day049-初识Ansible与常用模块
文章目录
- 0. 老男孩思想-人脉的本质
- 1. Ansible
- 1.1 密钥认证
- 1.2 安装ansible
- 1.3 添加ansible配置文件
- 1.4 配置主机清单文件(Inventory)
- 1.5 测试
- 1.6 ansible的模块思想
- 1.7 command模块
- 1.8 需求:每台服务器的密码都不同,怎么批量执行业务?
- 1.9 ansible常用模块
- 1.9.1 shell模块
- 1.9.2 script模块
- 1.9.3 file模块
- 1.9.4 user/group模块
- 1.9.5 yum/apt模块
- 1.9.6 copy模块
- 1.9.7 systemd模块
- 2. 思维导图
0. 老男孩思想-人脉的本质
- 人与人之间的连接本质是通过需求连接的,即人脉的本质就是需求的满足。
- 需求越强,连接越紧密,关系越好;反之,就会朝着陌生的方向发展。
- 员工与老板、父母与孩子、学生与老师、妻子与丈夫皆是如此。
1. Ansible
Ansible 是一款开源的 IT 自动化工具,用于配置管理、应用部署、任务编排等。它基于 SSH(无需客户端)和 YAML 语法,以 无代理(Agentless) 方式运行,适合大规模服务器管理。
- 无代理架构:无需在目标机器安装客户端,降低维护成本。
1.1 密钥认证
- ansible管理端服务器:m02
- 客户端:web01、web02、web03
# 下载sshpass
[root@m02 /server/scripts]# yum install -y sshpass.x86_64
# 编写分发密钥脚本并执行
[root@m02 /server/scripts]# cat fenfa.sh
#!/bin/bash
##############################################################
# File Name:key_authentication.sh
# Version:V1.0
# Author:SunKexu
# Organization:www.oldboyedu.com
# Desc:批量密钥认证
##############################################################
export LANG=en_US.UTF-8# vars
#ips="5 6 7 8 9 10 31 41 "
ips="7 8 9"
# 密码可能有特殊符号,用单引号
pass='SKX2554.'
user="root"
# command
# 生成密钥
create_key(){key_file="$HOME/.ssh/id_rsa"[ ! -f ${key_file} ] && {ssh-keygen -t rsa -f ${key_file} -P ''}return $?
}
# 分发密钥
distribute_key(){for ip in ${ips}dosshpass -p $pass ssh-copy-id -o StrictHostKeyChecking=no ${user}@10.0.0.$ipdonereturn $?
}
# 检查
check(){for ip in $ipsdossh -o StrictHostKeyChecking=no ${user}@10.0.0.$ip hostname -Idonereturn $?
}
# main 启动函数
main(){create_keydistribute_keycheck
}
main[root@m02 /server/scripts]# bash fenfa.sh
……
1.2 安装ansible
- pip:Python包管理工具
# 安装pip工具
[root@m02 ~]# yum install -y python3-pip
……
[root@m02 ~]# pip3 --version
pip 20.2.2 from /usr/lib/python3.7/site-packages/pip (python 3.7)
# 升级pip
[root@m02 ~]# python3 -m pip install -i https://mirrors.tuna.tsinghua.edu.cn/pypi/web/simple --upgrade pip
……
[root@m02 ~]# pip3 --version
pip 24.0 from /usr/local/lib/python3.7/site-packages/pip (python 3.7)
# 配置pip下载源
[root@m02 ~]# pip3 config set global.index-url https://mirrors.tuna.tsinghua.edu.cn/pypi/web/simple
Writing to /root/.config/pip/pip.conf
# 安装ansible
[root@m02 ~]# pip3 install ansible
……
[root@m02 ~]# ansible --version
[DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the controller starting with
Ansible 2.12. Current version: 3.7.9 (default, Jun 10 2022, 11:25:35) [GCC 7.3.0]. This feature
will be removed from ansible-core in version 2.12. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
/usr/local/lib/python3.7/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 3.7 is no longer supported by the Python core team and support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.7.from cryptography.exceptions import InvalidSignature
ansible [core 2.11.12] config file = Noneconfigured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']ansible python module location = /usr/local/lib/python3.7/site-packages/ansibleansible collection location = /root/.ansible/collections:/usr/share/ansible/collectionsexecutable location = /usr/local/bin/ansiblepython version = 3.7.9 (default, Jun 10 2022, 11:25:35) [GCC 7.3.0]jinja version = 3.1.6libyaml = True
1.3 添加ansible配置文件
[root@m02 ~]# mkdir -p /etc/ansible
[root@m02 ~]# vim /etc/ansible/ansible.cfg
[root@m02 ~]# cat /etc/ansible/ansible.cfg
[defaults]
host_key_checking = False # 禁用主机密钥检查
deprecation_warnings = False
interpreter_python=/usr/bin/python3
[inventory]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]
[diff]
1.4 配置主机清单文件(Inventory)
- ansible管理的客户端主机信息
[root@m02 ~]# vim /etc/ansible/hosts
[root@m02 ~]# cat /etc/ansible/hosts
[lb] # 主机组
172.16.1.5 # 主机信息
172.16.1.6
[web]
172.16.1.[7:10]
[db]
172.16.1.51
172.16.1.52
[nfs]
172.16.1.31
[bak]
172.16.1.41
- 嵌套组
[root@m02 ~]# cat /etc/ansible/hosts
[lb]
172.16.1.5
172.16.1.6
[web]
172.16.1.[7:10]
[db]
172.16.1.51
172.16.1.52
[nfs]
172.16.1.31
[bak]
172.16.1.41[data:children] #嵌套组
db # 其他组名
nfs
bak
1.5 测试
- ansible:向主机分发命令
- -i:指定主机清单文件;后面写主机组名,或全部主机all
- 操作的目标主机组,
all
表示清单中定义的所有主机。
- 操作的目标主机组,
- -m:指定模块
- -i:指定主机清单文件;后面写主机组名,或全部主机all
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m ping
……
172.16.1.7 | SUCCESS => {"changed": false, # 表示本次操作未对目标主机造成任何变更(ping 是只读操作)"ping": "pong"
}
172.16.1.6 | SUCCESS => {"changed": false,"ping": "pong"
}
172.16.1.9 | SUCCESS => {"changed": false,"ping": "pong"
}
……
- 指定嵌套组
[root@m02 ~]# ansible -i /etc/ansible/hosts data -m ping
/usr/local/lib/python3.7/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 3.7 is no longer supported by the Python core team and support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.7.from cryptography.exceptions import InvalidSignature
172.16.1.51 | SUCCESS => {"changed": false,"ping": "pong"
}
172.16.1.41 | SUCCESS => {"changed": false,"ping": "pong"
}
172.16.1.31 | SUCCESS => {"changed": false,"ping": "pong"
}
172.16.1.52 | SUCCESS => {"changed": false,"ping": "pong"
}
- 直接指定主机ip
[root@m02 ~]# ansible 172.16.1.7 -m ping
/usr/local/lib/python3.7/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 3.7 is no longer supported by the Python core team and support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.7.from cryptography.exceptions import InvalidSignature
172.16.1.7 | SUCCESS => {"changed": false,"ping": "pong"
}
1.6 ansible的模块思想
-
Ansible 提供了丰富的模块,涵盖了文件管理、软件包安装、服务管理等各种常见的运维任务。这些模块封装了底层的shell 命令,用户无需关心具体的实现细节,只需关注目标状态。
-
ansible官方模块列表:
[Index of all Modules — Ansible Community Documentation](https://docs.ansible.com/ansible/latest/collections/index_module.html)
-
Ansible的模块思想将自动化任务分解为 原子化、可复用、声明式 的单元,通过标准化接口和幂等性保证,实现了:
- 降低学习成本:用户关注 “做什么”,而非 “怎么做”。
- 提升可靠性:内置错误处理和状态管理。
- 生态扩展:社区和厂商可快速贡献新模块。
-
ansible的模块化设计与传统shell脚本对比
特性 | 传统脚本 | Ansible模块 |
---|---|---|
维护性 | 逻辑混杂,难以复用 | 功能解耦,易于维护 |
可读性 | 需解析脚本逻辑 | 声明式语法,直观清晰 |
跨平台支持 | 需手动适配不同系统 | 模块自动适配 |
安全性 | 可能残留临时文件或进程 | 执行后自动清理 |
1.7 command模块
- 模块选项:
- -a:argv,向模块传递参数,也可以是命令;不能识别复杂符号,如管道
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m command -a "hostname -I"
……
172.16.1.6 | CHANGED | rc=0 >>
10.0.0.6 172.16.1.6
172.16.1.5 | CHANGED | rc=0 >>
10.0.0.5 172.16.1.5
……
- 安装软件包
ansible -i /etc/ansible/hosts all -m command -a 'rpm -e tree'
ansible -i /etc/ansible/hosts all -m command -a 'yum install -y tree'
1.8 需求:每台服务器的密码都不同,怎么批量执行业务?
- ansible的主机清单可以指定用户名和密码,在服务器数量较少的时候可以这样做
- ansible默认使用SSH连接客户机,因此需要指定ssh端口
[web]
10.0.0.7 ansible_user=root ansible_port=22 ansible_password=123456
10.0.0.7 ansible_user=root ansible_port=22 ansible_password=123456
……
1.9 ansible常用模块
模块分类 | 模块 | 说明 |
---|---|---|
执行命令/脚本 | command | 默认模块,一般用于执行简单命令;不支持特殊符号,如:|、{、}、$…… |
shell | 能执行较多的命令,支持特殊符号 | |
script | 1.分发脚本(管理端指定文件) 2.执行脚本(客户机运行) | |
文件、目录管理 | file | 与文件、目录、软连接相关; path=路径 src=原文件 mode=文件权限(0644、0755) owner、group state=对文件、目录的操作(touch、directory、link、absent(删除)) |
用户管理 | user/group | 对用户/组管理 name=指定用户名 uid=指定用户id create_home=true/false,是否创建家目录 state:添加用户present(默认),删除用户:absent |
软件包管理 | yum/apt | name:软件包名字 state:present安装软件,absent:删除软件 |
分发配置文件 | copy | src:指定管理机的文件 dest:指定客户机上的路径 modeo owner group |
服务管理 | systemd | 服务管理模块 name:服务名字 enabled:是否开机自启动 state:指定服务状态(started、stopped、restarted、reloaded) |
1.9.1 shell模块
[root@m02 ~]# ansible -i /etc/ansible/hosts data -m shell -a 'rpm -qa |grep tree'
……
172.16.1.41 | CHANGED | rc=0 >>
tree-1.8.0-2.ky10.x86_64
ostree-help-2020.4-2.ky10.noarch
ostree-2020.4-2.ky10.x86_64
172.16.1.51 | CHANGED | rc=0 >>
tree-1.8.0-2.ky10.x86_64
ostree-help-2020.4-2.ky10.noarch
ostree-2020.4-2.ky10.x86_64
……
1.9.2 script模块
- 编写测试脚本
[root@m02 ~]# cat /server/scripts/check_info.sh
#!/bin/bash
##############################################################
# File Name:/server/scripts/check_info.sh
# Version:V1.0
# Author:SunKexu
# Organization:www.oldboyedu.com
# Desc:测试模块
##############################################################
hostnamectl
- 测试script模块
[root@m02 ~]# ansible -i /etc/ansible/hosts data -m script -a '/server/scripts/check_info.sh'
……
172.16.1.51 | CHANGED => {"changed": true,"rc": 0,"stderr": "Shared connection to 172.16.1.51 closed.\r\n","stderr_lines": ["Shared connection to 172.16.1.51 closed."],"stdout": " Static hostname: db01\r\n Icon name: computer-vm\r\n Chassis: vm\r\n Machine ID: 882086c957f84ef49c0e846c2f4f3968\r\n Boot ID: 6b6950319fad4dfda19e2323adfe5bc8\r\n Virtualization: vmware\r\n Operating System: Kylin Linux Advanced Server V10 (Lance)\r\n Kernel: Linux 4.19.90-52.22.v2207.ky10.x86_64\r\n Architecture: x86-64\r\n","stdout_lines": [" Static hostname: db01"," Icon name: computer-vm"," Chassis: vm"," Machine ID: 882086c957f84ef49c0e846c2f4f3968"," Boot ID: 6b6950319fad4dfda19e2323adfe5bc8"," Virtualization: vmware"," Operating System: Kylin Linux Advanced Server V10 (Lance)"," Kernel: Linux 4.19.90-52.22.v2207.ky10.x86_64"," Architecture: x86-64"]
}
……
1.9.3 file模块
-
模块参数:
- path:指定目标路径
- src:指定原文件路径
- state:指定对目标的操作
- directory:创建目录
- touch:创建文件
- link:创建软链接
- absent:删除指定文件或目录
- mode:指定目标文件/目录的权限,0755,0644……
- owner:指定目标文件/目录的所有者
- group:指定目标文件/目录的所属组
-
创建目录
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m file -a 'path=/backup state=directory'
172.16.1.7 | SUCCESS => {"changed": false,"gid": 0,"group": "root","mode": "0755","owner": "root","path": "/backup","size": 31,"state": "directory","uid": 0
}
172.16.1.9 | SUCCESS => {"changed": false,"gid": 0,"group": "root","mode": "0755","owner": "root","path": "/backup","size": 20,"state": "directory","uid": 0
}
172.16.1.8 | CHANGED => {"changed": true,"gid": 0,"group": "root","mode": "0755","owner": "root","path": "/backup","size": 6,"state": "directory","uid": 0
}
……
- 创建文件
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m file -a 'path=/backup/skx.txt state=touch'
……
172.16.1.8 | CHANGED => {"changed": true,"dest": "/backup/skx.txt","gid": 0,"group": "root","mode": "0644","owner": "root","size": 0,"state": "file","uid": 0
}
172.16.1.6 | CHANGED => {"changed": true,"dest": "/backup/skx.txt","gid": 0,"group": "root","mode": "0644","owner": "root","size": 0,"state": "file","uid": 0
}
……
- 创建软链接
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m file -a 'src=/etc/hosts path=/backup/hosts state=link'
……
172.16.1.5 | CHANGED => {"changed": true,"dest": "/backup/hosts","gid": 0,"group": "root","mode": "0777","owner": "root","size": 10,"src": "/etc/hosts","state": "link","uid": 0
}
172.16.1.7 | CHANGED => {"changed": true,"dest": "/backup/hosts","gid": 0,"group": "root","mode": "0777","owner": "root","size": 10,"src": "/etc/hosts","state": "link","uid": 0
}
……# 检查
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m command -a 'ls -l /backup/hosts'
……
172.16.1.7 | CHANGED | rc=0 >>
lrwxrwxrwx 1 root root 10 7月 9 20:59 /backup/hosts -> /etc/hosts
172.16.1.6 | CHANGED | rc=0 >>
lrwxrwxrwx 1 root root 10 7月 9 20:59 /backup/hosts -> /etc/hosts
172.16.1.8 | CHANGED | rc=0 >>
lrwxrwxrwx 1 root root 10 7月 9 20:59 /backup/hosts -> /etc/hosts
……
- 删除软链接
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m file -a 'path=/backup/hosts state=absent'
……
172.16.1.8 | CHANGED => {"changed": true,"path": "/backup/hosts","state": "absent"
}
172.16.1.9 | CHANGED => {"changed": true,"path": "/backup/hosts","state": "absent"
}
……
- 创建目录,并指定权限和所属用户/组
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m file -a 'path=/backup/skx state=directory mode=0700 owner=oldboy group=oldboy'
……
172.16.1.5 | FAILED! => {"changed": false,"gid": 0,"group": "root","mode": "0755","msg": "chown failed: failed to look up user oldboy", # 没有该用户"owner": "root","path": "/backup/skx","size": 6,"state": "directory","uid": 0
}
172.16.1.7 | CHANGED => {"changed": true,"gid": 1000,"group": "oldboy","mode": "0700","owner": "oldboy","path": "/backup/skx","size": 6,"state": "directory","uid": 1000
}
……
1.9.4 user/group模块
- user模块参数:
- name:指定用户名
- uid:指定用户id
- group:指定用户所属组
- shell:指定命令解释器
- create_home:是否创建家目录(true/false)
- state:指定对该用户的操作;present:创建用户(默认),absent:删除用户
- group模块参数:
- name:指定用户组名
- gid:指定组id
- state:指定对该用户组的操作;present:创建用户组(默认),absent:删除用户组
- 创建用户
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m user -a 'name=www-ans uid=2999 group=www-ans shell=/sbin/nologin create_home=false state=present'
……
172.16.1.7 | FAILED! => {"changed": false,"msg": "Group www-ans does not exist"
}
172.16.1.5 | FAILED! => {"changed": false,"msg": "Group www-ans does not exist"
}
……# Ansible 的 user 模块默认不会自动创建用户组,因此需要先确保组存在。
# 创建用户组
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m group -a 'name=www-ans gid=2999 state=present'
……
172.16.1.6 | CHANGED => {"changed": true,"gid": 2999,"name": "www-ans","state": "present","system": false
}
172.16.1.9 | CHANGED => {"changed": true,"gid": 2999,"name": "www-ans","state": "present","system": false
}
……# 创建用户
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m user -a 'name=www-ans uid=2999 group=www-ans shell=/sbin/nologin create_home=false state=present'
……
172.16.1.9 | CHANGED => {"changed": true,"comment": "","create_home": false,"group": 2999,"home": "/home/www-ans","name": "www-ans","shell": "/sbin/nologin","state": "present","system": false,"uid": 2999
}
172.16.1.6 | CHANGED => {"changed": true,"comment": "","create_home": false,"group": 2999,"home": "/home/www-ans","name": "www-ans","shell": "/sbin/nologin","state": "present","system": false,"uid": 2999
}
……
1.9.5 yum/apt模块
-
yum模块参数:
- name:指定软件包名称
- state:指定对软件包的操作
- present:安装软件(默认)
- absent:删除软件
- latest:更新软件
-
安装软件
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m yum -a 'name=wget state=present'
……
172.16.1.6 | CHANGED => {"ansible_facts": {"pkg_mgr": "dnf"},"changed": true,"msg": "","rc": 0,"results": ["Installed: wget-1.20.3-6.ky10.x86_64"]
}
172.16.1.9 | CHANGED => {"ansible_facts": {"pkg_mgr": "dnf"},"changed": true,"msg": "","rc": 0,"results": ["Installed: wget-1.20.3-6.ky10.x86_64"]
}
……
1.9.6 copy模块
-
推荐分发文件或压缩包,分发目录极其缓慢
-
copy模块参数:
- src:管理机上的原文件路径
- dest:客户机上的目标路径
- backup:如果客户机上有目标文件,是否要备份(true/false(默认))
-
分发文件
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m copy -a 'src=/etc/hosts dest=/etc/hosts backup=true'
……
172.16.1.8 | SUCCESS => {"changed": false,"checksum": "a85d59aa0b622911d06dee4a51b95c62cde849bd","dest": "/etc/hosts","gid": 0,"group": "root","mode": "0644","owner": "root","path": "/etc/hosts","size": 311,"state": "file","uid": 0
}
172.16.1.5 | SUCCESS => {"changed": false,"checksum": "a85d59aa0b622911d06dee4a51b95c62cde849bd","dest": "/etc/hosts","gid": 0,"group": "root","mode": "0644","owner": "root","path": "/etc/hosts","size": 311,"state": "file","uid": 0
}
……
1.9.7 systemd模块
-
模块参数:
- name:服务名称
- enabled:是否开机自启动(true/false)
- state:指定服务状态
reloaded:重新加载服务的配置文件
restarted:重启服务
started:启动服务
stopped:停止服务
-
批量启动nginx服务
[root@m02 ~]# ansible -i /etc/ansible/hosts web -m systemd -a 'name=nginx enabled=true state=restarted'
……
172.16.1.9 | CHANGED => {"changed": true,"enabled": true,"name": "nginx","state": "started","status": {"ActiveEnterTimestamp": "Thu 2025-07-10 08:13:46 CST","ActiveEnterTimestampMonotonic": "2570669227","ActiveExitTimestampMonotonic": "0",……
2. 思维导图
https://kdocs.cn/join/gpuxq6r?f=101\r\n邀请你加入共享群「老男孩教育Linux运维99期-孙克旭」一起进行文档协作