ansible获取命令: ansible all -m setup
- ansible_all_ipv4_addresses: 仅显示ipv4的消息
- ansible_devices: 仅显示磁盘设备信息
- ansible_distribution: 显示是什么系统(centos、suse等)
- ansible_distribution_version: 显示系统的版本
- ansible_machine: 显示系统的类型(32位、64位)
- ansible_eth0: 仅显示eth0的信息
- ansible_hostname: 仅显示主机名称
- ansible_kernel:仅显示内核版本
- ansible_lvm: 显示lvm相关信息
- ansible_memtotal_mb: 显示系统总内存
- ansible_memfree_mb: 显示可用系统内存
- ansible_memory_mb: 显示内存情况
- ansible_swaptotal_mb: 显示总的交换内存
- ansible_swapfree_mb: 显示总的swap内存
- ansible_mounts:显示系统磁盘挂载
- ansible_processor:显示CPU个数(具体显示每个CPU的型号)
- ansible_processor_vcpus: 显示cpu的个数(只显示总的个数)
- ansible_python_version: 显示python的版本
ansible cache -m setup -a ‘filter=processor‘# 用来搜索 ansible -i host_init.ini all -m setup -a “filter=ansible_distribution”
1. playbook的语法格式
#本playbook等同于在主机上以hello用户权限执行 sudo service nginx start---- hosts: allremote_user: hellotasks:- service: name=nginx state=startedbecome: yesbecome_method: sudo#本playcook等同于以root身份进行ssh登录,然后将用户换为hello。接下来的所有任务(tasks)都以hello用户身份执行。---- hosts: webserversremote_user: rootbecome: yesbecome_user: hello
---- hosts: webserversremote_user: roottasks:- name: ensure apache is at the latest versionyum:name: httpdstate: latest- name: write the apache config filetemplate:src: /srv/httpd.j2dest: /etc/httpd.conf- hosts: databasesremote_user: roottasks:- name: ensure postgresql is at the latest versionyum:name: postgresqlstate: latest- name: ensure that postgresql is startedservice:name: postgresqlstate: started
2. 常用模块的介绍和使用
系统校验:
# 测试系统的版本## ansible_distribution=Ubuntu## ansible_distribution_version=18.04## ansible_distribution_major_version:系统的大版本号## ansible_os_family: 系统的操作系统(‘RedHat’,’Debian’,’FreeBSD’)- name: debug test demodebug:msg: "test system version code "when: ansible_distribution_version=="18.04"
条件判断:
# 条件判断 (register的参数,有stdout和rc)## register变量的命名不能用 -中横线,比如dev-sda6_result,则会被解析成sda6_result,dev会被丢掉,所以不要用-- name: check mysqld processshell: "ps -ef | grep -i mysqld | grep -v grep |grep {{mysql_port}}| wc -l"register: result- name: if stdout != 0 ,Interrupt executionfail: msg="mysqld process is exist"when: result.stdout != "0"
切换用户:
#本playcook等同于以root身份进行ssh登录,然后将用户换为hello。接下来的所有任务(tasks)都以hello用户身份执行。## become: yes # 是否允许身份切换## become_method: su # 切换用户身份的方式,有sudo su pbrun等,默认是sudo## become_user: root # 切换指定用户---- hosts: webservershosts: demo-autodeployremote_user: rootbecome: yesbecome_method: subecome_user: root
a. 命令模块:
# command命令## 无法支持"<",">","|",";","&"等符号## creates : 判断指定文件是否存在,如果存在,不执行后面操作## removes : 判断指定文件是否存在,如果存在,执行后面操作- name: test commandcommand:chdir: /home/qif/Downloadscmd: "mkdir -p test/a"- name: test commandcommand:chdir: /home/qif/Downloadscreates: "get.txt"cmd: "touch get.txt"- name: test commandcommand:chdir: /home/qif/Downloadsremoves: "get.txt"cmd: "rm -rf get.txt"
# shell是command的升级版,功能类似- name: test shellshell:chdir: /home/qif/Downloadscmd: "mkdir -p test/a"
b. 文件模块:
# copy的命令## src: 指定本地管理主机的什么数据信息,进行远程复制## dest(required): 将数据复制到远程节点的路径信息## backup: 默认数据复制到远程主机,会覆盖原有文件(yes 将源文件进行备份)## content: 文件中添加内容## owner: 文件复制到远程主机,设置文件所属用户## group: 文件复制到远程主机,设置文件属组## mode: 文件赋值到远程主机,设置数据的权限(eg 0644 0755)- name: copy pomcopy:src: vsftpd.pemdest: /etc/ssl/private/vsftpd.pemowner: rootgroup: rootmode: 0644- name: copy configurationcopy:src: '{{item.src}}'dest: '{{item.dest}}'owner: rootgroup: rootmode: 0644with_items:- { src: 'vsftpd.conf', dest: '/etc'}- { src: 'vsftpd.chroot_list', dest: '/etc' }- { src: 'vsftpd.user_list', dest: '/etc' }
# fetch 抓取文件到管理机上## src(required): 获取的远程系统上的文件,必须是文件,而不是目录## dest: 用于保存文件的目录- name: fetch filefetch:src: /home/qif/Downloads/test.txtdest: /usr/local/log
# file## dest/path/name (required): 将数据复制到远程节点的路径信息## group: 文件复制到远程主机后,文件所属组## owner: 文件复制到远程主机后,文件所属用户## src: 指定本地管理主机的数据,进行复制## state: absent / directory / file / touch / hard/link- name: create ftp rootfile:path: "/usr/local/ftp/root"state: directoryowner: ftpusergroup: ftpusermode: 0644ignore_errors: True
c. 创建组和用户:
# 创建用户分组- name: create ftp groupgroup:name: "ftpuser"gid: "777"state: present# 创建用户- name: create ftp useruser:name: "ftpuser"password: "$6$kKtGP1.01ZZ58/Ey$ta7Tk/uUYnZMl8JGIQj7ciUsdcnjmY5dhOanfV1v52MVJnD2eHzMRPS1Uu020XIKW8F0lSvO9WPyymTYDIpI50"group: "ftpuser"home: "/usr/local/ftp/root"state: present
d. 安装依赖包:
# yum 或者 apt install 安装依赖## name(required): 指定软件名称## state: absent/removed present/installed (将软件进行卸载/安装)- name: install yum dependentsbecome: yesbecome_method: subecome_user: rootapt:name: "{{ item }}"state: presentwith_items:- libaio1- libmecab2- expect- libmysqlclient-dev- libmysqlclient20- libmysqld-dev- libnet-telnet-perl- libtest-fixme-perl- libcpan-perl-releases-perl- libdbi-perl- libdbd-mysql-perl- libconfig-tiny-perl
e. 启动服务:
# 启动服务## enabled: no / yes 设置服务是否开机自启,如果参数不指定,原有状态保留## name(required): 服务的名称## state: reloaded(平滑重启)、restarted(重启)、started(启动)、stopped(停止)- name start serviceenabled: yesname: nginxstate: started
f. 挂载模块:
# 挂载## fstype: 指定的挂在文件系统## opts: 指定挂载参数## path: 指定一个挂载点## src: 设备文件信息## state: absent(卸载并修改fstab文件)、unmounted(卸载不会修改fstab文件)、present(不会挂载,只会修改fstab文件)、mounted(会挂载,会修改fstab文件)- name mount loadfstype: ext4path: /datasrc: /dev/sdbstate: mounted
g. 定时任务:
# cron定时任务## minute/hour/day/month/weekday 设置时间信息## job: 设置定时任务相关参数## name(required): 设置定时任务注释信息## state: absent / present 删除/ 添加## disabled: yes /no 指定任务进行注释/取消注释- name: mysql backup config crontabwhen: backup == 1cron:name: "## mysql backup"minute: "0"hour: "*/1"job: "sh /opt/tools/bin/xtrmysqlbackup.sh {{mysql_port}} > /dev/null 2>&1"state: present
h. 解压缩文件:
# unarchive模块## src: 指定本地管理主机的什么数据信息,进行远程复制## dest: 绝对路径## owner: 文件复制到远程主机,设置文件所属用户## group: 文件复制到远程主机,设置文件属组## mode: 文件赋值到远程主机,设置数据的权限(eg 0644 0755)- name: transfer xtrabackup to remote host and unarchive to /opt/unarchive:src: xtrabackup.tar.gzdest: /usr/local/owner: rootgroup: root
lineinfile操作:
在文件”dest”中,用正则表达式匹配“regexp”值: 若匹配到“regexp”值=1:替换“regexp”值所在行为 “line”; 若匹配到“regexp”值>1:只替换最后一个匹配的有效值; 若匹配到“regexp”值=0:检查是否存在“backrefs”,并且值等于yes,若是则不做任何操作;否则在文件末尾新增行“line”;
- name: edit test.jsonlineinfile:dest: /home/fred/Documents/test.jsonregexp: "^host"line: "测试节点"insertafter: EOFbackrefs: yes
git操作:
# git拉去仓库内容## repo: git仓库的地址## dest: 仓库中的相对路径## version: 指定版本## accept_hostkey: 如果ssh_opts(包含"-o StrictHostKeytChecking=no" 参数可以省略,搜则需要天剑hostKey)## update: 更新新版本## force: 配置成yes,本地仓库将永远被仓库服务端覆盖- name: ANSISTRANO | GIT | Update remote repositorygit:repo: "{{ ansistrano_git_repo }}"dest: "{{ ansistrano_deploy_to }}/repo"version: "{{ ansistrano_git_branch }}"accept_hostkey: trueupdate: yesforce: yesregister: ansistrano_git_result_updatewhen: ansistrano_git_identity_key_path|trim == '' and ansistrano_git_identity_key_remote_path|trim == ''
authorized_key 模块:
# 新增一处ssh公钥## key: 公钥路径,可以是本地的也可以是远程的## path: 公钥的存放路径## state: present / absent, 是否存在## user: 添加到远程那个用户下# $ cat authorized_key.yml---- hosts: 192.168.240.33tasks:- name: authorized_key moduleauthorized_key:key: "{{ lookup('file', '/home/ansible/.ssh/id_rsa.pub') }}"state: presentuser: t2
参考文档:
- https://blog.csdn.net/L835311324/article/details/103372270?spm=1001.2101.3001.6650.13&utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7EOPENSEARCH%7Edefault-13.no_search_link&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7EOPENSEARCH%7Edefault-13.no_search_link
- https://www.cnblogs.com/0x1633/p/11911797.html
- https://www.cnblogs.com/kdzm/p/6835182.html
若有收获,就点个赞吧
0 人点赞
