安裝
使用extras倉庫裏面的最新的ansible包
ansible-2.4.1.0-1.el7.noarch
/etc/ansible #配置文件目錄
/etc/ansible/ansible.cfg #主配置文件
/etc/ansible/hosts #定義被管理的客戶端
/etc/ansible/roles #
主程序:
ansible
ansible-playbook
ansible-doc
vim /etc/ansible/hosts
## [webservers] #定義組名
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
## www[001:006].example.com #如果組類擁有同樣的命名規範,我們還可以展開
例子
[webserver]
172.18.25.51
172.18.25.52
[dbserver]
172.18.25.52
172.18.25.53
我們這裏可以是所有被管控的機器都使用一樣的密鑰
[ root@node1 ~ ]# ssh-kengen -t rsa -P ''
[ root@node1 ~ ]# for i in 51 52 53 ;do ssh-copy-id -i ~/.ssh/id_rsa.pub
root@172.18.25.$i; done
然後手動嘗試連接驗證一下
ansible的簡單使用格式:
ansible HOST-PATTERN -m MOD_NAME -a MOD_ARGS -f FORKS -C -u USERNAME -c CONNECTION
ansible的常用模塊:
獲取模塊列表:
ansible-doc -l
command模塊:在遠程主機運行命令;
chdir=:執行命令前切換工作目錄至指定的位置;
creates=/PATH/TO/SOMEFILE_OR_DIR:如果此處給定的文件或目錄存在,則不執行命令;
removes=/PATH/TO/SOMEFILE_OR_DIR:如果此處給定的文件或目錄不存在,則不執行命令;
意爲:令此處給定的文件或目錄存在時方執行命令;
例子:
[ root@node1 ~ ]# ansible webserver -m command -a "useradd ygl"
172.18.25.51 | SUCCESS | rc=0 >>
172.18.25.52 | SUCCESS | rc=0 >>
shell模塊:在遠程主機在shell進程下運行命令,支持shell特性,如管道等;
chdir=:執行命令前切換工作目錄至指定的位置;
creates=/PATH/TO/SOMEFILE_OR_DIR:如果此處給定的文件或目錄存在,則不執行命令;
removes=/PATH/TO/SOMEFILE_OR_DIR:如果此處給定的文件或目錄不存在,則不執行命令;
意爲:令此處給定的文件或目錄存在時方執行命令;
executable=/PATH/TO/SHELL:指定運行命令使用的shell解釋器;
例子:
[ root@node1 ~ ]# ansible webserver -m shell -a “echo 123 | passwd –stdin ygl”
172.18.25.51 | SUCCESS | rc=0 >>
更改用戶 ygl 的密碼 。
passwd:所有的身份驗證令牌已經成功更新。
172.18.25.52 | SUCCESS | rc=0 >>
更改用戶 ygl 的密碼 。
passwd:所有的身份驗證令牌已經成功更新。
group模塊:管理組賬號
*name=
state= #present 創建 #absent 刪除
system= #是否是系統賬號
gid=
例子:
[ root@node1 ~ ]# ansible webserver -m group -a "name=haproxy system=yes state=present"
172.18.25.52 | SUCCESS => {
"changed": true,
"failed": false,
"gid": 993,
"name": "haproxy",
"state": "present",
"system": true
}
172.18.25.51 | SUCCESS => {
"changed": true,
"failed": false,
"gid": 993,
"name": "haproxy",
"state": "present",
"system": true
}
[ root@node1 ~ ]# ansible webserver -m group -a "name=haproxy system=yes state=absent"
172.18.25.52 | SUCCESS => {
"changed": true,
"failed": false,
"name": "haproxy",
"state": "absent"
}
172.18.25.51 | SUCCESS => {
"changed": true,
"failed": false,
"name": "haproxy",
"state": "absent"
}
user模塊:管理用戶賬號
[ root@node1 ~ ]# ansible-doc -s user
如果後面接受裏面有(required)表示必須要寫的,不可省略。
*name=
system=
uid=
shell=
group=
groups= #附加主
comment= #註釋
home=
generate_ssh_key= ture/false#是否生成一個ssh_key密鑰
local=
例子:
#創建tom用戶,同名所屬組,附加組爲haproxy,uid爲3000
shell是tcsh,並且生成ss_key.
[ root@node1 ~ ]# ansible webserver -m user -a "name=tom groups=haproxy state=present uid=3000 shell=/bin/tcsh generate_ssh_key=true"
172.18.25.51 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"failed": false,
"group": 3000,
"groups": "haproxy",
"home": "/home/tom",
"name": "tom",
"shell": "/bin/tcsh",
"ssh_fingerprint": "2048 58:f3:82:5f:c6:cb:c4:e0:96:0e:61:9c:63:5f:5f:2d ansible-generated on node1 (RSA)",
"ssh_key_file": "/home/tom/.ssh/id_rsa",
"ssh_public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo9QnI4Q2S5WNjJ7Spj5jwYeLtH8v3JNiG+y1Oj+Qsnbc/AR6hs3tAMEDUW8MkUXqJT8QUwhAxugB5jdl2y4Yc4Y/s2tQ5PS+N2h6/N56xMQyrVqh26RF+yTEHc3LJhUM/cdHEJrnBFvV9h+S6IaxEOHL/mCzXJ46tPTvorIpkPWyvkfjqdGwyac4GGbcFmPa2GXiO0WuIADdK/GTFHTAyq+r3SisYTNDuGFWMl0HCXKujbQhsEwrPvlHfPH9nnuKp5C+4c7mZ8BMyk3MQgbu/0eI3y51YOC3yi/4eVdEYc6AxE8ifcHkjjTSGudifF7vhlBIoYvzbvey8wf4Tct5D ansible-generated on node1",
"state": "present",
"system": false,
"uid": 3000
}
172.18.25.52 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"failed": false,
"group": 3000,
"groups": "haproxy",
"home": "/home/tom",
"name": "tom",
"shell": "/bin/tcsh",
"ssh_fingerprint": "2048 97:0f:72:fd:fc:13:38:4a:fc:28:63:02:c4:f6:29:53 ansible-generated on node2 (RSA)",
"ssh_key_file": "/home/tom/.ssh/id_rsa",
"ssh_public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXS6KtT6zPnFceO1TNLd1jVssT2419VdbL/2OC3LnALoqS0Dyb7ZSJEIocSgoGAVGmSg0JJTKgBf7aBM6agH44ZrZfTEn24C/4t83uRusVA9N8rnGhqOrTLn0U/Hrjdew7wXfnZaJmuoAyh2lQOESKrYflxWmA3z+RJwq5yQELTGGFpJq5cUYhXW13ItI2cxeDq5l9NJx/lOceNkjGXMtMLjtU0vKhaRudKaeXpLoxdHerVYdVVOvyjfHdRMycQRyfgLl+OivbmyfCx8far7JTWf4W+sSVTx/gh6nK2E/5jIGvrInDZWsvq/cePBGvU6S0Fv/MuW979b6VLaS8Te3 ansible-generated on node2",
"state": "present",
"system": false,
"uid": 3000
}
修改的話,比如把uid改成4000,
但是像ssh_key這種已經生成了的,把true改成false的話,是不能刪除掉之前的密鑰的。
copy模塊: Copies files to remote locations.
用法:
(1) src= dest=
(2) content= dest=
owner, group, mode
例子:使用用法(1)
[ root@node1 ~ ]# ansible all -m copy -a "src=test.txt dest=/tmp/ owner=daemon group=nobody mode=644"
172.18.25.52 | SUCCESS => {
"changed": true,
"checksum": "909b3eb9cf443e1fe007b9940910c1b5370157b6",
"dest": "/tmp/test.txt",
"failed": false,
"gid": 99,
"group": "nobody",
"md5sum": "b5ab68405ea7f38841f44964cac71a3a",
"mode": "0644",
"owner": "daemon",
"size": 31,
"src": "/root/.ansible/tmp/ansible-tmp-1511897155.3-203125776259926/source",
"state": "file",
"uid": 2
}
172.18.25.51 | SUCCESS => {
"changed": true,
"checksum": "909b3eb9cf443e1fe007b9940910c1b5370157b6",
"dest": "/tmp/test.txt",
"failed": false,
"gid": 99,
"group": "nobody",
"md5sum": "b5ab68405ea7f38841f44964cac71a3a",
"mode": "0644",
"owner": "daemon",
"size": 31,
"src": "/root/.ansible/tmp/ansible-tmp-1511897155.29-136104449376316/source",
"state": "file",
"uid": 2
}
172.18.25.53 | SUCCESS => {
"changed": true,
"checksum": "909b3eb9cf443e1fe007b9940910c1b5370157b6",
"dest": "/tmp/test.txt",
"failed": false,
"gid": 99,
"group": "nobody",
"md5sum": "b5ab68405ea7f38841f44964cac71a3a",
"mode": "0644",
"owner": "daemon",
"size": 31,
"src": "/root/.ansible/tmp/ansible-tmp-1511897155.38-10083863563401/source",
"state": "file",
"uid": 2
}
使用用法(2)直接生成一些內容
[ root@node1 ~ ]# ansible all -m copy -a "content='hello there \nhow are you' dest=/tmp/test2.txt owner=daemon group=nobody mode=644"
172.18.25.53 | SUCCESS => {
"changed": true,
"checksum": "48ac9867d3152d279d7409b994356818ce61b54e",
"dest": "/tmp/test2.txt",
"failed": false,
"gid": 99,
"group": "nobody",
"md5sum": "65b97a6f52bed5bf307dd96ba01dfae0",
"mode": "0644",
"owner": "daemon",
"size": 24,
"src": "/root/.ansible/tmp/ansible-tmp-1511897535.05-274804325591646/source",
"state": "file",
"uid": 2
}
172.18.25.52 | SUCCESS => {
"changed": true,
"checksum": "48ac9867d3152d279d7409b994356818ce61b54e",
"dest": "/tmp/test2.txt",
"failed": false,
"gid": 99,
"group": "nobody",
"md5sum": "65b97a6f52bed5bf307dd96ba01dfae0",
"mode": "0644",
"owner": "daemon",
"size": 24,
"src": "/root/.ansible/tmp/ansible-tmp-1511897535.05-210909367052491/source",
"state": "file",
"uid": 2
}
172.18.25.51 | SUCCESS => {
"changed": true,
"checksum": "48ac9867d3152d279d7409b994356818ce61b54e",
"dest": "/tmp/test2.txt",
"failed": false,
"gid": 99,
"group": "nobody",
"md5sum": "65b97a6f52bed5bf307dd96ba01dfae0",
"mode": "0644",
"owner": "daemon",
"size": 24,
"src": "/root/.ansible/tmp/ansible-tmp-1511897535.04-149048632090006/source",
"state": "file",
"uid": 2
}
fetch模塊:Fetches a file from remote nodes
file模塊: Sets attributes of files
用法:
(1) 創建鏈接文件:*path= src= state=link
(2) 修改屬性:path= owner= mode= group=
(3) 創建目錄:path= state=directory
注意:state屬性的可用值
file, #表示必須是一個文件
directory, #表示不過不存在就創建一個目錄
link, #表示是一個鏈接
hard, #表示是一個硬鏈接
touch, #表示不存在就創建一個空文件
absent #表示刪除
例子:創建目錄
[ root@node1 ~ ]# ansible all -m file -a "path=/tmp/hidir state=directory owner=nobody mode=777"
172.18.25.52 | SUCCESS => {
"changed": true,
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "nobody",
"path": "/tmp/hidir",
"size": 6,
"state": "directory",
"uid": 99
}
172.18.25.53 | SUCCESS => {
"changed": true,
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "nobody",
"path": "/tmp/hidir",
"size": 6,
"state": "directory",
"uid": 99
}
172.18.25.51 | SUCCESS => {
"changed": true,
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "nobody",
"path": "/tmp/hidir",
"size": 6,
"state": "directory",
"uid": 99
}
例子:創建空文件
[ root@node1 ~ ]# ansible all -m file -a "path=/tmp/hifile state=touch owner=nobody mode=777"
172.18.25.51 | SUCCESS => {
"changed": true,
"dest": "/tmp/hifile",
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "nobody",
"size": 0,
"state": "file",
"uid": 99
}
172.18.25.52 | SUCCESS => {
"changed": true,
"dest": "/tmp/hifile",
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "nobody",
"size": 0,
"state": "file",
"uid": 99
}
172.18.25.53 | SUCCESS => {
"changed": true,
"dest": "/tmp/hifile",
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "nobody",
"size": 0,
"state": "file",
"uid": 99
}
例子:創建一個鏈接,注意這個源文件是指的目標服務器上的源文件。
[ root@node1 ~ ]# ansible all -m file -a "path=/tmp/mytest.txt src=/tmp/test2.txt state=link"
172.18.25.52 | SUCCESS => {
"changed": true,
"dest": "/tmp/mytest.txt",
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 14,
"src": "/tmp/test2.txt",
"state": "link",
"uid": 0
}
172.18.25.53 | SUCCESS => {
"changed": true,
"dest": "/tmp/mytest.txt",
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 14,
"src": "/tmp/test2.txt",
"state": "link",
"uid": 0
}
172.18.25.51 | SUCCESS => {
"changed": true,
"dest": "/tmp/mytest.txt",
"failed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 14,
"src": "/tmp/test2.txt",
"state": "link",
"uid": 0
}
刪除符號鏈接
[ root@node1 ~ ]# ansible all -m file -a "path=/tmp/mytest.txt state=absent"
172.18.25.52 | SUCCESS => {
"changed": true,
"failed": false,
"path": "/tmp/mytest.txt",
"state": "absent"
}
172.18.25.53 | SUCCESS => {
"changed": true,
"failed": false,
"path": "/tmp/mytest.txt",
"state": "absent"
}
172.18.25.51 | SUCCESS => {
"changed": true,
"failed": false,
"path": "/tmp/mytest.txt",
"state": "absent"
}
get_url模塊: Downloads files from HTTP, HTTPS, or FTP to node
*url=
*dest=
sha256sum=
owner, group, mode
例子: 然三個主機都下載redis並放在/tmp/目錄下
[ root@node1 ~ ]# ansible all -m get_url -a
"url=http://download.redis.io/releases/redis-4.0.2.tar.gz dest=/tmp/"
172.18.25.51 | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "d2588569a35531fcdf03ff05cf0e16e381bc278f",
"dest": "/tmp/redis-4.0.2.tar.gz",
"failed": false,
"gid": 0,
"group": "root",
"md5sum": "f0497cc1311cd10dfdf215e9e6fd7416",
"mode": "0644",
"msg": "OK (1713990 bytes)",
"owner": "root",
"size": 1713990,
"src": "/tmp/tmpSYXHve",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "http://download.redis.io/releases/redis-4.0.2.tar.gz"
}
172.18.25.53 | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "d2588569a35531fcdf03ff05cf0e16e381bc278f",
"dest": "/tmp/redis-4.0.2.tar.gz",
"failed": false,
"gid": 0,
"group": "root",
"md5sum": "f0497cc1311cd10dfdf215e9e6fd7416",
"mode": "0644",
"msg": "OK (1713990 bytes)",
"owner": "root",
"size": 1713990,
"src": "/tmp/tmp4EF_zu",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "http://download.redis.io/releases/redis-4.0.2.tar.gz"
}
172.18.25.52 | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "d2588569a35531fcdf03ff05cf0e16e381bc278f",
"dest": "/tmp/redis-4.0.2.tar.gz",
"failed": false,
"gid": 0,
"group": "root",
"md5sum": "f0497cc1311cd10dfdf215e9e6fd7416",
"mode": "0644",
"msg": "OK (1713990 bytes)",
"owner": "root",
"size": 1713990,
"src": "/tmp/tmpKb1mA2",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "http://download.redis.io/releases/redis-4.0.2.tar.gz"
}
git模塊:Deploy software (or files) from git checkouts
repo= #倉庫路徑
dest= #克隆後目標存放路徑
version= #獲取是選取哪個版本,默認是最新的
例子:首先在webserver上面安裝git,然後在github上面下載fastdfs並放在/tmp/下
[ root@node1 ~ ]# ansible webserver -m yum -a "name=git state=latest"
[ root@node1 ~ ]# ansible webserver -m git -a"repo=https://github.com/happyfish100/fastdfs.git dest=/tmp/fastdfs"
deploy_helper模塊:Manages some of the steps common in deploying projects.
haproxy模塊:Enable, disable, and set weights for HAProxy backend servers using socket commands.
backend=
host=
state=
weight=
cron 模塊:Manage cron.d and crontab entries.
minute=
day=
month=
weekday=
hour=
job=
*name=
state=
present:創建
absent:刪除
例子:每隔五分鐘所有機器都去172..18.0.1上面同步一次時間。
[ root@node1 ~ ]# ansible all -m cron -a "name='timesync' job='/usr/sbin/ntpdate 172.18.0.1 &> /dev/null' minute='*/5'"
172.18.25.53 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": [
"timesync"
]
}
172.18.25.52 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": [
"timesync"
]
}
172.18.25.51 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": [
"timesync"
]
}
[ root@node1 ~ ]# crontab -l
#Ansible: timesync
*/5 * * * * /usr/sbin/ntpdate 172.18.0.1 &> /dev/null
刪除定義的計劃任務
[ root@node1 ~ ]# ansible all -m cron -a "name='timesync' job='/usr/sbin/ntpdate 172.18.0.1 &> /dev/null' minute='*/5' state=absent"
172.18.25.52 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": []
}
172.18.25.53 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": []
}
172.18.25.51 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": []
}
創建計劃任務,但是不啓用,也就是被註釋的
[ root@node1 ~ ]# ansible all -m cron -a "name='timesync' job='/usr/sbin/ntpdate 172.18.0.1 &> /dev/null' minute='*/5' state=present disabled=true"
172.18.25.52 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": [
"timesync"
]
}
172.18.25.53 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": [
"timesync"
]
}
172.18.25.51 | SUCCESS => {
"changed": true,
"envs": [],
"failed": false,
"jobs": [
"timesync"
]
}
[ root@node1 ~ ]# crontab -l
#Ansible: timesync
#*/5 * * * * /usr/sbin/ntpdate 172.18.0.1 &> /dev/null
hostname模塊:Manage hostname
name=
pip模塊:Manages Python library dependencies. #管理python庫依賴關係
name=
state=
version=
npm模塊:Manage node.js packages with npm #用npm管理node.js包
name=
state=
version=
yum模塊:Manages packages with the `yum' package manager
name=:程序包名稱,可以帶版本號;
state=
present,
latest, #最新的
installed
absent,
removed
其它的包管理工具:apt(debian), zypper(suse), dnf(fedora), rpm, dpkg, ...
例子:都yum安裝 nginx
[ root@node1 ~ ]# ansible webserver -m yum -a "name=nginx state=latest"
[ root@node1 ~ ]# ansible webserver -m yum -a "list=nginx"
172.18.25.51 | SUCCESS => {
"changed": false,
"failed": false,
"results": [
{
"arch": "x86_64",
"envra": "1:nginx-1.10.2-1.el7.x86_64",
"epoch": "1",
"name": "nginx",
"release": "1.el7",
"repo": "epel",
"version": "1.10.2",
"yumstate": "available"
},
{
"arch": "x86_64",
"envra": "1:nginx-1.10.2-1.el7.x86_64",
"epoch": "1",
"name": "nginx",
"release": "1.el7",
"repo": "installed",
"version": "1.10.2",
"yumstate": "installed"
}
]
}
172.18.25.52 | SUCCESS => {
"changed": false,
"failed": false,
"results": [
{
"arch": "x86_64",
"envra": "1:nginx-1.10.2-1.el7.x86_64",
"epoch": "1",
"name": "nginx",
"release": "1.el7",
"repo": "epel",
"version": "1.10.2",
"yumstate": "available"
},
{
"arch": "x86_64",
"envra": "1:nginx-1.10.2-1.el7.x86_64",
"epoch": "1",
"name": "nginx",
"release": "1.el7",
"repo": "installed",
"version": "1.10.2",
"yumstate": "installed"
}
]
}
service模塊:管理服務
*name=
state=
started
stopped
restarted
enabled=
runlevel= #運行級別
例子:啓動之前使用ansible批量安裝的ngixn
[ root@node1 ~ ]# ansible webserver -m service -a "name=nginx enabled=true state=started"
172.18.25.51 | SUCCESS => {
"changed": true,
"enabled": true,
"failed": false,
"name": "nginx",
"state": "started",
"status": {
...
}
}
172.18.25.52 | SUCCESS => {
"changed": true,
"enabled": true,
"failed": false,
"name": "nginx",
"state": "started",
"status": {
...
}
}