文章目录
- Ansible介绍
- 核心组件
- 任务执行方式
- 实验前的准备
- 更新拓展安装包仓库
- 在ansible主机上配置ip与主机名的对应关系
- 生成密钥对
- 将公钥发送到被管理端,实现免密登录
- 测试一下是否实现免密登录
- 常用工具
- ansible
- ansible—doc
- ansible—playbook
- 主要配置文件
- Ansible 模块
- 配置主机清单
- 配置主配置文件(默认可以不改)
- Ansible的执行状态
- Ansible常用模块
- ping模块
- group模块
- 查看group模块的用法
- 实例:对node1主机组的成员(即server1)创建一个ID为111、名称为IT的组
- 创建一个gid已经存在的组
- 删除刚刚创建的组
- user模块
- 查看user模块的用法
- 实例:在主机组node1(server1)上创建一个系统用户zs,家目录为/home/zhangsan,uid为111,附加组为IT,以及给一个注释
- 删除刚刚的用户zs
- command模块
- 查看command模块的使用
- 实例
- 1.在所有服务器上创建文件
- 2.在所有服务器上查询所有以`_test`结尾的文件
- 3.删除刚刚创建的/root/command_test
- shell模块
- 实例
- script模块
- 参数说明
- 实例
- copy模块
- 参数解释
- 实例:将本地/root目录下的文件复制到目标服务器,并改名
- 将本地文件复制到目标服务器,并指定属组和属主
- 传输文件时修改权限信息
- 创建一个文件并直接编辑
- file模块
- 查看参数说明
- 创建目录(指定属组属主以及权限)
- 创建文件
- 删除目录/文件
- 创建软连接
- 创建硬链接
- yum模块
- 查看参数
- service模块
- setup模块
- Selinux模块
- 参数
Ansible介绍
- 通过一个机器控制若干个机器
- 机器间通过ssh协议传送指令
- 基于模块部署,ansible仅提供框架
核心组件
| 组件 | 功能 |
|---|---|
| Ansible | 核心程序 |
| Host Inventory | 记录由ansible管理的主机信息(包括端口、密码、IP等) |
| Playbook | 存放多个任务的yaml格式文件,定义主机需要调用哪些模块完成功能 |
| Core Modules | 通过调用核心模块完成ansible任务 |
| Custom Modules | 完成核心模块不支持的功能 |
| Connetion Plugins | 用于主机和远程服务器的连接 |
任务执行方式
-
点对点
- 使用单个模块,支持批量执行单条命令
- 一般用于可快速执行的操作
- 如对大量服务器执行shell或某个Linux命令
-
剧本模式
- 通过编写yaml文件组合多个任务(task)
- 适用需要执行较为复杂的命令
- 如对大量服务器配置Nginx的网站服务
实验前的准备
三台机器
| 主机名及作用 | IP |
|---|---|
| ansile(ansible主机) | 192.168.28.88 |
| server1 | 192.168.28.66 |
| server2 | 192.168.28.77 |
| 可以再加几台模拟大场景 | 192.168.28.x |
更新拓展安装包仓库
yum -y install epel-release
在ansible主机上配置ip与主机名的对应关系
# vim /etc/hosts
.....
192.168.28.66 server1
192.168.28.77 server2
.....
生成密钥对
# ansible主机上执行
ssh-keygen -P "" -t rsa # 注意这里的P是大写
将公钥发送到被管理端,实现免密登录
ssh-copy-id -i /root/.ssh/id_rsa.pub root@server1
ssh-copy-id -i /root/.ssh/id_rsa.pub root@server2
ssh-copy-id -i /root/.ssh/id_rsa.pub root@server3
测试一下是否实现免密登录
ssh root@server1
exit
ssh root@server2
exit
常用工具
ansible
常用于执行临时命令
ansible—doc
常用于模块功能的查询
ansible—playbook
角色目录(剧本)
主要配置文件
/etc/ansible.cfg:主配置文件/etc/ansible/hosts:主机清单文件/etc/ansible/roles:角色目录
Ansible 模块
配置主机清单
编辑/etc/ansible/hosts文件,在最后面加上被管理端
vim /etc/ansible/hosts
····
····繁杂的注释····
····
[all_servers] # 这部分没配置主机与IP地址的对应关系时应填写服务器IP
server1 # 如192.168.28.66
server2 # 如192.168.28.77
[node1] # ansible靠方框里的名称识别服务器
server1
[node2]
server2
server1
[node3]
server2
server3
配置主配置文件(默认可以不改)
编辑/etc/ansible/ansible.cfg
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts # 定义主机清单文件的位置
#library = /usr/share/my_modules/ # 定义库文件的存放位置
#remote_tmp = ~/.ansible/tmp # 临时文件的远程存放目录
#local_tmp = ~/.ansible/tmp # 临时文件的本地存放目录
#sudo_user = root # 默认超级用户
#transport = smart # 默认传输选项,smart选项自动选择合适的传输机制
#remote_port = 22 # 传输端口
Ansible的执行状态
- 绿色——>执行成功且不需要做改变的操作
- 黄色——>执行成功但对目标主机做变更
- 红色——>执行失败
- 粉色——>触发警告
- 蓝色——>显示ansible命令的执行过程
Ansible常用模块
ping模块
测试与主机的联通性
例子
ansible -m ping all_servers
server2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
# "success"表示Ansible成功执行了任务
# "ansible_facts"为一个字典,包含ansible任务执行期间收集到的所有事实
# "discovered_interpreter_python" 一个事实,指定目标主机上的python解释器目录为 "/usr/bin/python"
# "changed": false 表示没有对主机进行任何更改
# "ping": "pong",一个简单的回应,结果为pong,表示与目标主机连接正常
我们再把server1关掉试试
ansible -m ping all_servers
显示 server1不可达,并且显示红色
group模块
用于创建和修改用户组
查看group模块的用法
ansible-doc -s group
在这里插入图片描述
gid #设置用户组ID
name #设置组名称
state #设置组状态,默认为创建,设置为absent为删除
system #设置为yes表示创建系统组
实例:对node1主机组的成员(即server1)创建一个ID为111、名称为IT的组
ansible -m group -a "name=IT gid=111 system=yes" node1
我们将上面的命令再执行一遍
发现结果由黄色变成了绿色的,这说明ansible具有幂等性,一种操作多次重复执行结果相同
我们到server1上看看 有没有成功
# 查看server1的组的后五行数据
tail -n 5 -f /etc/group
# 或者cat /etc/group
创建一个gid已经存在的组
ansible -m group -a "name=false gid=1000 system=yes" node1
创建失败,并且返回msg"GID1000已经存在"
删除刚刚创建的组
ansible node1 -m group -a 'name=IT state=absent'
user模块
用于对用户的创建,修改以及删除操作
查看user模块的用法
ansible-doc -s user
comment # 用户的描述信息
create_home # 是否创建家目录
force # 在使用state=absent时,与usrdel --force作用一致
group # 指定基本组
home # 指定用户家目录
name # 指定用户名
password # 指定用户密码
state # 指定用户状态,state=absent表示删除系统中的用户,但不删除家目录
remove # 使用state=absent时,搭配使用remove=yes以删除用户家目录及邮件池
shell # 指定默认shell
state # 指定帐号状态,不指定为创建,指定为absent表示删除
system # 创建用户并设置为系统用户
uid # 指定用户的uid
upgrade_password # 更新用户密码
expires # 指明密码的过期时间
实例:在主机组node1(server1)上创建一个系统用户zs,家目录为/home/zhangsan,uid为111,附加组为IT,以及给一个注释
ansible node1 -m user -a "system=yes name=zs home=/home/zhangsan uid=111 group=IT comment='秃头张三'"
我们发现报错啦
"msg": "Group IT does not exist"
组不存在?想想,咱们刚刚确实把他删啦,那我们就用user组好了
ansible node1 -m user -a "system=yes name=zs home=/home/zhangsan uid=111 group=user comment='秃头张三'"
这回该成功了吧
到server1再看看
tail -n -10 -f /etc/passwd
user:x:1000:1000:user:/home/user:/bin/bash
zs:x:111:1000:秃头张三
不行,题目要求的是附加组,那我们要用groups=IT
ansible -m group -a "name=IT gid=111 system=yes" node1
ansible node1 -m user -a "system=yes name=zs home=/home/zhangsan uid=111 groups=IT group=user comment='秃头张三'"
这不就好了吗
注意属组
group和附属组groups的区别我们可以发现passwd文件中是按照
用户名:权限:附属组:属组的顺序来进行的
删除刚刚的用户zs
ansible node1 -m user -a "name=zs state=absent remove=yes"
command模块
- Ansible默认使用模块,在远程服务器执行命令
- 不支持shell特性(不支持管道,变量及重定向)
- 适用于执行简单、直接的命令
查看command模块的使用
ansible-doc -s command
cmd # (必需)要执行的命令
create # 当指定的文件或目录存在时,不执行命令
removes # 当指定的文件或目录不存在时,不执行命令
chdir # 在执行命令前要切换到的目录
f # 控制同一时间内并发执行的任务数,默认为5
实例
1.在所有服务器上创建文件
ansible all_servers -a "touch /root/command_test"
# -m command 为默认模块,可缺省
我们再指定command模块执行一次
ansible all_servers -m command -a "touch /root/command_test"
结果还是执行了,并且是changed状态,这就说明command模块不是幂等的,系统发出警告建议我们用file模块来创建
2.在所有服务器上查询所有以_test结尾的文件
ansible -a "find / -name '*_test' " all_servers
3.删除刚刚创建的/root/command_test
ansible -a "rm -r /root/command_test" all_servers
ansible -a "find / -name 'command_test' " all_servers
虽然没找到,但是还是显示changed,毕竟执行过find命令嘛,咱理解一下笨蛋模块
shell模块
- 在远程主机上用shell解释器执行bash命令
- 相比于command命令,支持性好一些
- 对于复杂的命令考虑写入脚本,利用script脚本发送到远程主机来执行
实例
ansible -m shell -a"find / -name ifcfg*|grep ens33" all_servers
# shell模块支持管道符
script模块
发送脚本到远程主机上执行
参数说明
chdir # 指定远程主机中的目录,执行脚本前会先进入该目录
create # 当指定的文件存在时,不执行命令
removes # 当指定的文件不存在时,不执行命令
实例
vim sc_test.sh
#! /bin/bash
for i in {0..5}
do
mkdir -p /root/script_test
touch /root/script_test/${i}.txt
done
ansible -m script -a "/root/sc_test,sh" node2
再分别进入server1和server2看看
ssh root@server1
ls&&cd script_test&&ls
# 先查看当前目录(root目录)内容,再进入script_test目录查看其中内容
copy模块
复制文件到目标组中
参数解释
ansible-doc -s copy
backup # 在覆盖之前,将源文件备份,备份文件包含时间信息
content # 用于替代src,直接设定指定文件的值
dest # 目的主机存放文件的位置,必填
mode # 递归设定文件的权限,默认为属主可读可写、其他用户仅可读。可手动指定为777
force # 强制覆盖目的文件内容,默认为yes
others # 所有的file模块里的选项都可以使用
src # 被复制的本地文件路径,路径为目录,则递归复制
ansible -m copy -a "src=/本地文件路径 dest=/远程文件的路径 " 执行的主机组
实例:将本地/root目录下的文件复制到目标服务器,并改名
ansible node1 -m copy -a "src=/root/centos7.tar.gz dest=/root/centos.tar.gz"
我们到node1对应的server1看看
将本地文件复制到目标服务器,并指定属组和属主
我们先创建一个用户李四(lisa)和组ansible
ansible node1 -m group -a 'name=ansible system=yes' # 创建ansible组
ansible node1 -m user -a "name=lisa system=yes home=/home/lisa password=1" # 创建用户lisa并指定密码和家目录
echo "i'am lisa">hello_lisa.txt
将创建的txt文件传输到目标主机的/home/lisa目录下,并指定属主为lisa,属组为ansible
ansible -m copy node1 -a "src=/root/hello_lisa.txt dest=/home/lisa owner=lisa group=ansible"
cd /home/lisa&&cat hello_lisa.txt&&ll
传输文件时修改权限信息
ansible -m copy node1 -a "src=/root/hello_lisa.txt dest=/home/lisa/hello2.txt mode=777"
我们再到server1上看看
创建一个文件并直接编辑
ansible -m copy -a "content='hello lisa\n!' dest=/home/lisa/hello_test " node1
file模块
对文件进行操作
查看参数说明
ansible-doc -s file
force # 两种情况下需要强制创建软连接
# 一种是源文件不存在,但在之后会创建;另一种是目标软连接已存在,需要先取消之前的软链,创建新的软链
#选项 yes|no
group # 定义属组
mode # 定义权限
owner # 定义属主
path # 定义文件(或目录)路径
recurse # 递归设置目录的属性
src # 被链接的源文件路径,只用于state=link的情况
dest # 被链接到的路径,只用于state=link的情况
几种文件的state
absent # 删除文件
directory # 目录不存在则创建目录
file # 检测文件是否存在,即使不存在,也不会被创建
link # 创建软链接
hard # 创建硬链接
touch # 如果文件不存在则创建;文件已存在则更新修改时间
创建目录(指定属组属主以及权限)
ansible -m file -a "path=/root/test_directory owner=root group=root mode=644 state=directory" node3
创建文件
ansible -m file -a "path=/root/test_file owner=root group=root mode=644 state =touch"
删除目录/文件
ansible -m file -a "path=/root/test_file state=absent" node3
ansible -m file -a "path=/root/test_directory state=absent" node3
ansible -m file -a "path=/root/script_test state=absent" node3
测试script模块时用的是node1(server1和server2),所以server3本身就没有script_test目录
创建软连接
ansible -m file -a "src=/root/test11 dest=/root/test22 state=link" node1
报错,refusing covert from directory to symlink for /root/test22。字面上看,操作试图将目录转换为符号链接,但是操作系统拒绝了这种转换。这是由于我们已经创建了目录test22了,以至于无法将其覆盖,从而报错
我们直接用上面的ansible指令删除这个不应该存在的目录
ansible -m file node1 -a "path=/root/test22 state=absent"
ansible -m file -a "src=/root/test11 dest=/root/test22 state=link" node1
ssh root@server1
ll
创建硬链接
我们先在节点上做准备
ansible -m shell -a "cat /root/test.sh" node1
# 查看在server1上创建好的用于被链接的sh文件
ansible -m file -a "src=/root/test.sh dest=/root/test3 state=hard" node1
ansible -m shell -a "ls -l" node1
# 我们可以看到多了一个链接下面的图是原始的文件状态
yum模块
用于yum方式安装服务
查看参数
ansible-doc -s yum >> yum.txt&&cat yum.txt
conf_file # 设定远程yum安装时所依赖的配置文件。如配置文件没有在默认的位置。
disable_gpg_check # 是否禁止GPG checking,只用于`present' or `latest'。
disable repo # 临时禁止使用yum库。 只用于安装或更新时。
enable repo # 临时使用的yum库。只用于安装或更新时。
name # 安装的包的名称
state # present安装, latest安装新的, absent 卸载软件。
update_cache # 强制更新yum的缓存
我们先看server1上没有tree命令,对该命令进行安装
ansible -m yum -a "name=tree state=latest" node1
ansible -m command -a "tree" node1
在server2上安装运行httpd服务
ansible -m yum -a "name=httpd state=latest" node2
ansible -m service -a "name=httpd state=started" node2
查看端口开放情况
ansible -m command -a "ss -ntl" node2
使用elinks工具检测是否安装成功(或者在浏览器输入服务器ip都可以实现同样的效果)
elinks 192.168.28.77 # server2 ip
service模块
用于配置服务
ansible-doc -s service
arguments # 命令行提供额外的参数
enabled # 设置开机启动,可以设置为yes或者no。
name= # 服务名称
runlevel # 开机启动的级别,一般不用指定。
sleep # 在重启服务的过程中,是否等待。如在服务关闭以后等待2秒再启动。
state # started启动服务, stopped停止服务, restarted重启服务, reloaded重载配置
实例:配置httpt进程开机启动
ansible -m service -a "name=httpd state=enable"
setup模块
获取远程主机的详细信息
ansible -m setup node2
[root@ansible ~]# cat setup.txt
server1 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.122.1",
"192.168.28.66"
],
"ansible_all_ipv6_addresses": [
"fe80::2a43:1282:aff6:e078",
"fe80::6f22:d478:2b46:2ad5"
],
"ansible_apparmor": {
"status": "disabled"
},
"ansible_architecture": "x86_64",
"ansible_bios_date": "11/12/2020",
"ansible_bios_version": "6.00",
"ansible_cmdline": {
"BOOT_IMAGE": "/boot/vmlinuz-3.10.0-1160.71.1.el7.x86_64",
"LANG": "zh_CN.UTF-8",
"crashkernel": "auto",
"quiet": true,
"rhgb": true,
"ro": true,
"root": "UUID=60bfdc34-a1ba-4afb-b440-d49f68e74eed"
},
"ansible_date_time": {
"date": "2024-10-14",
"day": "14",
"epoch": "1728869204",
"hour": "09",
"iso8601": "2024-10-14T01:26:44Z",
"iso8601_basic": "20241014T092644335349",
"iso8601_basic_short": "20241014T092644",
"iso8601_micro": "2024-10-14T01:26:44.335349Z",
"minute": "26",
"month": "10",
"second": "44",
"time": "09:26:44",
"tz": "CST",
"tz_offset": "+0800",
"weekday": "星期一",
"weekday_number": "1",
"weeknumber": "42",
"year": "2024"
},
"ansible_default_ipv4": {
"address": "192.168.28.66",
"alias": "ens33",
"broadcast": "192.168.28.255",
"gateway": "192.168.28.254",
"interface": "ens33",
"macaddress": "00:0c:29:1d:af:9f",
"mtu": 1500,
"netmask": "255.255.255.0",
"network": "192.168.28.0",
"type": "ether"
},
"ansible_default_ipv6": {},
"ansible_device_links": {
"ids": {},
"labels": {},
"masters": {},
"uuids": {
"sda1": [
"1a629aca-5f4e-446c-8e10-bdecd020da82"
],
"sda2": [
"60bfdc34-a1ba-4afb-b440-d49f68e74eed"
]
}
},
"ansible_devices": {
"sda": {
"holders": [],
"host": "SCSI storage controller: Broadcom / LSI 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 01)",
"links": {
"ids": [],
"labels": [],
"masters": [],
"uuids": []
},
"model": "VMware Virtual S",
"partitions": {
"sda1": {
"holders": [],
"links": {
"ids": [],
"labels": [],
"masters": [],
"uuids": [
"1a629aca-5f4e-446c-8e10-bdecd020da82"
]
},
"sectors": "16777216",
"sectorsize": 512,
"size": "8.00 GB",
"start": "2048",
"uuid": "1a629aca-5f4e-446c-8e10-bdecd020da82"
},
"sda2": {
"holders": [],
"links": {
"ids": [],
"labels": [],
"masters": [],
"uuids": [
"60bfdc34-a1ba-4afb-b440-d49f68e74eed"
]
},
"sectors": "192935936",
"sectorsize": 512,
"size": "92.00 GB",
"start": "16779264",
"uuid": "60bfdc34-a1ba-4afb-b440-d49f68e74eed"
}
},
"removable": "0",
"rotational": "1",
"sas_address": null,
"sas_device_handle": null,
"scheduler_mode": "deadline",
"sectors": "209715200",
"sectorsize": "512",
"size": "100.00 GB",
"support_discard": "0",
"vendor": "VMware,",
"virtual": 1
}
},
"ansible_distribution": "CentOS",
"ansible_distribution_file_parsed": true,
"ansible_distribution_file_path": "/etc/redhat-release",
"ansible_distribution_file_variety": "RedHat",
"ansible_distribution_major_version": "7",
"ansible_distribution_release": "Core",
"ansible_distribution_version": "7.9",
"ansible_dns": {
"nameservers": [
"192.168.28.254"
]
},
"ansible_domain": "",
"ansible_effective_group_id": 0,
"ansible_effective_user_id": 0,
"ansible_ens33": {
"active": true,
"device": "ens33",
"features": {
"busy_poll": "off [fixed]",
"fcoe_mtu": "off [fixed]",
"generic_receive_offload": "on",
"generic_segmentation_offload": "on",
"highdma": "off [fixed]",
"hw_tc_offload": "off [fixed]",
"l2_fwd_offload": "off [fixed]",
"large_receive_offload": "off [fixed]",
"loopback": "off [fixed]",
"netns_local": "off [fixed]",
"ntuple_filters": "off [fixed]",
"receive_hashing": "off [fixed]",
"rx_all": "off",
"rx_checksumming": "off",
"rx_fcs": "off",
"rx_gro_hw": "off [fixed]",
"rx_udp_tunnel_port_offload": "off [fixed]",
"rx_vlan_filter": "on [fixed]",
"rx_vlan_offload": "on",
"rx_vlan_stag_filter": "off [fixed]",
"rx_vlan_stag_hw_parse": "off [fixed]",
"scatter_gather": "on",
"tcp_segmentation_offload": "on",
"tx_checksum_fcoe_crc": "off [fixed]",
"tx_checksum_ip_generic": "on",
"tx_checksum_ipv4": "off [fixed]",
"tx_checksum_ipv6": "off [fixed]",
"tx_checksum_sctp": "off [fixed]",
"tx_checksumming": "on",
"tx_fcoe_segmentation": "off [fixed]",
"tx_gre_csum_segmentation": "off [fixed]",
"tx_gre_segmentation": "off [fixed]",
"tx_gso_partial": "off [fixed]",
"tx_gso_robust": "off [fixed]",
"tx_ipip_segmentation": "off [fixed]",
"tx_lockless": "off [fixed]",
"tx_nocache_copy": "off",
"tx_scatter_gather": "on",
"tx_scatter_gather_fraglist": "off [fixed]",
"tx_sctp_segmentation": "off [fixed]",
"tx_sit_segmentation": "off [fixed]",
"tx_tcp6_segmentation": "off [fixed]",
"tx_tcp_ecn_segmentation": "off [fixed]",
"tx_tcp_mangleid_segmentation": "off",
"tx_tcp_segmentation": "on",
"tx_udp_tnl_csum_segmentation": "off [fixed]",
"tx_udp_tnl_segmentation": "off [fixed]",
"tx_vlan_offload": "on [fixed]",
"tx_vlan_stag_hw_insert": "off [fixed]",
"udp_fragmentation_offload": "off [fixed]",
"vlan_challenged": "off [fixed]"
},
"hw_timestamp_filters": [],
"ipv4": {
"address": "192.168.28.66",
"broadcast": "192.168.28.255",
"netmask": "255.255.255.0",
"network": "192.168.28.0"
},
"ipv6": [
{
"address": "fe80::2a43:1282:aff6:e078",
"prefix": "64",
"scope": "link"
},
{
"address": "fe80::6f22:d478:2b46:2ad5",
"prefix": "64",
"scope": "link"
}
],
"macaddress": "00:0c:29:1d:af:9f",
"module": "e1000",
"mtu": 1500,
"pciid": "0000:02:01.0",
"promisc": false,
"speed": 1000,
"timestamping": [
"tx_software",
"rx_software",
"software"
],
"type": "ether"
},
"ansible_env": {
"HOME": "/root",
"KDEDIRS": "/usr",
"LANG": "zh_CN.UTF-8",
"LESSOPEN": "||/usr/bin/lesspipe.sh %s",
"LOGNAME": "root",
"LS_COLORS": "rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:",
"MAIL": "/var/mail/root",
"PATH": "/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin",
"PWD": "/root",
"QTDIR": "/usr/lib64/qt-3.3",
"QTINC": "/usr/lib64/qt-3.3/include",
"QTLIB": "/usr/lib64/qt-3.3/lib",
"QT_GRAPHICSSYSTEM_CHECKED": "1",
"QT_PLUGIN_PATH": "/usr/lib64/kde4/plugins:/usr/lib/kde4/plugins",
"SELINUX_LEVEL_REQUESTED": "",
"SELINUX_ROLE_REQUESTED": "",
"SELINUX_USE_CURRENT_RANGE": "",
"SHELL": "/bin/bash",
"SHLVL": "2",
"SSH_CLIENT": "192.168.28.88 47342 22",
"SSH_CONNECTION": "192.168.28.88 47342 192.168.28.66 22",
"SSH_TTY": "/dev/pts/0",
"TERM": "xterm",
"USER": "root",
"XDG_DATA_DIRS": "/root/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share",
"XDG_RUNTIME_DIR": "/run/user/0",
"XDG_SESSION_ID": "30",
"_": "/usr/bin/python"
},
"ansible_fibre_channel_wwn": [],
"ansible_fips": false,
"ansible_form_factor": "Other",
"ansible_fqdn": "server1",
"ansible_hostname": "server1",
"ansible_hostnqn": "",
"ansible_interfaces": [
"lo",
"virbr0",
"virbr0-nic",
"ens33"
],
"ansible_is_chroot": false,
"ansible_iscsi_iqn": "iqn.1994-05.com.redhat:34b4de6c161",
"ansible_kernel": "3.10.0-1160.71.1.el7.x86_64",
"ansible_kernel_version": "#1 SMP Tue Jun 28 15:37:28 UTC 2022",
"ansible_lo": {
"active": true,
"device": "lo",
"features": {
"busy_poll": "off [fixed]",
"fcoe_mtu": "off [fixed]",
"generic_receive_offload": "on",
"generic_segmentation_offload": "on",
"highdma": "on [fixed]",
"hw_tc_offload": "off [fixed]",
"l2_fwd_offload": "off [fixed]",
"large_receive_offload": "off [fixed]",
"loopback": "on [fixed]",
"netns_local": "on [fixed]",
"ntuple_filters": "off [fixed]",
"receive_hashing": "off [fixed]",
"rx_all": "off [fixed]",
"rx_checksumming": "on [fixed]",
"rx_fcs": "off [fixed]",
"rx_gro_hw": "off [fixed]",
"rx_udp_tunnel_port_offload": "off [fixed]",
"rx_vlan_filter": "off [fixed]",
"rx_vlan_offload": "off [fixed]",
"rx_vlan_stag_filter": "off [fixed]",
"rx_vlan_stag_hw_parse": "off [fixed]",
"scatter_gather": "on",
"tcp_segmentation_offload": "on",
"tx_checksum_fcoe_crc": "off [fixed]",
"tx_checksum_ip_generic": "on [fixed]",
"tx_checksum_ipv4": "off [fixed]",
"tx_checksum_ipv6": "off [fixed]",
"tx_checksum_sctp": "on [fixed]",
"tx_checksumming": "on",
"tx_fcoe_segmentation": "off [fixed]",
"tx_gre_csum_segmentation": "off [fixed]",
"tx_gre_segmentation": "off [fixed]",
"tx_gso_partial": "off [fixed]",
"tx_gso_robust": "off [fixed]",
"tx_ipip_segmentation": "off [fixed]",
"tx_lockless": "on [fixed]",
"tx_nocache_copy": "off [fixed]",
"tx_scatter_gather": "on [fixed]",
"tx_scatter_gather_fraglist": "on [fixed]",
"tx_sctp_segmentation": "on",
"tx_sit_segmentation": "off [fixed]",
"tx_tcp6_segmentation": "on",
"tx_tcp_ecn_segmentation": "on",
"tx_tcp_mangleid_segmentation": "on",
"tx_tcp_segmentation": "on",
"tx_udp_tnl_csum_segmentation": "off [fixed]",
"tx_udp_tnl_segmentation": "off [fixed]",
"tx_vlan_offload": "off [fixed]",
"tx_vlan_stag_hw_insert": "off [fixed]",
"udp_fragmentation_offload": "on",
"vlan_challenged": "on [fixed]"
},
"hw_timestamp_filters": [],
"ipv4": {
"address": "127.0.0.1",
"broadcast": "",
"netmask": "255.0.0.0",
"network": "127.0.0.0"
},
"ipv6": [
{
"address": "::1",
"prefix": "128",
"scope": "host"
}
],
"mtu": 65536,
"promisc": false,
"timestamping": [
"rx_software",
"software"
],
"type": "loopback"
},
"ansible_local": {},
"ansible_lsb": {},
"ansible_lvm": {
"lvs": {},
"pvs": {},
"vgs": {}
},
"ansible_machine": "x86_64",
"ansible_machine_id": "0309088104324f4ebda76f55d891b515",
"ansible_memfree_mb": 2680,
"ansible_memory_mb": {
"nocache": {
"free": 3285,
"used": 485
},
"real": {
"free": 2680,
"total": 3770,
"used": 1090
},
"swap": {
"cached": 0,
"free": 8191,
"total": 8191,
"used": 0
}
},
"ansible_memtotal_mb": 3770,
"ansible_mounts": [
{
"block_available": 22445186,
"block_size": 4096,
"block_total": 24105217,
"block_used": 1660031,
"device": "/dev/sda2",
"fstype": "xfs",
"inode_available": 48030369,
"inode_total": 48233984,
"inode_used": 203615,
"mount": "/",
"options": "rw,seclabel,relatime,attr2,inode64,noquota",
"size_available": 91935481856,
"size_total": 98734968832,
"uuid": "60bfdc34-a1ba-4afb-b440-d49f68e74eed"
}
],
"ansible_nodename": "server1",
"ansible_os_family": "RedHat",
"ansible_pkg_mgr": "yum",
"ansible_proc_cmdline": {
"BOOT_IMAGE": "/boot/vmlinuz-3.10.0-1160.71.1.el7.x86_64",
"LANG": "zh_CN.UTF-8",
"crashkernel": "auto",
"quiet": true,
"rhgb": true,
"ro": true,
"root": "UUID=60bfdc34-a1ba-4afb-b440-d49f68e74eed"
},
"ansible_processor": [
"0",
"GenuineIntel",
"Intel(R) Core(TM) i5-10500H CPU @ 2.50GHz",
"1",
"GenuineIntel",
"Intel(R) Core(TM) i5-10500H CPU @ 2.50GHz"
],
"ansible_processor_cores": 2,
"ansible_processor_count": 1,
"ansible_processor_threads_per_core": 1,
"ansible_processor_vcpus": 2,
"ansible_product_name": "VMware Virtual Platform",
"ansible_product_serial": "VMware-56 4d 26 77 cf 39 92 a8-db f7 2d 99 b0 1d af 9f",
"ansible_product_uuid": "77264D56-39CF-A892-DBF7-2D99B01DAF9F",
"ansible_product_version": "None",
"ansible_python": {
"executable": "/usr/bin/python",
"has_sslcontext": true,
"type": "CPython",
"version": {
"major": 2,
"micro": 5,
"minor": 7,
"releaselevel": "final",
"serial": 0
},
"version_info": [
2,
7,
5,
"final",
0
]
},
"ansible_python_version": "2.7.5",
"ansible_real_group_id": 0,
"ansible_real_user_id": 0,
"ansible_selinux": {
"config_mode": "enforcing",
"mode": "enforcing",
"policyvers": 31,
"status": "enabled",
"type": "targeted"
},
"ansible_selinux_python_present": true,
"ansible_service_mgr": "systemd",
"ansible_ssh_host_key_ecdsa_public": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKc8z8qym5Z1/NG9cty+iY/wrzJvGwgnwh+WjAByC6xup2ZNw9AmRCORkvbYlLbd/mBX+ZV96FsZz4ag4WZtMMc=",
"ansible_ssh_host_key_ed25519_public": "AAAAC3NzaC1lZDI1NTE5AAAAIHw7Go3U36zwIxwqQiZRvB4N3SuJsXLQIR5Nzoi+6Y+K",
"ansible_ssh_host_key_rsa_public": "AAAAB3NzaC1yc2EAAAADAQABAAABAQCpLSb01Z88NmbW2ssqX3xgk3LxzJg3W6rhNj6xHd7m4o0S2QLIvA4ut51i+bQRrRE/JOqXgR7p2mUjod2RflrhBHTsBVzOdLtp5iz9k4GLUizajrK2orrey/FSFMcmVs27eeGSyd9Qukj4QfGxq/ydB/PoaYgv5T8zSVH9zcXAGkXsAyQtqFHDBbPSbqcnWAMjO/0+YL2eHOAKjaeJU434FbuRRdKP7UIE+ILeYkt6xPtJ+TRQPfXES62iRICUb46thcfFHDU7vVM+gcuLCtAO8W0aJXmJRaGZooDy0htAdRLlxc0tbeH3M+ksTuOKg+gyTXkKb5iSIwegJ10vYEN/",
"ansible_swapfree_mb": 8191,
"ansible_swaptotal_mb": 8191,
"ansible_system": "Linux",
"ansible_system_capabilities": [
"cap_chown",
"cap_dac_override",
"cap_dac_read_search",
"cap_fowner",
"cap_fsetid",
"cap_kill",
"cap_setgid",
"cap_setuid",
"cap_setpcap",
"cap_linux_immutable",
"cap_net_bind_service",
"cap_net_broadcast",
"cap_net_admin",
"cap_net_raw",
"cap_ipc_lock",
"cap_ipc_owner",
"cap_sys_module",
"cap_sys_rawio",
"cap_sys_chroot",
"cap_sys_ptrace",
"cap_sys_pacct",
"cap_sys_admin",
"cap_sys_boot",
"cap_sys_nice",
"cap_sys_resource",
"cap_sys_time",
"cap_sys_tty_config",
"cap_mknod",
"cap_lease",
"cap_audit_write",
"cap_audit_control",
"cap_setfcap",
"cap_mac_override",
"cap_mac_admin",
"cap_syslog",
"35",
"36+ep"
],
"ansible_system_capabilities_enforced": "True",
"ansible_system_vendor": "VMware, Inc.",
"ansible_uptime_seconds": 5028,
"ansible_user_dir": "/root",
"ansible_user_gecos": "root",
"ansible_user_gid": 0,
"ansible_user_id": "root",
"ansible_user_shell": "/bin/bash",
"ansible_user_uid": 0,
"ansible_userspace_architecture": "x86_64",
"ansible_userspace_bits": "64",
"ansible_virbr0": {
"active": false,
"device": "virbr0",
"features": {
"busy_poll": "off [fixed]",
"fcoe_mtu": "off [fixed]",
"generic_receive_offload": "on",
"generic_segmentation_offload": "on",
"highdma": "off [requested on]",
"hw_tc_offload": "off [fixed]",
"l2_fwd_offload": "off [fixed]",
"large_receive_offload": "off [fixed]",
"loopback": "off [fixed]",
"netns_local": "on [fixed]",
"ntuple_filters": "off [fixed]",
"receive_hashing": "off [fixed]",
"rx_all": "off [fixed]",
"rx_checksumming": "off [fixed]",
"rx_fcs": "off [fixed]",
"rx_gro_hw": "off [fixed]",
"rx_udp_tunnel_port_offload": "off [fixed]",
"rx_vlan_filter": "off [fixed]",
"rx_vlan_offload": "off [fixed]",
"rx_vlan_stag_filter": "off [fixed]",
"rx_vlan_stag_hw_parse": "off [fixed]",
"scatter_gather": "on",
"tcp_segmentation_offload": "on",
"tx_checksum_fcoe_crc": "off [fixed]",
"tx_checksum_ip_generic": "on",
"tx_checksum_ipv4": "off [fixed]",
"tx_checksum_ipv6": "off [fixed]",
"tx_checksum_sctp": "off [fixed]",
"tx_checksumming": "on",
"tx_fcoe_segmentation": "off [requested on]",
"tx_gre_csum_segmentation": "on",
"tx_gre_segmentation": "on",
"tx_gso_partial": "on",
"tx_gso_robust": "off [requested on]",
"tx_ipip_segmentation": "on",
"tx_lockless": "on [fixed]",
"tx_nocache_copy": "off",
"tx_scatter_gather": "on",
"tx_scatter_gather_fraglist": "on",
"tx_sctp_segmentation": "off [requested on]",
"tx_sit_segmentation": "on",
"tx_tcp6_segmentation": "on",
"tx_tcp_ecn_segmentation": "on",
"tx_tcp_mangleid_segmentation": "on",
"tx_tcp_segmentation": "on",
"tx_udp_tnl_csum_segmentation": "on",
"tx_udp_tnl_segmentation": "on",
"tx_vlan_offload": "on",
"tx_vlan_stag_hw_insert": "on",
"udp_fragmentation_offload": "off [requested on]",
"vlan_challenged": "off [fixed]"
},
"hw_timestamp_filters": [],
"id": "8000.5254002f459b",
"interfaces": [
"virbr0-nic"
],
"ipv4": {
"address": "192.168.122.1",
"broadcast": "192.168.122.255",
"netmask": "255.255.255.0",
"network": "192.168.122.0"
},
"macaddress": "52:54:00:2f:45:9b",
"mtu": 1500,
"promisc": false,
"stp": true,
"timestamping": [
"rx_software",
"software"
],
"type": "bridge"
},
"ansible_virbr0_nic": {
"active": false,
"device": "virbr0-nic",
"features": {
"busy_poll": "off [fixed]",
"fcoe_mtu": "off [fixed]",
"generic_receive_offload": "on",
"generic_segmentation_offload": "on",
"highdma": "off [fixed]",
"hw_tc_offload": "off [fixed]",
"l2_fwd_offload": "off [fixed]",
"large_receive_offload": "off [fixed]",
"loopback": "off [fixed]",
"netns_local": "off [fixed]",
"ntuple_filters": "off [fixed]",
"receive_hashing": "off [fixed]",
"rx_all": "off [fixed]",
"rx_checksumming": "off [fixed]",
"rx_fcs": "off [fixed]",
"rx_gro_hw": "off [fixed]",
"rx_udp_tunnel_port_offload": "off [fixed]",
"rx_vlan_filter": "off [fixed]",
"rx_vlan_offload": "off [fixed]",
"rx_vlan_stag_filter": "off [fixed]",
"rx_vlan_stag_hw_parse": "off [fixed]",
"scatter_gather": "on",
"tcp_segmentation_offload": "off",
"tx_checksum_fcoe_crc": "off [fixed]",
"tx_checksum_ip_generic": "off [requested on]",
"tx_checksum_ipv4": "off [fixed]",
"tx_checksum_ipv6": "off [fixed]",
"tx_checksum_sctp": "off [fixed]",
"tx_checksumming": "off",
"tx_fcoe_segmentation": "off [fixed]",
"tx_gre_csum_segmentation": "off [fixed]",
"tx_gre_segmentation": "off [fixed]",
"tx_gso_partial": "off [fixed]",
"tx_gso_robust": "off [fixed]",
"tx_ipip_segmentation": "off [fixed]",
"tx_lockless": "on [fixed]",
"tx_nocache_copy": "off",
"tx_scatter_gather": "on",
"tx_scatter_gather_fraglist": "on",
"tx_sctp_segmentation": "off [fixed]",
"tx_sit_segmentation": "off [fixed]",
"tx_tcp6_segmentation": "off [requested on]",
"tx_tcp_ecn_segmentation": "off [requested on]",
"tx_tcp_mangleid_segmentation": "off",
"tx_tcp_segmentation": "off [requested on]",
"tx_udp_tnl_csum_segmentation": "off [fixed]",
"tx_udp_tnl_segmentation": "off [fixed]",
"tx_vlan_offload": "on",
"tx_vlan_stag_hw_insert": "on",
"udp_fragmentation_offload": "off [requested on]",
"vlan_challenged": "off [fixed]"
},
"hw_timestamp_filters": [],
"macaddress": "52:54:00:2f:45:9b",
"mtu": 1500,
"promisc": true,
"timestamping": [
"rx_software",
"software"
],
"type": "ether"
},
"ansible_virtualization_role": "guest",
"ansible_virtualization_type": "VMware",
"discovered_interpreter_python": "/usr/bin/python",
"gather_subset": [
"all"
],
"module_setup": true
},
"changed": false
}
Selinux模块
管理远程主机的selinux配置
参数
ansible-doc -s selinux
policy # 要使用的selinux策略的名称
state # 配置selinux的模式 enforcing(强制模式)、permissive(宽容模式)、disabled(禁用)三种模式
configfile # 配置selinux文件的路径
例子:设置selinux防火墙为强制模式
ansible -m selinux -a "policy=targeted state=enforcing" node1
可以看出来server1本身就是配置的enforcing模式
