Ansible版本
[root@HA2 tmp]# rpm -q ansibleansible-2.1.2.0-1.el6.noarch
Ansible配置文件
[root@HA2 tmp]# rpm -ql ansible | less/etc/ansible /etc/ansible/ansible.cfg //配置文件 /etc/ansible/hosts //主机清单 /etc/ansible/roles //角色 /usr/bin/ansible //主程序 /usr/bin/ansible-console /usr/bin/ansible-doc //文档命令 /usr/bin/ansible-galaxy /usr/bin/ansible-playbook //剧本 /usr/bin/ansible-pull /usr/bin/ansible-vault
Ansible语法
ansible[options] //all所有/etc/ansible/hosts定义主机 “/”目录下bin并且统计多少行 [root@HA2 tmp]# ansible all -a 'ls / ' | grep -o "^bin" |wc -l 3
添加一个crontab任务,名称为Test,没4分钟执行一次
[root@HA2 tmp]# ansible all -m cron -a "name=Test minute=*/4 job='/bin/date >> /tmp/date.log'" 172.16.0.5 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "1", "None", "Test" ] }172.16.0.4 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "1", "None", "Test" ] }172.16.0.2 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "1", "None", "Test" ] }
//查看确实有我们所定义的内容
[root@HA2 tmp]# ansible all -a 'crontab -l' 172.16.0.5 | SUCCESS | rc=0 >> #Ansible: 1*/5 * * * * /bin/date > /tmp/date.log #Ansible: None */2 * * * * ls / >> /tmp/root.log #Ansible: Test */4 * * * * /bin/date >> /tmp/date.log 172.16.0.4 | SUCCESS | rc=0 >> #Ansible: 1*/5 * * * * /bin/date > /tmp/date.log #Ansible: None */2 * * * * ls / >> /tmp/root.log #Ansible: Test */4 * * * * /bin/date >> /tmp/date.log 172.16.0.2 | SUCCESS | rc=0 >> #Ansible: 1*/5 * * * * /bin/date > /tmp/date.log #Ansible: None */2 * * * * ls / >> /tmp/root.log #Ansible: Test */4 * * * * /bin/date >> /tmp/date.log
删除Test这条crontab任务,并确认是否删除
[root@HA2 tmp]# ansible all -m cron -a "state=absent name=Test minute=*/4 job='/bin/date >> /tmp/date.log'" //删除任务 172.16.0.5 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "1", "None" ] }172.16.0.4 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "1", "None" ] }172.16.0.2 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "1", "None" ] } [root@HA2 tmp]# ansible all -a 'crontab -l' //已删除 172.16.0.5 | SUCCESS | rc=0 >> #Ansible: 1*/5 * * * * /bin/date > /tmp/date.log #Ansible: None */2 * * * * ls / >> /tmp/root.log 172.16.0.4 | SUCCESS | rc=0 >> #Ansible: 1*/5 * * * * /bin/date > /tmp/date.log #Ansible: None */2 * * * * ls / >> /tmp/root.log 172.16.0.2 | SUCCESS | rc=0 >> #Ansible: 1*/5 * * * * /bin/date > /tmp/date.log #Ansible: None */2 * * * * ls / >> /tmp/root.log
fetch 备份神器
[root@HA2 tmp]# mkdir `date +%Y` //创建本地备份目录 [root@HA2 tmp]# ls 2016 date.log yum.log [root@HA2 tmp]# ansible all -m fetch -a "src=/tmp/fstab1 dest=/tmp/2016" //拉取远程/tmp/fstab1文件备份到本地目录/tmp/2016下 172.16.0.5 | SUCCESS => { "changed": true, "checksum": "1f9cc35736c5df82cd013c7c4445f8ba9fb05062", "dest": "/tmp/2016/172.16.0.5/tmp/fstab1", "md5sum": "30fe33abd75b1a24286d146306d3481f", "remote_checksum": "1f9cc35736c5df82cd013c7c4445f8ba9fb05062", "remote_md5sum": null }172.16.0.2 | SUCCESS => { "changed": true, "checksum": "1f9cc35736c5df82cd013c7c4445f8ba9fb05062", "dest": "/tmp/2016/172.16.0.2/tmp/fstab1", "md5sum": "30fe33abd75b1a24286d146306d3481f", "remote_checksum": "1f9cc35736c5df82cd013c7c4445f8ba9fb05062", "remote_md5sum": null }172.16.0.4 | SUCCESS => { "changed": true, "checksum": "1f9cc35736c5df82cd013c7c4445f8ba9fb05062", "dest": "/tmp/2016/172.16.0.4/tmp/fstab1", "md5sum": "30fe33abd75b1a24286d146306d3481f", "remote_checksum": "1f9cc35736c5df82cd013c7c4445f8ba9fb05062", "remote_md5sum": null } [root@HA2 tmp]# tree 2016/ //查看是否备份成功2016/ ├── 172.16.0.2│ └── tmp │ └── fstab1 ├── 172.16.0.4│ └── tmp │ └── fstab1 └── 172.16.0.5 └── tmp └── fstab16 directories, 3 files
file创建远程连接
[root@HA2 tmp]# ansible all -m file -a 'src=/tmp/fstab1 path=/var/fstab.link state=link' //创建远程文件/tmp/fstab1软连接为/var/fstab.link 172.16.0.5 | SUCCESS => { "changed": true, "dest": "/var/fstab.link", "gid": 0, "group": "root", "mode": "0777", "owner": "root", "size": 11, "src": "/tmp/fstab1", "state": "link", "uid": 0 } 172.16.0.4 | SUCCESS => { "changed": true, "dest": "/var/fstab.link", "gid": 0, "group": "root", "mode": "0777", "owner": "root", "secontext": "unconfined_u:object_r:var_t:s0", "size": 11, "src": "/tmp/fstab1", "state": "link", "uid": 0 } 172.16.0.2 | SUCCESS => { "changed": true, "dest": "/var/fstab.link", "gid": 0, "group": "root", "mode": "0777", "owner": "root", "secontext": "unconfined_u:object_r:var_t:s0", "size": 11, "src": "/tmp/fstab1", "state": "link", "uid": 0 } [root@HA2 tmp]# ansible all -m shell -a 'ls -l /var/fst*' //验证是否正确 172.16.0.5 | SUCCESS | rc=0 >> lrwxrwxrwx 1 root root 11 Oct 29 22:43 /var/fstab.link -> /tmp/fstab1 172.16.0.2 | SUCCESS | rc=0 >> lrwxrwxrwx. 1 root root 11 Oct 29 22:43 /var/fstab.link -> /tmp/fstab1 172.16.0.4 | SUCCESS | rc=0 >> lrwxrwxrwx. 1 root root 11 Oct 29 22:43 /var/fstab.link -> /tmp/fstab1 [root@HA2 tmp]# ansible all -m file -a 'src=/tmp/fstab1 path=/var/fstab.link state=absent'//删除软连接,state=absent即可 172.16.0.5 | SUCCESS => { "changed": true, "path": "/var/fstab.link", "state": "absent"} 172.16.0.2 | SUCCESS => { "changed": true, "path": "/var/fstab.link", "state": "absent"} 172.16.0.4 | SUCCESS => { "changed": true, "path": "/var/fstab.link", "state": "absent"} [root@HA2 tmp]# ansible all -m shell -a 'ls -l /var/fst*' //验证是否删除 172.16.0.5 | FAILED | rc=2 >>ls: cannot access /var/fst*: No such file or directory 172.16.0.2 | FAILED | rc=2 >>ls: cannot access /var/fst*: No such file or directory 172.16.0.4 | FAILED | rc=2 >>ls: cannot access /var/fst*: No such file or directory
file属性修改
path= owner= mode= 等等比如 [root@HA2 tmp]# ansible all -m file -a 'path=/tmp/fstab1 mode=0777' //设定属性等于777 172.16.0.5 | SUCCESS => { "changed": false, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/tmp/fstab1", "size": 711, "state": "file", "uid": 0}172.16.0.2 | SUCCESS => { "changed": false, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/tmp/fstab1", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 711, "state": "file", "uid": 0}172.16.0.4 | SUCCESS => { "changed": false, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/tmp/fstab1", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 711, "state": "file", "uid": 0} [root@HA2 tmp]# ansible all -a 'ls -l /tmp/fstab1' //验证权限,没错都是777 172.16.0.5 | SUCCESS | rc=0 >> -rwxrwxrwx 1 root root 711 Oct 29 20:00 /tmp/fstab1172.16.0.2 | SUCCESS | rc=0 >> -rwxrwxrwx. 1 root root 711 Oct 29 20:00 /tmp/fstab1172.16.0.4 | SUCCESS | rc=0 >> -rwxrwxrwx. 1 root root 711 Oct 29 20:00 /tmp/fstab1
file創建目錄
path= state=directory [root@HA2 tmp]# ansible all -m file -a 'path=/tmp/test state=directory'//在/tmp下創建test目錄 172.16.0.5 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/test", "size": 4096, "state": "directory", "uid": 0}172.16.0.2 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/test", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 6, "state": "directory", "uid": 0}172.16.0.4 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/test", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 6, "state": "directory", "uid": 0} [root@HA2 tmp]# ansible all -m shell -a 'ls -l /tmp/ | grep test'//驗證是否創建test,發現有test目錄證明創建成功 172.16.0.5 | SUCCESS | rc=0 >> drwxr-xr-x 2 root root 4096 Oct 29 23:02 test-rw-r--r-- 1 root root 8 Oct 29 20:06 testfile172.16.0.2 | SUCCESS | rc=0 >> drwxr-xr-x. 2 root root 6 Oct 29 23:02 test-rw-r--r--. 1 root root 8 Oct 29 20:06 testfile172.16.0.4 | SUCCESS | rc=0 >> drwxr-xr-x. 2 root root 6 Oct 29 23:02 test-rw-r--r--. 1 root root 8 Oct 29 20:06 testfile
yum 安裝
[root@HA2 tmp]# ansible all -m yum -a 'name=httpd'
yum 卸載
[root@HA2 tmp]# ansible all -m yum -a 'name=httpd state=absent'
copy ,拷貝本地/tmp/date.log至遠程主機的/tmp目錄下
[root@HA2 tmp]# ansible all -m copy -a "src=/tmp/date.log dest=/tmp"
service 啟動服務并開機主動啟動(enabled等於1為自動啟動,0為關閉自動啟動)
[root@HA2 tmp]# ansible all -m service -a "name=httpd state=started enabled=1"
service 停止并關閉自動自動
[root@HA2 tmp]# ansible all -m service -a "name=httpd state=stopped enabled=0"
service 重啟服務
[root@HA2 tmp]# ansible all -m service -a "name=httpd state=restarted"
service 重載
[root@HA2 tmp]# ansible all -m service -a "name=httpd state=reloaded"
user 創建用戶
[root@HA2 tmp]# ansible all -m user -a "name=mysql uid=306 system=yes"
定义Ansible的yaml
yaml格式
用户增删示例
- hosts:all //定义远程主机 remote_user: root //定义远程用户为root tasks: //定义任务,以缩进为引导 - name: create a user user5 //定义任务名称 user: user=user5 system=ture uid=555 [state=absent] //定义创建user5用户系统用户uid为555 []中为删除 - name: create a user user6 //定义任务名称 user: user=user6 uid=666 [state=absent] //定义创建user5用户系统用户uid为555 []中为删除
只检测不执行
[root@HA2 ansible]# ansible-playbook --check xxx.yaml
检查在那些主机上会执行
[root@HA2 ansible]# ansible-playbook --list-host xxx.yaml
检查会执行那些TAGS
[root@HA2 ansible]# ansible-playbook --list-tags xxx.yaml
检查tasks列表
[root@HA2 ansible]# ansible-playbook --list-tasks xxx.yaml
执行
[root@HA2 ansible]# ansible-playbook xxx.yaml
yaml格式
服务安装配置示例
- hosts: webserver //定义远程主机 remote_user: root //定义远程用户为root tasks: //定义任务 - name: Yum install httpd service //定义任务名称 yum: name=httpd //定义Yum Module安装服务 - name: Copy cinfigure copy: src=config/httpd/conf/httpd.conf7 dest=/etc/httpd/conf/httpd.conf tags: config //定义tags标签 notify: reload httpd //定义notify通知必须与handlers -name:values一致 - name: Service httpd start service: name=httpd state=started handlers: //定义handlers - name: reload httpd //定义调用上面notify的名称 service: name=httpd state=reloaded //采取的动作
只运行tags标签的config
[root@HA2 working]# ansible-playbook -t config xxx.yaml
只运行tags标签的connfig并且触发notify通知
[root@HA2 working]# ansible-playbook -t config web.yaml PLAY [webserver] *************************************************************** TASK [setup] ******************************************************************* ok: [172.16.0.4] ok: [172.16.0.2] TASK [Copy cinfigure] ********************************************************** changed: [172.16.0.2] //发现配置文件有变动host changed: [172.16.0.4] //发现配置文件有变动host RUNNING HANDLER [reload httpd] //运行了我们定义的任务 ************************************************* changed: [172.16.0.4] //handlers采取的动作host changed: [172.16.0.2] //handlers采取的动作host PLAY RECAP ********************************************************************* 172.16.0.2 : ok=3 changed=2 unreachable=0 failed=0 172.16.0.4 : ok=3 changed=2 unreachable=0 failed=0
yaml格式
服务安装配置示例
- hosts: dbserver //定义远程主机 remote_user: root //定义远程用户 tasks: //定义任务 - name: install {{ pkname }} //使用变量,执行命令时可以传参变量最好保持一致 yum: name={{ pkname }} //使用变量,执行命令时可以传参,变量最好保持一致
执行示例,建议执行前做检查
[root@HA2 working]# ansible-playbook -e pkname=memcached --check memcached.yaml //执行前检查,-e参数表示使用变量,pkname=values为传参的软件包名称 [root@HA2 working]# ansible-playbook -e pkname=memcached memcached.yaml //-e参数表示使用变量,pkname=values为传参的软件包名称 PLAY [dbserver] **************************************************************** TASK [setup] ******************************************************************* ok: [172.16.0.5] TASK [install memcached] ******************************************************* changed: [172.16.0.5] PLAY RECAP ********************************************************************* 172.16.0.5 : ok=2 changed=1 unreachable=0 failed=0
Host Inventory
定义向不同主机传递不同参数
[root@HA2 working]# cat ../hosts | grep -v "#" [webserver] 172.16.0.2 hname=www1 //hname为变量名 172.16.0.4 hname=www2 //hname为变量名 [dbserver] 172.16.0.5 hname=dbserver
定义向不同主机传递不同参数yaml
[root@HA2 working]# cat hname.yaml - hosts: all remote_user: root tasks: - name: Modify Hostname hostname: name={{ hname }} //这里一定要用{{ values }}
执行
[root@HA2 working]# ansible-playbook hname.yaml
查看结果
[root@HA2 working]# ansible all -a "hostname"172.16.0.5 | SUCCESS | rc=0 >> dbserver172.16.0.2 | SUCCESS | rc=0 >> www1172.16.0.4 | SUCCESS | rc=0 >> www2