环境介绍:
管理主机 k8s_master1 192.168.1.18
被托管主机 k8s_node1 192.168.1.19
被托管主机 K8S_node2 192.168.1.20
操作系统 Centos 7.5
常用模块:
ansible-doc和ping模块
command模块
shell模块
script模块
copy模块
lineinfile|replace模块
yum模块
service模块
setup模块
模块使用实战:
1.ansible-doc和ping模块
- ansible-doc
[root@k8s_master1 ~]# ansible-doc -l //列出所有模块 fortios_router_community_list Configure community lists in Fortinet's FortiOS and... azure_rm_devtestlab_info Get Azure DevTest Lab facts ecs_taskdefinition register a task definition in ecs avi_alertscriptconfig Module for setup of AlertScriptConfig Avi RESTful O... tower_receive Receive assets from Ansible Tower netapp_e_iscsi_target NetApp E-Series manage iSCSI target configuration azure_rm_acs Manage an Azure Container Service(ACS) instance ...... [root@k8s_master1 ~]# ansible-doc -l | grep mysql //查找mysql相关的模块 azure_rm_mysqlfirewallrule_info Get Azure MySQL Firewall Rule facts azure_rm_mysqlconfiguration_info Get Azure MySQL Configuration facts mysql_info Gather information about MySQL servers ... [root@k8s_master1 ~]# ansible-doc mysql_db //查看mysql_db模块的使用手册 > MYSQL_DB (/usr/lib/python2.7/site-packages/ansible/modules/database/mysql/mysql_db.py) Add or remove MySQL databases from a remote host. * This module is maintained by The Ansible Community OPTIONS (= is mandatory): - ca_cert The path to a Certificate Authority (CA) certificate. This option, if used, must specify the same certificate as used by the server. (Aliases: ssl_ca)[Default: (null)] type: path version_added: 2.0 - client_cert The path to a client public key certificate. (Aliases: ssl_cert)[Default: (null)] type: path version_added: 2.0 ...
- ping
[root@k8s_master1 ~]# cat /etc/ansible/hosts ... [k8s_node] k8s_node1 k8s_node2 [root@k8s_master1 ~]# ansible k8s_node -m ping k8s_node2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } k8s_node1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } [root@k8s_master1 ~]# ansible k8s_node -m ping -k SSH password: --》 -k 表示交互式输入被托管主机连接密码 k8s_node2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } k8s_node1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" }
2.command模块
- command
完整格式:
ansible 主机集合 -m 模块名称 -a 模块参数
[root@k8s_master1 ~]# ansible k8s_node -m command -a 'uptime' //ansible远程查看k8s_node主机组中的主机系统负载信息 k8s_node2 | CHANGED | rc=0 >> 17:51:47 up 1 day, 7:37, 2 users, load average: 0.00, 0.01, 0.05 k8s_node1 | CHANGED | rc=0 >> 09:38:28 up 1 day, 16:03, 2 users, load average: 0.00, 0.01, 0.05 [root@k8s_master1 ~]# ansible k8s_node -m command -a 'date' //ansible远程查看k8s_node主机组中的主机系统时间 k8s_node2 | CHANGED | rc=0 >> 2021年 08月 11日 星期三 17:51:52 CST k8s_node1 | CHANGED | rc=0 >> 2021年 08月 11日 星期三 09:38:33 CST [root@k8s_master1 ~]# ansible k8s_node -m command -a 'cat /etc/passwd' //ansible远程查看k8s_node主机组中的主机中/etc/passwd文件 k8s_node2 | CHANGED | rc=0 >> root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin ...... k8s_node1 | CHANGED | rc=0 >> root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin ......
示例:
[root@k8s_master1 ~]# ansible k8s_node -m command -a 'ps -aux | grep sshd' //ansible在使用command模块远程控制主机组时无法识别上图字符 k8s_node2 | FAILED | rc=1 >> error: user name does not exist Usage: ps [options] Try 'ps --help <simple|list|output|threads|misc|all>' or 'ps --help <s|l|o|t|m|a>' for additional help text. For more details see ps(1).non-zero return code k8s_node1 | FAILED | rc=1 >> error: user name does not exist Usage: ps [options] Try 'ps --help <simple|list|output|threads|misc|all>' or 'ps --help <s|l|o|t|m|a>' for additional help text. For more details see ps(1).non-zero return code
3.shell模块
- shell
shell模块基本上可以执行所有类型(除了交互式)的命令。
[root@k8s_master1 ~]# ansible k8s_node -m shell -a 'ps -aux | grep sshd' //ansible使用shell模块远程查看k8s_node主机组中的sshd服务信息 k8s_node1 | CHANGED | rc=0 >> root 1164 0.0 0.3 162012 6888 ? Ss 8月09 0:00 sshd: root@pts/0 root 1166 0.0 0.3 161664 6396 ? Ss 8月09 0:00 sshd: root@notty root 2174 0.0 0.2 112892 4344 ? Ss 8月10 0:00 /usr/sbin/sshd -D root 5417 0.0 0.2 154968 5868 ? Ss 09:49 0:00 sshd: root@pts/1 root 5539 0.0 0.0 113172 1208 pts/1 S+ 09:50 0:00 /bin/sh -c ps -aux | grep sshd root 5541 0.0 0.0 112724 952 pts/1 S+ 09:50 0:00 grep sshd k8s_node2 | CHANGED | rc=0 >> root 892 0.0 0.2 112892 4344 ? Ss 8月10 0:00 /usr/sbin/sshd -D root 1185 0.0 0.3 159848 6784 ? Ss 8月10 0:00 sshd: root@pts/0 root 1187 0.0 0.3 159532 6332 ? Ss 8月10 0:00 sshd: root@notty root 5933 0.0 0.2 154964 5872 ? Ss 18:03 0:00 sshd: root@pts/1 root 6056 0.0 0.0 113172 1212 pts/1 S+ 18:03 0:00 /bin/sh -c ps -aux | grep sshd root 6058 0.0 0.0 112724 956 pts/1 S+ 18:03 0:00 grep sshd [root@k8s_master1 ~]# ansible k8s_node -m shell -a 'uptime' k8s_node2 | CHANGED | rc=0 >> 18:04:07 up 1 day, 7:50, 2 users, load average: 0.00, 0.01, 0.05 k8s_node1 | CHANGED | rc=0 >> 09:50:48 up 1 day, 16:16, 2 users, load average: 0.00, 0.01, 0.05 [root@k8s_master1 ~]# ansible k8s_node -m shell -a 'echo ${HOSTNAME}' //ansible使用shell模块远程查看k8s_node主机组中的HOSTNAME内置变量值 k8s_node2 | CHANGED | rc=0 >> k8s_node2 k8s_node1 | CHANGED | rc=0 >> k8s_node1
以上testfile文件案例验证:
[root@k8s_master1 ~]# ansible k8s_node -m shell -a "cd /tmp" //ansible使用shell模块远程进入k8s_node主机组中的tmp目录 k8s_node2 | CHANGED | rc=0 >> k8s_node1 | CHANGED | rc=0 >> [root@k8s_master1 ~]# ansible k8s_node -m shell -a "touch testfile" //ansible使用shell模块远程为k8s_node主机组创建testfile文件 [WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. k8s_node2 | CHANGED | rc=0 >> k8s_node1 | CHANGED | rc=0 >> --两台被托管主机查看创建的testfile文件--- [root@k8s_node1 ~]# pwd /root [root@k8s_node1 ~]# ll testfile -rw-r--r-- 1 root root 0 8月 11 09:58 testfile [root@k8s_node2 ~]# pwd /root [root@k8s_node2 ~]# ll testfile -rw-r--r-- 1 root root 0 8月 11 18:11 testfile
可以看到在创建testfile文件时,并没有创建在tmp目录下,而是被默认创建到了root目录下,说明ansible 是使用 ssh 多次连接执行,连接退出以后之前的状态就全部失效了。
- - 解决办法 - -:
使用 chdir 代替 cd 命令
[root@k8s_master1 ~]# ansible k8s_node -m shell -a "chdir=/tmp touch testfile" [WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. k8s_node2 | CHANGED | rc=0 >> k8s_node1 | CHANGED | rc=0 >> [root@k8s_node1 ~]# ll /tmp/testfile //成功将testfile文件创建到tmp文件夹中 -rw-r--r-- 1 root root 0 8月 11 10:09 /tmp/testfile [root@k8s_node2 ~]# ll /tmp/testfile -rw-r--r-- 1 root root 0 8月 11 18:22 /tmp/testfile
例子:为k8s_node主机组中的主机创建一个test用户并且设置密码为123。
[root@k8s_master1 ~]# ansible k8s_node -m shell -a 'useradd test' k8s_node2 | CHANGED | rc=0 >> k8s_node1 | CHANGED | rc=0 >> [root@k8s_master1 ~]# ansible k8s_node -m shell -a 'echo 123 | passwd --stdin test' k8s_node2 | CHANGED | rc=0 >> 更改用户 test 的密码 。 passwd:所有的身份验证令牌已经成功更新。 k8s_node1 | CHANGED | rc=0 >> 更改用户 test 的密码 。 passwd:所有的身份验证令牌已经成功更新。
4.script模块
- script
案例:在两台被托管主机上判断有无用户tom,如果没有则创建用户tom并配置密码为123。
[root@k8s_master1 ~]# cat >> user.sh << EOF > #!/bin/bash > id tom > if [ $? != 0 ];then > useradd tom > echo 123 | passwd --stdin tom > fi > EOF [root@k8s_master1 ~]# cat user.sh #!/bin/bash id tom if [ $? != 0 ];then useradd tom echo 123 | passwd --stdin tom fi [root@k8s_master1 ~]# ansible k8s_node -m script -a '/root/user.sh' k8s_node2 | CHANGED => { "changed": true, "rc": 0, "stderr": "Shared connection to k8s_node2 closed.\r\n", "stderr_lines": [ "Shared connection to k8s_node2 closed." ], "stdout": "id: tom: no such user\r\n更改用户 tom 的密码 。\r\npasswd:所有的身份验证令牌已经成功更新。\r\n", "stdout_lines": [ "id: tom: no such user", "更改用户 tom 的密码 。", "passwd:所有的身份验证令牌已经成功更新。" ] } k8s_node1 | CHANGED => { "changed": true, "rc": 0, "stderr": "Shared connection to k8s_node1 closed.\r\n", "stderr_lines": [ "Shared connection to k8s_node1 closed." ], "stdout": "id: tom: no such user\r\n更改用户 tom 的密码 。\r\npasswd:所有的身份验证令牌已经成功更新。\r\n", "stdout_lines": [ "id: tom: no such user", "更改用户 tom 的密码 。", "passwd:所有的身份验证令牌已经成功更新。" ] } ---两台被托管主机查看ansible执行情况--- [root@k8s_node1 ~]# id tom uid=1001(tom) gid=1001(tom) 组=1001(tom) [root@k8s_node1 ~]# cat /etc/passwd | grep tom tom:x:1001:1001::/home/tom:/bin/bash [root@k8s_node2 ~]# id tom uid=1001(tom) gid=1001(tom) 组=1001(tom) [root@k8s_node2 ~]# cat /etc/passwd | grep tom tom:x:1001:1001::/home/tom:/bin/bash
5.copy模块
- copy
[root@k8s_master1 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.18 k8s_master1 192.168.1.19 k8s_node1 192.168.1.20 k8s_node2 [root@k8s_master1 ~]# ansible k8s_node -m copy -a 'src=/etc/hosts dest=/etc/hosts' k8s_node2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "checksum": "561ed24474a2938a845088d89f280b8e3e864103", "dest": "/etc/hosts", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/etc/hosts", "size": 229, "state": "file", "uid": 0 } k8s_node1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "checksum": "561ed24474a2938a845088d89f280b8e3e864103", "dest": "/etc/hosts", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/etc/hosts", "size": 229, "state": "file", "uid": 0 } [root@k8s_node1 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.18 k8s_master1 192.168.1.19 k8s_node1 192.168.1.20 k8s_node2 [root@k8s_node2 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.18 k8s_master1 192.168.1.19 k8s_node1 192.168.1.20 k8s_node2
