Ansible版本
[root@HA2 tmp]# rpm -q ansibleansible-2.1.2.0-1.el6.noarch
Ansible配置文件
[root@HA2 tmp]# rpm -ql ansible | less/etc/ansible /etc/ansible/ansible.cfg //配置文件 /etc/ansible/hosts //主機清單 /etc/ansible/roles //角色 /usr/bin/ansible //主程序 /usr/bin/ansible-console /usr/bin/ansible-doc //文檔命令 /usr/bin/ansible-galaxy /usr/bin/ansible-playbook //劇本 /usr/bin/ansible-pull /usr/bin/ansible-vault
Ansible語法
ansible <host-pattern> [options] //all所有/etc/ansible/hosts定義主機 “/”目錄下bin並且統計多少行 [root@HA2 tmp]# ansible all -a 'ls / ' | grep -o "^bin" |wc -l 3
添加一個crontab任務,名稱爲Test,沒4分鐘執行一次
[root@HA2 tmp]# ansible all -m cron -a "name=Test minute=*/4 job='/bin/date >> /tmp/date.log'"
172.16.0.5 | SUCCESS => { "changed": true,
"envs": [],
"jobs": [ "1",
"None",
"Test"
]
}172.16.0.4 | SUCCESS => { "changed": true,
"envs": [],
"jobs": [ "1",
"None",
"Test"
]
}172.16.0.2 | SUCCESS => { "changed": true,
"envs": [],
"jobs": [ "1",
"None",
"Test"
]
}[root@HA2 tmp]# ansible all -a 'crontab -l' 172.16.0.5 | SUCCESS | rc=0 >> #Ansible: 1*/5 * * * * /bin/date > /tmp/date.log #Ansible: None */2 * * * * ls / >> /tmp/root.log #Ansible: Test */4 * * * * /bin/date >> /tmp/date.log 172.16.0.4 | SUCCESS | rc=0 >> #Ansible: 1*/5 * * * * /bin/date > /tmp/date.log #Ansible: None */2 * * * * ls / >> /tmp/root.log #Ansible: Test */4 * * * * /bin/date >> /tmp/date.log 172.16.0.2 | SUCCESS | rc=0 >> #Ansible: 1*/5 * * * * /bin/date > /tmp/date.log #Ansible: None */2 * * * * ls / >> /tmp/root.log #Ansible: Test */4 * * * * /bin/date >> /tmp/date.log
刪除Test這條crontab任務,並確認是否刪除
[root@HA2 tmp]# ansible all -m cron -a "state=absent name=Test minute=*/4 job='/bin/date >> /tmp/date.log'" //刪除任務
172.16.0.5 | SUCCESS => { "changed": true,
"envs": [],
"jobs": [ "1",
"None"
]
}172.16.0.4 | SUCCESS => { "changed": true,
"envs": [],
"jobs": [ "1",
"None"
]
}172.16.0.2 | SUCCESS => { "changed": true,
"envs": [],
"jobs": [ "1",
"None"
]
}
[root@HA2 tmp]# ansible all -a 'crontab -l' //已刪除
172.16.0.5 | SUCCESS | rc=0 >>
#Ansible:
1*/5 * * * * /bin/date > /tmp/date.log
#Ansible: None
*/2 * * * * ls / >> /tmp/root.log
172.16.0.4 | SUCCESS | rc=0 >>
#Ansible:
1*/5 * * * * /bin/date > /tmp/date.log
#Ansible: None
*/2 * * * * ls / >> /tmp/root.log
172.16.0.2 | SUCCESS | rc=0 >>
#Ansible:
1*/5 * * * * /bin/date > /tmp/date.log
#Ansible: None
*/2 * * * * ls / >> /tmp/root.logfetch 備份神器
[root@HA2 tmp]# mkdir `date +%Y` //創建本地備份目錄
[root@HA2 tmp]# ls
2016 date.log yum.log
[root@HA2 tmp]# ansible all -m fetch -a "src=/tmp/fstab1 dest=/tmp/2016" //拉取遠程/tmp/fstab1文件備份到本地目錄/tmp/2016下
172.16.0.5 | SUCCESS => { "changed": true,
"checksum": "1f9cc35736c5df82cd013c7c4445f8ba9fb05062",
"dest": "/tmp/2016/172.16.0.5/tmp/fstab1",
"md5sum": "30fe33abd75b1a24286d146306d3481f",
"remote_checksum": "1f9cc35736c5df82cd013c7c4445f8ba9fb05062",
"remote_md5sum": null
}172.16.0.2 | SUCCESS => { "changed": true,
"checksum": "1f9cc35736c5df82cd013c7c4445f8ba9fb05062",
"dest": "/tmp/2016/172.16.0.2/tmp/fstab1",
"md5sum": "30fe33abd75b1a24286d146306d3481f",
"remote_checksum": "1f9cc35736c5df82cd013c7c4445f8ba9fb05062",
"remote_md5sum": null
}172.16.0.4 | SUCCESS => { "changed": true,
"checksum": "1f9cc35736c5df82cd013c7c4445f8ba9fb05062",
"dest": "/tmp/2016/172.16.0.4/tmp/fstab1",
"md5sum": "30fe33abd75b1a24286d146306d3481f",
"remote_checksum": "1f9cc35736c5df82cd013c7c4445f8ba9fb05062",
"remote_md5sum": null
}
[root@HA2 tmp]# tree 2016/ //查看是否備份成功2016/
├── 172.16.0.2│ └── tmp
│ └── fstab1
├── 172.16.0.4│ └── tmp
│ └── fstab1
└── 172.16.0.5
└── tmp
└── fstab16 directories, 3 filesfile創建遠程連接
[root@HA2 tmp]# ansible all -m file -a 'src=/tmp/fstab1 path=/var/fstab.link state=link'
//創建遠程文件/tmp/fstab1軟連接爲/var/fstab.link
172.16.0.5 | SUCCESS => { "changed": true,
"dest": "/var/fstab.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 11,
"src": "/tmp/fstab1",
"state": "link",
"uid": 0
}
172.16.0.4 | SUCCESS => { "changed": true,
"dest": "/var/fstab.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:var_t:s0",
"size": 11,
"src": "/tmp/fstab1",
"state": "link",
"uid": 0
}
172.16.0.2 | SUCCESS => { "changed": true,
"dest": "/var/fstab.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:var_t:s0",
"size": 11,
"src": "/tmp/fstab1",
"state": "link",
"uid": 0
}
[root@HA2 tmp]# ansible all -m shell -a 'ls -l /var/fst*' //驗證是否正確
172.16.0.5 | SUCCESS | rc=0 >>
lrwxrwxrwx 1 root root 11 Oct 29 22:43 /var/fstab.link -> /tmp/fstab1
172.16.0.2 | SUCCESS | rc=0 >>
lrwxrwxrwx. 1 root root 11 Oct 29 22:43 /var/fstab.link -> /tmp/fstab1
172.16.0.4 | SUCCESS | rc=0 >>
lrwxrwxrwx. 1 root root 11 Oct 29 22:43 /var/fstab.link -> /tmp/fstab1
[root@HA2 tmp]# ansible all -m file -a 'src=/tmp/fstab1 path=/var/fstab.link state=absent'//刪除軟連接,state=absent即可
172.16.0.5 | SUCCESS => { "changed": true,
"path": "/var/fstab.link",
"state": "absent"}
172.16.0.2 | SUCCESS => { "changed": true,
"path": "/var/fstab.link",
"state": "absent"}
172.16.0.4 | SUCCESS => { "changed": true,
"path": "/var/fstab.link",
"state": "absent"}
[root@HA2 tmp]# ansible all -m shell -a 'ls -l /var/fst*' //驗證是否刪除
172.16.0.5 | FAILED | rc=2 >>ls: cannot access /var/fst*: No such file or directory
172.16.0.2 | FAILED | rc=2 >>ls: cannot access /var/fst*: No such file or directory
172.16.0.4 | FAILED | rc=2 >>ls: cannot access /var/fst*: No such file or directoryfile屬性修改
path= owner= mode= 等等比如
[root@HA2 tmp]# ansible all -m file -a 'path=/tmp/fstab1 mode=0777' //設定屬性等於777
172.16.0.5 | SUCCESS => { "changed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"path": "/tmp/fstab1",
"size": 711,
"state": "file",
"uid": 0}172.16.0.2 | SUCCESS => { "changed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"path": "/tmp/fstab1",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 711,
"state": "file",
"uid": 0}172.16.0.4 | SUCCESS => { "changed": false,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"path": "/tmp/fstab1",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 711,
"state": "file",
"uid": 0}
[root@HA2 tmp]# ansible all -a 'ls -l /tmp/fstab1' //驗證權限,沒錯都是777
172.16.0.5 | SUCCESS | rc=0 >>
-rwxrwxrwx 1 root root 711 Oct 29 20:00 /tmp/fstab1172.16.0.2 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 root root 711 Oct 29 20:00 /tmp/fstab1172.16.0.4 | SUCCESS | rc=0 >>
-rwxrwxrwx. 1 root root 711 Oct 29 20:00 /tmp/fstab1file創建目錄
path= state=directory
[root@HA2 tmp]# ansible all -m file -a 'path=/tmp/test state=directory'//在/tmp下創建test目錄
172.16.0.5 | SUCCESS => { "changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/test",
"size": 4096,
"state": "directory",
"uid": 0}172.16.0.2 | SUCCESS => { "changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/test",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0}172.16.0.4 | SUCCESS => { "changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/test",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0}
[root@HA2 tmp]# ansible all -m shell -a 'ls -l /tmp/ | grep test'//驗證是否創建test,發現有test目錄證明創建成功
172.16.0.5 | SUCCESS | rc=0 >>
drwxr-xr-x 2 root root 4096 Oct 29 23:02 test-rw-r--r-- 1 root root 8 Oct 29 20:06 testfile172.16.0.2 | SUCCESS | rc=0 >>
drwxr-xr-x. 2 root root 6 Oct 29 23:02 test-rw-r--r--. 1 root root 8 Oct 29 20:06 testfile172.16.0.4 | SUCCESS | rc=0 >>
drwxr-xr-x. 2 root root 6 Oct 29 23:02 test-rw-r--r--. 1 root root 8 Oct 29 20:06 testfileyum 安裝
[root@HA2 tmp]# ansible all -m yum -a 'name=httpd'
yum 卸載
[root@HA2 tmp]# ansible all -m yum -a 'name=httpd state=absent'
copy ,拷貝本地/tmp/date.log至遠程主機的/tmp目錄下
[root@HA2 tmp]# ansible all -m copy -a "src=/tmp/date.log dest=/tmp"
service 啟動服務並開機主動啟動(enabled等於1為自動啟動,0為關閉自動啟動)
[root@HA2 tmp]# ansible all -m service -a "name=httpd state=started enabled=1"
service 停止並關閉自動自動
[root@HA2 tmp]# ansible all -m service -a "name=httpd state=stopped enabled=0"
service 重啟服務
[root@HA2 tmp]# ansible all -m service -a "name=httpd state=restarted"
service 重載
[root@HA2 tmp]# ansible all -m service -a "name=httpd state=reloaded"
user 創建用戶
[root@HA2 tmp]# ansible all -m user -a "name=mysql uid=306 system=yes"
定義Ansible的yaml
yaml格式
用戶增刪示例
- hosts:all //定義遠程主機 remote_user: root //定義遠程用戶爲root tasks: //定義任務,以縮進爲引導 - name: create a user user5 //定義任務名稱 user: user=user5 system=ture uid=555 [state=absent] //定義創建user5用戶系統用戶uid爲555 []中爲刪除 - name: create a user user6 //定義任務名稱 user: user=user6 uid=666 [state=absent] //定義創建user5用戶系統用戶uid爲555 []中爲刪除
只檢測不執行
[root@HA2 ansible]# ansible-playbook --check xxx.yaml
檢查在那些主機上會執行
[root@HA2 ansible]# ansible-playbook --list-host xxx.yaml
檢查會執行那些TAGS
[root@HA2 ansible]# ansible-playbook --list-tags xxx.yaml
檢查tasks列表
[root@HA2 ansible]# ansible-playbook --list-tasks xxx.yaml
執行
[root@HA2 ansible]# ansible-playbook xxx.yaml
yaml格式
服務安裝配置示例
- hosts: webserver //定義遠程主機 remote_user: root //定義遠程用戶爲root tasks: //定義任務 - name: Yum install httpd service //定義任務名稱 yum: name=httpd //定義Yum Module安裝服務 - name: Copy cinfigure copy: src=config/httpd/conf/httpd.conf7 dest=/etc/httpd/conf/httpd.conf tags: config //定義tags標籤 notify: reload httpd //定義notify通知必須與handlers -name:values一致 - name: Service httpd start service: name=httpd state=started handlers: //定義handlers - name: reload httpd //定義調用上面notify的名稱 service: name=httpd state=reloaded //採取的動作
只運行tags標籤的config
[root@HA2 working]# ansible-playbook -t config xxx.yaml
只運行tags標籤的connfig並且觸發notify通知
[root@HA2 working]# ansible-playbook -t config web.yaml PLAY [webserver] *************************************************************** TASK [setup] ******************************************************************* ok: [172.16.0.4] ok: [172.16.0.2] TASK [Copy cinfigure] ********************************************************** changed: [172.16.0.2] //發現配置文件有變動host changed: [172.16.0.4] //發現配置文件有變動host RUNNING HANDLER [reload httpd] //運行了我們定義的任務 ************************************************* changed: [172.16.0.4] //handlers採取的動作host changed: [172.16.0.2] //handlers採取的動作host PLAY RECAP ********************************************************************* 172.16.0.2 : ok=3 changed=2 unreachable=0 failed=0 172.16.0.4 : ok=3 changed=2 unreachable=0 failed=0
yaml格式
服務安裝配置示例
- hosts: dbserver //定義遠程主機
remote_user: root //定義遠程用戶
tasks: //定義任務
- name: install {{ pkname }} //使用變量,執行命令時可以傳參變量最好保持一致
yum: name={{ pkname }} //使用變量,執行命令時可以傳參,變量最好保持一致執行示例,建議執行前做檢查
[root@HA2 working]# ansible-playbook -e pkname=memcached --check memcached.yaml //執行前檢查,-e參數表示使用變量,pkname=values爲傳參的軟件包名稱 [root@HA2 working]# ansible-playbook -e pkname=memcached memcached.yaml //-e參數表示使用變量,pkname=values爲傳參的軟件包名稱 PLAY [dbserver] **************************************************************** TASK [setup] ******************************************************************* ok: [172.16.0.5] TASK [install memcached] ******************************************************* changed: [172.16.0.5] PLAY RECAP ********************************************************************* 172.16.0.5 : ok=2 changed=1 unreachable=0 failed=0
Host Inventory
定義向不同主機傳遞不同參數
[root@HA2 working]# cat ../hosts | grep -v "#" [webserver] 172.16.0.2 hname=www1 //hname爲變量名 172.16.0.4 hname=www2 //hname爲變量名 [dbserver] 172.16.0.5 hname=dbserver
定義向不同主機傳遞不同參數yaml
[root@HA2 working]# cat hname.yaml
- hosts: all
remote_user: root
tasks:
- name: Modify Hostname
hostname: name={{ hname }} //這裏一定要用{{ values }}執行
[root@HA2 working]# ansible-playbook hname.yaml
查看結果
[root@HA2 working]# ansible all -a "hostname"172.16.0.5 | SUCCESS | rc=0 >> dbserver172.16.0.2 | SUCCESS | rc=0 >> www1172.16.0.4 | SUCCESS | rc=0 >> www2