配置文件详解:
1, 主配置文件:/etc/asiable/ansiable.cfg
- module_name =command ##ansible 的默认模块是 command 模块, 但是在使用的时候非常的有局限性, 建议改成 shell 模块
- host_key_checking = False ## 检查对应要控制主机的的 host_key, 建议取消注释, 以减轻管理时需要输入的密码
- log_path = /var/log/ansible.log ##ansible 的登录日志文件所在的位置
- executable = /bin/sh ## 默认登录到对方用户下面使用的 shell 版本
2, 被管理主机的配置文件:/etc/ansible/hosts
- green.example.com ## 定义单个被管理的主机, 可以是 FQDN, 也可以是 IP 地址
- [webservers] ## 把被管理的主机放在一个组中
- alpha.example.org
- www[001:006].example.com ## 支持类似通配符写法, 此项代表从 www001.ex ample.com 到 www006.ex ample.com
之间的所有主机
ansible 的使用用法:
前提:
由于 ansible 默认是基于 SSH 服务来管理主机的, 所以首先要在管理的主机上生成公钥文件, 并传递给要管理的主机
之上, 才能实现基于密钥的管理
1, 在管理者的主机上生成公钥文件
- [[email protected] ~] SSH-keygen -t rsa ## 生成对称密钥, 出现提示选择默认即可
- Generating public/private rsa key pair.
- Enter file in which to save the key (/root/.SSH/id_rsa):
- Enter passphrase (empty for no passphrase):
- Enter same passphrase again:
- Your identification has been saved in /root/.SSH/id_rsa.
- Your public key has been saved in /root/.SSH/id_rsa.pub.
- The key fingerprint is:
- SHA256:06qoPmoSy7UGkKie95RnHn6bPOFEnusk/B0m+/+g8C0 [email protected]
- The key's randomart image is:
- +---[RSA 2048]----+
- | |
- | |
- |.. |
- |+ o |
- |o S o |
- |o. . o B |
- |oo+ .o *++oo . |
- |o=.+..=.*=OE+ . |
- |+o=oo..ooB+=oo.. |
- +----[SHA256]-----+
2, 把公钥传递给被管理的主机上
- [[email protected] ~] SSH-copy-id -i 192.168.1.20 ## 传递到远程的主机上进行管理
- /usr/bin/SSH-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
- The authenticity of host '192.168.1.20 (192.168.1.20)' can't be established.
- ECDSA key fingerprint is SHA256:htIQABZZdudyHVZbppjWeY2d/pQQ0km8k+i/39SZ04Q.
- ECDSA key fingerprint is MD5:78:6e:b3:3d:fc:29:b2:b0:fc:2f:6d:d6:ff:3c:63:1a.
- Are you sure you want to continue connecting (yes/no)? yes
- /usr/bin/SSH-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
- /usr/bin/SSH-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
- [email protected]'s password:
- Number of key(s) added: 1
- Now try logging into the machine, with: "ssh'192.168.1.20'"
- and check to make sure that only the key(s) you wanted were added.
3, 把被管理的主机加入到 / etc/ansible/hosts 文件中
- [Web] ## 给被管理的主机进行分组
- 192.168.1.19
- 192.168.1.20
- [db]
- 192.168.1.21
基于模块的使用方法:
1,ping 模块: 查看被管理主机的模块是否处于在线状态,
- [[email protected] ~] ansible db -m ping ## 查看 db 组中被管理的主机是否在线
- 192.168.1.21 | SUCCESS => {
- "changed": false,
- "ping": "pong"
- }
- [[email protected] ~] ansible all -m ping ##all 代表所有被管理的主机
- 192.168.1.21 | SUCCESS => {
- "changed": false,
- "ping": "pong" ## 如果处于在线状态, 会放回一个 pong 的提示
- }
- 192.168.1.19 | SUCCESS => {
- "changed": false,
- "ping": "pong"
- }
- 192.168.1.20 | SUCCESS => {
- "changed": false,
- "ping": "pong"
- }
2,user 模块: 在远程主机上创建用户
[[email protected] ~] ansible db -m user -a 'name=mysql state=present' ##present 表示建立, 创建一个用户名为 MySQL
的用户
- 192.168.1.21 | CHANGED => {
- "changed": true,
- "comment": "",
- "create_home": true,
- "group": 1000,
- "home": "/home/mysql",
- "name": "mysql",
- "shell": "/bin/bash",
- "state": "present",
- "system": false,
- "uid": 1000
- }
- [[email protected] ~] ansible db -m user -a 'name=mariadb state=present system=yes' ## 创建一个用户名为 mariadb 的
系统用户
- 192.168.1.21 | CHANGED => {
- "changed": true,
- "comment": "",
- "create_home": true,
- "group": 994,
- "home": "/home/mariadb",
- "name": "mariadb",
- "shell": "/bin/bash",
- "state": "present",
- "system": true,
- "uid": 997
- }
- [[email protected] ~] ansible db -m user -a 'name=mysql state=absent' ##absent 代表移除, 删除用户名为 MySQL 的用户
- 192.168.1.21 | CHANGED => {
- "changed": true,
- "force": false,
- "name": "mysql",
- "remove": false,
- "state": "absent"
- }
3,group 模块: 在远程主机上创建用户组
[[email protected] ~] ansible db -m group -a 'name=tomcat state=present' ## 创建组和创建用户的方法差不多, 只是用
的模块上有些差异, 此命令为创建一个普通的用户组
- 192.168.1.21 | CHANGED => {
- "changed": true,
- "gid": 1000,
- "name": "tomcat",
- "state": "present",
- "system": false
- }
- [[email protected] ~] ansible db -m group -a 'name=tomcat state=absent' ## 移除用户组
- 192.168.1.21 | CHANGED => {
- "changed": true,
- "name": "tomcat",
- "state": "absent"
- }
4,copy 模块: 拷贝文件到远程主机
[[email protected] ~] ansible db -m copy -a 'src=/root/test dest=/root/' ## 拷贝一个 test 文件到对方主机的 root 目录下, src
指定源文件, dest 指定目标文件的存放目录
- 192.168.1.21 | CHANGED => {
- "changed": true,
- "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
- "dest": "/root/test",
- "gid": 0,
- "group": "root",
- "md5sum": "d41d8cd98f00b204e9800998ecf8427e",
- "mode": "0644",
- "owner": "root",
- "size": 0,
- "src": "/root/.ansible/tmp/ansible-tmp-1556108167.92-277769296604040/source",
- "state": "file",
- "uid": 0
- }
5,yum 模块: 在远程主机上安装软件 (需要在远程主机上安装好 yum 源, 才能够安装软件)
- [[email protected] ~] ansible db -m yum -a "name=vsftpd" ## 安装 vsftpd
- 192.168.1.21 | CHANGED => {
- "ansible_facts": {
- "pkg_mgr": "yum"
- },
- "changed": true,
- "msg": "Repository'cdrom'is missing name in configuration, using id\n",
- "rc": 0, ##rc 返回值为 0 代表执行成功
- ......
- [[email protected] ~] ansible db -m yum -a 'name=vsftpd state=absent' ## 删除已安装的软件包
- 192.168.1.21 | CHANGED => {
- "ansible_facts": {
- "pkg_mgr": "yum"
- },
- "changed": true,
- "msg": "Repository'cdrom'is missing name in configuration, using id\n",
- "rc": 0,
- "results": [
- ......
6,shell 模块: 可以在远程主机上执行 shell 命令
- [[email protected] ~] ansible db -m shell -a 'hostname' ## 在远程主机上执行 hostname 命令
- 192.168.1.21 | CHANGED | rc=0>>
- localhost.localdomain
7,script 模块: 在远程主机上执行 shell 脚本, 不用把脚本传递到远程主机上即可执行
编写一个 test 脚本
- [[email protected] ~] VIM test.sh
- #!/bin/bash
- wall hello Word
不用给创建的脚本执行权限, 就可以使远程主机执行脚本
- [[email protected] ~] ansible db -m script -a /root/test.sh ## 让远程主机执行脚本
- 192.168.1.21 | CHANGED => {
- "changed": true,
- "rc": 0,
- "stderr": "Shared connection to 192.168.1.21 closed.\r\n",
- "stderr_lines": [
- "Shared connection to 192.168.1.21 closed."
- ],
- "stdout": "",
- "stdout_lines": []
- }
8,File: 设置文件属性
[[email protected] ~] ansible db -m file -a 'path=/root/test owner=mariadb mode=700' ## 给远程主机的文件设置属主,
和权限
- 192.168.1.21 | CHANGED => {
- "changed": true,
- "gid": 0,
- "group": "root",
- "mode": "0700",
- "owner": "mariadb",
- "path": "/root/test",
- "size": 0,
- "state": "file",
- "uid": 997
- }
- [[email protected] ~] ansible db -m file -a 'src=/root/test dest=/root/test-link state=link'
- 192.168.1.21 | CHANGED => { ## 给文件创建软链接, 当然也可以创建名为 test-link 硬链接, 需要把 link 改成 hard
- "changed": true,
- "dest": "/root/test-link",
- "gid": 0,
- "group": "root",
- "mode": "0777",
- "owner": "root",
- "size": 10,
- "src": "/root/test",
- "state": "link",
- "uid": 0
- }
9,Cron: 计划任务
- [[email protected] ~] ansible db -m shell -a 'rpm -qa | grep crontabs' ## 查看被管理的主机是否安装 crontabs 软件
- [[email protected] ~] ansible db -m shell -a 'systemctl status crond' ## 查看计划任务服务是否启动
- [[email protected] ~] ansible db -m cron -a 'minute=*/5 job="/usr/bin/wall hello word"' ## 设置计划任务, 每五分钟执行一
次 hello Word, 还可以指定小时, 天, 月, 星期, 如果没指定, 默认是 *
在对方主机上执行查看是否有计划任务
- [[email protected] ~] crontab -l
- #Ansible: None
- */5 * * * */usr/bin/wall hello Word
10,service 模块
- [[email protected] ~] ansible db -m service -a 'name=httpd state=started' #安装 http 服务
- 192.168.1.21 | CHANGED => {
- "changed": true,
- "name": "httpd",
- "state": "started",
- "status": {
- "ActiveEnterTimestampMonotonic": "0",
- "ActiveExitTimestampMonotonic": "0",
- ......
- [[email protected] ~] ansible db -a 'systemctl status httpd' #查看 http 服务是否启动
- 192.168.1.21 | CHANGED | rc=0>>
● httpd.service - The Apache HTTP Server
- Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
- Active: active (running) since Wed 2019-04-24 21:54:56 EDT; 42s ago
- ......
- [[email protected] ~] ansible db -m service -a 'name=httpd state=stopped' #停止 http 服务
- 192.168.1.21 | CHANGED => {
- "changed": true,
- "name": "httpd",
- "state": "stopped",
- "status": {
- ......
来源: http://www.bubuko.com/infodetail-3035036.html