ansible入门

ansible入门

一.ansible 背景介绍

  • Ansible 是一个广受欢迎的 IT 自动化系统。可以用来处理配置管理、应用自动化部署、云资源配给、网络
    自动化和多借点部署等任务。其也可以使得复杂的变更如带负载均衡的零停机滚动更新更加容易。Ansible.com

1.1 自动化运维概念

1.1.1 运维自动化的内容

  • 运维自动化是指将 IT 运维中的大量手工的日常任务(日常检查、配置变更、软件安装等)转为自动化完成。
    高度的自动化是 IT 运维追求的目标,是未来 IT 运维发展的趋势。简单的说,IT 自动化就是基于事先建立的
    框架和流程,将某些不可预测的事件与 IT 流程关联起来,一旦某个系统一有风吹草动,就会被相应的监控
    系统检测到,并根据相关的预定义的流程执行相应的补救措施,这些自动补救的措施都是在无人干涉的情
    况下自动完成的。从而大幅减少系统不可用时间。

1.1.2 运维工程师核心职能

  • 平台架构组件
    负责参与并审核架构设计的合理性和可运维性,搭建运维平台技术架构,通过开源解决方案,以确保在
    产品发布之后能高效稳定的运行,保障并不断提升服务的可用性,确保用户数据安全,提升用户体验。

  • 日常运营保障
    负责用运维技术或者运维平台确保产品可以高效的发布上线,负责保障产品 7*24H 稳定运行,在此期间
    对出现的各种问题可以快速定位并解决;在日常工作中不断优化系统架构和部署的合理性,以提升系统服务
    的稳定性。

  • 性能、效率优化
    用自动化的工具/平台提升软件在研发生命周期中的工程效率。不断优化系统架构、提升部署效率、优化
    资源利用率支持产品的不断迭代,需要不断的进行架构优化调整。以确保整个产品能够在功能不断丰富和
    复杂的条件下,同时保持高可用性。

    运维开发工程师的职能和使用的工具
  • 对于运维工程师来说,掌握这些自动化运维工具并能够相应的扩展功能是必备的技能。

1.2 常见自动化运维工具介绍

  • 常见自动化运维工具在 Github 的受欢迎程度–统计于 2019.12.8
自动化运维工具Github WatchStarForkContributorsUsed byBuild language
Ansible2000408001770048009400Python
Saltstack5961050047002163not includedPython
Puppet489560021005287300Ruby
Chef420600024005815800Ruby
Fabric5191190018009not includePython
  • 能看出 ansible 和 saltstack 是比较受欢迎的工具。

  • 各工具的源码托管地址:
    Github-Ansible
    Github-Saltstack
    Github-Puppet
    Github-Chef
    Github-Fabric

1.3 ansible 背景

  • Ansible 由 Michael DeHaan(Cobbler 与 Func 作者)使用 Python 在 2012 年开发,ansible 的名称来自
    《安德的游戏》中跨越时空的即时通信工具。 于 2012-03-09,发布 0.0.1 版。在 2015-10-17,Red Hat
    宣布 1.5 亿美元收购 Ansible。新版本的 RedHt 系统集成 Ansible。可以工作在 Linu、BSD、Mac OS 等
    平台,目前是三大自动化运维工具(Ansible,Saltstack,Puppet)中最受欢迎的工具。

  • Andible 官网和官方文档
    官网
    官方文档
    Ansible 中文文档

  • Michael DeHaan 信息和博客
    Linkedin-MichaelDehaan
    Medium
    ansible.com

二.ansible 特性介绍

  • ansible 特性
    • 模块化:调用特定的模块,完成特定任务
    • Paramiko(python 对 ssh 的实现),PyYAML,Jinja2(模板语言)三个关键模块
    • 支持自定义模块,可使用任何编程语言写模块
    • 基于 Python 语言实现
    • 部署简单,基于 python 和 SSH(默认已安装),agentless,无需代理不依赖 PKI(无需 ssl),
      去中心化部署
    • 安全,基于 OpenSSH
    • 幂等性:一个任务执行 1 遍和执行 n 遍效果一样,不因重复执行带来意外情况
    • 支持 playbook 编排任务,YAML 格式,编排任务,支持丰富的数据结构
    • 较强大的多层解决方案 role

三.ansible 架构介绍

3.1 Ansible 整体架构

Ansible 整体架构

3.2 Ansible 的核心模块

  • ansible 核心模块包括:
    INVENTRY:ansible 控制和管理的主机清单默认使用的文件为/etc/ansible/hosts
    API: 供第三方程序调用的应用程序编程接口
    MODULES:ansible 执行命令的功能模块,多数为内置核心,也可以自定义(基于 Python)
    PLUGINS:模块功能的补充,如连接类的插件、循环插件、过滤插件等。

  • ANSIBLE 命令执行来源
    USER:普通用户,即 SYSTEM ADMINISTRATOR
    PLAYBOOKS:任务剧本(任务集),编排定义 Ansible 任务集的配置文件,由 Ansible 顺序依次
    执行,通常是 JSON 格式的 YML 文件
    CMDB(配置管理数据库): API 调用
    PUBLIC/PRIVATE CLOUD: API 调用
    USER-> Ansible Playbook -> Ansibile

  • Tips
    执行 ansible 的主机一般称为主控端,中控,master 或堡垒机
    主控端 Python 版本需要 2.6 或以上
    被控端 Python 版本小于 2.4 需要安装 python-simplejson
    被控端如开启 SELinux 需要安装 libselinux-python
    windows 不能做为主控端

四.Ansible 安装和入门

4.1 Ansible 安装

  • RedHat 系列系统配置各版本的 epel 源直接 yum 安装
    yum install ansible

  • 编译安装

$yum -y install python-jinja2 PyYAML python-paramiko python-babel python-crypto
$tar xf ansible-1.5.4.tar.gz
$cd ansible-1.5.4
$python setup.py build
$python setup.py install
$mkdir /etc/ansible
$cp -r examples/* /etc/ansible
  • Git 安装
$git clone git://github.com/ansible/ansible.git --recursive
$cd ./ansible
$source ./hacking/env-setup
  • 使用 Python 包管理器 pip 安装
yum install python-pip python-devel
yum install gcc glibc-devel zibl-devel  rpm-bulid openssl-devel
pip install  --upgrade pip
pip install ansible --upgrade

4.2 Ansible 配置

  • 相关配置文件
/etc/ansible/ansible.cfg 主配置文件,配置 ansible 工作特性
/etc/ansible/hosts       默认的Inventory主机清单
/etc/ansible/roles/      存放角色的目录
  • Ansible 主配置文件/etc/ansible/ansible.cfg
# config file for ansible -- https://ansible.com/
# ===============================================

# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first

[defaults]

# some basic default values...

#inventory      = /etc/ansible/hosts
#library        = /usr/share/my_modules/
#module_utils   = /usr/share/my_module_utils/
#remote_tmp     = ~/.ansible/tmp
#local_tmp      = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks          = 5
#poll_interval  = 15
#sudo_user      = root
#ask_sudo_pass = True
#ask_pass      = True
#transport      = smart
#remote_port    = 22
#module_lang    = C
#module_set_locale = False


# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
#gathering = implicit | explicit
#gather_subset = all | network | hardware | virtual | facter | ohai
# gather_timeout = 10
# inject_facts_as_vars = True
#roles_path    = /etc/ansible/roles
#host_key_checking = False
host_key_checking = False
#stdout_callback = skippy
#callback_whitelist = timer, mail
#task_includes_static = False
#handler_includes_static = False
#error_on_missing_handler = True
#sudo_exe = sudo
#sudo_flags = -H -S -n

# SSH timeout
#timeout = 10

# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root

# logging is off by default unless this path is defined
# if so defined, consider logrotate
log_path = /var/log/ansible.log

# default module name for /usr/bin/ansible
module_name = shell

# use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh

# if inventory variables overlap, does the higher precedence one win
# or are hash values merged together?  The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace

# by default, variables from roles will be visible in the global variable
# scope. To prevent this, the following option can be enabled, and only
# tasks and handlers within the role will see the variables there
#private_role_vars = yes

# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n

# if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file

# If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line.
#vault_password_file = /path/to/vault_password_file

# format of string {{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
# in some situations so the default is a static string:
#ansible_managed = Ansible managed

#display_skipped_hosts = True
#display_args_to_stdout = False
#error_on_undefined_vars = False
#system_warnings = True
#deprecation_warnings = True
# command_warnings = False

# set plugin path directories here, separate with colons
#action_plugins     = /usr/share/ansible/plugins/action
#cache_plugins      = /usr/share/ansible/plugins/cache
#callback_plugins   = /usr/share/ansible/plugins/callback
#connection_plugins = /usr/share/ansible/plugins/connection
#lookup_plugins     = /usr/share/ansible/plugins/lookup
#inventory_plugins  = /usr/share/ansible/plugins/inventory
#vars_plugins       = /usr/share/ansible/plugins/vars
#filter_plugins     = /usr/share/ansible/plugins/filter
#test_plugins       = /usr/share/ansible/plugins/test
#terminal_plugins   = /usr/share/ansible/plugins/terminal
#strategy_plugins   = /usr/share/ansible/plugins/strategy

#strategy = free
#bin_ansible_callbacks = False
#nocows = 1
#cow_selection = default
#cow_selection = random
#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
#              hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
#              stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
#nocolor = 1
#fact_caching = memory
#For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
#fact_caching_connection=/tmp
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry
#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper

# prevents logging of task data, off by default
#no_log = False

# prevents logging of tasks, but only on the targets, data is still logged on the master/controller
#no_target_syslog = False

# controls whether Ansible will raise an error or warning if a task has no
# choice but to create world readable temporary files to execute a module on
# the remote machine.  This option is False by default for security.  Users may
# turn this on to have behaviour more like Ansible prior to 2.1.x.  See
# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
# for more secure ways to fix this than enabling this option.
#allow_world_readable_tmpfiles = False

# controls the compression level of variables sent to
# worker processes. At the default of 0, no compression
# is used. This value must be an integer from 0 to 9.
#var_compression_level = 9

# controls what compression method is used for new-style ansible modules when
# they are sent to the remote system.  The compression types depend on having
# support compiled into both the controller's python and the client's python.
# The names should match with the python Zipfile compression types:
# * ZIP_STORED (no compression. available everywhere)
# * ZIP_DEFLATED (uses zlib, the default)
# These values may be set per host via the ansible_module_compression inventory
# variable
#module_compression = 'ZIP_DEFLATED'

# This controls the cutoff point (in bytes) on --diff for files
# set to 0 for unlimited (RAM may suffer!).
#max_diff_size = 1048576

# This controls how ansible handles multiple --tags and --skip-tags arguments
# on the CLI.  If this is True then multiple arguments are merged together.  If
# it is False, then the last specified argument is used and the others are ignored.
# This option will be removed in 2.8.
#merge_multiple_cli_flags = True

# Controls showing custom stats at the end, off by default
#show_custom_stats = True

# Controls which files to ignore when using a directory as inventory with
# possibly multiple sources (both static and dynamic)
#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo

# This family of modules use an alternative execution path optimized for network appliances
# only update this setting if you know how this works, otherwise it can break module execution
#network_group_modules=eos, nxos, ios, iosxr, junos, vyos

# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
# jinja2 templating language which will be run through the templating engine.
# ENABLING THIS COULD BE A SECURITY RISK
#allow_unsafe_lookups = False

# set default errors for all plays
#any_errors_fatal = False

[inventory]
# enable inventory plugins, default: 'host_list', 'script', 'yaml', 'ini', 'auto'
#enable_plugins = host_list, virtualbox, yaml, constructed

# ignore these extensions when parsing a directory as inventory source
#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry

# ignore files matching these patterns when parsing a directory as inventory source
#ignore_patterns=

# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
#unparsed_is_failed=False

[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False

[paramiko_connection]

# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered.  Increases performance on new host additions.  Setting works independently of the
# host key checking setting above.
#record_host_keys=False

# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False

# paramiko will default to looking for SSH keys initially when trying to
# authenticate to remote devices.  This is a problem for some network devices
# that close the connection after a key failure.  Uncomment this line to
# disable the Paramiko look for keys function
#look_for_keys = False

# When using persistent connections with Paramiko, the connection runs in a
# background process.  If the host doesn't already have a valid SSH key, by
# default Ansible will prompt to add the host key.  This will cause connections
# running in background processes to fail.  Uncomment this line to have
# Paramiko automatically add host keys.
#host_key_auto_add = True

[ssh_connection]

# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it, -C controls compression use
#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s

# The base directory for the ControlPath sockets.
# This is the "%(directory)s" in the control_path option
#
# Example:
# control_path_dir = /tmp/.ansible/cp
#control_path_dir = ~/.ansible/cp

# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
# port and username (empty string in the config). The hash mitigates a common problem users
# found with long hostames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
# In those cases, a "too long for Unix domain socket" ssh error would occur.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path =

# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
#pipelining = False

# Control the mechanism for transferring files (old)
#   * smart = try sftp and then try scp [default]
#   * True = use scp only
#   * False = use sftp only
#scp_if_ssh = smart

# Control the mechanism for transferring files (new)
# If set, this will override the scp_if_ssh option
#   * sftp  = use sftp to transfer files
#   * scp   = use scp to transfer files
#   * piped = use 'dd' over SSH to transfer files
#   * smart = try sftp, scp, and piped, in that order [default]
#transfer_method = smart

# if False, sftp will not use batch mode to transfer files. This may cause some
# types of file transfer failures impossible to catch however, and should
# only be disabled if your sftp version has problems with batch mode
#sftp_batch_mode = False

# The -tt argument is passed to ssh when pipelining is not enabled because sudo
# requires a tty by default.
#use_tty = True

# Number of times to retry an SSH connection to a host, in case of UNREACHABLE.
# For each retry attempt, there is an exponential backoff,
# so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max).
#retries = 3

[persistent_connection]

# Configures the persistent connection timeout value in seconds.  This value is
# how long the persistent connection will remain idle before it is destroyed.
# If the connection doesn't receive a request before the timeout value
# expires, the connection is shutdown. The default value is 30 seconds.
#connect_timeout = 30

# Configures the persistent connection retry timeout.  This value configures the
# the retry timeout that ansible-connection will wait to connect
# to the local domain socket. This value must be larger than the
# ssh timeout (timeout) and less than persistent connection idle timeout (connect_timeout).
# The default value is 15 seconds.
#connect_retry_timeout = 15

# The command timeout value defines the amount of time to wait for a command
# or RPC call before timing out. The value for the command timeout must
# be less than the value of the persistent connection idle timeout (connect_timeout)
# The default value is 10 second.
#command_timeout = 10

[accelerate]
#accelerate_port = 5099
#accelerate_timeout = 30
#accelerate_connect_timeout = 5.0

# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
#accelerate_daemon_timeout = 30

# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
#accelerate_multi_key = yes

[selinux]
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependent context.
#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p

# Set this to yes to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = yes

[colors]
#highlight = white
#verbose = blue
#warn = bright purple
#error = red
#debug = dark gray
#deprecate = purple
#skip = cyan
#unreachable = red
#ok = green
#changed = yellow
#diff_add = green
#diff_remove = red
#diff_lines = cyan

[diff]
# Always print diff when running ( same as always running with -D/--diff )
# always = no

# Set how many context lines to show in diff
# context = 3


  • Ansible 默认被控主机清单/etc/ansible/hosts
  • ansible 的主要功用在于批量主机操作,为了便捷地使用其中的部分主机,可以在 inventory file 中将其
    分组命名。默认的 inventory file 为/etc/ansible/hosts,inventory file 可以有多个,且也可以通过
    Dynamic Inventory 来动态生成
  • 主机清单文件格式
    inventory 文件遵循 INI 文件风格,中括号中的字符为组名。可以将同一个主机同时归并到多个不同的组中。
    此外, 当如若目标主机使用了非默认的 SSH 端口,还可以在主机名称之后使用冒号加端口号来标明如果
    主机名称遵循相似的命名模式,还可以使用列表的方式标识各主机。如下面的例子:
# websrvs 组的主机清单
[websrvs]
172.20.1.67
172.20.1.68
172.20.1.69

# websrvs 组的主机变量
[websrvs:vars]
web67=172.20.1.67
web68=172.20.1.68
web69=172.20.1.69

# appsrvs 组的主机清单
[appsrvs]
172.20.1.84
172.20.1.86
172.20.1.87

# appsrvs 组的主机变量
[appsrvs:vars]
app84=172.20.1.84
app86=172.20.1.86
app87=172.20.1.87

# dnssrvs 组的主机清单
[dnssrvs]
172.20.1.79
172.20.1.88
172.20.1.89

# dnssrvs 组的主机别名(变量)
[dnssrvs:vars]
dns79=172.20.1.79
dns88=172.20.1.88
dns89=172.20.1.89

4.3 Ansible 附带的工具

  • 安装 Ansible 时会附带一些必要的工具
  • 加粗的工具经常使用,其它不常使用
/usr/bin/ansible主程序,临时命令执行工具
/usr/bin/ansible-doc查看配置文档,模块功能查看工具
/usr/bin/ansible-galaxy下载/上传优秀代码或 Roles 模块的官网平台
/usr/bin/ansible-playbook定制自动化任务,编排剧本工具
/usr/bin/ansible-pull远程执行命令的工具
/usr/bin/ansible-vault文件加密工具
/usr/bin/ansible-console基于 Console 界面与用户交互的执行工具
  • ansible-doc 命令,用来显示个模块的帮助,一般直接跟模块名即可
ansible-doc [options] [module...]
-l, --list          #列出可用模块
-s, --snippet       #显示指定模块的playbook片段
#列出所有模块
ansible-doc -l  
#查看指定模块帮助用法
ansible-doc ping  
#查看指定模块帮助用法
ansible-doc -s  pin

eg:
root@ubuntu1904:~#ansible-doc ping -s
- name: Try to connect to host, verify a usable python and return `pong' on success
  ping:
      data:                  # Data to return for the `ping' return value. If this parameter is set to `crash', the module will cause an exception.

4.4 ansible 命令

  • ansible 命令通过 ssh 协议,实现对远程主机的配置管理、应用部署、任务执行等功能,使用-k 选项来输入
    远程主机的密码。由于每台主机的密码可能不一样。建议:使用此工具前,先配置 ansible 主控端能基于
    密钥认证的方式联系各个被管理节点。如下面的脚本可以实现 ansible 主控机与被控主机基于 Key 验证
    范例:利用 sshpass 批量实现基于 key 验证
#!/bin/bash
#
#*******************************************************************************
#Author:            steveli
#QQ:                1049103823
#Data:              2019-12-08
#FileName:          key_cert.sh
#URL:               https://blog.csdn.net/YouOops
#Description:       Test scrpting.
#Copyright (C):     2019 All rights reserved
#*******************************************************************************
ssh-keygen -f /root/.ssh/id_rsa  -P ''
NET=172.20.1
export SSHPASS=stevenux
for IP in {80..99}; do
    sshpass -e ssh-copy-id  ${NET}.${IP}
done
  • ansible 命令用法

ansible <host-pattern> [ options [-m module_name] [-a args] ]

  • options
--version           #显示版本
-m module           #指定模块,默认为command
-v                  #详细过程 –vv  -vvv更详细
--list-hosts        #显示主机列表,可简写 --list
-k, --ask-pass      #提示输入ssh连接密码,默认Key验证
-C, --check         #检查,并不执行
-T, --timeout=TIMEOUT #执行命令的超时时间,默认10s
-u, --user=REMOTE_USER #执行远程执行的用户
-b, --become        #代替旧版的sudo 切换
--become-user=USERNAME  #指定sudo的runas用户,默认为root
-K, --ask-become-pass  #提示输入sudo时的口令

  • <host-pattern> 用于匹配控制的主机列表,筛选出特定的主机来执行特定任务
模式意义例子
all所有 Inventory 中定义的主机ansible all –m ping
*通配符ansible “*” -m ping
ansible 192.168.1.* -m ping
ansible “websrvss” -m ping
:逻辑或关系ansible “webwebsrvss:appwebsrvss” -m ping
ansible “192.168.1.10:192.168.1.20” -m ping
:&逻辑与关系ansible “webwebsrvss:&dbwebsrvss” –m ping #在 webwebsrvss 组并且在 dbwebsrvss 组中的主机
:!逻辑非关系ansible ‘webwebsrvss:!dbwebsrvss’ –m ping #在 webwebsrvss 组,但不在 dbwebsrvss 组中的主机。 注意:此处为单引号
正则表达式ansible “webwebsrvss:&dbwebsrvss” –m ping
正则表达式ansible “~(web | db).*.magedu.com” –m ping
  • Ansible 实际管理的主要方式有两种

1.Ad-Hoc 方式,即是利用 ansible 命令临时管理的方式
2.Ansible-playbook 命令,用于长期规划好的大型项目使用,需要编写相应的 playbook

  • ansible 命令执行过程
  1. 加载自己的配置文件 默认/etc/ansible/ansible.cfg
  2. 加载自己对应的模块文件,如:command
  3. 通过 ansible 将模块或命令生成对应的临时 py 文件,并将该文件传输至远程服务器的对应执行用户
    $HOME/.ansible/tmp/ansible-tmp-数字/XXX.PY 文件
  4. 给文件加执行权限执行
  5. 执行并返回结果
  6. 删除临时 py 文件,退出
  • ansible 执行后返回状态可以在配置文件自定义/ect/ansible/ansible.cfg
    green:绿色表示执行成功且不需要做改变
    yellow:执行成功并且对被控主机有改动
    red:执行失败
root@ubuntu1904:~#grep -A 15 '\[colors\]' /etc/ansible/ansible.cfg
[colors]
#highlight = white
#verbose = blue
#warn = bright purple
#error = red
#debug = dark gray
#deprecate = purple
#skip = cyan
#unreachable = red
#ok = green
#changed = yellow
#diff_add = green
#diff_remove = red
#diff_lines = cyan
  • ansible 使用范例
#以stevenux用户执行ping存活检测
ansible all -m ping -u stevenux  -k
#以stevenux sudo至root执行ping存活检测
ansible all -m ping -u stevenux -k -b
#以stevenux sudo至mage用户执行ping存活检测
ansible all -m ping -u stevenux -k -b --become-user=mage
#以stevenux sudo至root用户执行ls
ansible all -m command  -u stevenux -a 'ls /root' -b --become-user=root -k -K
  • ansible-galaxy 此工具用来下载网上的 roles
    此工具连接到:galaxy.ansibl.com下载 roles
    下载的 roles 默认放到~/.ansible/roles
#列出所有已安装的galaxy
ansible-galaxy list

#安装galaxy
ansible-galaxy install geerlingguy.redis

root@ubuntu1904:~/.ansible#tree roles/
roles/
└── geerlingguy.redis
    ├── defaults
    │   └── main.yml
    ├── handlers
    │   └── main.yml
    ├── LICENSE
    ├── meta
    │   └── main.yml
    ├── README.md
    ├── tasks
    │   ├── main.yml
    │   ├── setup-Archlinux.yml
    │   ├── setup-Debian.yml
    │   └── setup-RedHat.yml
    ├── templates
    │   └── redis.conf.j2
    ├── tests
    │   ├── README.md
    │   └── test.yml
    └── vars
        ├── Archlinux.yml
        ├── Debian.yml
        └── RedHat.yml

#删除galaxy
ansible-galaxy remove geerlingguy.redis
  • ansible-pull
    此工具会推送 ansible 的命令至远程,效率无限提升,对运维要求较高

  • ansible-playbook
    此工具用于执行编写好的 playbook 任务

  • Playbook 例子

root@ubuntu1904:~#cat .ansible/roles/geerlingguy.redis/tasks/main.yml
---
# Variable setup.
- name: Include OS-specific variables.
  include_vars: "{{ ansible_os_family }}.yml"

- name: Define redis_package.
  set_fact:
    redis_package: "{{ __redis_package }}"
  when: redis_package is not defined

# Setup/install tasks.
- include_tasks: setup-RedHat.yml
  when: ansible_os_family == 'RedHat'

- include_tasks: setup-Debian.yml
  when: ansible_os_family == 'Debian'

- include_tasks: setup-Archlinux.yml
  when: ansible_os_family == 'Archlinux'

- name: Ensure Redis is configured.
  template:
    src: redis.conf.j2
    dest: "{{ redis_conf_path }}"
    mode: 0644
  notify: restart redis

- name: Ensure Redis is running and enabled on boot.
  service: "name={{ redis_daemon }} state=started enabled=yes"
  • ansible-vault
    此工具可以用于加和密解密 yml 文件
    ansible-vault [create|decrypt|edit|encrypt|rekey|view]
    例子:
ansible-vault encrypt hello.yml     #加密
ansible-vault decrypt hello.yml     #解密
ansible-vault view hello.yml        #查看
ansible-vault edit  hello.yml       #编辑加密文件
ansible-vault rekey  hello.yml      #修改口令
ansible-vault create new.yml        #创建新文件
  • ansible-console
    • 此工具可交互执行命令,支持 tab,ansible 2.0+新增的功能
    • 进入交互界面后的提示符格式:
      执行用户@当前操作的主机组 (当前组的主机数量)[f:并发数]$
    • 常用子命令
      设置并发数: forks n 例如: forks 10
      切换组: cd 主机组 例如: cd web
      列出当前组主机列表: list
      列出所有的内置命令: ?或 help
root@ubuntu1904:~#ansible-console
Welcome to the ansible console.
Type help or ? to list commands.

root@all (9)[f:5]$ ls
172.20.1.68 | CHANGED | rc=0 >>
anaconda-ks.cfg
auto_install_mysql_v03.sh
hello.txt
......
oot@all (9)[f:5]$ pwd
172.20.1.67 | CHANGED | rc=0 >>
/root
172.20.1.68 | CHANGED | rc=0 >>
/root
172.20.1.69 | CHANGED | rc=0 >>
/root
......
root@all (9)[f:5]$ list
172.20.1.67
172.20.1.68
172.20.1.69
172.20.1.79
172.20.1.88
172.20.1.89
172.20.1.84
172.20.1.86
172.20.1.87

4.5 Ansible 常用模块使用

常用模块参考

4.5.1 Command 模块

  • 功能: 在远程主机执行命令,此为默认模块,可忽略-m 选项

  • 注意点: 此命令不支持 $VARNAME < > | ; & 等符号和相应功能,用 shell 模块实现

  • 例子:

root@ubuntu1904:~#ansible all -m command -a "echo 'Hello ansibleansible'"
172.20.1.79 | CHANGED | rc=0 >>
Hello ansibleansible

172.20.1.67 | CHANGED | rc=0 >>
Hello ansibleansible

172.20.1.68 | CHANGED | rc=0 >>
Hello ansibleansible

4.5.2 Shell 模块

  • 功能: 和 command 功能类似,使用 shell 来在被控主机执行命令
  • 注意点: 调用 bash 执行命令 类似 cat /tmp/test.md | awk -F‘|’ ‘{print $1,$2}’ &> /tmp/example.txt
    这些复杂命令,即使使用 shell 也可能会失败。解决办法:写到脚本–>copy 到远程主机–>执行;再把
    需要的结果 fetch 回来主控机器。
  • 例子:
root@ubuntu1904:~#ansible all -m shell -a 'ip addr | sed -nr "s#.*(1
72.20.1...).*#\1#p"'
172.20.1.67 | CHANGED | rc=0 >>
172.20.1.67

172.20.1.68 | CHANGED | rc=0 >>
172.20.1.68

172.20.1.84 | CHANGED | rc=0 >>
172.20.1.84

4.5.3 Script 模块

  • 功能: 在本地指定脚本,自动传输到远程执行并返回结果
  • 注意点:
  • 例子:
root@ubuntu1904:~#cat script.sh
#!/bin/bash
echo `ip a | sed -nr 's/inet (172.20.*\/..) .*/\1/p'`

root@ubuntu1904:~#ansible webwebsrvss -m script -a './script.sh'
172.20.1.67 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 172.20.1.67 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 172.20.1.67 closed."
    ],
    "stdout": "172.20.1.67/16\r\n",
    "stdout_lines": [
        "172.20.1.67/16"   # 返回ip地址
    ]
}
172.20.1.68 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 172.20.1.68 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 172.20.1.68 closed."
    ],
    "stdout": "172.20.1.68/16\r\n",
    "stdout_lines": [
        "172.20.1.68/16"
    ]
}
172.20.1.69 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 172.20.1.69 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 172.20.1.69 closed."
    ],
    "stdout": "172.20.1.69/16\r\n",
    "stdout_lines": [
        "172.20.1.69/16"
    ]
}

4.5.4 Copy 模块

  • 功能: 从 ansible 主控端复制文件到远程被控主机
  • 注意点: 文件源在 ansible 主控机,目标是远程被控机
  • 例子:
root@ubuntu1904:~#ansible all -m copy -a 'src=~/script.sh dest=/data/'
172.20.1.67 | CHANGED => {
    "changed": true,
    "checksum": "c3e89fbe08ae1d3edfa22b1c9968abd470ba8e81",
    "dest": "/data/script.sh",
    "gid": 0,
    "group": "root",
    "md5sum": "6a33896eae3ee660a6b0c0bb60a5b326",
    "mode": "0644",
    "owner": "root",
    "size": 67,
    "src": "/root/.ansible/tmp/ansible-tmp-1575851039.0323763-219776225171533/source",
    "state": "file",
    "uid": 0
}
......

# 将文本内容直接在被控机生成文件
root@ubuntu1904:~#ansible all -m copy -a 'content="Hello asible" dest=/data/hello.txt'
172.20.1.87 | CHANGED => {
    "changed": true,
    "checksum": "8754e6aac9f6b9b741c3bdf974e6a33bbc72b321",
    "dest": "/data/hello.txt",
    "gid": 0,
    "group": "root",
    "md5sum": "a131edb4211ac4a39aac74d8a04126f6",
    "mode": "0644",
    "owner": "root",
    "size": 12,
    "src": "/root/.ansible/tmp/ansible-tmp-1575851292.1085637-80128185007427/source",
    "state": "file",
    "uid": 0
}

root@ubuntu1904:~#ansible all -a  'cat /data/hello.txt'
172.20.1.89 | CHANGED | rc=0 >>
Hello asible

172.20.1.67 | CHANGED | rc=0 >>
Hello asible

172.20.1.68 | CHANGED | rc=0 >>
Hello asible

# 拷贝/etc/sysconfig/文件夹下的文件,不包括文件夹本身
root@ubuntu1904:~#ansible all -m copy -a 'src=/etc/sysconfig/ dest=/backup'

4.5.5 Fetch 模块

  • 功能: 从远程被控主机拷贝文件到主控端,与 copy 模块方向相反
  • 注意点: 不支持将远程被控机的问价夹拷贝到主控机
  • 例子:
root@ubuntu1904:~#ansible all -m fetch -a  'src=/data/hello.txt dest=/data/'
172.20.1.87 | CHANGED => {
    "changed": true,
    "checksum": "8754e6aac9f6b9b741c3bdf974e6a33bbc72b321",
    "dest": "/data/172.20.1.87/data/hello.txt",
    "md5sum": "a131edb4211ac4a39aac74d8a04126f6",
    "remote_checksum": "8754e6aac9f6b9b741c3bdf974e6a33bbc72b321",
    "remote_md5sum": null
}
root@ubuntu1904:~#cat /data/172.20.1.67/data/hello.txt
Hello asible

4.5.6 File 模块

  • 功能: 设置远程被控主机的文件、符号链接、文件夹的属性;也可以删除其
  • 注意点: 创建软连接时,目标文件或文件夹是在远程被控主机上,软连接也是位于远程主机
  • 例子:
# 创建文件
root@ubuntu1904:~#ansible all -m file -a 'path=/data/hello.txt state=touch'
# 删除文件
root@ubuntu1904:~#ansible all -m file -a 'path=/data/hello.txt state=absent'
# 修改文件属主和权限
root@ubuntu1904:~#ansible all -m file -a 'path=/data/hello.txt owner=steve mode=0700'
# 创建文件夹
root@ubuntu1904:~#ansible all -m file -a 'path=/data/dir state=directory mode=0700'
# 为远程主机某个文件创建文件夹
root@ubuntu1904:~#ansible all -m file -a 'src=/data/hello.txt dest=/data/hello-link state=link'

4.5.7 unarchive 模块

  • 功能: 将打包压缩的文件解压缩
  • 注意点: 参数 copy=yes 表示将 ansible 主控机的打包压缩文件传输到远程被控机再解压缩;copy=no 表示
    直接将远程主机某个压缩包解压缩。
  • 常用参数:
    • copy:默认为 yes,当 copy=yes,拷贝的文件是从 ansible 主机复制到远程主机上,如果设置为
      copy=no,会在远程主机上寻找 src 源文件
    • remote_src:和 copy 功能一样且互斥,yes 表示在远程主机,不在 ansible 主机,no 表示文件在
      ansible 主机上;官方更推荐使用 remote_src 参数代替 copy 参数
    • src:源路径,可以是 ansible 主机上的路径,也可以是远程主机上的路径,如果是远程主机上的路
      径,则需要设置 copy=no
    • dest:远程主机上的目标路径
    • mode:设置解压缩后的文件权限
  • 例子:
root@ubuntu1904:~#ansible all -m unarchive -a 'src=/data/bar.tar.gz dest=/var/lib/bar'
root@ubuntu1904:~#ansible all -m unarchive -a 'src=/data/bar.zip dest=/data copy=no mode=0700'
root@ubuntu1904:~#ansible all -m unarchive -a 'src=https://suosuoli.cn/god-of-editor.pdf.zip dest=/data'

4.5.8 Archive 模块

  • 功能: 打包压缩,和 unarchive 方向相反。默认,该模块认为压缩的源文件在远程被控主机。
    压缩后指定remove=True可以删除源文件。
  • 注意点:
  • 例子:
root@ubuntu1904:~#ansible all -m archive  -a 'path=/data/ dest=/data/dir.tar.bz2 format=bz2 mode=0700'
172.20.1.87 | CHANGED => {
    "archived": [],
    "arcroot": "/data/",
    "changed": true,
    "dest": "/data/dir.tar.bz2",
    "expanded_exclude_paths": [],
    "expanded_paths": [
        "/data/"
    ],
    "gid": 0,
    "group": "root",
    "missing": [],
    "mode": "0700",
    "owner": "root",
    "size": 115,
    "state": "file",
    "uid": 0
}
......
root@ubuntu1904:~#ansible all -m fetch -a 'src=/data/dir.tar.bz2 dest=/data'
172.20.1.87 | CHANGED => {
    "changed": true,
    "checksum": "e74d1ab8aad31d62cacad3a65a2a0ccc5623871c",
    "dest": "/data/172.20.1.87/data/dir.tar.bz2",
    "md5sum": "706f8ee46597a3c62e6c4597f37739a5",
    "remote_checksum": "e74d1ab8aad31d62cacad3a65a2a0ccc5623871c",
    "remote_md5sum": null
}
......
oot@ubuntu1904:~#ll /data/172.20.1.87/data/
total 8
-rwx------ 1 root root 116 Dec  9 09:04 dir.tar.bz2
-rw-r--r-- 1 root root  12 Dec  9 08:35 hello.txt

4.5.9 Hostname 模块

  • 功能: hostname 模块用来管理主机名
  • 注意点:
  • 例子:
root@ubuntu1904:~#ansible webwebsrvss -m hostname -a 'name=webhost'
172.20.1.69 | CHANGED => {
    "ansible_facts": {
        "ansible_domain": "",
        "ansible_fqdn": "webhost",
        "ansible_hostname": "webhost",
        "ansible_nodename": "webhost"
    },
    "changed": true,
    "name": "webhost"
}
172.20.1.67 | CHANGED => {
    "ansible_facts": {
        "ansible_domain": "",
        "ansible_fqdn": "webhost",
        "ansible_hostname": "webhost",
        "ansible_nodename": "webhost"
    },
    "changed": true,
    "name": "webhost"
}
172.20.1.68 | CHANGED => {
    "ansible_facts": {
        "ansible_domain": "",
        "ansible_fqdn": "webhost",
        "ansible_hostname": "webhost",
        "ansible_nodename": "webhost"
    },
    "changed": true,
    "name": "webhost"
}
root@ubuntu1904:~#ansible webwebsrvss  -a 'hostname'
172.20.1.68 | CHANGED | rc=0 >>
webhost

172.20.1.69 | CHANGED | rc=0 >>
webhost

172.20.1.67 | CHANGED | rc=0 >>
webhost

4.5.10 Cron 模块

  • 功能: 管理和删除计划任务
  • 注意点:
  • 例子:
#备份数据库脚本
[root@centos8 ~]#cat mysql_backup.sh
mysqldump -A -F --single-transaction --master-data=2 -q -uroot |gzip >
/data/mysql_`date +%F_%T`.sql.gz
#创建任务
ansible 192.168.39.28 -m cron -a 'hour=2 minute=30 weekday=1-5 name="backup
mysql" job=/root/mysql_backup.sh'
ansible websrvs   -m cron -a "minute=*/5 job='/usr/sbin/ntpdate 172.20.0.1
&>/dev/null' name=Synctime"
#禁用计划任务
ansible websrvs   -m cron -a "minute=*/5 job='/usr/sbin/ntpdate 172.20.0.1
&>/dev/null' name=Synctime disabled=yes"
#启用计划任务
ansible websrvs   -m cron -a "minute=*/5 job='/usr/sbin/ntpdate 172.20.0.1
&>/dev/null' name=Synctime disabled=no"
#删除任务
ansible websrvs -m cron -a "name='backup mysql' state=absent"
ansible websrvs -m cron -a ‘state=absent name=Synctime’  

4.5.11 Yum 模块

  • 功能: 使用 yum 安装、升级、降级、删除和列出软件包。
  • 注意点: 该软件包只适用于 python2,如果需要 python3 的支持,使用 dnf 模块
  • 例子:
# 安装
root@ubuntu1904:~#ansible webwebsrvss -m yum -a 'name=nginx state=present'
# 删除
root@ubuntu1904:~#ansible webwebsrvss -m yum -a 'name=nginx state=absent'

4.5.12 Service 模块

  • 功能: 控制远程被控机的服务。支持 init 启动服务的系统(包括 BSD init,OpenRC,SysV,
    Solaris SMF,systemd,upstart)。
  • 注意点:
  • 例子:
root@ubuntu1904:~#ansible webwebsrvss -m service -a 'name=httpd state=started enabled=yes'
root@ubuntu1904:~#ansible webwebsrvss -m service -a 'name=httpd state=stopped'
root@ubuntu1904:~#ansible webwebsrvss -m service -a 'name=httpd state=reloaded'
root@ubuntu1904:~#ansible webwebsrvss -m service -a 'name=httpd state=restarted'

4.5.13 User 模块

  • 功能: 管理用户账号和属性
  • 注意点:
  • 例子:
# 创建系统用户nginx
root@ubuntu1904:~#ansible webwebsrvss -m user -a 'name=nginx  groups="root,daemon" system=yes shell=/sbin/nologin createhome=no home=/data/nginx non_unique=yes'
172.20.1.67 | CHANGED => {
    "changed": true,
    "comment": "",
    "create_home": false,
    "group": 995,
    "groups": "root,daemon",
    "home": "/data/nginx",
    "name": "nginx",
    "shell": "/sbin/nologin",
    "state": "present",
    "system": true,
    "uid": 995
}
172.20.1.69 | CHANGED => {
    "changed": true,
    "comment": "",
    "create_home": false,
    "group": 992,
    "groups": "root,daemon",
    "home": "/data/nginx",
    "name": "nginx",
    "shell": "/sbin/nologin",
    "state": "present",
    "system": true,
    "uid": 994
}
172.20.1.68 | CHANGED => {
    "changed": true,
    "comment": "",
    "create_home": false,
    "group": 995,
    "groups": "root,daemon",
    "home": "/data/nginx",
    "name": "nginx",
    "shell": "/sbin/nologin",
    "state": "present",
    "system": true,
    "uid": 995
}
# 删除用户
root@ubuntu1904:~#ansible webwebsrvss -m user -a 'name=nginx state=absent remove=yes'
172.20.1.69 | CHANGED => {
    "changed": true,
    "force": false,
    "name": "nginx",
    "remove": true,
    "state": "absent",
    "stderr": "userdel: nginx mail spool (/var/spool/mail/nginx) not found\nuserdel: nginx home directory (/data/nginx) not found\n",
    "stderr_lines": [
        "userdel: nginx mail spool (/var/spool/mail/nginx) not found",
        "userdel: nginx home directory (/data/nginx) not found"
    ]
}
......

4.5.14 Group 模块

  • 功能: 管理用户组
  • 注意点:
  • 例子:
# 创建组
root@ubuntu1904:~#ansible webwebsrvss -m group -a 'name=nginx gid=123 state=present system=yes'
172.20.1.69 | CHANGED => {
    "changed": true,
    "gid": 123,
    "name": "nginx",
    "state": "present",
    "system": true
}
172.20.1.67 | CHANGED => {
    "changed": true,
    "gid": 123,
    "name": "nginx",
    "state": "present",
    "system": true
}
172.20.1.68 | CHANGED => {
    "changed": true,
    "gid": 123,
    "name": "nginx",
    "state": "present",
    "system": true
}
root@ubuntu1904:~#ansible webwebsrvss -a 'getent group nginx'
172.20.1.69 | CHANGED | rc=0 >>
nginx:x:123:

172.20.1.68 | CHANGED | rc=0 >>
nginx:x:123:

172.20.1.67 | CHANGED | rc=0 >>
nginx:x:123:

# 删除组
root@ubuntu1904:~#ansible webwebsrvss -m group -a 'name=nginx state=absent'

4.5.15 Setup 模块

  • 功能: setup 模块会手机远程被控主机的详细信息,其自带的记录远程主机的变量可以用于 playbook
  • 注意点:
  • 例子:
root@ubuntu1904:~#ansible webwebsrvss -m setup
172.20.1.67 | SUCCESS => {
    "ansible_facts": {
        "ansible_all_ipv4_addresses": [
            "172.20.1.67"
        ],
        "ansible_all_ipv6_addresses": [
            "fe80::4d59:6b61:25f9:d67d"
        ],
        "ansible_apparmor": {
            "status": "disabled"
        },
......
root@ubuntu1904:~#ansible websrvs -m setup -a "filter=ansible_nodename"
root@ubuntu1904:~#ansible websrvs -m setup -a "filter=ansible_hostname"
root@ubuntu1904:~#ansible websrvs -m setup -a "filter=ansible_domain"
root@ubuntu1904:~#ansible websrvs -m setup -a "filter=ansible_memtotal_mb"
root@ubuntu1904:~#ansible websrvs -m setup -a "filter=ansible_memory_mb"
root@ubuntu1904:~#ansible websrvs -m setup -a "filter=ansible_memfree_mb"
root@ubuntu1904:~#ansible websrvs -m setup -a "filter=ansible_os_family"
root@ubuntu1904:~#ansible websrvs -m setup -a "filter=ansible_distribution_major_version"
root@ubuntu1904:~#ansible websrvs -m setup -a "filter=ansible_distribution_version"
root@ubuntu1904:~#ansible websrvs -m setup -a "filter=ansible_processor_vcpus"
root@ubuntu1904:~#ansible websrvs -m setup -a "filter=ansible_all_ipv4_addresses"
root@ubuntu1904:~#ansible websrvs -m setup -a "filter=ansible_architecture"

# 一些比较有用的参数
{{ ansible_default_ipv4.address }}
{{ansible_distribution}}
{{ansible_distribution_major_version}}
{{ansible_fqdn}}
{{ansible_hostname}}
{{ansible_machine}}
{{ansible_memtotal_mb}}
{{ansible_memory_mb.nocache.free}}
{{ansible_memory_mb.nocache.used}}
{{ansible_memory_mb.real.total}}
{{ansible_memory_mb.real.free}}
{{ansible_memory_mb.real.used}}
{{ansible_service_mgr}}
{{ansible_processor_cores}}
{{ansible_processor_count}}
{{ansible_processor_threads_per_core}}
{{ansible_pkg_mgr}}

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:/a/80136.html

如若内容造成侵权/违法违规/事实不符,请联系我们进行投诉反馈qq邮箱809451989@qq.com,一经查实,立即删除!

相关文章

python+django+mysql项目实践五(信息搜索)

python项目实践 环境说明: Pycharm 开发环境 Django 前端 MySQL 数据库 Navicat 数据库管理 信息搜素 输入内容进行搜索,内容有文本类和时间类 文本类需要模糊搜索,包含即检索 时间类需要选取时间范围内的内容 views 利用Q完成对指定内容的检索 检索后按检索内容更新…

RabbitMq-发布确认高级(避坑指南版)

在初学rabbitMq的时候&#xff0c;伙伴们肯定已经接触到了“发布确认”的概念&#xff0c;但是到了后期学习中&#xff0c;会接触到“springboot”中使用“发布确认”高级的概念。后者主要是解决什么问题呢&#xff1f;或者是什么样的场景引出这样的概念呢&#xff1f; 在生产环…

postgresql 分组

postgresql 数据汇总 分组汇总聚合函数注意 总结 分组统计总结 高级分组总结 分组汇总 聚合函数 聚合函数&#xff08;aggregate function&#xff09;针对一组数据行进行运算&#xff0c;并且返回单个结果。PostgreSQL 支持以下常见的聚合函数&#xff1a; • AVG - 计算一…

SpringCloud实用篇7——深入elasticsearch

目录 1 数据聚合1.1 聚合的种类1.2 DSL实现聚合1.2.1 Bucket聚合语法1.2.2 聚合结果排序1.2.3 限定聚合范围1.2.4 Metric聚合语法1.2.5.小结 1.3 RestAPI实现聚合1.3.1 API语法1.3.2 业务需求1.3.3 业务实现 2 自动补全2.1 拼音分词器2.2 自定义分词器2.3 自动补全查询2.4 实现…

C++ STL关联式容器(详解)

STL关联式容器 C STL关联式容器是什么&#xff1f; 在《C STL容器》一节中讲到&#xff0c;C 容器大致分为 2 类&#xff0c;即序列式容器和关联式容器。其中&#xff0c;序列式容器&#xff08;包括 array、vector、list、deque 和 forward_list&#xff09;已经在前面章节中…

Golang使用MinIO

最近在使用Golang做了一个网盘项目&#xff08;学习&#xff09;&#xff0c;文件存储一直保存在本地&#xff08;各厂商提供的oss贵&#xff09;&#xff0c;所以就在思考怎么来处理这些文件&#xff0c;类似的方案很对hdfs、fastdfs&#xff0c;但这其中MinIO是最近几年比较火…

【Django】Task1安装python环境及运行项目

【Django】Task1安装python环境及运行项目 写在最前 8月份Datawhale组队学习&#xff0c;在这个群除我佬的时代&#xff0c;写一下blog记录学习过程。 参考资源&#xff1a; 学习项目github&#xff1a;https://github.com/Joe-2002/sweettalk-django4.2 队长博客&#xff1a…

windows权限维持—SSPHOOKDSRMSIDhistorySkeletonKey

windows权限维持—SSP&HOOK&DSRM&SIDhistory&SkeletonKey 1. 权限维持介绍1.1. 其他 2. 基于验证DLL加载—SPP2.1. 操作演示—临时生效2.1.1. 执行命令2.1.2. 切换用户 2.2. 操作演示—永久生效2.2.1. 上传文件2.2.2. 执行命令2.2.3. 重启生效 2.3. 总结 3. 基…

k8s的pv和pvc创建

//NFS使用PV和PVC 1、配置nfs存储 2、定义PV 实现 下图的pv和pvc测试 pv的定义 这里定义5个PV&#xff0c;并且定义挂载的路径以及访问模式&#xff0c;还有PV划分的大小 vim /pv.yamlapiVersion: v1 kind: PersistentVolume metadata:name: pv001 spec:capacity:storage: …

私密数据采集:隧道爬虫IP技术的保密性能力探究

作为一名专业的爬虫程序员&#xff0c;今天要和大家分享一个关键的技术&#xff0c;它能够为私密数据采集提供保密性能力——隧道爬虫IP技术。如果你在进行敏感数据采集任务时需要保护数据的私密性&#xff0c;那么这项技术将是你的守护神。 在进行私密数据采集任务时&#xff…

【制作npm包4】api-extractor 学习

制作npm包目录 本文是系列文章&#xff0c; 作者一个橙子pro&#xff0c;本系列文章大纲如下。转载或者商业修改必须注明文章出处 一、申请npm账号、个人包和组织包区别 二、了解 package.json 相关配置 三、 了解 tsconfig.json 相关配置 四、 api-extractor 学习 五、npm包…

Fluent-MyBatis

Fluent-MyBatis Fluent-MyBatis 简介 何为 Fluent Mybatis&#xff1f; Fluent Mybatis, 是一款 Mybatis 语法增强框架, 综合了 Mybatis Plus, Dynamic SQL, JPA 等框架特性和优点 Fluent-MyBatis 开源地址 Fluent-MyBatis 原理 Fluent-MyBatis 原理是利用 annotation pro…

【IMX6ULL驱动开发学习】08.马达驱动实战:驱动编写、手动注册平台设备和设备树添加节点信息

目录 一、使用设备树 1.1 修改设备树流程 二、手动创建平台设备 三、总结&#xff08;附驱动程序&#xff09; 前情提要&#xff1a;​​​​​​​【IMX6ULL驱动开发学习】07.驱动程序分离的思想之平台总线设备驱动模型和设备树_阿龙还在写代码的博客-CSDN博客 手动注册…

爬虫逆向实战(五)--猿人学第三题

一、数据接口分析 主页地址&#xff1a;猿人学第三题 1、抓包 通过抓包可以发现数据接口是api/match/3 2、判断是否有加密参数 请求参数是否加密&#xff1f; 无请求头是否加密&#xff1f; 无响应是否加密&#xff1f; 无cookie是否加密&#xff1f; 无 二、发送请求 …

什么是闭包(closure)?为什么它在JavaScript中很有用?

聚沙成塔每天进步一点点 ⭐ 专栏简介⭐ 闭包&#xff08;Closure&#xff09;是什么&#xff1f;⭐ 闭包的用处⭐ 写在最后 ⭐ 专栏简介 前端入门之旅&#xff1a;探索Web开发的奇妙世界 记得点击上方或者右侧链接订阅本专栏哦 几何带你启航前端之旅 欢迎来到前端入门之旅&…

基于安防监控EasyCVR视频汇聚融合技术的运输管理系统的分析

一、项目背景 近年来&#xff0c;随着物流行业迅速发展&#xff0c;物流运输费用高、运输过程不透明、货损货差率高、供应链协同能力差等问题不断涌现&#xff0c;严重影响了物流作业效率&#xff0c;市场对于运输管理数字化需求愈发迫切。当前运输行业存在的难题如下&#xf…

架构师必备--高可用高性能分布式数据库Tidb安装部署实践

本文针对分布式、高可用的tidb数据库&#xff0c;从搭建实际生产环境的集群服务&#xff0c;介绍下tidb的安装流程、安装前的环境检测和系统优化、服务访问等方面介绍下具体的流程&#xff0c;希望对大家熟悉和了解tidb数据库有所帮助&#xff0c;减少不必要的弯路。 1.概述 …

基于WebSocket的在线文字聊天室

与Ajax不同&#xff0c;WebSocket可以使服务端主动向客户发送响应&#xff0c;本案例就是基于WebSocket的一个在线聊天室&#xff0c;不过功能比较简单&#xff0c;只能满足文字交流。演示如下。 案例学习于b站up主&#xff0c;链接 。这位up主讲的非常清楚&#xff0c;值得去学…

(黑客)自学

一、前言&#xff1a; 1.这是一条坚持的道路,三分钟的热情可以放弃往下看了. 2.多练多想,不要离开了教程什么都不会了.最好看完教程自己独立完成技术方面的开发. 3.有时多 google,baidu,我们往往都遇不到好心的大神,谁会无聊天天给你做解答. 4.遇到实在搞不懂的,可以先放放,以…

Java多态详解(1)

多态 多态的概念 所谓多态&#xff0c;通俗地讲&#xff0c;就是多种形态&#xff0c;具体点就是去完成某个行为&#xff0c;当不同的对象去完成时会产生出不同的状态。 比如&#xff1a; 这一时间爆火的“现代纪录片”中&#xff0c;麦克阿瑟总是对各种“名人”有不同的评价&…