ansible遠程管理工具;
時間同步
名字解析
1成榜、安裝ansible;
Yum install ansible
=======================================================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================================================
Installing:
ansible noarch 2.2.1.0-1.el7 web 4.6 M
Installing for dependencies:
PyYAML x86_64 3.10-11.el7 dev 153 k
libtomcrypt x86_64 1.17-23.el7 web 224 k
libtommath x86_64 0.42.0-4.el7 web 35 k
libyaml x86_64 0.1.4-11.el7_0 dev 55 k
python-babel noarch 0.9.6-8.el7 dev 1.4 M
python-backports x86_64 1.0-8.el7 dev 5.8 k
python-backports-ssl_match_hostname noarch 3.4.0.2-4.el7 dev 12 k
python-httplib2 noarch 0.7.7-3.el7 web 70 k
python-jinja2 noarch 2.7.2-2.el7 dev 515 k
python-keyczar noarch 0.71c-2.el7 web 218 k
python-markupsafe x86_64 0.11-10.el7 dev 25 k
python-setuptools noarch 0.9.8-4.el7 dev 396 k
python-six noarch 1.9.0-2.el7 dev 29 k
python2-crypto x86_64 2.6.1-13.el7 web 476 k
python2-ecdsa noarch 0.13-4.el7 web 83 k
python2-paramiko noarch 1.16.1-2.el7 web 258 k
python2-pyasn1 noarch 0.1.9-7.el7 dev 100 k
sshpass x86_64 1.06-1.el7 web 21 k
Transaction Summary
=======================================================================================================================================================================
Install 1 Package (+18 Dependent packages)
/etc/ansible ---------------配置文件所在目錄位置
/etc/ansible/ansible.cfg ---主配置文件
/etc/ansible/hosts----------主機清單
/etc/ansible/roles-----------角色目錄
/usr/bin/ansible-------------主程序
/usr/bin/ansible-console
/usr/bin/ansible-doc
/usr/bin/ansible-galaxy
/usr/bin/ansible-playbook
/usr/bin/ansible-pull--------從客戶端拉取工具
/usr/bin/ansible-vault
/etc/ansible/ansible.cfg ---主配置文件斟珊,關(guān)于自身的配置文件达罗;
Ansible 一兩種方式完成管理,命令行或劇本方式完成
命令行躯喇;
Ansible host-pattern options
Ansible -a -m 傳遞模塊參數(shù)
Ansible -C 測試執(zhí)行
Ansible -f 默認管控5個
ansible -I 指明主機清單
Ansible -l 列出主機
Ansible -t 將日志記錄與指定的位置文件中
連接命令選項咏窿;
Ansible -c 指定以什么方式連接目標主機
Ansible -u 指明目標主機使用連接時的用戶碌秸;默認為none;
權(quán)限升級方式;Privilege escalation options;
ansible -s 切換sudo操作艳悔;
Ansible -U su到某個用戶進行操作急凰;
Ansible -b 轉(zhuǎn)變至某個用戶操作;
秘鑰認證猜年;
#ssh-keygen -t rsa -P ""
將生成的蜜鑰發(fā)送另兩臺主機抡锈;
#ssh-copy-id -I ~/.ssh/id_rsa.pub root@172.16.88.2
#ssh-copy-id -I ~/.ssh/id_rsa.pub root@172.16.88.3
[root@localhost ~]#ssh-keygen -t rsa -P ""
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
2f:3d:fc:15:67:32:4d:89:59:6b:05:2c:73:bb:fe:51 root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| ..o.|
| o * +|
| * =.|
| oo |
| S +.E|
| + .*.|
| . = ... |
| . o .. .|
| . ..|
+-----------------+
[root@localhost ~]#ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.88.2
The authenticity of host '172.16.88.2 (172.16.88.2)' can't be established.
ECDSA key fingerprint is 75:9e:e0:a9:31:ce:cb:73:ed:8a:17:d6:9d:3d:6a:2b.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.88.2's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@172.16.88.2'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]#ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.88.1
The authenticity of host '172.16.88.1 (172.16.88.1)' can't be established.
ECDSA key fingerprint is ce:2d:bd:83:46:37:94:45:27:2d:65:b8:71:f3:32:93.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.88.1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@172.16.88.1'"
and check to make sure that only the key(s) you wanted were added.
設(shè)置名字解析;
[root@localhost ~]#scp /etc/hosts root@172.16.88.2:/etc/hosts
The authenticity of host '172.16.88.2 (172.16.88.2)' can't be established.
ECDSA key fingerprint is 75:9e:e0:a9:31:ce:cb:73:ed:8a:17:d6:9d:3d:6a:2b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.88.2' (ECDSA) to the list of known hosts.
root@172.16.88.2's password:
hosts
[root@localhost ~]#cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.88.1 node1.mageedu.com node1
172.16.88.2 node2.mageedu.com node2
172.16.88.3 node3.mageedu.com node3
172.16.88.4 node4.mageedu.com node4
定義管控的主機乔外,編輯配置文件床三;
Vim /etc/ansible/hosts
[Websrvs]
172.16.88.2
172.16.88.3
[dbsrvs]
172.16.88.3
命令行;
列出控制的主機杨幼;
[root@localhost ansible]#ansible all -m ping --list-hosts
hosts (2):
172.16.88.1
172.16.88.2
探測目標主機是否可頻通勿璃;
[root@localhost ansible]#ansible all -m ping -C
172.16.88.1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.88.2 | SUCCESS => {
"changed": false,
"ping": "pong"
[root@localhost ansible]#ansible-doc --help
Usage: ansible-doc [options] [module...]
Options:
-h, --help show this help message and exit
-l, --list List available modules
-M MODULE_PATH, --module-path=MODULE_PATH
specify path(s) to module library (default=None)
-s, --snippet Show playbook snippet for specified module(s)
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
--version show program's version number and exit
Ansible-doc -a 顯示所有模塊文檔
Ansible-doc -l 列出所有可用模塊
Ansible-doc -M
Ansible-doc -s 顯示playbooks當中使用的選項;
? group模塊,查看定義組的選項补疑;
[root@localhost ansible]#ansible-doc -s group
- name: Add or remove groups
action: group
gid # Optional `GID' to set for the group.
name= # Name of the group to manage.
state # Whether the group should be present or not on the remote host.
system # If `yes', indicates that the group created is a system group.
[root@localhost ansible]#
State---可以創(chuàng)建或刪除
Ansible all -m group -a "gid=1012 name=mygrp state=present system=no"
[root@localhost ~]#tail -1 /etc/group
mygrp:x:1012:
Ansible all -m group -a "gid=1012 name=mygrp state=absent system=no"
? user模塊歧沪,查看創(chuàng)建用戶選項;
#Ansible-doc -s
Name=
Comment---注釋信息
Expires------過期時間
Group-------基本組
Groups------附加組
Home-------家目錄
Password----密碼
Shell---------shell類型
State --------創(chuàng)建莲组,刪除 persent,absent
System ---------是否為系統(tǒng)用戶
Uid-----------用戶id
Move home----當創(chuàng)建家目錄是原有的文件是否移動過來诊胞,等于no時創(chuàng)建新的家目錄,原有的文件不會移動過來
Generate_ssh_key---創(chuàng)建用戶是自動生成一對蜜鑰锹杈,原來有蜜鑰不會覆蓋撵孤,重新創(chuàng)建一對蜜鑰
創(chuàng)建用戶,添加附加組
[root@localhost ansible]#ansible all -m user -a "uid=5000 name=testuser state=present system=no groups=mygrp shell=/bin/tcsh"
172.16.88.2 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 5000,
"groups": "mygrp",
"home": "/home/testuser",
"name": "testuser",
"shell": "/bin/tcsh",
"state": "present",
"system": false,
"uid": 5000
}
172.16.88.1 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 5000,
"groups": "mygrp",
"home": "/home/testuser",
"name": "testuser",
"shell": "/bin/tcsh",
"state": "present",
"system": false,
"uid": 5000
}
? copy模塊
[root@localhost ~]#ansible-doc -s copy
Ansible ----dest= 目標路徑竭望,遠程主機的絕對路徑
Ansible--------Src-----源可以相對邪码,也可以是絕對的,源文件以斜線結(jié)尾咬清、/ 將目錄中的內(nèi)容復(fù)制過去闭专,不帶斜線,將整個目錄遞歸復(fù)制過去旧烧。
Ansible-------Owner屬主
Ansible-------group屬組
Ansible----mode--------權(quán)限
Ansible------Remode src---從遠程復(fù)制到遠程
Ansible ------content ----指定內(nèi)容生成目標文件生成的內(nèi)容影钉,不用指定src源文件;
拷貝內(nèi)容到遠程主機掘剪;
[root@localhost ansible]#ansible all -m copy -a " src=/etc/fstab dest=/tmp/fstab.ansibled mode=600 "
172.16.88.1 | SUCCESS => {
"changed": true,
"checksum": "38e9d94be631342601af30347dca5d61ae09172c",
"dest": "/tmp/fstab.ansibled",
"gid": 0,
"group": "root",
"md5sum": "b91107d726fc7502b6d74ffce58a6dd0",
"mode": "0600",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 541,
"src": "/root/.ansible/tmp/ansible-tmp-1505840510.12-83854192085881/source",
"state": "file",
"uid": 0
}
172.16.88.2 | SUCCESS => {
"changed": true,
"checksum": "38e9d94be631342601af30347dca5d61ae09172c",
"dest": "/tmp/fstab.ansibled",
"gid": 0,
"group": "root",
"md5sum": "b91107d726fc7502b6d74ffce58a6dd0",
"mode": "0600",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 541,
"src": "/root/.ansible/tmp/ansible-tmp-1505840510.12-83768663591640/source",
"state": "file",
"uid": 0
}
Ansible all -m copy -a "src=/etc/pam.d/ dest=/tmp/"
Ansible all -m copy -a "src=/etc/pam.d dest=/tmp/"
兩種復(fù)制的區(qū)別在于平委,復(fù)制文件和復(fù)制目錄
給定內(nèi)容拷貝到遠程主機;
[root@localhost ansible]#ansible all -m copy -a "content='hi there\n' dest=/tmp/hi.txt"
172.16.88.1 | SUCCESS => {
"changed": true,
"checksum": "56170f5429b35dea081bb659b884b475ca9329a9",
"dest": "/tmp/hi.txt",
"gid": 0,
"group": "root",
"md5sum": "fd33e2e8ad3cb1bdd3ea8f5633fcf5c7",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 8,
"src": "/root/.ansible/tmp/ansible-tmp-1505841223.02-222568091857457/source",
"state": "file",
"uid": 0
}
將屬主夺谁,屬組改變?yōu)楝F(xiàn)有的testuser,mygrp
[root@localhost ansible]#ansible all -m copy -a "content='hi there\n' dest=/tmp/hi.txt owner=testuser group=mygrp"
172.16.88.1 | SUCCESS => {
"changed": true,
"checksum": "279d9035886d4c0427549863c4c2101e4a63e041",
"dest": "/tmp/hi.txt",
"gid": 1032,
"group": "mygrp",
"mode": "0644",
"owner": "testuser",
"path": "/tmp/hi.txt",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 9,
"state": "file",
"uid": 5000
}
172.16.88.2 | SUCCESS => {
"changed": true,
"checksum": "279d9035886d4c0427549863c4c2101e4a63e041",
"dest": "/tmp/hi.txt",
"gid": 1032,
"group": "mygrp",
"mode": "0644",
"owner": "testuser",
"path": "/tmp/hi.txt",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 9,
"state": "file",
"uid": 5000
}
沒有創(chuàng)建的用戶和組時將會出現(xiàn)錯誤廉赔;
? fetch模塊;
從遠程主機復(fù)制文件到本地匾鸥;遠程主機不能指定多個蜡塌。
? command模塊;
Ansible-doc -s command
在遠程主機執(zhí)行命令扫腺,
Ansible -----chdir 切換目錄執(zhí)行岗照;
Ansible ------executable執(zhí)行程序,執(zhí)行命令有shell發(fā)起笆环,指定shell類型攒至;
Ansible ----free from 自有格式執(zhí)行;
[root@localhost ansible]#ansible all -m command -a "ifconfig"
172.16.88.1 | SUCCESS | rc=0 >>
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.226.150 netmask 255.255.255.0 broadcast 192.168.226.255
inet6 fe80::cf19:b710:2fcd:be00 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f6:4b:b1 txqueuelen 1000 (Ethernet)
RX packets 3699 bytes 386609 (377.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1201 bytes 197899 (193.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
172.16.88.2 | SUCCESS | rc=0 >>
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.226.152 netmask 255.255.255.0 broadcast 192.168.226.255
inet6 fe80::6f38:23ba:a34b:3a29 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:58:50:18 txqueuelen 1000 (Ethernet)
RX packets 2593 bytes 258093 (252.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 450 bytes 68915 (67.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
切換目錄并創(chuàng)建目錄躁劣;
Ansible all -m command -a "chdir=/var/tmp mkdir hi.dir"
[root@localhost ~]#ansible all -m command -a "chdir=/var/tmp/ mkdir hi.dir"
172.16.88.2 | SUCCESS | rc=0 >>
172.16.88.1 | SUCCESS | rc=0 >>
[root@localhost ~]#ansible all -m command -a "chdir=/var/tmp/ mkdir hi.dir"
172.16.88.1 | FAILED | rc=1 >>
mkdir: cannot create directory ‘hi.dir’: File exists
172.16.88.2 | FAILED | rc=1 >>
mkdir: cannot create directory ‘hi.dir’: File exists
不是冪等的迫吐,再次創(chuàng)建將會出現(xiàn)失敗账忘;
遠程主機設(shè)置密碼志膀;
[root@localhost ~]#ansible all -m command -a "echo mageedu | password --stdin mageedu"
172.16.88.1 | SUCCESS | rc=0 >>
mageedu | password --stdin mageedu
172.16.88.2 | SUCCESS | rc=0 >>
mageedu | password --stdin mageedu
指定shell類型熙宇;
[root@localhost ~]#ansible all -m command -a "echo mageedu | password --stdin mageedu excutable=/bin/bash"
172.16.88.1 | SUCCESS | rc=0 >>
mageedu | password --stdin mageedu excutable=/bin/bash
172.16.88.2 | SUCCESS | rc=0 >>
mageedu | password --stdin mageedu excutable=/bin/bash
Command 無法解析|的功能,無法使用設(shè)置密碼溉浙;
? Ansible-doc -s shell
查看shell模塊選項烫止;
使用shell模塊添加用戶密碼;
[root@localhost ~]#ansible all -m command -a "useradd mageedu"
172.16.88.2 | SUCCESS | rc=0 >>
172.16.88.1 | SUCCESS | rc=0 >>
[root@localhost ~]#ansible all -m shell -a "echo mageedu | passwd --stdin mageedu"
172.16.88.2 | SUCCESS | rc=0 >>
Changing password for user mageedu.
passwd: all authentication tokens updated successfully.
172.16.88.1 | SUCCESS | rc=0 >>
Changing password for user mageedu.
passwd: all authentication tokens updated successfully.
? Ansible-doc -s file
創(chuàng)建目錄戳稽;
Ansible all -m file -a "path=/var/tmp/hello.dir state=directory"
[root@localhost ~]#ansible all -m file -a "path=/var/tmp/hello.dir state=directory"
172.16.88.1 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/var/tmp/hello.dir",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
創(chuàng)建文件馆蠕;
[root@localhost ~]#ansible all -m file -a "path=/var/tmp/hello.txt state=file"
172.16.88.1 | FAILED! => {
"changed": false,
"failed": true,
"msg": "file (/var/tmp/hello.txt) is absent, cannot continue",
"path": "/var/tmp/hello.txt",
"state": "absent"
}
172.16.88.2 | FAILED! => {
"changed": false,
"failed": true,
"msg": "file (/var/tmp/hello.txt) is absent, cannot continue",
"path": "/var/tmp/hello.txt",
"state": "absent"
}
創(chuàng)建空文件,不建議使用file模塊惊奇,使用copy命令互躬,countent 為空,即可拷貝空文件颂郎;
file模塊可以創(chuàng)建符號鏈接吼渡;
復(fù)制一個文件,創(chuàng)建符號鏈接乓序;
[root@localhost ~]#ansible all -m copy -a "src=/etc/fstab dest=/var/tmp/fstab.ansible"
172.16.88.2 | SUCCESS => {
"changed": true,
"checksum": "38e9d94be631342601af30347dca5d61ae09172c",
"dest": "/var/tmp/fstab.ansible",
"gid": 0,
"group": "root",
"md5sum": "b91107d726fc7502b6d74ffce58a6dd0",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 541,
"src": "/root/.ansible/tmp/ansible-tmp-1505911110.34-137908123845802/source",
"state": "file",
"uid": 0
}
創(chuàng)建符號鏈接寺酪;
[root@localhost ~]#ansible all -m file -a "src=/var/tmp/fstab.ansible dest=/var/tmp/fstab.link state=link"
172.16.88.1 | SUCCESS => {
"changed": true,
"dest": "/var/tmp/fstab.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 22,
"src": "/var/tmp/fstab.ansible",
"state": "link",
"uid": 0
}
[root@localhost tmp]#ll
總用量 4
-rw-r--r--. 1 root root 541 9月 20 20:38 fstab.ansible
lrwxrwxrwx. 1 root root 22 9月 20 20:41 fstab.link -> /var/tmp/fstab.ansible
指明目標符號鏈接,state=link
File 模塊設(shè)定文件屬性竭缝;
Group,mode,owner….
? Ansible-doc -s cron
cron模塊---定義計劃任務(wù)房维;
[root@localhost ~]#ansible all -m cron -a "minute=*/3 job='/usr/sbin/update 172.16.0.1 &> /dev/null' "
172.16.88.1 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"None"
]
}
同步時間沼瘫;
[root@localhost tmp]#crontab -l
#Ansible: None
*/3 * * * * /usr/sbin/update 172.16.0.1 &> /dev/null
在node1上查看信息抬纸;
刪除設(shè)定的任務(wù);
[root@localhost ~]#ansible all -m cron -a "minute=*/3 job='/usr/sbin/update 172.16.0.1 &> /dev/null' state=absent"
172.16.88.1 | SUCCESS => {
"changed": false,
"envs": [],
"jobs": [
"None"
]
}
需要指明名字耿戚;
[root@localhost ~]#ansible all -m cron -a "minute=*/3 job='/usr/sbin/update 172.16.0.1 &>/dev/null' name=None state=absent"
172.16.88.2 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": []
}
172.16.88.1 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": []
}
[root@localhost tmp]# crontab -l
[root@localhost tmp]#
刪除設(shè)定任務(wù)成功湿故;
? Ansible-doc -s yum
Yum 模塊
State= 選項---install(present , installed , latest)
都表示安裝;
remove(absent , removed)--都表示卸載膜蛔;
Disbalerepo 禁用某個倉庫
Enablerepo 啟用沒偶個倉庫
Disable_gpg_check 禁用秘鑰檢測
兩個主機各自安裝一個nginx;
[root@localhost ~]#ansible all -m yum -a "name=nginx state=installed"
172.16.88.2 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
[root@localhost ~]#rpm -q nginx
nginx-1.10.2-1.el7.x86_64
? Ansible-doc -s service
service模塊坛猪;
[root@localhost ~]#ansible all -m service -a "name=nginx state=started "
172.16.88.2 | SUCCESS => {
"changed": true,
"name": "nginx",
"state": "started",
[root@localhost ~]#ansible all -m service -a "name=nginx state=stopped "
172.16.88.2 | SUCCESS => {
"changed": true,
"name": "nginx",
"state": "stopped",
查看剩余模塊;
Ansible-doc -l|less
? Ansible-doc -s script
script模塊皂股;
指定腳本路徑墅茉,執(zhí)行腳本
[root@localhost ~]#ansible all -m script -a "/tmp/test.sh"
172.16.88.1 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.16.88.1 closed.\r\n",
"stdout": "",
"stdout_lines": []
}
172.16.88.2 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.16.88.2 closed.\r\n",
"stdout": "",
"stdout_lines": []
}
[root@localhost tmp]#cat /tmp/ansible.txt
ansible script
執(zhí)行腳本在遠程主機執(zhí)行。
