文章目录
0. 老男孩思想-男女性需求差异
女生对待性的方面往往不如男生强烈,特别是28岁以上的女生;只有满足女生其他生理和心理需求,对方才会把性交给你保管,所以说性是她喜欢你之后附属给你的东西。而男生恰恰相反,常常就是想到性然后就有了性的冲动,进而喜欢上一个女生。 —老男孩
1. 手动指定客户机密码
- 当服务机密码认证失败后,可以手动指定客户机的用户名和密码
[root@m02 /server/ans/playbooks]# cat hosts
……
[bak]
172.16.1.41 ansible_user=root ansible_port=22 ansible_password=SKX2554.
……
- 测试
[root@m02 /server/ans/playbooks]# ansible -i hosts bak -m ping
……
172.16.1.41 | SUCCESS => {
"changed": false,
"ping": "pong"
}
2. 批量更新主机名
2.1 hostname模块
hostname模块 用于管理目标主机的系统主机名(hostname)。它可以修改 临时主机名和 永久主机名。
- 模块参数:
- name:新主机名
- use:生效范围
- runtime:临时生效
- persistent:永久生效
2.2 添加主机清单变量
[root@m02 /server/ans/playbooks]# cat hosts
[lb]
172.16.1.5 hostname=lb01.oldboy.cn
172.16.1.6 hostname=lb02.oldboy.cn
[web]
172.16.1.7 hostname=web01.oldboy.cn
172.16.1.8 hostname=web02.oldboy.cn
172.16.1.9 hostname=web03.oldboy.cn
[db]
172.16.1.51 hostname=db01.oldboy.cn
172.16.1.52 hostname=db02.oldboy.cn
[nfs]
172.16.1.31 hostname=nfs01.oldboy.cn
[bak]
172.16.1.41 ansible_user=root ansible_port=22 ansible_password=SKX2554. hostname=backup.oldboy.cn
[data:children]
db
nfs
bak
2.3 编写批量修改主机名剧本
[root@m02 /server/ans/playbooks]# cat 07.hostname.yaml
- hosts: all
gather_facts: false
tasks:
- name: 1.修改主机名
hostname:
name: "{{ hostname }}"
- name: 2.检查主机名
shell: "hostname"
register: host #注册变量,记录执行命令的结果
- name: 3.输出主机名
debug:
msg: "{{ host.stdout }}"
- 测试:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 07.hostname.yaml
……
TASK [1.修改主机名] *********************************************************************************************
ok: [172.16.1.9]
ok: [172.16.1.6]
fatal: [172.16.1.52]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: connect to host 172.16.1.52 port 22: No route to host", "unreachable": true}
ok: [172.16.1.7]
ok: [172.16.1.8]
ok: [172.16.1.31]
ok: [172.16.1.5]
ok: [172.16.1.51]
ok: [172.16.1.41]
TASK [2.检查主机名] *****************************************************************************************
changed: [172.16.1.9]
changed: [172.16.1.8]
changed: [172.16.1.7]
changed: [172.16.1.6]
changed: [172.16.1.5]
changed: [172.16.1.51]
changed: [172.16.1.31]
changed: [172.16.1.41]
TASK [3.输出主机名] *********************************************************************************************
ok: [172.16.1.5] => {
"msg": "lb01.oldboy.cn"
}
ok: [172.16.1.6] => {
"msg": "lb02.oldboy.cn"
}
ok: [172.16.1.7] => {
"msg": "web01.oldboy.cn"
}
ok: [172.16.1.8] => {
"msg": "web02.oldboy.cn"
}
ok: [172.16.1.9] => {
"msg": "web03.oldboy.cn"
}
ok: [172.16.1.51] => {
"msg": "db01.oldboy.cn"
}
……
2.4 修改hosts文件
[root@m02 /server/ans/playbooks]# sed -rn -i '/^172/s# (.*)# \1 \1.oldboy.cn#gp' /etc/hosts
[root@m02 /server/ans/playbooks]# cat /etc/hosts
172.16.1.5 lb01 lb01.oldboy.cn
172.16.1.6 lb02 lb02.oldboy.cn
172.16.1.7 web01 web01.oldboy.cn
172.16.1.8 web02 web02.oldboy.cn
172.16.1.9 web03 web03.oldboy.cn
172.16.1.31 nfs01 nfs01.oldboy.cn
172.16.1.41 backup backup.oldboy.cn
172.16.1.51 db01 db01.oldboy.cn
172.16.1.61 m01 m01.oldboy.cn
2.5 分发hosts文件剧本
[root@m02 /server/ans/playbooks]# cat 07.hosts.yaml
- hosts: all
gather_facts: false
tasks:
- name: 1.分发hosts文件
copy:
src: /etc/hosts
dest: /etc/hosts
- 测试:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 07.hosts.yaml
……
3. ansible的并行进程数
- ansible默认并发执行的主机数是5
- 选项:
- -f,表示ansible的并发进程数,默认是5
4. 分组设置主机密码-主机清单分组变量
- 编辑主机清单,添加分组变量
[root@m02 /server/ans/playbooks]# cat hosts
[lb]
172.16.1.5 hostname=lb01.oldboy.cn
172.16.1.6 hostname=lb02.oldboy.cn
[web]
172.16.1.7 hostname=web01.oldboy.cn
172.16.1.8 hostname=web02.oldboy.cn
172.16.1.9 hostname=web03.oldboy.cn
[db]
172.16.1.51 hostname=db01.oldboy.cn
172.16.1.52 hostname=db02.oldboy.cn
[nfs]
172.16.1.31 hostname=nfs01.oldboy.cn
[bak]
172.16.1.41 ansible_user=root ansible_port=22 ansible_password=SKX2554. hostname=backup.oldboy.cn
[data:children]
db
nfs
bak
[web:vars]
password=SKX2554.
[db:vars]
password=SKX2555.
- 编写批量更新主机密码剧本:
[root@m02 /server/ans/playbooks]# cat 08.passwd.yaml
- hosts: web,db
become: yes ## 需要 root 权限
tasks:
- name: 1.更新主机密码
user:
name: root
password: "{{ password | password_hash('sha512') }}"
5. 案例:ansible批量管理案例400台机器
- 这些机器密码不相同
[ansible批量管理案例400台机器项目](https://www.yuque.com/lidao996/sre/kva28zochq01n7l6)
6. ansible循环
6.1 标准循环 (with_items)
- 剧本选项:
- with_items
- loop
- 两个选项用法相同
6.1.1 添加多个用户
- 剧本:
[root@m02 /server/ans/playbooks]# cat 09.add_users.yaml
- hosts: all
tasks:
- name: 1.添加多个用户
user:
name: "{{ item }}" # 该变量名不能改变
state: present
with_items: #循环的变量值
- oldboy01
- oldboy02
- oldboy03
- 测试并检查:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 09.add_users.yaml
……
[root@m02 /server/ans/playbooks]# ansible -i hosts all -m shell -a "tail -n 3 /etc/passwd"
……
172.16.1.7 | CHANGED | rc=0 >>
oldboy01:x:3001:3001::/home/oldboy01:/bin/bash
oldboy02:x:3002:3002::/home/oldboy02:/bin/bash
oldboy03:x:3003:3003::/home/oldboy03:/bin/bash
172.16.1.8 | CHANGED | rc=0 >>
oldboy01:x:3002:3002::/home/oldboy01:/bin/bash
oldboy02:x:3003:3003::/home/oldboy02:/bin/bash
oldboy03:x:3004:3004::/home/oldboy03:/bin/bash
……
6.2 字典列表循环
- 循环列表是字典结构
- 参数值是item的子标签
6.2.1 添加多个用户,并添加uid、group
- 剧本:
[root@m02 /server/ans/playbooks]# cat 10.add_users.yaml
- hosts: all
tasks:
- name: 1.添加用户组
group:
name: "{{ item.name }}"
gid: "{{ item.gid }}"
state: present
loop:
- { name: oldboy01, gid: 2010 }
- { name: oldboy02, gid: 2011 }
- { name: oldboy03, gid: 2012 }
- name: 2.添加多个用户,并指定uid,group
user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
group: "{{ item.name }}"
state: present
loop:
- { name: oldboy01, uid: 2010 }
- { name: oldboy02, uid: 2011 }
- { name: oldboy03, uid: 2012 }
- 执行并测试:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 10.add_users.yaml
……
[root@m02 /server/ans/playbooks]# ansible -i hosts all -m shell -a 'tail -n 4 /etc/passwd'
……
172.16.1.6 | CHANGED | rc=0 >>
skx:x:3001:3001::/home/skx:/sbin/nologin
oldboy01:x:2010:2010::/home/oldboy01:/bin/bash
oldboy02:x:2011:2011::/home/oldboy02:/bin/bash
oldboy03:x:2012:2012::/home/oldboy03:/bin/bash
172.16.1.8 | CHANGED | rc=0 >>
skx:x:3001:3001::/home/skx:/sbin/nologin
oldboy01:x:2010:2010::/home/oldboy01:/bin/bash
oldboy02:x:2011:2011::/home/oldboy02:/bin/bash
oldboy03:x:2012:2012::/home/oldboy03:/bin/bash
……
7. ansible判断
在 Ansible 中,判断(条件控制)主要通过
when语句实现,它允许你根据变量、事实(facts)或任务执行结果来决定是否执行某个任务或模块。
变量值 is match("pattern"):使用 正则表达式 匹配字符串
7.1 根据系统类型安装软件
- 系统类型可由facts变量获取
[root@m02 /server/ans/playbooks]# cat 11.install_soft.yaml
- hosts: all
gather_facts: true
tasks:
- name: 1.判断是否是红帽系统
yum:
name: cowsay,sl,nmap #可以安装多个软件
state: latest
when: ( ansible_distribution is match("Kylin|Rocky") )
- name: 2.判断是否是Ubuntu系统
apt:
name: cmatrix,nyancat
state: latest
update_cache: yes
when: ( ansible_distribution is match("Ubuntu|Debian") )
- 执行并测试:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 11.install_soft.yaml
……
TASK [1.判断是否是红帽系统] *************************************************************************************
changed: [172.16.1.6]
changed: [172.16.1.5]
changed: [172.16.1.7]
changed: [172.16.1.9]
changed: [172.16.1.8]
changed: [172.16.1.51]
changed: [172.16.1.41]
changed: [172.16.1.31]
changed: [172.16.1.52]
TASK [2.判断是否是Ubuntu系统] ***********************************************************************************
skipping: [172.16.1.5] # 根据when选项判断,不符合会直接跳过
skipping: [172.16.1.6]
skipping: [172.16.1.7]
skipping: [172.16.1.8]
skipping: [172.16.1.9]
skipping: [172.16.1.51]
skipping: [172.16.1.52]
skipping: [172.16.1.31]
skipping: [172.16.1.41]
……
[root@m02 /server/ans/playbooks]# ssh web01 animalsay 孙克旭很强
Authorized users only. All activities may be monitored and reported.
_______
< 孙克旭很强 >
-------
\ _
\ (_)
\ ^__^ / \
\ (oo)\_____/_\ \
(__)\ ) /
||----w ((
|| ||>>
7.2 根据register变量判断系统类型
[root@m02 /server/ans/playbooks]# cat 11.install_soft_register.yaml
- hosts: all
gather_facts: false
tasks:
- name: 1.获取主机版本
shell: "hostnamectl |grep 'Operating System' |awk -F ':' '{print $2}'|xargs"
register: os_name
- name: 2.输出变量信息
debug:
msg: "{{ os_name.stdout }}"
- name: 3.判断是否是红帽系统
yum:
name: cowsay,sl,nmap
state: latest
when: ( os_name.stdout is match ("Kylin|Rocky") )
- name: 4.判断是否是Ubuntu系统
apt:
name: cmatrix,nyancat
state: latest
when: ( os_name.stdout is match ("Ubuntu|Debian") )
8. jinja2模板
Jinja2 是 Ansible 使用的强大模板引擎,它允许你在配置文件中动态插入变量、使用控制结构和过滤器。
8.1 分发keepalived配置文件
8.1.1 编写keepalived配置文件j2模板
[root@m02 /server/ans/playbooks/files]# cat keepalived.conf.j2
global_defs {
router_id {{ansible_hostname}} # ansible变量
}
{% if ansible_hostname in ["lb01","lb01.oldboy.cn"] %} #j2的判断语句
vrrp_script check_lb.sh {
script /server/scripts/check_lb.sh
interval 2
weight 1
user root
}
{% endif %}
vrrp_instance lb_vip_3 {
{% if ansible_hostname in ["lb01","lb01.oldboy.cn"] %}
state MASTER
priority 100
#lidao master
{% elif ansible_hostname in ["lb02","lb02.oldboy.cn"] %}
state BACKUP
priority 50
#lidao backup
{% endif %}
interface ens33
virtual_router_id 51
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev ens33 label ens33:1
}
{% if ansible_hostname in ["lb01","lb01.oldboy.cn"] %}
track_script {
check_lb.sh
}
{% endif %}
}
8.1.2 编写分发文件剧本
- 使用template模板
[root@m02 /server/ans/playbooks]# cat 12.keepalived.yaml
- hosts: lb
gather_facts: true #j2模板需要facts变量
tasks:
- name: 1.install #下载keepalived
yum:
name: keepalived
state: present
- name: 2.conf #分发keepalived配置文件
template:
src: ./files/keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
backup: true
- name: 3.start #启动keepalived
systemd:
name: keepalived
enabled: true
state: restarted
8.2 分发NFS配置文件
8.2.1 为nfs主机组添加分组变量
# 注意路径
[root@m02 /server/ans/playbooks/group_vars]# cat nfs.yaml
# nfs共享目录
nfs_dirs:
- /nfsdata/
- /nfs/pics
- /nfs/blog
- /nfs/zrlog
8.2.2 编写nfs配置文件的j2模板
[root@m02 /server/ans/playbooks/files]# cat exports.j2
{% for dir in nfs_dirs %} #变量名是分组变量
#nfs服务端目录 {{ dir }}
{{dir}} 172.16.1.0/24(rw,all_squash)
{% endfor %}
8.2.3 编写分发配置文件剧本
[root@m02 /server/ans/playbooks]# cat 13.nfs_exports.yml
- hosts: nfs
tasks:
- name: template exports file #分发nfs配置文件
template:
src: ./files/exports.j2
dest: /etc/exports
backup: true
- 执行并检查:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 13.nfs_exports.yml
……
[root@m02 /server/ans/playbooks]# ssh nfs01 cat /etc/exports
Authorized users only. All activities may be monitored and reported.
#nfs服务端目录 /nfsdata/
/nfsdata/ 172.16.1.0/24(rw,all_squash)
#nfs服务端目录 /nfs/pics
/nfs/pics 172.16.1.0/24(rw,all_squash)
#nfs服务端目录 /nfs/blog
/nfs/blog 172.16.1.0/24(rw,all_squash)
#nfs服务端目录 /nfs/zrlog
/nfs/zrlog 172.16.1.0/24(rw,all_squash)
8.3 分发rsync服务的配置文件
8.3.1 编写rsync主机组分组变量
[root@m02 /server/ans/playbooks/group_vars]# cat bak.yaml
# rsync配置文件中的模块名称和路径
rsync_module:
- { name: "data", dir: "/data" }
- { name: "backup", dir: "/backup" }
- { name: "blog", dir: "/nfs/backup/blog" }
8.3.2 编写rsync服务配置文件的j2模板
[root@m02 /server/ans/playbooks/files]# cat rsyncd.conf.j2
fake super = yes
uid = rsync
gid = rsync
use chroot = no
max connections = 2000
timeout = 600
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
#hosts allow = 10.0.0.0/24
#hosts deny = 0.0.0.0/32
auth users = rsync_backup
secrets file = /etc/rsync.password
#####################################
{% for dir in rsync_module %}
[{{dir.name}}]
comment = by skx
path = {{ dir.dir }}
{% endfor %}
8.3.3 编写分发剧本
[root@m02 /server/ans/playbooks]# cat 14.rsync.yaml
- hosts: bak
gather_facts: false
tasks:
- name: 1.分发rsync配置文件
template:
src: ./files/rsyncd.conf.j2
dest: /etc/rsyncd.conf
backup: true
- 测试:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 14.rsync.yaml
……
[root@m02 /server/ans/playbooks]# ssh backup cat /etc/rsyncd.conf
Authorized users only. All activities may be monitored and reported.
fake super = yes
uid = rsync
gid = rsync
use chroot = no
max connections = 2000
timeout = 600
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
#hosts allow = 10.0.0.0/24
#hosts deny = 0.0.0.0/32
auth users = rsync_backup
secrets file = /etc/rsync.password
#####################################
[data]
comment = by skx
path = /data
[backup]
comment = by skx
path = /backup
[blog]
comment = by skx
path = /nfs/backup/blog
8.4 分发多个nginx域名配置文件
8.4.1 编写web主机组分组变量
[root@m02 /server/ans/playbooks/group_vars]# cat web.yaml
# nginx域名
domain:
- bird
- game
- blog
8.4.2 编写nginx域名配置文件的j2模板
[root@m02 /server/ans/playbooks/files]# cat oldboy.conf.j2
server {
listen 80;
server_name {{ item }}.oldboy.cn;
root /app/code/{{ item }};
# 设置错误日志
error_log /var/log/nginx/{{ item }}.oldboy.cn-error.log notice;
# 设置访问日志
access_log /var/log/nginx/{{ item }}.oldboy.cn-access.log main;
location / {
index index.html;
}
}
8.4.3 编写分发配置文件剧本
[root@m02 /server/ans/playbooks]# cat 15.nginx_conf.yaml
- hosts: web
gather_facts: false
tasks:
- name: 1.分发配置文件
template:
src: ./files/oldboy.cn.conf.j2
dest: /tmp/{{ item }}.oldboy.cn.conf
loop: "{{ domain }}"
- 执行:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 15.nginx_conf.yaml
……
PLAY [web] ******************************************************************************************************
TASK [1.分发配置文件] *******************************************************************************************
changed: [172.16.1.9] => (item=bird)
changed: [172.16.1.7] => (item=bird)
changed: [172.16.1.8] => (item=bird)
changed: [172.16.1.9] => (item=game)
changed: [172.16.1.8] => (item=game)
changed: [172.16.1.7] => (item=game)
changed: [172.16.1.9] => (item=blog)
……
9. 思维导图
https://kdocs.cn/join/gpuxq6r?f=101\r\n邀请你加入共享群「老男孩教育Linux运维99期-孙克旭」一起进行文档协作