Day 39 課堂筆記

12.2 shell模塊功能說明:

功能說明:執(zhí)行一個命令在遠程節(jié)點上

shell? Execute commands in nodes.

官方鏈接:http://docs.ansible.com/ansible/latest/shell_module.html

? shell:

? ? ? chdir:? ? ? ? ? ? ? ? # cd into this directory before running the command

? ? ? creates:? ? ? ? ? ? ? # a filename, when it already exists, this step will *not* be

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? run.

? ? ? executable:? ? ? ? ? ? # change the shell used to execute the command. Should be an

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? absolute path to the

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? executable.

? ? ? free_form:? ? ? ? ? ? # (required) The shell module takes a free form command to run,

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? as a string.? There's not an

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? actual option named "free

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? form".? See the examples!

? ? ? removes:? ? ? ? ? ? ? # a filename, when it does not exist, this step will *not* be

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? run.

? ? ? stdin:? ? ? ? ? ? ? ? # Set the stdin of the command directly to the specified value.

? ? ? warn:? ? ? ? ? ? ? ? ? # if command warnings are on in ansible.cfg, do not warn about

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? this particular line if set to? no/false.

[root@m01 ~]# cat /etc/ansible/hosts

[oldboy]

172.16.1.31

172.16.1.41 ?

實踐:增加文本文件

[root@m01 ~]# ansible oldboy -m shell -a "echo oldboy >/tmp/tmp.txt"

172.16.1.41 | CHANGED | rc=0 >>

172.16.1.31 | CHANGED | rc=0 >>

[root@m01 ~]# ansible oldboy -m shell -a "cat /tmp/tmp.txt"

172.16.1.41 | CHANGED | rc=0 >>

oldboy

172.16.1.31 | CHANGED | rc=0 >>

oldboy

要執(zhí)行的腳本必須在遠程機器上存在:

[root@m01 ~]# ansible oldboy -m shell -a "sh /server/scripts/bak.sh"

172.16.1.41 | FAILED | rc=127 >>

sh: /server/scripts/bak.sh: 沒有那個文件或目錄non-zero return code

172.16.1.31 | CHANGED | rc=0 >>

實踐1:把/etc/hosts拷貝到/opt下,權限設置400,用戶和組設置root

ansible oldboy -m copy -a "src=/etc/hosts dest=/opt mode=0400 owner=root group=root backup=yes"

實踐2:把/etc/passwd拷貝/tmp下改名為oldgirl,用戶和組為oldboy,權限600,如果有存在同名文件覆蓋


ansible oldboy -m copy -a "src=/etc/passwd dest=/tmp/oldgirl.txt owner=oldboy group=oldboy mode=0600 force=yes"

批量分發(fā)host需求,操作前備份:

ansible oldboy -m copy -a "src=/etc/hosts dest=/etc/hosts mode=0644 owner=root group=root backup=yes"

結果:

[root@backup /tmp]# ls /etc/hosts* -l

-rw-r--r--? 1 root root 353 4月? 24 10:49 /etc/hosts

----------? 1 root root 332 4月? 12 11:24 /etc/hosts.21951.2019-04-24@10:49:00~

項目實踐作業(yè):

1、寫好rsync一鍵客戶端配置,一鍵服務端配置。

2、寫好nfs一鍵服務端端配置,一鍵客戶端掛載,并且加到自啟動文件里(/etc/rc.local,/etc/fstab)。

shell模塊遠程執(zhí)行腳本:腳本必須在遠端存在

ansible oldboy? -m shell -a "/bin/bash /server/scripts/setup.sh"

12.3? script模塊功能說明:

功能說明:遠程節(jié)點上運行本地腳本模塊

官方鏈接:http://docs.ansible.com/ansible/latest/script_module.html

參數(shù)說明:

ansible oldboy -m shell -a "sh /server/scripts/bak.sh"

[root@m01 /server/scripts]# ansible oldboy -m shell -a "sh /server/scripts/bak.sh"

172.16.1.41 | FAILED | rc=127 >>

sh: /server/scripts/bak.sh: 沒有那個文件或目錄non-zero return code

172.16.1.31 | FAILED | rc=127 >>

sh: /server/scripts/bak.sh: 沒有那個文件或目錄non-zero return code

[root@m01 /server/scripts]# cat new.sh

#!/bin/sh

echo oldboy >/tmp/oldboy.txt

本地腳本,在遠端執(zhí)行。

[root@m01 /server/scripts]# ansible oldboy -m script -a "/server/scripts/new.sh"

項目實踐作業(yè):

rsync服務端寫成腳本 r1.sh

rsync客戶端寫成腳本 r2.sh

nfs服務端寫成腳本 n1.sh

nfs客戶端寫成腳本 n2.sh

sersync服務端寫成腳本 s1.sh

sersync客戶端寫成腳本 s2.sh

/server/scripts/one_key_gaoding.sh

ansible r1 -m copy -a "src=/server/scripts/r1.sh dest=/server/scripts/ mode=ugo+x"

ansible r1 -m shell -a "sh /server/scripts/r1.sh"

ansible r1 -m copy -a "src=/server/scripts/r2.sh dest=/server/scripts/ mode=ugo+x"

ansible r2 -m shell -a "sh /server/scripts/r2.sh"

ansible n1 -m shell -a "sh /server/scripts/n1.sh"

ansible n2 -m shell -a "sh /server/scripts/n2.sh"

ansible s1 -m shell -a "sh /server/scripts/s1.sh"

ansible s2 -m shell -a "sh /server/scripts/s2.sh"

/bin/sh /server/scripts/one_key_gaoding.sh

也可以使用script模塊,替代copy+shell模塊

12.4 copy模塊功能說明:

功能說明:復制文件到遠程主機

官方鏈接:http://docs.ansible.com/ansible/latest/copy_module.html

參數(shù)說明:

[root@m01 ~]# ansible oldboy -m shell -a "sh /server/scripts/bak.sh"

172.16.1.31 | FAILED | rc=127 >>

sh: /server/scripts/bak.sh: 沒有那個文件或目錄non-zero return code

172.16.1.41 | FAILED | rc=127 >>

sh: /server/scripts/bak.sh: 沒有那個文件或目錄non-zero return code

ansible oldboy -m copy -a "src=/server/scripts/bak.sh dest=/server/scripts/ mode=ugo+x"

12.5 file模塊功能說明:

功能說明:設置文件屬性

官方鏈接:http://docs.ansible.com/ansible/latest/copy_module.html

參數(shù)實踐:創(chuàng)建數(shù)據文件(普通文件 目錄 軟鏈接文件)

ansible oldboy -m file -a "dest=/tmp/oldboy_dir state=directory"

ansible oldboy -m command -a "mkdir -p /tmp/oldboy_dir1 warn=false"

ansible oldboy -m file -a "dest=/tmp/oldboy1 state=touch"

ansible oldboy -m command -a "touch /tmp/oldboy_file1.txt warn=false"

================================================================

替代方案:

ansible oldboy? -m command -a "chmod 777 /etc/hosts warn=false"

ansible oldboy? -m command -a "chmod 644 /etc/hosts warn=false"

ansible oldboy? -m command -a "chown oldboy /etc/hosts warn=false"

ansible oldboy? -m command -a "chown root /etc/hosts warn=false"

創(chuàng)建目錄:mkdir /tmp/oldboy_dir

ansible oldboy -m file -a "dest=/tmp/oldboy_dir state=directory"

遞歸設置權限:

ansible oldboy -m file -a "dest=/tmp/oldboy_dir state=directory mode=644 recurse=yes"

創(chuàng)建文件:touch /tmp/oldboy_file

ansible oldboy -m file -a "dest=/tmp/oldboy_file state=touch"

刪除文件:rm -f /tmp/oldboy_file

ansible oldboy -m file -a "dest=/tmp/oldboy_file state=absent"

創(chuàng)建鏈接文件:ln -s /etc/hosts /tmp/link_file

ansible oldboy -m file -a "src=/etc/hosts dest=/tmp/link_file state=link"

ansible oldboy -m file -a "dest=/tmp/oldboy_file state=touch owner=oldboy group=oldboy mode=000"

ansible oldboy -m file -a "dest=/tmp/oldboy_file state=touch owner=oldboy group=oldboy mode=ugo=rwx"

作業(yè):批量創(chuàng)建5個用戶oldboy01-05,然后設置123456密碼,然后同時在所有客戶端執(zhí)行。

知識----能力-----價值-----金錢

12.6 yum模塊功能說明:

功能說明:yum包管理模塊

官方鏈接:http://docs.ansible.com/ansible/latest/yum_module.html

ansible oldboy? -m command -a "yum install nginx -y"

ansible oldboy -m yum -a "name=nginx state=installed"

ansible oldboy -m yum -a "name=nc state=installed"

[root@nfs01 oldboy_dir]# rpm -qa nginx

nginx-1.10.2-1.el6.x86_64

###不要用yum卸載,可用rpm -e卸載。

ansible系統(tǒng)類型模塊說明

12.7 systemd模塊功能說明:(service模塊)

功能說明:yum包管理模塊

官方鏈接:http://docs.ansible.com/ansible/latest/service_module.html

參數(shù)說明:

service nfs restart

/etc/init.d/nfs restart

systemctl restart nfs

[root@backup /server/scripts]# ansible-doc -s systemd

- name: Manage services

? systemd:

? ? ? daemon_reload:? ? ? ? # run daemon-reload before doing any other operations, to make sure systemd has read any

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? changes.

? ? ? enabled:? ? ? ? ? ? ? # Whether the service should start on boot. *At least one of state and enabled are

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? required.*

? ? ? force:? ? ? ? ? ? ? ? # Whether to override existing symlinks.

? ? ? masked:? ? ? ? ? ? ? ? # Whether the unit should be masked or not, a masked unit is impossible to start.

? ? ? name:? ? ? ? ? ? ? ? ? # Name of the service. When using in a chroot environment you always need to specify the? full name i.e. (crond.service).

? ? ? no_block:? ? ? ? ? ? ? # Do not synchronously wait for the requested operation to finish. Enqueued job will

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? continue without Ansible blocking on its completion.

? ? ? scope:? ? ? ? ? ? ? ? # run systemctl within a given service manager scope, either as the default system scope

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? (system), the current user's scope (user), or the scope of

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? all users (global). For systemd to work with 'user', the

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? executing user must have its own instance of dbus started

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? (systemd requirement). The user dbus process is normally

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? started during normal login, but not during the run of

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Ansible tasks. Otherwise you will probably get a 'Failed

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? to connect to bus: no such file or directory' error.

? ? ? state:? ? ? ? ? ? ? ? # `started'/`stopped' are idempotent actions that will not run commands unless necessary.

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? `restarted' will always bounce the service. `reloaded'

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? will always reload.

? ? ? user:? ? ? ? ? ? ? ? ? # (deprecated) run ``systemctl`` talking to the service manager of the calling user, rather

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? than the service manager of the system. This option is

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? deprecated and will eventually be removed in 2.11. The

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ``scope`` option should be used instead.


實踐:

ansible oldboy -m systemd -a "name=crond.service enabled=no state=stopped "

ansible oldboy -m command -a "systemctl status crond"

ansible oldboy -m systemd -a "name=crond.service enabled=yes state=started"

百度 ansible systemd

https://hoxis.github.io/ansible-system-modules.html

https://www.cnblogs.com/mcsiberiawolf/articles/10083626.html

[root@backup ~]# service crond restart

Redirecting to /bin/systemctl restart crond.service


#service模塊功能說明:

功能說明:啟動停止服務

官方鏈接:http://docs.ansible.com/ansible/latest/service_module.html

#相當于

#service crond stop|/etc/init.d/crond stop

#chkconfig crond off

ansible oldboy -m service -a "name=crond state=stop enabled=no"

#相當于/etc/init.d/crond start

chkconfig crond on

ansible oldboy -m service -a "name=crond state=started enabled=yes"

ansible oldboy -m command -a "name=crond state=started enabled=yes"

有選擇才叫有能力。

足球場上,讓拿球隊員有選擇,就容易進球。

不讓對方有選擇,就得人盯人。

12.8 cron模塊功能說明:

功能說明:管理定時任務條目信息模塊

cron? ? Manage cron.d and crontab entries

官方鏈接:http://docs.ansible.com/ansible/latest/cron_module.html

定時任務格式:

* * * * * CMD

[root@backup ~]# ansible-doc -s cron

- name: Manage cron.d and crontab entries

? cron:

? ? ? backup:? ? ? ? ? ? ? ? # If set, create a backup of the crontab before it is modified.

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? The location of the backup is

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? returned in the `backup_file'

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? variable by this module.

? ? ? cron_file:? ? ? ? ? ? # If specified, uses this file instead of an individual user's

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? crontab. If this is a relative

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? path, it is interpreted with

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? respect to /etc/cron.d. (If it

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? is absolute, it will typically

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? be /etc/crontab). Many linux

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? distros expect (and some

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? require) the filename portion

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? to consist solely of upper- and

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? lower-case letters, digits,

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? underscores, and hyphens. To

:...skipping...

- name: Manage cron.d and crontab entries

? cron:

? ? ? backup:? ? ? ? ? ? ? ? # If set, create a backup of the crontab before it is modified.

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? The location of the backup is? returned in the `backup_file'

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? variable by this module.

? ? ? cron_file:? ? ? ? ? ? # If specified, uses this file instead of an individual user's

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? crontab. If this is a relative

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? path, it is interpreted with

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? respect to /etc/cron.d. (If it

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? is absolute, it will typically

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? be /etc/crontab). Many linux

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? distros expect (and some

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? require) the filename portion

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? to consist solely of upper- and

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? lower-case letters, digits,

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? underscores, and hyphens. To

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? use the `cron_file' parameter

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? you must specify the `user' as

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? well.

? ? ? disabled:? ? ? ? ? ? ? # If the job should be disabled (commented out) in the crontab.

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Only has effect if? `state=present'.

? ? ? env:? ? ? ? ? ? ? ? ? # If set, manages a crontab's environment variable. New

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? variables are added on top of

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? crontab. "name" and "value"

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? parameters are the name and the

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? value of environment variable.

? ? ? insertafter:? ? ? ? ? # Used with `state=present' and `env'. If specified, the

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? environment variable will be

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? inserted after the declaration

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? of specified environment

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? variable.

? ? ? insertbefore:? ? ? ? ? # Used with `state=present' and `env'. If specified, the

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? environment variable will be

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? inserted before the declaration

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? of specified environment

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? variable.

? ? ? name:? ? ? ? ? ? ? ? ? # Description of a crontab entry or, if env is set, the name of

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? environment variable. Required? ? ? if state=absent. Note that if

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? name is not set and? ? state=present, then a new

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? crontab entry will always be

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? created, regardless of existing

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ones.

? ? ? reboot:? ? ? ? ? ? ? ? # If the job should be run at reboot. This option is deprecated.

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Users should use special_time.

? ? ? special_time:? ? ? ? ? # Special time specification nickname.

? ? ? state:? ? ? ? ? ? ? ? # Whether to ensure the job or environment variable is present

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? or absent.

? ? ? user:? ? ? ? ? ? ? ? ? # The specific user whose crontab should be modified.


定時任務格式:

* * * * * CMD

? 定時任務時間參數(shù):

? ? ? minute:? ? ? ? ? ? ? ? # Minute when the job should run ( 0-59, *, */2, etc )

? hour:? ? ? ? ? ? ? ? ? # Hour when the job should run ( 0-23, *, */2, etc )

? day:? ? ? ? ? ? ? ? ? # Day of the month the job should run ( 1-31, *, */2, etc )

? ? ? month:? ? ? ? ? ? ? ? # Month of the year the job should run ( 1-12, *, */2, etc )

? ? ? weekday:? ? ? ? ? ? ? # Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc )

? ? ? job:? ? ? ? ? ? ? ? ? # The command to execute or, if env is set, the value of? environment variable. The

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? command should not contain line? breaks. Required if? ? state=present.


創(chuàng)建定時任務:

ansible oldboy -m cron -a "name='sync time' minute=00 hour=00 job='/usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1'"

[root@backup ~]# crontab -l

#crond-id-001:time sync by oldboy

*/5 * * * * /usr/sbin/ntpdate ntp3.aliyun.com >/dev/null 2>&1

#Ansible: sync time

00 00 * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1

結果:

#Ansible: sync time

00 00 * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1

添加如下定時任務:

05 03 * * * /bin/sh /server/scripts/backup.sh >/dev/null 2>&1

命令如下:

ansible oldboy -m cron -a "name='backup data' minute=05 hour=03 job='/bin/sh /server/scripts/backup.sh >/dev/null 2>&1'"

結果:

#Ansible: backup data

05 03 * * * /bin/sh /server/scripts/backup.sh /server/scripts/list >/dev/null 2>&1

刪除定時任務:state=absent backup=yes

ansible oldboy -m cron -a "name='backup data' state=absent backup=yes"

名字不變的前提下,修改ansible參數(shù)內容,就是修改定時任務。

查看結果:

[root@nfs01 /server/scripts]# crontab -l

#crond-id-001:time sync by oldboy

*/5 * * * * /usr/sbin/ntpdate ntp3.aliyun.com >/dev/null 2>&1

##bak config by oldboy at 2020.10.10

00 00 * * * /bin/sh /server/scripts/bak.sh >/dev/null 2>&1

[root@nfs01 /server/scripts]#

[root@nfs01 /server/scripts]# cat /tmp/crontabdMTe3e

#crond-id-001:time sync by oldboy

*/5 * * * * /usr/sbin/ntpdate ntp3.aliyun.com >/dev/null 2>&1

##bak config by oldboy at 2020.10.10

00 00 * * * /bin/sh /server/scripts/bak.sh >/dev/null 2>&1

#Ansible: backup data

05 03 * * * /bin/sh /server/scripts/backup.sh >/dev/null 2>&1

注釋定時任務:disabled=yes

[root@m01 ~]# ansible oldboy -m cron -a "name='backup data' minute=05 hour=04 job='/bin/sh /server/scripts/backup.sh' disabled=yes"

替代方案:

自學mount模塊。

1)一鍵完成rsync服務端安裝。

劇本:

#1)安裝

#yum install rsync -y

#2)配置配置文件/etc/rsyncd.conf

cp /etc/rsyncd.conf{,.ori}

cat>/etc/rsyncd.conf<<EOF

#rsync_config_______________start

#created by oldboy

#site: http://www.oldboyedu.com

uid = rsync

gid = rsync

use chroot = no

fake super = yes

max connections = 200

timeout = 600

pid file = /var/run/rsyncd.pid

lock file = /var/run/rsync.lock

log file = /var/log/rsyncd.log

ignore errors

read only = false

list = false

hosts allow = 172.16.1.0/24

hosts deny = 0.0.0.0/32

auth users = rsync_backup

secrets file = /etc/rsync.password

[backup]

comment = welcome to oldboyedu backup!

path = /backup/

EOF

#3)創(chuàng)建用戶和備份目錄

useradd rsync

id rsync

mkdir -p /backup

chown -R rsync.rsync /backup/

ls -ld /backup/

#4)啟動和檢查

systemctl start rsyncd

systemctl enable rsyncd

systemctl status rsyncd

ps -ef|grep sync|grep -v grep? #檢查進程

netstat -lntup|grep 873? ? ? ? #檢查端口

#5)配置密碼文件

echo "rsync_backup:oldboy" > /etc/rsync.password

chmod 600 /etc/rsync.password

cat /etc/rsync.password

ls -l /etc/rsync.password

#rsync服務端配置完成。

#最終腳本路徑/server/scripts/install_rsync_server.sh,需提前測試成功。

2)一鍵完成rsync客戶端安裝。

#方法1:認證密碼文件

echo "oldboy" > /etc/rsync.password

chmod 600 /etc/rsync.password

cat /etc/rsync.password

ls -l /etc/rsync.password

rsync -avz /etc/hosts rsync_backup@172.16.1.41::backup --password-file=/etc/rsync.password

#最終腳本路徑/server/scripts/install_rsync_client.sh,需提前測試成功。

3)配置管理機61-m01:

1)實現(xiàn)批量分發(fā)秘鑰,免秘鑰管理

#!/bin/bash

yum install ansible -y? ? ? ? ? ? ? ? #含sshpass

[ ~/.ssh/id_rsa ]&& rm -fr ~/.ssh

ssh-keygen -f ~/.ssh/id_rsa? -P '' -q

for ip in 31 41 7 8

do

? sshpass -p123456 ssh-copy-id -f -i ~/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no" 172.16.1.$ip

? ssh 172.16.1.$ip "ifconfig eth0"

done

#腳本路徑/server/scripts/create_key.sh

4)實現(xiàn)文件分發(fā)和命令管理

方法1:腳本開發(fā)分發(fā)工具

[root@m01 /server/scripts]# cat fenfa.sh

#!/bin/sh

. /etc/init.d/functions

if [ $# -ne 2 ]

then

? ? echo "usage:/bin/sh $0 localfile remotedir"

? ? exit 1

fi

for n in? `cat /etc/ssh/hosts`

do

? scp -P 22 -rp $1 root@$n:$2 &>/dev/null

? if [ $? -eq 0? ]

? then

? ? action "$n successful" /bin/true

? else

? ? ? ? ? ? action "$n failure" /bin/false

? fi

done

=============

[root@m01 /server/scripts]# cat fenfa.sh

#!/bin/sh

for n in? 7 31 41

do

? scp -P 22 -rp $1 root@$n:$2 &>/dev/null

done

[root@m01 /server/scripts]# cat cmd.sh

for n in 31 41 7

do

? echo "=====172.16.1.$n======"

? ssh 172.16.1.$n "$1"

done

方法2:使用ansible工具

yum install ansible -y

[root@m01 /server/scripts]# cat /etc/ansible/hosts

[oldboy]

172.16.1.31

172.16.1.41

172.16.1.7

2)優(yōu)化所有機器SSH

優(yōu)化目標sshd_config

[root@m01 /server/scripts]# sed -n '17,22p' /etc/ssh/sshd_config

####Start by oldboy#2020-04-26###

PermitEmptyPasswords no

UseDNS no

GSSAPIAuthentication no

#ListenAddress 172.16.1.7:22

####End by oldboy#2018-04-26###

方法1:腳本分發(fā)

[root@m01 /server/scripts]# sh fenfa.sh /etc/ssh/sshd_config /etc/ssh/

7 successful? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? [? 確定? ]

31 successful? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? [? 確定? ]

41 successful? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? [? 確定? ]

[root@m01 /server/scripts]#

[root@m01 /server/scripts]#

[root@m01 /server/scripts]#

[root@m01 /server/scripts]# sh cmd.sh "systemctl restart sshd"

=====172.16.1.31======

=====172.16.1.41======

=====172.16.1.7======

方法2:使用ansible分發(fā)

ansible oldboy -m copy -a "src=/etc/ssh/sshd_config dest=/etc/ssh/sshd_config backup=yes"

ansible oldboy -m shell -a "systemctl restart sshd"

從管理機實現(xiàn)一鍵安裝install_rsync_server.sh

ansible 172.16.1.41 -m script -a "/server/scripts/install_rsync_server.sh"

[root@m01 /server/scripts]# cat /etc/ansible/hosts

[oldboy]

172.16.1.31

172.16.1.41

172.16.1.7

172.16.1.8

[rsync_client]

172.16.1.31

172.16.1.8

ansible rsync_client -m script -a "/server/scripts/install_rsync_client.sh"

實現(xiàn)從管理機一鍵完成安裝rsync服務端和客戶端

3)一鍵完成nfs服務端。

4)一鍵完成nfs客戶端。

5)一鍵完成sersync服務端。

6)一鍵完成sersync客戶端。

一個腳本one_key.sh或者一個ansible命令。完成

項目實踐作業(yè):

rsync服務端寫成腳本 r1.sh

rsync客戶端寫成腳本 r2.sh

nfs服務端寫成腳本 n1.sh

nfs客戶端寫成腳本 n2.sh

sersync服務端寫成腳本 s1.sh

sersync客戶端寫成腳本 s2.sh

/server/scripts/one_key_gaoding.sh

ansible r1 -m copy -a "src=/server/scripts/r1.sh dest=/server/scripts/ mode=ugo+x"

ansible r1 -m shell -a "sh /server/scripts/r1.sh"

ansible r1 -m copy -a "src=/server/scripts/r2.sh dest=/server/scripts/ mode=ugo+x"

ansible r2 -m shell -a "sh /server/scripts/r2.sh"

ansible n1 -m shell -a "sh /server/scripts/n1.sh"

ansible n2 -m shell -a "sh /server/scripts/n2.sh"

ansible s1 -m shell -a "sh /server/scripts/s1.sh"

ansible s2 -m shell -a "sh /server/scripts/s2.sh"

/bin/sh /server/scripts/one_key_gaoding.sh

也可以使用script模塊,替代copy+shell模塊

?著作權歸作者所有,轉載或內容合作請聯(lián)系作者
  • 人面猴
    序言:七十年代末,一起剝皮案震驚了整個濱河市,隨后出現(xiàn)的幾起案子,更是在濱河造成了極大的恐慌,老刑警劉巖,帶你破解...
    沈念sama閱讀 227,572評論 6 531
  • 死咒
    序言:濱河連續(xù)發(fā)生了三起死亡事件,死亡現(xiàn)場離奇詭異,居然都是意外死亡,警方通過查閱死者的電腦和手機,發(fā)現(xiàn)死者居然都...
    沈念sama閱讀 98,071評論 3 414
  • 救了他兩次的神仙讓他今天三更去死
    文/潘曉璐 我一進店門,熙熙樓的掌柜王于貴愁眉苦臉地迎上來,“玉大人,你說我怎么就攤上這事。” “怎么了?”我有些...
    開封第一講書人閱讀 175,409評論 0 373
  • 道士緝兇錄:失蹤的賣姜人
    文/不壞的土叔 我叫張陵,是天一觀的道長。 經常有香客問我,道長,這世上最難降的妖魔是什么? 我笑而不...
    開封第一講書人閱讀 62,569評論 1 307
  • ?港島之戀(遺憾婚禮)
    正文 為了忘掉前任,我火速辦了婚禮,結果婚禮上,老公的妹妹穿的比我還像新娘。我一直安慰自己,他們只是感情好,可當我...
    茶點故事閱讀 71,360評論 6 404
  • 惡毒庶女頂嫁案:這布局不是一般人想出來的
    文/花漫 我一把揭開白布。 她就那樣靜靜地躺著,像睡著了一般。 火紅的嫁衣襯著肌膚如雪。 梳的紋絲不亂的頭發(fā)上,一...
    開封第一講書人閱讀 54,895評論 1 321
  • 城市分裂傳說
    那天,我揣著相機與錄音,去河邊找鬼。 笑死,一個胖子當著我的面吹牛,可吹牛的內容都是我干的。 我是一名探鬼主播,決...
    沈念sama閱讀 42,979評論 3 440
  • 雙鴛鴦連環(huán)套:你想象不到人心有多黑
    文/蒼蘭香墨 我猛地睜開眼,長吁一口氣:“原來是場噩夢啊……” “哼!你這毒婦竟也來了?” 一聲冷哼從身側響起,我...
    開封第一講書人閱讀 42,123評論 0 286
  • 萬榮殺人案實錄
    序言:老撾萬榮一對情侶失蹤,失蹤者是張志新(化名)和其女友劉穎,沒想到半個月后,有當?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體,經...
    沈念sama閱讀 48,643評論 1 333
  • ?護林員之死
    正文 獨居荒郊野嶺守林人離奇死亡,尸身上長有42處帶血的膿包…… 初始之章·張勛 以下內容為張勛視角 年9月15日...
    茶點故事閱讀 40,559評論 3 354
  • ?白月光啟示錄
    正文 我和宋清朗相戀三年,在試婚紗的時候發(fā)現(xiàn)自己被綠了。 大學時的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片。...
    茶點故事閱讀 42,742評論 1 369
  • 活死人
    序言:一個原本活蹦亂跳的男人離奇死亡,死狀恐怖,靈堂內的尸體忽然破棺而出,到底是詐尸還是另有隱情,我是刑警寧澤,帶...
    沈念sama閱讀 38,250評論 5 356
  • ?日本核電站爆炸內幕
    正文 年R本政府宣布,位于F島的核電站,受9級特大地震影響,放射性物質發(fā)生泄漏。R本人自食惡果不足惜,卻給世界環(huán)境...
    茶點故事閱讀 43,981評論 3 346
  • 男人毒藥:我在死后第九天來索命
    文/蒙蒙 一、第九天 我趴在偏房一處隱蔽的房頂上張望。 院中可真熱鬧,春花似錦、人聲如沸。這莊子的主人今日做“春日...
    開封第一講書人閱讀 34,363評論 0 25
  • 一樁弒父案,背后竟有這般陰謀
    文/蒼蘭香墨 我抬頭看了看天上的太陽。三九已至,卻和暖如春,著一層夾襖步出監(jiān)牢的瞬間,已是汗流浹背。 一陣腳步聲響...
    開封第一講書人閱讀 35,622評論 1 280
  • 情欲美人皮
    我被黑心中介騙來泰國打工, 沒想到剛下飛機就差點兒被人妖公主榨干…… 1. 我叫王不留,地道東北人。 一個月前我還...
    沈念sama閱讀 51,354評論 3 390
  • 代替公主和親
    正文 我出身青樓,卻偏偏與公主長得像,于是被迫代替她去往敵國和親。 傳聞我的和親對象是個殘疾皇子,可洞房花燭夜當晚...
    茶點故事閱讀 47,707評論 2 370

推薦閱讀更多精彩內容