一、安装ansible软件
1、安装yum源
rpm -Uvh http://mirrors.ustc.edu.cn/epel/epel-release-latest-7.noarch.rpm yum install epel-release -y yum install ansible
要是报错:epel源与python版本冲突原因,有些包是需要依赖python2.6的版本,此主机的python版本是2.7.5。
2、那就先卸载 epel-release源
yum install epel-release -y
3、到 /etc/yum.repos.d 目录下,将epel.repo源备份,
mv epel.repo epel.repo.bak
4、清理yum源缓存和新建缓存,
yum clean all yum makecache
5、再执行安装命令
yum install ansible -y
6、查看安装的版本
ansible --version
7、配置主机组
Ansible工具默认主目录为/etc/ansible/,其中hosts文件为被管理机IP或者主机名列
二、配置免秘钥登录
1、管理主机上生成秘钥
ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 73:80:07:fa:9a:0d:e0:0e:d1:c2:44:d2:d2:61:67:21 root@ansible The key's randomart image is: +--[ RSA 2048]----+ |o=E.+.. | |=oo+ . o | |ooo . . o | | + . . . . | |. . . . S . | | o = o | | . o . | | | | | +-----------------+
2、将管理机上生成的秘钥发送到被管理机
ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.207.137 ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.207.132
3、测试是否配置成功
ansible -k all -m ping
三、Ansible模块详细介绍
1、Ansible command模块为Ansible默认模块,主要用于执行Linux基础命令,可以执行远程服务器命令执行、任务执行等操作。
ansible -k -i /etc/ansible/hosts web -m command -a "date" ansible -k all -m command -a "ping -c 1 www.baidu.com" ansible -k 192.168.207.137 -m command -a "df -h" 指定单个IP执行任务
2、Ansible copy模块主要用于文件或者目录复制,支持文件、目录、权限、用户组功能。
ansible -k all -m copy -a 'src=/opt/test.txt dest=/tmp/ mode=755 owner=root' ansible -k all -m copy -a 'content="Hello World" dest=/tmp/jfedu.txt mode=755 owner=root' ansible -k all -m copy -a 'content="Hello World" dest=/tmp/xiaoxin.txt backup=yes mode=755 owner=root'
3、Ansible YUM模块主要用于软件的安装、升级、卸载,支持红帽rpm软件包的管理。
ansible all -k -m yum -a "name=xinetd,screen state=installed" ansible all -k -m yum -a "name=sysstat,screen state=installed" installed表示安装服务 ansible all -k -m yum -a "name=sysstat,screen state=absent" absent表示卸载服务 ansible 192.168.207.137 -k -m yum -a "name=sysstat,screen state installed disable_gpg_check=no" 表示不检查key
如有报以下错:Cannot retrieve metalink for repository: epel/x86_64. Please verify its path and try again
处理方法
编辑epel.repo, 去除epel段中baseurl行的注释符, 并注释metalink行
vim /etc/yum.repos.d/epel.repo [epel] name=Extra Packages for Enterprise Linux 7 - $basearch baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch #metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
4、Ansible file模块主要用于对文件的创建、删除、修改、权限、属性的维护和管理。
ansible -k 192.168.207.* -m file -a "path=/tmp/test state=directory mode=755" 创建目录 ansible -k 192.168.207.* -m file -a "path=/tmp/abc.txt state=touch mode=755" 创建文件
5、Ansible user模块主要用于操作系统用户、组、权限、密码等操作
ansible -k 192.168.207.* -m user -a "name=jfedu home=/tmp/" home指定家目录 ansible -k 192.168.207.* -m user -a "name=jfedu home=/tmp/ shell=/sbin/nologin" 指定家目录,并指定shell ansible -k 192.168.207.* -m user -a "name=jfedu state=absent force=yes" 删除用户
6、Ansible cron模块主要用于添加、删除、更新操作系统crontab任务计划
ansible -k all -m cron -a "minute=0 hour=0 day=* month=* weekday=* name='Ntpdate server for sync time' job='/usr/sbin/ntpdate 139.224.227.121'" 定时同步时间 ansible -k all -m cron -a "minute=* hour=* day=* month=* weekday=* name='Ntpdate server for sync time' backup=yes job='/usr/sbin/ntpdate pool.ntp.org'" 开启备份,备份目录在/tmp下 ansible -k all -m cron -a "name='Ntpdate server for sync time' state=absent" 删除备份计划
7、Ansible synchronize模块主要用于目录、文件同步,主要基于rsync命令工具同步目录和文件。
ansible -k all -m synchronize -a 'src=/tmp/ dest=/tmp/' 同步/tmp目录下的内容 ansible -k all -m synchronize -a 'src=/tmp/ dest=/tmp/ compress=yes delete=yes rsync_opts=--no-motd,--exclude=.txt'
8、Ansible shell模块主要用于远程客户端上执行各种shell命令或者运行脚本,远程执行命令通过/bin/sh 环境来执行,支持比command更多的指令。
ansible -k all -m shell -a "/bin/sh /tmp/date.sh >>/tmp/var.log" 执行date.sh文件,并把执行结果追加到var.log文件里面去 ansible -k all -m shell -a "mkdir -p abc chdir=/tmp/ state=directory warn=no" 创建目录 ansible -k all -m shell -a "ps -ef |grep http" 远程查看http进程是否启动 ansible -k all -m shell -a "crontab -l" 查看定时任务
9、Ansible service模块主要用于远程客户端各种服务管理,包括启动、停止、重启、重新加载等。
ansible -k all -m service -a "name=mysql state=restarted" 重启mysql服务 ansible -k all -m service -a "name=network args=eth0 state=restarted" 重启网卡服务 ansible -k all -m service -a "name=nfs enabled=yes runlevel=3.5" 远程开启nfs服务,设置3,5级别自动启动
10、Ansible PlayBook剧情模块
主要参数详解
ansible-playbook nginx_install.yaml nginx_install.yaml文件
--- - hosts: all tasks: - name: Installs nginx web server yum: name=nginx state=installed update_cache=true notify: - start nginx handlers: - name: start nginx service: name=nginx state=started
执行结果: