zoukankan      html  css  js  c++  java
  • Ab-Hoc之常用模块下篇

    toc

    service或者systemd 启动服务模块

    • name --- 服务的名称
    • state --- 指定服务状态是停止或是运行
      • started --- 启动
      • stopped --- 停止
      • restarted --- 重启
      • reloaded --- 重载
    • enabled --- 是否让服务开启自启动
    ## web清单下主机安装httpd
    [root@Ansible ~]# ansible web -m yum -a "name=httpd state=installed"
    ## web清单下主机写个主页
    [root@Ansible ~]# ansible web -m copy -a "content='The is Ansible' dest='/var/www/html/index.html'"
    ## web清单下主机启动httpd,并开机启动
    [root@Ansible ~]# ansible web -m service -a "name=httpd state=started enabled=yes"
    web1 | CHANGED => {
        "changed": true, 
        "enabled": true, 
        "name": "httpd", 
        "state": "started", 
        "status": {
    …………(这里显示就省略了)……………………
    ## 访问一下网站(没有换行哈,并不影响使用)
    [root@Ansible ~]# curl 192.168.1.2/index.html
    The is Ansible[root@Ansible ~]# 
    ## web清单下主机关闭httpd,并开机不启动
    [root@Ansible ~]# ansible web -m systemd -a "name=httpd state=stopped enabled=no"
    web1 | CHANGED => {
        "changed": true, 
        "enabled": false, 
        "name": "httpd", 
        "state": "stopped", 
        "status": {
    ………………(同上省略了)………………

    script 远程执行脚本

    [root@Ansible ~]# vim script.sh
    #!/bin/bash
    echo "The is script"
    [root@Ansible ~]# ansible hosts -m script -a "script.sh"
    localhost | CHANGED => {
        "changed": true, 
        "rc": 0, 
        "stderr": "", 
        "stderr_lines": [], 
        "stdout": "The is sctipt
    ", 
        "stdout_lines": [
            "The is sctipt"
        ]
    }
    web1 | CHANGED => {
        "changed": true, 
        "rc": 0, 
        "stderr": "Shared connection to web1 closed.
    ", 
        "stderr_lines": [
            "Shared connection to web1 closed."
        ], 
        "stdout": "The is sctipt
    ", 
        "stdout_lines": [
            "The is sctipt"
        ]
    }
    nfs1 | CHANGED => {
        "changed": true, 
        "rc": 0, 
        "stderr": "Shared connection to nfs1 closed.
    ", 
        "stderr_lines": [
            "Shared connection to nfs1 closed."
        ], 
        "stdout": "The is sctipt
    ", 
        "stdout_lines": [
            "The is sctipt"
        ]
    }

    file 创建目录,创建文件,往文件写内容

    • path --- 指定远程主机目录或文件信息
    • recurse --- 递归授权
    • state --- 指定状态
      • directory --- 在远端创建目录
      • touch --- 在远端创建文件
      • link --- link或hard表示创建链接文件
      • absent --- 表示删除文件或目录
    • mode --- 设置文件或目录权限
    • owner --- 设置文件或目录属主信息
    • group --- 设置文件或目录属组信息
    ## nfs清单下主机创建目录
    [root@Ansible ~]# ansible nfs -m file -a "path=/tmp/sgy state=directory"
    nfs1 | CHANGED => {
        "changed": true, 
        "gid": 0, 
        "group": "root", 
        "mode": "0755", 
        "owner": "root", 
        "path": "/tmp/sgy", 
        "size": 6, 
        "state": "directory", 
        "uid": 0
    }
    ## nfs清单下主机创建文件
    [root@Ansible ~]# ansible nfs -m file -a "path=/tmp/sgy state=touch mode=555 owner=root group=root"
    nfs1 | CHANGED => {
        "changed": true, 
        "dest": "/tmp/sgy", 
        "gid": 0, 
        "group": "root", 
        "mode": "0555", 
        "owner": "root", 
        "size": 6, 
        "state": "directory", 
        "uid": 0
    }
    ## nfs清单下主机创建链接文件
    [root@Ansible ~]# ansible nfs -m file -a "src=/tmp/sgy path=/tmp/sgy_link state=link"
    nfs1 | CHANGED => {
        "changed": true, 
        "dest": "/tmp/sgy_link", 
        "gid": 0, 
        "group": "root", 
        "mode": "0777", 
        "owner": "root", 
        "size": 8, 
        "src": "/tmp/sgy", 
        "state": "link", 
        "uid": 0
    }
    ## nfs清单下主机删除文件
    [root@Ansible ~]# ansible nfs -m file -a "path=/tmp/sgy state=absent"
    nfs1 | CHANGED => {
        "changed": true, 
        "path": "/tmp/sgy", 
        "state": "absent"
    }

    user 用户管理

    • name ---用户名
    • uid --- 指定用户的uid
    • comment ---用户描述信息
    • append ---是否添加一个新组
    • group --- 指定用户组名称
    • groups --- 指定附加组名称
    • password --- 给用户添加密码
    • shell --- 指定用户登录shell
    • create_home --- 是否创建家目录
    • expire ---过期时间
    • generate_ssh_key ---是否创建密钥对
    • ssh_key_bits ---密钥对字节数
    • ssh_key_file ---密钥对文件位置
    • state
      • absent --- 删除用户
    • remove ---是否移除家目录
    ## 创建系统用户sgy,并指定uid为888,加入组888,没有家目录,shell为/sbin/nologin
    [root@Ansible ~]# ansible nfs -m user -a "name=sgy uid=8888 group=8888 shell=/sbin/nologin create_home=false"
    nfs1 | CHANGED => {
        "changed": true, 
        "comment": "", 
        "create_home": false, 
        "group": 8888, 
        "home": "/home/sgy", 
        "name": "sgy", 
        "shell": "/sbin/nologin", 
        "state": "present", 
        "system": false, 
        "uid": 8888
    }
    ## 删除用户(没有家目录的删除家目录)
    [root@Ansible ~]# ansible nfs -m user -a "name=sgy state=absent remove=yes"
    nfs1 | CHANGED => {
        "changed": true, 
        "force": false, 
        "name": "sgy", 
        "remove": true, 
        "state": "absent", 
        "stderr": "userdel:未找到 sgy 的主目录“/home/sgy”
    ", 
        "stderr_lines": [
            "userdel:未找到 sgy 的主目录“/home/sgy”"
        ]
    }
    ## 生成固定密文(下面创建用户用)
    [root@Ansible ~]# ansible localhost -m debug -a "msg={{ '123.com' | password_hash('sha512', 'salt') }}"
    localhost | SUCCESS => {
        "msg": "$6$salt$kr3ZAi2XWTAu9GZk24RNhaFTZ3uY5TY6kyi9O71DeAEattqxShwIEmAcIiDos.SIpACLAZYoVTdqegFSR.ubL/"
    }
    ## 生成随机密文(下面创建用户用)
    [root@Ansible ~]# ansible localhost -m debug -a "msg={{ '123.com' | password_hash('sha512') }}"
    localhost | SUCCESS => {
        "msg": "$6$52/KtnaDqazWdlmz$JSvvZocdLRmh75SjxwZ50s2DVYiz5.JwXAsjki8VDDuj0kH47n0IUxeoXn/fKaPQszomXbeAAyWKO5TWLLrKF/"
    }
    ## 创建普通用户,使用上面生成的密文设置密码(这个必须用单引号,防止解析密文。不要问我怎么知道的,这就是个坑),生成密钥对(可以直接把下面的公钥结果复制到自己的公钥文件中,实现密钥对访问)
    [root@Ansible ~]# ansible nfs -m user -a 'name=sgy uid=6666 group=root password=$6$52/KtnaDqazWdlmz$JSvvZocdLRmh75SjxwZ50s2DVYiz5.JwXAsjki8VDDuj0kH47n0IUxeoXn/fKaPQszomXbeAAyWKO5TWLLrKF/ generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa'
    nfs1 | CHANGED => {
        "changed": true, 
        "comment": "", 
        "create_home": true, 
        "group": 0, 
        "home": "/home/sgy", 
        "name": "sgy", 
        "password": "NOT_LOGGING_PASSWORD", 
        "shell": "/bin/bash", 
        "ssh_fingerprint": "2048 SHA256:BEviA8kjstdFRYEu0a7EH2Mr+Tt3S99Zpfo3eZAX3OQ ansible-generated on Client1 (RSA)", 
        "ssh_key_file": "/home/sgy/.ssh/id_rsa", 
        "ssh_public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWiJ1kJ6ko7A7C4T1xL8qGn6d930VHr/wHfT2jEqkWltJI4E8niZa25B+un9cdgPzBn/RoLib2XwLkGpzRTTlm2ebQ1ST0PdCDff31SmNDHMwAIKXGtpDz1VXWX1ROsvPa6yitOjEDt/P55hVb2VN2Ph2idAv8aggBBHzMtg//0vKEFa6VGgYoJ0ww8H2Kur/19y+zxQGEhqAEx6+HG5bw0oXdrgfJm1DeULVKjVSgWybxUTczzRqhz0OmeEHdJmfWw530/3Yh52ym2I1FyC7O+RCkIGxnosBsCDzszz3L80OAPAFy5YCggLhZf+y9GY+Bpm0vy2PQp3L9b4g9Vtc3 ansible-generated on Client2", 
        "state": "present", 
        "system": false, 
        "uid": 6666
    }

    group 组管理

    • name --- 指定创建的组名
    • gid --- 指定组的gid
    • state
      • absent --- 移除远端主机的组
      • present --- 创建远端主机的组(默认)
    ## 创建组sgy,指定gid为888
    [root@Ansible ~]# ansible nfs -m group -a "name=sgy gid=888"
    nfs1 | CHANGED => {
        "changed": true, 
        "gid": 888, 
        "name": "sgy", 
        "state": "present", 
        "system": false
    }

    cron 定时任务

    时间不指定默认为*


    • name ---任务的描述
    • user ---以哪个用户身份运行
    • backup ---备份原任务计划(覆盖用到)
    • minute ---指定分钟
    • hour ---指定小时
    • day ---指定日期
    • month ---指定月份
    • weekday ---指定星期
    • special-time ---指定特殊时间(不常用)

    • reboot ---每次重启后执行
    • yearly或者annually ---每年执行
    • monthly ---每月执行
    • weekly ---每周执行
    • daily ---每天执行
    • hourly ---每时执行
  • job ---指定执行的命令
  • state
    • absent ---删除任务
  • disabled ---是否注释任务
  • ## 添加一条任务
    [root@Ansible ~]# ansible nfs -m cron -a "minute=0 hour=1 day=* month=* weekday=* job=pwd"
    nfs1 | CHANGED => {
        "changed": true, 
        "envs": [], 
        "jobs": [
            "None"
        ]
    }
    ## 添加一条重启执行的任务,添加描述和指定用户
    [root@Ansible ~]# ansible nfs -m cron -a "name='user info' user=root special_time=reboot job=id"
    nfs1 | CHANGED => {
        "changed": true, 
        "envs": [], 
        "jobs": [
            "None", 
            "user info"
        ]
    }
    ## 查看任务
    [root@Ansible ~]# ansible nfs -m command -a "crontab -l"
    nfs1 | CHANGED | rc=0 >>
    #Ansible: None
    0 1 * * * pwd
    #Ansible: user info
    @reboot id
    ## 注释任务user info
    [root@Ansible ~]# ansible nfs -m cron -a "name='user info' job=id disabled=yes"
    nfs1 | CHANGED => {
        "changed": true, 
        "envs": [], 
        "jobs": [
            "None", 
            "user info"
        ]
    }
    ## 删除任务user info
    [root@Ansible ~]# ansible nfs -m cron -a "name='user info' state=absent"
    nfs1 | CHANGED => {
        "changed": true, 
        "envs": [], 
        "jobs": [
            "None"
        ]
    }

    mount 挂载

    • src ---要挂载的文件
    • path ---挂载点
    • fstype ---挂载文件类型
    • opts ---传递给mount命令的参数
    • state
      • present ---开机挂载,仅将挂载配置写入/etc/fstab
      • mounted ---挂载设备,并将配置写入/etc/fstab
      • unmounted ---卸载设备,不会清除/etc/fstab写入的配置
      • absent ---卸载设备,会清理/etc/fstab写入的配置

    写个nfs服务吧挂载到web节点上

    ## 安装nfs
    [root@Ansible ~]# ansible nfs -m yum -a "name=nfs-utils state=installed"
    ## 创建目录
    [root@Ansible ~]# ansible nfs -m file -a "path=/data state=directory"
    ## 配置nfs
    [root@Ansible ~]# ansible nfs -m copy -a "content='/data 192.168.1.0/24(rw,sync,no_all_squash)' dest=/etc/exports"
    ## 启动nfs
    [root@Ansible ~]# ansible nfs -m systemd -a "name=nfs state=started enabled=yes"
    ## 在web上挂载nfs
    [root@Ansible ~]# ansible web -m mount -a "src=192.168.1.3:/data path=/var/www fstype=nfs opts=defaults state=mounted"
    web1 | CHANGED => {
        "changed": true, 
        "dump": "0", 
        "fstab": "/etc/fstab", 
        "fstype": "nfs", 
        "name": "/var/www", 
        "opts": "defaults", 
        "passno": "0", 
        "src": "192.168.1.3:/data"
    }
    ## 卸载挂载
    [root@Ansible ~]# ansible web -m mount -a "src=192.168.1.3:/data path=/var/www fstype=nfs opts=defaults state=absent"
    web1 | SUCCESS => {
        "changed": false, 
        "dump": "0", 
        "fstab": "/etc/fstab", 
        "fstype": "nfs", 
        "name": "/var/www", 
        "opts": "defaults", 
        "passno": "0", 
        "src": "192.168.1.3:/data"
    }

    selinux和firewalld 防火墙管理

    selinux模块

    [root@Ansible ~]# ansible nfs -m selinux -a "state=disabled"
    nfs1 | SUCCESS => {
        "changed": false, 
        "configfile": "/etc/selinux/config", 
        "msg": "", 
        "policy": "targeted", 
        "reboot_required": false, 
        "state": "disabled"
    }

    firewalld模块

    • service ---指定服务名称
    • port ---指定端口
    • masquerade ---开启地址伪装
    • immediate ---是否临时生效
    • permanent ---是否永久生效
    • state ---开启或是关闭
      • enabled 开启
      • disabled 关闭
    • zone ---指定配置某个区域
    • rich_rule ---配置富规则
    • source ---指定来源IP
    ## 开启httpd服务对应的端口
    [root@Ansible ~]# ansible web -m firewalld -a "service=http immediate=yes permanent=yes state=enabled"
    web1 | CHANGED => {
        "changed": true, 
        "msg": "Permanent and Non-Permanent(immediate) operation, Changed service http to enabled"
    }
    ## 开启端口tcp8080到8090
    [root@Ansible ~]# ansible web -m firewalld -a "port=8080-8090/tcp immediate=yes permanent=yes state=enabled"
    web1 | CHANGED => {
        "changed": true, 
        "msg": "Permanent and Non-Permanent(immediate) operation, Changed port 8080-8090/tcp to enabled"
    }
查看全文
  • 相关阅读:
    C++入门经典-例4.9-输出不同生命周期的变量值
    C++入门经典-例4.8-同名的全局变量和局部变量
    C++入门经典-例4.7-变量的作用域
    C++入门经典-例4.6-使用重载函数
    C++入门经典-例4.5-利用循环求n的阶乘
    C++入门经典-例4.4-循环嵌套之求n的阶乘
    C++入门经典-例4.3-函数的递归调用之汉诺塔问题
    C++入门经典-例4.2-调用默认参数的函数
    C++入门经典-例4.1-声明、定义和使用函数
    C++入门经典-例3.25-使用循环输出闰年
  • 原文地址:https://www.cnblogs.com/songguoyou/p/11883293.html
  • Copyright © 2011-2022 走看看