您好,登录后才能下订单哦!
密码登录
登录注册
点击 登录注册 即表示同意《亿速云用户服务条款》
/etc/ansible/hosts
配置节点$ vim /etc/ansible/hosts
[new]
192.168.56.12
192.168.56.13
# 主控节点执行
$ ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ''
$ for host in 192.168.56.{11..12};do
ssh-keyscan $host >> ~/.ssh/hnow_hosts 2> /dev/null
sshpass -p '123456' ssh-copy-id root@$host &> /dev/null
done
将上面的方案playbook化:
---
- name: config ssh connection
hosts: new
gather_facts: false
tasks:
- name: configure ssh connection
shell: |
ssh-keyscan {{inventory_hostname}} >> ~/.ssh/know_hosts
sshpass -p '123456' ssh-copy-id root@{{inventory_hostname}}
以下的四个模块不满足幂等性
以下命令具备幂等性:
---
- name: modules use
hosts: new
gather_facts: false
tasks:
- name: use shell module
shell: cp /tmp/my.cnf /etc/my.cnf
args:
creates: /etc/my.cnf
- name: exec perl scripts
script: /opt/script.pl
args:
executable: perl
---
- name: play1
hosts: zabbix
gather_facts: false
tasks:
- name: task 1
debug:
msg: "{{ inventory_hostname }} is executing task"
delegate_to: localhost
特点:
[new]
192.168.56.11 ansible_hostname="centos7-node1"
192.168.56.12 ansible_hostname="centos7-node2"
[new:vars]
ansible_password="yeecallk8s"
分发认证配置
---
- name: "configure ssh connection"
hosts: new
gather_facts: false
tasks:
- authorized_key:
key: "{{lookup('file','~/.ssh/id_rsa.pub')}}"
state: present
user: root
外部数据读取的方式:
---
- name: "fileglob and file task"
hosts: new
gather_facts: false
tasks:
- name: task1
debug:
msg: "filenames: {{ lookup('fileglob','/etc/*.conf')}}"
- name: task2
debug:
msg: "filecontents: {{ lookup('file','/etc/hosts')}}
---
- name: "fileglob and files query"
hosts: new
gather_facts: false
tasks:
- name: "fileglob"
debug:
msg: "fileglob {{lookup('fileglob','/etc/*.conf')}}"
- name: "fileglob wantlist"
debug:
msg: "fileglob wantlist {{lookup('fileglob','/etc/*.conf',wantlist=True)}}"
- name: "query"
debug:
msg: "query {{q('fileglob','/etc/*.conf')}}"
使用的是hostname模块,会直接修改/etc/hostname 配置文件
---
- name: set hostname
hosts: new
gather_facts: false
vars:
hostnames:
- host: 192.168.56.13
name: centos7-node3
- host: 192.168.56.14
name: centos7-node4
tasks:
- name: set hostname
hostname:
name: "{{ item.name }}"
when: item.host == inventory_hostname
loop: "{{ hostnames }}"
vars变量设置注意:
---
- name: vars task1
hosts: new
gather_facts: false
vars:
- var1: "value1"
tasks:
- name: access value1
debug:
msg: "var1 in task1 {{var1}}"
- name: vars task2
hosts: new
gather_facts: false
tasks:
- name: can not access vars from task1
debug:
msg: var1
- name: set and access var2 in this task
debug:
msg: var2
vars:
var2: "value2"
- name: cant access var2
debug:
msg: var2
when条件判断
---
- name: when judge
hosts: new
gather_facts: false
vars:
- myname: "alex"
tasks:
- name: task skip
debug:
msg: "my name is {{myname}}"
when: myname == "hello" #这个判断条件是false的
- name: task will execute
debug:
msg: "my name is {{myname}}"
when: myname == "alex"
loop循环: 解决重复问题
---
- name: make dirs for localhost
hosts: localhost
gather_facts: false
tasks:
- name: create test1
file:
path: /tmp/test1
state: directory
- name: create test2
file:
path: /tmp/test2
state: directory
---
- name: mkdir loop
hosts: localhost
gather_facts: false
tasks:
- name: create test1,2 directory
file:
path: "{{item}}"
state: directory
loop:
- /tmp/test01
- /tmp/test02
互相添加指定hosts组的host之间的hosts解析
---
- name: add hosts DNS
hosts: new
gather_facts: false
tasks:
- name: add DNS
lineinfile:
path: /etc/hosts
line: "{{item}} {{hostvars[item].ansible_hostname}}"
when: item != inventory_hostname
loop: "{{ play_hosts }}"
# 创建测试文件a.txt
paragraph 1
first line in paragraph 1
second line in paragraph 1
paragraph 2
first line in paragraph 2
second line in paragraph 2
## lineinfile追加实例
---
- name: add line to a.txt
hosts: localhost
gather_facts: false
tasks:
- lineinfile:
path: "a.txt"
line: "append new line"
state: absent # 删除上面的line定义的行(append new line)
### 插入操作,定义在摸个行前或者行后新增(insertbefore,insertafter)
---
- name: lininfile demo for before and after insert
hosts: localhost
gather_facts: false
tasks:
- name: line infile
lineinfile:
path: "a.txt"
line: "LINE1"
insertbefore: '^para.* 2'
firstmatch: yes
lineinfile:
path: "a.txt"
line: "LINE2"
insertafter: '^para.* 2'
firstmatch: yes
- name: add DNS
lineinfile:
path: /etc/hosts
line: "{{item}} {{hostvars[item].ansible_hostname}}"
when: item != inventory_hostname
loop: "{{ play_hosts }}"
更换yum源,安装软件
---
- name: "init yum"
hosts: new
gather_facts: false
tasks:
- name: "backup old yum_repo"
shell:
cmd: "mkdir bak; mv *.repo bak"
chdir: /etc/yum.repos.d
creates: /etc/yum.repos.d/bak
- name: "add new os repo and release repo"
yum_repository:
name: "{{item.name}}"
description: "{{item.name}} repo"
baseurl: "{{item.baseurl}}"
file: "{{item.name}}"
enabled: 1
gpgcheck: 0
reposdir: /etc/yum.repos.d
loop:
- name: os
baseurl: "https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/os/$basearch"
- name: epel
baseurl: "https://mirrors.tuna.tsinghua.edu.cn/epel/$releasever/$basearch"
- name: install pkgs
yum:
name: vim,net-tools,git-core,lrzsz,wget,curl,sysstat,iotop,gcc,gcc-c++,cmake,pcre,pcre-devel,zlib,zlib-devel,openssl,openssl-devel,vim,wget,telnet,setuptool,lrzsz,dos2unix,
net-tools,bind-utils,tree,screen,iftop,ntpdate,tree,lsof,iftop,iotop,sysstat,procps
state: present
使用ntpdate 同步时间
---
- name: sync time
hosts: new
gather_facts: false
tasks:
- name: install and sync time
block:
- name: install ntpdate
yum:
name: ntpdate
state: present
- name: ntpupdate to sync time
shell: |
ntpdate ntp1.aliyun.com
hwclock -w
命令行关闭和修改配置文件两种手段
---
---
- name: disable selinux
hosts: new
gather_facts: false
tasks:
- block:
- name: disable selinux by command
shell: setenforce 0
- name: disable selinux by config
lineinfile:
path: /etc/selinux/config
line: "SELINUX=disabled"
regexp: '^SELINUX='
ignore_errors: true
---
- name: set firewalld
hosts: new
gather_facts: false
tasks:
- name: set iptables rule
shell: |
iptables-save > /tmp/iptables.bak$(date +"%F-%T")
iptables -X
iptables -F
iptables -Z
systemctl disable firewalld
systemctl stop firewalld
---
- name: "set sshd service"
hosts: new
gather_facts: false
tasks:
- name: backup old sshd config
shell: |
/usr/bin/cp -f {{path}} {{path}}.bak
vars:
- path: /etc/ssh/sshd_config
- name: disable root login
lineinfile:
path: "/etc/ssh/sshd_config"
line: "PermitRootLogin no"
regexpr: '^PermitRootLogin'
notify: "restart sshd"
- name: disable passwd auth
lineinfile:
path: "/etc/ssh/sshd_config"
line: "PasswordAuthentication no"
regexp: '^PasswordAuthentication yes'
notify: "restart sshd"
handlers:
- name: "restart sshd"
service:
name: sshd
state: restarted
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。