标签:16 changed nginx ansible no 初探 root
Ansible
基于ssh的自动化运维工具
ansible 配置文件详解
ansible.cfg 文件
文件默认放置在/etc/ansible下,ansible读取配置文件的顺序是: 当前命令执行目录-> 用户家目录的.ansible.cfg -> /etc/ansible.cfg
defaults
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts # 定义Inventory
#library = /usr/share/my_modules/ # 定义lib库的存放目录
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp # 定义临时远程文件存放目录
#local_tmp = ~/.ansible/tmp # 定于临时文件本地存放目录
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5 #默认开启的并发数
#poll_interval = 15 #默认轮询的时间间隔
#sudo_user = root # 默认dudo用户
#ask_sudo_pass = True # 是否需要sudo密码
#ask_pass = True # 是否需要密码
#transport = smart
#remote_port = 22 # 远程默认端口
#module_lang = C
#module_set_locale = False
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
#gathering = implicit
# This only affects the gathering done by a play's gather_facts directive,
# by default gathering retrieves all facts subsets
# all - gather all subsets
# network - gather min and network facts
# hardware - gather hardware facts (longest facts to retrieve)
# virtual - gather min and virtual facts
# facter - import facts from facter
# ohai - import facts from ohai
# You can combine them using comma (ex: network,virtual)
# You can negate them using ! (ex: !hardware,!facter,!ohai)
# A minimal set of facts is always gathered.
#gather_subset = all
# some hardware related facts are collected
# with a maximum timeout of 10 seconds. This
# option lets you increase or decrease that
# timeout to something more suitable for the
# environment.
# gather_timeout = 10
# Ansible facts are available inside the ansible_facts.* dictionary
# namespace. This setting maintains the behaviour which was the default prior
# to 2.5, duplicating these variables into the main namespace, each with a
# prefix of 'ansible_'.
# This variable is set to True by default for backwards compatibility. It
# will be changed to a default of 'False' in a future release.
# ansible_facts.
# inject_facts_as_vars = True
# additional paths to search for roles in, colon separated
#roles_path = /etc/ansible/roles # 默认下载roles存放目录
# uncomment this to disable SSH key host checking
#host_key_checking = False # 首次连接是否需要key认证
# change the default callback, you can only have one 'stdout' type enabled at a time.
#stdout_callback = skippy
## Ansible ships with some plugins that require whitelisting,
## this is done to avoid running all of a type by default.
## These setting lists those that you want enabled for your system.
## Custom plugins should not need this unless plugin author specifies it.
# enable callback plugins, they can output to stdout but cannot be 'stdout' type.
#callback_whitelist = timer, mail
# Determine whether includes in tasks and handlers are "static" by
# default. As of 2.0, includes are dynamic by default. Setting these
# values to True will make includes behave more like they did in the
# 1.x versions.
#task_includes_static = False
#handler_includes_static = False
# Controls if a missing handler for a notification event is an error or a warning
#error_on_missing_handler = True
# change this for alternative sudo implementations
#sudo_exe = sudo
# What flags to pass to sudo
# WARNING: leaving out the defaults might create unexpected behaviours
#sudo_flags = -H -S -n
# SSH timeout
#timeout = 10 #默认SSH 超时时间
# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root
# logging is off by default unless this path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log
# default module name for /usr/bin/ansible
#module_name = command # 默认执行的模块
# use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh
# if inventory variables overlap, does the higher precedence one win
# or are hash values merged together? The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace
# by default, variables from roles will be visible in the global variable
# scope. To prevent this, the following option can be enabled, and only
# tasks and handlers within the role will see the variables there
#private_role_vars = yes
# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
# if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file
# If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line.
#vault_password_file = /path/to/vault_password_file
# format of string {{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
# in some situations so the default is a static string:
#ansible_managed = Ansible managed
# by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the
# task is skipped.
#display_skipped_hosts = True
# by default, if a task in a playbook does not include a name: field then
# ansible-playbook will construct a header that includes the task's action but
# not the task's args. This is a security feature because ansible cannot know
# if the *module* considers an argument to be no_log at the time that the
# header is printed. If your environment doesn't have a problem securing
# stdout from ansible-playbook (or you have manually specified no_log in your
# playbook on all of the tasks where you have secret information) then you can
# safely set this to True to get more informative messages.
#display_args_to_stdout = False
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False
# by default (as of 1.6), Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible.
# to disable these warnings, set the following value to False:
#system_warnings = True
# by default (as of 1.4), Ansible may display deprecation warnings for language
# features that should no longer be used and will be removed in future versions.
# to disable these warnings, set the following value to False:
#deprecation_warnings = True
# (as of 1.8), Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a default Ansible module
# instead. These warnings can be silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line
# parameter string. This will for example suggest using the git module
# instead of shelling out to the git command.
# command_warnings = False
# set plugin path directories here, separate with colons
# 默认插件存放的路径
#action_plugins = /usr/share/ansible/plugins/action
#cache_plugins = /usr/share/ansible/plugins/cache
#callback_plugins = /usr/share/ansible/plugins/callback
#connection_plugins = /usr/share/ansible/plugins/connection
#lookup_plugins = /usr/share/ansible/plugins/lookup
#inventory_plugins = /usr/share/ansible/plugins/inventory
#vars_plugins = /usr/share/ansible/plugins/vars
#filter_plugins = /usr/share/ansible/plugins/filter
#test_plugins = /usr/share/ansible/plugins/test
#terminal_plugins = /usr/share/ansible/plugins/terminal
#strategy_plugins = /usr/share/ansible/plugins/strategy
# by default, ansible will use the 'linear' strategy but you may want to try
# another one
#strategy = free
# by default callbacks are not loaded for /bin/ansible, enable this if you
# want, for example, a notification or logging callback to also apply to
# /bin/ansible runs
#bin_ansible_callbacks = False
# don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1
# set which cowsay stencil you'd like to use by default. When set to 'random',
# a random stencil will be selected for each task. The selection will be filtered
# against the `cow_whitelist` option below.
#cow_selection = default
#cow_selection = random
# when using the 'random' option for cowsay, stencils will be restricted to this list.
# it should be formatted as a comma-separated list with no spaces between names.
# NOTE: line continuations here are for formatting purposes only, as the INI parser
# in python does not support them.
#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
# don't like colors either?
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1
# if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their
# current IP information.
#fact_caching = memory
#This option tells Ansible where to cache facts. The value is plugin dependent.
#For the jsonfile plugin, it should be a path to a local directory.
#For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
#fact_caching_connection=/tmp # getfact缓存的主机信息存放方式
# retry files
# When a playbook fails by default a .retry file will be created in ~/
# You can disable this feature by setting retry_files_enabled to False
# and you can change the location of the files by setting retry_files_save_path
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry #错误重启文件存放目录
# squash actions
# Ansible can optimise actions that call modules with list parameters
# when looping. Instead of calling the module once per with_ item, the
# module is called once with all items at once. Currently this only works
# under limited circumstances, and only with parameters named 'name'.
#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
# prevents logging of task data, off by default
#no_log = False
# prevents logging of tasks, but only on the targets, data is still logged on the master/controller
#no_target_syslog = False
# controls whether Ansible will raise an error or warning if a task has no
# choice but to create world readable temporary files to execute a module on
# the remote machine. This option is False by default for security. Users may
# turn this on to have behaviour more like Ansible prior to 2.1.x. See
# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
# for more secure ways to fix this than enabling this option.
#allow_world_readable_tmpfiles = False
# controls the compression level of variables sent to
# worker processes. At the default of 0, no compression
# is used. This value must be an integer from 0 to 9.
#var_compression_level = 9
# controls what compression method is used for new-style ansible modules when
# they are sent to the remote system. The compression types depend on having
# support compiled into both the controller's python and the client's python.
# The names should match with the python Zipfile compression types:
# * ZIP_STORED (no compression. available everywhere)
# * ZIP_DEFLATED (uses zlib, the default)
# These values may be set per host via the ansible_module_compression inventory
# variable
#module_compression = 'ZIP_DEFLATED'
# This controls the cutoff point (in bytes) on --diff for files
# set to 0 for unlimited (RAM may suffer!).
#max_diff_size = 1048576
# This controls how ansible handles multiple --tags and --skip-tags arguments
# on the CLI. If this is True then multiple arguments are merged together. If
# it is False, then the last specified argument is used and the others are ignored.
# This option will be removed in 2.8.
#merge_multiple_cli_flags = True
# Controls showing custom stats at the end, off by default
#show_custom_stats = True
# Controls which files to ignore when using a directory as inventory with
# possibly multiple sources (both static and dynamic)
#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
# This family of modules use an alternative execution path optimized for network appliances
# only update this setting if you know how this works, otherwise it can break module execution
#network_group_modules=eos, nxos, ios, iosxr, junos, vyos
# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
# jinja2 templating language which will be run through the templating engine.
# ENABLING THIS COULD BE A SECURITY RISK
#allow_unsafe_lookups = False
# set default errors for all plays
#any_errors_fatal = False
privilege_escalation
[privilege_escalation] #become=True #是否sudo #become_method=sudo #sudo方式 #become_user=root #sudo后的用户 #become_ask_pass=False #sudo后是否验证密码
paramiko_connection
[paramiko_connection] # uncomment this line to cause the paramiko connection plugin to not record new host # keys encountered. Increases performance on new host additions. Setting works independently of the # host key checking setting above. #record_host_keys=False #不记录新主机的key提升效率 # by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this # line to disable this behaviour. #pty=False #禁用sudo功能 # paramiko will default to looking for SSH keys initially when trying to # authenticate to remote devices. This is a problem for some network devices # that close the connection after a key failure. Uncomment this line to # disable the Paramiko look for keys function #look_for_keys = False # When using persistent connections with Paramiko, the connection runs in a # background process. If the host doesn't already have a valid SSH key, by # default Ansible will prompt to add the host key. This will cause connections # running in background processes to fail. Uncomment this line to have # Paramiko automatically add host keys. #host_key_auto_add = True
ssh_connection
[ssh_connection] # ssh arguments to use # Leaving off ControlPersist will result in poor performance, so use # paramiko on older platforms rather than removing it, -C controls compression use #ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s # The base directory for the ControlPath sockets. # This is the "%(directory)s" in the control_path option # # Example: # control_path_dir = /tmp/.ansible/cp #control_path_dir = ~/.ansible/cp # The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname, # port and username (empty string in the config). The hash mitigates a common problem users # found with long hostames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format. # In those cases, a "too long for Unix domain socket" ssh error would occur. # # Example: # control_path = %(directory)s/%%h-%%r #control_path = # Enabling pipelining reduces the number of SSH operations required to # execute a module on the remote server. This can result in a significant # performance improvement when enabled, however when using "sudo:" you must # first disable 'requiretty' in /etc/sudoers # # By default, this option is disabled to preserve compatibility with # sudoers configurations that have requiretty (the default on many distros). # #pipelining = False #管道加速功能,需要配置requiretty使用 # Control the mechanism for transferring files (old) # * smart = try sftp and then try scp [default] # * True = use scp only # * False = use sftp only #scp_if_ssh = smart # Control the mechanism for transferring files (new) # If set, this will override the scp_if_ssh option # * sftp = use sftp to transfer files # * scp = use scp to transfer files # * piped = use 'dd' over SSH to transfer files # * smart = try sftp, scp, and piped, in that order [default] #transfer_method = smart # if False, sftp will not use batch mode to transfer files. This may cause some # types of file transfer failures impossible to catch however, and should # only be disabled if your sftp version has problems with batch mode #sftp_batch_mode = False # The -tt argument is passed to ssh when pipelining is not enabled because sudo # requires a tty by default. #use_tty = True # Number of times to retry an SSH connection to a host, in case of UNREACHABLE. # For each retry attempt, there is an exponential backoff, # so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max). #retries = 3
accelerate
[accelerate] #accelerate_port = 5099 # 加速连接端口 #accelerate_timeout = 30 #命令执行超时 #accelerate_connect_timeout = 5.0 #连接超时 # The daemon timeout is measured in minutes. This time is measured # from the last activity to the accelerate daemon. #accelerate_daemon_timeout = 30 #上一个活动连接的时间 # If set to yes, accelerate_multi_key will allow multiple # private keys to be uploaded to it, though each user must # have access to the system via SSH to add a new key. The default # is "no". #accelerate_multi_key = yes
selinux
[selinux] # file systems that require special treatment when dealing with security context # the default behaviour that copies the existing context or uses the user default # needs to be changed to use the file system dependent context. #special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p # Set this to yes to allow libvirt_lxc connections to work without SELinux. #libvirt_lxc_noseclabel = yes
colors
[colors] #highlight = white #verbose = blue #warn = bright purple #error = red #debug = dark gray #deprecate = purple #skip = cyan #unreachable = red #ok = green #changed = yellow #diff_add = green #diff_remove = red #diff_lines = cyan
基于ssh key 验证
产生ssh公钥
# ssh-keygen -t rsa -C "test.ansible" Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 02:ec:bd:bb:8c:d0:fb:fc:4a:d7:25:00:dc:62:e2:de test.ansible The key's randomart image is: +--[ RSA 2048]----+ | ... | | .. +.. | | .oo .. | | ..o . | | ...o S . . | | .. Eo . o | | . . o . . | | . * o | | o.B+. | +-----------------+ #
copy ssh key公钥
# ssh-copy-id -i /root/.ssh/id_rsa.pub root@47.96.×.× The authenticity of host '47.96.×.× (47.96.×.×)' can't be established. ECDSA key fingerprint is 21:d2:86:df:11:58:b2:88:4b:2d:b2:dc:81:e1:35:a6. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@47.96.×.×'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@47.96.×.×'" and check to make sure that only the key(s) you wanted were added. #
ansible 基本命令使用
语法
# ansible --help | head -n 1 Usage: ansible <host-pattern> [options] #
<host-pattern>
是Inventory中定义的主机或者主机组,可以为,ip hostname group等
[options]
-m NAME , --module-name=NAME: 指定执行使用的模块 -u USERNAME, --user=USERNAME: 指定远程主机以USERNAME运行命令 -s , --sudo: 相当于linux系统下的sudo命令 -U SUDO_USERNAME , --sudo-user=SUDO_USERNAME: 使用sudo,相当于linux下的sudo命令
案例
1.查看全部主机的hostname
# date +"%F_%H_%M_%S" ; ansible all -m command -a "hostname" ; date +"%F_%H_%M_%S" 2019-02-14_14_10_06 118.24.×.× | CHANGED | rc=0 >> VM_16_16_centos 121.196.×.× | CHANGED | rc=0 >> iZbp17twzbvh62ydqkggc2Z 47.111.×.× | CHANGED | rc=0 >> iZbp14gjvbmzrz8z1jyorvZ 47.96.×.× | CHANGED | rc=0 >> iZbp1hvlnilb22bvkdnk4mZ 47.105.×.× | CHANGED | rc=0 >> iZm5edwptyaf0mwcw02muhZ 47.96.×.× | CHANGED | rc=0 >> iZbp1eafj0lnxqoiww6l3bZ 116.62.×.× | CHANGED | rc=0 >> iZbp1fzb5xamtnab0jhofuZ 47.244.×.× | CHANGED | rc=0 >> iZj6cb5ign9dl1h9l412g5Z 2019-02-14_14_10_15 #
2.查看group1,group2的磁盘空间
# ansible group1,group2 -m command -a "df -h" 121.196.×.× | CHANGED | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/vda1 40G 1.7G 36G 5% / devtmpfs 486M 0 486M 0% /dev tmpfs 496M 0 496M 0% /dev/shm tmpfs 496M 432K 496M 1% /run tmpfs 496M 0 496M 0% /sys/fs/cgroup tmpfs 100M 0 100M 0% /run/user/0 47.111.×.× | CHANGED | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/vda1 40G 1.7G 36G 5% / devtmpfs 486M 0 486M 0% /dev tmpfs 496M 0 496M 0% /dev/shm tmpfs 496M 432K 496M 1% /run tmpfs 496M 0 496M 0% /sys/fs/cgroup tmpfs 100M 0 100M 0% /run/user/0 47.96.×.× | CHANGED | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/vda1 40G 1.7G 36G 5% / devtmpfs 486M 0 486M 0% /dev tmpfs 496M 0 496M 0% /dev/shm tmpfs 496M 432K 496M 1% /run tmpfs 496M 0 496M 0% /sys/fs/cgroup tmpfs 100M 0 100M 0% /run/user/0 47.105.×.× | CHANGED | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/vda1 40G 1.8G 36G 5% / devtmpfs 486M 0 486M 0% /dev tmpfs 496M 0 496M 0% /dev/shm tmpfs 496M 432K 496M 1% /run tmpfs 496M 0 496M 0% /sys/fs/cgroup tmpfs 100M 0 100M 0% /run/user/0#
3.查看47.105.×.×的内存使用情况
# ansible 47.105.×.× -m shell -a "free -h"
47.105.×.× | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 991M 65M 743M 432K 181M 778M
Swap: 0B 0B 0B
#
ansible AD-Hoc命令集
ansible 命令用法
Usage: ansible <host-pattern> [options] 可用选项如下: -v 输出更为详细的执行过此 -vvv 可得到执行过程的所有信息 -i PATH ,指定inventory信息,默认/etc/ansible/host -f NUM, --forks=NUM ,并发线程数,默认5个 -m NAME,指定执行使用的模块 -a 模块参数 -k 认证密码 -K 认证sudo密码 -o 标准输出至一行 -t DIRECTORY 输出信息至DIRECTORY目录下,结果文件以远程主机命名
ansible 命令执行流程
# ansible 116.62.×.× -m command -a "df -h" -vvv
ansible 2.7.7
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
Using /etc/ansible/ansible.cfg as config file
/etc/ansible/hosts did not meet host_list requirements, check plugin documentation if this is unexpected
/etc/ansible/hosts did not meet script requirements, check plugin documentation if this is unexpected
Parsed /etc/ansible/hosts inventory source with ini plugin
META: ran handlers
<116.62.×.×> ESTABLISH SSH CONNECTION FOR USER: None
<116.62.×.×> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/e870a09818 116.62.×.× '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<116.62.×.×> (0, '/root\n', '')
<116.62.×.×> ESTABLISH SSH CONNECTION FOR USER: None
<116.62.×.×> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/e870a09818 116.62.×.× '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1550125721.57-130973814602143 `" && echo ansible-tmp-1550125721.57-130973814602143="` echo /root/.ansible/tmp/ansible-tmp-1550125721.57-130973814602143 `" ) && sleep 0'"'"''
<116.62.×.×> (0, 'ansible-tmp-1550125721.57-130973814602143=/root/.ansible/tmp/ansible-tmp-1550125721.57-130973814602143\n', '')
Using module file /usr/lib/python2.7/site-packages/ansible/modules/commands/command.py
<116.62.×.×> PUT /root/.ansible/tmp/ansible-local-18588u6H5KJ/tmps8P40y TO /root/.ansible/tmp/ansible-tmp-1550125721.57-130973814602143/AnsiballZ_command.py
<116.62.×.×> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/e870a09818 '[116.62.×.×]'
<116.62.×.×> (0, 'sftp> put /root/.ansible/tmp/ansible-local-18588u6H5KJ/tmps8P40y /root/.ansible/tmp/ansible-tmp-1550125721.57-130973814602143/AnsiballZ_command.py\n', '')
<116.62.×.×> ESTABLISH SSH CONNECTION FOR USER: None
<116.62.×.×> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/e870a09818 116.62.×.× '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1550125721.57-130973814602143/ /root/.ansible/tmp/ansible-tmp-1550125721.57-130973814602143/AnsiballZ_command.py && sleep 0'"'"''
<116.62.×.×> (0, '', '')
<116.62.×.×> ESTABLISH SSH CONNECTION FOR USER: None
<116.62.×.×> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/e870a09818 -tt 116.62.×.× '/bin/sh -c '"'"'/usr/bin/python /root/.ansible/tmp/ansible-tmp-1550125721.57-130973814602143/AnsiballZ_command.py && sleep 0'"'"''
<116.62.×.×> (0, '\r\n{"changed": true, "end": "2019-02-14 14:28:43.648606", "stdout": "Filesystem Size Used Avail Use% Mounted on\\n/dev/vda1 40G 1.8G 36G 5% /\\ndevtmpfs 486M 0 486M 0% /dev\\ntmpfs 496M 0 496M 0% /dev/shm\\ntmpfs 496M 436K 496M 1% /run\\ntmpfs 496M 0 496M 0% /sys/fs/cgroup\\ntmpfs 100M 0 100M 0% /run/user/0", "cmd": ["df", "-h"], "rc": 0, "start": "2019-02-14 14:28:43.623024", "stderr": "", "delta": "0:00:00.025582", "invocation": {"module_args": {"warn": true, "executable": null, "_uses_shell": false, "_raw_params": "df -h", "removes": null, "argv": null, "creates": null, "chdir": null, "stdin": null}}}\r\n', 'Shared connection to 116.62.×.× closed.\r\n')
<116.62.×.×> ESTABLISH SSH CONNECTION FOR USER: None
<116.62.×.×> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/e870a09818 116.62.×.× '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1550125721.57-130973814602143/ > /dev/null 2>&1 && sleep 0'"'"''
<116.62.×.×> (0, '', '')
116.62.×.× | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 40G 1.8G 36G 5% /
devtmpfs 486M 0 486M 0% /dev
tmpfs 496M 0 496M 0% /dev/shm
tmpfs 496M 436K 496M 1% /run
tmpfs 496M 0 496M 0% /sys/fs/cgroup
tmpfs 100M 0 100M 0% /run/user/0
META: ran handlers
META: ran handlers
#
ansible执行逻辑:
现在宿主机生成py文件(在ansible目录下的tmp下),连接至远程主机,将py文件copy至远程主机$HOME/.ansible/tmp/ansible-tmp-数字/ 目录下 远端执行命令 将命令返回至宿主机
ansible 常用模块
ping
[root@VM_16_16_centos ~]# ansible group3 -m ping
47.96.×.× | SUCCESS => {
"changed": false,
"ping": "pong"
}
116.62.×.× | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@VM_16_16_centos ~]#
command (默认模块)
[root@VM_16_16_centos ~]# ansible group5 -m command -a "date" 118.24.×.× | CHANGED | rc=0 >> Fri Feb 15 08:49:37 CST 2019 [root@VM_16_16_centos ~]#
cron
创建新cron
[root@VM_16_16_centos ~]# ansible group5 -m cron -a 'minute="*" job="/usr/bin/echo hello" name="Hello"'
118.24.×.× | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"Hello"
]
}
[root@VM_16_16_centos ~]#
删除cron
[root@VM_16_16_centos ~]# ansible group5 -m cron -a 'minute="*" job="/usr/bin/echo hello" name="Hello" state="absent"'
118.24.×.× | CHANGED => {
"changed": true,
"envs": [],
"jobs": []
}
[root@VM_16_16_centos ~]#
user
新建用户
[root@VM_16_16_centos ~]# ansible group5 -m user -a 'name="jack"'
118.24.×.× | CHANGED => {
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/jack",
"name": "jack",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
[root@VM_16_16_centos ~]#
删除用户
[root@VM_16_16_centos ~]# ansible group5 -m user -a 'name="jack" state="absent"'
118.24.×.× | CHANGED => {
"changed": true,
"force": false,
"name": "jack",
"remove": false,
"state": "absent"
}
[root@VM_16_16_centos ~]#
copy
[root@VM_16_16_centos ~]# ansible group5 -m copy -a 'src="/root/shell.sh" dest="/root/output" mode="777" owner="mysql" backup="yes"'
118.24.×.× | CHANGED => {
"changed": true,
"checksum": "0c6e11149cb332837cd3c496c28982a5d070c8b5",
"dest": "/root/output/shell.sh",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "mysql",
"path": "/root/output/shell.sh",
"size": 24,
"state": "file",
"uid": 1000
}
[root@VM_16_16_centos ~]#
[root@VM_16_16_centos ~]# echo "123" >> shell.sh
[root@VM_16_16_centos ~]# ansible group5 -m copy -a 'src="/root/shell.sh" dest="/root/output" mode="777" owner="mysql" backup="yes"'
118.24.×.× | CHANGED => {
"backup_file": "/root/output/shell.sh.18807.2019-02-15@09:34:05~",
"changed": true,
"checksum": "5407d07a1693951861d84121a023c18aaf72633a",
"dest": "/root/output/shell.sh",
"gid": 0,
"group": "root",
"md5sum": "7a1d74fa7b6e9ee01a35b097f6401c38",
"mode": "0777",
"owner": "mysql",
"size": 28,
"src": "/root/.ansible/tmp/ansible-tmp-1550194444.02-2693174122698/source",
"state": "file",
"uid": 1000
}
[root@VM_16_16_centos ~]# ansible group5 -m shell -a 'ls -l /root/output | grep "shell"'
118.24.×.× | CHANGED | rc=0 >>
-rwxrwxrwx 1 mysql root 28 Feb 15 09:34 shell.sh
-rwxrwxrwx 1 mysql root 24 Feb 15 09:32 shell.sh.18807.2019-02-15@09:34:05~
[root@VM_16_16_centos ~]#
file模块
赋予所有者权限
[root@VM_16_16_centos ~]# ansible group5 -m file -a 'path="/root/output/shell.sh" owner="root"'
118.24.×.× | CHANGED => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"path": "/root/output/shell.sh",
"size": 28,
"state": "file",
"uid": 0
}
[root@VM_16_16_centos ~]#
创建连接文件
[root@VM_16_16_centos ~]# ansible group5 -m file -a 'src="/root/output/shell.sh" path="/root/shell.sh.link" state="link"'
118.24.×.× | CHANGED => {
"changed": true,
"dest": "/root/shell.sh.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 21,
"src": "/root/output/shell.sh",
"state": "link",
"uid": 0
}
[root@VM_16_16_centos ~]# ansible group5 -m shell -a 'ls -l /root | grep shell.sh.link'
118.24.×.× | CHANGED | rc=0 >>
lrwxrwxrwx 1 root root 21 Feb 15 09:41 shell.sh.link -> /root/output/shell.sh
[root@VM_16_16_centos ~]#
service模块
[root@VM_16_16_centos ~]# ansible group5 -m service -a 'name="nginx" state="started" enabled="yes"'
118.24.×.× | CHANGED => {
"changed": true,
"enabled": true,
"name": "nginx",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "systemd-journald.socket basic.target -.mount network.target tmp.mount system.slice nss-lookup.target remote-fs.target",
"AllowIsolate": "no",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Before": "shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"Conflicts": "shutdown.target",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The nginx HTTP and reverse proxy server",
"DevicePolicy": "auto",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -s HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStartPre": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx -t ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/nginx.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "nginx.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestampMonotonic": "0",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "process",
"KillSignal": "3",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "1000000",
"LimitNPROC": "3894",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "3894",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "0",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "nginx.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PIDFile": "/run/nginx.pid",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "yes",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "basic.target -.mount",
"RequiresMountsFor": "/var/tmp",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "5s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"Wants": "system.slice",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
[root@VM_16_16_centos ~]#
script模块
[root@VM_16_16_centos ~]# cat shell.sh
#!/bin/bash
systemctl stop nginx.service
[root@VM_16_16_centos ~]# ansible group5 -m script -a '/root/shell.sh'
118.24.×.× | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 118.24.×.× closed.\r\n",
"stderr_lines": [
"Shared connection to 118.24.×.× closed."
],
"stdout": "",
"stdout_lines": []
}
[root@VM_16_16_centos ~]#
yum 模块
[root@VM_16_16_centos ~]# ansible group5 -m yum -a 'name="nginx"'
118.24.×.× | CHANGED => {
"ansible_facts": {
"pkg_mgr": "yum"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror, langpacks\nLoading mirror speeds from cached hostfile\nResolving Dependencies\n--> Running transaction check\n---> Package nginx.x86_64 1:1.12.2-2.el7 will be installed\n--> Processing Dependency: nginx-all-modules = 1:1.12.2-2.el7 for package: 1:nginx-1.12.2-2.el7.x86_64\n--> Running transaction check\n---> Package nginx-all-modules.noarch 1:1.12.2-2.el7 will be installed\n--> Processing Dependency: nginx-mod-http-geoip = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch\n--> Processing Dependency: nginx-mod-http-image-filter = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch\n--> Processing Dependency: nginx-mod-http-perl = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch\n--> Processing Dependency: nginx-mod-http-xslt-filter = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch\n--> Processing Dependency: nginx-mod-mail = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch\n--> Processing Dependency: nginx-mod-stream = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch\n--> Running transaction check\n---> Package nginx-mod-http-geoip.x86_64 1:1.12.2-2.el7 will be installed\n---> Package nginx-mod-http-image-filter.x86_64 1:1.12.2-2.el7 will be installed\n---> Package nginx-mod-http-perl.x86_64 1:1.12.2-2.el7 will be installed\n---> Package nginx-mod-http-xslt-filter.x86_64 1:1.12.2-2.el7 will be installed\n---> Package nginx-mod-mail.x86_64 1:1.12.2-2.el7 will be installed\n---> Package nginx-mod-stream.x86_64 1:1.12.2-2.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository\n Size\n================================================================================\nInstalling:\n nginx x86_64 1:1.12.2-2.el7 epel 530 k\nInstalling for dependencies:\n nginx-all-modules noarch 1:1.12.2-2.el7 epel 16 k\n nginx-mod-http-geoip x86_64 1:1.12.2-2.el7 epel 23 k\n nginx-mod-http-image-filter x86_64 1:1.12.2-2.el7 epel 26 k\n nginx-mod-http-perl x86_64 1:1.12.2-2.el7 epel 36 k\n nginx-mod-http-xslt-filter x86_64 1:1.12.2-2.el7 epel 26 k\n nginx-mod-mail x86_64 1:1.12.2-2.el7 epel 54 k\n nginx-mod-stream x86_64 1:1.12.2-2.el7 epel 76 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+7 Dependent packages)\n\nTotal download size: 788 k\nInstalled size: 1.9 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 1.0 MB/s | 788 kB 00:00 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : 1:nginx-mod-http-geoip-1.12.2-2.el7.x86_64 1/8 \n Installing : 1:nginx-mod-mail-1.12.2-2.el7.x86_64 2/8 \n Installing : 1:nginx-mod-http-xslt-filter-1.12.2-2.el7.x86_64 3/8 \n Installing : 1:nginx-mod-http-image-filter-1.12.2-2.el7.x86_64 4/8 \n Installing : 1:nginx-mod-stream-1.12.2-2.el7.x86_64 5/8 \n Installing : 1:nginx-1.12.2-2.el7.x86_64 6/8 \n Installing : 1:nginx-mod-http-perl-1.12.2-2.el7.x86_64 7/8 \n Installing : 1:nginx-all-modules-1.12.2-2.el7.noarch 8/8 \n Verifying : 1:nginx-mod-http-perl-1.12.2-2.el7.x86_64 1/8 \n Verifying : 1:nginx-mod-http-geoip-1.12.2-2.el7.x86_64 2/8 \n Verifying : 1:nginx-1.12.2-2.el7.x86_64 3/8 \n Verifying : 1:nginx-mod-mail-1.12.2-2.el7.x86_64 4/8 \n Verifying : 1:nginx-all-modules-1.12.2-2.el7.noarch 5/8 \n Verifying : 1:nginx-mod-http-xslt-filter-1.12.2-2.el7.x86_64 6/8 \n Verifying : 1:nginx-mod-http-image-filter-1.12.2-2.el7.x86_64 7/8 \n Verifying : 1:nginx-mod-stream-1.12.2-2.el7.x86_64 8/8 \n\nInstalled:\n nginx.x86_64 1:1.12.2-2.el7 \n\nDependency Installed:\n nginx-all-modules.noarch 1:1.12.2-2.el7 \n nginx-mod-http-geoip.x86_64 1:1.12.2-2.el7 \n nginx-mod-http-image-filter.x86_64 1:1.12.2-2.el7 \n nginx-mod-http-perl.x86_64 1:1.12.2-2.el7 \n nginx-mod-http-xslt-filter.x86_64 1:1.12.2-2.el7 \n nginx-mod-mail.x86_64 1:1.12.2-2.el7 \n nginx-mod-stream.x86_64 1:1.12.2-2.el7 \n\nComplete!\n"
]
}
[root@VM_16_16_centos ~]#
Playbook 快速入门
检查yaml语法 # ansible-playbook playbook.yaml --syntax-check 在机器上预执行playbook,但是不会对实体机造成影响 # ansible-playbook playbook.yaml --check 查看playbook会影响的主机 # ansible-playbook playbook.yaml --list-host
第一个ansible-playbook
yaml
---
- hosts: all
tasks:
- name: 安装httpd
yum: name=httpd
- name: 启动httpd
service: name=httpd state=started
检查语法
[root@VM_16_16_centos playbook]# ansible-playbook test1.yaml --syntax-check playbook: test1.yaml [root@VM_16_16_centos playbook]#
执行ansible-playbook
[root@VM_16_16_centos playbook]# ansible-playbook test1.yaml
PLAY [all] *******************************************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************************************************************************************************************************************
ok: [121.196.×.×]
ok: [47.105.×.×]
ok: [47.111.×.×]
ok: [47.96.×.×]
ok: [47.96.×.×]
ok: [118.24.×.×]
ok: [116.62.×.×]
ok: [47.244.×.×]
TASK [安装httpd] ***************************************************************************************************************************************************************************************************************************************************************
changed: [47.96.×.×]
changed: [47.105.×.×]
changed: [47.111.×.×]
changed: [121.196.×.×]
changed: [47.244.×.×]
changed: [118.24.×.×]
changed: [47.96.×.×]
changed: [116.62.×.×]
TASK [启动httpd] ***************************************************************************************************************************************************************************************************************************************************************
changed: [47.96.×.×]
changed: [47.111.×.×]
changed: [121.196.×.×]
changed: [47.105.×.×]
changed: [47.96.×.×]
changed: [118.24.×.×]
fatal: [116.62.×.×]: FAILED! => {"changed": false, "msg": "Unable to start service httpd: Job for httpd.service failed because the control process exited with error code. See \"systemctl status httpd.service\" and \"journalctl -xe\" for details.\n"}
fatal: [47.244.×.×]: FAILED! => {"changed": false, "msg": "httpd: apr_sockaddr_info_get() failed for iZj6cb5ign9dl1h9l412g5Z\nhttpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName\n(98)Address already in use: make_sock: unable to listen for connections on address 0.0.0.0:80\nno listening sockets available, shutting down\nUnable to open logs\n"}
to retry, use: --limit @/root/playbook/test1.retry
PLAY RECAP *******************************************************************************************************************************************************************************************************************************************************************
116.62.×.× : ok=2 changed=1 unreachable=0 failed=1
118.24.×.× : ok=3 changed=2 unreachable=0 failed=0
121.196.×.× : ok=3 changed=2 unreachable=0 failed=0
47.105.×.× : ok=3 changed=2 unreachable=0 failed=0
47.111.×.× : ok=3 changed=2 unreachable=0 failed=0
47.244.×.× : ok=2 changed=1 unreachable=0 failed=1
47.96.×.× : ok=3 changed=2 unreachable=0 failed=0
47.96.×.× : ok=3 changed=2 unreachable=0 failed=0
[root@VM_16_16_centos playbook]#
第二个ansible-playbook,使用变量item
yaml
---
- hosts: all
tasks:
- name: 停掉httpd
service: name=httpd state=stopped
- name: 卸载httpd httpd-devel
yum: name={{ item }} state=absent
with_items:
- httpd
- httpd-devel
检查语法
[root@VM_16_16_centos playbook]# ansible-playbook ./test1.2.yaml --syntax-check playbook: ./test1.2.yaml [root@VM_16_16_centos playbook]#
执行ansible-playbook
[root@VM_16_16_centos playbook]# ansible-playbook ./test1.2.yaml
PLAY [all] *******************************************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************************************************************************************************************************************
ok: [47.111.×.×]
ok: [47.96.×.×]
ok: [121.196.×.×]
ok: [116.62.×.×]
ok: [118.24.×.×]
ok: [47.96.×.×]
ok: [47.105.×.×]
ok: [47.244.×.×]
TASK [停掉httpd] ***************************************************************************************************************************************************************************************************************************************************************
changed: [47.111.×.×]
changed: [121.196.×.×]
changed: [47.96.×.×]
changed: [116.62.×.×]
changed: [118.24.×.×]
changed: [47.244.×.×]
changed: [47.96.×.×]
changed: [47.105.×.×]
TASK [卸载httpd httpd-devel] ***************************************************************************************************************************************************************************************************************************************************
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions is deprecated. Instead of using a loop to supply multiple items and specifying `name: "{{ item }}"`, please use `name: ['httpd', 'httpd-devel']` and remove the loop. This feature will
be removed in version 2.11. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions is deprecated. Instead of using a loop to supply multiple items and specifying `name: "{{ item }}"`, please use `name: ['httpd', 'httpd-devel']` and remove the loop. This feature will
be removed in version 2.11. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions is deprecated. Instead of using a loop to supply multiple items and specifying `name: "{{ item }}"`, please use `name: ['httpd', 'httpd-devel']` and remove the loop. This feature will
be removed in version 2.11. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions is deprecated. Instead of using a loop to supply multiple items and specifying `name: "{{ item }}"`, please use `name: ['httpd', 'httpd-devel']` and remove the loop. This feature will
be removed in version 2.11. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions is deprecated. Instead of using a loop to supply multiple items and specifying `name: "{{ item }}"`, please use `name: ['httpd', 'httpd-devel']` and remove the loop. This feature will
be removed in version 2.11. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
changed: [47.96.×.×] => (item=[u'httpd', u'httpd-devel'])
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions is deprecated. Instead of using a loop to supply multiple items and specifying `name: "{{ item }}"`, please use `name: ['httpd', 'httpd-devel']` and remove the loop. This feature will
be removed in version 2.11. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
changed: [121.196.×.×] => (item=[u'httpd', u'httpd-devel'])
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions is deprecated. Instead of using a loop to supply multiple items and specifying `name: "{{ item }}"`, please use `name: ['httpd', 'httpd-devel']` and remove the loop. This feature will
be removed in version 2.11. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
changed: [47.111.×.×] => (item=[u'httpd', u'httpd-devel'])
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions is deprecated. Instead of using a loop to supply multiple items and specifying `name: "{{ item }}"`, please use `name: ['httpd', 'httpd-devel']` and remove the loop. This feature will
be removed in version 2.11. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
changed: [116.62.×.×] => (item=[u'httpd', u'httpd-devel'])
changed: [118.24.×.×] => (item=[u'httpd', u'httpd-devel'])
changed: [47.96.×.×] => (item=[u'httpd', u'httpd-devel'])
changed: [47.244.×.×] => (item=[u'httpd', u'httpd-devel'])
changed: [47.105.×.×] => (item=[u'httpd', u'httpd-devel'])
PLAY RECAP *******************************************************************************************************************************************************************************************************************************************************************
116.62.×.× : ok=3 changed=2 unreachable=0 failed=0
118.24.×.× : ok=3 changed=2 unreachable=0 failed=0
121.196.×.× : ok=3 changed=2 unreachable=0 failed=0
47.105.×.× : ok=3 changed=2 unreachable=0 failed=0
47.111.×.× : ok=3 changed=2 unreachable=0 failed=0
47.244.×.× : ok=3 changed=2 unreachable=0 failed=0
47.96.×.× : ok=3 changed=2 unreachable=0 failed=0
47.96.×.× : ok=3 changed=2 unreachable=0 failed=0
[root@VM_16_16_centos playbook]#
ansible-playbook 配置tomcat
---
- hosts: all
tasks:
- name: 创建新目录
file: path={{ item }} state="directory"
with_items:
- "/root/soft"
- "/usr/local/tomcat"
- name: 下载tomcat
command: wget -P /root/soft http://mirrors.hust.edu.cn/apache/tomcat/tomcat-9/v9.0.16/bin/apache-tomcat-9.0.16.tar.gz
- name: 解压下载的文件
unarchive: src=/root/soft/apache-tomcat-9.0.16.tar.gz dest=/usr/local/tomcat copy=no mode=0755
- name: 安装openjdk
yum: name={{ item }}
with_items:
- java-1.8.0-openjdk
- java-1.8.0-openjdk-devel
- name: 开启tomcat
shell: nohup /usr/local/tomcat/apache-tomcat-9.0.16/bin/startup.sh &
ansible-playbook 配置nginx
---
- hosts: 121.196.×.×
tasks:
- name: 新建nginx下载目录
file: path={{ item }} state="directory"
with_items:
- "/root/soft"
- name: 下载nginx
get_url: url=http://nginx.org/download/nginx-1.15.8.tar.gz dest=/root/soft
- name: 安装必要包
yum:
name: "{{ packages }}"
vars:
packages:
- gcc
- openssl
- openssl-devel
- name: 解压nginx
unarchive: src=/root/soft/nginx-1.15.8.tar.gz dest=/root/soft copy=no
- name: 编译安装nginx
shell: cd /root/soft/nginx-1.15.8 && ./configure --prefix=/usr/local/nginx --with-http_realip_module --with-http_ssl_module && make && make install
- name: 启动nginx
shell: nohup /usr/local/nginx/sbin/nginx &
ansible-playbook 配置nginx
nginx.yaml
---
- hosts: all
vars_files:
vars.yaml
tasks:
- name: 新建nginx下载目录
file: path={{ item }} state="directory"
with_items:
- "/root/soft"
- name: 下载nginx
get_url: url=http://nginx.org/download/nginx-1.15.8.tar.gz dest={{ down_load_dirs }}
- name: 安装必要包
yum:
name: "{{ packages }}"
vars:
packages:
- gcc
- openssl
- openssl-devel
- name: 解压nginx
unarchive: src=/root/soft/nginx-{{ nginx_version }}.tar.gz dest={{ down_load_dirs }} copy=no
- name: 编译安装nginx
shell: cd /root/soft/nginx-1.15.8 && ./configure --prefix={{ install_dirs }} --with-http_realip_module --with-http_ssl_module && make && make install
- name: 启动nginx
shell: nohup /usr/local/nginx/sbin/nginx &
vars.yaml
--- # 软件包的下载路径 down_load_dirs: /root/soft # nginx版本号 nginx_version: 1.15.8 # nginx安装目录 install_dirs: /usr/local/nginx
标签:16,changed,nginx,ansible,no,初探,root 来源: https://www.cnblogs.com/wang-li/p/10486591.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。