Google Drive
Gist
Clipboard
yaml設定檔進行
使用者透過在 control node 上面的 ansible 元件,下達指令來操作自動化管理指令。這個 control node 主要透過 ssh 協定, 直接連線到要被管理的系統上 (host) 進行操作任務。 host 只要能夠讓 control node 透過 ssh 連線進去即可, 其他不需要安裝
包括了主機清單、命令列控制,執行指令(就是模組)以及第三方廠商或原廠或自己開發的外掛。
別人寫好的playbook,放在網路/雲端或hub上讓大家可以下載使用
playbook 就是類似 shell script, 將一堆任務寫在一起,丟給 ansible 直接執行即可。因此,上面談到的模組運作,也是寫入到這裡來
使用者透過自己撰寫/修改下程的playbook,引用ansible提供的模組/外掛功能,撰寫好需要的步驟,同時將需要管理的主機名稱寫入到清單列表中, 接下來,就將playbook丟進 ansible去主機上執行
yaml檔案
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python3 get-pip.py --user
python3 -m pip install --user ansible
sudo使用者sudo使用者,要確定ssh過去的使用者有系統管理權限sudo visudo,改成下面樣子存檔%sudo ALL=(ALL:ALL) NOPASSWD:ALL
server1 ansible_host=10.0.2.4 ansible_user=ansible ansible_port=22 ansible_ssh_private_key_file=~/.ssh/ansible
server2 ansible_host=10.0.2.4 ansible_user=ansible ansible_port=22 ansible_ssh_private_key_file=~/.ssh/ansible
[webservers]
server1
ansible@must:~$ ansible -i inventory server1 -m command -a "ping google.com -c 5"
server1 | CHANGED | rc=0 >>
PING google.com (142.251.43.14) 56(84) bytes of data.
64 bytes from tsa03s08-in-f14.1e100.net (142.251.43.14): icmp_seq=1 ttl=56 time=2.63 ms
64 bytes from tsa03s08-in-f14.1e100.net (142.251.43.14): icmp_seq=2 ttl=56 time=2.71 ms
64 bytes from tsa03s08-in-f14.1e100.net (142.251.43.14): icmp_seq=3 ttl=56 time=3.15 ms
64 bytes from tsa03s08-in-f14.1e100.net (142.251.43.14): icmp_seq=4 ttl=56 time=2.72 ms
64 bytes from tsa03s08-in-f14.1e100.net (142.251.43.14): icmp_seq=5 ttl=56 time=3.14 ms
--- google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4038ms
rtt min/avg/max/mdev = 2.631/2.869/3.148/0.226 ms
ansible@must:~$
apt update,則使用ansible.builtin.apt及其參數
ansible@must:~$ ansible -i inventory server1 -m ansible.builtin.apt -a 'update_cache=true'
server1 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"msg": "Failed to lock apt for exclusive operation: Failed to lock directory /var/lib/apt/lists/: E:Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)"
}
ansible@must:~$
sudo方式執行--becomesudo apt update,如下:
ansible@must:~$ ansible -i inventory server1 -m ansible.builtin.apt -a 'update_cache=true' --become
server1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"cache_update_time": 1670836316,
"cache_updated": true,
"changed": true
}
ansible@must:~$ ansible -i inventory server1 -m ansible.builtin.apt -a 'update_cache=true upgrade=full' --become
server1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"msg": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nCalculating upgrade...\nThe following packages were automatically installed and are no longer required:\n libflashrom1 libftdi1-2\nUse 'sudo apt autoremove' to remove them.\n0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.\n",
"stderr": "",
"stderr_lines": [],
"stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nCalculating upgrade...\nThe following packages were automatically installed and are no longer required:\n libflashrom1 libftdi1-2\nUse 'sudo apt autoremove' to remove them.\n0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.\n",
"stdout_lines": [
"Reading package lists...",
"Building dependency tree...",
"Reading state information...",
"Calculating upgrade...",
"The following packages were automatically installed and are no longer required:",
" libflashrom1 libftdi1-2",
"Use 'sudo apt autoremove' to remove them.",
"0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded."
]
}
ansible -i inventory server1 -m copy -a 'src=~/inventory dest=/home/ansible/abc'
ansible沒有針對某些小功能開發模組。或進行的動作,不需要動到ansible的設定,如只想要知道測試指令有沒有成功,不需要自己開發模組,直接使用 command 這個模組即可。
ansible@must:~$ ansible -i inventory server1 -m command -a 'ping google.com -c 5'
server1 | CHANGED | rc=0 >>
PING google.com (172.217.163.46) 56(84) bytes of data.
64 bytes from maa05s01-in-f14.1e100.net (172.217.163.46): icmp_seq=1 ttl=115 time=3.05 ms
64 bytes from maa05s01-in-f14.1e100.net (172.217.163.46): icmp_seq=2 ttl=115 time=3.68 ms
64 bytes from maa05s01-in-f14.1e100.net (172.217.163.46): icmp_seq=3 ttl=115 time=3.63 ms
64 bytes from maa05s01-in-f14.1e100.net (172.217.163.46): icmp_seq=4 ttl=115 time=3.09 ms
64 bytes from tsa01s13-in-f14.1e100.net (172.217.163.46): icmp_seq=5 ttl=115 time=2.73 ms
--- google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4043ms
rtt min/avg/max/mdev = 2.729/3.236/3.684/0.365 ms
ansible@must:~$ ansible -i inventory server1 -m command -a 'ip ad'
server1 | CHANGED | rc=0 >>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:a1:ab:51 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.4/24 metric 100 brd 10.0.2.255 scope global dynamic enp0s3
valid_lft 339sec preferred_lft 339sec
inet6 fe80::a00:27ff:fea1:ab51/64 scope link
valid_lft forever preferred_lft forever
ansible@must:~$ ansible -i inventory server1 -m shell -a 'id ansible; cat /etc/hosts'
server1 | CHANGED | rc=0 >>
uid=1000(ansible) gid=1000(ansible) groups=1000(ansible),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd)
127.0.0.1 localhost
127.0.1.1 server
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
Subscribe