-
通过yum安装ansible
已加载插件:fastestmirror, langpacks
base | 2.9 kB 00:00
base/primary_db| 76 kB 00:00
Determining fastest mirrors
正在解决依赖关系
-->正在检查事务
--->软件包 ansible.noarch.0.2.3.1.0-3.el7 将被安装
-->正在处理依赖关系sshpass,它被软件包 ansible-2.3.1.0-3.el7.noarch 需要
-->正在处理依赖关系 python-paramiko,它被软件包 ansible-2.3.1.0-3.el7.noarch 需要
-->正在处理依赖关系 python-jinja2,它被软件包 ansible-2.3.1.0-3.el7.noarch 需要
-->正在处理依赖关系 python-httplib2,它被软件包 ansible-2.3.1.0-3.el7.noarch 需要
-->正在处理依赖关系 python-crypto,它被软件包 ansible-2.3.1.0-3.el7.noarch 需要
-->正在处理依赖关系PyYAML,它被软件包 ansible-2.3.1.0-3.el7.noarch 需要
-->正在检查事务
--->软件包 PyYAML.x86_64.0.3.10-11.el7 将被安装
-->正在处理依赖关系 libyaml-0.so.2()(64bit),它被软件包 PyYAML-3.10-11.el7.x86_64 需要
--->软件包 python-httplib2.noarch.0.0.9.1-3.el7 将被安装
--->软件包 python-jinja2.noarch.0.2.7.2-2.el7 将被安装
-->正在处理依赖关系 python-babel >= 0.8,它被软件包 python-jinja2-2.7.2-2.el7.noarch 需要
-->正在处理依赖关系 python-markupsafe,它被软件包 python-jinja2-2.7.2-2.el7.noarch 需要
--->软件包 python-paramiko.noarch.0.2.1.1-2.el7 将被安装
--->软件包 python2-crypto.x86_64.0.2.6.1-15.el7 将被安装
-->正在处理依赖关系 libtomcrypt.so.0()(64bit),它被软件包 python2-crypto-2.6.1-15.el7.x86_64 需要
--->软件包 sshpass.x86_64.0.1.06-2.el7 将被安装
-->正在检查事务
--->软件包 libtomcrypt.x86_64.0.1.17-26.el7 将被安装
-->正在处理依赖关系libtommath>= 0.42.0,它被软件包 libtomcrypt-1.17-26.el7.x86_64 需要
-->正在处理依赖关系 libtommath.so.0()(64bit),它被软件包 libtomcrypt-1.17-26.el7.x86_64 需要
--->软件包 libyaml.x86_64.0.0.1.4-11.el7_0 将被安装
--->软件包 python-babel.noarch.0.0.9.6-8.el7 将被安装
--->软件包 python-markupsafe.x86_64.0.0.11-10.el7 将被安装
-->正在检查事务
--->软件包 libtommath.x86_64.0.0.42.0-6.el7 将被安装
-->解决依赖关系完成
依赖关系解决
=============================================================================
Package 架构版本源大小
=============================================================================
正在安装:
ansible noarch 2.3.1.0-3.el7 base 5.7 M
为依赖而安装:
PyYAML x86_64 3.10-11.el7 base 153 k
libtomcrypt x86_64 1.17-26.el7 base 224 k
libtommath x86_64 0.42.0-6.el7 base 36 k
libyaml x86_64 0.1.4-11.el7_0 base 55 k
python-babel noarch 0.9.6-8.el7 base 1.4 M
python-httplib2 noarch 0.9.1-3.el7 base 115 k
python-jinja2 noarch 2.7.2-2.el7 base 515 k
python-markupsafe x86_64 0.11-10.el7 base 25 k
python-paramikonoarch 2.1.1-2.el7 base 267 k
python2-crypto x86_64 2.6.1-15.el7 base 477 k
sshpass x86_64 1.06-2.el7 base 21 k
事务概要
=============================================================================
安装 1 软件包 (+11 依赖软件包)
总下载量:8.9 M
安装大小:41 M
Downloading packages:
总计 101 MB/s | 8.9 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : libtommath-0.42.0-6.el7.x86_64 1/12
正在安装 : libtomcrypt-1.17-26.el7.x86_64 2/12
正在安装 : python2-crypto-2.6.1-15.el7.x86_64 3/12
正在安装 : python-babel-0.9.6-8.el7.noarch 4/12
正在安装 : sshpass-1.06-2.el7.x86_64 5/12
正在安装 : python-paramiko-2.1.1-2.el7.noarch 6/12
正在安装 : libyaml-0.1.4-11.el7_0.x86_64 7/12
正在安装 : PyYAML-3.10-11.el7.x86_64 8/12
正在安装 : python-markupsafe-0.11-10.el7.x86_64 9/12
正在安装 : python-jinja2-2.7.2-2.el7.noarch 10/12
正在安装 : python-httplib2-0.9.1-3.el7.noarch 11/12
正在安装 : ansible-2.3.1.0-3.el7.noarch 12/12
验证中 : python-httplib2-0.9.1-3.el7.noarch 1/12
验证中 : python-jinja2-2.7.2-2.el7.noarch 2/12
验证中 : python-markupsafe-0.11-10.el7.x86_64 3/12
验证中 : libyaml-0.1.4-11.el7_0.x86_64 4/12
验证中 : python2-crypto-2.6.1-15.el7.x86_64 5/12
验证中 : python-paramiko-2.1.1-2.el7.noarch 6/12
验证中 : sshpass-1.06-2.el7.x86_64 7/12
验证中 : PyYAML-3.10-11.el7.x86_64 8/12
验证中 : python-babel-0.9.6-8.el7.noarch 9/12
验证中 : libtomcrypt-1.17-26.el7.x86_64 10/12
验证中 : libtommath-0.42.0-6.el7.x86_64 11/12
验证中 : ansible-2.3.1.0-3.el7.noarch 12/12
已安装:
ansible.noarch 0:2.3.1.0-3.el7
作为依赖被安装:
PyYAML.x86_64 0:3.10-11.el7
libtomcrypt.x86_64 0:1.17-26.el7
libtommath.x86_64 0:0.42.0-6.el7
libyaml.x86_64 0:0.1.4-11.el7_0
python-babel.noarch 0:0.9.6-8.el7
python-httplib2.noarch 0:0.9.1-3.el7
python-jinja2.noarch 0:2.7.2-2.el7
python-markupsafe.x86_64 0:0.11-10.el7
python-paramiko.noarch 0:2.1.1-2.el7
python2-crypto.x86_64 0:2.6.1-15.el7
sshpass.x86_64 0:1.06-2.el7
完毕!
Ansible 2.3.1.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides
python version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
3.创建ssh面交互登录
Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: b1:6d:93:de:5e:a3:9c:e5:56:cc:64:2c:fe:ce:82:71 [email protected] The key's randomart image is: +--[ RSA 2048]----+ |
|
---|---|
. . | |
+ . . + | |
S = . * | |
o o. E + | |
. .++o | |
o.*oo. | |
=..oo |
+-----------------+
The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established.
ECDSA key fingerprint is d3:34:18:89:73:c8:d3:47:e4:7d:36:c7:a3:62:17:b6.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
4.ansible配置
//192.168.1.3
(1)只对web组中的192.168.1.2主机操作。通过—limit参数限定主机的变更(被管理主机并未安装服务)
[root@node1 ~]# ansible web -m command -a "systemctl status vsftpd" --limit "192.168.1.2"
192.168.1.2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
(2)只对192.168.1.2主机操作。通过ipip限定主机的变更
[root@node1 ~]# ansible 192.168.1.2 -m command -a "systemctl status vsftpd"
192.168.1.2 | FAILED | rc=1 >>
Unknown operation '1status'.
(3)只对192.168.1.0网段主机操作。通过通配符限定主机的变更
[root@node1 ~]# ansible 192.168.1.* -m command -a "systemctl status vsftpd"
192.168.1.2 | FAILED | rc=1 >>
Unknown operation '1status'.
二、ansible常用命令
- ansible
(1)检查所有主机是否存活
[root@node1 ~]# ansible -i /etc/ansible/hosts web -f 5 -m ping
192.168.1.2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.3 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.1.3 port 22: No route to host\r\n",
"unreachable": true
}
(2)列出web组中所有的主机列表
[root@node1 ~]# ansible web --list
hosts (2):
192.168.1.2
192.168.1.3
(3)批量显示web组中的磁盘使用空间
[root@node1 ~]# ansible 192.168.1.2 -m command -a "df -hT"
192.168.1.2 | SUCCESS | rc=0 >>
文件系统类型容量已用可用已用% 挂载点
/dev/mapper/cl-root xfs 17G 3.8G 14G 22% /
devtmpfsdevtmpfs 897M 0 897M 0% /dev
tmpfstmpfs 912M 144K 912M 1% /dev/shm
tmpfstmpfs 912M 9.0M 903M 1% /run
tmpfstmpfs 912M 0 912M 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 173M 842M 18% /boot
tmpfstmpfs 183M 16K 183M 1% /run/user/0
/dev/sr0 iso9660 4.1G 4.1G 0 100% /run/media/root/CentOS 7 x86_64
- ansible-doc
(1)列出支持的模块
[root@node1 ~]# ansible-doc -l
三、ansible模块
1.command模块:
示例:
在所有主机上执行”ls /etc”命令,运行前切换到/etc 目录
[root@node1 ~]# ansible all -m command -a "chdir=/etc ls"
2.shell模块
示例:
[root@node1 ~]# ansible all -m shell -a echo "hello">>/tmp/hello.txt'
[root@node1 ~]#ssh 192.168.1.2 cat /tmp/hello.txt
Hello
3.copy模块:
示例:
[root@node1 ~]# ansible web -m copy -a "src=/etc/hosts dest=/tmp mode=777 owner=nobody group=root"
4.hostname模块:用于管理远程主机上的主机名,常用参数如下
name:指明主机名
示例
[root@node1 ~]# ansible 192.168.1.2 -mostname -a name=aaa"
5.yum模块
示例:
[root@node1 ~]# ansible web -m yum -a "name=vsftp state=present"
提示:若没有配置yum仓库,则提示如下
192.168.1.2 | FAILED! => {
"changed": false,
"failed": true,
"msg": "Failure talking to yum: 'ascii' codec can't encode characters in position 173-177: ordinal not in range(128)"
}
若配置了yum仓库,则提示如下
192.168.1.2 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [省略部分信息…
查看vsftp包
root@node1 ~]#ssh 192.168.1.2 rpm -qa|grepvsftpd
vsftpd-tools-2.4.6-45.el7.centos.x86_64
vsftpd-2.4.6-45.el7.centos.x86_64
6.service模块:
示例:
[root@node1 ~]# ansible web -m service -a "name=vsftpd state=started enabled=yes"
192.168.1.2 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "vsftpd",
"state": "started",
"status": {
7.user模块:
示例:
[root@node1 ~]# ansible web -m user -a 'name=user1 system=yes uid=502 group=root'
192.168.1.2 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 0,
"home": "/home/user1",
"name": "user1",
"shell": "/bin/bash",
"state": "present",
"system": true,
"uid": 502
}
四、playboo配置文件
1.执行playbook示例:
要求:创建用户user2和组gongchengbu
[root@node1 ~]# vim /etc/ansible/a.yml
- hosts: web
remote_user: root
tasks:- name: adduser
user: name=user2 state=present
tags:- aaa
- name: addgroup
group: name=root system=yes
tags:- bbb
(1)语法检查
[root@node1 ~]# ansible-playbook --syntax-check /etc/ansible/a.yml
- bbb
- name: adduser
playbook: /etc/ansible/a.yml
(2)预测试
[root@node1 ~]# ansible-playbook -C /etc/ansible/a.yml
PLAY [web] *****
TASK [Gathering Facts] *****
ok: [192.168.1.2]
TASK [adduser] *****
changed: [192.168.1.2]
TASK [addgroup] ****
ok: [192.168.1.2]
PLAY RECAP *****
192.168.1.2 : ok=3 changed=1 unreachable=0 failed=0
(3)列出主机
[root@node1 ~]# ansible-playbook --list-host /etc/ansible/a.yml
playbook: /etc/ansible/a.yml
play #1 (web): web TAGS: []
pattern: [u'web']
hosts (1):
192.168.1.2
(4).列出任务
[root@node1 ~]# ansible-playbook --list-tasks /etc/ansible/a.yml
playbook: /etc/ansible/a.yml
play #1 (web): web TAGS: []
tasks:
adduser TAGS: [aaa]
addgroup TAGS: [bbb]
(5).列出标签
[root@node1 ~]# ansible-playbook --list-tags /etc/ansible/a.yml
playbook: /etc/ansible/a.yml
play #1 (web): web TAGS: []
TASK TAGS: [aaa, bbb]
(6).执行任务
[root@node1 ~]# ansible-playbook /etc/ansible/a.yml
PLAY [web] *****
TASK [Gathering Facts] *****
ok: [192.168.1.2]
TASK [adduser] *****
changed: [192.168.1.2]
TASK [addgroup] ****
ok: [192.168.1.2]
PLAY RECAP *****
192.168.1.2 : ok=3 changed=1 unreachable=0 failed=0
2.触发器
[root@node1 ~]# vim /etc/ansible/vsftpd.yml
- hosts: web
remote_user: root
tasks:- name: change port
command: sed -i 's/Listen\ 80 /Listen\ 8080/g' /etc/vsftpd/conf/vsftpd. conf
notify:- restart vsftpd server
handlers: - name: restart vsftpd server
service: name=vsftpd state=restarted
[root@node1 ~]# ansible-playbook --syntax-check /etc/ansible/vsftpd.yml
- restart vsftpd server
- name: change port
playbook: /etc/ansible/vsftpd.yml
3.角色:下面通过案例的方式了解角色的使用
实验案例一:
在被管理主机上自动安装mariadb
安装完成后上传提前准备好的配置文件到远端主机,
重启服务
新建数据库
允许test用户拥有所有的权限
本案例将练习通过角色进行自动化管理
案例实现步骤
(1) 被管理主机配置yum源
(2) 配置数据库角色
创建角色目录
[root@node1 ~]#mkdir -pv /etc/ansible/roles/mariadb/{files,tasks,handlers}
进入mariadb角色文件夹的tasks
#cd /etc/ansible/roles/mariadb/task
#vim main.yml
- name: install mariadb
yum: name=mariadb-server state=present - name: move config file
shell: "[ -e /etc/my.cnf ]&& mv /etc/my.cnf /etc/my.cnf.bak" - name: provide a new config file
copy: src=my.cnfdest=/etc/my.cnf - name: reload mariadb
shell: systemctlrestart mariadb - name: create database testdb
shell: mysql -u root -e "create database testdb;grant all on testdb.* to 'test'@'192.168.1.%' identified by 'test123';flush privileges;"
notify: -
restart mariadb
进入mariadb角色文件夹的handlers
#cd /etc/ansible/roles/mariadb/handlers
#vim main.yml -
name: restart mariadb
service: name=mariadb state=restarted
...
进入mariadb角色文件夹的files,确保其下有my.cnf配置文件
#cp /etc/my.cnf /etc/ansible/roles/mariadb/files
进入/etc/ansible目录创建.yml配置文件
# vim /etc/ansible/mariadb.yml- hosts: web
remote_user: root
roles: - mariadb
...
(3) 执行配置文件
# ansible-playbook /etc/ansible/mariadb.yml
- hosts: web
(4) 在被管理端上验证,使用test数据库用户能否登录mariadb,数据库是否存在
实验案例二:
ftp服务器安装vsftpd服务器软件
上传管理端的soft目录到vsftpd的工作目录
通过ansible在被管理主机上创建用户zhangsan,密码123456
通过ansible将vsftpd服务设置为开机自启
通过ansible修改vsftpd配置文件,禁止匿名下载
1.首先在管理端上安装好vsftpd
#yum -y install vsftpd
2.创建角色目录
[root@node1 ~]#mkdir -pv /etc/ansible/roles/mariadb/{files,tasks,handlers}
3.进入vsftpd角色文件夹的tasks
#cd /etc/ansible/roles/vsftpd/task
#vim main.yml
- name: install vsftpd
yum: name=vsftpd state=present - name: move config file
shell: "[ -e /etc/vsftpd/vsftpd.conf ]&& mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak" - name: provide a new config file
copy: src=vsftpd.confdest=/etc/vsftpd/vsftpd.conf - name: reload vsftpd
shell: systemctl restart vsftpd - name: shangchuan
copy: src=/soft dest=/etc/vsftpd - name: zidongqidong
shell: systemctl enable vsftpd - name: create user
user: name=zhangsan state=present -
name: set password
shell: echo "123456"|passwd --stdin zhangsan
...
编辑角色配置文件
[root@node1 ~]# vim /etc/ansible/vsftpd.yml - hosts: web
remote_user: root
roles:- vsftpd
...
执行配置文件
# ansible-playbook /etc/ansible/vsftpd.yml
在被管理端上验证
- vsftpd