Ansible无服务器端,使用时直接运行命令即可,同时不需要在被管控主机上安装任何客户端,因此ansible是一个十分轻量级的工具。
[root@php ~]# yum install ansible
Ansible默认安装好后有一个配置文件/etc/ansible/ansible.cfg,该配置文件中定义了ansible的主机的默认配置部分,如默认是否需要输入密码、是否开启sudo认证、action_plugins插件的位置、hosts主机组的位置、是否开启log功能、默认端口、key文件位置等等。
具体如下:
[defaults]
# some basic default values...
hostfile = /etc/ansible/hosts \\指定默认hosts配置的位置
# library_path = /usr/share/my_modules/
remote_tmp = $HOME/.ansible/tmp
pattern = *
forks = 5
poll_interval = 15
sudo_user = root \\远程sudo用户
#ask_sudo_pass = True \\每次执行ansible命令是否询问ssh密码
#ask_pass = True \\每次执行ansible命令时是否询问sudo密码
transport = smart
remote_port = 22
module_lang = C
gathering = implicit
host_key_checking = False \\关闭第一次使用ansible连接客户端是输入命令提示
log_path = /var/log/ansible.log \\需要时可以自行添加。chown -R root:root ansible.log
system_warnings = False \\关闭运行ansible时系统的提示信息,一般为提示升级
# set plugin path directories here, separate with colons
action_plugins = /usr/share/ansible_plugins/action_plugins
callback_plugins = /usr/share/ansible_plugins/callback_plugins
connection_plugins = /usr/share/ansible_plugins/connection_plugins
lookup_plugins = /usr/share/ansible_plugins/lookup_plugins
vars_plugins = /usr/share/ansible_plugins/vars_plugins
filter_plugins = /usr/share/ansible_plugins/filter_plugins
fact_caching = memory
[accelerate]
accelerate_port = 5099
accelerate_timeout = 30
accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
accelerate_daemon_timeout = 30
1、ansible的连接:
ansible是基于ssh协议来进行数据传输,ssh连接一般有两种方法,一种是使用密码密钥,一种是使用公私密码免密码登录,为了顺利使用ansible,下面配置基于公私密码免密码登录
(1)生成密钥对
[root@localhost ~]# ssh-keygen -t rsa #-t表示使用的加密类型,其中rsa1表示version1版本,rsa、dsa、ecdsa的加密对于的是version2版本
Generating public/private rsa key pair.
#这里询问你要把生成的密钥文件保存在哪里,默认是在家目录下的.ssh文件夹中,回车保存默认目录
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
#这里是对密钥文件加密,不输入则表示不加密
Enter passphrase (empty for no passphrase):
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
04:9f:cb:9c:9d:1e:47:d7:e1:d4:c1:87:71:c3:a4:22 root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| . =O+|
| o . ===|
| +E .....o|
| + +.o.. |
| S + . |
| . o |
| . |
| |
| |
+-----------------+
(2)查看已经成功生成了一对密钥
[root@localhost ~]# ls /root/.ssh
id_rsa id_rsa.pub#其中id_rsa为私钥,id_rsa.pub为公钥
-
(3)在生成完密钥对之后将公钥上传给服务器对应用户的家目录
[root@localhost ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.1.249.30
[root@localhost ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.1.252.36
[root@localhost ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.1.253.107
-
已经配置好无需密码登录了,下面进行ansible的配置
2、配置ansible需要控制的主机列表,其配置在hosts文件中:
[21:50 root@centos6.8/etc/ansible]# cat hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
[test]
10.1.252.36
10.1.249.30
10.1.253.107
[test]表示控制的组名可以根据实际进行定义,下面添加主机列表
3、命令模块:
这也是默认的模块,也就是不加-m指定模块时默认的模块,这个模块不能使用包含管道的命令。
[21:51 root@centos6.8/etc/ansible]# ansible-doc -s command
less 436
Copyright (C) 1984-2009 Mark Nudelman
less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
- name: E x e c u t e s a c o m m a n d o n a r e m o t e n o d e
action: command
chdir # cd into this directory before running the command
creates # a filename, when it already exists, this step will *not* be run.
executable # change the shell used to execute the command. Should be an absolute path to the executable
free_form= # the command module takes a free form command to run. There is no parameter actually named
removes # a filename, when it does not exist, this step will *not* be run.
warn # if command warnings are on in ansible.cfg, do not warn about this particular line if set t
(END)
[21:56 root@centos6.8/etc/ansible]# ansible test -a 'date'
10.1.252.36 | success | rc=0 >>
Sat Oct 29 19:09:18 CST 2016
10.1.253.107 | success | rc=0 >>
Tue Oct 25 07:27:02 CST 2016
10.1.249.30 | success | rc=0 >>
Sun Oct 30 03:09:17 CST 2016
4、shell模块:
shell模块也是可以执行命令,与comman模块不同的时,command模块不能执行包含管道的命令,而shell可以:
[21:56 root@centos6.8/etc/ansible]# ansible-doc -s shell
less 436
Copyright (C) 1984-2009 Mark Nudelman
less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
- name: E x e c u t e c o m m a n d s i n n o d e s .
action: shell
chdir # cd into this directory before running the command
creates # a filename, when it already exists, this step will *not* be run.
executable # change the shell used to execute the command. Should be an absolute path to the executable
free_form= # The shell module takes a free form command to run, as a string. There's not an actual opt
removes # a filename, when it does not exist, this step will *not* be run.
warn # if command warnings are on in ansible.cfg, do not warn about this particular line if set t
[21:58 root@centos6.8/etc/ansible]# ansible test -m shell -a 'echo 111 > /tmp/test.txt'
10.1.252.36 | success | rc=0 >>
10.1.253.107 | success | rc=0 >>
10.1.249.30 | success | rc=0 >>
-
客户端查看已经生成文件
[root@localhost ~]# cat /tmp/test.txt
111
5、copy模块:可以把本机的文件拷贝至被管理的机器,通常用于分发配置文件
[21:59 root@centos6.8/etc/ansible]# ansibl-doc -s copy
less 436
Copyright (C) 1984-2009 Mark Nudelman
less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
- name: C o p i e s f i l e s t o r e m o t e l o c a t i o n s .
action: copy
backup # Create a backup file including the timestamp information so you can get the original file
content # When used instead of 'src', sets the contents of a file directly to the specified value.
dest= # Remote absolute path where the file should be copied to. If src is a directory, this must
directory_mode # When doing a recursive copy set the mode for the directories. If this is not set we will u
follow # This flag indicates that filesystem links, if they exist, should be followed.
force # the default is `yes', which will replace the remote file when contents are different than
group # name of the group that should own the file/directory, as would be fed to `chown'
mode # mode the file or directory should be, such as 0644 as would be fed to `chmod'. As of versi
owner # name of the user that should own the file/directory, as would be fed to `chown'
selevel # level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as
serole # role part of SELinux file context, `_default' feature works as for `seuser'.
setype # type part of SELinux file context, `_default' feature works as for `seuser'.
seuser # user part of SELinux file context. Will default to system policy, if applicable. If set to
src # Local path to a file to copy to the remote server; can be absolute or relative. If path is
validate # The validation command to run before copying into place. The path to the file to validate
(END)
[22:01 root@centos6.8/etc/ansible]# ansible test -m copy -a 'src=/etc/issue dest=/tmp/issu.txt mode=600'
10.1.252.36 | success >> {
"changed": true,
"checksum": "03801eaa2804f96b025d70a7790079068275410a",
"dest": "/tmp/issu.txt",
"gid": 0,
"group": "root",
"md5sum": "145f4a07c5bf60603fbf3f14990b38d7",
"mode": "0600",
"owner": "root",
"size": 47,
"src": "/root/.ansible/tmp/ansible-tmp-1477576950.16-258334820967730/source",
"state": "file",
"uid": 0
}
10.1.253.107 | success >> {
"changed": true,
"checksum": "03801eaa2804f96b025d70a7790079068275410a",
"dest": "/tmp/issu.txt",
"gid": 0,
"group": "root",
"md5sum": "145f4a07c5bf60603fbf3f14990b38d7",
"mode": "0600",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 47,
"src": "/root/.ansible/tmp/ansible-tmp-1477576950.6-253946087850559/source",
"state": "file",
"uid": 0
}
10.1.249.30 | success >> {
"changed": true,
"checksum": "03801eaa2804f96b025d70a7790079068275410a",
"dest": "/tmp/issu.txt",
"gid": 0,
"group": "root",
"md5sum": "145f4a07c5bf60603fbf3f14990b38d7",
"mode": "0600",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 47,
"src": "/root/.ansible/tmp/ansible-tmp-1477576950.99-245450559825172/source",
"state": "file",
"uid": 0
}
客户端查看测试成功
[22:04 root@centos6.8/etc/ansible]# ansible test a 'ls /tmp/issu.txt''
10.1.252.36 | success | rc=0 >>
/tmp/issu.txt
10.1.249.30 | success | rc=0 >>
/tmp/issu.txt
10.1.253.107 | success | rc=0 >>
/tmp/issu.txt