2. 程式人生 > >w9 Ansible批量管理與維護

w9 Ansible批量管理與維護

阿新 發佈:2018-10-26
交互 ren == shp 狀態 不支持 change arc res

ssh秘鑰認證

基於口令的安全驗證

技術分享圖片 
[root@m01 ~]# ssh 10.0.0.41 hostname
[email protected]s password:
backup
[root@m01 ~]# ssh 10.0.0.41 whoami
[email protected]s password:
root
[root@m01 ~]# ssh [email protected] whoami
[email protected]s password:
oldboy
view

1.生成鑰匙和鎖頭

技術分享圖片 
[root@m01 ~]# hostname
m01
[root@m01 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
29:37:1b:e1:9f:0a:ab:77:a0:fc:60:41:2d:bc:85:dd root@m01
The key‘s randomart image is:
 

+--[ DSA 1024]----+
| |
| . + . |
| = + E |
| . + . o |
| o . S |
| ..o = . |
| .o.... o |
| .o..o.. |
| .+o.. |
+-----------------+
view

2.把鎖頭發送到 backup 和 nfs01上

技術分享圖片 
發送到 backup
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_dsa.pub [email protected]
The authenticity of host ‘172.16.1.41 (172.16.1.41)
 
‘ can‘t be established.
RSA key fingerprint is ac:0f:aa:d2:5b:ff:cf:ac:f0:76:37:a6:be:31:b9:f9.
Are you sure you want to continue connecting (yes/no)? y
Please type ‘yes‘ or ‘no‘: yes
Warning: Permanently added ‘172.16.1.41‘ (RSA) to the list of known hosts.
[email protected]s password:
Now try logging into the machine, with "ssh ‘[email protected]
 
", and check in:
.ssh/authorized_keys
to make sure we haven‘t added extra keys that you weren‘t expecting.
[root@m01 ~]# ssh 10.0.0.41 hostname
backup
?
?
#nfs01
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_dsa.pub [email protected]
The authenticity of host ‘172.16.1.31 (172.16.1.31)‘ can‘t be established.
RSA key fingerprint is ac:0f:aa:d2:5b:ff:cf:ac:f0:76:37:a6:be:31:b9:f9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.16.1.31‘ (RSA) to the list of known hosts.
[email protected]s password:
Now try logging into the machine, with "ssh ‘[email protected]", and check in:
.ssh/authorized_keys
to make sure we haven‘t added extra keys that you weren‘t expecting.
[root@m01 ~]# ssh 172.16.1.31 hostname
nfs01
view

3.把鎖頭發送到 backup 和 nfs01上 - 免密碼

技術分享圖片 
yum install sshpass -y

#sshpass 給ssh類提供密碼

[root@m01 ~]# sshpass -p123456 ssh 172.16.1.41 hostname

backup

sshpass -p123456 ssh -o StrictHostKeyChecking=no 172.16.1.41 hostname

backup
view

非交互式創建 鑰匙鎖頭

技術分享圖片 
[root@m01 ~]# ssh-keygen -t dsa -P ‘‘ -f ~/.ssh/id_dsa
Generating public/private dsa key pair.
/root/.ssh/id_dsa already exists.
Overwrite (y/n)? y
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
e0:8d:9b:00:99:fe:fc:67:be:65:8c:b0:b1:cc:fc:8c root@m01
The key‘s randomart image is:
+--[ DSA 1024]----+
| |
| o |
| + . |
| . . . + |
| . . = S |
| o = B o |
| o O . + |
| . +oo |
| E+=. |
+-----------------+
view

非交互式 分發公鑰

技術分享圖片 
[root@m01 ~]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no [email protected]"
Now try logging into the machine, with "ssh ‘-o StrictHostKeyChecking=no [email protected]",
and check in:
.ssh/authorized_keys
to make sure we haven‘t added extra keys that you weren‘t expecting.
?
?
[root@m01 ~]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no [email protected]"
Now try logging into the machine, with "ssh ‘-o StrictHostKeyChecking=no [email protected]",
and check in:
.ssh/authorized_keys
to make sure we haven‘t added extra keys that you weren‘t expecting.
?
?
[root@m01 ~]# ssh 172.16.1.41 hostname
backup
[root@m01 ~]# ssh 172.16.1.31 hostname
nfs01
view

ansible部署

技術分享圖片 
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
?
#m01
yum install ansible -y
yum install libselinux-python -y
?
#backup nfs01
yum install libselinux-python -y
[root@m01 ~]# tree /etc/ansible/
/etc/ansible/
├── ansible.cfg #ansible的配置文件
├── hosts #ansible管理了 哪些服務器 服務器列表
└── roles
1 directory, 2 files
[root@m01 ~]# cat /etc/ansible/hosts
[oldboy]
172.16.1.31
172.16.1.41
?
ansible oldboy -m command -a "hostname"
ansible oldboy -m command -a "yum install cowsay -y"
install

測試:復制文件

技術分享圖片

技術分享圖片 
[root@m01 ~]# ansible oldboy -m copy -a "src=/etc/hosts dest=/tmp owner=oldboy mode=0755"
172.16.1.41 | SUCCESS => {
"changed": true,
"checksum": "bc07bb4d3a780f4fd8cae94ec7bff04edb1a5a4e",
"dest": "/tmp/hosts",
"gid": 0,
"group": "root",
"md5sum": "55ee21bf1168f9be70abd35bf29d8e4a",
"mode": "0755",
"owner": "oldboy",
"size": 364,
"src": "/root/.ansible/tmp/ansible-tmp-1517744820.18-259504826638509/source",
"state": "file",
"uid": 500
}
172.16.1.31 | SUCCESS => {
"changed": true,
"checksum": "bc07bb4d3a780f4fd8cae94ec7bff04edb1a5a4e",
"dest": "/tmp/hosts",
"gid": 0,
"group": "root",
"md5sum": "55ee21bf1168f9be70abd35bf29d8e4a",
"mode": "0755",
"owner": "oldboy",
"size": 364,
"src": "/root/.ansible/tmp/ansible-tmp-1517744820.17-14642605512978/source",
"state": "file",
"uid": 500
}
?
?
[root@m01 ~]# ansible oldboy -m command -a "ls -l /tmp/hosts"
172.16.1.31 | SUCCESS | rc=0 >>
-rwxr-xr-x 1 oldboy root 364 Feb 4 19:47 /tmp/hosts
172.16.1.41 | SUCCESS | rc=0 >>
-rwxr-xr-x 1 oldboy root 364 Feb 4 19:47 /tmp/hosts
install 技術分享圖片 
ansible oldboy -m copy -a "src=/etc/hosts dest=/tmp backup=yes"



ansible-doc -l|wc -l

ansible-doc -s copy # 查看文檔

ansible oldboy -m copy -a "src=/server/scripts/yum-htop.sh dest=/server/scripts/ "

ansible oldboy -m shell -a "/bin/sh /server/scripts/yum-htop.sh"

ansible oldboy -m script -a "/server/scripts/yum.sh"
view

定時任務

技術分享圖片

技術分享圖片 
[root@m01 scripts]# ansible oldboy -m cron -a "name=‘restart network‘ minute=00 hour=00 job=‘ /etc/init.d/network restart >/dev/null 2>&1‘"
172.16.1.31 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"restart network"
]
}
172.16.1.41 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"restart network"
]
}
?
[root@m01 scripts]# ansible oldboy -a "crontab -l"
172.16.1.41 | SUCCESS | rc=0 >>
#time sync by lidao at 2017-03-08
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
#check & send result lee at 2017-01-01
00 03 * * * /bin/sh /server/scripts/check.sh >/dev/null 2>&1
#Ansible: restart network
00 00 * * * /etc/init.d/network restart >/dev/null 2>&1
172.16.1.31 | SUCCESS | rc=0 >>
#time sync by lidao at 2017-03-08
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
#Ansible: restart network
00 00 * * * /etc/init.d/network restart >/dev/null 2>&1
?
mkdir -p /server/playbook
?
[root@m01 playbook]# cat ifconfig.yml
- hosts: oldboy
tasks:
- command: ifconfig
- shell: ifconfig >/tmp/ip.log
?
?
ansible-playbook -C ifconfig.yml
ansible-playbook ifconfig.yml
[root@m01 ~]# ansible oldboy -m cron -a "name=‘restart network‘ minute=00 hour=00 job=‘/etc/init.d/network restart >/dev/null 2>&1‘"
172.16.1.41 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": [
        "restart network"
    ]
}
172.16.1.31 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": [
        "restart network"
    ]
}
?
?
?
?
?
[root@m01 ~]# ansible oldboy -m cron -a "name=‘restart network‘ state=absent "
172.16.1.31 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": []
}
172.16.1.41 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": []
}
?
view

簡單例子1:批量執行命令

把所有服務器的ip地址追加到/tmp/ip.log中

技術分享圖片 
[root@m01 playbook]# cat print-ip.yml
- hosts: all
  tasks:
  - name: get ip address
    shell: ifconfig eth0 |awk -F "[ :]+" ‘NR==2{print $4}‘ >>/tmp/ip.log


ansible-playbook -C print-ip.yml
ansible-playbook print-ip.yml
ansible all -a "tail -1 /tmp/ip.log"
?

ansible oldboy -m cron -a ‘name="restart network" minute=00 hour=00 job="/etc/init.d/network restart >/dev/null 2>&1" state=present‘
?
?
[root@m01 playbook]# cat add-cron.yml
- hosts: oldboy
  tasks:
  - name: add restart network cron
    cron: name="restart network" minute=00 hour=00 job="/etc/init.d/network restart >/dev/null 2>&1" state=present
?
?

playbook添加定時任務
[root@m01 playbook]# ansible oldboy -a "crontab -l"
172.16.1.41 | SUCCESS | rc=0 >>
#time sync by lidao at 2017-03-08
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
#check & send result lee at 2017-01-01
00 03 * * * /bin/sh /server/scripts/check.sh >/dev/null 2>&1
172.16.1.31 | SUCCESS | rc=0 >>
#time sync by lidao at 2017-03-08
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
view

2.playbook添加定時任務

  不支持tab
技術分享圖片 
- hosts: oldboy
  tasks:
  - name: add restart network cron
    cron: name="restart network" minute=00 hour=00 job="/etc/init.d/network restart >/dev/null 2>&1" state=present
- hosts: oldboy
  tasks:
  - name: add restart network cron
    cron:
    name: restart network
    minute: 00
    hour: 00
    job: /etc/init.d/network restart >/dev/null 2>&1
    state: present
兩種書寫格式 


例3:對同一臺機器配置多個任務


重啟網絡 service


安裝軟件 yum


顯示時間信息到文件 date

技術分享圖片


[root@m01 playbook]# cat manage.yml
- hosts: all
  tasks:
    - name: restart network
      service:                    #服務
      name: network               #服務器名
      state: restarted            #狀態
    - name: install tree nmap lrzsz iftop htop iotop nc
      shell: yum install -y tree nmap lrzsz iftop htop iotop nc
    - name: print date to file
      shell: date +%F >>/tmp/date.log


view



?

技術分享圖片


[root@m01 playbook]# cat hosts.yml
- hosts: 172.16.1.41
  tasks:
    - name: mkdir
      shell: mkdir -p /oldboy/backup
- hosts: 172.16.1.31
  tasks:
    - name: find
      shell: find /etc -type f -name "*.conf" >>/tmp/name.log

ansible安裝rsync服務器

nfs服務器

配置sersync數據同步

如何使用pssh (pssh pscp prsync)



view
w9 Ansible批量管理與維護
   
 
 
 
 

            
  

           

              
              

            

            
相關推薦

			   
            
            
            
 

    


    
    
w9 Ansible批量管理維護

     
 交互   ren   ==   shp   狀態   不支持   change   arc   res   ssh秘鑰認證
基於口令的安全驗證


[root@m01 ~]# ssh 10.0.0.41 hostname
[email protected]‘s password:
backup
[ro 



  
 

    


    
    
ansible ansible批量管理工具的搭建簡單的操作

     
 ansible批量管理工具的搭建與簡單的操作 

  
 
 
  
  ansible的安裝 
   
   
    
    
   #
[[email protected] ~]# cat /etc/redhat-release 
CentOS Linux release 7.5. 



  
 

    


    
    
SQL SERVER 2008數據庫管理維護總結

     
 sql server1、事物日誌 分為小的虛擬日誌VLF,它有編號叫LSN2、檢查點默認每隔1分鐘將內存數據存盤,故障點發生後日誌重做,事物根據提交與否前滾或回滾。3、在數據庫整體主菜單欄選擇屬性可設置數據文件和日誌文件的存放地點,設置完後需要重啟服務,可主菜單右鍵重啟服務或通過windows系統服務重啟。4 



  
 

    


    
    
免密碼交互方式+ansible批量管理服務介紹

     
 單獨   h+   agen   lena   entity   內容   設置   ati   ssh-key   介紹了ssh服務
1) 遠程連接加密傳輸數據協議,實現遠程連接登錄,默認端口222)ssh遠程連接原理依賴於鎖頭(公鑰)和鑰匙(私鑰),實現遠程加密連接3)ssh基於秘鑰遠程登錄原理a 管理服 



  
 

    


    
    
通過ansible批量管理Linux服務器:配置Inventory和批量執行命令

     
 ice   單引號   p地址   pytho   不支持   passwd   賬號密碼   常用   系統   ansible是一款比較新的自動化運維工具,基於Python開發,集合了眾多運維工具(puppet、cfengine、chef、func、fabric)的優點,實現了批量系統配置、批量程序部署、 



  
 

    


    
    
通過ansible批量管理Linux服務器:playbook作業

     
 hive   形式   特定   developer   ignore   utf   mar   hat   copy   Playbooks是一種簡單的配置管理系統與多機器部署系統的基礎,非常適合於復雜應用的部署。Playbooks可用於聲明配置,可以編排有序的執行過程,甚至可以做到在多組機器間來回有序的 



  
 

    


    
    
ansible批量管理服務詳解

     
 正常   html   不存在   開始   shell腳本   server   str   就是   yum安裝   在開始之前我們先試想一個場景,你的公司有成百上千臺的服務器,這時候領導要求在所有服務器上都添加一個定時任務,或者是執行某個命令,你可能會說用xshell一個一個去連或者是編寫一個shell 



  
 

    


    
    
MySQL資料庫日誌的管理維護

     
  
 
 MySQL資料庫主要有5種類型的日誌,分別為慢查詢日誌(log-slow-queries),二進位制日誌(log-bin),錯誤日誌(log-error),查詢日誌(log),更新日誌(log-update)。在新的MySQL版本中,已取消了更新日誌,可以用二進位制日誌來替代這個功能。文章側重講解慢 



  
 

    


    
    
Linux命令[系統管理維護命令]

     
  
 
  
  
  
  ls: 列出工作目錄所含的檔案及子目錄, 可以用dir代替ls 語法: ls [選項] [路徑或檔案] 
  
 -- 註釋: 列出mnt目錄下的檔案及其子目錄--
> ls /mnt
apk-update-service  git-repo-for-redmine  li 



  
 

    


    
    
ansible批量管理工具

     
 一,常見的管理工具 
  (1)ansible     so easy  500臺以下的伺服器 
  (2)saltstack   比較複雜 
  (3)puppet     超級複雜 
2 



  
 

    


    
    
mysql ---分割槽管理維護

     
  
  
  
 mysql 分割槽管理 為沒有分割槽的表建立分割槽 alter table user_1 partition by range(age)( partition age_1 values less than (20), partition age_2 values less than (30) 



  
 

    


    
    
ansible批量管理服務工具。

     
 ansible批量管理服務工具 
ansible批量管理服務工具 

  
 
  
批量管理伺服器的工具 

  
 
 
 無須部署agent,通過ssh進行管理 
  
 流行的自動化運維工具:https://github.con/ansible/ansible 
 

  



  
 

    


    
    
hadoop快速自我學習--hadoop平臺管理維護

     
 
                1,HDFS常用命令

hdfs dfs -mkdir /data

hdfs dfs -put  localfile  hdfspath

-rm  

-du -h

-chmod

-chown  user:group  hdfspath

-cat   

-zcat 



  
 

    


    
    
Linux-2 常見的命令——系統管理維護命令

     
  
  
  
 Linux-2 常見的命令——系統管理與維護命令 1、ls命令:顯示指定工作目錄下的內容,列出工作目錄所含的檔案及子目錄。此命令於Windows下的dir類似。Linux也提供了dir命令可以代替ls命令。 -a:顯示指定目錄下的所有檔案及子目錄,包含隱藏檔案“.”開頭的檔案或者目錄視為隱藏 



  
 

    


    
    
Linux常用命令-系統管理維護

     
 
                
系統管理與維護ls 命令顯示指定工作目錄下的內容語法格式ls [選項] [路徑或檔案]選項說明# -a 顯示所有檔案及子目錄,包含隱藏檔案
# -d 只顯示目錄列表,不顯示檔案
# -l 除檔名稱外,同時將檔案或子目錄的許可權,使用者資訊等詳細列出
# -s 輸出每個檔案的 



  
 

    


    
    
Oracle RAC OCR 的管理維護

     
 
                

OCR相當於Windows的登錄檔。對於Windows而言,所有的軟體資訊,使用者,配置,安全等等統統都放到登錄檔裡邊。而叢集呢,同樣如此,所有和叢集相關的資源,配置,節點,RAC資料庫統統都放在這個倉庫裡。如果OCR被破壞則導致叢集服務啟動異常,需要修復OCR。因此OC 



  
 

    


    
    
管理維護Linux系統

     
 
                任務一  安裝與配置初始Centos系統1.下載好centos系統,安裝虛擬機器的話,不用燒錄光碟,直接用ISO映象檔案啟動即可如下圖所示:在圖中centos啟動介面中五個選項,含義分別是:(1)安裝或更新系統(2)安裝顯示卡驅動(3)系統修復(4)從硬碟啟動(5)記憶體測試 



  
 

    


    
    
ansible批量管理(模組管理

     
 
                – ansible-doc -l 列出所有模組

– ansible-doc modulename 檢視幫劣

這兩條命令非常重要:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



[[e 



  
 

    


    
    
haproxy在線管理維護分享

     
 pro   關閉   col   match   鏈接方式   png   att   see   ear   相比於nginx負載均衡,haproxy有一個很好用的功能,就是可以動態的維護後端的server,而不必重啟整個服務。完成這項功能需要使用到haproxy socket和socat。

1. hap 



  
 

    


    
    
ansible批量管理

     
 top   腳本   批量安裝   oot   done   pre   文件   ech   end   編寫批量安裝腳本

[root@m01 scripts]# vim install.sh 
for ip in $*
do
  echo "=======start install to $i