采用ansible收集多个centos6主机的一个特定日志文件vsftpd.log的后3000行
因维护需要、要到多个centos6主机去检查某个特定日志文件vsftpd.log的后3000行,用于分析ftp服务器的可维护时间窗口。一台一台登录去处理太慢,为提高效率,采用ansible批量处理。
具体使用方法如下:
基础环境
# lsb_release -aLSB Version: :core-4.1-amd64:core-4.1-noarch Distributor ID: CentOS Description: CentOS Linux release7.6.1810(Core)Release:7.6.1810 Codename: Coreansible版本
因要采集的是一批centos6主机的日志文件,故ansible版本不宜过高,采用一台centos7.6默认安装的ansible。
# ansible --versionansible2.9.27 configfile=/etc/ansible/ansible.cfg configured module search path=[u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']ansible python module location=/usr/lib/python2.7/site-packages/ansible executable location=/usr/bin/ansible python version=2.7.5(default, Nov142023,16:14:06)[GCC4.8.520150623(Red Hat4.8.5-44)]配置ansible信任
ssh-keygen -t rsa -b 2048
ssh-copy-id root@10.128.1.1
ssh-copy-id root@10.128.1.2
ssh-copy-id root@10.128.1.3
ssh-copy-id root@10.128.1.4
ssh-copy-id root@10.128.1.5
ansible要用到的主机组
# cat hosts.ini[vsftpdHosts]10.128.1.110.128.1.210.128.1.310.128.1.410.128.1.5要用到的yml
功能主要是从远程主机取得/data/log_vsftpd/vsftpd.log的后3000行,并取回本调度机,放在logs目录下,用{remote_IP}_vsftpd.log为区别。
vifetch_vsftpd_logs.yml.run --- - name: Collect vsftpd logs from all hosts hosts: vsftpdHosts become:yestasks: - name: Checkiflogfileexists stat: path: /data/log_vsftpd/vsftpd.log register: log_file_check - name: Get last3000lines of vsftpd log shell:tail-n3000/data/log_vsftpd/vsftpd.log register: log_content when: log_file_check.stat.exists ignore_errors:yes- name: Verify log content length debug: msg:"Log content has {{ log_content.stdout | length }} characters"when: log_content.stdout is defined# ---------- 本地目录 & 文件 ----------- name: Createlocallogs directoryifnot exists ansible.builtin.file: path: ./logs state: directory mode:'0755'delegate_to: localhost delegate_to: localhost - name: Write log content tolocalfileansible.builtin.copy: content:"{{ log_content.stdout }}"dest:"./logs/{{ inventory_hostname }}_vsftpd.log"mode:'0644'delegate_to: localhost when: log_content.stdout is defined and log_content.stdout|length>0- name: Checklocallogfileexistence stat: path:"./logs/{{ inventory_hostname }}_vsftpd.log"register: local_file_check delegate_to: localhost - name: Displayfilestatus debug: msg:"File exists: {{ local_file_check.stat.exists }}, Size: {{ local_file_check.stat.size }} bytes"when: local_file_check is definedansible-playbook -i hosts.ini fetch_vsftpd_logs.yml.run -u root
执行日志如下:
PLAY[Collect vsftpd logs from all hosts]************************************************************************************************ TASK[Gathering Facts]******************************************************************************************************************* ok:[10.128.1.1]ok:[10.128.1.2]ok:[10.128.1.3]ok:[10.128.1.4]ok:[10.128.1.5]fatal:[10.128.1.6]: UNREACHABLE!=>{"changed":false,"msg":"Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).","unreachable":true}TASK[Checkiflogfileexists]********************************************************************************************************** ok:[10.128.1.1]ok:[10.128.1.2]ok:[10.128.1.3]ok:[10.128.1.4]ok:[10.128.1.5]TASK[Get last3000lines of vsftpd log]************************************************************************************************* changed:[10.128.1.1]changed:[10.128.1.2]changed:[10.128.1.3]changed:[10.128.1.4]changed:[10.128.1.5]TASK[Verify log content length]********************************************************************************************************* ok:[10.128.1.1]=>{"msg":"Log content has 323400 characters"}ok:[10.128.1.2]=>{"msg":"Log content has 290198 characters"}ok:[10.128.1.3]=>{"msg":"Log content has 303307 characters"}ok:[10.128.1.4]=>{"msg":"Log content has 334068 characters"}ok:[10.128.1.5]=>{"msg":"Log content has 383272 characters"}TASK[Createlocallogs directoryifnot exists]***************************************************************************************** changed:[10.128.1.1 ->localhost]ok:[10.128.1.2 ->localhost]ok:[10.128.1.3 ->localhost]ok:[10.128.1.4 ->localhost]ok:[10.128.1.5 ->localhost]TASK[Write log content tolocalfile]*************************************************************************************************** changed:[10.128.1.1 ->localhost]changed:[10.128.1.2 ->localhost]changed:[10.128.1.3 ->localhost]changed:[10.128.1.4 ->localhost]changed:[10.128.1.5 ->localhost]TASK[Checklocallogfileexistence]**************************************************************************************************** ok:[10.128.1.1 ->localhost]ok:[10.128.1.2 ->localhost]ok:[10.128.1.3 ->localhost]ok:[10.128.1.4 ->localhost]ok:[10.128.1.5 ->localhost]TASK[Displayfilestatus]*************************************************************************************************************** ok:[10.128.1.1]=>{"msg":"File exists: True, Size: 152225 bytes"}ok:[10.128.1.2]=>{"msg":"File exists: True, Size: 362393 bytes"}ok:[10.128.1.3]=>{"msg":"File exists: True, Size: 372055 bytes"}ok:[10.128.1.4]=>{"msg":"File exists: True, Size: 457034 bytes"}ok:[10.128.1.5]=>{"msg":"File exists: True, Size: 338930 bytes"}PLAY RECAP *******************************************************************************************************************************10.128.1.1:ok=8changed=2unreachable=0failed=0skipped=0rescued=0ignored=010.128.1.2:ok=8changed=2unreachable=0failed=0skipped=0rescued=0ignored=010.128.1.3:ok=8changed=3unreachable=0failed=0skipped=0rescued=0ignored=010.128.1.4:ok=8changed=2unreachable=0failed=0skipped=0rescued=0ignored=010.128.1.5:ok=8changed=2unreachable=0failed=0skipped=0rescued=0ignored=0取得的日志文件
会将vsftpdHosts组下的主机的/data/log_vsftpd/vsftpd.log的后3000行,采集到本机的当前logs目录下,
-rw-r--r--1root root32340012月1113:5610.128.1.1_vsftpd.log -rw-r--r--1root root29019812月1113:5610.128.1.2_vsftpd.log -rw-r--r--1root root30330712月1113:5610.128.1.3_vsftpd.log -rw-r--r--1root root33406812月1113:5610.128.1.4_vsftpd.log -rw-r--r--1root root38327212月1113:5610.128.1.5_vsftpd.log