安装
yum install epel-release
yum install ansible
配置
inventory
inventory的目录下建立inventory.ini
ansible-node1 ansible_connetcion=ssh ansible_user=user1 ansible_ssh_pass=userpass
ansible-node2 ansible_connetcion=ssh ansible_user=user1 ansible_ssh_pass=userpass
可以使用分组
[web]
ansible-node1 ansible_connetcion=ssh ansible_user=user1 ansible_ssh_pass=userpass
#ansible-node2 ansible_connetcion=ssh ansible_user=user1 ansible_ssh_pass=userpass
ansible-node[1:100] ansible_connetcion=ssh ansible_user=user1 ansible_ssh_pass=userpass
ansible web -m ping -i inventory.ini 先用ssh登陆一下,在主机上存在有finger记录
SSH KEY认证
ansible-controller中,ssh-keygen生成key文件
ssh-keygen
ssh-copy-id -i .ssh/ansible ansible-node
ssh -i .ssh/ansible ansible-node1
ansible web -m ping -i inventory.ini --private-key=/home/~~~/
YAML文件
- hosts: webservers
remote_user: root
tasks:
- name: ensure apache is at the lastest version
yum: httpd
state: latest
- name: write the apache config file
template:
src: /srv/httpd.js
dest: /etc/httpd.conf
- hosts: databases
remote_user: root
tasks:
- name: ensure postgresql is at the lastest version
yum:
name: postgresql
state: lastest
- name: ensure the postgresql is started
service:
name: postgresql
state: started
执行playbook
ansible-playbook playbook2.yml -i inventory.ini --private-key=/home/~~
Ansible核心
使用Vagrant搭建环境
- Vagrant官网
- 下载2个文件varant,一定是两个,不能少。
- 预先安装好VirtualBox
- 一个小坑,记住下载的文件目录里不要放文件,在生成虚拟机时会拷贝这两个文件
- 因为下载的文件里没有epel-release导致安装ansible失败,很奇怪的问题,手工安装成功
- 常用操作
- vagrant init 初使化
- vagrant up 安装虚拟机并配置(时间长一点,耐心等待)
- vagrant halt 关机
- vagrant destory 删除虚拟机
实际操作
ssh-keygen
ssh-copy-id -i ~/.ssh/id_rsa.pub ansible-node2
ansible -i inventory.ini -m ping web
[vagrant@ansible-controller ~]$ cat inventory.ini
[web]
ansible-node1 ansible_connetcion=ssh ansible_user=vagrant
ansible-node2 ansible_connetcion=ssh ansible_user=vagrant
PlayBook
变量
---
- name: Hello World
hosts: localhost
vars:
greetings: "hello from vars"
demo:
a:
- a: 1
- b: 2
b: test
tasks:
- name: Hello World debug
debug:
msg: "{{ demo }}"
引用变量文件
优先级 文件中后定义>文件前定义>文件变量
vars_files:
- "vars/demo.yml"
- "vars/demo.yml"
循环
- name: Hello World
hosts: localhost
gather_facts: no
vars:
test:
- test1
- test2
- test3
- test4
tasks:
- name: Test loop
debug:
msg: "{{ item }}"
with_items: "{{ test }}"
多重循环
---
- name: Hello World
hosts: localhost
gather_facts: no #不收集服务器数据
become: yes #作用root权限sudo
vars:
test:
- test1
- test2
- test3
- test4
demo:
- demo1
- demo2
- demo3
tasks:
- name: Test loop
debug:
msg: "{{ item[0] }} , is {{ item[1] }}"
with_nested:
- "{{ test }}"
- "{{ demo }}"
条件
tasks:
- name: Test loop
debug:
msg: "{{ item }} "
with_items:
- "{{ seq }}"
when: item >=3
多个条件
when:
- item >=3
- item <=5
when: item>3 or item<2
Group和Host变量
在inventory中建立目录group_vars和host_vars,文件hosts
group_vars里是all.yml,db.yml各个组的变量
host_vars里是host1.yml,host2.yml里面是ip啊,端口什么的
这里一个坑我跳进去2天,文件名一定是这两个。不能错,另外host_vars里是主机名为代表的yml
image.png
环境变量优先级
ansible.cfg
ANSIBLE_CONFIG
home 下的 ansible.cfg
/etc/ansible.cfg
模块介绍
file,copy,fetch
- name: create a diretcory
file:
path: /etc/test
state: directory
- name: copy files
copy:#本地到远程 fetch 远程到本地
src: files/test.txt
dest: /etc/test/test.txt
backup: yes #自动备份,文件加上日期,时间等
system
ping,gather_facts
- name: ping
ping:
ansible localhost -m gather_facts --tree ./fact
user,group
- name: create group
group:
name: mygroup
state: present
- name: delete group
group:
name: mygroup
state: absent
- name: create user
user:
name: demo
password: "{{ 'demo' | password_hash('sha512') }}"
- name: drop user
user:
name: user
state: absent
remove: yes
yum,apt,packages
- name: testyum
yum:
name: git
state: present
- name: testyum delete
yum:
name: git
state: absent
when: ansible_facts['distribution'] == 'CentOS'
- name: ensure a list of packages
apt:
name: {{ packages }}
state: absent
vars:
packages:
- httpd
- httpd-tools
when: ansible_facts['distribution'] == 'Ubuntu'
- name: ensure a list of packages
package:
name: git
pip
- pip:
name: bottle
virtualenv: /my_app/venv
virtualenv_command: virtualenv-2.7
- pip:
requirements: /my_app/requirements.txt
get_url,unarchive
- name: test_url
get_url:
url: https://****/*.*
dest: /home/vagrant/
checksum: md5:3287u3248923743
- name: unarchive
unarchive:
src: /home/vagarant/Python-3.8.0.tgz
dest: /home/vagrant/
remote_src: yes #远程是no,默认是no
command
- name: test command
command: cat /etc/hosts
register: host_value
- debug:
msg: "{{ host_value.stdout_lines }}"
service
- name: Start service
become: yes
service:
name: nginx
state: started
enabled: true
Ansible Vault文件加密
ansible-vault encrypt inventory/group_vars/all.yml #加密
ansible-vault decrypt inventory/group_vars/all.yml #解密
ansible-vault encrypt inventory/group_vars/all.yml #加密后执行
ansible-vault view inventory/group_vars/all.yml #查看加密
ansible-vault edit inventory/group_vars/all.yml #编辑加密
ansible-vault encrypt_string "vagrant" --name "ansible_password" #加密字段,然后把字段代替用执行结果代替
set_fact
- name: Hello World debug
debug:
msg: "{{ demo }}"
- name: gather facts
setup:
gather_subset: min
- name: test set facts
set_fact:
test_set_fact: 'set from set_fact'
- debug:
var: hostvars[ansible_host]
fetch和uri模块
fetch:
src: /etc/test/test.txt
dest: /tmp
flat: yes #no会建议每个服务器名的文件夹,yes不会
block的使用 ,失败了执行recure,不失败不执行recure,always始终都会执行,相当于try: except: finally:
tasks:
- block:
- name: debg
debug:
msg: "Execute"
- name: failure
command: /bin/tests
rescure:
- name: debug after
debug:
msg: "rerun"
always:
- name: always
debug:
msg: "always execute"
when: ansible_facts['distribution'] == "CentOS"
ansible-lint进行代码风格检查
pip install ansible-lint
ansible-lint site.yml
roules
image.png
使用Handlers
ansible-galaxy
资源
module