ansible playkook详解

最新推荐文章于 2024-06-30 19:22:00 发布

狂奔的蚂蚁（达克）

最新推荐文章于 2024-06-30 19:22:00 发布

阅读量1.2k

点赞数

CC 4.0 BY-SA版权

分类专栏： ansible

本文链接：https://blog.youkuaiyun.com/weixin_42104231/article/details/87554913

ansible 专栏收录该内容

2 篇文章

订阅专栏

本文详细介绍了使用Ansible进行自动化运维的五个实例，包括添加用户、修改密码、安装配置Apache服务、利用变量和文件传参优化Playbook，以及使用user模块的password选项安全地修改用户密码。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

第一个playbook:
完成添加用户，修改密码。

[root@ansible yaml]# cat user.yaml
  ---
  - hosts: cache                       #定义远程被管理主机
    remote_user: root               #定义远程登录用户
    tasks:                                  # 任务组
      - name: add user lily     #tasks下的name字段为注释
        user:
           name: lily         #调用user模块添加用户lily
      - name: this is a password   #tasks下的name字段为注释
        shell: echo 123456 |passwd --stdin lily   #调用shell模块修改用户lily的密码
      - shell: chage -d 0  lily   #调用shell模块设置lily下次登录必须修改密码                      

[root@ansible yaml]# ansible cache -m shell -a "id lily"
cache | SUCCESS | rc=0 >>
uid=1002(lily) gid=1002(lily) 组=1002(lily)

第二个playbook:
1 安装apache并修改监听端口为8080
2 修改ServerName配置，执行apachectl -t 不报错
3 设置默认主页为 hello world
4 启动服务并设置开机自启动。

[root@ansible yaml]# vim httpd.yaml
---
- hosts: web
  remote_user: root
  tasks:
    - name: install httpd
      yum:
        name: httpd
        state: installed
    - lineinfile:
        path: /etc/httpd/conf/httpd.conf
        regexp: '^Listen '
        insertafter: '^#Listen '
        line: 'Listen 8080'
    - lineinfile:
        path: /etc/httpd/conf/httpd.conf
        regexp: '^#ServerName'
        line: 'ServerName localhost'
    - copy:
        src: /mnt/index.html
        dest: /var/www/html/
        owner: apache
        group: apache
        mode: 0644
    - service:
        name: httpd
        state: started
        enabled: yes

验证：
[root@ansible yaml]# ansible-playbook httpd.yaml

￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥￥

第三个playbook (定义变量vars)

[root@ansible yaml]# cat user.yaml 
---
- hosts: cache
  remote_user: root
  vars:
    username: tom
  tasks:
    - user:
        name: "{{username}}"
    - name: this is a password
      shell: echo 123456 |passwd --stdin "{{username}}"
    - shell: chage -d 0  "{{username}}"

第四个playbook(文件传参）

[root@ansible yaml]# vim user.txt
{
   username: lucy
}

[root@ansible yaml]# vim user.yaml
---
- hosts: cache
  remote_user: root
  vars:
    username: tom
  tasks:
    - user:
        name: "{{username}}"
    - name: this is a password
      shell: echo 123456 |passwd --stdin "{{username}}"
    - shell: chage -d 0  "{{username}}

[root@ansible yaml]# ansible-playbook user.yaml -e '@user.txt'
[root@ansible yaml]# ansible cache -m shell -a "id lucy"
cache | SUCCESS | rc=0 >>
uid=1004(lucy) gid=1004(lucy) 组=1004(lucy

第五个playbook (user模块的password选项如何修改密码）

查看/etc/shadow文件的相关参数

[root@ansible yaml]# cat /etc/login.defs
#
# Please note that the parameters in this configuration file control the
# behavior of the tools from the shadow-utils component. None of these
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
# passwd command) should therefore be configured elsewhere. Refer to
# /etc/pam.d/system-auth for more information.
#
# *REQUIRED*
#   Directory where mailboxes reside, _or_ name of file, relative to the
#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
#   QMAIL_DIR is for Qmail
#
#QMAIL_DIR	Maildir
MAIL_DIR	/var/spool/mail
#MAIL_FILE	.mail

# Password aging controls:
#
#	PASS_MAX_DAYS	Maximum number of days a password may be used.
#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
#	PASS_MIN_LEN	Minimum acceptable password length.
#	PASS_WARN_AGE	Number of days warning given before a password expires.
#
PASS_MAX_DAYS	99999
PASS_MIN_DAYS	0
PASS_MIN_LEN	5
PASS_WARN_AGE	7

#
# Min/max values for automatic uid selection in useradd
#
UID_MIN                  1000
UID_MAX                 60000
# System accounts
SYS_UID_MIN               201
SYS_UID_MAX               999

#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN                  1000
GID_MAX                 60000
# System accounts
SYS_GID_MIN               201
SYS_GID_MAX               999

#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD	/usr/sbin/userdel_local

#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME	yes

# The permission mask is initialized to this value. If not specified, 
# the permission mask will be initialized to 022.
UMASK           077

# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes

# Use SHA512 to encrypt password.
ENCRYPT_METHOD SHA512 



 user模块的password选项
      [root@ansible yaml]# vim user.yaml
        ---
        - hosts: db
          remote_user: root
          vars:
            username: liuqi
          tasks:
            - user:
                name: "{{username}}"
                password: "{{'123456'|password_hash('sha512')}}"