1.配置yum源:上传epel.repo
yum clean all
yum update

安装ansible
查询是否有ansible   yum list *ansile
查看该ansible的信息   yum info ansible.noarch

安装ansible
yum install ansible.noarch  -y


2.ansible
前期配置
cd /etc/ansible
主配置文件:ansible.cfg
主机清单inventory:  hosts  存放主机IP 账号密码 或基于秘钥认证

主机管理清单
/etc/ansible/hosts
[webserver]    -->
主机组 主机角色
192.168.122.7  -->主机ip
192.168.122.8

[dbserver]
192.168.122.9

ansible
端传公钥给客户主机
ssh-keygen -t rsa

ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

测试并执行命令
ssh 192.168.122.7  'date'


3.ansible
模块

查看文档
:man ansible-doc

查看ansible支持的所有模块
ansible-doc  -l

查看模块怎么使用
ansible-doc -s  yum


基本语法 man ansiable查看命令的使用

ansible     [-f forks]   [-m module_name]   [-a args]

对哪些主机生效
[-f forks]  一批处理多少个主机 启动多少个并发线程
[-m module_name] 使用哪个模块
[-a args] 模块特有的参数


常用模块
默认
command
ansible-doc -s command 
查看 command模块怎么使用

ansible 192.168.122.7 -m command -a 'date'  主机192.168.122.7 command模块 指定参数(命令) date     -a args
ansible webserver -m command -a 'date' 
指定主机组
ansible all  -m command -a 'date'  清单里的所有主机
ansible all  -m command -a 'tail -2 /etc/passwd'

可以不指定command 默认是 command模块(该模块不能使用变量)
ansible  all  -a  ‘date’


cron
模块
ansible-doc -s cron 查看帮助
state   absent移除任务  present加上任务
ansible webserver -m cron -a 'minute="*/10" job="/bin/echo hello"  name="test cron job" state=present'

其他时间不加的默认都是*  job定时任务执行的命令 name是注释 state=present 是加上这个定时任务 也可以不写默认加上
查看是否加上定时任务
ansible webserver -a 'crontab -l'

ansible webserver -m cron -a 'minute="*/10" job="/bin/echo hello"  name="test cron job" state=present'
移除定时任务


user模块
ansible-doc -s user 查看帮助
ansible all -m user  -a 'name=haha' 创建haha

查看是否创建成功 ansible all -a 'tail /etc/passwd'
查看是否默认创建私有组 ansible all -a 'tail /etc/group'

删除
ansible all -m user  -a "name='haha' state=absent"


group
模块
ansible-doc -s group
ansible webserver -m group -a 'name=mysql gid=666 system=yes'
创建mysql gid666 系统组
ansible webserver -m user -a 'name=mysql uid=666 group=mysql system=yes'  创建mysql用户
ansible webserver -m user -a 'name=mysql uid=666 group=mysql shell="/sbin/nologin" ' 创建用户 指定不登录系统


copy模块
ansible-doc -s copy
src:
本地文件路径 可以是相对路径
dest: 远端文件保存路径 必须绝对路径
ansible all -m copy -a 'src=/etc/fstab dest=/tmp/fstab.ansible owner=mysql mode=640'  本地文件/etc/fstab 复制到远端=/tmp/fstab.ansible 属主:mysql 权限640
查看复制是否成功 ansible all -a 'ls -al /tmp'

content=
指定文件内容
ansible all -m copy -a 'content="hello world\nyou are welcome\n" dest=/tmp/test.ansible'
直接复制内容给远端 并保存到远端的指定文件


file模块
ansible-doc -s file

ansible all -m file -a 'owner=root group=root mode=644 path=/tmp/fstab.ansible'
设置文件属性 远端文件路径为path=/tmp/fstab.ansible'

path:
创建文件的路径 可以使用namedest来替换
src:远端目标源文件
ansible all -m file -a 'path=/tmp/fstab.link src=/tmp/fstab.ansible state=link' 建软连接


ping模块
批量测试目标主机是否连通
ansible all -m ping  ping所有主机


service模块
管理服务
ansible-doc -s service
ansible webserver -m service -a 'enabled=true name=rpcbind state=started'
enabled:
开机开启服务 name:服务名称 state: 状态
ansible dbserver -m service -a 'enabled=true name=httpd state=started'


shell
模块
ansible-doc -s shell
用于有变量或特殊功能的命令时 用shell模块
ansible all -m shell  -a 'echo 123456 | passwd --stdin user1'
查看是否有密码 cat /etc/shadow


script
模块
将本地脚本复制到远程服务器并执行
ansible-doc -s script
 ansible all -m script -a  '~/test.sh'


yum
模块
ansible-doc -s yum
安装程序包
name:指定安装的程序 statelatest 最新或指定版本   state:absent 卸载 state:present 安装     默认安装
ansible all -m yum -a 'name=tree state=latest'
 ansible all -m yum -a 'name=tree state=absent'  
卸载


setup模块
收集远程主机的信息
包括主机 操作系统版本
IP地址
ansible-doc -s setup


4.ansible  yaml
模块
yaml基础元素变量 inventory 条件 迭代

playbook组成

Inventory
Modules
Ad Hoc Commands

playbooks
Tasks:
任务 调用模块完成任务
variables:变量
templates:模板
Handlers:处理器,某条件触发时执行的操作
Roles:角色

playbook基本结构
- host:webserver
remote_user:
tasks:
 
- task1
       module_name:module_args
  - task2

比如:
nginx.yaml
-
hosts: webserver
 
remote_user: root
 
tasks:
 
- name: create nginx group #任务名字
   
group: name=ginx gid=505 system=yes #group模板  后面是3个参数
 
- name: create nginx user #任务名字
   
user: name=nginx uid=505 group=nginx system=yes
-
hosts: dbserver
 
remote_user: root
 
tasks:
 
- name: copy file to dbserver
   
copy: src=/etc/inittab dest=/tmp/inittab.ansible
   
ignore_errors: True  #忽略所有错误

httpd.yaml
-
hosts: webserver
 
remote_user: root
 
vars:
    package:
httpd  #定义变量
   
service: httpd
 
tasks:
   
- name: install httpd package
     
yum: name={{package}} state=latest  #使用变量{{package}}
   
- name: install configuration file for httpd
     
copy: src=/root/conf/httpd.conf  dest-/etc/httpd/conf/httpd.conf
     
notify:   #/etc/httpd/conf/httpd.conf 与之前发生改变时触发handlers
     
- restart httpd
    -
name: start httpd serice
     
service: enabled=true name={{service}} state=started

 
handlers:   notify触发的任务
 
- name: restart httpd #与前面notify后面的一致
   
service: name=httpd state=restarted #模块 操作

vi /etc/ansible/hosts
[webserver]
192.168.122.7 testvar="100.7" ansiable_ssh_user=root ansible_ssh_pass=123456
[dbserver]
192.168.122.9 testvar="100.9"

var.yaml
-
hosts: webserver
 
remote_user: root
 
tasks:
 
- name: copy file
   
copy: content="{{ansible_date_time}},{{testvar}}" dest=/tmp/var.ansible  #引用ansible变量


条件测试:
when
实例
:cond.yaml

-
hosts: all
 
remote_user: root
 
vars:
    username:
user10
 
tasks:
   
- name: create {{username}} user
     
user: name={{username}}
     
when:  ansible_fqdn == ”www1.rhce.cc”
    -
name: add several users
     
user: name={{item}} state=present groups=wheel
     
with_items:
       
- testuser1
        - testuser2

ansible变量获取: ansible 192.168.122.7 -m setup

迭代:重复同类task时使用
调用
item
定义循环列表: with_items
-
name: add several users
 
user: name={{item}} state=present groups=wheel
 
with_items:
   
- testuser1
    - testuser2

等同于:
 
- name: add several users
  
user: name=testuser1 state=present groups=wheel
 -
name: add several users
  
user: name=testuser2 state=present groups=wheel

with_items
中的列表值也可以是字典,引用时要使用item.KEY
实例
- name add several users
  user:name={{item.name}}  state=present  groups={{item.groups}}
 
with_items:
   
- {name: ’testuser1’,  groups: ’wheel’}
    - {
name: ’testuser2’,  groups: ’root’ }
相当于:
- name add several users
 
user: name=testuser1 state=present groups=wheel
- name add several users
 
user: name=testuser2 state=present groups=root

实例:
yum:name={{item.name}}  state=present  conf_file={{item.conf}}
with_items:
 
- {name: apache, conf: conffiles/httpd.conf}
  - {
name: php, conf: conffiles/php.ini}
  - {
name: mysql-server, conf: conffiles/my.cnf}

tempaltes:
可自定义主机名变量 也可以用ansible变量
vi /etc/ansible/hosts
[webserver]
192.168.122.7 testvar="100.7" http_port=1007
[dbserver]
192.168.122.9 testvar="100.9" http_port=1009

模板
vim templates/httpd.conf.j2
Listen  {{http_port}}
ServerName {{ansible_fqdn}}


修改playbook文件
cp httpd.yaml httpd2.yaml
vim http2.yaml
-
hosts: all
 
remote_user: root
 
vars:
    package:
httpd
   
service: httpd
 
tasks:
 
- name: install httpd package
   
yum: name={{package}} state=latest
  -
name: install configuration file for httpd
   
template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf.d/http.conf
   
notify:
   
- restart httpd
  -
name: after installed and started service
    
service: enabled=true name={{service}} state=started

 
handlers:
 
- name: restart httpd
   
service: name=httpd state=restarted


tags:
playbook中可以为某个任务定义一个标签,执行此playbook时,通过命令
ansible-playbook httpd.yaml --tags="conf"  实现仅运行指定的tags 而非所有

特殊tags:
   
- always
无论指定哪个tags 这个tags都会运行

cp httpd2.yaml httpd3.yaml
vim httpd3.yaml
-
hosts: all
 
remote_user: root
 
vars:
    package:
httpd
   
service: httpd
 
tasks:
 
- name: install httpd package
   
yum: name={{package}} state=latest
  -
name: install configuration file for httpd
   
template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf.d/http.conf
   
tags:
   
- conf
   
notify:
   
- restart httpd
  -
name: after installed and started service
   
service: enabled=true name={{service}} state=started

 
handlers:
 
- name: restart httpd
   
service: name=httpd state=restarted


roles:
1,目录名同角色名
2,目录结构有固定格式
 
files:直接复制的静态文件
 
templates: 模板文件 或jinjia2
  tasks:
至少有main.yml文件,定义各tasks
  hanlder:
至少有一个main.yml文件,定义各handlers
  vars:
至少有一个main.yml文件,定义变量
 
meta:定义依赖关系等信息
3,site.yml 定义 playbook

实例:
ansible_playbooks/
├── roles
│   ├── dbserver
│   │   ├── files
│   │   │   └── my.cnf
│   │   ├── handlers
│   │   │   └── main.yml
│   │   ├── meta
│   │   ├── tasks
│   │   │   └── main.yml
│   │   ├── templates
│   │   └── vars
│   └── webserver
│       ├── files
│       │   └── httpd.conf
│       ├── handlers
│       │   └── main.yml
│       ├── meta
│       ├── tasks
│       │   └── main.yml
│       ├── templates
│       └── vars

└── site.yml



site.yaml
-
hosts: 192.168.122.7
 
remote_user: root
 
roles:
 
- webserver
-
hosts: 192.168.122.9
 
remote_user: root
 
roles:
 
- dbserver
-
hosts: 192.168.122.8
 
remote_user: root
 
roles:
 
- webserver
  - dbserver


webserver
角色
tasks-->main.yml
-
name: install httpd package
 
yum: name=httpd
-
name: install configuration file
 
template: src=httpd.conf.j2 dest=/etc/httpd/conf.d/http.conf
 
notify:
 
- restart httpd
-
name: start httpd
 
service: name=httpd state=started

handlers-->main.yml
-
name: restart httpd
 
service: name=httpd state=restarted

templates-->httpd.conf.j2

dbserver
角色
tasks-->main.yml
-
name: install mysql-server package
 
yum: name=mariadb state=latest
-
name: install configuration file
 
copy: src=my.cnf dest=/etc/my.cnf
 
tags:
 
- myconf
  
notify:
 
- restart mariadb
-
name: start mariadb
 
service: name=mariadb enabled=true state=started

handlers-->main.yml
-
name: restart mariadb
 
service: name=mariadb state=restarted

files-->my.cnf

运行playbook
man ansible-playbook
ansible-playbook site.yml