自動化メンテナンスツールansibleインストールとコマンドラインモジュールの使用

9884 ワード
ansible
概要
ansibleはPythonに基づいて開発された自動化メンテナンスツールであり、多くのメンテナンスツールの利点を集め、一括システム構成、一括プログラム配置、一括実行コマンドなどの機能を実現し、ansibleはモジュールに基づいて動作し、それ自体に一括配置の能力がない.本当に一括配置があるのはansibleが実行するモジュールで、ansibleはただ1種のフレームワークを提供して、SSHDプロトコルを通じて複数台のクライアントを管理します
じっけんはいち
1、実験計画
ホスト名
IPアドレス
义齿
192.168.7.192
Client 1(被管理端)
192.168.7.189
Client 2(被管理側)
192.168.7.134
2、ansibleサービスのインストール
#  epel 
[root@ansible ~]# yum install -y epel-release
#  ansible
[root@ansible ~]# yum install ansible -y
#    
[root@ansible ~]# ansible --version
ansible 2.9.10
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
#ansible     
[root@ansible ~]# tree /etc/ansible/
/etc/ansible/
├── ansible.cfg	#ansible     
├── hosts	 	#ansible    ,                  
└── roles		#  
#        
[root@ansible ~]# vim /etc/ansible/hosts
#      
[client1]
192.168.7.189
[client2]
192.168.7.134

3、sshのインタラクティブなログインを免除する
[root@ansible ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:GQr5RqmhTULNgMirHxqonG2NjQXnId8W36FNB3rQJKA root@ansible
The key's randomart image is:
+---[RSA 2048]----+
|o.o+   ...o.     |
|oo  o... ..o     |
|  o =Eo . o .    |
| . B O o + + .   |
|o . O * S * o    |
|+ .  = o o o     |
|o+o.* .          |
|oo.= o           |
|  .              |
+----[SHA256]-----+
[root@ansible ~]# ssh-copy-id [email protected]
[root@ansible ~]# ssh-copy-id [email protected]
#       
[root@ansible ~]# ssh-agent bash
[root@ansible ~]# ssh-add
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)

4、ansibleコマンドラインモジュール(1)commandモジュール
#    
ansible [  ] [-m   ] [-a args]
#  
[root@ansible ~]# ansible client1 -m command -a 'date'
192.168.7.189 | CHANGED | rc=0 >>
2020  07  11      16:17:58 CST
#    -m  ,     command  
#  hosts      ,     all
[root@ansible ~]# ansible all -a 'date'
192.168.7.134 | CHANGED | rc=0 >>
2020  07  11      16:19:12 CST
192.168.7.189 | CHANGED | rc=0 >>
2020  07  11      16:19:12 CST

(2)cronモジュール
  • 計画タスク、ターゲットホストに計画タスクを追加可能
  • の2つの状態(state):presentは追加(省略可能)absentは削除
    • を表す.
    #  
[root@ansible ~]# ansible client1 -m cron -a \
> 'minute="*/1" \
> job="/usr/bin/echo hello >> /opt/hello.txt" \
> name="test cron job"'
192.168.7.189 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": [
        "test cron job"
    ]
}
[root@ansible ~]# ansible client1 -a 'crontab -l'
192.168.7.189 | CHANGED | rc=0 >>
#Ansible: test cron job
*/1 * * * * /usr/bin/echo hello >> /opt/hello.txt
#       
#    ,            ,name=None  
[root@ansible ~]# ansible client1 -m cron -a 'name="test cron job" state=absent'
192.168.7.189 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": []
}
[root@ansible ~]# ansible client1 -a 'crontab -l'
192.168.7.189 | CHANGED | rc=0 >>

    (3)userモジュール
  • userモジュールが要求するのはuseradd,userdel,usermodの3つの命令
    • である.
    #  
#    test1
[root@ansible ~]# ansible client1 -m user -a 'name="test1"'
#          
[root@ansible ~]# ansible client -a 'tail -3 /etc/passwd'
[WARNING]: Could not match supplied host pattern, ignoring: client
[WARNING]: No hosts matched, nothing to do
[root@ansible ~]# ansible client1 -a 'tail -3 /etc/passwd'
192.168.7.189 | CHANGED | rc=0 >>
tcpdump:x:72:72::/:/sbin/nologin
larry:x:1000:1000:Larry:/home/larry:/bin/bash
test1:x:1001:1001::/home/test1:/bin/bash
#    test1
[root@ansible ~]# ansible client1 -m user -a 'name="test1" state=absent'
192.168.7.189 | CHANGED => {
[root@ansible ~]# ansible client1 -a 'tail -3 /etc/passwd'
192.168.7.189 | CHANGED | rc=0 >>
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
larry:x:1000:1000:Larry:/home/larry:/bin/bash

    (4)グループモジュール
  • groupモジュールが要求するのはgroupadd,groupdel,groupmodの3つの命令
    • である.
    #  
[root@ansible ~]# ansible client1 -m group -a 'name=client1 gid=306 system=yes'
[root@ansible ~]# ansible client1 -a 'tail -3 /etc/group'
192.168.7.189 | CHANGED | rc=0 >>
tcpdump:x:72:
larry:x:1000:
client1:x:306:
[root@ansible ~]# ansible client1 -m user -a 'name=test01 uid=306 system=yes 
[root@ansible ~]# ansible client1 -a 'tail -3 /etc/passwd'
192.168.7.189 | CHANGED | rc=0 >>
tcpdump:x:72:72::/:/sbin/nologin
larry:x:1000:1000:Larry:/home/larry:/bin/bash
test01:x:306:306::/home/test01:/bin/bash
[root@ansible ~]# ansible client1 -a 'id test01'    
192.168.7.189 | CHANGED | rc=0 >>
uid=306(test01) gid=306(client1)  =306(client1)

    (5)copyモジュール
    #  
[root@ansible ~]# ansible client1 -m copy -a 'src=/etc/fstab dest=/opt/fstab.back'
[root@ansible ~]# ansible client1 -a 'ls -l /opt'
192.168.7.189 | CHANGED | rc=0 >>
    4
-rw-r-----. 1 root root 595 7   11 16:46 fstab.back
# hello   /opt/fstab.back
[root@ansible ~]# ansible client1 -m copy -a \
> 'content="hello" dest=/opt/fstab.back'
[root@ansible ~]# ansible client1 -a 'cat /opt/fstab.back' 
192.168.7.189 | CHANGED | rc=0 >>
hello

    (5)fileモジュール
    #  
[root@ansible ~]# ansible client1 -m user -a 'name=client1 system=yes'
[root@ansible ~]# ansible client1 -m group -a 'name=client1 system=yes'
#            
[root@ansible ~]# ansible client1 -m file -a 'owner=client1 group=client1 mode=644 path=/opt/fstab.back'
[root@ansible ~]# ansible client1 -a 'ls -l /opt'
192.168.7.189 | CHANGED | rc=0 >>
    4
-rw-r--r--. 1 client1 client1 5 7   11 16:50 fstab.back
#  /opt/fstab.link /opt/fstab.back     
[root@ansible ~]# ansible client1 -m file -a 'path=/opt/fstab.link src=/opt/fstab.back state=link' 
[root@ansible ~]# ansible client1 -a 'ls -l /opt'
192.168.7.189 | CHANGED | rc=0 >>
    4
-rw-r--r--. 1 client1 client1  5 7   11 16:50 fstab.back
lrwxrwxrwx. 1 root    root    15 7   11 16:56 fstab.link -> /opt/fstab.back
#      
[root@ansible ~]# ansible client1 -m file -a "path=/opt/fstab.link state=absent"
#      
[root@ansible ~]# ansible client1 -m file -a "path=/opt/test state=touch"
#    
[root@ansible ~]# ansible client1 -m file -a 'path=/opt/dir state=directory mode=755'

    (6)pingモジュール
    #  
[root@ansible ~]# ansible all -m ping
192.168.7.189 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.7.134 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

    (7)yumモジュール
    #  
#yum  httpd
[root@ansible ~]# ansible client2 -m yum -a 'name=httpd'
# client2   
[root@client2 ~]# rpm -q httpd
httpd-2.4.6-93.el7.centos.x86_64
#  httpd
[root@ansible ~]# ansible client2 -m yum -a 'name=httpd state=absent'
# client2   
[root@client2 ~]# rpm -q httpd
       httpd

    (8)サービスモジュール
    #  
#     httpd  
[root@ansible ~]# ansible client2 -m yum -a 'name=httpd'
[root@ansible ~]# ansible client2 -a 'systemctl status httpd'
192.168.7.134 | FAILED | rc=3 >>
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:httpd(8)
           man:apachectl(8)non-zero return code
[root@ansible ~]# ansible client2 -m service -a 'name=httpd state=started'
[root@ansible ~]# ansible client2 -a 'systemctl status httpd'
192.168.7.134 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since   2020-07-11 17:15:16 CST; 25s ago
#       
[root@ansible ~]# ansible client2 -m service -a 'name=firewalld state=stopped'

    (9)shellモジュール
    #  
#                  
[root@ansible ~]# ansible client1 -m shell -a 'echo abc123 | passwd --stdin client1'
192.168.7.189 | CHANGED | rc=0 >>
     client1     。
passwd:               。

    (10)scriptモジュール
    #  
#          ,    
[root@ansible ~]# vim test.sh
#!/bin/bash
echo "hello ansible from script"> /opt/script.txt
[root@ansible ~]# chmod +x test.sh 
#       client1
[root@ansible ~]# ansible client1 -m script -a 'test.sh'
#    
[root@ansible ~]# ansible client1 -a 'cat /opt/script.txt'
192.168.7.189 | CHANGED | rc=0 >>
hello ansible from script
    classのsuper
    ACM/ICCCのBFS(オフライン)+康拓展開(HDU 1430-魔板)