script模块⽤于在远程机器上执⾏本地脚本。
[root@m0 ~]# vim test000.sh #!/bin/bash mkdir /tmp/three touch /tmp/three/test echo 'i am echo,at mttt' > /tmp/three/test echo 'well done' [root@m0 ~]# source test000.sh well done [root@m0 ~]# ansible group02 -m script -a './test000.sh' # 验证 [root@s0 ~]# ls /tmp/ 111 three a.txt xxx a.txt.4331.2024-08-16@17:23:26~ xxx2 systemd-private-18e460b4dc5b47458e28ad6b292e1a98-chronyd.service-ZPvmft
[root@m0 ~]# ansible group02 -m file -a 'path=/static state=directory' [root@m0 ~]# ansible group02 -m file -a 'path=/static/test state=touch' [root@m0 ~]# ansible group02 -m command -a 'yum -y install nfs-utils' [root@s0 ~]# rpm -qa | grep nfs libnfsidmap-0.25-19.el7.x86_64 nfs-utils-1.3.0-0.68.el7.2.x86_64 [root@m0 ~]# ansible group02 -m yum -a 'name=rpcbind state=latest' [root@s0 ~]# rpm -qa | grep rpcbind rpcbind-0.2.0-49.el7.x86_64 [root@m0 ~]# vim /etc/exports /static *(ro,rsync) [root@m0 ~]# ansible group02 -m copy -a 'src=/etc/exports dest=/etc/exports' [root@m0 ~]# ansible group02 -m service -a 'name=rpcbind state=started enabled=yes' [root@m0 ~]# ansible group02 -m service -a 'name=nfs state=started enabled=yes' [root@m0 ~]# yum -y install nfs-utils [root@m0 ~]# mkdir /nfs [root@m0 ~]# mount -t nfs 192.168.2.112:/static /nfs/ [root@m0 ~]# mount -t nfs 192.168.2.111:/static /nfs/ [root@m0 ~]# mount -t nfs 192.168.2.110:/static /nfs/ mount.nfs: Operation not permitted [root@m0 ~]# df -h 文件系统 容量 已用 可用 已用% 挂载点 /dev/mapper/centos-root 17G 4.3G 13G 26% / devtmpfs 476M 0 476M 0% /dev tmpfs 488M 0 488M 0% /dev/shm tmpfs 488M 7.7M 480M 2% /run tmpfs 488M 0 488M 0% /sys/fs/cgroup /dev/sr0 8.8G 8.8G 0 100% /mnt /dev/sda1 1014M 130M 885M 13% /boot tmpfs 98M 0 98M 0% /run/user/0 192.168.2.110:/static 17G 2.1G 15G 13% /nfs 192.168.2.112:/static 17G 2.1G 15G 13% /nfs 192.168.2.111:/static 17G 2.1G 15G 13% /nfs [root@s0 ~]# ls /static/ test [root@s1 ~]# ls /static/ test [root@s2 ~]# ls /static/ test
playbook剧本是保存在控制机的yml文件
hosts: ⽤于指定要执⾏任务的主机,其可以是⼀个或多个由冒号分隔主机组。
remote_user: ⽤于指定远程主机上的执⾏任务的⽤户 。
- hosts: group1 remote_user: root
tasks: 任务列表, 按顺序执⾏任务.
如果⼀个host执⾏task失败, 整个tasks都会回滚, 修正playbook中的错误, 然后重新执⾏即可
tasks: - name: ensure apache is at the latest version yum: name=httpd,httpd-devel state=latest - name: write the apache config file copy: src=/etc/httpd/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf
handlers: 类似task,但需要使⽤notify通知调⽤。
不管有多少个通知者进⾏了notify,等到play中的所有task执⾏完 成之后,handlers也只会被执⾏⼀次。
handlers最佳的应⽤场景是⽤来重启服务,或者触发系统重启操作,除此以外很少⽤到了。
notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted
[root@m0 ~]# vim test001.yml --- - hosts: group02 remote_user: root tasks: - name: 安装vsftpd yum: name=vsftpd state=latest [root@m0 ~]# ansible-playbook ./test001.yml PLAY [group02] ********************************************************************* TASK [Gathering Facts] ************************************************************* ok: [192.168.2.111] ok: [192.168.2.110] ok: [other] TASK [安装vsftpd] ******************************************************************** ok: [other] ok: [192.168.2.111] ok: [192.168.2.110] PLAY RECAP ************************************************************************* 192.168.2.110 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.2.111 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 other : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@m0 ~]# vim test001.yml --- - hosts: group02 remote_user: root tasks: - name: 卸载vsftpd yum: name=vsftpd state=absent - name: 安装vsftpd yum: name=vsftpd state=latest - name: 启动服务 service: name=vsftpd state=started enabled=yes [root@m0 ~]# ansible-playbook ./test001.yml PLAY [group02] ********************************************************************* TASK [Gathering Facts] ************************************************************* ok: [192.168.2.111] ok: [other] ok: [192.168.2.110] TASK [卸载vsftpd] ******************************************************************** changed: [other] changed: [192.168.2.111] changed: [192.168.2.110] TASK [安装vsftpd] ******************************************************************** changed: [other] changed: [192.168.2.111] changed: [192.168.2.110] TASK [启动服务] ************************************************************************ changed: [192.168.2.111] changed: [192.168.2.110] changed: [other] PLAY RECAP ************************************************************************* 192.168.2.110 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.2.111 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 other : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
修改配置文件后,要重新启动服务
# 可以访问到数据 [root@m0 ~]# lftp 192.168.2.110 lftp 192.168.2.110:~> ls drwxr-xr-x 2 0 0 6 Jun 09 2021 pub lftp 192.168.2.110:/> exit [root@m0 ~]# lftp 192.168.2.111 lftp 192.168.2.111:~> ls drwxr-xr-x 2 0 0 6 Jun 09 2021 pub lftp 192.168.2.111:/> exit # 修改配置文件,不允许匿名用户登录 [root@m0 ~]# vim test001.yml --- - hosts: group02 remote_user: root tasks: - name: 卸载vsftpd yum: name=vsftpd state=absent - name: 安装vsftpd yum: name=vsftpd state=latest - name: 启动服务 service: name=vsftpd state=started enabled=yes - name: 修改配置文件 command: sed -i '/^anonymous_enable=YES/s/YES/NO/g' /etc/vsftpd/vsftpd.conf notify: - abcdefg handlers: - name: abcdefg service: name=vsftpd state=restarted [root@m0 ~]# ansible-playbook ./test001.yml PLAY [group02] ********************************************************************* TASK [Gathering Facts] ************************************************************* ok: [other] ok: [192.168.2.110] ok: [192.168.2.111] TASK [卸载vsftpd] ******************************************************************** changed: [192.168.2.111] changed: [other] changed: [192.168.2.110] TASK [安装vsftpd] ******************************************************************** changed: [192.168.2.111] changed: [other] changed: [192.168.2.110] TASK [启动服务] ************************************************************************ changed: [other] changed: [192.168.2.111] changed: [192.168.2.110] TASK [修改配置文件] ********************************************************************** [WARNING]: Consider using the replace, lineinfile or template module rather than running 'sed'. If you need to use command because replace, lineinfile or template is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. changed: [192.168.2.111] changed: [192.168.2.110] changed: [other] RUNNING HANDLER [abcdefg] ********************************************************** changed: [192.168.2.111] changed: [192.168.2.110] changed: [other] PLAY RECAP ************************************************************************* 192.168.2.110 : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.2.111 : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 other : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 # 访问不到数据了 [root@m0 ~]# vim test001.yml [root@m0 ~]# lftp 192.168.2.111 lftp 192.168.2.111:~> ls
--- - hosts: 组名/别名/ip/域名 remote_user: root tasks: - name: 任务说明 模块: key0=value0 service: name=vfstpd state=started enabled=yes - name: 修改配置文件 command: sed .... notify: - abcdefg handler: - name: abcdefg service: name=vfstpd state=restarted
[root@m0 ~]# vim test002.yml --- - hosts: group01 remote_user: root tasks: - name: 将控制主机的repo文件复制到被控制主机 copy: src=/etc/yum.repos.d dest=/etc/ - name: 安装httpd yum: name=httpd state=present - name: 修改配置文件 command: sed -i '/^Listen/s/80/8080/g' /etc/httpd/conf/httpd.conf - name: 修改默认的资源文件 command: echo 'xxxxxxx' > /var/www/html/index.html - name: 启动httpd服务 service: name=httpd state=started [root@m0 ~]# ansible-playbook ./test002.yml PLAY [group01] ********************************************************************* TASK [Gathering Facts] ************************************************************* ok: [192.168.2.111] ok: [192.168.2.110] TASK [将控制主机的repo文件复制到被控制主机] ******************************************************** ok: [192.168.2.110] ok: [192.168.2.111] TASK [安装httpd] ********************************************************************* changed: [192.168.2.111] changed: [192.168.2.110] TASK [修改配置文件] ********************************************************************** [WARNING]: Consider using the replace, lineinfile or template module rather than running 'sed'. If you need to use command because replace, lineinfile or template is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. changed: [192.168.2.111] changed: [192.168.2.110] TASK [修改默认的资源文件] ******************************************************************* changed: [192.168.2.110] changed: [192.168.2.111] TASK [启动httpd服务] ******************************************************************* changed: [192.168.2.110] changed: [192.168.2.111] PLAY RECAP ************************************************************************* 192.168.2.110 : ok=6 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.2.111 : ok=6 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@m0 ~]# vim /etc/ansible/hosts s0 ansible_ssh_host=192.168.2.110 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=1 s1 ansible_ssh_host=192.168.2.111 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=1 s2 ansible_ssh_host=192.168.2.112 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=1 [s] s0 s1 s2 --- - hosts: s1 remote_user: root tasks: - name: 创建一个文件 file: path=/tmp/xxxxxx.txt state=touch - hosts: s2 remote_user: root tasks: - name: 也创建一个文件 file: path=/tmp/yyyyy.txt state=touch ... [root@m0 ~]# ansible-playbook ./test003.yml PLAY [s1] ************************************************************************** TASK [Gathering Facts] ************************************************************* ok: [s1] TASK [创建一个文件] ********************************************************************** changed: [s1] PLAY [s2] ************************************************************************** TASK [Gathering Facts] ************************************************************* ok: [s2] TASK [也创建一个文件] ********************************************************************* changed: [s2] PLAY RECAP ************************************************************************* s1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 s2 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
s1为nfs的服务器
s2为nfs的客户端
[root@m0 ~]# vim test004.yml --- - hosts: s1 remote_user: root tasks: - name: 按装nfs-utils yum: name=nfs-utils state=present - name: 安装rpcbind yum: name=rpcbind state=present - name: 创建共享目录 file: path=/static state=directory - name: 配置文件 shell: echo '/static *(ro,sync)' > /etc/exports - name: 启动服务nfs service: name=nfs state=started enabled=yes - name: 启动服务rpcbind service: name=rpcbind state=started enabled=yes - hosts: s2 remote_user: root tasks: - name: 安装nfs-utils yum: name=nfs-utils state=latest - name: 创建挂载目录 file: path=/nfs state=directory - name: 挂载nfs文件 command: mount -t nfs 192.168.2.111:/static /nfs ... # 验证 [root@s2 ~]# df -h 文件系统 容量 已用 可用 已用% 挂载点 /dev/mapper/centos-root 17G 2.1G 15G 13% / devtmpfs 476M 0 476M 0% /dev tmpfs 488M 0 488M 0% /dev/shm tmpfs 488M 7.7M 480M 2% /run tmpfs 488M 0 488M 0% /sys/fs/cgroup /dev/sda1 1014M 130M 885M 13% /boot /dev/sr0 8.8G 8.8G 0 100% /mnt tmpfs 98M 0 98M 0% /run/user/0 192.168.2.111:/static 17G 2.1G 15G 13% /nfs [root@s1 ~]# touch /static/haha [root@s2 ~]# ls /nfs haha test