当前位置: 首页 > news >正文

day049-初识Ansible与常用模块

文章目录

  • 0. 老男孩思想-人脉的本质
  • 1. Ansible
    • 1.1 密钥认证
    • 1.2 安装ansible
    • 1.3 添加ansible配置文件
    • 1.4 配置主机清单文件(Inventory)
    • 1.5 测试
    • 1.6 ansible的模块思想
    • 1.7 command模块
    • 1.8 需求:每台服务器的密码都不同,怎么批量执行业务?
    • 1.9 ansible常用模块
      • 1.9.1 shell模块
      • 1.9.2 script模块
      • 1.9.3 file模块
      • 1.9.4 user/group模块
      • 1.9.5 yum/apt模块
      • 1.9.6 copy模块
      • 1.9.7 systemd模块
  • 2. 思维导图

0. 老男孩思想-人脉的本质

  • 人与人之间的连接本质是通过需求连接的,即人脉的本质就是需求的满足。
    • 需求越强,连接越紧密,关系越好;反之,就会朝着陌生的方向发展。
    • 员工与老板、父母与孩子、学生与老师、妻子与丈夫皆是如此。

在这里插入图片描述

1. Ansible

Ansible 是一款开源的 IT 自动化工具,用于配置管理、应用部署、任务编排等。它基于 SSH(无需客户端)和 YAML 语法,以 无代理(Agentless) 方式运行,适合大规模服务器管理。

  • 无代理架构:无需在目标机器安装客户端,降低维护成本。

1.1 密钥认证

  • ansible管理端服务器:m02
  • 客户端:web01、web02、web03
# 下载sshpass
[root@m02 /server/scripts]# yum install -y sshpass.x86_64 
# 编写分发密钥脚本并执行
[root@m02 /server/scripts]# cat fenfa.sh 
#!/bin/bash
##############################################################
# File Name:key_authentication.sh
# Version:V1.0
# Author:SunKexu
# Organization:www.oldboyedu.com
# Desc:批量密钥认证
##############################################################
export LANG=en_US.UTF-8# vars
#ips="5 6 7 8 9 10 31 41 "
ips="7 8 9"
# 密码可能有特殊符号,用单引号
pass='SKX2554.'
user="root"
# command
# 生成密钥
create_key(){key_file="$HOME/.ssh/id_rsa"[ ! -f ${key_file} ] && {ssh-keygen -t rsa -f ${key_file} -P ''}return $?
}
# 分发密钥
distribute_key(){for ip in ${ips}dosshpass -p $pass ssh-copy-id -o StrictHostKeyChecking=no ${user}@10.0.0.$ipdonereturn $?
}
# 检查
check(){for ip in $ipsdossh -o StrictHostKeyChecking=no ${user}@10.0.0.$ip hostname -Idonereturn $?
}
# main 启动函数
main(){create_keydistribute_keycheck
}
main[root@m02 /server/scripts]# bash fenfa.sh 
……

1.2 安装ansible

  • pip:Python包管理工具
# 安装pip工具
[root@m02 ~]# yum install -y python3-pip
……
[root@m02 ~]# pip3 --version 
pip 20.2.2 from /usr/lib/python3.7/site-packages/pip (python 3.7)
# 升级pip
[root@m02 ~]# python3 -m pip install -i https://mirrors.tuna.tsinghua.edu.cn/pypi/web/simple --upgrade pip
……
[root@m02 ~]# pip3 --version 
pip 24.0 from /usr/local/lib/python3.7/site-packages/pip (python 3.7)
# 配置pip下载源
[root@m02 ~]# pip3 config set global.index-url https://mirrors.tuna.tsinghua.edu.cn/pypi/web/simple
Writing to /root/.config/pip/pip.conf
# 安装ansible
[root@m02 ~]# pip3 install ansible
……
[root@m02 ~]# ansible --version
[DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the controller starting with 
Ansible 2.12. Current version: 3.7.9 (default, Jun 10 2022, 11:25:35) [GCC 7.3.0]. This feature 
will be removed from ansible-core in version 2.12. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.
/usr/local/lib/python3.7/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 3.7 is no longer supported by the Python core team and support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.7.from cryptography.exceptions import InvalidSignature
ansible [core 2.11.12] config file = Noneconfigured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']ansible python module location = /usr/local/lib/python3.7/site-packages/ansibleansible collection location = /root/.ansible/collections:/usr/share/ansible/collectionsexecutable location = /usr/local/bin/ansiblepython version = 3.7.9 (default, Jun 10 2022, 11:25:35) [GCC 7.3.0]jinja version = 3.1.6libyaml = True

1.3 添加ansible配置文件

[root@m02 ~]# mkdir -p /etc/ansible
[root@m02 ~]# vim /etc/ansible/ansible.cfg
[root@m02 ~]# cat /etc/ansible/ansible.cfg
[defaults]
host_key_checking = False # 禁用主机密钥检查
deprecation_warnings = False
interpreter_python=/usr/bin/python3
[inventory]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]
[diff]

1.4 配置主机清单文件(Inventory)

  • ansible管理的客户端主机信息
[root@m02 ~]# vim /etc/ansible/hosts
[root@m02 ~]# cat /etc/ansible/hosts
[lb] # 主机组
172.16.1.5 # 主机信息
172.16.1.6
[web]
172.16.1.[7:10]
[db]
172.16.1.51
172.16.1.52
[nfs]
172.16.1.31
[bak]
172.16.1.41
  • 嵌套组
[root@m02 ~]# cat /etc/ansible/hosts
[lb]
172.16.1.5
172.16.1.6
[web]
172.16.1.[7:10]
[db]
172.16.1.51
172.16.1.52
[nfs]
172.16.1.31
[bak]
172.16.1.41[data:children] #嵌套组
db # 其他组名
nfs
bak

1.5 测试

  • ansible:向主机分发命令
    • -i:指定主机清单文件;后面写主机组名,或全部主机all
      • 操作的目标主机组,all 表示清单中定义的所有主机。
    • -m:指定模块
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m ping
……
172.16.1.7 | SUCCESS => {"changed": false, # 表示本次操作未对目标主机造成任何变更(ping 是只读操作)"ping": "pong"
}
172.16.1.6 | SUCCESS => {"changed": false,"ping": "pong"
}
172.16.1.9 | SUCCESS => {"changed": false,"ping": "pong"
}
……
  • 指定嵌套组
[root@m02 ~]# ansible -i /etc/ansible/hosts data -m ping
/usr/local/lib/python3.7/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 3.7 is no longer supported by the Python core team and support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.7.from cryptography.exceptions import InvalidSignature
172.16.1.51 | SUCCESS => {"changed": false,"ping": "pong"
}
172.16.1.41 | SUCCESS => {"changed": false,"ping": "pong"
}
172.16.1.31 | SUCCESS => {"changed": false,"ping": "pong"
}
172.16.1.52 | SUCCESS => {"changed": false,"ping": "pong"
}
  • 直接指定主机ip
[root@m02 ~]# ansible 172.16.1.7 -m ping
/usr/local/lib/python3.7/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 3.7 is no longer supported by the Python core team and support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.7.from cryptography.exceptions import InvalidSignature
172.16.1.7 | SUCCESS => {"changed": false,"ping": "pong"
}

1.6 ansible的模块思想

  • Ansible 提供了丰富的模块,涵盖了文件管理、软件包安装、服务管理等各种常见的运维任务。这些模块封装了底层的shell 命令,用户无需关心具体的实现细节,只需关注目标状态。

  • ansible官方模块列表:[Index of all Modules — Ansible Community Documentation](https://docs.ansible.com/ansible/latest/collections/index_module.html)

  • Ansible的模块思想将自动化任务分解为 原子化、可复用、声明式 的单元,通过标准化接口和幂等性保证,实现了:

    • 降低学习成本:用户关注 “做什么”,而非 “怎么做”。
    • 提升可靠性:内置错误处理和状态管理。
    • 生态扩展:社区和厂商可快速贡献新模块。
  • ansible的模块化设计与传统shell脚本对比

特性传统脚本Ansible模块
维护性逻辑混杂,难以复用功能解耦,易于维护
可读性需解析脚本逻辑声明式语法,直观清晰
跨平台支持需手动适配不同系统模块自动适配
安全性可能残留临时文件或进程执行后自动清理

1.7 command模块

  • 模块选项:
    • -a:argv,向模块传递参数,也可以是命令;不能识别复杂符号,如管道
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m command -a "hostname -I"
……
172.16.1.6 | CHANGED | rc=0 >>
10.0.0.6 172.16.1.6 
172.16.1.5 | CHANGED | rc=0 >>
10.0.0.5 172.16.1.5 
……
  • 安装软件包
ansible -i /etc/ansible/hosts all -m command -a 'rpm -e tree'
ansible -i /etc/ansible/hosts all -m command -a 'yum install -y tree'

1.8 需求:每台服务器的密码都不同,怎么批量执行业务?

  • ansible的主机清单可以指定用户名和密码,在服务器数量较少的时候可以这样做
  • ansible默认使用SSH连接客户机,因此需要指定ssh端口
[web]
10.0.0.7 ansible_user=root ansible_port=22 ansible_password=123456
10.0.0.7 ansible_user=root ansible_port=22 ansible_password=123456
……

1.9 ansible常用模块

模块分类模块说明
执行命令/脚本command默认模块,一般用于执行简单命令;不支持特殊符号,如:|、{、}、$……
shell能执行较多的命令,支持特殊符号
script1.分发脚本(管理端指定文件)
2.执行脚本(客户机运行)
文件、目录管理file与文件、目录、软连接相关;
path=路径
src=原文件
mode=文件权限(0644、0755)
owner、group
state=对文件、目录的操作(touch、directory、link、absent(删除))
用户管理user/group对用户/组管理
name=指定用户名
uid=指定用户id
create_home=true/false,是否创建家目录
state:添加用户present(默认),删除用户:absent
软件包管理yum/aptname:软件包名字
state:present安装软件,absent:删除软件
分发配置文件copysrc:指定管理机的文件
dest:指定客户机上的路径
modeo
owner
group
服务管理systemd服务管理模块
name:服务名字
enabled:是否开机自启动
state:指定服务状态(started、stopped、restarted、reloaded)

1.9.1 shell模块

[root@m02 ~]# ansible -i /etc/ansible/hosts data -m shell -a 'rpm -qa |grep tree'
……
172.16.1.41 | CHANGED | rc=0 >>
tree-1.8.0-2.ky10.x86_64
ostree-help-2020.4-2.ky10.noarch
ostree-2020.4-2.ky10.x86_64
172.16.1.51 | CHANGED | rc=0 >>
tree-1.8.0-2.ky10.x86_64
ostree-help-2020.4-2.ky10.noarch
ostree-2020.4-2.ky10.x86_64
……

1.9.2 script模块

  • 编写测试脚本
[root@m02 ~]# cat /server/scripts/check_info.sh
#!/bin/bash
##############################################################
# File Name:/server/scripts/check_info.sh
# Version:V1.0
# Author:SunKexu
# Organization:www.oldboyedu.com
# Desc:测试模块
##############################################################
hostnamectl
  • 测试script模块
[root@m02 ~]# ansible -i /etc/ansible/hosts data -m script -a '/server/scripts/check_info.sh'
……
172.16.1.51 | CHANGED => {"changed": true,"rc": 0,"stderr": "Shared connection to 172.16.1.51 closed.\r\n","stderr_lines": ["Shared connection to 172.16.1.51 closed."],"stdout": "   Static hostname: db01\r\n         Icon name: computer-vm\r\n           Chassis: vm\r\n        Machine ID: 882086c957f84ef49c0e846c2f4f3968\r\n           Boot ID: 6b6950319fad4dfda19e2323adfe5bc8\r\n    Virtualization: vmware\r\n  Operating System: Kylin Linux Advanced Server V10 (Lance)\r\n            Kernel: Linux 4.19.90-52.22.v2207.ky10.x86_64\r\n      Architecture: x86-64\r\n","stdout_lines": ["   Static hostname: db01","         Icon name: computer-vm","           Chassis: vm","        Machine ID: 882086c957f84ef49c0e846c2f4f3968","           Boot ID: 6b6950319fad4dfda19e2323adfe5bc8","    Virtualization: vmware","  Operating System: Kylin Linux Advanced Server V10 (Lance)","            Kernel: Linux 4.19.90-52.22.v2207.ky10.x86_64","      Architecture: x86-64"]
}
……

1.9.3 file模块

  • 模块参数:

    • path:指定目标路径
    • src:指定原文件路径
    • state:指定对目标的操作
      • directory:创建目录
      • touch:创建文件
      • link:创建软链接
      • absent:删除指定文件或目录
    • mode:指定目标文件/目录的权限,0755,0644……
    • owner:指定目标文件/目录的所有者
    • group:指定目标文件/目录的所属组
  • 创建目录

[root@m02 ~]# ansible -i /etc/ansible/hosts all -m file -a 'path=/backup state=directory'
172.16.1.7 | SUCCESS => {"changed": false,"gid": 0,"group": "root","mode": "0755","owner": "root","path": "/backup","size": 31,"state": "directory","uid": 0
}
172.16.1.9 | SUCCESS => {"changed": false,"gid": 0,"group": "root","mode": "0755","owner": "root","path": "/backup","size": 20,"state": "directory","uid": 0
}
172.16.1.8 | CHANGED => {"changed": true,"gid": 0,"group": "root","mode": "0755","owner": "root","path": "/backup","size": 6,"state": "directory","uid": 0
}
……
  • 创建文件
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m file -a 'path=/backup/skx.txt state=touch'
……
172.16.1.8 | CHANGED => {"changed": true,"dest": "/backup/skx.txt","gid": 0,"group": "root","mode": "0644","owner": "root","size": 0,"state": "file","uid": 0
}
172.16.1.6 | CHANGED => {"changed": true,"dest": "/backup/skx.txt","gid": 0,"group": "root","mode": "0644","owner": "root","size": 0,"state": "file","uid": 0
}
……
  • 创建软链接
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m file -a 'src=/etc/hosts path=/backup/hosts state=link'
……
172.16.1.5 | CHANGED => {"changed": true,"dest": "/backup/hosts","gid": 0,"group": "root","mode": "0777","owner": "root","size": 10,"src": "/etc/hosts","state": "link","uid": 0
}
172.16.1.7 | CHANGED => {"changed": true,"dest": "/backup/hosts","gid": 0,"group": "root","mode": "0777","owner": "root","size": 10,"src": "/etc/hosts","state": "link","uid": 0
}
……# 检查
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m command -a 'ls -l /backup/hosts'
……
172.16.1.7 | CHANGED | rc=0 >>
lrwxrwxrwx 1 root root 10  79 20:59 /backup/hosts -> /etc/hosts
172.16.1.6 | CHANGED | rc=0 >>
lrwxrwxrwx 1 root root 10  79 20:59 /backup/hosts -> /etc/hosts
172.16.1.8 | CHANGED | rc=0 >>
lrwxrwxrwx 1 root root 10  79 20:59 /backup/hosts -> /etc/hosts
……
  • 删除软链接
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m file -a 'path=/backup/hosts state=absent'
……
172.16.1.8 | CHANGED => {"changed": true,"path": "/backup/hosts","state": "absent"
}
172.16.1.9 | CHANGED => {"changed": true,"path": "/backup/hosts","state": "absent"
}
……
  • 创建目录,并指定权限和所属用户/组
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m file -a 'path=/backup/skx state=directory mode=0700 owner=oldboy group=oldboy'
……
172.16.1.5 | FAILED! => {"changed": false,"gid": 0,"group": "root","mode": "0755","msg": "chown failed: failed to look up user oldboy", # 没有该用户"owner": "root","path": "/backup/skx","size": 6,"state": "directory","uid": 0
}
172.16.1.7 | CHANGED => {"changed": true,"gid": 1000,"group": "oldboy","mode": "0700","owner": "oldboy","path": "/backup/skx","size": 6,"state": "directory","uid": 1000
}
……

1.9.4 user/group模块

  • user模块参数:
    • name:指定用户名
    • uid:指定用户id
    • group:指定用户所属组
    • shell:指定命令解释器
    • create_home:是否创建家目录(true/false)
    • state:指定对该用户的操作;present:创建用户(默认),absent:删除用户
  • group模块参数:
    • name:指定用户组名
    • gid:指定组id
    • state:指定对该用户组的操作;present:创建用户组(默认),absent:删除用户组
  • 创建用户
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m user -a 'name=www-ans uid=2999 group=www-ans shell=/sbin/nologin create_home=false state=present'
……
172.16.1.7 | FAILED! => {"changed": false,"msg": "Group www-ans does not exist"
}
172.16.1.5 | FAILED! => {"changed": false,"msg": "Group www-ans does not exist"
}
……# Ansible 的 user 模块默认不会自动创建用户组,因此需要先确保组存在。
# 创建用户组
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m group -a 'name=www-ans gid=2999 state=present'
……
172.16.1.6 | CHANGED => {"changed": true,"gid": 2999,"name": "www-ans","state": "present","system": false
}
172.16.1.9 | CHANGED => {"changed": true,"gid": 2999,"name": "www-ans","state": "present","system": false
}
……# 创建用户
[root@m02 ~]# ansible -i /etc/ansible/hosts all -m user -a 'name=www-ans uid=2999 group=www-ans shell=/sbin/nologin create_home=false state=present'
……
172.16.1.9 | CHANGED => {"changed": true,"comment": "","create_home": false,"group": 2999,"home": "/home/www-ans","name": "www-ans","shell": "/sbin/nologin","state": "present","system": false,"uid": 2999
}
172.16.1.6 | CHANGED => {"changed": true,"comment": "","create_home": false,"group": 2999,"home": "/home/www-ans","name": "www-ans","shell": "/sbin/nologin","state": "present","system": false,"uid": 2999
}
……

1.9.5 yum/apt模块

  • yum模块参数:

    • name:指定软件包名称
    • state:指定对软件包的操作
      • present:安装软件(默认)
      • absent:删除软件
      • latest:更新软件
  • 安装软件

[root@m02 ~]# ansible -i /etc/ansible/hosts all -m yum -a 'name=wget state=present'
……
172.16.1.6 | CHANGED => {"ansible_facts": {"pkg_mgr": "dnf"},"changed": true,"msg": "","rc": 0,"results": ["Installed: wget-1.20.3-6.ky10.x86_64"]
}
172.16.1.9 | CHANGED => {"ansible_facts": {"pkg_mgr": "dnf"},"changed": true,"msg": "","rc": 0,"results": ["Installed: wget-1.20.3-6.ky10.x86_64"]
}
……

1.9.6 copy模块

  • 推荐分发文件或压缩包,分发目录极其缓慢

  • copy模块参数:

    • src:管理机上的原文件路径
    • dest:客户机上的目标路径
    • backup:如果客户机上有目标文件,是否要备份(true/false(默认))
  • 分发文件

[root@m02 ~]# ansible -i /etc/ansible/hosts all -m  copy -a 'src=/etc/hosts dest=/etc/hosts backup=true'
……
172.16.1.8 | SUCCESS => {"changed": false,"checksum": "a85d59aa0b622911d06dee4a51b95c62cde849bd","dest": "/etc/hosts","gid": 0,"group": "root","mode": "0644","owner": "root","path": "/etc/hosts","size": 311,"state": "file","uid": 0
}
172.16.1.5 | SUCCESS => {"changed": false,"checksum": "a85d59aa0b622911d06dee4a51b95c62cde849bd","dest": "/etc/hosts","gid": 0,"group": "root","mode": "0644","owner": "root","path": "/etc/hosts","size": 311,"state": "file","uid": 0
}
……

1.9.7 systemd模块

  • 模块参数:

    • name:服务名称
    • enabled:是否开机自启动(true/false)
    • state:指定服务状态
      • reloaded:重新加载服务的配置文件
      • restarted:重启服务
      • started:启动服务
      • stopped:停止服务
  • 批量启动nginx服务

[root@m02 ~]# ansible -i /etc/ansible/hosts web -m systemd -a 'name=nginx enabled=true state=restarted'
……
172.16.1.9 | CHANGED => {"changed": true,"enabled": true,"name": "nginx","state": "started","status": {"ActiveEnterTimestamp": "Thu 2025-07-10 08:13:46 CST","ActiveEnterTimestampMonotonic": "2570669227","ActiveExitTimestampMonotonic": "0",……

2. 思维导图

https://kdocs.cn/join/gpuxq6r?f=101\r\n邀请你加入共享群「老男孩教育Linux运维99期-孙克旭」一起进行文档协作


http://www.dtcms.com/a/272759.html

相关文章:

  • 如何远程访问在WSL运行的Jupyter Notebook
  • 如何安装python以及jupyter notebook
  • 创客匠人洞察:AI 时代创始人 IP 打造如何突破效率与价值的平衡
  • RabbitMQ 高级特性之消息分发
  • 【Fargo】发送一个rtp包的过程1:怎么统一加twcc序号
  • 华锐云空间展销编辑器:开启数字化展示新时代​
  • U-Boot 2025.07 引入的 “uthreads” 优势介绍
  • 什么是主链
  • 【会员专享数据】2013-2024年我国省市县三级逐月SO₂数值数据(Shp/Excel格式)
  • 使用EasyExcel动态合并单元格(模板方法)
  • RK3568项目(八)--linux驱动开发之基础外设(上)
  • 亚马逊运营中出单词反查
  • 机器学习:反向神经元传播公式推导
  • 记录今天学习Comfyui的感受
  • python正则表达式(小白五分钟从入门到精通)
  • 智能化时代下的门店运营:AI的深刻影响
  • 2025年第十五届APMCM亚太地区大学生数学建模竞赛(中文赛项)
  • 【C++】红黑树的底层思想 and 大厂面试常问
  • BootStrap
  • 售前:该站高位思考还是站低位思考
  • Codeforces Round 1034 (Div. 3) G题题解记录
  • 创建本地软件仓库(rhel7与rhel9)
  • HighReport报表工具开始支持BS报表设计器
  • SW-CA(多平台产品上架系统)
  • uni-app 途径站点组件开发与实现分享
  • 体积超过2MB?uniapp小程序分包上传
  • [论文阅读]Text Compression for Efficient Language Generation
  • Go语言包管理完全指南:从基础到最佳实践
  • BM12 单链表的排序
  • 东土科技智能塔机系统亮相南京,助力智能建造高质量发展