Ansible 管理的主机,对服务端来讲,都必须能够免ssh密码登陆。因此,下面首先在服务端进行ssh免密码登陆设置。
生成id_rsa.pub
[root@salt-master ansible]# ssh-keygen #默认enter到底
然后将生成的公钥插入到客户端的~/.ssh/authorized_keys里面,利用ssh-copy-id命令,可直接实现该功能。
[root@salt-master .ssh]# ssh-copy-id -i minion-centos.novalocal [email protected]'s password: Now try logging into the machine, with "ssh 'minion-centos.novalocal'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
这里不使用上面的ssh-copy-id命令,改用下面的命令,解释公钥的保存过程:
$ ssh user@host 'mkdir -p .ssh && cat >> .ssh/authorized_keys' < ~/.ssh/id_rsa.pub
这条命令由多个语句组成,依次分解开来看:(1)"$ ssh user@host",表示登录远程主机;(2)单引号中的mkdir .ssh && cat >> .ssh/authorized_keys,表示登录后在远程shell上执行的命令:(3)"$ mkdir -p .ssh"的作用是,如果用户主目录中的.ssh目录不存在,就创建一个;(4)'cat >> .ssh/authorized_keys' < ~/.ssh/id_rsa.pub的作用是,将本地的公钥文件~/.ssh/id_rsa.pub,重定向追加到远程文件authorized_keys的末尾。
写入authorized_keys文件后,公钥登录的设置就完成了。
配置:
修改默认的/etc/ansible/hosts ,里面保存的就是受控的主机信息。默认这些主机都已经设置好免ssh密码登陆。
[root@salt-master .ssh]# cat /etc/ansible/hosts minion-centos.novalocal
对主机的管理,可以分很多种方法。有分组,模式匹配等。这里采用单个主机进行受控。
验证:
[root@salt-master .ssh]# ansible all -a "/bin/echo hello"minion-centos.novalocal | success | rc=0 >>hello
可以看看返回正确的执行结果。
使用ansible有两种方式:Ad-hoc command 和 Playbooks。前者用于临时类批量操作,后者用于配置管理,类似与Puppet。
Ad-hoc command :
Ad-hoc命令的形式一般如下:ansible groupname -m module -a arguments
eg 安装wget 软件: ansible all -m yum -a "name=wget state=present"
[root@salt-master ~]# ansible all -m yum -a "name=wget state=present" minion-centos.novalocal | success >> { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: mirrors.yun-idc.com\n * epel: mirror01.idc.hinet.net\n * extras: mirrors.yun-idc.com\n * updates: mirrors.btte.net\nResolving Dependencies\n--> Running transaction check\n---> Package wget.x86_64 0:1.12-5.el6_6.1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n wget x86_64 1.12-5.el6_6.1 base 483 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 483 k\nInstalled size: 1.8 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : wget-1.12-5.el6_6.1.x86_64 1/1 \n\r Verifying : wget-1.12-5.el6_6.1.x86_64 1/1 \n\nInstalled:\n wget.x86_64 0:1.12-5.el6_6.1 \n\nComplete!\n" ]}
官网上有极佳的文档说明:http://docs.ansible.com/intro_adhoc.html
Playbooks:
与salt类似,编辑YAML格式的配置文件
[root@salt-master ansible]# cat wget_playbook.yml - hosts: minion-centos.novalocal remote_user: root sudo: yes tasks: - yum: name=wget state=present when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
然后在当前路径下执行批量操作:ansible-playbook wget_playbook.yml
[root@salt-master ansible]# ansible-playbook wget_playbook.yml PLAY [minion-centos.novalocal] ************************************************ GATHERING FACTS *************************************************************** ok: [minion-centos.novalocal] TASK: [yum name=wget state=present] ******************************************* ok: [minion-centos.novalocal] PLAY RECAP ******************************************************************** minion-centos.novalocal : ok=2 changed=0 unreachable=0 failed=0
hosts : 表示要被操纵的主机或者主机组,在/etc/ansible/hosts 配置的主机信息。
感觉语法还是很简洁的,跟salt类似,轻量级的配置管理工具,不需要客户端。