1、 ansible 故障排除
1.1 在配置文件指定log
[student@workstation troubleshoot-playbook]$ cat ansible.cfg
[defaults]
log_path=./ansible.log
inventory=./inventory
[student@workstation troubleshoot-playbook]$ cat hello.yml
---
- name: 使用log
hosts: all
tasks:
- name: use debug
debug:
msg: "hello mmx"
[student@workstation troubleshoot-playbook]$ cat ansible.log
[student@workstation troubleshoot-playbook]$ ansible-playbook hello.yml
PLAY [使用log] ****************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************
ok: [servera.lab.example.com]
TASK [use debug] ************************************************************************************************************************************************************
ok: [servera.lab.example.com] => {
"msg": "hello mmx"
}
PLAY RECAP ******************************************************************************************************************************************************************
servera.lab.example.com : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@workstation troubleshoot-playbook]$ cat ansible.log
2022-09-16 13:27:26,865 p=14034 u=student | PLAY [使用log] ****************************************************************************************************************************************************************
2022-09-16 13:27:26,881 p=14034 u=student | TASK [Gathering Facts] ******************************************************************************************************************************************************
2022-09-16 13:27:29,519 p=14034 u=student | ok: [servera.lab.example.com]
2022-09-16 13:27:29,553 p=14034 u=student | TASK [use debug] ************************************************************************************************************************************************************
2022-09-16 13:27:29,580 p=14034 u=student | ok: [servera.lab.example.com] => {
"msg": "hello mmx"
}
2022-09-16 13:27:29,585 p=14034 u=student | PLAY RECAP ******************************************************************************************************************************************************************
2022-09-16 13:27:29,585 p=14034 u=student | servera.lab.example.com : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
1.2 debug模块
通过debug模块,可以打印一些信息
[student@workstation troubleshoot-playbook]$ cat debug.yml
---
- name: one
hosts: all
tasks:
- name: one
debug:
msg: "{{ ansible_facts['memfree_mb'] }}"
[student@workstation troubleshoot-playbook]$ ansible-playbook debug.yml
PLAY [one] ******************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************
ok: [servera.lab.example.com]
TASK [one] ******************************************************************************************************************************************************************
ok: [servera.lab.example.com] => {
"msg": "159"
}
PLAY RECAP ******************************************************************************************************************************************************************
servera.lab.example.com : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
1.3 测试playbook
通过参数:--syntax-check检查playbook语法
1.3.1 语法错误情况
[student@workstation troubleshoot-playbook]$ cat debug.yml
---
- name: one
hosts: all
tasks:
- name: one
debug:
msg: "{{ ansible_facts['memfree_mb'] }}"
[student@workstation troubleshoot-playbook]$ ansible-playbook debug.yml --syntax-check
ERROR! 'msg' is not a valid attribute for a Task
The error appears to be in '/home/student/troubleshoot-playbook/debug.yml': line 5, column 13, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
tasks:
- name: one
^ here
This error can be suppressed as a warning using the "invalid_task_attribute_failed" configuration
[student@workstation troubleshoot-playbook]$ !vim
vim debug.yml
[student@workstation troubleshoot-playbook]$ ansible-playbook debug.yml
PLAY [one] ******************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************
^C [ERROR]: User interrupted execution
1.3.2 语法正确情况
[student@workstation troubleshoot-playbook]$ cat debug.yml
---
- name: one
hosts: all
tasks:
- name: one
debug:
msg: "{{ ansible_facts['memfree_mb'] }}"
[student@workstation troubleshoot-playbook]$ ansible-playbook debug.yml --syntax-check
playbook: debug.yml
1.4 查看输出信息
| 选项 | 描述 |
|---|---|
| -v | 输出更多信息 |
| -vv | 包括输出和输入信息 |
| -vvv | 包括连接信息和被管理主机信息 |
| -vvvv | 包括每个远程主机的信息 |
[student@workstation troubleshoot-playbook]$ ansible-playbook debug.yml -v
Using /home/student/troubleshoot-playbook/ansible.cfg as config file
PLAY [one] ******************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************
ok: [servera.lab.example.com] => {"ansible_facts": {"ansible_all_ipv4_addresses": ["172.25.250.10"], "ansible_all_ipv6_addresses": ["fe80::e6c5:468e:edb6:9b52"], "ansible_apparmor": {"status": "disabled"}, "ansible_architecture": "x86_64", "ansible_bios_date": "04/01/2014", "ansible_bios_version": "1.11.1-3.module+el8+2529+a9686a4d", "ansible_cmdline": {"BOOT_IMAGE": "(hd0,msdos1)/boot/vmlinuz-4.18.0-80.el8.x86_64", "console": "ttyS0,115200n8", "crashkernel": "auto", "no_timer_check": true, "ro": true, "root": "UUID=884f47c9-a69d-4c5b-915d-6b7c9c74c923"}, "ansible_date_time": {"date": "2022-09-16", "day": "16", "epoch": "1663309986", "hour": "14", "iso8601": "2022-09-16T06:33:06Z", "iso8601_basic": "20220916T143306944374", "iso8601_basic_short": "20220916T143306", "iso8601_micro": "2022-09-16T06:33:06.944631Z", "minute": "33", "month": "09", "second": "06", "time": "14:33:06", "tz": "CST", "tz_offset": "+0800", "weekday": "Friday", "weekday_number": "5", "weeknumber": "37", "year": "2022"}, "ansible_default_ipv4": {"address": "172.25.250.10", "alias": "enp1s0", "broadcast": "172.25.250.255", "gateway": "172.25.250.254", "interface": "enp1s0", "macaddress": "52:54:00:00:fa:0a", "mtu": 1500, "netmask": "255.255.255.0", "network": "172.25.250.0", "type": "ether"}, "ansible_default_ipv6": {}, "ansible_device_links": {"ids": {}, "labels": {}, "masters": {}, "uuids": {"vda1": ["884f47c9-a69d-4c5b-915d-6b7c9c74c923"]}}, "ansible_devices": {"vda": {"holders": [], "host": "SCSI storage controller: Red Hat, Inc. Virtio block device (rev 01)", "links": {"ids": [], "labels": [], "masters": [], "uuids": []}, "model": null, "partitions": {"vda1": {"holders": [], "links": {"ids": [], "labels": [], "masters": [], "uuids": ["884f47c9-a69d-4c5b-915d-6b7c9c74c923"]}, "sectors": "20969439", "sectorsize": 512, "size": "10.00 GB", "start": "2048", "uuid": "884f47c9-a69d-4c5b-915d-6b7c9c74c923"}}, "removable": "0", "rotational": "1", "sas_address": null, "sas_device_handle": null, "scheduler_mode": "mq-deadline", "sectors": "20971520", "sectorsize": "512", "size": "10.00 GB", "support_discard": "0", "vendor": "0x1af4", "virtual": 1}, "vdb": {"holders": [], "host": "SCSI storage controller: Red Hat, Inc. Virtio block device (rev 01)", "links": {"ids": [], "labels": [], "masters": [], "uuids": []}, "model": null, "partitions": {}, "removable": "0", "rotational": "1", "sas_address": null, "sas_device_handle": null, "scheduler_mode": "mq-deadline", "sectors": "10485760", "sectorsize": "512", "size": "5.00 GB", "support_discard": "0", "vendor": "0x1af4", "virtual": 1}}, "ansible_distribution": "RedHat", "ansible_distribution_file_parsed": true, "ansible_distribution_file_path": "/etc/redhat-release", "ansible_distribution_file_search_string": "Red Hat", "ansible_distribution_file_variety": "RedHat", "ansible_distribution_major_version": "8", "ansible_distribution_release": "Ootpa", "ansible_distribution_version": "8.0", "ansible_dns": {"nameservers": ["172.25.250.254"], "search": ["lab.example.com", "example.com"]}, "ansible_domain": "lab.example.com", "ansible_effective_group_id": 1000, "ansible_effective_user_id": 1000, "ansible_enp1s0": {"active": true, "device": "enp1s0", "features": {"esp_hw_offload": "off [fixed]", "esp_tx_csum_hw_offload": "off [fixed]", "fcoe_mtu": "off [fixed]", "generic_receive_offload": "on", "generic_segmentation_offload": "on", "highdma": "on [fixed]", "hw_tc_offload": "off [fixed]", "l2_fwd_offload": "off [fixed]", "large_receive_offload": "off [fixed]", "loopback": "off [fixed]", "netns_local": "off [fixed]", "ntuple_filters": "off [fixed]", "receive_hashing": "off [fixed]", "rx_all": "off [fixed]", "rx_checksumming": "on [fixed]", "rx_fcs": "off [fixed]", "rx_gro_hw": "off [fixed]", "rx_udp_tunnel_port_offload": "off [fixed]", "rx_vlan_filter": "on [fixed]", "rx_vlan_offload": "off [fixed]", "rx_vlan_stag_filter": "off [fixed]", "rx_vlan_stag_hw_parse": "off [fixed]", "scatter_gather": "on", "tcp_segmentation_offload": "on", "tls_hw_record": "off [fixed]", "tls_hw_tx_offload": "off [fixed]", "tx_checksum_fcoe_crc": "off [fixed]", "tx_checksum_ip_generic": "on", "tx_checksum_ipv4": "off [fixed]", "tx_checksum_ipv6": "off [fixed]", "tx_checksum_sctp": "off [fixed]", "tx_checksumming": "on", "tx_esp_segmentation": "off [fixed]", "tx_fcoe_segmentation": "off [fixed]", "tx_gre_csum_segmentation": "off [fixed]", "tx_gre_segmentation": "off [fixed]", "tx_gso_partial": "off [fixed]", "tx_gso_robust": "on [fixed]", "tx_ipxip4_segmentation": "off [fixed]", "tx_ipxip6_segmentation": "off [fixed]", "tx_lockless": "off [fixed]", "tx_nocache_copy": "off", "tx_scatter_gather": "on", "tx_scatter_gather_fraglist": "off [fixed]", "tx_sctp_segmentation": "off [fixed]", "tx_tcp6_segmentation": "on", "tx_tcp_ecn_segmentation": "on", "tx_tcp_mangleid_segmentation": "off", "tx_tcp_segmentation": "on", "tx_udp_segmentation": "off [fixed]", "tx_udp_tnl_csum_segmentation": "off [fixed]", "tx_udp_tnl_segmentation": "off [fixed]", "tx_vlan_offload": "off [fixed]", "tx_vlan_stag_hw_insert": "off [fixed]", "udp_fragmentation_offload": "off", "vlan_challenged": "off [fixed]"}, "hw_timestamp_filters": [], "ipv4": {"address": "172.25.250.10", "broadcast": "172.25.250.255", "netmask": "255.255.255.0", "network": "172.25.250.0"}, "ipv6": [{"address": "fe80::e6c5:468e:edb6:9b52", "prefix": "64", "scope": "link"}], "macaddress": "52:54:00:00:fa:0a", "module": "virtio_net", "mtu": 1500, "pciid": "virtio1", "promisc": false, "speed": -1, "timestamping": ["tx_software", "rx_software", "software"], "type": "ether"}, "ansible_enp2s0": {"active": true, "device": "enp2s0", "features": {"esp_hw_offload": "off [fixed]", "esp_tx_csum_hw_offload": "off [fixed]", "fcoe_mtu": "off [fixed]", "generic_receive_offload": "on", "generic_segmentation_offload": "on", "highdma": "on [fixed]", "hw_tc_offload": "off [fixed]", "l2_fwd_offload": "off [fixed]", "large_receive_offload": "off [fixed]", "loopback": "off [fixed]", "netns_local": "off [fixed]", "ntuple_filters": "off [fixed]", "receive_hashing": "off [fixed]", "rx_all": "off [fixed]", "rx_checksumming": "on [fixed]", "rx_fcs": "off [fixed]", "rx_gro_hw": "off [fixed]", "rx_udp_tunnel_port_offload": "off [fixed]", "rx_vlan_filter": "on [fixed]", "rx_vlan_offload": "off [fixed]", "rx_vlan_stag_filter": "off [fixed]", "rx_vlan_stag_hw_parse": "off [fixed]", "scatter_gather": "on", "tcp_segmentation_offload": "on", "tls_hw_record": "off [fixed]", "tls_hw_tx_offload": "off [fixed]", "tx_checksum_fcoe_crc": "off [fixed]", "tx_checksum_ip_generic": "on", "tx_checksum_ipv4": "off [fixed]", "tx_checksum_ipv6": "off [fixed]", "tx_checksum_sctp": "off [fixed]", "tx_checksumming": "on", "tx_esp_segmentation": "off [fixed]", "tx_fcoe_segmentation": "off [fixed]", "tx_gre_csum_segmentation": "off [fixed]", "tx_gre_segmentation": "off [fixed]", "tx_gso_partial": "off [fixed]", "tx_gso_robust": "on [fixed]", "tx_ipxip4_segmentation": "off [fixed]", "tx_ipxip6_segmentation": "off [fixed]", "tx_lockless": "off [fixed]", "tx_nocache_copy": "off", "tx_scatter_gather": "on", "tx_scatter_gather_fraglist": "off [fixed]", "tx_sctp_segmentation": "off [fixed]", "tx_tcp6_segmentation": "on", "tx_tcp_ecn_segmentation": "on", "tx_tcp_mangleid_segmentation": "off", "tx_tcp_segmentation": "on", "tx_udp_segmentation": "off [fixed]", "tx_udp_tnl_csum_segmentation": "off [fixed]", "tx_udp_tnl_segmentation": "off [fixed]", "tx_vlan_offload": "off [fixed]", "tx_vlan_stag_hw_insert": "off [fixed]", "udp_fragmentation_offload": "off", "vlan_challenged": "off [fixed]"}, "hw_timestamp_filters": [], "macaddress": "52:54:00:01:fa:0a", "module": "virtio_net", "mtu": 1500, "pciid": "virtio2", "promisc": false, "speed": -1, "timestamping": ["tx_software", "rx_software", "software"], "type": "ether"}, "ansible_env": {"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/1000/bus", "HOME": "/home/student", "LANG": "en_US.UTF-8", "LESSOPEN": "||/usr/bin/lesspipe.sh %s", "LOGNAME": "student", "LS_COLORS": "rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.m4a=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.oga=01;36:*.opus=01;36:*.spx=01;36:*.xspf=01;36:", "MAIL": "/var/mail/student", "PATH": "/home/student/.local/bin:/home/student/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin", "PWD": "/home/student", "SELINUX_LEVEL_REQUESTED": "", "SELINUX_ROLE_REQUESTED": "", "SELINUX_USE_CURRENT_RANGE": "", "SHELL": "/bin/bash", "SHLVL": "2", "SSH_CLIENT": "172.25.250.9 40668 22", "SSH_CONNECTION": "172.25.250.9 40668 172.25.250.10 22", "SSH_TTY": "/dev/pts/0", "TERM": "xterm", "USER": "student", "XDG_RUNTIME_DIR": "/run/user/1000", "XDG_SESSION_ID": "39", "_": "/usr/libexec/platform-python"}, "ansible_fibre_channel_wwn": [], "ansible_fips": false, "ansible_form_factor": "Other", "ansible_fqdn": "servera.lab.example.com", "ansible_hostname": "servera", "ansible_hostnqn": "", "ansible_interfaces": ["enp2s0", "lo", "enp1s0"], "ansible_is_chroot": true, "ansible_iscsi_iqn": "", "ansible_kernel": "4.18.0-80.el8.x86_64", "ansible_lo": {"active": true, "device": "lo", "features": {"esp_hw_offload": "off [fixed]", "esp_tx_csum_hw_offload": "off [fixed]", "fcoe_mtu": "off [fixed]", "generic_receive_offload": "on", "generic_segmentation_offload": "on", "highdma": "on [fixed]", "hw_tc_offload": "off [fixed]", "l2_fwd_offload": "off [fixed]", "large_receive_offload": "off [fixed]", "loopback": "on [fixed]", "netns_local": "on [fixed]", "ntuple_filters": "off [fixed]", "receive_hashing": "off [fixed]", "rx_all": "off [fixed]", "rx_checksumming": "on [fixed]", "rx_fcs": "off [fixed]", "rx_gro_hw": "off [fixed]", "rx_udp_tunnel_port_offload": "off [fixed]", "rx_vlan_filter": "off [fixed]", "rx_vlan_offload": "off [fixed]", "rx_vlan_stag_filter": "off [fixed]", "rx_vlan_stag_hw_parse": "off [fixed]", "scatter_gather": "on", "tcp_segmentation_offload": "on", "tls_hw_record": "off [fixed]", "tls_hw_tx_offload": "off [fixed]", "tx_checksum_fcoe_crc": "off [fixed]", "tx_checksum_ip_generic": "on [fixed]", "tx_checksum_ipv4": "off [fixed]", "tx_checksum_ipv6": "off [fixed]", "tx_checksum_sctp": "on [fixed]", "tx_checksumming": "on", "tx_esp_segmentation": "off [fixed]", "tx_fcoe_segmentation": "off [fixed]", "tx_gre_csum_segmentation": "off [fixed]", "tx_gre_segmentation": "off [fixed]", "tx_gso_partial": "off [fixed]", "tx_gso_robust": "off [fixed]", "tx_ipxip4_segmentation": "off [fixed]", "tx_ipxip6_segmentation": "off [fixed]", "tx_lockless": "on [fixed]", "tx_nocache_copy": "off [fixed]", "tx_scatter_gather": "on [fixed]", "tx_scatter_gather_fraglist": "on [fixed]", "tx_sctp_segmentation": "on", "tx_tcp6_segmentation": "on", "tx_tcp_ecn_segmentation": "on", "tx_tcp_mangleid_segmentation": "on", "tx_tcp_segmentation": "on", "tx_udp_segmentation": "off [fixed]", "tx_udp_tnl_csum_segmentation": "off [fixed]", "tx_udp_tnl_segmentation": "off [fixed]", "tx_vlan_offload": "off [fixed]", "tx_vlan_stag_hw_insert": "off [fixed]", "udp_fragmentation_offload": "off", "vlan_challenged": "on [fixed]"}, "hw_timestamp_filters": [], "ipv4": {"address": "127.0.0.1", "broadcast": "host", "netmask": "255.0.0.0", "network": "127.0.0.0"}, "ipv6": [{"address": "::1", "prefix": "128", "scope": "host"}], "mtu": 65536, "promisc": false, "timestamping": ["tx_software", "rx_software", "software"], "type": "loopback"}, "ansible_local": {}, "ansible_lsb": {}, "ansible_machine": "x86_64", "ansible_machine_id": "88394775ca9147439ae63aab9c500045", "ansible_memfree_mb": 159, "ansible_memory_mb": {"nocache": {"free": 586, "used": 235}, "real": {"free": 159, "total": 821, "used": 662}, "swap": {"cached": 0, "free": 0, "total": 0, "used": 0}}, "ansible_memtotal_mb": 821, "ansible_mounts": [{"block_available": 2209652, "block_size": 4096, "block_total": 2618619, "block_used": 408967, "device": "/dev/vda1", "fstype": "xfs", "inode_available": 5196583, "inode_total": 5242304, "inode_used": 45721, "mount": "/", "options": "rw,seclabel,relatime,attr2,inode64,noquota", "size_available": 9050734592, "size_total": 10725863424, "uuid": "884f47c9-a69d-4c5b-915d-6b7c9c74c923"}], "ansible_nodename": "servera.lab.example.com", "ansible_os_family": "RedHat", "ansible_pkg_mgr": "dnf", "ansible_proc_cmdline": {"BOOT_IMAGE": "(hd0,msdos1)/boot/vmlinuz-4.18.0-80.el8.x86_64", "console": ["tty0", "ttyS0,115200n8"], "crashkernel": "auto", "no_timer_check": true, "ro": true, "root": "UUID=884f47c9-a69d-4c5b-915d-6b7c9c74c923"}, "ansible_processor": ["0", "GenuineIntel", "QEMU Virtual CPU version 2.5+"], "ansible_processor_cores": 1, "ansible_processor_count": 1, "ansible_processor_threads_per_core": 1, "ansible_processor_vcpus": 1, "ansible_product_name": "KVM", "ansible_product_serial": "NA", "ansible_product_uuid": "NA", "ansible_product_version": "RHEL-7.6.0 PC (Q35 + ICH9, 2009)", "ansible_python": {"executable": "/usr/libexec/platform-python", "has_sslcontext": true, "type": "cpython", "version": {"major": 3, "micro": 8, "minor": 6, "releaselevel": "final", "serial": 0}, "version_info": [3, 6, 8, "final", 0]}, "ansible_python_version": "3.6.8", "ansible_real_group_id": 1000, "ansible_real_user_id": 1000, "ansible_selinux": {"config_mode": "enforcing", "mode": "enforcing", "policyvers": 31, "status": "enabled", "type": "targeted"}, "ansible_selinux_python_present": true, "ansible_service_mgr": "systemd", "ansible_ssh_host_key_ecdsa_public": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMzl8zujH2mt6wy+3tgViAh/kbAOg/o+5bbNMUqiDX+keObXAIODAEb9EoQLfAcR3ZlEKqYCsweGADkw52HmNCc=", "ansible_ssh_host_key_ed25519_public": "AAAAC3NzaC1lZDI1NTE5AAAAICduOpoEOEGzWCiFyWpwOPPzo729ugmYJ+z+Xd2VYxTl", "ansible_ssh_host_key_rsa_public": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDLXT54GJfAGvnIbzAW8flDln+3QAgHrlut7VBIwdus6+Fwf/GKFvMz28VpL2mRJO/Don1LDcyojxWgmRjaI8nOYQxE58zxWH/rQ05sjD9rtVd529921E5RJjUaiydjW4FXf1EsCyKbt2mxEPKKA5Neg6WTQmGdljh4TqPtv9bqDbMjUUj+cwFV2OoY2RmqDtrxW6bggeZQMYMFmgYEaQDcGUc1n3+3gHHIZDOTj8ice4z/fKMUl2QKmcU619zy4A2jwHYawrFx7s+OkeKSVT6gfrcI7wk9+I2PqbINXXa/WsLNlFzDkmiD0JbOL9ZrjBW3WmoX4SIc2G2BH97ZFXqD", "ansible_swapfree_mb": 0, "ansible_swaptotal_mb": 0, "ansible_system": "Linux", "ansible_system_capabilities": [""], "ansible_system_capabilities_enforced": "True", "ansible_system_vendor": "Red Hat", "ansible_uptime_seconds": 77124, "ansible_user_dir": "/home/student", "ansible_user_gecos": "Student User", "ansible_user_gid": 1000, "ansible_user_id": "student", "ansible_user_shell": "/bin/bash", "ansible_user_uid": 1000, "ansible_userspace_architecture": "x86_64", "ansible_userspace_bits": "64", "ansible_virtualization_role": "guest", "ansible_virtualization_type": "kvm", "discovered_interpreter_python": "/usr/libexec/platform-python", "gather_subset": ["all"], "module_setup": true}, "changed": false}
TASK [one] ******************************************************************************************************************************************************************
ok: [servera.lab.example.com] => {
"msg": "159"
}
PLAY RECAP ******************************************************************************************************************************************************************
servera.lab.example.com : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@workstation troubleshoot-playbook]$
1.5 故障排除练习
1.5.1 实验说明
- 开启实验
- 添加ansible.cfg文件,指定inventory文件路径和log_path路径
- 运行samba.yml文件
- 提示定义变量出错
- 配置文件名错误
- 修改错误,检查语法,运行playbook
1.5.2 实验
[student@workstation ~]$ lab troubleshoot-playbook start
Setting up workstation for guided exercise work:
. Checking servera.lab.example.com availability:.............. SUCCESS
. Creating the working directory.............................. SUCCESS
. Downloading inventory....................................... SUCCESS
. Downloading samba.yml....................................... SUCCESS
. Downloading samba.conf.j2................................... SUCCESS
. Changing permissions to the working directory............... SUCCESS
[student@workstation ~]$ cd troubleshoot-playbook/
[student@workstation troubleshoot-playbook]$ ls
inventory samba.conf.j2 samba.yml
[student@workstation troubleshoot-playbook]$ ansible-playbook samba.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
ERROR! Syntax Error while loading YAML.
mapping values are not allowed in this context
The error appears to be in '/home/student/troubleshoot-playbook/samba.yml': line 8, column 30, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
install_state: installed
random_var: This is colon: test
^ here
[student@workstation troubleshoot-playbook]$ vim ansile.cfg
[student@workstation troubleshoot-playbook]$ vim samba.yml
[student@workstation troubleshoot-playbook]$ ansible-playbook samba.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
ERROR! Syntax Error while loading YAML.
did not find expected key
The error appears to be in '/home/student/troubleshoot-playbook/samba.yml': line 44, column 4, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: deliver samba config
^ here
[student@workstation troubleshoot-playbook]$ cat inventory
[samba_servers]
servera.lab.example.com
[mailrelay]
servera.lab.example.com
[student@workstation troubleshoot-playbook]$ cat ansible.cfg
[defaults]
inventory=./inventory
log_path=./ansible.log
[student@workstation troubleshoot-playbook]$ cat ansible.log
[student@workstation troubleshoot-playbook]$ cat samba.yml
---
- name: Install a samba server
hosts: samba_servers
user: devops
become: true
vars:
install_state: installed
random_var: "This is colon: test"
tasks:
- name: install samba
yum:
name: samba
state: "{{ install_state }}"
- name: install firewalld
yum:
name: firewalld
state: installed
- name: debug install_state variable
debug:
msg: "The state for the samba service is {{ install_state }}"
- name: start samba
service:
name: smb
state: started
enabled: yes
- name: start firewalld
service:
name: firewalld
state: started
enabled: yes
- name: configure firewall for samba
firewalld:
state: enabled
permanent: true
immediate: true
service: samba
- name: deliver samba config
template:
src: samba.conf.j2
dest: /etc/samba/smb.conf
owner: root
group: root
mode: 0644
[student@workstation troubleshoot-playbook]$ ansible-playbook samba.yml
PLAY [Install a samba server] ***********************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************
ok: [servera.lab.example.com]
TASK [install samba] ********************************************************************************************************************************************************
changed: [servera.lab.example.com]
TASK [install firewalld] ****************************************************************************************************************************************************
ok: [servera.lab.example.com]
TASK [debug install_state variable] *****************************************************************************************************************************************
ok: [servera.lab.example.com] => {
"msg": "The state for the samba service is installed"
}
TASK [start samba] **********************************************************************************************************************************************************
changed: [servera.lab.example.com]
TASK [start firewalld] ******************************************************************************************************************************************************
ok: [servera.lab.example.com]
TASK [configure firewall for samba] *****************************************************************************************************************************************
changed: [servera.lab.example.com]
TASK [deliver samba config] *************************************************************************************************************************************************
changed: [servera.lab.example.com]
PLAY RECAP ******************************************************************************************************************************************************************
servera.lab.example.com : ok=8 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@workstation troubleshoot-playbook]$ cat ansible.log
2022-09-16 15:47:21,744 p=16288 u=student | PLAY [Install a samba server] ***********************************************************************************************************************************************
2022-09-16 15:47:21,762 p=16288 u=student | TASK [Gathering Facts] ******************************************************************************************************************************************************
2022-09-16 15:47:24,640 p=16288 u=student | ok: [servera.lab.example.com]
2022-09-16 15:47:24,673 p=16288 u=student | TASK [install samba] ********************************************************************************************************************************************************
2022-09-16 15:47:30,216 p=16288 u=student | changed: [servera.lab.example.com]
2022-09-16 15:47:30,255 p=16288 u=student | TASK [install firewalld] ****************************************************************************************************************************************************
2022-09-16 15:47:32,536 p=16288 u=student | ok: [servera.lab.example.com]
2022-09-16 15:47:32,573 p=16288 u=student | TASK [debug install_state variable] *****************************************************************************************************************************************
2022-09-16 15:47:32,608 p=16288 u=student | ok: [servera.lab.example.com] => {
"msg": "The state for the samba service is installed"
}
2022-09-16 15:47:32,640 p=16288 u=student | TASK [start samba] **********************************************************************************************************************************************************
2022-09-16 15:47:35,175 p=16288 u=student | changed: [servera.lab.example.com]
2022-09-16 15:47:35,206 p=16288 u=student | TASK [start firewalld] ******************************************************************************************************************************************************
2022-09-16 15:47:36,213 p=16288 u=student | ok: [servera.lab.example.com]
2022-09-16 15:47:36,244 p=16288 u=student | TASK [configure firewall for samba] *****************************************************************************************************************************************
2022-09-16 15:47:37,877 p=16288 u=student | changed: [servera.lab.example.com]
2022-09-16 15:47:37,910 p=16288 u=student | TASK [deliver samba config] *************************************************************************************************************************************************
2022-09-16 15:47:39,916 p=16288 u=student | changed: [servera.lab.example.com]
2022-09-16 15:47:39,920 p=16288 u=student | PLAY RECAP ******************************************************************************************************************************************************************
2022-09-16 15:47:39,920 p=16288 u=student | servera.lab.example.com : ok=8 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@workstation troubleshoot-playbook]$
2、 ansible管理主机排错
2.1 check模块
控制模块是否在检查模式下运行,yes表示在检查模式下运行
[student@workstation troubleshoot-playbook]$ cat check.yml
---
- name: use check
hosts: all
tasks:
- name: 查看内核
shell: uname
check_mode: yes
- name: 查看ip地址
shell: ifconfig
check_mode: yes
[student@workstation troubleshoot-playbook]$ ansible-playbook check.yml
PLAY [use check] ***********************************************************************************************************************************
TASK [Gathering Facts] *****************************************************************************************************************************
ok: [servera.lab.example.com]
TASK [查看内核] ****************************************************************************************************************************************
skipping: [servera.lab.example.com]
TASK [查看ip地址] **************************************************************************************************************************************
skipping: [servera.lab.example.com]
PLAY RECAP *****************************************************************************************************************************************
servera.lab.example.com : ok=1 changed=0 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
2.2 URI模块
uri模块,可以返回API的不同值
[student@workstation troubleshoot-playbook]$ cat uri.yml
---
- name: uri
hosts: all
remote_user: devops
tasks:
- uri:
url: http://www.XX.com
return_content: yes
register: apireponse
- fail:
msg: "no no no"
when: "'xx' not in apireponse.content"
2.3 使用AD HOC
通过简单的命令检查主机状态
[student@workstation troubleshoot-playbook]$ ansible all -m ping
servera.lab.example.com | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[student@workstation troubleshoot-playbook]$ ansible all -m ping --become
servera.lab.example.com | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[student@workstation troubleshoot-playbook]$ ansible all -a 'free -h'
servera.lab.example.com | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 821Mi 200Mi 119Mi 41Mi 501Mi 449Mi
Swap: 0B 0B 0B
2.4 管理主机排错练习
2.4.1 实验说明
- 开启实验环境
- 运行mailready.yml的playbook
- 尝试运行playbook
- 直接运行playbook
2.4.2 实验
[student@workstation ~]$ lab troubleshoot-host start
Setting up workstation for lab exercise work:
. Checking postfix package on servera......................... SUCCESS
. Creating the working directory.............................. SUCCESS
. Downloading ansible.cfg..................................... SUCCESS
. Downloading inventory....................................... SUCCESS
. Downloading mailrelay.yml................................... SUCCESS
. Downloading postfix-relay-main.conf.j2...................... SUCCESS
. Changing permissions to the working directory............... SUCCESS
[student@workstation troubleshoot-host]$ cat inventory
[samba_servers]
servera.lab.example.com
[mailrelay]
servera.lab.example.com
[student@workstation troubleshoot-host]$ cat mailrelay.yml
---
# start of mailrelay playbook
- name: create mail relay servers
hosts: mailrelay
user: devops
become: true
tasks:
- name: install postfix package
yum:
name: postfix
state: installed
- name: install mail config files
template:
src: postfix-relay-main.conf.j2
dest: /etc/postfix/main.cf
owner: root
group: root
mode: 0644
notify: restart postfix
- name: check main.cf file
stat: path=/etc/postfix/main.cf
register: maincf
- name: verify main.cf file exists
debug: msg="The main.cf file exists"
when: maincf.stat.exists is defined
- name: start and enable mail services
service:
name: postfix
state: started
enabled: yes
- name: check for always_bcc
command: /usr/sbin/postconf always_bcc
register: bcc_state
ignore_errors: true
- name: email notification of always_bcc config
mail:
to: student@serverb.example.com
subject: 'always_bcc setting is not empty'
body: "always_bcc is {{bcc_state.stdout}}"
when: bcc_state.stdout != 'always_bcc ='
handlers:
- name: restart postfix
service:
name: postfix
state: restarted
[student@workstation troubleshoot-host]$ ansible-playbook -C mailrelay.yml
PLAY [create mail relay servers] ********************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************
ok: [servera.lab.example.com]
TASK [install postfix package] **********************************************************************************************************************************************
changed: [servera.lab.example.com]
TASK [install mail config files] ********************************************************************************************************************************************
changed: [servera.lab.example.com]
TASK [check main.cf file] ***************************************************************************************************************************************************
ok: [servera.lab.example.com]
TASK [verify main.cf file exists] *******************************************************************************************************************************************
ok: [servera.lab.example.com] => {
"msg": "The main.cf file exists"
}
TASK [start and enable mail services] ***************************************************************************************************************************************
changed: [servera.lab.example.com]
TASK [check for always_bcc] *************************************************************************************************************************************************
skipping: [servera.lab.example.com]
TASK [email notification of always_bcc config] ******************************************************************************************************************************
fatal: [servera.lab.example.com]: FAILED! => {"msg": "The conditional check 'bcc_state.stdout != 'always_bcc ='' failed. The error was: error while eval(bcc_state.stdout != 'always_bcc ='): 'dict object' has no attribute 'stdout'\n\nThe error appears to be in '/home/student/troubleshoot-host/mailrelay.yml': line 42, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: email notification of always_bcc config\n ^ here\n"}
RUNNING HANDLER [restart postfix] *******************************************************************************************************************************************
PLAY RECAP ******************************************************************************************************************************************************************
servera.lab.example.com : ok=6 changed=3 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
[student@workstation troubleshoot-host]$ ansible-playbook mailrelay.yml
PLAY [create mail relay servers] ********************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************
ok: [servera.lab.example.com]
TASK [install postfix package] **********************************************************************************************************************************************
changed: [servera.lab.example.com]
TASK [install mail config files] ********************************************************************************************************************************************
changed: [servera.lab.example.com]
TASK [check main.cf file] ***************************************************************************************************************************************************
ok: [servera.lab.example.com]
TASK [verify main.cf file exists] *******************************************************************************************************************************************
ok: [servera.lab.example.com] => {
"msg": "The main.cf file exists"
}
TASK [start and enable mail services] ***************************************************************************************************************************************
changed: [servera.lab.example.com]
TASK [check for always_bcc] *************************************************************************************************************************************************
changed: [servera.lab.example.com]
TASK [email notification of always_bcc config] ******************************************************************************************************************************
skipping: [servera.lab.example.com]
RUNNING HANDLER [restart postfix] *******************************************************************************************************************************************
changed: [servera.lab.example.com]
PLAY RECAP ******************************************************************************************************************************************************************
servera.lab.example.com : ok=8 changed=5 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
[student@workstation ~]$ lab troubleshoot-host finish
Cleaning up the exercise on workstation:
. Cleaning up exercise........................................ SUCCESS
3、综合实验
3.1 实验说明
- 开启实验环境
- 检查文件secure-web.yml语法,改错
- 运行playbook查看运行结果,继续改错
- 发现remote_user错误,修改正确运行程序
3.2 实验
[student@workstation ~]$ lab troubleshoot-review start
Setting up workstation for lab exercise work:
· Creating the working directory.............................. SUCCESS
· Removing web server packages on serverb.lab.example.com..... SUCCESS
· Downloading ansible.cfg..................................... SUCCESS
· Downloading inventory-lab................................... SUCCESS
· Downloading secure-web.yml.................................. SUCCESS
· Downloading vhosts.conf..................................... SUCCESS
· Creating the html directory................................. SUCCESS
· Downloading index.html...................................... SUCCESS
· Changing permissions to the working directory............... SUCCESS
· Configuring HTTP/HTTPS access to serverb.lab.example.com.... SUCCESS
[student@workstation troubleshoot-review]$ ansible-playbook secure-web.yml --syntax-check
ERROR! Syntax Error while loading YAML.
mapping values are not allowed in this context
The error appears to be in '/home/student/troubleshoot-review/secure-web.yml': line 7, column 30, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
vars:
random_var: This is colon: test
^ here
[student@workstation troubleshoot-review]$ cat secure-web.yml
---
# start of secure web server playbook
- name: create secure web service
hosts: webservers
remote_user: students
vars:
random_var: "This is colon: test"
tasks:
- block:
- name: install web server packages
yum:
name: "{{ item }}"
state: latest
notify:
- restart services
loop:
- httpd
- mod_ssl
- name: install httpd config files
copy:
src: vhosts.conf
dest: /etc/httpd/conf.d/vhosts.conf
backup: yes
owner: root
group: root
mode: 0644
register: vhosts_config
notify:
- restart services
- name: create ssl certificate
command: openssl req -new -nodes -x509 -subj "/C=US/ST=North Carolina/L=Raleigh/O=Example Inc/CN=serverb.lab.example.com" -days 120 -keyout /etc/pki/tls/private/serverb.lab.example.com.key -out /etc/pki/tls/certs/serverb.lab.example.com.crt -extensions v3_ca
args:
creates: /etc/pki/tls/certs/serverb.lab.example.com.crt
- name: start and enable web services
service:
name: httpd
state: started
enabled: yes
- name: deliver content
copy:
dest: /var/www/vhosts/serverb-secure
src: html/
- name: check httpd syntax
command: /sbin/httpd -t
register: httpd_conf_syntax
failed_when: "'Syntax OK' not in httpd_conf_syntax.stderr"
- name: httpd_conf_syntax variable
debug:
msg: "The httpd_conf_syntax variable value is {{ httpd_conf_syntax }}"
- name: check httpd status
command: systemctl is-active httpd
register: httpd_status
changed_when: httpd_status.rc != 0
notify:
- restart services
rescue:
- name: recover original httpd config
file:
path: /etc/httpd/conf.d/vhosts.conf
state: absent
notify:
- restart services
- name: email notification of httpd config status
mail:
to: student@serverb.lab.example.com
subject: 'httpd config is not correct'
body: "httpd syntax is {{httpd_conf_syntax.stdout}}"
when: httpd_conf_syntax.stdout != 'Syntax OK'
handlers:
- name: restart services
service:
name: httpd
state: restarted
# end of secure web play
[student@workstation troubleshoot-review]$
[student@workstation troubleshoot-review]$ ansible-playbook secure-web.yml
PLAY [create secure web service] ********************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************
fatal: [serverb.lab.example.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: students@serverc.lab.example.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true}
PLAY RECAP ******************************************************************************************************************************************************************
serverb.lab.example.com : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
[student@workstation troubleshoot-review]$ cat secure-web.yml
---
# start of secure web server playbook
- name: create secure web service
hosts: webservers
remote_user: student
vars:
random_var: "This is colon: test"
……
[student@workstation troubleshoot-review]$ cat secure-web.yml
---
# start of secure web server playbook
- name: create secure web service
hosts: webservers
remote_user: devops
become: yes
vars:
random_var: "This is colon: test"
tasks:
- block:
- name: install web server packages
yum:
name: "{{ item }}"
state: latest
notify:
- restart services
loop:
- httpd
- mod_ssl
- name: install httpd config files
copy:
src: vhosts.conf
dest: /etc/httpd/conf.d/vhosts.conf
backup: yes
owner: root
group: root
mode: 0644
register: vhosts_config
notify:
- restart services
- name: create ssl certificate
command: openssl req -new -nodes -x509 -subj "/C=US/ST=North Carolina/L=Raleigh/O=Example Inc/CN=serverb.lab.example.com" -days 120 -keyout /etc/pki/tls/private/serverb.lab.example.com.key -out /etc/pki/tls/certs/serverb.lab.example.com.crt -extensions v3_ca
args:
creates: /etc/pki/tls/certs/serverb.lab.example.com.crt
- name: start and enable web services
service:
name: httpd
state: started
enabled: yes
- name: deliver content
copy:
dest: /var/www/vhosts/serverb-secure
src: html/
- name: check httpd syntax
command: /sbin/httpd -t
register: httpd_conf_syntax
failed_when: "'Syntax OK' not in httpd_conf_syntax.stderr"
- name: httpd_conf_syntax variable
debug:
msg: "The httpd_conf_syntax variable value is {{ httpd_conf_syntax }}"
- name: check httpd status
command: systemctl is-active httpd
register: httpd_status
changed_when: httpd_status.rc != 0
notify:
- restart services
rescue:
- name: recover original httpd config
file:
path: /etc/httpd/conf.d/vhosts.conf
state: absent
notify:
- restart services
- name: email notification of httpd config status
mail:
to: student@serverb.lab.example.com
subject: 'httpd config is not correct'
body: "httpd syntax is {{httpd_conf_syntax.stdout}}"
when: httpd_conf_syntax.stdout != 'Syntax OK'
handlers:
- name: restart services
service:
name: httpd
state: restarted
# end of secure web play
[student@workstation troubleshoot-review]$ ansible-playbook secure-web.yml
PLAY [create secure web service] *******************************************************************************************************************
TASK [Gathering Facts] *****************************************************************************************************************************
ok: [serverb.lab.example.com]
TASK [install web server packages] *****************************************************************************************************************
changed: [serverb.lab.example.com] => (item=httpd)
changed: [serverb.lab.example.com] => (item=mod_ssl)
TASK [install httpd config files] ******************************************************************************************************************
changed: [serverb.lab.example.com]
TASK [create ssl certificate] **********************************************************************************************************************
changed: [serverb.lab.example.com]
TASK [start and enable web services] ***************************************************************************************************************
changed: [serverb.lab.example.com]
TASK [deliver content] *****************************************************************************************************************************
changed: [serverb.lab.example.com]
TASK [check httpd syntax] **************************************************************************************************************************
changed: [serverb.lab.example.com]
TASK [httpd_conf_syntax variable] ******************************************************************************************************************
ok: [serverb.lab.example.com] => {
"msg": "The httpd_conf_syntax variable value is {'cmd': ['/sbin/httpd', '-t'], 'stdout': '', 'stderr': 'Syntax OK', 'rc': 0, 'start': '2022-09-16 19:22:26.388131', 'end': '2022-09-16 19:22:26.480096', 'delta': '0:00:00.091965', 'changed': True, 'stdout_lines': [], 'stderr_lines': ['Syntax OK'], 'failed': False, 'failed_when_result': False}"
}
TASK [check httpd status] **************************************************************************************************************************
ok: [serverb.lab.example.com]
RUNNING HANDLER [restart services] *****************************************************************************************************************
changed: [serverb.lab.example.com]
PLAY RECAP *****************************************************************************************************************************************
serverb.lab.example.com : ok=10 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@workstation ~]$ lab troubleshoot-review finish
Cleaning up the lab on serverb.lab.example.com:
· Removing vhosts.conf: ...................................... SUCCESS
· Removing /var/www/vhosts/serverb-secure: ................... SUCCESS
· Removing web server certificate: ........................... SUCCESS
· Removing web server packages: .............................. SUCCESS
