Ansible无服务器端，使用时直接运行命令即可，同时不需要在被管控主机上安装任何客户端，因此ansible是一个十分轻量级的工具。

[root@php ~]# yum install ansible

Ansible默认安装好后有一个配置文件/etc/ansible/ansible.cfg，该配置文件中定义了ansible的主机的默认配置部分，如默认是否需要输入密码、是否开启sudo认证、action_plugins插件的位置、hosts主机组的位置、是否开启log功能、默认端口、key文件位置等等。 

具体如下：
    [defaults]
    # some basic default values...
    hostfile       = /etc/ansible/hosts   \\指定默认hosts配置的位置
    # library_path = /usr/share/my_modules/
    remote_tmp     = $HOME/.ansible/tmp
    pattern        = *
    forks          = 5
    poll_interval  = 15
    sudo_user      = root  \\远程sudo用户
    #ask_sudo_pass = True  \\每次执行ansible命令是否询问ssh密码
    #ask_pass      = True  \\每次执行ansible命令时是否询问sudo密码
    transport      = smart
    remote_port    = 22
    module_lang    = C
    gathering = implicit
    host_key_checking = False    \\关闭第一次使用ansible连接客户端是输入命令提示
    log_path    = /var/log/ansible.log \\需要时可以自行添加。chown -R root:root ansible.log
    system_warnings = False    \\关闭运行ansible时系统的提示信息，一般为提示升级
    # set plugin path directories here, separate with colons
    action_plugins     = /usr/share/ansible_plugins/action_plugins
    callback_plugins   = /usr/share/ansible_plugins/callback_plugins
    connection_plugins = /usr/share/ansible_plugins/connection_plugins
    lookup_plugins     = /usr/share/ansible_plugins/lookup_plugins
    vars_plugins       = /usr/share/ansible_plugins/vars_plugins
    filter_plugins     = /usr/share/ansible_plugins/filter_plugins
    fact_caching = memory
    [accelerate]
    accelerate_port = 5099
    accelerate_timeout = 30
    accelerate_connect_timeout = 5.0
    # The daemon timeout is measured in minutes. This time is measured
    # from the last activity to the accelerate daemon.
    accelerate_daemon_timeout = 30

1、ansible的连接： 
ansible是基于ssh协议来进行数据传输，ssh连接一般有两种方法，一种是使用密码密钥，一种是使用公私密码免密码登录，为了顺利使用ansible，下面配置基于公私密码免密码登录 
(1)生成密钥对

[root@localhost ~]# ssh-keygen  -t rsa #-t表示使用的加密类型，其中rsa1表示version1版本，rsa、dsa、ecdsa的加密对于的是version2版本
Generating public/private rsa key pair.
#这里询问你要把生成的密钥文件保存在哪里，默认是在家目录下的.ssh文件夹中，回车保存默认目录
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
#这里是对密钥文件加密，不输入则表示不加密
Enter passphrase (empty for no passphrase): 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
04:9f:cb:9c:9d:1e:47:d7:e1:d4:c1:87:71:c3:a4:22 root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
|      .       =O+|
|       o .    ===|
|        +E .....o|
|       + +.o..   |
|        S + .    |
|         . o     |
|          .      |
|                 |
|                 |
+-----------------+

(2)查看已经成功生成了一对密钥

[root@localhost ~]# ls /root/.ssh
id_rsa  id_rsa.pub#其中id_rsa为私钥，id_rsa.pub为公钥
- 
(3)在生成完密钥对之后将公钥上传给服务器对应用户的家目录

[root@localhost ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.1.249.30
[root@localhost ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.1.252.36
[root@localhost ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.1.253.107
- 

已经配置好无需密码登录了，下面进行ansible的配置 

2、配置ansible需要控制的主机列表，其配置在hosts文件中：

[21:50 root@centos6.8/etc/ansible]# cat hosts 
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the '#' character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups

# Ex 1: Ungrouped hosts, specify before any group headers.
[test]
10.1.252.36
10.1.249.30
10.1.253.107
[test]表示控制的组名可以根据实际进行定义，下面添加主机列表

3、命令模块： 
这也是默认的模块，也就是不加-m指定模块时默认的模块，这个模块不能使用包含管道的命令。

[21:51 root@centos6.8/etc/ansible]# ansible-doc -s command
less 436
Copyright (C) 1984-2009 Mark Nudelman

less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
- name: E x e c u t e s   a   c o m m a n d   o n   a   r e m o t e   n o d e
  action: command
      chdir                  # cd into this directory before running the command
      creates                # a filename, when it already exists, this step will *not* be run.
      executable             # change the shell used to execute the command. Should be an absolute path to the executable
      free_form=             # the command module takes a free form command to run.  There is no parameter actually named
      removes                # a filename, when it does not exist, this step will *not* be run.
      warn                   # if command warnings are on in ansible.cfg, do not warn about this particular line if set t
(END)   

[21:56 root@centos6.8/etc/ansible]# ansible test -a 'date'
10.1.252.36 | success | rc=0 >>
Sat Oct 29 19:09:18 CST 2016

10.1.253.107 | success | rc=0 >>
Tue Oct 25 07:27:02 CST 2016

10.1.249.30 | success | rc=0 >>
Sun Oct 30 03:09:17 CST 2016

4、shell模块： 
shell模块也是可以执行命令，与comman模块不同的时，command模块不能执行包含管道的命令，而shell可以:

[21:56 root@centos6.8/etc/ansible]# ansible-doc -s shell
less 436
Copyright (C) 1984-2009 Mark Nudelman

less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
- name: E x e c u t e   c o m m a n d s   i n   n o d e s .
  action: shell
      chdir                  # cd into this directory before running the command
      creates                # a filename, when it already exists, this step will *not* be run.
      executable             # change the shell used to execute the command. Should be an absolute path to the executable
      free_form=             # The shell module takes a free form command to run, as a string.  There's not an actual opt
      removes                # a filename, when it does not exist, this step will *not* be run.
      warn                   # if command warnings are on in ansible.cfg, do not warn about this particular line if set t

[21:58 root@centos6.8/etc/ansible]# ansible test -m shell -a 'echo 111 > /tmp/test.txt'
10.1.252.36 | success | rc=0 >>


10.1.253.107 | success | rc=0 >>


10.1.249.30 | success | rc=0 >>
- 
客户端查看已经生成文件

[root@localhost ~]# cat /tmp/test.txt 
111

5、copy模块：可以把本机的文件拷贝至被管理的机器，通常用于分发配置文件

[21:59 root@centos6.8/etc/ansible]# ansibl-doc -s copy
less 436
Copyright (C) 1984-2009 Mark Nudelman

less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
- name: C o p i e s   f i l e s   t o   r e m o t e   l o c a t i o n s .
  action: copy
      backup                 # Create a backup file including the timestamp information so you can get the original file 
      content                # When used instead of 'src', sets the contents of a file directly to the specified value.
      dest=                  # Remote absolute path where the file should be copied to. If src is a directory, this must 
      directory_mode         # When doing a recursive copy set the mode for the directories. If this is not set we will u
      follow                 # This flag indicates that filesystem links, if they exist, should be followed.
      force                  # the default is `yes', which will replace the remote file when contents are different than 
      group                  # name of the group that should own the file/directory, as would be fed to `chown'
      mode                   # mode the file or directory should be, such as 0644 as would be fed to `chmod'. As of versi
      owner                  # name of the user that should own the file/directory, as would be fed to `chown'
      selevel                # level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as 
      serole                 # role part of SELinux file context, `_default' feature works as for `seuser'.
      setype                 # type part of SELinux file context, `_default' feature works as for `seuser'.
      seuser                 # user part of SELinux file context. Will default to system policy, if applicable. If set to
      src                    # Local path to a file to copy to the remote server; can be absolute or relative. If path is
      validate               # The validation command to run before copying into place.  The path to the file to validate
(END) 

[22:01 root@centos6.8/etc/ansible]# ansible test -m copy -a 'src=/etc/issue dest=/tmp/issu.txt mode=600'
10.1.252.36 | success >> {
    "changed": true, 
    "checksum": "03801eaa2804f96b025d70a7790079068275410a", 
    "dest": "/tmp/issu.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "145f4a07c5bf60603fbf3f14990b38d7", 
    "mode": "0600", 
    "owner": "root", 
    "size": 47, 
    "src": "/root/.ansible/tmp/ansible-tmp-1477576950.16-258334820967730/source", 
    "state": "file", 
    "uid": 0
}

10.1.253.107 | success >> {
    "changed": true, 
    "checksum": "03801eaa2804f96b025d70a7790079068275410a", 
    "dest": "/tmp/issu.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "145f4a07c5bf60603fbf3f14990b38d7", 
    "mode": "0600", 
    "owner": "root", 
    "secontext": "unconfined_u:object_r:admin_home_t:s0", 
    "size": 47, 
    "src": "/root/.ansible/tmp/ansible-tmp-1477576950.6-253946087850559/source", 
    "state": "file", 
    "uid": 0
}

10.1.249.30 | success >> {
    "changed": true, 
    "checksum": "03801eaa2804f96b025d70a7790079068275410a", 
    "dest": "/tmp/issu.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "145f4a07c5bf60603fbf3f14990b38d7", 
    "mode": "0600", 
    "owner": "root", 
    "secontext": "unconfined_u:object_r:admin_home_t:s0", 
    "size": 47, 
    "src": "/root/.ansible/tmp/ansible-tmp-1477576950.99-245450559825172/source", 
    "state": "file", 
    "uid": 0
}
客户端查看测试成功
[22:04 root@centos6.8/etc/ansible]# ansible test a 'ls /tmp/issu.txt''
10.1.252.36 | success | rc=0 >>
/tmp/issu.txt

10.1.249.30 | success | rc=0 >>
/tmp/issu.txt

10.1.253.107 | success | rc=0 >>
/tmp/issu.txt