开发者学堂课程【自动化运维工具 Ansible 实战:Ansible 常见企业级应用模块实战】学习笔记,与课程紧密联系,让用户快速学习知识。
课程地址:https://developer.aliyun.com/learning/course/577/detail/7976
Ansible 常见企业级应用模块实战
内容介绍
一、Ansible 常用模块
二、总结
一、Ansible 常用模块
1、Fetch:
从客户端取文件至服务器端,与 copy 相反,把文件从被控端抓取到服务器端。但目录需要先 tar,需注意。
ansible’srv-m fetch-a‘src=/root/a. sh dest=/data/scripts'
看模块说明:
[root@ansible ~]# ansible -doc-s fetch
- name:Fetches a file from remote nodes
fetch:
dest:
#(required)A directory to save the file into. For example, if the'dest'directory is
/backup'a'src'file named'/etc/profile'on host
'host. example. com', would be saved into
/backup/host, example, com/etc/profile'
fail _ on _ missing:
#when“set to'yes' ,the task will fail if the remote file cannot be read for any reason. Prior
to Ansible-2.5, setting this would only fail if the source file
was missing. The default was changed to“yes”in Ansible-2.5.
flat:
#Allows you”to override the default behavior of appending hostname/path/to/file to the
destination . If dest ends with '/' , it will use the basename
of the source file, similar to the copy module. obviously this
is only hardy if the filenames are unique.
src:
#(required) The file on the remote system to fetch. This'must'be a file, not a directory.
Recursive fetching may be supported in a later release.
validate _ checksum:
#Verify that the source and destination checksums match after the files are fetched.
从模块说明(ansible -doc-s fetch)上看出,这个文件在远程主机的系统上,必须是一个文件,不能是目录,所以现在这个模块,它的功能只能复制远程的单个文件,他不能不能录入,源的的文件在客户端的远程节点上,那目标目标是一个目录。
要把当前你要抓取的文件指定到一个目录里面,也就是说可以把远程的一个文件抓取到本机的某个目录里面,以清单就是主机清单名字为文件夹的下面的子目录里面。
示例如下:
[root@ansible ~]#ansible all -m fetch -a 'src=/var/log/messages dest=/data'
[root@ansible ~]#tree /data
/data
├── 192.168.30.101
└── var
└── log
└── messages
├── 192.168.30.102
└── var
└── log
└── messages
├── 192.168.30.103
└── var
└── log
└── messages
9 directories, 3 files
此时只抓了单个文件,若要抓取多个主机上的文件时需要打包,
[root@ansible-]# ansibleall -m shell-a 'tar Jcf log.tar xz/var/log/*. log'
打包好后在抓取。
目前已有打包模块 archive 解包模块 unarchive。可自看详细介绍。
2、File:设置文件属性
ansible srv-m file-a"path=/root/a. sh owner=wang mode=755“
ansible web-m file-a'src=/app/testfile dest=/app/testfile-link state=link'
说明:
[root@ansible ~]# ansible -doc-s file一一一一一一一一一
看到详细介绍,它可以设置文件属性,可以根据 state 不同的值来创建子目录、空文件、软链接等等。
[root@ansible ~]#ansible all -m file -a'name=/data/f3 state=touch'来创建空文件。
[root@ansible ~]# ansible -a ‘ls-l /data’验证下是否成功
[root@ansible ~]# ansible all -m file -a'name =/data/ f3 state=absent'删除空文件
[root@ansible ~]#ansible all -m file -a'name =/data/dir1 state=directory'建文件夹
[root@ansible ~]#ansible all -m file -a'name =/data/dir1 state= absent ' 删除文件夹
[root@ansible ~]# ansible all -m file -a'src =/etc /fstab dest=/data fstab.linkstate=link'建软链接
[root@ansible ~]# ansible all -m file -a' dest=/data/ fstab.link state= absent ' 删除软链接
创建空文件
ansible all -m file -a'name=/data/f3 state=touch'
删除空文件
ansible all -m file -a'name =/data/ f3 state=absent'
建立文件夹
ansible all -m file -a'name =/data/dir1 state=directory'
创建软链接
ansible all -m file -a'src =/etc /fstab dest=/data fstab.link state=link'
3、Hostname:管理主机名
此为更改单一一个主机的主机名,可能会出现重复,所以若要改许多主机,后期会学习其他方法。
ansiblenode1 -m hostname-a"name=websrv"
输入:
[root@ansible ~]# ansible 192.168.30.101 -m hostname -a'name=node1'
改其他:
[root@ansible ~]# ansible 192.168.30.103 -m hostname -a'name=node3'就更改完成了
4、Cron:计划任务
若每周1、3、5的每分钟执行一下广播:
[root@ansible ~]#ansible all -m cron -a ‘minute=*weekday=1,2.5 job=”/usr/bin/wall FBI warning”name=warningcron’
此时就实现了各个主机的报警。
[root@ansible ~]#ansible all -m cron -a’disabled=true job="/usr/bin/wall Fēi warning"name=warning’禁用任务
[root@ansible ~]#ansible all -m cron -a’disabled=false job="/usr/bin/wall FBI warning"name=warning’重启任务
[root@ansible ~]#ansible all -m cron -a ‘job="/usr/bin/wall FBI warning"name=warningcronstate=absent’删除任务
它支持的有:minute,hour,day,month,weekday。
ansible srv-mcron-a“minute=*/5job='/usr/shin/ntpdate 172. 16.0.1&>/dev/null'name=Synctime” 创建任务
ansiblesrν-m cron-a"state=absent name=Synctime'删除任务
5、Yum:管理包
ansible srv -m yum-a'name= httpd state =latest'安装
ansible srv -m yum-a'name= httpd state =absent'删除
它可以安装、升级、降级、删除、列出包组。
示例:
[root@ansible ~]#ansible all -m yum -a 'name=vsftpd'
注意安装 Yum 需要 Yum 库,在安装 ansible 时可配置上。
[root@ansible~]# ansible all -m yum -a' list=installed’
可以查看所有装的包
[root@ansible ~]#ansible all -m yum -a 'name=vsftpd state=removed'卸载包。
当然也可以装不在 Yum 里的 r 名包,从互联网上下载的包放入当前目录下,然后把文件 copy 到其他主机上,再用 Yum 安装。Yum 也可以实现更新缓存(update-cache),更新是需要指定包的
6、Service:管理服务
ansible srv -m service-a'name= httpd state -stopped'
ansible srv -m service-a'name= httpd state =started"
ansible srv -m service-a'name= httpd state =reloaded'
ansible srv -m service-a'name= http dstate =restarted"
说明:
[root@ansible~]#ansible-doc-sservice
name:Manage services
service:
arguments:
#Additional arguments provided on the command line
enabled:
#Whether the service should start on boot.“At least one of state and enabled are required.”
name:
#(required) Name of the service.
pattern:
#If the service does not respond to the status command, name a substring to look for as would be found in the output of the’ps'command as a stand-in for a
status result. If the string is found, the service will be
assumed to be running.
runlevel:
#For openRC init scripts(ex:Gentoo) only. The runleyel that this service belongs to.
sleep:
#If the service is being"restarted"then sleep this many seconds between the stop and start command. This helps to workaround badly behaving init scripts
that exit immediately after signaling a process"to stop.
state:
#started'/stopped are idempotent actions that will not run commands unless necessary.
‘restarted'will always bounce the service,'reloaded'will
always reload.*At least one of state and enabled are
required*Note that reloaded will start the service if it is
not already started, even if your chosen init system wouldn't normally,use:
#The service module actually uses system specific modules, normally through auto detection. this setting can force a specific module, Normally it uses the value of the'ansible _ service _ mgr'fact and falls'back to the old'service'module when none matching is found.
看到有开机启动服务等各种功能。
[root@ansible~]#ansible websrvs -m service-a'name=vsftpd state=started enabled=yes’
来实现开机启动服务
[root@ansible~]#ansible websrvs -m service-a'name=vsftpd state=restarted’
来实现重启
7、User;管理用户
用来创建用户管理用户用:ansible-doc -s user 来查看详细,用户的属性这都能看到,如注释、是否创建家目录、过期时间,包括的组,而且组还有两个不一样的,一个主组一个附加组,而且这个是用户的家目录,包括他的 name 用户名,还可以设置用户的加密口令,而在特定的环境中必须是明文的。
还有删除,当用户 state 相当于用户把家目录删了,还可以指定系统账号等等。
ansiblesry —m user—a'name= user1comment =“test user”wid=2048 home=/app/ user1group =root'
ansible srv -m user-a'name=sysuser1system=yes home=/app/sysuser1"[root@ansible~]#ansible websrvs-m user-a'name= nginx shell =/sbin/nologin system =yes home =/var/nginx groups=root,bin uid=80 comment=“nginx service”'
创建 nginx 账号
[root@ansible~]#ansible websrvs-m user-a'name= nginxe state=absent remove=yes'
删除用户及家目录等数据。
8、Group:管理组
ansible srv-m group-a"name=testgroup system=yes“
ansible srv-m group-a"name=testgroup state=absent"
管理组的选项不多一
[root@ansible~]#ansible websrvs-m user-a'name= nginx system =yes gid=80'
创建 nginx 组
[root@ansible~]#ansible websrvs-m user-a'name= nginx system =absent
删除 nginx 组
二、总结
现已学习模块有:ping、command、shell、script、copy、fetch、file、hostname、cron、yum、service、user、group,若不熟悉模块使用方法,可用帮助来查看(ansible +模块名)使用方法。
