Day39-Ansible批量管理工具模块和参数深入实践

shell模块功能说明：

功能说明：执行一个命令在远程节点上

shell Execute commands in nodes.

官方链接：http://docs.ansible.com/ansible/latest/shell_module.html

shell:

chdir: # cd into this directory before running the command

creates: # a filename, when it already exists, this step will *not* be

run.

executable: # change the shell used to execute the command. Should be an

absolute path to the

executable.

free_form: # (required) The shell module takes a free form command to run,

as a string. There's not an

actual option named "free

form". See the examples!

removes: # a filename, when it does not exist, this step will *not* be

run.

stdin: # Set the stdin of the command directly to the specified value.

warn: # if command warnings are on in ansible.cfg, do not warn about

this particular line if set to no/false.

[root@m01 ~]# cat /etc/ansible/hosts

[oldboy]

172.16.1.31

172.16.1.41

实践：增加文本文件

[root@m01 ~]# ansible oldboy -m shell -a "echo oldboy >/tmp/tmp.txt"

172.16.1.41 | CHANGED | rc=0 >>

172.16.1.31 | CHANGED | rc=0 >>

[root@m01 ~]# ansible oldboy -m shell -a "cat /tmp/tmp.txt"

172.16.1.41 | CHANGED | rc=0 >>

oldboy

172.16.1.31 | CHANGED | rc=0 >>

oldboy

要执行的脚本必须在远程机器上存在：

[root@m01 ~]# ansible oldboy -m shell -a "sh /server/scripts/bak.sh"

172.16.1.41 | FAILED | rc=127 >>

sh: /server/scripts/bak.sh: 没有那个文件或目录non-zero return code

172.16.1.31 | CHANGED | rc=0 >>

实践1：把/etc/hosts拷贝到/opt下，权限设置400，用户和组设置root

ansible oldboy -m copy -a "src=/etc/hosts dest=/opt mode=0400 owner=root group=root backup=yes"

实践2：把/etc/passwd拷贝/tmp下改名为oldgirl，用户和组为oldboy，权限600，如果有存在同名文件覆盖

ansible oldboy -m copy -a "src=/etc/passwd dest=/tmp/oldgirl.txt owner=oldboy group=oldboy mode=0600 force=yes"

批量分发host需求，操作前备份：

ansible oldboy -m copy -a "src=/etc/hosts dest=/etc/hosts mode=0644 owner=root group=root backup=yes"

结果：

[root@backup /tmp]# ls /etc/hosts* -l

-rw-r--r-- 1 root root 353 4月 24 10:49 /etc/hosts

---------- 1 root root 332 4月 12 11:24 /etc/hosts.21951.2019-04-24@10:49:00~

项目实践作业：

1、写好rsync一键客户端配置，一键服务端配置。

2、写好nfs一键服务端端配置，一键客户端挂载，并且加到自启动文件里（/etc/rc.local,/etc/fstab）。

shell模块远程执行脚本：脚本必须在远端存在

ansible oldboy -m shell -a "/bin/bash /server/scripts/setup.sh"

12.3 script模块功能说明：

功能说明：远程节点上运行本地脚本模块

官方链接：http://docs.ansible.com/ansible/latest/script_module.html

参数说明：

ansible oldboy -m shell -a "sh /server/scripts/bak.sh"

[root@m01 /server/scripts]# ansible oldboy -m shell -a "sh /server/scripts/bak.sh"

172.16.1.41 | FAILED | rc=127 >>

sh: /server/scripts/bak.sh: 没有那个文件或目录non-zero return code

172.16.1.31 | FAILED | rc=127 >>

sh: /server/scripts/bak.sh: 没有那个文件或目录non-zero return code

[root@m01 /server/scripts]# cat new.sh

#!/bin/sh

echo oldboy >/tmp/oldboy.txt

本地脚本，在远端执行。

[root@m01 /server/scripts]# ansible oldboy -m script -a "/server/scripts/new.sh"

项目实践作业：

rsync服务端写成脚本 r1.sh

rsync客户端写成脚本 r2.sh

nfs服务端写成脚本 n1.sh

nfs客户端写成脚本 n2.sh

sersync服务端写成脚本 s1.sh

sersync客户端写成脚本 s2.sh

/server/scripts/one_key_gaoding.sh

ansible r1 -m copy -a "src=/server/scripts/r1.sh dest=/server/scripts/ mode=ugo+x"

ansible r1 -m shell -a "sh /server/scripts/r1.sh"

ansible r1 -m copy -a "src=/server/scripts/r2.sh dest=/server/scripts/ mode=ugo+x"

ansible r2 -m shell -a "sh /server/scripts/r2.sh"

ansible n1 -m shell -a "sh /server/scripts/n1.sh"

ansible n2 -m shell -a "sh /server/scripts/n2.sh"

ansible s1 -m shell -a "sh /server/scripts/s1.sh"

ansible s2 -m shell -a "sh /server/scripts/s2.sh"

/bin/sh /server/scripts/one_key_gaoding.sh

也可以使用script模块，替代copy+shell模块

12.4 copy模块功能说明：

功能说明：复制文件到远程主机

官方链接：http://docs.ansible.com/ansible/latest/copy_module.html

参数说明：

[root@m01 ~]# ansible oldboy -m shell -a "sh /server/scripts/bak.sh"

172.16.1.31 | FAILED | rc=127 >>

sh: /server/scripts/bak.sh: 没有那个文件或目录non-zero return code

172.16.1.41 | FAILED | rc=127 >>

sh: /server/scripts/bak.sh: 没有那个文件或目录non-zero return code

ansible oldboy -m copy -a "src=/server/scripts/bak.sh dest=/server/scripts/ mode=ugo+x"

12.5 file模块功能说明：

功能说明：设置文件属性

官方链接：http://docs.ansible.com/ansible/latest/copy_module.html

参数实践：创建数据文件（普通文件目录软链接文件）

ansible oldboy -m file -a "dest=/tmp/oldboy_dir state=directory"

ansible oldboy -m command -a "mkdir -p /tmp/oldboy_dir1 warn=false"

ansible oldboy -m file -a "dest=/tmp/oldboy1 state=touch"

ansible oldboy -m command -a "touch /tmp/oldboy_file1.txt warn=false"

================================================================

替代方案：

ansible oldboy -m command -a "chmod 777 /etc/hosts warn=false"

ansible oldboy -m command -a "chmod 644 /etc/hosts warn=false"

ansible oldboy -m command -a "chown oldboy /etc/hosts warn=false"

ansible oldboy -m command -a "chown root /etc/hosts warn=false"

创建目录：mkdir /tmp/oldboy_dir

ansible oldboy -m file -a "dest=/tmp/oldboy_dir state=directory"

递归设置权限：

ansible oldboy -m file -a "dest=/tmp/oldboy_dir state=directory mode=644 recurse=yes"

创建文件：touch /tmp/oldboy_file

ansible oldboy -m file -a "dest=/tmp/oldboy_file state=touch"

删除文件：rm -f /tmp/oldboy_file

ansible oldboy -m file -a "dest=/tmp/oldboy_file state=absent"

创建链接文件：ln -s /etc/hosts /tmp/link_file

ansible oldboy -m file -a "src=/etc/hosts dest=/tmp/link_file state=link"

ansible oldboy -m file -a "dest=/tmp/oldboy_file state=touch owner=oldboy group=oldboy mode=000"

ansible oldboy -m file -a "dest=/tmp/oldboy_file state=touch owner=oldboy group=oldboy mode=ugo=rwx"

作业：批量创建5个用户oldboy01-05，然后设置123456密码，然后同时在所有客户端执行。

12.6 yum模块功能说明：

功能说明：yum包管理模块

官方链接：http://docs.ansible.com/ansible/latest/yum_module.html

ansible oldboy -m command -a "yum install nginx -y"

ansible oldboy -m yum -a "name=nginx state=installed"

ansible oldboy -m yum -a "name=nc state=installed"

[root@nfs01 oldboy_dir]# rpm -qa nginx

nginx-1.10.2-1.el6.x86_64

###不要用yum卸载，可用rpm -e卸载。

ansible系统类型模块说明

12.7 systemd模块功能说明：(service模块)

功能说明：yum包管理模块

官方链接：http://docs.ansible.com/ansible/latest/service_module.html

参数说明：

service nfs restart

/etc/init.d/nfs restart

systemctl restart nfs

[root@backup /server/scripts]# ansible-doc -s systemd

- name: Manage services

systemd:

daemon_reload: # run daemon-reload before doing any other operations, to make sure systemd has read any

changes.

enabled: # Whether the service should start on boot. *At least one of state and enabled are

required.*

force: # Whether to override existing symlinks.

masked: # Whether the unit should be masked or not, a masked unit is impossible to start.

name: # Name of the service. When using in a chroot environment you always need to specify the full name i.e. (crond.service).

no_block: # Do not synchronously wait for the requested operation to finish. Enqueued job will

continue without Ansible blocking on its completion.

scope: # run systemctl within a given service manager scope, either as the default system scope

(system), the current user's scope (user), or the scope of

all users (global). For systemd to work with 'user', the

executing user must have its own instance of dbus started

(systemd requirement). The user dbus process is normally

started during normal login, but not during the run of

Ansible tasks. Otherwise you will probably get a 'Failed

to connect to bus: no such file or directory' error.

state: # `started'/`stopped' are idempotent actions that will not run commands unless necessary.

`restarted' will always bounce the service. `reloaded'

will always reload.

user: # (deprecated) run ``systemctl`` talking to the service manager of the calling user, rather

than the service manager of the system. This option is

deprecated and will eventually be removed in 2.11. The

``scope`` option should be used instead.

实践：

ansible oldboy -m systemd -a "name=crond.service enabled=no state=stopped "

ansible oldboy -m command -a "systemctl status crond"

ansible oldboy -m systemd -a "name=crond.service enabled=yes state=started"

百度 ansible systemd

https://hoxis.github.io/ansible-system-modules.html

https://www.cnblogs.com/mcsiberiawolf/articles/10083626.html

[root@backup ~]# service crond restart

Redirecting to /bin/systemctl restart crond.service

#service模块功能说明：

功能说明：启动停止服务

官方链接：http://docs.ansible.com/ansible/latest/service_module.html

#相当于

#service crond stop|/etc/init.d/crond stop

#chkconfig crond off

ansible oldboy -m service -a "name=crond state=stop enabled=no"

#相当于/etc/init.d/crond start

chkconfig crond on

ansible oldboy -m service -a "name=crond state=started enabled=yes"

ansible oldboy -m command -a "name=crond state=started enabled=yes"

有选择才叫有能力。

足球场上，让拿球队员有选择，就容易进球。

不让对方有选择，就得人盯人。

12.8 cron模块功能说明：

功能说明：管理定时任务条目信息模块

cron Manage cron.d and crontab entries

官方链接：http://docs.ansible.com/ansible/latest/cron_module.html

定时任务格式：

* * * * * CMD

[root@backup ~]# ansible-doc -s cron

- name: Manage cron.d and crontab entries

cron:

backup: # If set, create a backup of the crontab before it is modified.

The location of the backup is

returned in the `backup_file'

variable by this module.

cron_file: # If specified, uses this file instead of an individual user's

crontab. If this is a relative

path, it is interpreted with

respect to /etc/cron.d. (If it

is absolute, it will typically

be /etc/crontab). Many linux

distros expect (and some

require) the filename portion

to consist solely of upper- and

lower-case letters, digits,

underscores, and hyphens. To

:...skipping...

- name: Manage cron.d and crontab entries

cron:

backup: # If set, create a backup of the crontab before it is modified.

The location of the backup is returned in the `backup_file'

variable by this module.

cron_file: # If specified, uses this file instead of an individual user's

crontab. If this is a relative

path, it is interpreted with

respect to /etc/cron.d. (If it

is absolute, it will typically

be /etc/crontab). Many linux

distros expect (and some

require) the filename portion

to consist solely of upper- and

lower-case letters, digits,

underscores, and hyphens. To

use the `cron_file' parameter

you must specify the `user' as

well.

disabled: # If the job should be disabled (commented out) in the crontab.

Only has effect if `state=present'.

env: # If set, manages a crontab's environment variable. New

variables are added on top of

crontab. "name" and "value"

parameters are the name and the

value of environment variable.

insertafter: # Used with `state=present' and `env'. If specified, the

environment variable will be

inserted after the declaration

of specified environment

variable.

insertbefore: # Used with `state=present' and `env'. If specified, the

environment variable will be

inserted before the declaration

of specified environment

variable.

name: # Description of a crontab entry or, if env is set, the name of

environment variable. Required if state=absent. Note that if

name is not set and state=present, then a new

crontab entry will always be

created, regardless of existing

ones.

reboot: # If the job should be run at reboot. This option is deprecated.

Users should use special_time.

special_time: # Special time specification nickname.

state: # Whether to ensure the job or environment variable is present

or absent.

user: # The specific user whose crontab should be modified.

定时任务格式：

* * * * * CMD

定时任务时间参数：

minute: # Minute when the job should run ( 0-59, *, */2, etc )

hour: # Hour when the job should run ( 0-23, *, */2, etc )

day: # Day of the month the job should run ( 1-31, *, */2, etc )

month: # Month of the year the job should run ( 1-12, *, */2, etc )

weekday: # Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc )

job: # The command to execute or, if env is set, the value of environment variable. The

command should not contain line breaks. Required if state=present.

创建定时任务：

ansible oldboy -m cron -a "name='sync time' minute=00 hour=00 job='/usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1'"

[root@backup ~]# crontab -l

#crond-id-001:time sync by oldboy

*/5 * * * * /usr/sbin/ntpdate ntp3.aliyun.com >/dev/null 2>&1

#Ansible: sync time

00 00 * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1

结果：

#Ansible: sync time

00 00 * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1

添加如下定时任务：

05 03 * * * /bin/sh /server/scripts/backup.sh >/dev/null 2>&1

命令如下：

ansible oldboy -m cron -a "name='backup data' minute=05 hour=03 job='/bin/sh /server/scripts/backup.sh >/dev/null 2>&1'"

结果：

#Ansible: backup data

05 03 * * * /bin/sh /server/scripts/backup.sh /server/scripts/list >/dev/null 2>&1

删除定时任务：state=absent backup=yes

ansible oldboy -m cron -a "name='backup data' state=absent backup=yes"

名字不变的前提下，修改ansible参数内容，就是修改定时任务。

查看结果：

[root@nfs01 /server/scripts]# crontab -l

#crond-id-001:time sync by oldboy

*/5 * * * * /usr/sbin/ntpdate ntp3.aliyun.com >/dev/null 2>&1

##bak config by oldboy at 2020.10.10

00 00 * * * /bin/sh /server/scripts/bak.sh >/dev/null 2>&1

[root@nfs01 /server/scripts]#

[root@nfs01 /server/scripts]# cat /tmp/crontabdMTe3e

#crond-id-001:time sync by oldboy

*/5 * * * * /usr/sbin/ntpdate ntp3.aliyun.com >/dev/null 2>&1

##bak config by oldboy at 2020.10.10

00 00 * * * /bin/sh /server/scripts/bak.sh >/dev/null 2>&1

#Ansible: backup data

05 03 * * * /bin/sh /server/scripts/backup.sh >/dev/null 2>&1

注释定时任务：disabled=yes

[root@m01 ~]# ansible oldboy -m cron -a "name='backup data' minute=05 hour=04 job='/bin/sh /server/scripts/backup.sh' disabled=yes"

Day39-Ansible批量管理工具模块和参数深入实践

推荐阅读更多精彩内容