文章目錄
- 0. 老男孩思想-男女性需求差異
- 1. 手動指定客戶機密碼
- 2. 批量更新主機名
- 2.1 hostname模塊
- 2.2 添加主機清單變量
- 2.3 編寫批量修改主機名劇本
- 2.4 修改hosts文件
- 2.5 分發hosts文件劇本
- 3. ansible的并行進程數
- 4. 分組設置主機密碼-主機清單分組變量
- 5. 案例:ansible批量管理案例400臺機器
- 6. ansible循環
- 6.1 標準循環 (with_items)
- 6.1.1 添加多個用戶
- 6.2 字典列表循環
- 6.2.1 添加多個用戶,并添加uid、group
- 7. ansible判斷
- 7.1 根據系統類型安裝軟件
- 7.2 根據register變量判斷系統類型
- 8. jinja2模板
- 8.1 分發keepalived配置文件
- 8.1.1 編寫keepalived配置文件j2模板
- 8.1.2 編寫分發文件劇本
- 8.2 分發NFS配置文件
- 8.2.1 為nfs主機組添加分組變量
- 8.2.2 編寫nfs配置文件的j2模板
- 8.2.3 編寫分發配置文件劇本
- 8.3 分發rsync服務的配置文件
- 8.3.1 編寫rsync主機組分組變量
- 8.3.2 編寫rsync服務配置文件的j2模板
- 8.3.3 編寫分發劇本
- 8.4 分發多個nginx域名配置文件
- 8.4.1 編寫web主機組分組變量
- 8.4.2 編寫nginx域名配置文件的j2模板
- 8.4.3 編寫分發配置文件劇本
- 9. 思維導圖
0. 老男孩思想-男女性需求差異
女生對待性的方面往往不如男生強烈,特別是28歲以上的女生;只有滿足女生其他生理和心理需求,對方才會把性交給你保管,所以說性是她喜歡你之后附屬給你的東西。而男生恰恰相反,常常就是想到性然后就有了性的沖動,進而喜歡上一個女生。 —老男孩
1. 手動指定客戶機密碼
- 當服務機密碼認證失敗后,可以手動指定客戶機的用戶名和密碼
[root@m02 /server/ans/playbooks]# cat hosts
……
[bak]
172.16.1.41 ansible_user=root ansible_port=22 ansible_password=SKX2554.……
- 測試
[root@m02 /server/ans/playbooks]# ansible -i hosts bak -m ping
……
172.16.1.41 | SUCCESS => {"changed": false,"ping": "pong"
}
2. 批量更新主機名
2.1 hostname模塊
hostname模塊 用于管理目標主機的系統主機名(hostname)。它可以修改 臨時主機名和 永久主機名。
- 模塊參數:
- name:新主機名
- use:生效范圍
- runtime:臨時生效
- persistent:永久生效
2.2 添加主機清單變量
[root@m02 /server/ans/playbooks]# cat hosts
[lb]
172.16.1.5 hostname=lb01.oldboy.cn
172.16.1.6 hostname=lb02.oldboy.cn
[web]
172.16.1.7 hostname=web01.oldboy.cn
172.16.1.8 hostname=web02.oldboy.cn
172.16.1.9 hostname=web03.oldboy.cn
[db]
172.16.1.51 hostname=db01.oldboy.cn
172.16.1.52 hostname=db02.oldboy.cn
[nfs]
172.16.1.31 hostname=nfs01.oldboy.cn
[bak]
172.16.1.41 ansible_user=root ansible_port=22 ansible_password=SKX2554. hostname=backup.oldboy.cn[data:children]
db
nfs
bak
2.3 編寫批量修改主機名劇本
[root@m02 /server/ans/playbooks]# cat 07.hostname.yaml
- hosts: allgather_facts: falsetasks:- name: 1.修改主機名hostname: name: "{{ hostname }}"- name: 2.檢查主機名shell: "hostname"register: host #注冊變量,記錄執行命令的結果- name: 3.輸出主機名debug:msg: "{{ host.stdout }}"
- 測試:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 07.hostname.yaml
……TASK [1.修改主機名] *********************************************************************************************
ok: [172.16.1.9]
ok: [172.16.1.6]
fatal: [172.16.1.52]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: connect to host 172.16.1.52 port 22: No route to host", "unreachable": true}
ok: [172.16.1.7]
ok: [172.16.1.8]
ok: [172.16.1.31]
ok: [172.16.1.5]
ok: [172.16.1.51]
ok: [172.16.1.41]TASK [2.檢查主機名] *****************************************************************************************
changed: [172.16.1.9]
changed: [172.16.1.8]
changed: [172.16.1.7]
changed: [172.16.1.6]
changed: [172.16.1.5]
changed: [172.16.1.51]
changed: [172.16.1.31]
changed: [172.16.1.41]TASK [3.輸出主機名] *********************************************************************************************
ok: [172.16.1.5] => {"msg": "lb01.oldboy.cn"
}
ok: [172.16.1.6] => {"msg": "lb02.oldboy.cn"
}
ok: [172.16.1.7] => {"msg": "web01.oldboy.cn"
}
ok: [172.16.1.8] => {"msg": "web02.oldboy.cn"
}
ok: [172.16.1.9] => {"msg": "web03.oldboy.cn"
}
ok: [172.16.1.51] => {"msg": "db01.oldboy.cn"
}
……
2.4 修改hosts文件
[root@m02 /server/ans/playbooks]# sed -rn -i '/^172/s# (.*)# \1 \1.oldboy.cn#gp' /etc/hosts
[root@m02 /server/ans/playbooks]# cat /etc/hosts
172.16.1.5 lb01 lb01.oldboy.cn
172.16.1.6 lb02 lb02.oldboy.cn
172.16.1.7 web01 web01.oldboy.cn
172.16.1.8 web02 web02.oldboy.cn
172.16.1.9 web03 web03.oldboy.cn
172.16.1.31 nfs01 nfs01.oldboy.cn
172.16.1.41 backup backup.oldboy.cn
172.16.1.51 db01 db01.oldboy.cn
172.16.1.61 m01 m01.oldboy.cn
2.5 分發hosts文件劇本
[root@m02 /server/ans/playbooks]# cat 07.hosts.yaml
- hosts: allgather_facts: falsetasks:- name: 1.分發hosts文件copy:src: /etc/hostsdest: /etc/hosts
- 測試:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 07.hosts.yaml
……
3. ansible的并行進程數
- ansible默認并發執行的主機數是5
- 選項:
- -f,表示ansible的并發進程數,默認是5
4. 分組設置主機密碼-主機清單分組變量
- 編輯主機清單,添加分組變量
[root@m02 /server/ans/playbooks]# cat hosts
[lb]
172.16.1.5 hostname=lb01.oldboy.cn
172.16.1.6 hostname=lb02.oldboy.cn
[web]
172.16.1.7 hostname=web01.oldboy.cn
172.16.1.8 hostname=web02.oldboy.cn
172.16.1.9 hostname=web03.oldboy.cn
[db]
172.16.1.51 hostname=db01.oldboy.cn
172.16.1.52 hostname=db02.oldboy.cn
[nfs]
172.16.1.31 hostname=nfs01.oldboy.cn
[bak]
172.16.1.41 ansible_user=root ansible_port=22 ansible_password=SKX2554. hostname=backup.oldboy.cn[data:children]
db
nfs
bak[web:vars]
password=SKX2554.
[db:vars]
password=SKX2555.
- 編寫批量更新主機密碼劇本:
[root@m02 /server/ans/playbooks]# cat 08.passwd.yaml
- hosts: web,dbbecome: yes ## 需要 root 權限tasks:- name: 1.更新主機密碼user:name: rootpassword: "{{ password | password_hash('sha512') }}"
5. 案例:ansible批量管理案例400臺機器
- 這些機器密碼不相同
[ansible批量管理案例400臺機器項目](https://www.yuque.com/lidao996/sre/kva28zochq01n7l6)
6. ansible循環
6.1 標準循環 (with_items)
- 劇本選項:
- with_items
- loop
- 兩個選項用法相同
6.1.1 添加多個用戶
- 劇本:
[root@m02 /server/ans/playbooks]# cat 09.add_users.yaml
- hosts: alltasks:- name: 1.添加多個用戶user:name: "{{ item }}" # 該變量名不能改變state: presentwith_items: #循環的變量值- oldboy01- oldboy02- oldboy03
- 測試并檢查:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 09.add_users.yaml
……
[root@m02 /server/ans/playbooks]# ansible -i hosts all -m shell -a "tail -n 3 /etc/passwd"
……
172.16.1.7 | CHANGED | rc=0 >>
oldboy01:x:3001:3001::/home/oldboy01:/bin/bash
oldboy02:x:3002:3002::/home/oldboy02:/bin/bash
oldboy03:x:3003:3003::/home/oldboy03:/bin/bash
172.16.1.8 | CHANGED | rc=0 >>
oldboy01:x:3002:3002::/home/oldboy01:/bin/bash
oldboy02:x:3003:3003::/home/oldboy02:/bin/bash
oldboy03:x:3004:3004::/home/oldboy03:/bin/bash
……
6.2 字典列表循環
- 循環列表是字典結構
- 參數值是item的子標簽
6.2.1 添加多個用戶,并添加uid、group
- 劇本:
[root@m02 /server/ans/playbooks]# cat 10.add_users.yaml
- hosts: alltasks:- name: 1.添加用戶組group:name: "{{ item.name }}"gid: "{{ item.gid }}"state: presentloop:- { name: oldboy01, gid: 2010 }- { name: oldboy02, gid: 2011 }- { name: oldboy03, gid: 2012 }- name: 2.添加多個用戶,并指定uid,groupuser:name: "{{ item.name }}"uid: "{{ item.uid }}"group: "{{ item.name }}"state: presentloop:- { name: oldboy01, uid: 2010 }- { name: oldboy02, uid: 2011 }- { name: oldboy03, uid: 2012 }- 執行并測試:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 10.add_users.yaml
……
[root@m02 /server/ans/playbooks]# ansible -i hosts all -m shell -a 'tail -n 4 /etc/passwd'
……
172.16.1.6 | CHANGED | rc=0 >>
skx:x:3001:3001::/home/skx:/sbin/nologin
oldboy01:x:2010:2010::/home/oldboy01:/bin/bash
oldboy02:x:2011:2011::/home/oldboy02:/bin/bash
oldboy03:x:2012:2012::/home/oldboy03:/bin/bash
172.16.1.8 | CHANGED | rc=0 >>
skx:x:3001:3001::/home/skx:/sbin/nologin
oldboy01:x:2010:2010::/home/oldboy01:/bin/bash
oldboy02:x:2011:2011::/home/oldboy02:/bin/bash
oldboy03:x:2012:2012::/home/oldboy03:/bin/bash
……
7. ansible判斷
在 Ansible 中,判斷(條件控制)主要通過
when語句實現,它允許你根據變量、事實(facts)或任務執行結果來決定是否執行某個任務或模塊。
變量值 is match("pattern"):使用 正則表達式 匹配字符串
7.1 根據系統類型安裝軟件
- 系統類型可由facts變量獲取
[root@m02 /server/ans/playbooks]# cat 11.install_soft.yaml
- hosts: allgather_facts: truetasks:- name: 1.判斷是否是紅帽系統yum:name: cowsay,sl,nmap #可以安裝多個軟件state: latestwhen: ( ansible_distribution is match("Kylin|Rocky") )- name: 2.判斷是否是Ubuntu系統apt:name: cmatrix,nyancatstate: latestupdate_cache: yeswhen: ( ansible_distribution is match("Ubuntu|Debian") )
- 執行并測試:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 11.install_soft.yaml
……
TASK [1.判斷是否是紅帽系統] *************************************************************************************
changed: [172.16.1.6]
changed: [172.16.1.5]
changed: [172.16.1.7]
changed: [172.16.1.9]
changed: [172.16.1.8]
changed: [172.16.1.51]
changed: [172.16.1.41]
changed: [172.16.1.31]
changed: [172.16.1.52]TASK [2.判斷是否是Ubuntu系統] ***********************************************************************************
skipping: [172.16.1.5] # 根據when選項判斷,不符合會直接跳過
skipping: [172.16.1.6]
skipping: [172.16.1.7]
skipping: [172.16.1.8]
skipping: [172.16.1.9]
skipping: [172.16.1.51]
skipping: [172.16.1.52]
skipping: [172.16.1.31]
skipping: [172.16.1.41]
……
[root@m02 /server/ans/playbooks]# ssh web01 animalsay 孫克旭很強Authorized users only. All activities may be monitored and reported._______
< 孫克旭很強 >-------\ _\ (_)\ ^__^ / \\ (oo)\_____/_\ \(__)\ ) /||----w ((|| ||>>
7.2 根據register變量判斷系統類型
[root@m02 /server/ans/playbooks]# cat 11.install_soft_register.yaml
- hosts: allgather_facts: falsetasks:- name: 1.獲取主機版本shell: "hostnamectl |grep 'Operating System' |awk -F ':' '{print $2}'|xargs"register: os_name- name: 2.輸出變量信息debug:msg: "{{ os_name.stdout }}"- name: 3.判斷是否是紅帽系統yum:name: cowsay,sl,nmapstate: latestwhen: ( os_name.stdout is match ("Kylin|Rocky") )- name: 4.判斷是否是Ubuntu系統apt:name: cmatrix,nyancatstate: latestwhen: ( os_name.stdout is match ("Ubuntu|Debian") )8. jinja2模板
Jinja2 是 Ansible 使用的強大模板引擎,它允許你在配置文件中動態插入變量、使用控制結構和過濾器。
8.1 分發keepalived配置文件
8.1.1 編寫keepalived配置文件j2模板
[root@m02 /server/ans/playbooks/files]# cat keepalived.conf.j2
global_defs {router_id {{ansible_hostname}} # ansible變量
}{% if ansible_hostname in ["lb01","lb01.oldboy.cn"] %} #j2的判斷語句
vrrp_script check_lb.sh { script /server/scripts/check_lb.shinterval 2weight 1user root
}
{% endif %}vrrp_instance lb_vip_3 {{% if ansible_hostname in ["lb01","lb01.oldboy.cn"] %}state MASTERpriority 100#lidao master{% elif ansible_hostname in ["lb02","lb02.oldboy.cn"] %}state BACKUPpriority 50#lidao backup{% endif %}interface ens33virtual_router_id 51advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {10.0.0.3/24 dev ens33 label ens33:1}{% if ansible_hostname in ["lb01","lb01.oldboy.cn"] %}track_script {check_lb.sh}{% endif %}
}
8.1.2 編寫分發文件劇本
- 使用template模板
[root@m02 /server/ans/playbooks]# cat 12.keepalived.yaml
- hosts: lbgather_facts: true #j2模板需要facts變量tasks:- name: 1.install #下載keepalivedyum:name: keepalivedstate: present- name: 2.conf #分發keepalived配置文件template:src: ./files/keepalived.conf.j2dest: /etc/keepalived/keepalived.confbackup: true- name: 3.start #啟動keepalivedsystemd:name: keepalivedenabled: truestate: restarted
8.2 分發NFS配置文件
8.2.1 為nfs主機組添加分組變量
# 注意路徑
[root@m02 /server/ans/playbooks/group_vars]# cat nfs.yaml
# nfs共享目錄
nfs_dirs:- /nfsdata/- /nfs/pics- /nfs/blog- /nfs/zrlog
8.2.2 編寫nfs配置文件的j2模板
[root@m02 /server/ans/playbooks/files]# cat exports.j2
{% for dir in nfs_dirs %} #變量名是分組變量
#nfs服務端目錄 {{ dir }}
{{dir}} 172.16.1.0/24(rw,all_squash)
{% endfor %}
8.2.3 編寫分發配置文件劇本
[root@m02 /server/ans/playbooks]# cat 13.nfs_exports.yml
- hosts: nfs tasks: - name: template exports file #分發nfs配置文件template:src: ./files/exports.j2dest: /etc/exportsbackup: true
- 執行并檢查:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 13.nfs_exports.yml
……
[root@m02 /server/ans/playbooks]# ssh nfs01 cat /etc/exportsAuthorized users only. All activities may be monitored and reported.
#nfs服務端目錄 /nfsdata/
/nfsdata/ 172.16.1.0/24(rw,all_squash)
#nfs服務端目錄 /nfs/pics
/nfs/pics 172.16.1.0/24(rw,all_squash)
#nfs服務端目錄 /nfs/blog
/nfs/blog 172.16.1.0/24(rw,all_squash)
#nfs服務端目錄 /nfs/zrlog
/nfs/zrlog 172.16.1.0/24(rw,all_squash)
8.3 分發rsync服務的配置文件
8.3.1 編寫rsync主機組分組變量
[root@m02 /server/ans/playbooks/group_vars]# cat bak.yaml
# rsync配置文件中的模塊名稱和路徑
rsync_module:- { name: "data", dir: "/data" }- { name: "backup", dir: "/backup" }- { name: "blog", dir: "/nfs/backup/blog" }
8.3.2 編寫rsync服務配置文件的j2模板
[root@m02 /server/ans/playbooks/files]# cat rsyncd.conf.j2
fake super = yes
uid = rsync
gid = rsync
use chroot = no
max connections = 2000
timeout = 600
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
#hosts allow = 10.0.0.0/24
#hosts deny = 0.0.0.0/32
auth users = rsync_backup
secrets file = /etc/rsync.password
#####################################
{% for dir in rsync_module %}
[{{dir.name}}]
comment = by skx
path = {{ dir.dir }}
{% endfor %}
8.3.3 編寫分發劇本
[root@m02 /server/ans/playbooks]# cat 14.rsync.yaml
- hosts: bakgather_facts: falsetasks:- name: 1.分發rsync配置文件template:src: ./files/rsyncd.conf.j2dest: /etc/rsyncd.confbackup: true
- 測試:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 14.rsync.yaml
……
[root@m02 /server/ans/playbooks]# ssh backup cat /etc/rsyncd.confAuthorized users only. All activities may be monitored and reported.
fake super = yes
uid = rsync
gid = rsync
use chroot = no
max connections = 2000
timeout = 600
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
#hosts allow = 10.0.0.0/24
#hosts deny = 0.0.0.0/32
auth users = rsync_backup
secrets file = /etc/rsync.password
#####################################
[data]
comment = by skx
path = /data
[backup]
comment = by skx
path = /backup
[blog]
comment = by skx
path = /nfs/backup/blog
8.4 分發多個nginx域名配置文件
8.4.1 編寫web主機組分組變量
[root@m02 /server/ans/playbooks/group_vars]# cat web.yaml
# nginx域名
domain:- bird- game- blog
8.4.2 編寫nginx域名配置文件的j2模板
[root@m02 /server/ans/playbooks/files]# cat oldboy.conf.j2
server {listen 80;server_name {{ item }}.oldboy.cn;root /app/code/{{ item }};# 設置錯誤日志error_log /var/log/nginx/{{ item }}.oldboy.cn-error.log notice;# 設置訪問日志access_log /var/log/nginx/{{ item }}.oldboy.cn-access.log main;location / {index index.html;}
}
8.4.3 編寫分發配置文件劇本
[root@m02 /server/ans/playbooks]# cat 15.nginx_conf.yaml
- hosts: webgather_facts: falsetasks:- name: 1.分發配置文件template:src: ./files/oldboy.cn.conf.j2dest: /tmp/{{ item }}.oldboy.cn.confloop: "{{ domain }}"
- 執行:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 15.nginx_conf.yaml
……PLAY [web] ******************************************************************************************************TASK [1.分發配置文件] *******************************************************************************************
changed: [172.16.1.9] => (item=bird)
changed: [172.16.1.7] => (item=bird)
changed: [172.16.1.8] => (item=bird)
changed: [172.16.1.9] => (item=game)
changed: [172.16.1.8] => (item=game)
changed: [172.16.1.7] => (item=game)
changed: [172.16.1.9] => (item=blog)
……
9. 思維導圖
https://kdocs.cn/join/gpuxq6r?f=101\r\n邀請你加入共享群「老男孩教育Linux運維99期-孫克旭」一起進行文檔協作
的技術面試題)
)
AI編程的下一個范式革命——看Factory AI如何重構軟件工程?)
)
