openeuler自动化运维
节点 | IP1 | 系统 | 功能 | CPU | 内存 | 硬盘 |
---|
node1 | 10.80.20.1 | openeuler20.03 | ansible | 2核心 | 4GB | 20GB |
node2 | 10.80.20.2 | openeuler20.03 | zabbix | 2核心 | 4GB | 20GB |
node3 | 10.80.20.3 | openeuler20.03 | nginx | 2核心 | 4GB | 20GB |
node4 | 10.80.20.4 | openeuler20.03 | nginx | 2核心 | 4GB | 20GB |
ansible基本操作
安装和配置ansible控制器
node1
下载安装ansible:
1 2 3 4 5 6 7 8
| # dnf install -y ansible # ansible --version ansible 2.5.5 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.7/site-packages/ansible executable location = /usr/bin/ansible python version = 3.7.9 (default, Dec 31 2021, 20:47:14) [GCC 7.3.0]
|
修改配置文件:
1 2 3
| # vim /etc/ansible/ansible.cfg # 62行,取消注释 host_key_checking = False
|
修改主机清单:
1 2 3 4 5 6
| # vim /etc/ansible/hosts [Nginx] 10.80.20.3 10.80.20.4 [Zabbix] 10.80.20.2
|
配置免密:
1 2 3 4 5 6 7
| # ssh-keygen 回车 回车 回车 # ssh-copy-id 10.80.20.2 # ssh-copy-id 10.80.20.3 # ssh-copy-id 10.80.20.4
|
ansible命令基本操作
ping模块检测主机能否正常通信:
填写本机密码:
1
| # ansible all -k -m ping
|
使用主机标签:
1 2
| # ansible Nginx -m ping # ansible Zabbix -m ping
|
列出对应主机:
1 2 3 4 5 6 7
| # ansible Nginx --list hosts (2): 10.80.20.3 10.80.20.4 # ansible Zabbix --list-host hosts (1): 10.80.20.2
|
查看主机组Zabbix或Nginx得到主机与控制器之间的通信状况:
1
| # ansible "Zabbix:Nginx" -m ping
|
查看主机组Zabbix和Nginx共同的主机与控制器之间的通信状况:
1
| # ansible "Zabbix:&Nginx" -m ping
|
查看不属于主机组Nginx的主机与控制器之间的通信状况:
1
| # ansible ':!Nginx' -m ping
|
查看ansible的执行过程:
1 2 3
| # ansible ':!Nginx' -v -m ping # ansible ':!Nginx' -vv -m ping # ansible ':!Nginx' -vvv -m ping
|
ansible常用模块实践
command模块实践
将Nginx主机组的/etc/passwd复制到/data中,查看文件内容:
1 2 3
| # ansible Nginx -m command -a "mkdir /data" # ansible Nginx -m command -a "cp /etc/passwd /data" # ansible Nginx -m command -a "removes=/data/passwd cat /data/passwd"
|
shell模块实践
检查Nginx主机组的“/”目录是否存在data相关目录,将/data中的文件内容使用“this is a test”覆盖:
1 2 3
| # ansible Nginx -m shell -a "ls / | grep data" # ansible Nginx -m shell -a "ls /data" # ansible Nginx -m shell -a "echo 'this is a test' > /data/passwd"
|
script模块实践
打印所有主机的mac地址:
1 2 3
| # vim /root/mac.sh #!/bin/bash ip addr | grep link/ether | awk '{print $2}'
|
1 2 3 4
| # ansible all -m script -a "/root/mac.sh" | grep stdout | awk '{print $2}' | grep \n "00:0c:29:40:c1:92\r\n", "00:0c:29:40:21:e5\r\n", "00:0c:29:f5:04:b0\r\n",
|
copy模块实践
控制器创建/root/data/copy文件,拷贝到Nginx主机组中/tmp目录下,输出“hello openeuler”到/tmp/copy文件中。在/root/data/copy中输出”hello world“,将文件拷贝到Nginx主机组中,文件内容不同时保持文件不变:
1 2 3 4 5 6
| # mkdir /root/data # touch /root/data/copy # ansible Nginx -m copy -a "src=/root/data/copy dest=/tmp" # ansible Nginx -m copy -a "content='hello openeuler' dest=/tmp/copy" # echo "hello world" > /root/data/copy # ansible Nginx -m copy -a "force=no src=/root/data/copy dest=/tmp"
|
fetch模块实践
将Nginx主机组中的/tmp/copy文件保存到控制器的/tmp目录下:
1
| # ansible Nginx -m fetch -a "src=/tmp/copy dest=/tmp"
|
file模块实践
在Nginx主机组创建目录/tmp/file/data,指定用户用户组为test:test,权限为755,在该目录下创建test文件,并创建软连接指向/tmp/link,最后删除目录/tmp/file:
1 2 3 4 5
| # ansible Nginx -a "useradd test" # ansible Nginx -m file -a "path=/tmp/file/data owner=test group=test mode=755 state=directory" # ansible Nginx -m file -a "path=/tmp/file/data/test state=touch" # ansible Nginx -m file -a "src=/tmp/file/data/test dest=/tmp/link state=link"# ansible Nginx -m file -a "path=/tmp/file state=absent" # ansible Nginx -m file -a "path=/tmp/file state=absent"
|
archive和unchive模块实践
在Nginx主机组的/tmp目录下创建文件test1和test2,并打包为test.bz2,将test1和test2删除,将test.bz2拷贝到控制节点的/tmp目录下,将10.80.20.3的压缩包解压到10.80.20.4的/tmp目录下:
1 2 3 4 5 6 7 8 9
| # ansible Nginx -m file -a "path=/tmp/test1 state=touch" # ansible Nginx -m file -a "path=/tmp/test2 state=touch" # ansible Nginx -m archive -a "path=/tmp/test1,/tmp/test2 format=bz2 remove=yes dest=/tmp/test.bz2" # ansible Nginx -m fetch -a "src=/tmp/test.bz2 dest=/tmp" # ansible 10.80.20.4 -m unarchive -a "src=/tmp/10.80.20.3/tmp/test.bz2 dest=/tmp" # ansible 10.80.20.4 -a "ls /tmp" | grep test test1 test2 test.bz2
|
playbook综合实践
node2、node3、node4
修改主机名:
1 2 3 4 5 6
| # node2 # hostnamectl set-hostname Zabbix-server && bash # node3 # hostnamectl set-hostname Nginx-01 && bash # node4 # hostnamectl set-hostname Nginx-02 && bash
|
修改配置:
1 2 3 4 5 6 7 8
| # vim /etc/ansible/hosts [Nginx] 10.80.20.3 host=01 10.80.20.4 host=02 [Nginx:vars] group=Nginx [Zabbix] 10.80.20.2 host=server
|
创建yml:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
| # vim zabbix.yml --- - hosts: Zabbix remote_user: root gather_facts: no
tasks: - name: set hostname for 10.80.20.2 hostname: name={{ host }}
- hosts: Nginx remote_user: root gather_facts: no
tasks: - name: set hostname for 10.80.20.3 and 10.80.20.4 hostname: name={{ group }}-{{ host }} - name: download Zabbix yum repolist tags: agent1 shell: dnf install -y https://mirrors.aliyun.com/zabbix/zabbix/6.2/rhel/8/x86_64/zabbix-release-6.2-3.el8.noarch.rpm - name: install zabbix-agent tags: agent2 shell: dnf install -y zabbix-agent2 - name: config zabbix-agent tags: agent3 replace: path: /etc/zabbix/zabbix_agent2.conf regexp: '^Server=127.0.0.1$' replace: 'Server=10.80.20.2' notify: restart zabbix-agent2 - name: config zabbix-agent service tags: agent4 service: name: zabbix-agent2 state: started enabled: yes
handlers: - name: restart zabbix-agent2 service: name: zabbix-agent2 state: restarted
|