准备两台机器,一台作为服务端,一台作为客户端
1、在其中一台服务端上安装ansible
[root@zhouyuyao ~]# yum install -y epel-release
[root@zhouyuyao ~]# yum install -y ansible
2、配置密钥
在服务端生成密钥对:
[root@database ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
7e:90:5c:3b:e2:71:4d:ed:e8:fc:ed:7b:21:42:c5:43 root@database
The key's randomart image is:
+--[ RSA 2048]----+
| oE |
| = |
| . o o |
| . o = o |
| S = o . |
| o = = . . |
| o . + . .|
| . . ..|
| .o=|
+-----------------+
把公钥(id_rsa.pub)内容放到对方机器的/root/.ssh/authorized_keys,本机也要操作cat id_rsa.pub >>authorized_keys.
设置权限:chmod 600 authorized_keys
关闭selinux和iptables
3、测试服务端能ssh连接客户端
/*如报错msg则安装libselinux-python包*/
4、修改ansible配置文件
vim /etc/ansible/hosts
添加
[testhosts]
127.0.0.1
192.168.44.131
保存退出
ansible默认使用root用户登录远程服务,如生产机上环境进行了安全加固不允许root直接登录,而许多命令又需要root用户来执行,那么可以通过一个普通账户先登录,再su切换到root执行,希望在通过ansible执行的时候不需要交互输入密码,而是直接执行后的输出结果。
那么可从官网信息了解到,除了ansible_ssh_user、ansible_ssh_pass变量外,还为su切换提供了ansible_su_pass变量,通过该变量我们可以把root密码直接写到配置文件中。具体如下:
[root@database ~]# cat /etc/ansible/hosts
[testhosts]
192.168.44.134 ansible_ssh_user=test ansible_ssh_pass=111111 ansible_su_pass=*I2145
192.168.44.135 ansible_ssh_user=test ansible_ssh_pass=xyz123 ansible_su_pass=mn1Pokm
192.168.44.136 ansible_ssh_user=amos ansible_ssh_pass=asdf ansible_su_pass=xyzp)okm
5、在服务端使用ansible远程执行命令
[root@database ~]# ansible 192.168.44.131 -m command -a "w"
192.168.44.131 | SUCCESS | rc=0 >>
10:40:12 up 50 min, 4 users, load average: 0.00, 0.04, 0.08
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 09:49 50:20 0.01s 0.01s -bash
root pts/0 192.168.44.1 09:50 4.00s 0.10s 0.03s ssh 192.168.44.131
root pts/1 192.168.44.131 10:35 4.00s 0.46s 0.00s ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/ansible-ssh-%h-%p-%r -tt 192.168.44.131 /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1490020811.62-276287230088127/command.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1490020811.62-2762872
root pts/3 192.168.44.131 10:40 0.00s 0.10s 0.02s w
/*如报错msg则安装libselinux-python包*/
[root@database ~]# ansible 192.168.44.131 -m shell -a "hostname"
192.168.44.131 | SUCCESS | rc=0 >>
database
[root@database ~]# ansible 192.168.44.131 -m shell -a "cat /etc/passwd |grep root"
192.168.44.131 | SUCCESS | rc=0 >>
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
shell支持带管道的命令,command是不支持的
shell能实现的功能command不一定能实现,command能实现的功能shell一定能实现。
6、ansible拷贝目录或文件:
[root@ansible ~]# ansible 192.168.44.129 -m copy -a "src=/etc/ansible dest=/tmp/ansibletest owner=root group=root mode=0644"
192.168.44.129 | SUCCESS => {
"changed": false,
"dest": "/tmp/ansibletest/",
"src": "/etc/ansible"
}
7、远程执行脚本
1)首先创建一个脚本
[root@ansible ~]# vim /tmp/test.sh
2)把脚本分发到各个机器上
[root@ansible ~]# ansible 192.168.44.129 -m copy -a "src=/tmp/test.sh dest=/tmp/test.sh mode=0755"
192.168.44.129 | SUCCESS => {
"changed": true,
"checksum": "36b1098c7103132b8b595e740a603b67f62daf18",
"dest": "/tmp/test.sh",
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/test.sh",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 46,
"state": "file",
"uid": 0
}
3)批量执行该shell脚本
[root@ansible ~]# ansible 192.168.44.129 -m shell -a "src=/tmp/test.sh"
192.168.44.129 | SUCCESS | rc=0 >>
8、ansible实现任务计划
1)添加任务计划
[root@ansible ~]# ansible 192.168.44.129 -m cron -a "name='test cron' job='/bin/bash /tmp/test.sh' weekday=6"
192.168.44.129 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
————————————————————————
[root@ansible ~]# ansible 192.168.44.129 -m cron -a "name='test cron' job='/bin/bash /tmp/test.sh' day='1-10' weekday=6"
192.168.44.129 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
[root@ansible ~]# ansible 192.168.44.129 -m cron -a "name='test cron' job='/bin/bash /tmp/test.sh' day='1,4,10' weekday=6"
192.168.44.129 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
————————————————————————
2)删除任务计划
[root@ansible ~]# ansible 192.168.44.129 -m cron -a "name='test cron' state=absent"
192.168.44.129 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": []
}
其他时间表示:分钟minute,小时hour,日期day,月份month
9、ansible安装rpm包 & 管理服务
[root@ansible ~]# ansible 192.168.44.129 -m yum -a "name=httpd"
192.168.44.129 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"httpd-2.4.6-45.el7.centos.x86_64 providing httpd is already installed"
]
}
[root@ansible ~]# ansible 192.168.44.129 -m yum -a "name=ntp"
192.168.44.129 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.btte.net\n * epel: mirror.premi.st\n * extras: mirrors.btte.net\n * updates: mirrors.btte.net\n * webtatic: uk.repo.webtatic.com\nResolving Dependencies\n--> Running transaction check\n---> Package ntp.x86_64 0:4.2.6p5-25.el7.centos.1 will be installed\n--> Processing Dependency: ntpdate = 4.2.6p5-25.el7.centos.1 for package: ntp-4.2.6p5-25.el7.centos.1.x86_64\n--> Processing Dependency: libopts.so.25()(64bit) for package: ntp-4.2.6p5-25.el7.centos.1.x86_64\n--> Running transaction check\n---> Package autogen-libopts.x86_64 0:5.18-5.el7 will be installed\n---> Package ntpdate.x86_64 0:4.2.6p5-25.el7.centos.1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n ntp x86_64 4.2.6p5-25.el7.centos.1 updates 547 k\nInstalling for dependencies:\n autogen-libopts x86_64 5.18-5.el7 base 66 k\n ntpdate x86_64 4.2.6p5-25.el7.centos.1 updates 85 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+2 Dependent packages)\n\nTotal download size: 699 k\nInstalled size: 1.6 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 58 kB/s | 699 kB 00:12 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : ntpdate-4.2.6p5-25.el7.centos.1.x86_64 1/3 \n Installing : autogen-libopts-5.18-5.el7.x86_64 2/3 \n Installing : ntp-4.2.6p5-25.el7.centos.1.x86_64 3/3 \n Verifying : ntp-4.2.6p5-25.el7.centos.1.x86_64 1/3 \n Verifying : autogen-libopts-5.18-5.el7.x86_64 2/3 \n Verifying : ntpdate-4.2.6p5-25.el7.centos.1.x86_64 3/3 \n\nInstalled:\n ntp.x86_64 0:4.2.6p5-25.el7.centos.1 \n\nDependency Installed:\n autogen-libopts.x86_64 0:5.18-5.el7 ntpdate.x86_64 0:4.2.6p5-25.el7.centos.1 \n\nComplete!\n"
]
}
示例:
[root@ansible ~]# ansible 192.168.44.129 -m yum -a "name=axel state=installed"
192.168.44.129 | SUCCESS => {
[root@client ~]# rpm -qa|grep axel
[root@client ~]# rpm -qa|grep axel
axel-2.4-9.el7.x86_64
10、ansible文档的使用
列出所有模块:
[root@ansible ~]# ansible-doc -l
查看指定模块的文档:
[root@ansible ~]# ansible-doc cron
