ansible获取命令: ansible all -m setup
- ansible_all_ipv4_addresses: 仅显示ipv4的消息
- ansible_devices: 仅显示磁盘设备信息
- ansible_distribution: 显示是什么系统(centos、suse等)
- ansible_distribution_version: 显示系统的版本
- ansible_machine: 显示系统的类型(32位、64位)
- ansible_eth0: 仅显示eth0的信息
- ansible_hostname: 仅显示主机名称
- ansible_kernel:仅显示内核版本
- ansible_lvm: 显示lvm相关信息
- ansible_memtotal_mb: 显示系统总内存
- ansible_memfree_mb: 显示可用系统内存
- ansible_memory_mb: 显示内存情况
- ansible_swaptotal_mb: 显示总的交换内存
- ansible_swapfree_mb: 显示总的swap内存
- ansible_mounts:显示系统磁盘挂载
- ansible_processor:显示CPU个数(具体显示每个CPU的型号)
- ansible_processor_vcpus: 显示cpu的个数(只显示总的个数)
- ansible_python_version: 显示python的版本
ansible cache -m setup -a ‘filter=processor‘# 用来搜索 ansible -i host_init.ini all -m setup -a “filter=ansible_distribution”
1. playbook的语法格式
#本playbook等同于在主机上以hello用户权限执行 sudo service nginx start
---
- hosts: all
remote_user: hello
tasks:
- service: name=nginx state=started
become: yes
become_method: sudo
#本playcook等同于以root身份进行ssh登录,然后将用户换为hello。接下来的所有任务(tasks)都以hello用户身份执行。
---
- hosts: webservers
remote_user: root
become: yes
become_user: hello
---
- hosts: webservers
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum:
name: httpd
state: latest
- name: write the apache config file
template:
src: /srv/httpd.j2
dest: /etc/httpd.conf
- hosts: databases
remote_user: root
tasks:
- name: ensure postgresql is at the latest version
yum:
name: postgresql
state: latest
- name: ensure that postgresql is started
service:
name: postgresql
state: started
2. 常用模块的介绍和使用
系统校验:
# 测试系统的版本
## ansible_distribution=Ubuntu
## ansible_distribution_version=18.04
## ansible_distribution_major_version:系统的大版本号
## ansible_os_family: 系统的操作系统(‘RedHat’,’Debian’,’FreeBSD’)
- name: debug test demo
debug:
msg: "test system version code "
when: ansible_distribution_version=="18.04"
条件判断:
# 条件判断 (register的参数,有stdout和rc)
## register变量的命名不能用 -中横线,比如dev-sda6_result,则会被解析成sda6_result,dev会被丢掉,所以不要用-
- name: check mysqld process
shell: "ps -ef | grep -i mysqld | grep -v grep |grep {{mysql_port}}| wc -l"
register: result
- name: if stdout != 0 ,Interrupt execution
fail: msg="mysqld process is exist"
when: result.stdout != "0"
切换用户:
#本playcook等同于以root身份进行ssh登录,然后将用户换为hello。接下来的所有任务(tasks)都以hello用户身份执行。
## become: yes # 是否允许身份切换
## become_method: su # 切换用户身份的方式,有sudo su pbrun等,默认是sudo
## become_user: root # 切换指定用户
---
- hosts: webservers
hosts: demo-autodeploy
remote_user: root
become: yes
become_method: su
become_user: root
a. 命令模块:
# command命令
## 无法支持"<",">","|",";","&"等符号
## creates : 判断指定文件是否存在,如果存在,不执行后面操作
## removes : 判断指定文件是否存在,如果存在,执行后面操作
- name: test command
command:
chdir: /home/qif/Downloads
cmd: "mkdir -p test/a"
- name: test command
command:
chdir: /home/qif/Downloads
creates: "get.txt"
cmd: "touch get.txt"
- name: test command
command:
chdir: /home/qif/Downloads
removes: "get.txt"
cmd: "rm -rf get.txt"
# shell是command的升级版,功能类似
- name: test shell
shell:
chdir: /home/qif/Downloads
cmd: "mkdir -p test/a"
b. 文件模块:
# copy的命令
## src: 指定本地管理主机的什么数据信息,进行远程复制
## dest(required): 将数据复制到远程节点的路径信息
## backup: 默认数据复制到远程主机,会覆盖原有文件(yes 将源文件进行备份)
## content: 文件中添加内容
## owner: 文件复制到远程主机,设置文件所属用户
## group: 文件复制到远程主机,设置文件属组
## mode: 文件赋值到远程主机,设置数据的权限(eg 0644 0755)
- name: copy pom
copy:
src: vsftpd.pem
dest: /etc/ssl/private/vsftpd.pem
owner: root
group: root
mode: 0644
- name: copy configuration
copy:
src: '{{item.src}}'
dest: '{{item.dest}}'
owner: root
group: root
mode: 0644
with_items:
- { src: 'vsftpd.conf', dest: '/etc'}
- { src: 'vsftpd.chroot_list', dest: '/etc' }
- { src: 'vsftpd.user_list', dest: '/etc' }
# fetch 抓取文件到管理机上
## src(required): 获取的远程系统上的文件,必须是文件,而不是目录
## dest: 用于保存文件的目录
- name: fetch file
fetch:
src: /home/qif/Downloads/test.txt
dest: /usr/local/log
# file
## dest/path/name (required): 将数据复制到远程节点的路径信息
## group: 文件复制到远程主机后,文件所属组
## owner: 文件复制到远程主机后,文件所属用户
## src: 指定本地管理主机的数据,进行复制
## state: absent / directory / file / touch / hard/link
- name: create ftp root
file:
path: "/usr/local/ftp/root"
state: directory
owner: ftpuser
group: ftpuser
mode: 0644
ignore_errors: True
c. 创建组和用户:
# 创建用户分组
- name: create ftp group
group:
name: "ftpuser"
gid: "777"
state: present
# 创建用户
- name: create ftp user
user:
name: "ftpuser"
password: "$6$kKtGP1.01ZZ58/Ey$ta7Tk/uUYnZMl8JGIQj7ciUsdcnjmY5dhOanfV1v52MVJnD2eHzMRPS1Uu020XIKW8F0lSvO9WPyymTYDIpI50"
group: "ftpuser"
home: "/usr/local/ftp/root"
state: present
d. 安装依赖包:
# yum 或者 apt install 安装依赖
## name(required): 指定软件名称
## state: absent/removed present/installed (将软件进行卸载/安装)
- name: install yum dependents
become: yes
become_method: su
become_user: root
apt:
name: "{{ item }}"
state: present
with_items:
- libaio1
- libmecab2
- expect
- libmysqlclient-dev
- libmysqlclient20
- libmysqld-dev
- libnet-telnet-perl
- libtest-fixme-perl
- libcpan-perl-releases-perl
- libdbi-perl
- libdbd-mysql-perl
- libconfig-tiny-perl
e. 启动服务:
# 启动服务
## enabled: no / yes 设置服务是否开机自启,如果参数不指定,原有状态保留
## name(required): 服务的名称
## state: reloaded(平滑重启)、restarted(重启)、started(启动)、stopped(停止)
- name start service
enabled: yes
name: nginx
state: started
f. 挂载模块:
# 挂载
## fstype: 指定的挂在文件系统
## opts: 指定挂载参数
## path: 指定一个挂载点
## src: 设备文件信息
## state: absent(卸载并修改fstab文件)、unmounted(卸载不会修改fstab文件)、present(不会挂载,只会修改fstab文件)、mounted(会挂载,会修改fstab文件)
- name mount load
fstype: ext4
path: /data
src: /dev/sdb
state: mounted
g. 定时任务:
# cron定时任务
## minute/hour/day/month/weekday 设置时间信息
## job: 设置定时任务相关参数
## name(required): 设置定时任务注释信息
## state: absent / present 删除/ 添加
## disabled: yes /no 指定任务进行注释/取消注释
- name: mysql backup config crontab
when: backup == 1
cron:
name: "## mysql backup"
minute: "0"
hour: "*/1"
job: "sh /opt/tools/bin/xtrmysqlbackup.sh {{mysql_port}} > /dev/null 2>&1"
state: present
h. 解压缩文件:
# unarchive模块
## src: 指定本地管理主机的什么数据信息,进行远程复制
## dest: 绝对路径
## owner: 文件复制到远程主机,设置文件所属用户
## group: 文件复制到远程主机,设置文件属组
## mode: 文件赋值到远程主机,设置数据的权限(eg 0644 0755)
- name: transfer xtrabackup to remote host and unarchive to /opt/
unarchive:
src: xtrabackup.tar.gz
dest: /usr/local/
owner: root
group: root
lineinfile操作:
在文件”dest”中,用正则表达式匹配“regexp”值: 若匹配到“regexp”值=1:替换“regexp”值所在行为 “line”; 若匹配到“regexp”值>1:只替换最后一个匹配的有效值; 若匹配到“regexp”值=0:检查是否存在“backrefs”,并且值等于yes,若是则不做任何操作;否则在文件末尾新增行“line”;
- name: edit test.json
lineinfile:
dest: /home/fred/Documents/test.json
regexp: "^host"
line: "测试节点"
insertafter: EOF
backrefs: yes
git操作:
# git拉去仓库内容
## repo: git仓库的地址
## dest: 仓库中的相对路径
## version: 指定版本
## accept_hostkey: 如果ssh_opts(包含"-o StrictHostKeytChecking=no" 参数可以省略,搜则需要天剑hostKey)
## update: 更新新版本
## force: 配置成yes,本地仓库将永远被仓库服务端覆盖
- name: ANSISTRANO | GIT | Update remote repository
git:
repo: "{{ ansistrano_git_repo }}"
dest: "{{ ansistrano_deploy_to }}/repo"
version: "{{ ansistrano_git_branch }}"
accept_hostkey: true
update: yes
force: yes
register: ansistrano_git_result_update
when: ansistrano_git_identity_key_path|trim == '' and ansistrano_git_identity_key_remote_path|trim == ''
authorized_key 模块:
# 新增一处ssh公钥
## key: 公钥路径,可以是本地的也可以是远程的
## path: 公钥的存放路径
## state: present / absent, 是否存在
## user: 添加到远程那个用户下
# $ cat authorized_key.yml
---
- hosts: 192.168.240.33
tasks:
- name: authorized_key module
authorized_key:
key: "{{ lookup('file', '/home/ansible/.ssh/id_rsa.pub') }}"
state: present
user: t2
参考文档:
- https://blog.csdn.net/L835311324/article/details/103372270?spm=1001.2101.3001.6650.13&utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7EOPENSEARCH%7Edefault-13.no_search_link&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7EOPENSEARCH%7Edefault-13.no_search_link
- https://www.cnblogs.com/0x1633/p/11911797.html
- https://www.cnblogs.com/kdzm/p/6835182.html