目錄
一.故事背景
二.Ansible簡介
什么是Ansible?
Ansible的特點
Ansible的架構
三.Ansible任務執行解析
ansible任務執行模式
ansible執行流程
ansible命令執行過程(重要)
四.Ansible配置解析
ansible的安裝方式
ansible的程序結構(yum安裝為例)
ansible的配置文件查找順序(重要)
ansible的配置文件
ansible的主機清單
五.Ansible常用命令
ansible命令集解釋
ansible-doc命令
ansible命令
ansible配置公私鑰
六.部署ansible管理集群
實驗環境
實驗步驟
添加主機清單
配置公私鑰(三下回車)
七.Ansible常用模塊
主機連通性測試
command模塊
shell模塊
copy模塊
file模塊
fetch模塊
cron模塊
yum模塊
service模塊
user模塊
group模塊
script模塊
setup模塊
八.總結
一.故事背景
結束zabbix之后,緊接著就是自動化模塊,本節內容是有關Ansible自動化模塊的內容,介紹了ansible最基礎的內容。
二.Ansible簡介
什么是Ansible?
-
ansible是新出現的自動化運維工具,基于python開發,集合了很多的運維工具(puppet、chef、func、fabric)的優點,實現了批量系統配置、批量程序部署、批量運行命令等功能。
-
ansible是基于paramiko開發的,并且基于模塊化工作,它本身沒有批量部署的能力。真正具有批量部署的是ansible所運行的模塊,ansible只是提供一種框架,ansible不需要在遠程主機上安裝client/agents,因為它們是基于ssh來和遠程主機通訊的。ansible目前已經被紅帽官方收購,是自動化運維工具認可度最高的。
-
更加詳細的資源參考官方文檔,如右是Ansible的官方網站:Ansible Documentation
Ansible的特點
-
部署簡單,只需要在主控端部署Ansible環境,被控端無需做任何操作;
-
默認使用SSH協議對設備進行管理;
-
有大量的常規運維操作模塊,可實現日常絕大部分的操作;
-
配置簡單、功能強大、擴展性強;
-
支持API以及自定義模塊,可以通過Python輕松擴展;
-
通過Playbooks來定制強大的配置、狀態管理;
-
輕量級、無需在客戶端安裝agent,更新時,只需在操作機上進行一次更新即可;
-
提供一個功能強大、操作性強的web管理界面和REST API接口——AWX平臺。
Ansible的架構
-
Ansible:Ansible的核心程序
-
HostInventory:記錄有Ansible管理的主機信息,包括端口、密碼、IP地址等
-
Playbooks:“劇本”YAML格式的文件,多個任務定義在一個文件中,定義主機需要調用哪些模塊來完成的功能。
-
CoreModules:核心模塊,主要操作是通過調用核心模塊來完成管理任務
-
CustomModules:自定義模塊,完成核心模塊無法完成的功能,支持多種語言。
-
ConnectionPlugins:連接插件,Ansible和Host通信使用
三.Ansible任務執行解析
ansible任務執行模式
-
ansible系統由控制主機被管節點的操作方式可以分為兩類,即adhoc和playbook
-
ad-hoc模式(點對點模式)
使用單個模塊,支持批量執行單條命令。ad-hoc命令是一種可以快速輸入的命令,而且不需要保存起來的命令。就相當于bash中的一句話shell
-
playbook模式(劇本模式)
劇本模式是Ansible的主要管理方式,也是Ansible功能強大的關鍵所在。playbook通過多個task(任務)集合完成一類功能,比如web服務的安裝部署、數據庫服務的批量備份等。可以簡單地把playbook理解為通過組合多條ad-hoc操作的配置文件
ansible執行流程
簡單理解就是Ansible在運行時,首先讀取ansible.cfg中的配置,根據規則獲取Inventory中的管理主機列表,并行的在這些主機中執行配置的任務,最后等待執行返回結果。 ?
ansible命令執行過程(重要)
-
加載自己的配置文件,默認為/etc/ansible/ansible.cfg;
-
查找對應的主機配置文件,找到要執行的主機或者組;
-
加載自己對應的模塊文件,如command;
-
通過ansible將模塊或者命令生成對應的py文件(python腳本),并且將該文件傳輸到遠程服務器;
-
對應執行用戶的家目錄.ansible/tmp/xxx/xxx.py文件;
-
給文件添加執行權限;
-
執行并且返回結果;
-
刪除臨時的py文件, sleep 0退出;
四.Ansible配置解析
ansible的安裝方式
-
ansible安裝常用兩種方式,yum安裝和pip程序安裝。
使用pip(python的包管理模塊)安裝
-
首先,我們需要安裝python-pip包,安裝完成之后,則直接使用pip命令來安裝我們的包,具體操作過程如下:
yum install python-pip
pip install ansible?
使用yum安裝
-
yum安裝是我們比較熟悉的安裝方式。我們需要先安裝一個epel-release包,然后再安裝ansible即可。
yum install epel-release -y
yum install ansible -y?
ansible的程序結構(yum安裝為例)
-
配置文件目錄:/etc/ansible/
-
執行文件目錄:/usr/bin/
-
Lib庫依賴目錄:/usr/lib/pyhtonX.X/site-packages/ansible/
-
Help文檔目錄:/usr/share/doc/ansible-X.X.X/
-
Man文檔目錄:/usr/share/man/man1/
ansible的配置文件查找順序(重要)
-
ansible與我們其他的服務在這一點上又很大的不同,這里的配置文件查找是從多個地方找的,順序如下:
1.檢查環境變量 ANSIBLE_CONFIG 指向的路徑文件(export ANSIBLE_CONFIG=/etc/ansible/ansible.cfg);
2. ~/.ansible.cfg,檢查當前目錄下的ansible.cfg配置文件;
3./etc/ansible.cfg檢查etc目錄的配置文件。
ansible的配置文件
-
ansible的配置文件路徑是/etc/ansible/ansible.cfg,ansible許多參數,
默認沒有,可以使用命令生成或者去官網尋找,我們使用命令生成
ansible-config init --disabled -t all > ansible.cfg
下面我們列出一些常見的參數:
inventory = /etc/ansible/hosts? ? #這個參數表示資源清單inventory文件的位置
library = /usr/share/ansible ? ?#指向存放ansible模塊的目錄,支持多個目錄方式,只要用冒號(:)隔開就行。
?
fbrks = 5 ? ?#并發連接數,默認為5
sudo_user = root ? ?#設置默認執行命令的用戶 ,2.14版本中是:become_user=root
remote_port = 22 ? ?#指定連接被管理節點的端口,默認為22端口,為安全考慮,建議修改
host_key_checking = False ? ?#設置是否檢查SSH主機的密鑰,值為True/False,關閉后第一次連接不會提示配置實例
timeout = 60 ? ?#設置SSH連接的超時時間,單位為秒
log_path = /var/log/ansible.cfg ? ?#指定一個存儲ansible日志的文件(默認不記錄日志)
ansible的主機清單
-
在配置文件中,我們提到了資源清單,這個清單就是主機清單,里面保存的是一些ansible需要連接管理的主機列表。
-
如下是ansible主機清單的定義方式:
1.直接指明主機地址或者主機名:
#green.example.com#
#bule.example.com#
# 192.168.115.101
# 192.168.115.102
?
2.定義一個主機組(組名)把地址或者主機名加進去
[mysql_test]
192.168.115.101
192.168.115.102
192.168.115.103?
需要注意的是,這里的組成員可以使用通配符來匹配,這樣對于一些標準化管理就比較方便。我們可以根據實際情況來配置我們的主機列表。
這里添加一組主機
五.Ansible常用命令
ansible命令集解釋
-
/usr/bin/ansible,Ansible AD-Hoc臨時命令執行工具,常用于臨時命令的執行
-
/usr/bin/ansible-doc,Ansible模塊功能查看工具(document)
-
/usr/bin/ansible-galaxy,下載上傳優秀的代碼或者Roles模塊的官網平臺,基于網絡的
-
/usr/bin/ansible-playbook,Ansible定制自動化的任務集編排工具
-
/usr/bin/ansible-pull,Ansible遠程執行命令的工具,拉取配置而非推送配置(使用較少,海量機器時使用,對運維架構能力要求高)
-
/usr/bin/ansible-vault,Ansible文件加密工具
-
/usr/bin/ansible-console,Ansible基于Linux Consoble界面可與用戶交互的命令執行工具
-
ansible-community:
-
含義:
-
“ansible-community” 嚴格來說不是一個命令。Ansible 是一個自動化工具,Ansible 社區(Ansible-community)是圍繞 Ansible 項目的一個開源社區。這個社區主要負責維護和開發 Ansible 相關的內容,包括模塊、插件、角色等。社區成員通過貢獻代碼、提交問題、參與討論等方式來改進 Ansible 生態。
-
-
用法:
-
作為用戶,你可以在社區網站(Ansible Galaxy)上查找其他人共享的 Ansible 角色。例如,如果你要部署一個 Web 服務器,你可以搜索像 “nginx-ansible-role” 這樣的角色。下載并使用這些角色可以極大地簡化你的 Ansible 配置過程。
-
你也可以參與社區討論,在社區論壇或者 Ansible 官方的 GitHub 倉庫(https://github.com/ansible/ansible)中提交問題或者功能請求。如果你是開發者,還可以貢獻自己編寫的 Ansible 模塊或角色,幫助完善 Ansible 的功能。
-
-
-
ansible-config
:-
含義:
-
ansible-config
命令用于查看和管理 Ansible 的配置。Ansible 的配置文件控制著 Ansible 的行為,例如它會指定 Inventory 文件(用于定義主機列表和主機組)的位置、連接類型(SSH 等)、模塊搜索路徑等諸多設置。
-
-
用法:
-
查看配置選項:
-
運行
ansible-config view
可以查看 Ansible 的當前配置。它會顯示配置文件中的所有設置,包括默認設置和用戶自定義設置。例如,它會顯示inventory
選項的值,該值指向 Ansible 用于確定受管主機的文件或腳本路徑。
-
-
列出配置文件搜索路徑:
-
使用
ansible-config list
命令可以列出 Ansible 在啟動時查找配置文件的路徑順序。Ansible 會按照一定的順序查找配置文件,通常會先查找當前目錄下的ansible.cfg
,然后是用戶主目錄下的~/.ansible.cfg
,最后是系統默認的配置文件路徑(如/etc/ansible/ansible.cfg
)。這有助于你了解 Ansible 從哪里讀取配置信息。
-
-
檢查配置文件中的特定選項:
-
可以使用
ansible-config dump-- only-changed
命令來只顯示用戶修改過的配置選項。這在你有一個復雜的 Ansible 配置環境,并且只想查看與默認設置不同的部分時非常有用。例如,如果你在ansible.cfg
文件中修改了remote_user
選項,運行此命令就會只顯示remote_user
相關的配置內容。
-
-
-
-
ansible-inventory:
-
含義
-
ansible-inventory
是 Ansible 的一個重要組件,用于管理 Ansible 的主機清單。主機清單定義了 Ansible 將要管理的目標主機,包括主機的 IP 地址、主機名、所屬的組等信息。它就像是 Ansible 的 “目標地圖”,告訴 Ansible 需要在哪些主機上執行任務。
-
?用法
-
查看主機清單內容
-
基本的查看命令是
-
以特定格式輸出主機清單,YAML 格式對于人類閱讀可能更友好一些。繼續以上面的主機清單為例,YAML 格式輸出如下
-
-
檢查主機是否在清單中
-
可以使用
ansible-inventory --host <hostname>
命令來檢查特定主機是否在主機清單中,并查看該主機的相關變量。例如,ansible-inventory --host web1.example.com
會輸出該主機所屬的組以及其變量(如果有)。如果主機不在清單中,會顯示相應的提示信息。
-
-
使用動態主機清單腳本
-
Ansible 也支持動態主機清單。你可以編寫一個腳本來動態生成主機清單內容,例如從一個數據庫或者云服務提供商的 API 獲取主機信息。假設你有一個名為
dynamic_inventory.py
的動態主機清單腳本,你可以通過ansible-inventory-- inventory <path_to_script>
來使用它。這樣,每次 Ansible 運行任務時,都會先執行這個腳本獲取最新的主機清單信息。
-
-
較為常用的是/usr/bin/ansible和/usr/bin/ansible-playbook
ansible-doc命令
-
ansible-doc命令常用于獲取模板塊信息及其適用幫助,一般用法如下:
?ansible-doc -l ? ?##獲取全部模塊信息
ansible-doc -s MOD_NAME ? ?#獲取指定模塊的使用幫助
ansible-doc的全部用法:
usage: ansible-doc [-h] [--version] [-v] [-M MODULE_PATH]
...
optional arguments:--metadata-dump **For internal testing only** Dump json metadata forall plugins.--playbook-dir BASEDIRSince this tool does not use playbooks, use this as asubstitute playbook directory.This sets the relativepath for many features including roles/ group_vars/etc.--version show program's version number, config file location,configured module search path, module location,executable location and exit-F, --list_files Show plugin names and their source files withoutsummaries (implies --list)##-M,指定模塊的路徑-M MODULE_PATH, --module-path MODULE_PATHprepend colon-separated path(s) to module library (default=~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules)
##-h,顯示命令參數API文檔-h, --help show this help message and exit##輸出為json格式-j, --json Change output into json format.
##-l,列出可用模塊-l, --list List available plugins##-s,顯示劇本指定模塊的用法-s, --snippet Show playbook snippet for specified plugin(s)
ansible命令
-
ansible命令的具體格式如下
ansible <host-pattern> <-f forks> [-m module_name] [-a args]
#使用ansible -h來查看幫助-a,MODULE_ARGS #模塊的參數,如果執行默認COMMAND的模塊,即是命令參數,如:“date”,"pwd"。
-k,--ask-pass #ask for SSH password。登錄密碼,提示輸入SSH密碼而不是假設基于密鑰的驗證
--ask-pass #ask for SSH。su切換密碼
-K,--ask-sudo-pass #ask for sudo password。提示密碼使用sudo,sudo表示提權操作
--ask-vault-pass #ask for vault password。 假設我們設定了加密的密碼,則用該選項進行訪問
-B SECONDS #后臺超時時間
-C #模擬運行環境并且進行預運行,可以進行查錯測試
-c CONNECTION #連接類型使用
-f FORKS #并行任務數,默認為5
-i INVENTORY #指定主機清單的路徑,默認為/etc/ansible/hosts
--list-hosts #查看有哪些主機組
-m MODULE_NAME #執行模塊的名字,默認使用command模塊,所以如果只執行單一命令可以不用 -m 參數
-o #壓縮輸出,嘗試講所有結果在一行輸出,一般針對收集工具使用
-S #用su命令
-R SU_USER #指定su的用戶,默認為root用戶
-s #用sudo的命令
-U SUDO_USERSUDO #指定sudo到哪個用戶,默認為root用戶
-T TIMEOUT #指定ssh默認超時時間,默認為10s,也可以在配置文件中修改
-u REMOTE_USER #遠程用戶,默認為root用戶
-v #查看詳細信息,同時支持 -vvv,-vvvv可以查看更加詳細的信息
ansible配置公私鑰
上面已經提到ansible是基于ssh協議實現管理主機的,所以ansible配置公私鑰的方式與ssh協議的方式相同,具體操作步驟如下:
1.生產私鑰
ssh-keygen
2.向被管理主機分發私鑰
ssh-copy-id root@192.168.71.193
ssh-copy-id root@192.168.71.195
六.部署ansible管理集群
實驗環境
主機名 | IP地址 | 安裝包 |
ansible | 192.168.71.196/24 | epel-release、ansible |
node1 | 192.168.71.195/24 | - |
node2 | 192.168.71.193/24 |
實驗步驟
添加主機清單
vim /etc/ansible/hosts
配置公私鑰(三下回車)
將密鑰拷貝過去
?
七.Ansible常用模塊
主機連通性測試
使用下列命令對主機清單中的資源進行連通性測試,出現下列信息說明主機處于連通狀態
command模塊
command模塊可以直接在遠程主機上執行命令,并且結果返回打印出來
命令模塊接受命令名稱,后面是空格分隔的列表參數。給定的命令將在所有選定的節點上執行,它不會通過shell進行處理,比如$HOME和操作如“<”,">","| ", " ; " ," &?" (需要使用 shell模塊實現這些功能)。注意,command模塊不支持 |? 管道命令。
下面是command模塊常用的幾個命令:
-
chdir:在執行命令之前,先切換到該目錄
-
execurable:切換shell來執行命令,需要使用命令的絕對路徑
-
free_form:要執行的Linux指令,一般使用Ansible的-a參數代替
-
creates:一個文件名,當這個文件存在,則該命令不執行,可以用來做判斷
-
removes:一個文件名,這個文件不存在,則該命令不執行
shell模塊
-
shell模塊可以在遠程主機上調用shell解釋器運行命令,支持shell的各種功能,例如管道等
-
只要是shell命令都可以在通過這個模塊在遠程主機里面運行
由于command不支持 管道符,所以它只會支持cat /etc/passwd命令 ????????
copy模塊
-
這個模塊用于將文件復制到遠程主機上,同時支持給定的內容生成文件和修改權限等
-
copy模塊的相關選項如下:
-
src:被復制到遠程主機的本地文件。可以是絕對路徑,也可以是相對路徑。如果路徑是一個目錄,則會遞歸復制,用法類似于“rsync”。
-
content:用于替換“src”,可以直接指定文件的值。
-
dest:必選項,將源文件復制到遠程主機的絕對路徑。
-
backup:當文件內容發生改變之后,在覆蓋之前,把源文件備份,備份文件包含時間信息
-
directory_mode:遞歸設定目錄的權限,默認為系統默認權限。
-
force:當目標主機包含該文件,但是內容不同時,設定為“yes”,表示強制覆蓋;設定為“no”表示目標主機的目標位置不存在該文件才復制。默認為“yes”
-
others:所有的file模塊中的選項可以在這里使用
-
mode:設置文件權限
-
給定內容生成文件,并且制定權限
我們在兩臺主機上查看文件以及權限?
備份源文件,并且覆蓋源文件
創建新的內容覆蓋原文件,并且備份
查看被控主機的文件狀態?
file模塊
-
file模塊主要用于設置文件的屬性,比如創建文件、創建連接文件、刪除文件等,如下為常見的命令:
-
force:需要兩種情況下強制創建軟連接,一種是源文件不存在,但是之后會建立的情況下;另外一種是目標軟鏈接已存在,需要取消之前的軟鏈接,然后創建新的,有兩個選項:yes|no。
-
path:指定創建路徑
-
-
group:定義文件/目錄的屬組。后面可以加上mode:定義文件/目錄的權限。
-
owner:定義文件/目錄的屬主,后面必須加上path:定義文件/目錄的路徑。
-
recurse:遞歸設置文件的屬性,只對目錄有效,后面跟上src:被鏈接的源文件路徑,只應用于state=link的情況
-
dest:被鏈接到的路徑,只應用于state=link的情況
-
mode:指定權限。
-
state:狀態,有如下選項:
-
directory:如果目錄不存在,就創建目錄
-
file:即使文件不存在,也不會被創建;已經存在的文件可以修改文件的屬性。
-
link:創建軟鏈接
-
hard:創建硬鏈接
-
touch:如果文件不存在,則會創建一個新的文件,如果文件或者目錄已經存在,則更新其最后修改時間
-
absent:刪除目錄、文件或者取消鏈接文件
-
創建鏈接文件,實例如下:
刪除文件如下所示:
fetch模塊
-
fetch模塊用于從遠程某個主機獲取(復制)文件到本地來
-
dest:用來存儲文件的目錄。
-
src:在遠程拉取的文件,并且是一個file,不能是目錄
-
cron模塊
-
cron模塊用于管理crontab計劃性任務的,它的語法和crontab中的語法一致
-
day=
?:日應該運行的工作( 1-31, *, */2, ) -
hour=
?:小時 ( 0-23, *, */2, ) -
minute=
?:分鐘( 0-59, *, */2, ) -
month=
?:月( 1-12, *, /2, ) -
weekday=
?:?周 ( 0-6 for Sunday-Saturday,, ) -
job=
?:指明運行的命令是什么 -
name=
?:定時任務描述 -
reboot
?:任務在重啟時運行,不建議使用,建議使用special_time -
special_time
?:特殊的時間范圍,參數:reboot(重啟時),annually(每年),monthly(每月),weekly(每周),daily(每天),hourly(每小時) -
state
?:指定狀態-
present表示添加定時任務,也是默認設置,
-
absent表示刪除定時任務
-
-
user
?:以哪個用戶的身份執行
-
-
添加計劃性任務如下,實例如下:
刪除計劃性任務,比如我們計劃任務添加錯誤,則可以執行以下命令刪除計劃任務
yum模塊
-
yum模塊主要用于軟件的安裝,它的選項如下
-
name=? :所安裝的軟件包的名稱
-
-
state=? :
-
present--》安裝
-
latest--》安裝最新的
-
absent--》卸載軟件
-
-
update_cache :強制更新yum的緩存
-
conf_file? :指定遠程yum安裝時所依賴的配置文件(安裝本地已有的包)。
-
disable_pgp_check? :是否禁止GPG checking,只用于present 或者 latest。
-
disablerepo? :臨時禁止使用yum庫。只用于安裝或者更新時。
-
enablerepo? :臨時使用的yum庫。只用于安裝或者更新時。
service模塊
-
service模塊用于服務程序的管理,它的主要選項如下:
-
arguments:命令行提供額外的參數
-
-
enabled:設置開機自啟;true | false
-
name:服務名稱
-
runlevel:開機啟動的級別,一般不用指定。
-
sleep:在重啟服務的過程中,是否等待。如在服務關閉以后等待2秒在啟動。(定義在劇本當中)
-
state:有四種狀態分別為
-
started(啟動服務)
-
stopped(停止服務)
-
restarted(重啟服務)
-
reloaded(重載服務)
-
開啟httpd服務并且設置開啟自啟
httpd服務必須自行安裝httpd軟件包
檢查80端口有沒有開啟
開啟httpd服務并且設置開機自啟
詳細過程?
[root@ansible 192.168.71.193]# ansible webs -m service -a 'name=httpd state=started enabled=true'
192.168.71.193 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": true,"enabled": true,"name": "httpd","state": "started","status": {"AccessSELinuxContext": "system_u:object_r:httpd_unit_file_t:s0","ActiveEnterTimestampMonotonic": "0","ActiveExitTimestampMonotonic": "0","ActiveState": "inactive","After": "network.target httpd-init.service system.slice systemd-tmpfiles-setup.service sysinit.target tmp.mount remote-fs.target basic.target nss-lookup.target systemd-journald.socket -.mount","AllowIsolate": "no","AssertResult": "no","AssertTimestampMonotonic": "0","Before": "shutdown.target","BlockIOAccounting": "no","BlockIOWeight": "[not set]","CPUAccounting": "yes","CPUAffinityFromNUMA": "no","CPUQuotaPerSecUSec": "infinity","CPUQuotaPeriodUSec": "infinity","CPUSchedulingPolicy": "0","CPUSchedulingPriority": "0","CPUSchedulingResetOnFork": "no","CPUShares": "[not set]","CPUUsageNSec": "[not set]","CPUWeight": "[not set]","CacheDirectoryMode": "0755","CanFreeze": "yes","CanIsolate": "no","CanReload": "yes","CanStart": "yes","CanStop": "yes","CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore","CleanResult": "success","CollectMode": "inactive","ConditionResult": "no","ConditionTimestampMonotonic": "0","ConfigurationDirectoryMode": "0755","Conflicts": "shutdown.target","ControlGroupId": "0","ControlPID": "0","CoredumpFilter": "0x33","DefaultDependencies": "yes","DefaultMemoryLow": "0","DefaultMemoryMin": "0","Delegate": "no","Description": "The Apache HTTP Server","DevicePolicy": "auto","Documentation": "\"man:httpd.service(8)\"","DropInPaths": "/usr/lib/systemd/system/httpd.service.d/php-fpm.conf","DynamicUser": "no","Environment": "LANG=C","ExecMainCode": "0","ExecMainExitTimestampMonotonic": "0","ExecMainPID": "0","ExecMainStartTimestampMonotonic": "0","ExecMainStatus": "0","ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }","ExecReloadEx": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }","ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }","ExecStartEx": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }","ExitType": "main","FailureAction": "none","FileDescriptorStoreMax": "0","FinalKillSignal": "9","FragmentPath": "/usr/lib/systemd/system/httpd.service","FreezerState": "running","GID": "[not set]","GuessMainPID": "yes","IOAccounting": "no","IOReadBytes": "18446744073709551615","IOReadOperations": "18446744073709551615","IOSchedulingClass": "2","IOSchedulingPriority": "4","IOWeight": "[not set]","IOWriteBytes": "18446744073709551615","IOWriteOperations": "18446744073709551615","IPAccounting": "no","IPEgressBytes": "[no data]","IPEgressPackets": "[no data]","IPIngressBytes": "[no data]","IPIngressPackets": "[no data]","Id": "httpd.service","IgnoreOnIsolate": "no","IgnoreSIGPIPE": "yes","InactiveEnterTimestampMonotonic": "0","InactiveExitTimestampMonotonic": "0","JobRunningTimeoutUSec": "infinity","JobTimeoutAction": "none","JobTimeoutUSec": "infinity","KeyringMode": "private","KillMode": "mixed","KillSignal": "28","LimitAS": "infinity","LimitASSoft": "infinity","LimitCORE": "infinity","LimitCORESoft": "0","LimitCPU": "infinity","LimitCPUSoft": "infinity","LimitDATA": "infinity","LimitDATASoft": "infinity","LimitFSIZE": "infinity","LimitFSIZESoft": "infinity","LimitLOCKS": "infinity","LimitLOCKSSoft": "infinity","LimitMEMLOCK": "8388608","LimitMEMLOCKSoft": "8388608","LimitMSGQUEUE": "819200","LimitMSGQUEUESoft": "819200","LimitNICE": "0","LimitNICESoft": "0","LimitNOFILE": "524288","LimitNOFILESoft": "1024","LimitNPROC": "14261","LimitNPROCSoft": "14261","LimitRSS": "infinity","LimitRSSSoft": "infinity","LimitRTPRIO": "0","LimitRTPRIOSoft": "0","LimitRTTIME": "infinity","LimitRTTIMESoft": "infinity","LimitSIGPENDING": "14261","LimitSIGPENDINGSoft": "14261","LimitSTACK": "infinity","LimitSTACKSoft": "8388608","LoadState": "loaded","LockPersonality": "no","LogLevelMax": "-1","LogRateLimitBurst": "0","LogRateLimitIntervalUSec": "0","LogsDirectoryMode": "0755","MainPID": "0","ManagedOOMMemoryPressure": "auto","ManagedOOMMemoryPressureLimit": "0","ManagedOOMPreference": "none","ManagedOOMSwap": "auto","MemoryAccounting": "yes","MemoryAvailable": "infinity","MemoryCurrent": "[not set]","MemoryDenyWriteExecute": "no","MemoryHigh": "infinity","MemoryLimit": "infinity","MemoryLow": "0","MemoryMax": "infinity","MemoryMin": "0","MemorySwapMax": "infinity","MountAPIVFS": "no","NFileDescriptorStore": "0","NRestarts": "0","NUMAPolicy": "n/a","Names": "httpd.service","NeedDaemonReload": "no","Nice": "0","NoNewPrivileges": "no","NonBlocking": "no","NotifyAccess": "main","OOMPolicy": "continue","OOMScoreAdjust": "0","OnFailureJobMode": "replace","OnSuccessJobMode": "fail","Perpetual": "no","PrivateDevices": "no","PrivateIPC": "no","PrivateMounts": "no","PrivateNetwork": "no","PrivateTmp": "yes","PrivateUsers": "no","ProcSubset": "all","ProtectClock": "no","ProtectControlGroups": "no","ProtectHome": "no","ProtectHostname": "no","ProtectKernelLogs": "no","ProtectKernelModules": "no","ProtectKernelTunables": "no","ProtectProc": "default","ProtectSystem": "no","RefuseManualStart": "no","RefuseManualStop": "no","ReloadResult": "success","ReloadSignal": "1","RemainAfterExit": "no","RemoveIPC": "no","Requires": "-.mount system.slice sysinit.target","RequiresMountsFor": "/var/tmp","Restart": "no","RestartKillSignal": "28","RestartUSec": "100ms","RestrictNamespaces": "no","RestrictRealtime": "no","RestrictSUIDSGID": "no","Result": "success","RootDirectoryStartOnly": "no","RuntimeDirectoryMode": "0755","RuntimeDirectoryPreserve": "no","RuntimeMaxUSec": "infinity","RuntimeRandomizedExtraUSec": "0","SameProcessGroup": "no","SecureBits": "0","SendSIGHUP": "no","SendSIGKILL": "yes","Slice": "system.slice","StandardError": "inherit","StandardInput": "null","StandardOutput": "journal","StartLimitAction": "none","StartLimitBurst": "5","StartLimitIntervalUSec": "10s","StartupBlockIOWeight": "[not set]","StartupCPUShares": "[not set]","StartupCPUWeight": "[not set]","StartupIOWeight": "[not set]","StateChangeTimestampMonotonic": "0","StateDirectoryMode": "0755","StatusErrno": "0","StopWhenUnneeded": "no","SubState": "dead","SuccessAction": "none","SyslogFacility": "3","SyslogLevel": "6","SyslogLevelPrefix": "yes","SyslogPriority": "30","SystemCallErrorNumber": "2147483646","TTYReset": "no","TTYVHangup": "no","TTYVTDisallocate": "no","TasksAccounting": "yes","TasksCurrent": "[not set]","TasksMax": "22817","TimeoutAbortUSec": "1min 30s","TimeoutCleanUSec": "infinity","TimeoutStartFailureMode": "terminate","TimeoutStartUSec": "1min 30s","TimeoutStopFailureMode": "terminate","TimeoutStopUSec": "1min 30s","TimerSlackNSec": "50000","Transient": "no","Type": "notify","UID": "[not set]","UMask": "0022","UnitFilePreset": "disabled","UnitFileState": "disabled","UtmpMode": "init","Wants": "httpd-init.service php-fpm.service","WatchdogSignal": "6","WatchdogTimestampMonotonic": "0","WatchdogUSec": "infinity"}
}
192.168.71.195 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": true,"enabled": true,"name": "httpd","state": "started","status": {"AccessSELinuxContext": "system_u:object_r:httpd_unit_file_t:s0","ActiveEnterTimestampMonotonic": "0","ActiveExitTimestampMonotonic": "0","ActiveState": "inactive","After": "tmp.mount -.mount systemd-tmpfiles-setup.service nss-lookup.target httpd-init.service systemd-journald.socket basic.target system.slice remote-fs.target network.target sysinit.target","AllowIsolate": "no","AssertResult": "no","AssertTimestampMonotonic": "0","Before": "shutdown.target","BlockIOAccounting": "no","BlockIOWeight": "[not set]","CPUAccounting": "yes","CPUAffinityFromNUMA": "no","CPUQuotaPerSecUSec": "infinity","CPUQuotaPeriodUSec": "infinity","CPUSchedulingPolicy": "0","CPUSchedulingPriority": "0","CPUSchedulingResetOnFork": "no","CPUShares": "[not set]","CPUUsageNSec": "[not set]","CPUWeight": "[not set]","CacheDirectoryMode": "0755","CanFreeze": "yes","CanIsolate": "no","CanReload": "yes","CanStart": "yes","CanStop": "yes","CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore","CleanResult": "success","CollectMode": "inactive","ConditionResult": "no","ConditionTimestampMonotonic": "0","ConfigurationDirectoryMode": "0755","Conflicts": "shutdown.target","ControlGroupId": "0","ControlPID": "0","CoredumpFilter": "0x33","DefaultDependencies": "yes","DefaultMemoryLow": "0","DefaultMemoryMin": "0","Delegate": "no","Description": "The Apache HTTP Server","DevicePolicy": "auto","Documentation": "\"man:httpd.service(8)\"","DropInPaths": "/usr/lib/systemd/system/httpd.service.d/php-fpm.conf","DynamicUser": "no","Environment": "LANG=C","ExecMainCode": "0","ExecMainExitTimestampMonotonic": "0","ExecMainPID": "0","ExecMainStartTimestampMonotonic": "0","ExecMainStatus": "0","ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }","ExecReloadEx": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }","ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }","ExecStartEx": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }","ExitType": "main","FailureAction": "none","FileDescriptorStoreMax": "0","FinalKillSignal": "9","FragmentPath": "/usr/lib/systemd/system/httpd.service","FreezerState": "running","GID": "[not set]","GuessMainPID": "yes","IOAccounting": "no","IOReadBytes": "18446744073709551615","IOReadOperations": "18446744073709551615","IOSchedulingClass": "2","IOSchedulingPriority": "4","IOWeight": "[not set]","IOWriteBytes": "18446744073709551615","IOWriteOperations": "18446744073709551615","IPAccounting": "no","IPEgressBytes": "[no data]","IPEgressPackets": "[no data]","IPIngressBytes": "[no data]","IPIngressPackets": "[no data]","Id": "httpd.service","IgnoreOnIsolate": "no","IgnoreSIGPIPE": "yes","InactiveEnterTimestampMonotonic": "0","InactiveExitTimestampMonotonic": "0","JobRunningTimeoutUSec": "infinity","JobTimeoutAction": "none","JobTimeoutUSec": "infinity","KeyringMode": "private","KillMode": "mixed","KillSignal": "28","LimitAS": "infinity","LimitASSoft": "infinity","LimitCORE": "infinity","LimitCORESoft": "0","LimitCPU": "infinity","LimitCPUSoft": "infinity","LimitDATA": "infinity","LimitDATASoft": "infinity","LimitFSIZE": "infinity","LimitFSIZESoft": "infinity","LimitLOCKS": "infinity","LimitLOCKSSoft": "infinity","LimitMEMLOCK": "8388608","LimitMEMLOCKSoft": "8388608","LimitMSGQUEUE": "819200","LimitMSGQUEUESoft": "819200","LimitNICE": "0","LimitNICESoft": "0","LimitNOFILE": "524288","LimitNOFILESoft": "1024","LimitNPROC": "14260","LimitNPROCSoft": "14260","LimitRSS": "infinity","LimitRSSSoft": "infinity","LimitRTPRIO": "0","LimitRTPRIOSoft": "0","LimitRTTIME": "infinity","LimitRTTIMESoft": "infinity","LimitSIGPENDING": "14260","LimitSIGPENDINGSoft": "14260","LimitSTACK": "infinity","LimitSTACKSoft": "8388608","LoadState": "loaded","LockPersonality": "no","LogLevelMax": "-1","LogRateLimitBurst": "0","LogRateLimitIntervalUSec": "0","LogsDirectoryMode": "0755","MainPID": "0","ManagedOOMMemoryPressure": "auto","ManagedOOMMemoryPressureLimit": "0","ManagedOOMPreference": "none","ManagedOOMSwap": "auto","MemoryAccounting": "yes","MemoryAvailable": "infinity","MemoryCurrent": "[not set]","MemoryDenyWriteExecute": "no","MemoryHigh": "infinity","MemoryLimit": "infinity","MemoryLow": "0","MemoryMax": "infinity","MemoryMin": "0","MemorySwapMax": "infinity","MountAPIVFS": "no","NFileDescriptorStore": "0","NRestarts": "0","NUMAPolicy": "n/a","Names": "httpd.service","NeedDaemonReload": "no","Nice": "0","NoNewPrivileges": "no","NonBlocking": "no","NotifyAccess": "main","OOMPolicy": "continue","OOMScoreAdjust": "0","OnFailureJobMode": "replace","OnSuccessJobMode": "fail","Perpetual": "no","PrivateDevices": "no","PrivateIPC": "no","PrivateMounts": "no","PrivateNetwork": "no","PrivateTmp": "yes","PrivateUsers": "no","ProcSubset": "all","ProtectClock": "no","ProtectControlGroups": "no","ProtectHome": "no","ProtectHostname": "no","ProtectKernelLogs": "no","ProtectKernelModules": "no","ProtectKernelTunables": "no","ProtectProc": "default","ProtectSystem": "no","RefuseManualStart": "no","RefuseManualStop": "no","ReloadResult": "success","ReloadSignal": "1","RemainAfterExit": "no","RemoveIPC": "no","Requires": "sysinit.target system.slice -.mount","RequiresMountsFor": "/var/tmp","Restart": "no","RestartKillSignal": "28","RestartUSec": "100ms","RestrictNamespaces": "no","RestrictRealtime": "no","RestrictSUIDSGID": "no","Result": "success","RootDirectoryStartOnly": "no","RuntimeDirectoryMode": "0755","RuntimeDirectoryPreserve": "no","RuntimeMaxUSec": "infinity","RuntimeRandomizedExtraUSec": "0","SameProcessGroup": "no","SecureBits": "0","SendSIGHUP": "no","SendSIGKILL": "yes","Slice": "system.slice","StandardError": "inherit","StandardInput": "null","StandardOutput": "journal","StartLimitAction": "none","StartLimitBurst": "5","StartLimitIntervalUSec": "10s","StartupBlockIOWeight": "[not set]","StartupCPUShares": "[not set]","StartupCPUWeight": "[not set]","StartupIOWeight": "[not set]","StateChangeTimestampMonotonic": "0","StateDirectoryMode": "0755","StatusErrno": "0","StopWhenUnneeded": "no","SubState": "dead","SuccessAction": "none","SyslogFacility": "3","SyslogLevel": "6","SyslogLevelPrefix": "yes","SyslogPriority": "30","SystemCallErrorNumber": "2147483646","TTYReset": "no","TTYVHangup": "no","TTYVTDisallocate": "no","TasksAccounting": "yes","TasksCurrent": "[not set]","TasksMax": "22816","TimeoutAbortUSec": "1min 30s","TimeoutCleanUSec": "infinity","TimeoutStartFailureMode": "terminate","TimeoutStartUSec": "1min 30s","TimeoutStopFailureMode": "terminate","TimeoutStopUSec": "1min 30s","TimerSlackNSec": "50000","Transient": "no","Type": "notify","UID": "[not set]","UMask": "0022","UnitFilePreset": "disabled","UnitFileState": "disabled","UtmpMode": "init","Wants": "httpd-init.service php-fpm.service","WatchdogSignal": "6","WatchdogTimestampMonotonic": "0","WatchdogUSec": "infinity"}
}
通過service模塊關閉httpd服務
user模塊
-
user模塊主要用來管理用戶賬號,它的主要選項如下所示:
-
comment :用戶的描述信息
-
-
createhome:是否創建家目錄
-
force:在使用state=absent時,行為于userdel --force一致
-
group:指定基本組
-
groups:指定附加組
-
home:指定用戶家目錄
-
move_home:如果設置為home=時,試圖將用戶主目錄移動到指定的目錄
-
name:指定用戶名
-
non_unique:該選項允許改變非唯一的用戶ID值
-
password:指定用戶密碼,使用密文密碼
-
remove:在使用state=absent時,行為是與userdel --remove一致
-
shell:指定默認的shell
-
state:設置賬號狀態,不指定為默認創建,指定值為absent表示刪除
-
system:當創建一個用戶,設置這個用戶是系統用戶。這個設置不能更改現有的用戶
-
uid:指定用戶的uid
添加用戶并且指定用戶的uid和密碼
刪除用戶
group模塊
-
group模塊主要用于添加或者刪除組,常用選項如下所示:
-
gid= 設置組的GID號
-
-
name= 指定組的名稱
-
state= 指定組的狀態,默認為創建,設置值為absent為刪除
-
system= 設置值為yes,表示創建為系統組
創建組
查看已經創建的組
刪除組
script模塊
-
script模塊用于將本機的腳本在被管理端的機器上運行。該模塊直接指定腳本的路徑即可
-
現在本機寫一個腳本文件
運行這個腳本于被管理端
setup模塊
-
setup模塊主要用于收集信息,是通過調用facts組件來實現的,facts組件時Ansible用于采集被管理機器設備信息的一個功能。我們可以使用setup模塊查看機器的所有facts信息,可以使用filter來查看指定信息。整個facts信息被包裝在一個JSON格式的數據文件中,ansible_facts是最上層的值。
-
facts就是變量,內建變量。每個主機的各種信息,cpu個數,內存的大小等。會存在facts中的某個變量中,調用后返回很多對應主機的信息,在后面的操作中可以根據不同的信息來做不同的操作。比如redhat系列用yum安裝,而debian系列用apt安裝軟件
-
查看信息實例,查看被管理主機的內存
setup模塊還有一個很好的功能就是保存我們篩選出來的信息到我們的主機上,同時,文件名是被管理主機的IP地址,方便檢測那臺主機出現問題。
八.總結
本節內容介紹了有關ansible的最基礎的知識和命令的用法,為之后的深入使用做好鋪墊。