-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathansible.sh
168 lines (134 loc) · 6.02 KB
/
ansible.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
#!/bin/bash
## 2016-06-06
## http://www.aqzt.com
##email: [email protected]
##robert yu
##centos 6
#安装Ansible,安装EPEL第三方yum源
rpm -Uvh epel-release-6-8.noarch.rpm
yum install -y gcc python-devel python-pip libffi-devel libxml2 openssl openssl-devel python-requests python-setuptools python-tornado python-simplejson PyYAML libyaml python-babel python-crypto python-crypto2.6 python-httplib2 python-jinja2-26 libselinux-python python-keyczar python-markupsafe python-paramiko python-pyasn1 python-jinja2 sshpass ansible
##安装ansible另一方法
##wget https://pypi.python.org/packages/source/a/ansible/ansible-2.1.0.0.tar.gz
##wget https://pypi.python.org/packages/source/s/setuptools/setuptools-19.6.2.tar.gz
##tar zxvf setuptools-19.6.2.tar.gz
##cd setuptools-19.6.2
##python setup.py install
##cd ..
##tar zxvf ansible-2.1.0.0.tar.gz
##cd ansible-2.1.0.0
##python setup.py build
##python setup.py install
##ansible --version
##添加环境变量以便vi能正常显示中文注释.
vi /etc/profile
##添加:
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
export LANGUAGE=en_US.UTF-8
source /etc/profile
##修改主机及组配置
cd /etc/ansible
cp hosts hosts.bak
cat /dev/null > hosts
vi /etc/ansible/hosts
##添加:
[webservers]
192.168.142.136
192.168.142.139
[nginx]
192.168.142.137
192.168.142.138
#ssh无密码认证 DSA
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
##yum -y install openssh-clients
ssh-copy-id -i /root/.ssh/id_dsa.pub [email protected]
ssh-copy-id -i /root/.ssh/id_dsa.pub [email protected]
#ssh无密码认证 RSA
ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
#注意文件是id_dsa.pub还是id_rsa.pub,否则会出现ssh-copy-id: ERROR: No identities found
ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
##ansible使用ping模块
ansible all -m ping
ansible webservers -m ping
##command: 执行远程主机SHELL命令:
ansible webservers -m command -a "free -m"
ansible webservers -m command -a "df -h"
##command模块 [执行远程命令]
ansible testservers -m command -a 'uname -n'
#检查Ansible节点的运行时间(uptime)
ansible -m command -a "uptime" 'webservers'
#检查节点的内核版本
ansible -m command -a "uname -r" 'webservers'
#重定向输出到文件中
ansible -m command -a "df -Th" 'webservers' > /tmp/command-output.txt
ansible -m command -a "cat /tmp/command-output.txt" 'webservers'
##远程执行MASTER本地SHELL脚本.(类似scp+shell)
echo "df -h" > ~/test.sh
ansible webservers -m script -a "~/test.sh"
##script模块 [在远程主机执行主控端的shell/python脚本 ]
ansible testservers -m script -a '/etc/ansible/test.sh'
##shell模块 [执行远程主机的shell/python脚本]
ansible testservers -m shell -a 'bash /root/test.sh'
##raw模块 [类似于command模块、支持管道传递]
ansible testservers -m raw -a "ifconfig eth0 |sed -n 2p |awk '{print \$2}' |awk -F: '{print \$2}'"
##copy模块
##实现主控端向目标主机拷贝文件, 类似scp功能.
##该实例实现~/test.sh文件至webservers组目标主机/tmp下, 并更新文件owner和group
ansible webservers -m copy -a "src=~/test.sh dest=/tmp/ owner=root group=root mode=0755"
ansible all -m copy -a "src=/root/cacti.sql dest=/opt/"
##stat模块
##获取远程文件状态信息, 包括atime, ctime, mtime, md5, uid, gid等信息.
ansible webservers -m stat -a "path=/etc/sysctl.conf"
ansible webservers -m stat -a "path=/etc/resolv.conf"
##get_url模块
##实现在远程主机下载指定URL到本地.
ansible webservers -m get_url -a "url=http://www.baidu.com dest=/tmp/index.html mode=0400 force=yes"
##yum模块
##Linux包管理平台操作, 常见都会有yum和apt, 此处会调用yum管理模式
ansible webservers -m yum -a "name=curl state=latest"
ansible webservers -m yum -a "name=nmap state=latest"
ansible all -m yum -a "state=present name=httpd"
##cron模块
##远程主机crontab配置
ansible webservers -m cron -a "name='check dir' hour='5,2' job='ls -alh > /dev/null'"
ansible all -m cron -a 'name="custom job" minute=*/3 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate time.windows.com"'
##service模块
##远程主机系统服务管理
ansible webservers -m service -a "name=crond state=stopped"
ansible webservers -m service -a "name=crond state=restarted"
ansible webservers -m service -a "name=crond state=reloaded"
##重启webservers组所有SSH服务.
ansible webservers -m service -a "name=sshd state=restarted"
##user服务模块
##远程主机系统用户管理
##添加用户:
ansible webservers -m user -a "name=johnd comment='John Doe'"
ansible webservers -m user -a "name=test comment='test'"
##yum install python-pip
##pip install passlib
##python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())"
##添加一有密码的用户,用户test1密码123123
ansible webservers -m user -a 'name=test1 password="$6$rounds=656000$sn1Fn.0CnGR1zfka$UNmvy4M6k83/pdro07EjUdtTiuwDzj5lF0v3lPUmsPNXzGBOupf7JWXno/GkHRVkripaxrhWGovqxb6nBf8480"'
#检查是否添加正常
ansible -m command -a "grep johnd /etc/passwd" 'webservers'
##删除用户:
ansible webservers -m user -a "name=johnd state=absent remove=yes"
##模块file,可以修改用户与权限
ansible webservers -m file -a "dest=/tmp/test.sh mode=755 owner=test group=test"
##synchronize模块:
##delete=yes 使两边的内容一样(即以推送方为主)
##compress=yes 开启压缩,默认为开启
##--exclude=.git 忽略同步.git结尾的文件
##将主控方/root/a目录推送到指定节点的/tmp目录下
ansible 10.1.1.113 -m synchronize -a 'src=/root/a dest=/tmp/ compress=yes'
##将10.1.1.113节点的/tmp/a目录拉取到主控节点的/root目录下
ansible 10.1.1.113 -m synchronize -a 'mode=pull src=/tmp/a dest=/root/'
##facts侦测模块
ansible webservers -m setup -a "filter=ansible_eth[0-2]"
##Git模块
ansible webservers -m git -a "repo=https://xxx.com/tomcat.git dest=/data"