ansible常用基础知识

本文介绍ansible安装、配置、hosts及常用模块，链接地址为官方文档

安装

yum -y install epel-release
yum -y install ansible
# 或者
yum -y install python-pip
pip install ansible

配置

less /etc/ansible/ansible.cfg
[defaults]
inventory      = /etc/ansible/hosts
library        = /usr/share/my_modules/
#module_utils   = /usr/share/my_module_utils/
#remote_tmp     = ~/.ansible/tmp
#local_tmp      = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
forks          = 5
#poll_interval  = 15
sudo_user      = root
remote_port    = 22
# SSH timeout
timeout = 10
# logging is off by default unless this path is defined
# if so defined, consider logrotate
log_path = /var/log/ansible.log

hosts信息

https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
[mysql]
192.168.20.25
192.168.20.26

[mongo]
192.168.20.27
192.168.20.28
192.168.20.29

[db:children]
mongo
mysql

参数

[root@192-168-20-83 ~]# ansible -h
usage: ansible [-h] [--version] [-v] [-b] [--become-method BECOME_METHOD] 
#-b参数，默认root执行，--become-user user-name切换用户执行
               [--become-user BECOME_USER] [-K] [-i INVENTORY] [--list-hosts]
               [-l SUBSET] [-P POLL_INTERVAL] [-B SECONDS] [-o] [-t TREE] [-k]
               [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER]
               [-c CONNECTION] [-T TIMEOUT]
               [--ssh-common-args SSH_COMMON_ARGS]
               [--sftp-extra-args SFTP_EXTRA_ARGS]
               [--scp-extra-args SCP_EXTRA_ARGS]
               [--ssh-extra-args SSH_EXTRA_ARGS] [-C] [--syntax-check] [-D]
               [-e EXTRA_VARS] [--vault-id VAULT_IDS]
               [--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES]
               [-f FORKS] [-M MODULE_PATH] [--playbook-dir BASEDIR]
               [-a MODULE_ARGS] [-m MODULE_NAME] #模块参数；模块名
               pattern
               
# ansible ip -m xxx -a "xxx" -b --become-user redis   切换redis用户执行
# ansible ip -m xxx -a "xxx" -b  默认root用户执行

常用模块:

1. 测试主机的连通性，使用ping 模块进行主机连通性测试
2. command模块，可以直接在远程主机上执行命令，并将结果返回本主机，不支持管道

命令模块接受命令名称，后面是空格分隔的列表参数。

3. shell模块，可以在远程主机上调用shell解释器运行命令，支持shell的各种功能，例如管道

4. copy模块，将本地文件copy到远程主机上，同时支持给定内容生成文件和修改权限

5. file模块，主要用于设置文件的属性，比如创建文件、创建链接文件、删除文件等

6. fetch模块，用于从远程某主机获取（复制）文件到本地。

7. yum模块，主要用于软件安装

8. service模块，用于服务程序的管理。

9. user模块，主要是用来管理用户账号。

10. group模块，主要用来对主机组的管理

11. script模块，用于将本机的脚本在被管理端的机器上运行。

12. setup模块，主要用于收集信息，是通过调用facts组件来实现的。

---

测试

ansible mysql -m ping

#copy模块
ansible mysql -m copy -a "src=/home/icey/source.txt dest=/tmp/destination.txt"

---

shell模块–shell模块支持管道，通过shell模块在远程主机执行shell命令

ansible mysql -m shell -a "ss -nlt | grep 22"  
[liguorui@jump-op ~]$ ansible 192.168.20.83 -m shell -a "ss -nlt"
192.168.20.83 | FAILED | rc=127 >>
/bin/sh: ss: command not foundnon-zero return code
#解决方法
[root@192-168-20-83 ~]# which  ss
/sbin/ss
[root@192-168-20-83 ~]# cp /sbin/ss /bin/

[liguorui@jump-op ~]$ ansible 192.168.20.83 -m shell -a "ss -nlt"
192.168.20.83 | SUCCESS | rc=0 >>
State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
LISTEN     0      128          *:10050                    *:*
LISTEN     0      128    127.0.0.1:9091                     *:*
LISTEN     0      128          *:27017                    *:*
LISTEN     0      128          *:80                       *:*
LISTEN     0      128          *:22                       *:*
LISTEN     0      128         :::10050                   :::*
LISTEN     0      80          :::3306                    :::*
LISTEN     0      128         :::22                      :::*

---

copy模块–拷贝本地文件到远程机器(覆盖，可备份)

https://docs.ansible.com/ansible/latest/modules/copy_module.html#copy-module

#远程文件拷贝
[liguorui@jump-op ~]$ ansible 192.168.20.83 -m copy -a "src=/home/liguorui/a.txt dest=/home/liguorui/hello.txt"
192.168.20.83 | SUCCESS => {
    "changed": true,
    "checksum": "f951b101989b2c3b7471710b4e78fc4dbdfa0ca6",
    "dest": "/home/liguorui/hello.txt",
    "gid": 1015,
    "group": "liguorui",
    "md5sum": "c897d1410af8f2c74fba11b1db511e9e",
    "mode": "0664",
    "owner": "liguorui",
    "size": 13,
    "src": "/home/liguorui/.ansible/tmp/ansible-tmp-1592224047.67-92039189751517/source",
    "state": "file",
    "uid": 1015
}

[liguorui@192-168-20-83 ~]$ cat hello.txt
hello world!

#覆盖文件修改权限，没有备份
[liguorui@jump-op ~]$ ansible 192.168.20.83 -m copy -a 'content="dose this mean success?" dest=/home/liguorui/hello.txt mode=660'
192.168.20.83 | SUCCESS => {
    "changed": true,
    "checksum": "77c9816d99adc15e966de1a97a88e4efebb4caef",
    "dest": "/home/liguorui/hello.txt",
    "gid": 1015,
    "group": "liguorui",
    "mode": "0660",
    "owner": "liguorui",
    "path": "/home/liguorui/hello.txt",
    "size": 23,
    "state": "file",
    "uid": 1015
}
[liguorui@jump-op ~]$ ssh 192.168.20.83
Last login: Mon Jun 15 20:33:15 2020 from 192.168.10.29
[liguorui@192-168-20-83 ~]$ ll hello.txt
-rw-rw---- 1 liguorui liguorui 23 Jun 15 20:31 hello.txt

# 覆盖文件，修改权限，添加备份
[liguorui@jump-op ~]$ ansible 192.168.20.83 -m copy -a 'content="dose this mean repeat?" dest=/home/liguorui/hello.txt mode=666 backup=yes'
192.168.20.83 | SUCCESS => {
    "backup_file": "/home/liguorui/hello.txt.18564.2020-06-15@20:36:27~",
    "changed": true,
    "checksum": "41df867832d52714f7a7a760b6de7cb93d8fd450",
    "dest": "/home/liguorui/hello.txt",
    "gid": 1015,
    "group": "liguorui",
    "md5sum": "18b46534a25f85542b47e3e65199edd7",
    "mode": "0666",
    "owner": "liguorui",
    "size": 22,
    "src": "/home/liguorui/.ansible/tmp/ansible-tmp-1592224585.23-198523869506267/source",
    "state": "file",
    "uid": 1015
}
$ ll hello.txt*
-rw-rw-rw- 1 liguorui liguorui 22 Jun 15 20:36 hello.txt
-rw-rw---- 1 liguorui liguorui 23 Jun 15 20:31 hello.txt.18564.2020-06-15@20:36:27~
$ cat hello.txt
dose this mean repeat?
$ cat hello.txt.18564.2020-06-15@20\:36\:27~
dose this mean success?

---

file模块–管理directory、file、link属性[Creates, touches or removes files or directories]

# 创建软连接
$ ansible 192.168.20.83 -m file -a "src=/home/liguo/fcm.txt dest=/tmp/ansible.txt state=link owner=hall5 group=hall5" -b
192.168.20.83 | SUCCESS => {
    "changed": true,
    "dest": "/tmp/ansible.txt",
    "src": "/home/liguorui/fcm.txt",
    "state": "absent"
}
#state=absent(删除)｜directory（新建目录）｜link （创建软连接）touch（新建文件）

$ ansible 192.168.20.83 -m file -a "path=/tmp/ansible2.txt state=touch" -b
192.168.20.83 | SUCCESS => {
    "changed": true,
    "dest": "/tmp/ansible2.txt",
    "gid": 0,
    "group": "root",
    "mode": "0644",
    "owner": "root",
    "size": 0,
    "state": "file",
    "uid": 0
}

---

yum模块–Manages packages with the yum package manager

https://docs.ansible.com/ansible/latest/modules/yum_module.html

service模块–管理服务

https://docs.ansible.com/ansible/latest/modules/service_module.html

script模块 – Runs a local script on a remote node after transferring it

https://docs.ansible.com/ansible/latest/modules/script_module.html
# 加--some-argument=1234后结果显示在当前页面，不加则不显示
[liguorui@jump-op ~]$ ansible 192.168.20.83 -m script -a "/home/liguorui/ansible.sh --some-argument=1234"
192.168.20.83 | SUCCESS => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 192.168.20.83 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 192.168.20.83 closed."
    ],
    "stdout": "i am from beijing \r\ni am from shanghai \r\ni am from xian \r\ni am from xianggang \r\n",
    "stdout_lines": [
        "i am from beijing ",
        "i am from shanghai ",
        "i am from xian ",
        "i am from xianggang "
    ]
}

数据库

# mysql
https://docs.ansible.com/ansible/latest/modules/mysql_db_module.html#examples
# mongo
https://docs.ansible.com/ansible/latest/modules/mongodb_shard_module.html