配置文件详解:
1,主配置文件:/etc/asiable/ansiable.cfg
module_name =command ##ansible的默认模块是command模块,但是在使用的时候非常的有局限性,建议改成shell模块
host_key_checking = False ##检查对应要控制主机的的host_key,建议取消注释,以减轻管理时需要输入的密码
log_path = /var/log/ansible.log ##ansible的登录日志文件所在的位置
executable = /bin/sh ##默认登录到对方用户下面使用的shell版本
2,被管理主机的配置文件:/etc/ansible/hosts
green.example.com ##定义单个被管理的主机,可以是FQDN,也可以是IP地址
[webservers] ##把被管理的主机放在一个组中
alpha.example.org
www[001:006].example.com ##支持类似通配符写法,此项代表从www001.ex ample.com到www006.ex ample.com
之间的所有主机
ansible的使用用法:
前提:
由于ansible默认是基于ssh服务来管理主机的,所以首先要在管理的主机上生成公钥文件,并传递给要管理的主机
之上,才能实现基于密钥的管理
1,在管理者的主机上生成公钥文件
[root@localhost ~] ssh-keygen -t rsa ##生成对称密钥,出现提示选择默认即可
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:06qoPmoSy7UGkKie95RnHn6bPOFEnusk/B0m+/+g8C0 [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
|.. |
|+ o |
|o S o |
|o. . o B |
|oo+ .o *++oo . |
|o=.+..=.*=OE+ . |
|+o=oo..ooB+=oo.. |
+----[SHA256]-----+
2,把公钥传递给被管理的主机上
[root@localhost ~] ssh-copy-id -i 192.168.1.20 ##传递到远程的主机上进行管理
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.20 (192.168.1.20)' can't be established.
ECDSA key fingerprint is SHA256:htIQABZZdudyHVZbppjWeY2d/pQQ0km8k+i/39SZ04Q.
ECDSA key fingerprint is MD5:78:6e:b3:3d:fc:29:b2:b0:fc:2f:6d:d6:ff:3c:63:1a.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.1.20'"
and check to make sure that only the key(s) you wanted were added.
3,把被管理的主机加入到/etc/ansible/hosts文件中
[web] ##给被管理的主机进行分组
192.168.1.19
192.168.1.20
[db]
192.168.1.21
基于模块的使用方法:
1,ping模块:查看被管理主机的模块是否处于在线状态、
[root@localhost ~] ansible db -m ping ##查看db组中被管理的主机是否在线
192.168.1.21 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@localhost ~] ansible all -m ping ##all代表所有被管理的主机
192.168.1.21 | SUCCESS => {
"changed": false,
"ping": "pong" ##如果处于在线状态,会放回一个pong的提示
}
192.168.1.19 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.20 | SUCCESS => {
"changed": false,
"ping": "pong"
}
2,user模块:在远程主机上创建用户
[root@localhost ~] ansible db -m user -a 'name=mysql state=present' ##present表示建立,创建一个用户名为mysql
的用户
192.168.1.21 | CHANGED => {
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/mysql",
"name": "mysql",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
[root@localhost ~] ansible db -m user -a 'name=mariadb state=present system=yes' ##创建一个用户名为mariadb的
系统用户
192.168.1.21 | CHANGED => {
"changed": true,
"comment": "",
"create_home": true,
"group": 994,
"home": "/home/mariadb",
"name": "mariadb",
"shell": "/bin/bash",
"state": "present",
"system": true,
"uid": 997
}
[root@localhost ~] ansible db -m user -a 'name=mysql state=absent' ##absent代表移除,删除用户名为mysql的用户
192.168.1.21 | CHANGED => {
"changed": true,
"force": false,
"name": "mysql",
"remove": false,
"state": "absent"
}
3,group模块:在远程主机上创建用户组
[root@localhost ~] ansible db -m group -a 'name=tomcat state=present' ##创建组和创建用户的方法差不多,只是用
的模块上有些差异,此命令为创建一个普通的用户组
192.168.1.21 | CHANGED => {
"changed": true,
"gid": 1000,
"name": "tomcat",
"state": "present",
"system": false
}
[root@localhost ~] ansible db -m group -a 'name=tomcat state=absent' ##移除用户组
192.168.1.21 | CHANGED => {
"changed": true,
"name": "tomcat",
"state": "absent"
}
4,copy模块:拷贝文件到远程主机
[root@localhost ~] ansible db -m copy -a 'src=/root/test dest=/root/' ##拷贝一个test文件到对方主机的root目录下,src
指定源文件,dest指定目标文件的存放目录
192.168.1.21 | CHANGED => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/root/test",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1556108167.92-277769296604040/source",
"state": "file",
"uid": 0
}
5,yum模块:在远程主机上安装软件(需要在远程主机上安装好yum源,才能够安装软件)
[root@localhost ~] ansible db -m yum -a "name=vsftpd" ##安装vsftpd
192.168.1.21 | CHANGED => {
"ansible_facts": {
"pkg_mgr": "yum"
},
"changed": true,
"msg": "Repository 'cdrom' is missing name in configuration, using id\n",
"rc": 0, ##rc返回值为0代表执行成功
......
[root@localhost ~] ansible db -m yum -a 'name=vsftpd state=absent' ##删除已安装的软件包
192.168.1.21 | CHANGED => {
"ansible_facts": {
"pkg_mgr": "yum"
},
"changed": true,
"msg": "Repository 'cdrom' is missing name in configuration, using id\n",
"rc": 0,
"results": [
......
6,shell模块:可以在远程主机上执行shell命令
[root@localhost ~] ansible db -m shell -a 'hostname' ##在远程主机上执行hostname命令
192.168.1.21 | CHANGED | rc=0 >>
localhost.localdomain
7,script模块:在远程主机上执行shell脚本,不用把脚本传递到远程主机上即可执行
编写一个test脚本
[root@localhost ~] vim test.sh
#!/bin/bash
wall hello word
不用给创建的脚本执行权限,就可以使远程主机执行脚本
[root@localhost ~] ansible db -m script -a /root/test.sh ##让远程主机执行脚本
192.168.1.21 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.1.21 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.1.21 closed."
],
"stdout": "",
"stdout_lines": []
}
8,File:设置文件属性
[root@localhost ~] ansible db -m file -a 'path=/root/test owner=mariadb mode=700' ##给远程主机的文件设置属主,
和权限
192.168.1.21 | CHANGED => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0700",
"owner": "mariadb",
"path": "/root/test",
"size": 0,
"state": "file",
"uid": 997
}
[root@localhost ~] ansible db -m file -a 'src=/root/test dest=/root/test-link state=link'
192.168.1.21 | CHANGED => { ##给文件创建软链接,当然也可以创建名为test-link硬链接,需要把link改成hard
"changed": true,
"dest": "/root/test-link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/root/test",
"state": "link",
"uid": 0
}
9,Cron:计划任务
[root@localhost ~] ansible db -m shell -a 'rpm -qa | grep crontabs' ##查看被管理的主机是否安装crontabs软件
[root@localhost ~] ansible db -m shell -a 'systemctl status crond' ##查看计划任务服务是否启动
[root@localhost ~] ansible db -m cron -a 'minute=*/5 job="/usr/bin/wall hello word"' ##设置计划任务,每五分钟执行一
次hello word,还可以指定小时,天,月,星期,如果没指定,默认是*
在对方主机上执行查看是否有计划任务
[root@localhost ~] crontab -l
#Ansible: None
*/5 * * * * /usr/bin/wall hello word
10,service模块
[root@localhost ~] ansible db -m service -a 'name=httpd state=started' #安装http服务
192.168.1.21 | CHANGED => {
"changed": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
......
[root@localhost ~] ansible db -a 'systemctl status httpd' #查看http服务是否启动
192.168.1.21 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2019-04-24 21:54:56 EDT; 42s ago
......
[root@localhost ~] ansible db -m service -a 'name=httpd state=stopped' #停止http服务
192.168.1.21 | CHANGED => {
"changed": true,
"name": "httpd",
"state": "stopped",
"status": {
......