安装
使用extras仓库里面的最新的ansible包
ansible-2.4.1.0-1.el7.noarch
/etc/ansible #配置文件目录
/etc/ansible/ansible.cfg #主配置文件
/etc/ansible/hosts #定义被管理的客户端
/etc/ansible/roles #
主程序:
ansible
ansible-playbook
ansible-doc
vim /etc/ansible/hosts
## [webservers] #定义组名
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
## www[001:006].example.com #如果组类拥有同样的命名规范,我们还可以展开
例子
[webserver]
172.18.25.51
172.18.25.52
[dbserver]
172.18.25.52
172.18.25.53
我们这里可以是所有被管控的机器都使用一样的密钥
[ root@node1 ~ ]# ssh-kengen -t rsa -P ''
[ root@node1 ~ ]# for i in 51 52 53 ;do ssh-copy-id -i ~/.ssh/id_rsa.pub
[email protected].$i; done
然后手动尝试连接验证一下
ansible的简单使用格式:
ansible HOST-PATTERN -m MOD_NAME -a MOD_ARGS -f FORKS -C -u USERNAME -c CONNECTION
ansible的常用模块:
获取模块列表:
ansible-doc -l
command模块:在远程主机运行命令;
chdir=:执行命令前切换工作目录至指定的位置;
creates=/PATH/TO/SOMEFILE_OR_DIR:如果此处给定的文件或目录存在,则不执行命令;
removes=/PATH/TO/SOMEFILE_OR_DIR:如果此处给定的文件或目录不存在,则不执行命令;
意为:令此处给定的文件或目录存在时方执行命令;
例子:
[ root@node1 ~ ]# ansible webserver -m command -a "useradd ygl"
172.18.25.51 | SUCCESS | rc=0 >>
172.18.25.52 | SUCCESS | rc=0 >>
shell模块:在远程主机在shell进程下运行命令,支持shell特性,如管道等;
chdir=:执行命令前切换工作目录至指定的位置;
creates=/PATH/TO/SOMEFILE_OR_DIR:如果此处给定的文件或目录存在,则不执行命令;
removes=/PATH/TO/SOMEFILE_OR_DIR:如果此处给定的文件或目录不存在,则不执行命令;
意为:令此处给定的文件或目录存在时方执行命令;
executable=/PATH/TO/SHELL:指定运行命令使用的shell解释器;
例子:
[ root@node1 ~ ]# ansible webserver -m shell -a “echo 123 | passwd –stdin ygl”
172.18.25.51 | SUCCESS | rc=0 >>
更改用户 ygl 的密码 。
passwd:所有的身份验证令牌已经成功更新。
172.18.25.52 | SUCCESS | rc=0 >>
更改用户 ygl 的密码 。
passwd:所有的身份验证令牌已经成功更新。
group模块:管理组账号
*name=
state= #present 创建 #absent 删除
system= #是否是系统账号
gid=
例子:
[ root@node1 ~ ]# ansible webserver -m group -a "name=haproxy system=yes state=present"
172.18.25.52 | SUCCESS => {
"changed": true,
"failed": false,
"gid": 993,
"name": "haproxy",
"state": "present",
"system": true
}
172.18.25.51 | SUCCESS => {
"changed": true,
"failed": false,
"gid": 993,
"name": "haproxy",
"state": "present",
"system": true
}
[ root@node1 ~ ]# ansible webserver -m group -a "name=haproxy system=yes state=absent"
172.18.25.52 | SUCCESS => {
"changed": true,
"failed": false,
"name": "haproxy",
"state": "absent"
}
172.18.25.51 | SUCCESS => {
"changed": true,
"failed": false,
"name": "haproxy",
"state": "absent"
}
user模块:管理用户账号
[ root@node1 ~ ]# ansible-doc -s user
如果后面接受里面有(required)表示必须要写的,不可省略。
*name=
system=
uid=
shell=
group=
groups= #附加主
comment= #注释
home=
generate_ssh_key= ture/false#是否生成一个ssh_key密钥
local=
例子:
#创建tom用户,同名所属组,附加组为haproxy,uid为3000
shell是tcsh,并且生成ss_key.
[ root@node1 ~ ]# ansible webserver -m user -a "name=tom groups=haproxy state=present uid=3000 shell=/bin/tcsh generate_ssh_key=true"
172.18.25.51 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"failed": false,
"group": 3000,
"groups": "haproxy",
"home": "/home/tom",
"name": "tom",
"shell": "/bin/tcsh",
"ssh_fingerprint": "2048 58:f3:82:5f:c6:cb:c4:e0:96:0e:61:9c:63:5f:5f:2d ansible-generated on node1 (RSA)",
"ssh_key_file": "/home/tom/.ssh/id_rsa",
"ssh_public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo9QnI4Q2S5WNjJ7Spj5jwYeLtH8v3JNiG+y1Oj+Qsnbc/AR6hs3tAMEDUW8MkUXqJT8QUwhAxugB5jdl2y4Yc4Y/s2tQ5PS+N2h6/N56xMQyrVqh26RF+yTEHc3LJhUM/cdHEJrnBFvV9h+S6IaxEOHL/mCzXJ46tPTvorIpkPWyvkfjqdGwyac4GGbcFmPa2GXiO0WuIADdK/GTFHTAyq+r3SisYTNDuGFWMl0HCXKujbQhsEwrPvlHfPH9nnuKp5C+4c7mZ8BMyk3MQgbu/0eI3y51YOC3yi/4eVdEYc6AxE8ifcHkjjTSGudifF7vhlBIoYvzbvey8wf4Tct5D ansible-generated on node1",
"state": "present",
"system": false,
"uid": 3000
}
172.18.25.52 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"failed": false,
"group": 3000,
"groups": "haproxy",
"home": "/home/tom",
"name": "tom",
"shell": "/bin/tcsh",
"ssh_fingerprint": "2048 97:0f:72:fd:fc:13:38:4a:fc:28:63:02:c4:f6:29:53 ansible-generated on node2 (RSA)",
"ssh_key_file": "/home/tom/.ssh/id_rsa",
"ssh_public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXS6KtT6zPnFceO1TNLd1jVssT2419VdbL/2OC3LnALoqS0Dyb7ZSJEIocSgoGAVGmSg0JJTKgBf7aBM6agH44ZrZfTEn24C/4t83uRusVA9N8rnGhqOrTLn0U/Hrjdew7wXfnZaJmuoAyh2lQOESKrYflxWmA3z+RJwq5yQELTGGFpJq5cUYhXW13ItI2cxeDq5l9NJx/lOceNkjGXMtMLjtU0vKhaRudKaeXpLoxdHerVYdVVOvyjfHdRMycQRyfgLl+OivbmyfCx8far7JTWf4W+sSVTx/gh6nK2E/5jIGvrInDZWsvq/cePBGvU6S0Fv/MuW979b6VLaS8Te3 ansible-generated on node2",
"state": "present",
"system": false,
"uid": 3000
}
修改的话,比如把uid改成4000,
但是像ssh_key这种已经生成了的,把true改成false的话,是不能删除掉之前的密钥的。
copy模块: Copies files to remote locations.
用法:
(1) src= dest=
(2) content= dest=
owner, group, mode
例子:使用用法(1)
[ root@node1 ~ ]# ansible all -m copy -a "src=test.txt dest=/tmp/ owner=daemon group=nobody mode=644"
172.18.25.52 | SUCCESS => {
"changed": true,
"checksum": "909b3eb9cf443e1fe007b9940910c1b5370157b6",
"dest": "/tmp/test.txt",
"failed": false,
"gid": 99,
"group": "nobody",
"md5sum": "b5ab68405ea7f38841f44964cac71a3a",
"mode": "0644",
"owner": "daemon",
"size": 31,
"src": "/root/.ansible/tmp/ansible-tmp-1511897155.3-203125776259926/source",
"state": "file",
"uid": 2
}
172.18.25.51 | SUCCESS => {
"changed": true,
"checksum": "909b3eb9cf443e1fe007b9940910c1b5370157b6",
"dest": "/tmp/test.txt",
"failed": false,
"gid": 99,
"group": "nobody",
"md5sum": "b5ab68405ea7f38841f44964cac71a3a",
"mode": "0644",
"owner": "daemon",
"size": 31,
"src": "/root/.ansible/tmp/ansible-tmp-1511897155.29-136104449376316/source",
"state": "file",
"uid": 2
}
172.18.25.53 | SUCCESS => {
"changed": true,
"checksum": "909b3eb9cf443e1fe007b9940910c1b5370157b6",
"dest": "/tmp/test.txt",
"failed": false,
"gid": 99,
"group": "nobody",
"md5sum": "b5ab68405ea7f38841f44964cac71a3a",
"mode": "0644",
"owner": "daemon",
"size": 31,
"src": "/root/.ansible/tmp/ansible-tmp-1511897155.38-10083863563401/source",
"state": "file",
"uid": 2
}
使用用法(2)直接生成一些内容
[ root@node1 ~ ]# ansible all -m copy -a "content='hello there nhow are you' dest=/tmp/test2.txt owner=daemon group=nobody mode=644"
172.18.25.53 | SUCCESS => {
"changed": true,
"checksum": "48ac9867d3152d279d7409b994356818ce61b54e",
"dest": "/tmp/test2.txt",
"failed": false,
"gid": 99,
"group": "nobody",
"md5sum": "65b97a6f52bed5bf307dd96ba01dfae0",
"mode": "0644",
"owner": "daemon",
"size": 24,
"src": "/root/.ansible/tmp/ansible-tmp-1511897535.05-274804325591646/source",
"state": "file",
"uid": 2
}
172.18.25.52 | SUCCESS => {
"changed": true,
"checksum": "48ac9867d3152d279d7409b994356818ce61b54e",
"dest": "/tmp/test2.txt",
"failed": false,
"gid": 99,
"group": "nobody",
"md5sum": "65b97a6f52bed5bf307dd96ba01dfae0",
"mode": "0644",
"owner": "daemon",
"size": 24,
"src": "/root/.ansible/tmp/ansible-tmp-1511897535.05-210909367052491/source",
"state": "file",
"uid": 2
}
172.18.25.51 | SUCCESS => {
"changed": true,
"checksum": "48ac9867d3152d279d7409b994356818ce61b54e",
"dest": "/tmp/test2.txt",
"failed": false,
"gid": 99,
"group": "nobody",
"md5sum": "65b97a6f52bed5bf307dd96ba01dfae0",
"mode": "0644",
"owner": "daemon",
"size": 24,
"src": "/root/.ansible/tmp/ansible-tmp-1511897535.04-149048632090006/source",
"state": "file",
"uid": 2
}
fetch模块:Fetches a file from remote nodes
file模块: Sets attributes of files
用法:
(1) 创建链接文件:*path= src= state=link
(2) 修改属性:path= owner= mode= group=
(3) 创建目录:path= state=directory
注意:state属性的可用值
file, #表示必须是一个文件
directory, #表示不过不存在就创建一个目录
link, #表示是一个链接
hard, #表示是一个硬链接
touch, #表示不存在就创建一个空文件
absent #表示删除
例子:创建目录
[ root@node1 ~ ]# ansible all -m file -a "path=/tmp/hidir state=directory owner=nobody mode=777"
172.18.25.52 | SUCCESS => {
"changed": true,
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "nobody",
"path": "/tmp/hidir",
"size": 6,
"state": "directory",
"uid": 99
}
172.18.25.53 | SUCCESS => {
"changed": true,
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "nobody",
"path": "/tmp/hidir",
"size": 6,
"state": "directory",
"uid": 99
}
172.18.25.51 | SUCCESS => {
"changed": true,
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "nobody",
"path": "/tmp/hidir",
"size": 6,
"state": "directory",
"uid": 99
}
例子:创建空文件
[ root@node1 ~ ]# ansible all -m file -a "path=/tmp/hifile state=touch owner=nobody mode=777"
172.18.25.51 | SUCCESS => {
"changed": true,
"dest": "/tmp/hifile",
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "nobody",
"size": 0,
"state": "file",
"uid": 99
}
172.18.25.52 | SUCCESS => {
"changed": true,
"dest": "/tmp/hifile",
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "nobody",
"size": 0,
"state": "file",
"uid": 99
}
172.18.25.53 | SUCCESS => {
"changed": true,
"dest": "/tmp/hifile",
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "nobody",
"size": 0,
"state": "file",
"uid": 99
}
例子:创建一个链接,注意这个源文件是指的目标服务器上的源文件。
[ root@node1 ~ ]# ansible all -m file -a "path=/tmp/mytest.txt src=/tmp/test2.txt state=link"
172.18.25.52 | SUCCESS => {
"changed": true,
"dest": "/tmp/mytest.txt",
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 14,
"src": "/tmp/test2.txt",
"state": "link",
"uid": 0
}
172.18.25.53 | SUCCESS => {
"changed": true,
"dest": "/tmp/mytest.txt",
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 14,
"src": "/tmp/test2.txt",
"state": "link",
"uid": 0
}
172.18.25.51 | SUCCESS => {
"changed": true,
"dest": "/tmp/mytest.txt",
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 14,
"src": "/tmp/test2.txt",
"state": "link",
"uid": 0
}
删除符号链接
[ root@node1 ~ ]# ansible all -m file -a "path=/tmp/mytest.txt state=absent"
172.18.25.52 | SUCCESS => {
"changed": true,
"failed": false,
"path": "/tmp/mytest.txt",
"state": "absent"
}
172.18.25.53 | SUCCESS => {
"changed": true,
"failed": false,
"path": "/tmp/mytest.txt",
"state": "absent"
}
172.18.25.51 | SUCCESS => {
"changed": true,
"failed": false,
"path": "/tmp/mytest.txt",
"state": "absent"
}
get_url模块: Downloads files from HTTP, HTTPS, or FTP to node
*url=
*dest=
sha256sum=
owner, group, mode
例子: 然三个主机都下载redis并放在/tmp/目录下
[ root@node1 ~ ]# ansible all -m get_url -a
"url=http://download.redis.io/releases/redis-4.0.2.tar.gz dest=/tmp/"
172.18.25.51 | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "d2588569a35531fcdf03ff05cf0e16e381bc278f",
"dest": "/tmp/redis-4.0.2.tar.gz",
"failed": false,
"gid": 0,
"group": "root",
"md5sum": "f0497cc1311cd10dfdf215e9e6fd7416",
"mode": "0644",
"msg": "OK (1713990 bytes)",
"owner": "root",
"size": 1713990,
"src": "/tmp/tmpSYXHve",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "http://download.redis.io/releases/redis-4.0.2.tar.gz"
}
172.18.25.53 | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "d2588569a35531fcdf03ff05cf0e16e381bc278f",
"dest": "/tmp/redis-4.0.2.tar.gz",
"failed": false,
"gid": 0,
"group": "root",
"md5sum": "f0497cc1311cd10dfdf215e9e6fd7416",
"mode": "0644",
"msg": "OK (1713990 bytes)",
"owner": "root",
"size": 1713990,
"src": "/tmp/tmp4EF_zu",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "http://download.redis.io/releases/redis-4.0.2.tar.gz"
}
172.18.25.52 | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "d2588569a35531fcdf03ff05cf0e16e381bc278f",
"dest": "/tmp/redis-4.0.2.tar.gz",
"failed": false,
"gid": 0,
"group": "root",
"md5sum": "f0497cc1311cd10dfdf215e9e6fd7416",
"mode": "0644",
"msg": "OK (1713990 bytes)",
"owner": "root",
"size": 1713990,
"src": "/tmp/tmpKb1mA2",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "http://download.redis.io/releases/redis-4.0.2.tar.gz"
}
git模块:Deploy software (or files) from git checkouts
repo= #仓库路径
dest= #克隆后目标存放路径
version= #获取是选取哪个版本,默认是最新的
例子:首先在webserver上面安装git,然后在github上面下载fastdfs并放在/tmp/下
[ root@node1 ~ ]# ansible webserver -m yum -a "name=git state=latest"
[ root@node1 ~ ]# ansible webserver -m git -a"repo=https://github.com/happyfish100/fastdfs.git dest=/tmp/fastdfs"
deploy_helper模块:Manages some of the steps common in deploying projects.
haproxy模块:Enable, disable, and set weights for HAProxy backend servers using socket commands.
backend=
host=
state=
weight=
cron 模块:Manage cron.d and crontab entries.
minute=
day=
month=
weekday=
hour=
job=
*name=
state=
present:创建
absent:删除
例子:每隔五分钟所有机器都去172..18.0.1上面同步一次时间。
[ root@node1 ~ ]# ansible all -m cron -a "name='timesync' job='/usr/sbin/ntpdate 172.18.0.1 &> /dev/null' minute='*/5'"
172.18.25.53 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": [
"timesync"
]
}
172.18.25.52 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": [
"timesync"
]
}
172.18.25.51 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": [
"timesync"
]
}
[ root@node1 ~ ]# crontab -l
#Ansible: timesync
*/5 * * * * /usr/sbin/ntpdate 172.18.0.1 &> /dev/null
删除定义的计划任务
[ root@node1 ~ ]# ansible all -m cron -a "name='timesync' job='/usr/sbin/ntpdate 172.18.0.1 &> /dev/null' minute='*/5' state=absent"
172.18.25.52 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": []
}
172.18.25.53 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": []
}
172.18.25.51 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": []
}
创建计划任务,但是不启用,也就是被注释的
[ root@node1 ~ ]# ansible all -m cron -a "name='timesync' job='/usr/sbin/ntpdate 172.18.0.1 &> /dev/null' minute='*/5' state=present disabled=true"
172.18.25.52 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": [
"timesync"
]
}
172.18.25.53 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": [
"timesync"
]
}
172.18.25.51 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": [
"timesync"
]
}
[ root@node1 ~ ]# crontab -l
#Ansible: timesync
#*/5 * * * * /usr/sbin/ntpdate 172.18.0.1 &> /dev/null
hostname模块:Manage hostname
name=
pip模块:Manages Python library dependencies. #管理python库依赖关系
name=
state=
version=
npm模块:Manage node.js packages with npm #用npm管理node.js包
name=
state=
version=
yum模块:Manages packages with the `yum' package manager
name=:程序包名称,可以带版本号;
state=
present,
latest, #最新的
installed
absent,
removed
其它的包管理工具:apt(debian), zypper(suse), dnf(fedora), rpm, dpkg, ...
例子:都yum安装 nginx
[ root@node1 ~ ]# ansible webserver -m yum -a "name=nginx state=latest"
[ root@node1 ~ ]# ansible webserver -m yum -a "list=nginx"
172.18.25.51 | SUCCESS => {
"changed": false,
"failed": false,
"results": [
{
"arch": "x86_64",
"envra": "1:nginx-1.10.2-1.el7.x86_64",
"epoch": "1",
"name": "nginx",
"release": "1.el7",
"repo": "epel",
"version": "1.10.2",
"yumstate": "available"
},
{
"arch": "x86_64",
"envra": "1:nginx-1.10.2-1.el7.x86_64",
"epoch": "1",
"name": "nginx",
"release": "1.el7",
"repo": "installed",
"version": "1.10.2",
"yumstate": "installed"
}
]
}
172.18.25.52 | SUCCESS => {
"changed": false,
"failed": false,
"results": [
{
"arch": "x86_64",
"envra": "1:nginx-1.10.2-1.el7.x86_64",
"epoch": "1",
"name": "nginx",
"release": "1.el7",
"repo": "epel",
"version": "1.10.2",
"yumstate": "available"
},
{
"arch": "x86_64",
"envra": "1:nginx-1.10.2-1.el7.x86_64",
"epoch": "1",
"name": "nginx",
"release": "1.el7",
"repo": "installed",
"version": "1.10.2",
"yumstate": "installed"
}
]
}
service模块:管理服务
*name=
state=
started
stopped
restarted
enabled=
runlevel= #运行级别
例子:启动之前使用ansible批量安装的ngixn
[ root@node1 ~ ]# ansible webserver -m service -a "name=nginx enabled=true state=started"
172.18.25.51 | SUCCESS => {
"changed": true,
"enabled": true,
"failed": false,
"name": "nginx",
"state": "started",
"status": {
...
}
}
172.18.25.52 | SUCCESS => {
"changed": true,
"enabled": true,
"failed": false,
"name": "nginx",
"state": "started",
"status": {
...
}
}
