ansible安装及使用

规划

安装好centos7.5

环境准备

修改主机名

# hostnamectl set-hostname ansible-01
# hostnamectl set-hostname ansible-02

准备工作两台主机都操作：
关闭防火墙

[[email protected] ~]# systemctl stop firewalld
[[email protected] ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[[email protected] ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disbaled  #修改成disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

[[email protected] ~]# setenforce 0

编辑hosts文件：

[[email protected] ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.50 ansible-01
192.168.200.51 ansible-02

配置免密：

[[email protected] ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
f4:aa:f7:9f:19:cc:0b:55:0c:c3:5f:52:6f:14:fe:36 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|           .o  o+|
|            .+o.o|
|        .    .o+o|
|       . .   ....|
|        S . .  Eo|
|         . +   ..|
|        . . +    |
|       ..  . =   |
|      .. ...=    |
+-----------------+
[[email protected] ~]# ssh-copy-id 192.168.200.51
The authenticity of host '192.168.200.51 (192.168.200.51)' can't be established.
ECDSA key fingerprint is d4:cd:aa:a9:2a:8e:cc:d5:45:3e:0f:74:78:4c:db:e6.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.200.51'"
and check to make sure that only the key(s) you wanted were added.

[[email protected] ~]# ssh ansible-02
The authenticity of host 'ansible-02 (192.168.200.51)' can't be established.
ECDSA key fingerprint is d4:cd:aa:a9:2a:8e:cc:d5:45:3e:0f:74:78:4c:db:e6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ansible-02' (ECDSA) to the list of known hosts.
Last login: Sat Jul 23 04:25:00 2022 from 192.168.200.1
[[email protected] ~]# logout
Connection to ansible-02 closed.

[[email protected] ~]# ssh-copy-id 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is d4:cd:aa:a9:2a:8e:cc:d5:45:3e:0f:74:78:4c:db:e6.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '127.0.0.1'"
and check to make sure that only the key(s) you wanted were added.

只需要在ansible-01上安装ansible
centos7.5的YUM没有ansible的包，需要安装一个epel-release源

# yum install -y epel-release
#  yum install -y ansible

主机组设置：

[[email protected] ~]# cat /etc/ansible/hosts 
[testhost]
127.0.0.1
192.168.200.51

ansible批量远程执行命令

ansible testhost -m command -a 'w'

这样就可以批量执行命令了，这里的testhost为主机组名，-m后面是模块名字，-a后面是命令。当然也可以直接写一个IP，针对某一台机器来执行
还有一个模块就是shell同样也可以实现

[[email protected] ~]# ansible 127.0.0.1 -m command -a 'hostname'
127.0.0.1 | CHANGED | rc=0 >>
ansible-01
[[email protected] ~]# ansible 192.168.200.51 -m command -a 'hostname'
192.168.200.51 | CHANGED | rc=0 >>
ansible-02
[[email protected] ~]# ansible testhost -m command -a 'hostname'
192.168.200.51 | CHANGED | rc=0 >>
ansible-02
127.0.0.1 | CHANGED | rc=0 >>
ansible-01

[[email protected] ~]# ansible testhost -m shell -a 'hostname'
192.168.200.51 | CHANGED | rc=0 >>
ansible-02
127.0.0.1 | CHANGED | rc=0 >>
ansible-01

ansible拷贝文件或者目录

ansible ansible-02 -m copy -a "src=/etc/ansible dest=/tmp/ansibletest owner=root group=root mode=0755"

注意：源目录会放到目标目录下面去，如果目标指定的目录不存在，他会自动创建。如果拷贝的是文件，dest指定的名字和源如果不同，并且它不是已经存在的目录，相当于拷贝过去后又重命名。但相反，如果dest是目标机器上已经存在的目录，则会直接把文件拷贝到改目录下面。

# ansible testhost -m copy -a "src=/etc/passwd dest=/tmp/123"

这里的/tmp/123和源机器上的/etc/passwd是一致的，但如果目标机器上已经有/tmp/123目录，则会在/tmp/123目录下面建立passwd文件。

ansible远程执行脚本

首先创建一个shell脚本

vim /tmp/test.sh
#!/bin/bash
echo `date` >/tmp/ansible_date.txt

然后把该脚本分发到各个机器上

# ansible testhost -m copy -a "src=/tmp/test.sh dest=/tmp/test.sh mode=0755"

最后是批量执行该shell脚本

# ansible testhost -m shell -a '/tmp/test.sh'

# ansible testhost -m shell -a 'cat /tmp/ansible_date.txt'
192.168.200.51 | CHANGED | rc=0 >>
Mon Jul 25 04:12:46 CST 2022
127.0.0.1 | CHANGED | rc=0 >>
Mon Jul 25 04:12:46 CST 2022

shell模块还支持远程执行命令并且带管道

# ansible testhost -m shell -a "cat /etc/passwd |wc -l"
127.0.0.1 | CHANGED | rc=0 >>
21
192.168.200.51 | CHANGED | rc=0 >>
21

ansible管理任务计划

ansible testhost -m cron -a "name='test cron' jod='/bin/touch /tmp/1212.txt' weekday=6"

若需要删除该cron只需要加一个字段state=absent

ansible testhost -m cron -a "name='test cron' state=absent"

其他的时间表示：分钟minute 小时hour 日期day 月份mouth 周weekday

ansible安装rpm包/管理服务

ansible testhost -m yum -a "name=httpd"

在name后面还可以加上state=installed/removed

ansible testhost -m service -a "name=httpd state=started enabled=yes"

这里的name是centos系统里的服务名，可以通过chkconfig --list查到
ansible文档的使用
ansible-doc -l 列出所有的模块
ansible-doc cron 查看指定模块的文档