ansible学习笔记02

司马吹风

 关注

阅读 60

2022-07-31

ansible的inventory文件

文件定义了ansible管理的主机,或主机组

静态inventory文件

用txt文本记录的文件,包括主机的ip地址,域名等信息,只要不修改inventory文件内容,被管理的主机就不会发生变化

动态inventory文件

从数据库获取动态信息,信息随着数据库的变化而变化,大多数情况下以json格式输出

inventory文件

一个简单的inventory文件

192.168.0.1
servera
serverb

定义主机组

通过方括号[]括起来,一个主机文件可以属于多个组

# 定义一个student组
[student]
servera
serverb
# serverb属于home组
[home]
serverb

组里面能嵌套组

# 格式如下
# [组名:children]
# 子组A
# 子组B
[good:children]
student
home

定义主机范围

使用[start:end]定义范围

# IP地址方式
192.168.0.[1:10]
# 域名方式
www.hello.com.ha[a:c]
# 主机名方式
server[a:c]

注意事项

​ 如果主机主机组重名了,ansible会忽略主机组,选择主机名,配置inventory文件尽量避免这件事发生。

查看主机信息

命令: ansible 主机名or组名 -i 路径 --list-hosts

参数 含义
-i 指定inventory文件路径,默认路径是/etc/ansible/hosts,不指定该参数,会进入默认路径查找
--list-hosts 列出主机信息
all 列出所有主机组信息
ungrouped 列出非主机组信息 
[student@workstation ~]$ cat inventory 
# 定义一个student组
[student]
servera
serverb

# serverb属于home组
[home]
serverb

# 嵌套主机组
[good:children]
student
home

# 查看servera清单
[student@workstation ~]$ ansible servera -i inventory --list-hosts
hosts (1):
servera

# 查看student清单
[student@workstation ~]$ ansible student -i inventory --list-hosts
hosts (2):
servera
serverb

# 查看good清单
[student@workstation ~]$ ansible good -i inventory --list-hosts
hosts (2):
servera
serverb

# 查看所有主机信息
[student@workstation ~]$ ansible all -i inventory --list-hosts
  hosts (2):
    servera
    serverb

# 查看非组信息
[student@workstation ~]$ ansible ungrouped -i inventory --list-hosts
 [WARNING]: No hosts matched, nothing to do

  hosts (0):

ansible的配置文件

ansible配置文件不是全局的,任何用户都可以拥有自己的ansible配置文件

配置文件的优先级

路径 优先级
/etc/ansible/ansible.cfg 最低
~/.ansible.cfg(家目录下)
./ansible.cfg(当前目录下) 中(建议使用)
ANSIBLE_CONFIG(全局变量指定)

ANSIBLE_CONFIG不建议使用,一旦使用,所有的用户都会指向该路径

# 使用方式
$export ANSIBLE_CONFIG=指定路径
$ansible --version

指定路径

使用默认的ansible.cfg

[student@workstation ~]$ ansible --version
ansible 2.8.0
  config file = /etc/ansible/ansible.cfg

使用家目录下的.ansible.cfg

[student@workstation ~]$ cp /etc/ansible/ansible.cfg .ansible.cfg
[student@workstation ~]$ ansible --version
ansible 2.8.0
  config file = /home/student/.ansible.cfg

使用当前目录下ansible.cfg

[student@workstation ansible]$ pwd
/home/student/ansible
[student@workstation ansible]$ cp /etc/ansible/ansible.cfg .
[student@workstation ansible]$ ansible --version
ansible 2.8.0
  config file = /home/student/ansible/ansible.cfg

ansible配置文件的相关参数

[student@workstation ansible]$ grep -v "#" ansible.cfg | grep -v "^$"
[defaults]
[inventory]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]
[diff]

ansible按照selector划分,每一个方框表示一个sector
[defaults]
inventory = /etc/ansible/hosts # 清单文件路径
remote_user = XX # 使用XX用户登录
ask_pass = true # 使用XX用户ssh时无需输入密码

[privilege_escalation]
# 如果remote_user的用户是root,不需要提权,如果不是root用户,则需要提权

# 提取权限,提权方式sudo,提权到root用户,提权输入密码 
become = true 
become_method = sudo
become_user = root
become_ask_pass = false

ansible配置文件练习

  1. 创建目录/home/student/deploy-manage

  2. 目录下有ansible.cfg文件,Inventory文件也在该目录下

  3. Inventory文件的主机组如下

    [myself] 拥有主机localhost

    [intranetweb] 拥有主机 servera.lab.example.com

    [internetweb] 拥有主机 serverb.lab.example.com

    [web] 嵌套组拥有主机组 intranetweb 和 internetweb

  4. 在ansible.cfg增加[privilege_escalation]选项,能够使用sudo方式提权,提权到root用户,并且输入密码
[student@workstation ~]$ mkdir /home/student/deploy-manage
[student@workstation ~]$ ls
deploy-manage
[student@workstation ~]$ cd deploy-manage/
[student@workstation deploy-manage]$ cat > ansible.cfg <<END 
> [defaults]
> inventory = ./inventory
> END
[student@workstation deploy-manage]$ cat ansible.cfg 
[defaluts]
inventory = ./inventory
[student@workstation deploy-manage]$ cat >> inventory <<END
> [myself]
> localhost
> 
> [intranetweb]
> servera.lab.example.com
> 
> [internetweb]
> serverb.lab.example.com
> 
> [web:children]
> intranetweb
> internetweb
> END
[student@workstation deploy-manage]$ cat inventory 
[myself]
localhost

[intranetweb]
servera.lab.example.com

[internetweb]
serverb.lab.example.com

[web:children]
intranetweb
internetweb

[student@workstation deploy-manage]$ cat >> ansible.cfg <<END
> [privilege_escalation]
> become = true
> become_method = sudo
> become_user = root
> become_ask_pass = true
> END

[student@workstation deploy-manage]$ cat ansible.cfg 
[defaults]
inventory = ./inventory
[privilege_escalation]
become = true
become_method = sudo
become_user = root
become_ask_pass = true

# 测试
[student@workstation deploy-manage]$ ansible myself --list-hosts
  hosts (1):
    localhost
[student@workstation deploy-manage]$ ansible intranetweb --list-hosts
  hosts (1):
    servera.lab.example.com
[student@workstation deploy-manage]$ ansible internetweb --list-hosts
  hosts (1):
    serverb.lab.example.com
[student@workstation deploy-manage]$ ansible web --list-hosts
  hosts (2):
    servera.lab.example.com
    serverb.lab.example.com

ansible ad hoc 命令

ad hoc:临时的,一行通过ansible开头执行的命令,使用起来非常的简单,快速。

使用格式: ansible host-pattern -m moudle [-a 'moudle arguments'] [-i inventory]

模块分类 模块
文件模块 copy、file、lineinfile、synchronize
软件包模块 package、yum、apt、dnf、gem、pip
系统模块 firewalld、service、user、reboot
Net工具 get_url(下载)、nmcli(设置网卡)、uri(与web交互)

ad hoc方式,使用ping模块

# 检查配置文件
[student@workstation deploy-manage]$ cat ansible.cfg 
[defaults]
inventory = ./inventory
ask_pass = false
[privilege_escalation]
become = true
become_method = sudo
become_user = root
become_ask_pass = false
[student@workstation deploy-manage]$ cat inventory 
[intranetweb]
servera

# 使用ping模块
[student@workstation deploy-manage]$ ansible intranetweb -m ping 
servera | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

ad hoc方式,使用user模块添加用户

# 添加一个mmx的用户
[student@workstation deploy-manage]$ ansible intranetweb -m user -a 'name=mmx'
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "comment": "",
    "create_home": true,
    "group": 1002,
    "home": "/home/mmx",
    "name": "mmx",
    "shell": "/bin/bash",
    "state": "present",
    "system": false,
    "uid": 1002
}

[student@workstation deploy-manage]$ ssh mmx@servera
Activate the web console with: systemctl enable --now cockpit.socket

ad hoc方式,使用user模块移除用户

# 移除mmx这个用户
[student@workstation deploy-manage]$ ansible intranetweb -m user -a 'name=mmx state=absent'
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "force": false,
    "name": "mmx",
    "remove": false,
    "state": "absent"
}

ad hoc方式,使用copy模块

# 复制一段内容hello到~/hello.txt
[student@workstation deploy-manage]$ ansible intranetweb -m copy -a 'content=hello dest=~/hello.txt'
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d",
    "dest": "/root/hello.txt",
    "gid": 0,
    "group": "root",
    "md5sum": "5d41402abc4b2a76b9719d911017c592",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:admin_home_t:s0",
    "size": 5,
    "src": "/home/student/.ansible/tmp/ansible-tmp-1659244105.6575258-258948112696495/source",
    "state": "file",
    "uid": 0
}

ad hoc方式,使用command模块1

ad hoc缺省值就是command,使用的时候可省略 -m command参数

# 使用command模块查看该文件
[student@workstation deploy-manage]$ ansible intranetweb -a "cat ~/hello.txt"
servera | CHANGED | rc=0 >>
hello
配置文件参数 command选项
inventory -i
remote_user -u
become --become,-b
become_method --become-method
become_user --become-user
become_ask_pass --ask-become-pass,-K

ad hoc方式,使用command模块2

# 使用不同的用户查看id信息
[student@workstation deploy-adhoc]$ ansible localhost -a 'id' -u devops
localhost | CHANGED | rc=0 >>
uid=1001(devops) gid=1001(devops) groups=1001(devops) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[student@workstation deploy-adhoc]$ ansible localhost -a 'id' -u student
localhost | CHANGED | rc=0 >>
uid=1000(student) gid=1000(student) groups=1000(student),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

# 用到root用户时,需要提权,增加--becom
[student@workstation deploy-adhoc]$ ansible localhost -a 'id' --become
localhost | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

ad hoc相关练习

1、 查看ansible版本

2、 新建文件夹/home/student/deploy-review

3、 在文件夹内创建ansible.cfg,指定inventory目录为:/home/student/deploy-review/inventory,指定登录用户为devops

4 、创建子目录/home/student/deploy-review/inventory,inventory文件从:从http://materials.example.com/labs/deploy-review/inventory下载

5、 使用ansible ad hoc 中command模块查看主机id信息

6、 使用ansible ad hoc 中copy模块将文本:This server is managed by Ansible. \n 输出到/etc/motd中

7、 再次运行题目6相同的ad hoc,查看现象

8、 使用ansible ad hoc 中command模块查看/etc/motd中的信息

[student@workstation ~]$ ansible --version
ansible 2.8.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/student/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Apr  3 2019, 17:26:03) [GCC 8.2.1 20180905 (Red Hat 8.2.1-3)]
[student@workstation ~]$ mkdir deploy-review/
mkdir: cannot create directory ‘deploy-review/’: File exists
[student@workstation ~]$ cd deploy-review/
[student@workstation deploy-review]$ touch ansible.cfg
[student@workstation deploy-review]$ mkdir inventory
[student@workstation deploy-review]$ ls
ansible.cfg  inventory
[student@workstation deploy-review]$ cat > ansible.cfg <<END
> [defaults]
> inventory = ./inventory
> remote_user = devops
> 
> [privilege_escalation]
> become = true
> become_method = sudo
> become_user = root
> become_ask_pass = false
> END

# 从http://materials.example.com/labs/deploy-review/inventory下载inventory文件
[student@workstation deploy-review]$ cd inventory/
[student@workstation inventory]$ wget http://materials.example.com/labs/deploy-review/inventory .
--2022-07-31 14:05:50--  http://materials.example.com/labs/deploy-review/inventory
Resolving materials.example.com (materials.example.com)... 172.25.254.254
Connecting to materials.example.com (materials.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 125
Saving to: ‘inventory’

inventory                                        100%[=========================================================================================================>]     125  --.-KB/s    in 0s      

2022-07-31 14:05:50 (29.7 MB/s) - ‘inventory’ saved [125/125]

--2022-07-31 14:05:50--  http://./
Resolving . (.)... failed: Name or service not known.
wget: unable to resolve host address ‘.’
FINISHED --2022-07-31 14:05:50--
Total wall clock time: 0.05s
Downloaded: 1 files, 125 in 0s (29.7 MB/s)
[student@workstation inventory]$ ls
inventory
[student@workstation inventory]$ cat inventory 
[internetweb]
serverb.lab.example.com

[intranetweb]
servera.lab.example.com
serverc.lab.example.com
serverd.lab.example.com

#  5、使用ansible ad hoc 中command模块查看主机id信息
[student@workstation deploy-review]$ ansible all -a 'id'
servera.lab.example.com | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

serverb.lab.example.com | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

serverc.lab.example.com | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

serverd.lab.example.com | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

# 6、 使用ansible ad hoc 中copy模块将文本:This server is managed by Ansible. \n 输出到/etc/motd中
[student@workstation deploy-review]$ ansible all -m copy -a 'content="This is server is managed by Ansible. \n" dest=/etc/motd' --become
serverd.lab.example.com | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "47d0841ab71f80320f014336f9b1a7b36166e9c4",
    "dest": "/etc/motd",
    "gid": 0,
    "group": "root",
    "md5sum": "ee36787d8189924d2ad0c5602cd5846f",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:etc_t:s0",
    "size": 39,
    "src": "/home/devops/.ansible/tmp/ansible-tmp-1659247875.1398184-73524257684693/source",
    "state": "file",
    "uid": 0
}
…………类似输出,省略不写
# 7、 再次运行题目6相同的ad hoc,查看现象,发现change:true --》 false
[student@workstation deploy-review]$ ansible all -m copy -a 'content="This is server is managed by Ansible. \n" dest=/etc/motd' --become
servera.lab.example.com | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "checksum": "47d0841ab71f80320f014336f9b1a7b36166e9c4",
    "dest": "/etc/motd",
    "gid": 0,
    "group": "root",
    "mode": "0644",
    "owner": "root",
    "path": "/etc/motd",
    "secontext": "unconfined_u:object_r:etc_t:s0",
    "size": 39,
    "state": "file",
    "uid": 0
}
…………类似输出,省略不写

# 8、使用ansible ad hoc 中command模块查看/etc/motd中的信息
[student@workstation deploy-review]$ ansible all -a 'cat /etc/motd' --become
serverb.lab.example.com | CHANGED | rc=0 >>
This is server is managed by Ansible. 

servera.lab.example.com | CHANGED | rc=0 >>
This is server is managed by Ansible. 

serverd.lab.example.com | CHANGED | rc=0 >>
This is server is managed by Ansible. 

serverc.lab.example.com | CHANGED | rc=0 >>
This is server is managed by Ansible.

单元小结

相关推荐

Ansible学习笔记02:入门

萧让听雪 49 0 0

ansible学习笔记02(最佳实践)

天蓝Sea 195 0 0

Ansible 学习笔记

前行的跋涉者 26 0 0

ansible学习笔记

残北 114 0 0

ansible学习笔记11

晚安大世界 204 0 0

ansible学习笔记03

爱动漫建模 43 0 0

ansible学习笔记06

惠特曼 42 0 0

ansible学习笔记01

一世独秀 69 0 0

ansible学习笔记08

秀儿2020 70 0 0

ansible学习笔记09

今天你读书了吗 255 0 0

精彩评论(0)

0 0 举报