root@ansible ~]# ansible client1 -m copy -a 'src=/etc/fstab dest=/opt/fstab.back'
    [root@ansible ~]# ansible client1 -a 'ls -l /opt'
    192.168.7.189 | CHANGED | rc=0 >>
        4
    -rw-r-----. 1 root root 595 7   11 16:46 fstab.back
    # hello   /opt/fstab.back
    [root@ansible ~]# ansible client1 -m copy -a \
    > 'content="hello" dest=/opt/fstab.back'
    [root@ansible ~]# ansible client1 -a 'cat /opt/fstab.back' 
    192.168.7.189 | CHANGED | rc=0 >>
    hello
    

    (5)fileモジュール
    #  
    [root@ansible ~]# ansible client1 -m user -a 'name=client1 system=yes'
    [root@ansible ~]# ansible client1 -m group -a 'name=client1 system=yes'
    #            
    [root@ansible ~]# ansible client1 -m file -a 'owner=client1 group=client1 mode=644 path=/opt/fstab.back'
    [root@ansible ~]# ansible client1 -a 'ls -l /opt'
    192.168.7.189 | CHANGED | rc=0 >>
        4
    -rw-r--r--. 1 client1 client1 5 7   11 16:50 fstab.back
    #  /opt/fstab.link /opt/fstab.back     
    [root@ansible ~]# ansible client1 -m file -a 'path=/opt/fstab.link src=/opt/fstab.back state=link' 
    [root@ansible ~]# ansible client1 -a 'ls -l /opt'
    192.168.7.189 | CHANGED | rc=0 >>
        4
    -rw-r--r--. 1 client1 client1  5 7   11 16:50 fstab.back
    lrwxrwxrwx. 1 root    root    15 7   11 16:56 fstab.link -> /opt/fstab.back
    #      
    [root@ansible ~]# ansible client1 -m file -a "path=/opt/fstab.link state=absent"
    #      
    [root@ansible ~]# ansible client1 -m file -a "path=/opt/test state=touch"
    #    
    [root@ansible ~]# ansible client1 -m file -a 'path=/opt/dir state=directory mode=755'
    

    (6)pingモジュール
    #  
    [root@ansible ~]# ansible all -m ping
    192.168.7.189 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    192.168.7.134 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    

    (7)yumモジュール
    #  
    #yum  httpd
    [root@ansible ~]# ansible client2 -m yum -a 'name=httpd'
    # client2   
    [root@client2 ~]# rpm -q httpd
    httpd-2.4.6-93.el7.centos.x86_64
    #  httpd
    [root@ansible ~]# ansible client2 -m yum -a 'name=httpd state=absent'
    # client2   
    [root@client2 ~]# rpm -q httpd
           httpd
    

    (8)サービスモジュール
    #  
    #     httpd  
    [root@ansible ~]# ansible client2 -m yum -a 'name=httpd'
    [root@ansible ~]# ansible client2 -a 'systemctl status httpd'
    192.168.7.134 | FAILED | rc=3 >>
    ● httpd.service - The Apache HTTP Server
       Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
       Active: inactive (dead)
         Docs: man:httpd(8)
               man:apachectl(8)non-zero return code
    [root@ansible ~]# ansible client2 -m service -a 'name=httpd state=started'
    [root@ansible ~]# ansible client2 -a 'systemctl status httpd'
    192.168.7.134 | CHANGED | rc=0 >>
    ● httpd.service - The Apache HTTP Server
       Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
       Active: active (running) since   2020-07-11 17:15:16 CST; 25s ago
    #       
    [root@ansible ~]# ansible client2 -m service -a 'name=firewalld state=stopped'
    

    (9)shellモジュール
    #  
    #                  
    [root@ansible ~]# ansible client1 -m shell -a 'echo abc123 | passwd --stdin client1'
    192.168.7.189 | CHANGED | rc=0 >>
         client1     。
    passwd:               。
    

    (10)scriptモジュール
    #  
    #          ,    
    [root@ansible ~]# vim test.sh
    #!/bin/bash
    echo "hello ansible from script"> /opt/script.txt
    [root@ansible ~]# chmod +x test.sh 
    #       client1
    [root@ansible ~]# ansible client1 -m script -a 'test.sh'
    #    
    [root@ansible ~]# ansible client1 -a 'cat /opt/script.txt'
    192.168.7.189 | CHANGED | rc=0 >>
    hello ansible from script