#centos
sudo yum -y install epel-release
sudo yum - y install ansible
#仅下载安装包(以备离线使用): yum会自动创建指定的下载目录
# yum -y install ansible --downloadonly --downloaddir=ansible_rpms
#ubuntu
sudo apt install ansible -y
配置此控制节点ssh免密码登录其他节点,并配置那些节点的ip
#1,ssh-copy-id 所有的节点
#2, 配置/etc/ansible/hosts文件:比如有分三个组(hdfs, yarn, hbase)
cat >>/etc/ansible/hosts <<EOF
docker ansible_ssh_host=192.168.56.201
[hdfs]
192.168.56.100
192.168.56.101
[host2]
c[1:6]
192.168.56.1[60:70]
[cdh]
c6 ansible_port=22 ansible_host=192.168.56.160 ansible_ssh_user="root" ansible_ssh_pass="vagrant"
EOF
[root@eadage ~]# ansible-doc
Usage: ansible-doc [-l|-F|-s] [options] [-t <plugin type> ] [plugin]
plugin documentation tool
Options:
-a, --all **For internal testing only** Show documentation for
all plugins.
-h, --help show this help message and exit
-j, --json **For internal testing only** Dump json metadata for
all plugins.
-l, --list List available plugins
-F, --list_files Show plugin names and their source files without
summaries (implies --list)
-M MODULE_PATH, --module-path=MODULE_PATH
prepend colon-separated path(s) to module library
(default=[u'/root/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules'])
-s, --snippet Show playbook snippet for specified plugin(s)
-t TYPE, --type=TYPE Choose which plugin type (defaults to "module")
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
--version show program's version number and exit
See man pages for Ansible CLI options or website for tutorials
https://docs.ansible.com
ERROR! Incorrect options passed
## 1,查看基本模块
[root@eadage ~]# ansible-doc -l |grep -E "^(command|shell|file|copy|fetch|yum|service|systemd) "
command Executes a command on a remote node
copy Copies files to remote locations
fetch Fetches a file from remote nodes
file Sets attributes of files
service Manage services
shell Execute commands in nodes.
systemd Manage services
yum Manages packages with the `yum' package manager
## 2,查看模块使用帮助
[root@eadage ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
ping:
data: # Data to return for the `ping' return value. If this parameter is set to `crash', the module will cause an exception.
You have mail in /var/spool/mail/root
# 测试基本语法:ping所有节点
[root@docker ansible]# ansible all -m ping
192.168.56.100 | SUCCESS => {
"changed": false,
"ping": "pong"
}
普通命令:cp,cat ,ls, date
# 远程控制其他节点:执行简单shell命令
#--------------- 以单个ip为单元,一一执行命令
[root@docker ansible]# ansible 192.168.56.144 -m command -a 'echo hello!'
#简写为: ansible 192.168.56.100 -a 'echo a'
192.168.56.100 | SUCCESS | rc=0 >>
a
#--------------- 以组为单元,批量执行命令
[root@docker ansible]# ansible hdfs -a 'date'
192.168.56.100 | SUCCESS | rc=0 >>
2019年 08月 12日 星期一 11:02:03 CST
....
### 以指定的普通用户远程控制节点
[root@eadage ansible]# ansible docker -u docker -a 'ls ~ '
192.168.56.201 | SUCCESS | rc=0 >>
### 以用户 sudo权限远程控制节点
[root@eadage ansible]# ansible docker --become -a 'ls /root/.ssh '
192.168.56.201 | SUCCESS | rc=0 >>
authorized_keys
复杂命令: 多条命令组合,重定向,用户管理
[root@eadage ansible]# ansible docker -m shell -u docker -a 'cd ~; pwd '
192.168.56.201 | SUCCESS | rc=0 >>
/home/docker
#原有一个a.txt 文件:内容是 abc, 通过shell模块修改为123
[root@eadage ansible]# ansible docker -m shell -a 'cat /root/a.txt; echo 123 >/root/a.txt ;cat /root/a.txt '
192.168.56.201 | SUCCESS | rc=0 >>
abc
123
有时在远程时,命令太多,不方便在命令行直接写,可以在本地写好后,使用script模块直接运行该脚步,以传入命令
#1, 编写本地的脚本文件
[root@eadage ~]# cat a.sh
echo `date` >/a.txt
cat /a.txt
#2,ansible 执行脚步
[root@eadage ~]# ansible node2 -a 'cat /a.txt'
node2 | FAILED | rc=1 >>
cat: /a.txt: 没有那个文件或目录non-zero return code
[root@eadage ~]# ansible node2 -m script -a 'a.sh'
node2 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to node2 closed.\r\n",
"stderr_lines": [
"Shared connection to node2 closed."
],
"stdout": "2019年 08月 12日 星期一 12:37:19 CST\r\n",
"stdout_lines": [
"2019年 08月 12日 星期一 12:37:19 CST"
]
}
[root@eadage ~]# ansible node2 -a 'cat /a.txt'
node2 | SUCCESS | rc=0 >>
2019年 08月 12日 星期一 12:37:19 CST
#---------------安装软件
[root@eadage ansible]# ansible docker -m yum -a 'name=httpd state=installed' #latest, present
192.168.56.150 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"httpd-2.4.6-89.el7.centos.1.x86_64 providing httpd is already installed"
]
}
#---------------卸载软件
[root@eadage ansible]# ansible docker -m yum -a 'name=httpd state=absent'
192.168.56.100 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"...正在删除 : httpd-2.4.6-89.el7.centos.1.x86_64 1/1 \n 验证中 : httpd-2.4.6-89.el7.centos.1.x86_64 1/1 \n\n删除:\n httpd.x86_64 0:2.4.6-89.el7.centos.1 \n\n完毕!\n"
]
}
## 启动服务
[root@eadage ~]# ansible docker2 -m service -a "name=httpd state=started enabled=yes"
docker2 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
.....
[root@eadage ~]# ansible docker2 -m shell -a "ss -nltp |grep :80"
docker2 | SUCCESS | rc=0 >>
LISTEN 0 128 :::80 :::* users:(("httpd",pid=10907,fd=4),("httpd",pid=10906,fd=4),("httpd",pid=10905,fd=4),("httpd",pid=10904,fd=4),("httpd",pid=10903,fd=4),("httpd",pid=10783,fd=4))
## 创建空文件:指定文件属性(属主,属组,访问权限)
[root@eadage ~]# ansible docker2 -m file -a 'path=/tmp/file.txt state=touch owner=docker group=docker mode=600'
docker2 | SUCCESS => {
"changed": true,
"dest": "/tmp/file.txt",
"gid": 994,
"group": "docker",
"mode": "0600",
"owner": "docker",
"size": 0,
"state": "file",
"uid": 1002
}
## 软链接
[root@eadage ~]# ansible docker2 -m file -a 'path=/tmp/txtlink2 state=link src=/tmp/txt force=yes'
docker2 | SUCCESS => {
"changed": true,
"dest": "/tmp/txtlink2",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 8,
"src": "/tmp/txt",
"state": "link",
"uid": 0
}
## 递归 创建目录
[root@eadage ~]# ansible docker2 -m file -a 'path=/tmp/x/y/z state=directory recurse=yes'
docker2 | SUCCESS => {
"changed": false,
"gid": 994,
"group": "docker",
"mode": "0700",
"owner": "docker",
"path": "/tmp/x/y/z",
"size": 6,
"state": "directory",
"uid": 1002
}
## 复制文件:指定数据内容
[root@eadage ~]# ansible docker2 -m copy -a "content='aaa\nbbb\nccc' dest=/tmp/txt/a.txt"
docker2 | SUCCESS => {
"changed": true,
"checksum": "b84f2bbcb7f61aeb6ba000b64c880381ea003f2a",
"dest": "/tmp/txt/a.txt",
"gid": 0,
"group": "root",
"md5sum": "d6b3c89fb1fd34be8efa2c861fc2afaf",
"mode": "0644",
"owner": "root",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1582876822.58-58901067897468/source",
"state": "file",
"uid": 0
}
[root@eadage ~]# ansible docker2 -a "cat /tmp/txt/a.txt"
docker2 | SUCCESS | rc=0 >>
aaa
bbb
ccc
##复制本机文件 到 远程主机
[root@eadage ~]# cat /a.sh
echo 123
hostname
date
docker ps
[root@eadage ~]# ansible docker2 -m copy -a "src=/a.sh dest=/tmp/txt/a.sh"
docker2 | SUCCESS => {
"changed": true,
"checksum": "9eb7ec6de992e871a41ae322bbc243841c506c81",
"dest": "/tmp/txt/a.sh",
"gid": 0,
"group": "root",
"md5sum": "7bd58928da98293184a47026cba64c4b",
"mode": "0644",
"owner": "root",
"size": 33,
"src": "/root/.ansible/tmp/ansible-tmp-1582877022.12-32612697492794/source",
"state": "file",
"uid": 0
}
[root@eadage ~]# ansible docker2 -a "cat /tmp/txt/a.sh"
docker2 | SUCCESS | rc=0 >>
echo 123
hostname
date
docker ps
##拷贝目录
[root@eadage ~]# ls aa
libaio-0.3.109-13.el7.x86_64.rpm
[root@eadage ~]# ansible docker2 -m copy -a "src=aa dest=/tmp/txt/"
docker2 | SUCCESS => {
"changed": true,
"checksum": "d4f3116170a0fd27bf76be1a89b0b60fdc837351",
"dest": "/tmp/txt/aa/libaio-0.3.109-13.el7.x86_64.rpm",
"gid": 0,
"group": "root",
"md5sum": "dd64d6583be1c37187a8cd93a3f6b4dd",
"mode": "0644",
"owner": "root",
"size": 21708,
"src": "/root/.ansible/tmp/ansible-tmp-1582877460.12-164061754058809/source",
"state": "file",
"uid": 0
}
You have mail in /var/spool/mail/root
[root@eadage ~]# ansible docker2 -a "ls /tmp/txt/aa"
docker2 | SUCCESS | rc=0 >>
libaio-0.3.109-13.el7.x86_64.rpm
[root@eadage ~]# ansible docker2 -m fetch -a "src=/tmp/txt/aa/libaio-0.3.109-13.el7.x86_64.rpm dest=/aa/ "
docker2 | SUCCESS => {
"changed": true,
"checksum": "d4f3116170a0fd27bf76be1a89b0b60fdc837351",
"dest": "/aa/docker2/tmp/txt/aa/libaio-0.3.109-13.el7.x86_64.rpm",
"md5sum": "dd64d6583be1c37187a8cd93a3f6b4dd",
"remote_checksum": "d4f3116170a0fd27bf76be1a89b0b60fdc837351",
"remote_md5sum": null
}
[root@eadage ~]# ls /aa/docker2/tmp/txt/aa/
libaio-0.3.109-13.el7.x86_64.rpm
[root@eadage ~]# ansible docker2 -m fetch -a "src=/tmp/txt/aa/libaio-0.3.109-13.el7.x86_64.rpm dest=/aa/ flat=yes "
docker2 | SUCCESS => {
"changed": true,
"checksum": "d4f3116170a0fd27bf76be1a89b0b60fdc837351",
"dest": "/aa/libaio-0.3.109-13.el7.x86_64.rpm",
"md5sum": "dd64d6583be1c37187a8cd93a3f6b4dd",
"remote_checksum": "d4f3116170a0fd27bf76be1a89b0b60fdc837351",
"remote_md5sum": null
}
[root@eadage ~]# ls /aa/
docker2 libaio-0.3.109-13.el7.x86_64.rpm
[root@eadage ~]# ansible docker2 -m setup -a 'filter=ansible_default_ipv4'
docker2 | SUCCESS => {
"ansible_facts": {
"ansible_default_ipv4": {
"address": "172.16.189.142",
"alias": "ens33",
"broadcast": "172.16.189.255",
"gateway": "172.16.189.2",
"interface": "ens33",
"macaddress": "00:0c:29:6b:2d:20",
"mtu": 1500,
"netmask": "255.255.255.0",
"network": "172.16.189.0",
"type": "ether"
}
},
"changed": false
}
[root@eadage ~]# ansible docker2 -m setup
docker2 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"172.30.0.1",
"172.18.0.1",
"172.17.0.1",
"172.16.189.142",
"172.16.98.184",
"172.19.0.1",
"172.20.0.1",
"172.21.0.1"
],
.....
"ansible_nodename": "docker2",
"ansible_os_family": "RedHat",
"ansible_pkg_mgr": "yum",
"ansible_processor_cores": 2,
"ansible_processor_count": 8,
"ansible_processor_vcpus": 16,
....
###1, 配置远程主机的: 登录用户名,密码/ssh私钥文件,sudo密码
wang@wang-T58-V:~/vagrant/c6$ tail -2 /etc/ansible/hosts
#c6 ansible_ssh_host=192.168.56.66 ansible_ssh_user="test" ansible_ssh_pass="test" ansible_sudo_pass="test"
#c6 ansible_ssh_host=192.168.56.66 ansible_ssh_user="test" ansible_ssh_private_key_file="id_rsa" ansible_sudo_pass="test"
c6 ansible_ssh_host=192.168.56.66 ansible_ssh_user="test" ansible_ssh_private_key_file="id_rsa"
###2, 以普通用户test登录远程主机,执行sudo命令
# sudo apt install sshpass #在使用密码登录远程主机时,会提示需要安装此包
wang@wang-T58-V:~/vagrant/c6$ ls
id_rsa Vagrantfile
wang@wang-T58-V:~/vagrant/c6$ ansible c6 -a 'whoami'
c6 | SUCCESS | rc=0 >>
test
wang@wang-T58-V:~/vagrant/c6$ ansible c6 -s --ask-su-pass -a 'whoami'
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: The su command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
SUDO password: #输入远程主机test用户的sudo密码
c6 | SUCCESS | rc=0 >>
root