-
通過yum安裝ansible
已加載插件:fastestmirror, langpacks
base | 2.9 kB 00:00
base/primary_db| 76 kB 00:00
Determining fastest mirrors
正在解決依賴關係
-->正在檢查事務
--->軟件包 ansible.noarch.0.2.3.1.0-3.el7 將被安裝
-->正在處理依賴關係sshpass,它被軟件包 ansible-2.3.1.0-3.el7.noarch 需要
-->正在處理依賴關係 python-paramiko,它被軟件包 ansible-2.3.1.0-3.el7.noarch 需要
-->正在處理依賴關係 python-jinja2,它被軟件包 ansible-2.3.1.0-3.el7.noarch 需要
-->正在處理依賴關係 python-httplib2,它被軟件包 ansible-2.3.1.0-3.el7.noarch 需要
-->正在處理依賴關係 python-crypto,它被軟件包 ansible-2.3.1.0-3.el7.noarch 需要
-->正在處理依賴關係PyYAML,它被軟件包 ansible-2.3.1.0-3.el7.noarch 需要
-->正在檢查事務
--->軟件包 PyYAML.x86_64.0.3.10-11.el7 將被安裝
-->正在處理依賴關係 libyaml-0.so.2()(64bit),它被軟件包 PyYAML-3.10-11.el7.x86_64 需要
--->軟件包 python-httplib2.noarch.0.0.9.1-3.el7 將被安裝
--->軟件包 python-jinja2.noarch.0.2.7.2-2.el7 將被安裝
-->正在處理依賴關係 python-babel >= 0.8,它被軟件包 python-jinja2-2.7.2-2.el7.noarch 需要
-->正在處理依賴關係 python-markupsafe,它被軟件包 python-jinja2-2.7.2-2.el7.noarch 需要
--->軟件包 python-paramiko.noarch.0.2.1.1-2.el7 將被安裝
--->軟件包 python2-crypto.x86_64.0.2.6.1-15.el7 將被安裝
-->正在處理依賴關係 libtomcrypt.so.0()(64bit),它被軟件包 python2-crypto-2.6.1-15.el7.x86_64 需要
--->軟件包 sshpass.x86_64.0.1.06-2.el7 將被安裝
-->正在檢查事務
--->軟件包 libtomcrypt.x86_64.0.1.17-26.el7 將被安裝
-->正在處理依賴關係libtommath>= 0.42.0,它被軟件包 libtomcrypt-1.17-26.el7.x86_64 需要
-->正在處理依賴關係 libtommath.so.0()(64bit),它被軟件包 libtomcrypt-1.17-26.el7.x86_64 需要
--->軟件包 libyaml.x86_64.0.0.1.4-11.el7_0 將被安裝
--->軟件包 python-babel.noarch.0.0.9.6-8.el7 將被安裝
--->軟件包 python-markupsafe.x86_64.0.0.11-10.el7 將被安裝
-->正在檢查事務
--->軟件包 libtommath.x86_64.0.0.42.0-6.el7 將被安裝
-->解決依賴關係完成
依賴關係解決
=============================================================================
Package 架構版本源大小
=============================================================================
正在安裝:
ansible noarch 2.3.1.0-3.el7 base 5.7 M
爲依賴而安裝:
PyYAML x86_64 3.10-11.el7 base 153 k
libtomcrypt x86_64 1.17-26.el7 base 224 k
libtommath x86_64 0.42.0-6.el7 base 36 k
libyaml x86_64 0.1.4-11.el7_0 base 55 k
python-babel noarch 0.9.6-8.el7 base 1.4 M
python-httplib2 noarch 0.9.1-3.el7 base 115 k
python-jinja2 noarch 2.7.2-2.el7 base 515 k
python-markupsafe x86_64 0.11-10.el7 base 25 k
python-paramikonoarch 2.1.1-2.el7 base 267 k
python2-crypto x86_64 2.6.1-15.el7 base 477 k
sshpass x86_64 1.06-2.el7 base 21 k
事務概要
=============================================================================
安裝 1 軟件包 (+11 依賴軟件包)
總下載量:8.9 M
安裝大小:41 M
Downloading packages:
總計 101 MB/s | 8.9 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安裝 : libtommath-0.42.0-6.el7.x86_64 1/12
正在安裝 : libtomcrypt-1.17-26.el7.x86_64 2/12
正在安裝 : python2-crypto-2.6.1-15.el7.x86_64 3/12
正在安裝 : python-babel-0.9.6-8.el7.noarch 4/12
正在安裝 : sshpass-1.06-2.el7.x86_64 5/12
正在安裝 : python-paramiko-2.1.1-2.el7.noarch 6/12
正在安裝 : libyaml-0.1.4-11.el7_0.x86_64 7/12
正在安裝 : PyYAML-3.10-11.el7.x86_64 8/12
正在安裝 : python-markupsafe-0.11-10.el7.x86_64 9/12
正在安裝 : python-jinja2-2.7.2-2.el7.noarch 10/12
正在安裝 : python-httplib2-0.9.1-3.el7.noarch 11/12
正在安裝 : ansible-2.3.1.0-3.el7.noarch 12/12
驗證中 : python-httplib2-0.9.1-3.el7.noarch 1/12
驗證中 : python-jinja2-2.7.2-2.el7.noarch 2/12
驗證中 : python-markupsafe-0.11-10.el7.x86_64 3/12
驗證中 : libyaml-0.1.4-11.el7_0.x86_64 4/12
驗證中 : python2-crypto-2.6.1-15.el7.x86_64 5/12
驗證中 : python-paramiko-2.1.1-2.el7.noarch 6/12
驗證中 : sshpass-1.06-2.el7.x86_64 7/12
驗證中 : PyYAML-3.10-11.el7.x86_64 8/12
驗證中 : python-babel-0.9.6-8.el7.noarch 9/12
驗證中 : libtomcrypt-1.17-26.el7.x86_64 10/12
驗證中 : libtommath-0.42.0-6.el7.x86_64 11/12
驗證中 : ansible-2.3.1.0-3.el7.noarch 12/12
已安裝:
ansible.noarch 0:2.3.1.0-3.el7
作爲依賴被安裝:
PyYAML.x86_64 0:3.10-11.el7
libtomcrypt.x86_64 0:1.17-26.el7
libtommath.x86_64 0:0.42.0-6.el7
libyaml.x86_64 0:0.1.4-11.el7_0
python-babel.noarch 0:0.9.6-8.el7
python-httplib2.noarch 0:0.9.1-3.el7
python-jinja2.noarch 0:2.7.2-2.el7
python-markupsafe.x86_64 0:0.11-10.el7
python-paramiko.noarch 0:2.1.1-2.el7
python2-crypto.x86_64 0:2.6.1-15.el7
sshpass.x86_64 0:1.06-2.el7
完畢!
Ansible 2.3.1.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides
python version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
3.創建ssh面交互登錄
| Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: b1:6d:93:de:5e:a3:9c:e5:56:cc:64:2c:fe:ce:82:71 [email protected] The key's randomart image is: +--[ RSA 2048]----+ |
|
|---|---|
| . . | |
| + . . + | |
| S = . * | |
| o o. E + | |
| . .++o | |
| o.*oo. | |
| =..oo |
+-----------------+
The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established.
ECDSA key fingerprint is d3:34:18:89:73:c8:d3:47:e4:7d:36:c7:a3:62:17:b6.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
4.ansible配置
//192.168.1.3
(1)只對web組中的192.168.1.2主機操作。通過—limit參數限定主機的變更(被管理主機並未安裝服務)
[root@node1 ~]# ansible web -m command -a "systemctl status vsftpd" --limit "192.168.1.2"
192.168.1.2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
(2)只對192.168.1.2主機操作。通過ipip限定主機的變更
[root@node1 ~]# ansible 192.168.1.2 -m command -a "systemctl status vsftpd"
192.168.1.2 | FAILED | rc=1 >>
Unknown operation '1status'.
(3)只對192.168.1.0網段主機操作。通過通配符限定主機的變更
[root@node1 ~]# ansible 192.168.1.* -m command -a "systemctl status vsftpd"
192.168.1.2 | FAILED | rc=1 >>
Unknown operation '1status'.
二、ansible常用命令
- ansible
(1)檢查所有主機是否存活
[root@node1 ~]# ansible -i /etc/ansible/hosts web -f 5 -m ping
192.168.1.2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.3 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.1.3 port 22: No route to host\r\n",
"unreachable": true
}
(2)列出web組中所有的主機列表
[root@node1 ~]# ansible web --list
hosts (2):
192.168.1.2
192.168.1.3
(3)批量顯示web組中的磁盤使用空間
[root@node1 ~]# ansible 192.168.1.2 -m command -a "df -hT"
192.168.1.2 | SUCCESS | rc=0 >>
文件系統類型容量已用可用已用% 掛載點
/dev/mapper/cl-root xfs 17G 3.8G 14G 22% /
devtmpfsdevtmpfs 897M 0 897M 0% /dev
tmpfstmpfs 912M 144K 912M 1% /dev/shm
tmpfstmpfs 912M 9.0M 903M 1% /run
tmpfstmpfs 912M 0 912M 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 173M 842M 18% /boot
tmpfstmpfs 183M 16K 183M 1% /run/user/0
/dev/sr0 iso9660 4.1G 4.1G 0 100% /run/media/root/CentOS 7 x86_64
- ansible-doc
(1)列出支持的模塊
[root@node1 ~]# ansible-doc -l
三、ansible模塊
1.command模塊:
示例:
在所有主機上執行”ls /etc”命令,運行前切換到/etc 目錄
[root@node1 ~]# ansible all -m command -a "chdir=/etc ls"
2.shell模塊
示例:
[root@node1 ~]# ansible all -m shell -a echo "hello">>/tmp/hello.txt'
[root@node1 ~]#ssh 192.168.1.2 cat /tmp/hello.txt
Hello
3.copy模塊:
示例:
[root@node1 ~]# ansible web -m copy -a "src=/etc/hosts dest=/tmp mode=777 owner=nobody group=root"
4.hostname模塊:用於管理遠程主機上的主機名,常用參數如下
name:指明主機名
示例
[root@node1 ~]# ansible 192.168.1.2 -mostname -a name=aaa"
5.yum模塊
示例:
[root@node1 ~]# ansible web -m yum -a "name=vsftp state=present"
提示:若沒有配置yum倉庫,則提示如下
192.168.1.2 | FAILED! => {
"changed": false,
"failed": true,
"msg": "Failure talking to yum: 'ascii' codec can't encode characters in position 173-177: ordinal not in range(128)"
}
若配置了yum倉庫,則提示如下
192.168.1.2 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [省略部分信息…
查看vsftp包
root@node1 ~]#ssh 192.168.1.2 rpm -qa|grepvsftpd
vsftpd-tools-2.4.6-45.el7.centos.x86_64
vsftpd-2.4.6-45.el7.centos.x86_64
6.service模塊:
示例:
[root@node1 ~]# ansible web -m service -a "name=vsftpd state=started enabled=yes"
192.168.1.2 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "vsftpd",
"state": "started",
"status": {
7.user模塊:
示例:
[root@node1 ~]# ansible web -m user -a 'name=user1 system=yes uid=502 group=root'
192.168.1.2 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 0,
"home": "/home/user1",
"name": "user1",
"shell": "/bin/bash",
"state": "present",
"system": true,
"uid": 502
}
四、playboo配置文件
1.執行playbook示例:
要求:創建用戶user2和組gongchengbu
[root@node1 ~]# vim /etc/ansible/a.yml
- hosts: web
remote_user: root
tasks:- name: adduser
user: name=user2 state=present
tags:- aaa
- name: addgroup
group: name=root system=yes
tags:- bbb
(1)語法檢查
[root@node1 ~]# ansible-playbook --syntax-check /etc/ansible/a.yml
- bbb
- name: adduser
playbook: /etc/ansible/a.yml
(2)預測試
[root@node1 ~]# ansible-playbook -C /etc/ansible/a.yml
PLAY [web] *****
TASK [Gathering Facts] *****
ok: [192.168.1.2]
TASK [adduser] *****
changed: [192.168.1.2]
TASK [addgroup] ****
ok: [192.168.1.2]
PLAY RECAP *****
192.168.1.2 : ok=3 changed=1 unreachable=0 failed=0
(3)列出主機
[root@node1 ~]# ansible-playbook --list-host /etc/ansible/a.yml
playbook: /etc/ansible/a.yml
play #1 (web): web TAGS: []
pattern: [u'web']
hosts (1):
192.168.1.2(4).列出任務
[root@node1 ~]# ansible-playbook --list-tasks /etc/ansible/a.yml
playbook: /etc/ansible/a.yml
play #1 (web): web TAGS: []
tasks:
adduser TAGS: [aaa]
addgroup TAGS: [bbb]
(5).列出標籤
[root@node1 ~]# ansible-playbook --list-tags /etc/ansible/a.yml
playbook: /etc/ansible/a.yml
play #1 (web): web TAGS: []
TASK TAGS: [aaa, bbb]
(6).執行任務
[root@node1 ~]# ansible-playbook /etc/ansible/a.yml
PLAY [web] *****
TASK [Gathering Facts] *****
ok: [192.168.1.2]
TASK [adduser] *****
changed: [192.168.1.2]
TASK [addgroup] ****
ok: [192.168.1.2]
PLAY RECAP *****
192.168.1.2 : ok=3 changed=1 unreachable=0 failed=0
2.觸發器
[root@node1 ~]# vim /etc/ansible/vsftpd.yml
- hosts: web
remote_user: root
tasks:- name: change port
command: sed -i 's/Listen\ 80 /Listen\ 8080/g' /etc/vsftpd/conf/vsftpd. conf
notify:- restart vsftpd server
handlers: - name: restart vsftpd server
service: name=vsftpd state=restarted
[root@node1 ~]# ansible-playbook --syntax-check /etc/ansible/vsftpd.yml
- restart vsftpd server
- name: change port
playbook: /etc/ansible/vsftpd.yml
3.角色:下面通過案例的方式瞭解角色的使用
實驗案例一:
在被管理主機上自動安裝mariadb
安裝完成後上傳提前準備好的配置文件到遠端主機,
重啓服務
新建數據庫
允許test用戶擁有所有的權限
本案例將練習通過角色進行自動化管理
案例實現步驟
(1) 被管理主機配置yum源
(2) 配置數據庫角色
創建角色目錄
[root@node1 ~]#mkdir -pv /etc/ansible/roles/mariadb/{files,tasks,handlers}
進入mariadb角色文件夾的tasks
#cd /etc/ansible/roles/mariadb/task
#vim main.yml
- name: install mariadb
yum: name=mariadb-server state=present - name: move config file
shell: "[ -e /etc/my.cnf ]&& mv /etc/my.cnf /etc/my.cnf.bak" - name: provide a new config file
copy: src=my.cnfdest=/etc/my.cnf - name: reload mariadb
shell: systemctlrestart mariadb - name: create database testdb
shell: mysql -u root -e "create database testdb;grant all on testdb.* to 'test'@'192.168.1.%' identified by 'test123';flush privileges;"
notify: -
restart mariadb
進入mariadb角色文件夾的handlers
#cd /etc/ansible/roles/mariadb/handlers
#vim main.yml -
name: restart mariadb
service: name=mariadb state=restarted
...
進入mariadb角色文件夾的files,確保其下有my.cnf配置文件
#cp /etc/my.cnf /etc/ansible/roles/mariadb/files
進入/etc/ansible目錄創建.yml配置文件
# vim /etc/ansible/mariadb.yml- hosts: web
remote_user: root
roles: - mariadb
...
(3) 執行配置文件
# ansible-playbook /etc/ansible/mariadb.yml
- hosts: web
(4) 在被管理端上驗證,使用test數據庫用戶能否登錄mariadb,數據庫是否存在
實驗案例二:
ftp服務器安裝vsftpd服務器軟件
上傳管理端的soft目錄到vsftpd的工作目錄
通過ansible在被管理主機上創建用戶zhangsan,密碼123456
通過ansible將vsftpd服務設置爲開機自啓
通過ansible修改vsftpd配置文件,禁止匿名下載
1.首先在管理端上安裝好vsftpd
#yum -y install vsftpd
2.創建角色目錄
[root@node1 ~]#mkdir -pv /etc/ansible/roles/mariadb/{files,tasks,handlers}
3.進入vsftpd角色文件夾的tasks
#cd /etc/ansible/roles/vsftpd/task
#vim main.yml
- name: install vsftpd
yum: name=vsftpd state=present - name: move config file
shell: "[ -e /etc/vsftpd/vsftpd.conf ]&& mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak" - name: provide a new config file
copy: src=vsftpd.confdest=/etc/vsftpd/vsftpd.conf - name: reload vsftpd
shell: systemctl restart vsftpd - name: shangchuan
copy: src=/soft dest=/etc/vsftpd - name: zidongqidong
shell: systemctl enable vsftpd - name: create user
user: name=zhangsan state=present -
name: set password
shell: echo "123456"|passwd --stdin zhangsan
...
編輯角色配置文件
[root@node1 ~]# vim /etc/ansible/vsftpd.yml - hosts: web
remote_user: root
roles:- vsftpd
...
執行配置文件
# ansible-playbook /etc/ansible/vsftpd.yml
在被管理端上驗證
- vsftpd