1.配置yum源:上传epel.repo
yum clean all
yum update
安装ansible
查询是否有ansible yum list *ansile
查看该ansible的信息 yum info ansible.noarch
安装ansible
yum install ansible.noarch -y
2.ansible前期配置
cd /etc/ansible
主配置文件:ansible.cfg
主机清单inventory: hosts 存放主机IP 账号密码 或基于秘钥认证
主机管理清单 /etc/ansible/hosts
[webserver] -->主机组 主机角色
192.168.122.7 -->主机ip
192.168.122.8
[dbserver]
192.168.122.9
ansible端传公钥给客户主机
ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
测试并执行命令
ssh 192.168.122.7 ‘date‘
3.ansible管理主机
查看文档:man ansible-doc
查看ansible支持的所有模块
ansible-doc -l
查看模块怎么使用
ansible-doc -s yum
基本语法 man ansiable查看命令的使用
ansible <host-pattern> [-f forks] [-m module_name] [-a args]
<host-pattern> 对哪些主机生效
[-f forks] 一批处理多少个主机 启动多少个并发线程
[-m module_name] 使用哪个模块
[-a args] 模块特有的参数
常用模块
默认command
ansible-doc -s command 查看 command模块怎么使用
ansible 192.168.122.7 -m command -a ‘date‘ 主机192.168.122.7 用command模块 指定参数(命令) date -a args
ansible webserver -m command -a ‘date‘ 指定主机组
ansible all -m command -a ‘date‘ 清单里的所有主机
ansible all -m command -a ‘tail -2 /etc/passwd‘
可以不指定command 默认是 command模块(该模块不能使用变量)
ansible all -a ‘date’
cron模块
ansible-doc -s cron 查看帮助
state absent移除任务 present加上任务
ansible webserver -m cron -a ‘minute="*/10" job="/bin/echo hello" name="test cron job" state=present‘
其他时间不加的默认都是* job定时任务执行的命令 name是注释 state=present 是加上这个定时任务 也可以不写默认加上
查看是否加上定时任务 ansible webserver -a ‘crontab -l‘
ansible webserver -m cron -a ‘minute="*/10" job="/bin/echo hello" name="test cron job" state=present‘ 移除定时任务
user模块
ansible-doc -s user 查看帮助
ansible all -m user -a ‘name=haha‘ 创建haha
查看是否创建成功 ansible all -a ‘tail /etc/passwd‘
查看是否默认创建私有组 ansible all -a ‘tail /etc/group‘
删除
ansible all -m user -a "name=‘haha‘ state=absent"
group模块
ansible-doc -s group
ansible webserver -m group -a ‘name=mysql gid=666 system=yes‘ 创建mysql组 gid:666 系统组
ansible webserver -m user -a ‘name=mysql uid=666 group=mysql system=yes‘ 创建mysql用户
ansible webserver -m user -a ‘name=mysql uid=666 group=mysql shell="/sbin/nologin" ‘ 创建用户 指定不登录系统
copy模块
ansible-doc -s copy
src:本地文件路径 可以是相对路径
dest: 远端文件保存路径 必须绝对路径
ansible all -m copy -a ‘src=/etc/fstab dest=/tmp/fstab.ansible owner=mysql mode=640‘ 本地文件/etc/fstab 复制到远端=/tmp/fstab.ansible 属主:mysql 权限640
查看复制是否成功 ansible all -a ‘ls -al /tmp‘
content=指定文件内容
ansible all -m copy -a ‘content="hello world\nyou are welcome\n" dest=/tmp/test.ansible‘
直接复制内容给远端 并保存到远端的指定文件
file模块
ansible-doc -s file
ansible all -m file -a ‘owner=root group=root mode=644 path=/tmp/fstab.ansible‘
设置文件属性 远端文件路径为path=/tmp/fstab.ansible‘
path:创建文件的路径 可以使用name或dest来替换
src:远端目标源文件
ansible all -m file -a ‘path=/tmp/fstab.link src=/tmp/fstab.ansible state=link‘ 建软连接
ping模块
批量测试目标主机是否连通
ansible all -m ping ping所有主机
service模块
管理服务
ansible-doc -s service
ansible webserver -m service -a ‘enabled=true name=rpcbind state=started‘
enabled:开机开启服务 name:服务名称 state: 状态
ansible dbserver -m service -a ‘enabled=true name=httpd state=started‘
shell模块
ansible-doc -s shell
用于有变量或特殊功能的命令时 用shell模块
ansible all -m shell -a ‘echo 123456 | passwd --stdin user1‘
查看是否有密码 cat /etc/shadow
script模块
将本地脚本复制到远程服务器并执行
ansible-doc -s script
ansible all -m script -a ‘~/test.sh‘
yum模块
ansible-doc -s yum
安装程序包
name:指定安装的程序 state:latest 最新或指定版本 state:absent 卸载 state:present 安装 默认安装
ansible all -m yum -a ‘name=tree state=latest‘
ansible all -m yum -a ‘name=tree state=absent‘ 卸载
setup模块
收集远程主机的信息
包括主机 操作系统版本 IP地址
ansible-doc -s setup
- ansible yaml模块
yaml基础元素: 变量 inventory 条件 迭代
playbook组成
Inventory
Modules
Ad Hoc Commands
playbooks
Tasks:任务 调用模块完成任务
variables:变量
templates:模板
Handlers:处理器,某条件触发时执行的操作
Roles:角色
playbook基本结构
- host:webserver
remote_user:
tasks:
- task1
module_name:module_args
- task2
比如:
nginx.yaml
- hosts: webserver
remote_user: root
tasks:
- name: create nginx group #任务名字
group: name=ginx gid=505 system=yes #group模板 后面是3个参数
- name: create nginx user #任务名字
user: name=nginx uid=505 group=nginx system=yes
shell:/usr/bin/somecommand || /bin/true #命令执行错误时强制为正确信息
- host:dbserver
- hosts: dbserver
remote_user: root
tasks:
- name: copy file to dbserver
copy: src=/etc/inittab dest=/tmp/inittab.ansible
ignore_errors:True #忽略所有错误
httpd.yaml
- hosts: webserver
remote_user:root
vars:
- package: httpd #定义变量
- service: httpd
tasks:
- name: install httpd package
yum: name={{package}} state=latest #使用变量{{package}}
- name: install configuration file for httpd
copy: src=/root/conf/httpd.conf dest-/etc/httpd/conf/httpd.conf
notify: #/etc/httpd/conf/httpd.conf 与之前发生改变时触发handlers
- restart httpd
- name: start httpd serice
service: enabled=true name={{service}} state=started
handlers:
- name: restart httpd #与前面notify后面的一致
service: name=httpd state=restarted #模块 操作
vi /etc/ansible/hosts
[webserver]
192.168.122.7 testvar="100.7" ansiable_ssh_user=root ansible_ssh_pass=123456
[dbserver]
192.168.122.9 testvar="100.9"
var.yaml
- hosts: webserver
remote_user: root
tasks:
- name: copy file
copy: content="{{ansible_date_time}},{{testvar}}" dest=/tmp/var.ansible #引用ansible变量
条件测试:
when:
实例:cond.yaml
- hosts: all
remote_user: root
vars:
- username: user10
tasks:
- name: create {{username}} user
user: name={{username}}
when: ansible_fqdn == ”www1.rhce.cc”
ansible变量获取: ansible 192.168.122.7 -m setup
迭代:重复同类task时使用
调用item
定义循环列表: with_items
- name: add several users
user: name={{item}} state=present groups=wheel
with_items:
- testuser1
- testuser2
等同于:
- name: add several users
user: name=testuser1 state=present groups=wheel
- name: add several users
user: name=testuser2 state=present groups=wheel
with_items中的列表值也可以是字典,引用时要使用item.KEY
实例
- name add several users
user:name={{item.name}} state=present groups={{item.groups}}
with_items:
- {name: ’testuser1’, groups: ’wheel’}
- {name: ’testuser2’, groups: ’root’ }
相当于:
- name add several users
user: name=testuser1 state=present groups=wheel
- name add several users
user: name=testuser2 state=present groups=root
实例:
yum:name={{item.name}} state=present conf_file={{item.conf}}
- {name: apache, conf: conffiles/httpd.conf}
- {name: php, conf: conffiles/php.ini}
- {name: mysql-server, conf: conffiles/my.cnf}
tempaltes:
可自定义主机名变量 也可以用ansible变量
vi /etc/ansible/hosts
[webserver]
192.168.122.7 testvar="100.7" http_port=1007
[dbserver]
192.168.122.9 testvar="100.9" http_port=1009
模板
vi templates/httpd.conf.j2
Listen {{http_port}}
ServerName {{ansible_fqdn}}
修改playbook文件
http.yaml
- hosts: all
remote_user: root
vars:
- package: httpd
- service: httpd
tasks:
- name: install httpd package
yum: name={{package}} state=latest
- name: install configuration file for httpd
template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify:
- restart httpd
- name: after installed and started service
service: enabled=true name={{service}} state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
tags:在playbook中可以为某个任务定义一个标签,执行此playbook时,通过命令
ansible-playbook httpd.yaml --tags="conf" 实现仅运行指定的tags 而非所有
特殊tags:
- always
无论指定哪个tags 这个tags都会运行
vi httpd.yaml
- hosts: all
remote_user: root
vars:
- package: httpd
- service: httpd
tasks:
- name: install httpd package
yum: name={{package}} state=latest
- name: install configuration file for httpd
template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
tags:
- conf
notify:
- restart httpd
- name: after installed and started service
service: enabled=true name={{service}} state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
roles:
1,目录名同角色名
2,目录结构有固定格式
files:直接复制的静态文件
templates: 模板文件 或jinjia2
tasks:至少有main.yml文件,定义各tasks
hanlder:至少有一个main.yml文件,定义各handlers
vars:至少有一个main.yml文件,定义变量
meta:定义依赖关系等信息
3,site.yml 定义 playbook
实例:
ansible_playbooks/
├── roles
│ ├── dbserver
│ │ ├── files
│ │ │ └── my.cnf
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── meta
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ └── vars
│ └── webserver
│ ├── files
│ │ └── httpd.conf
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ └── vars
│
└── site.yml
site.yaml
- hosts: 192.168.122.7
remote_user: root
roles:
- webserver
- hosts: 192.168.122.9
remote_user: root
roles:
- dbserver
- hosts: 192.168.122.8
remote_user: root
roles:
- webserver
- dbserver
webserver角色
tasks-->main.yml
- name: install httpd package
yum: name=httpd
- name: install configuration file
copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf
tags:
- conf
notify:
- restart httpd
- name: start httpd
service: name=httpd state=started
handlers-->main.yml
- name: restart httpd
service: name=httpd state=restarted
files-->httpd.conf
dbserver角色
tasks-->main.yml
- name: install mysql-server package
yum: name=mariadb state=latest
- name: install configuration file
copy: src=my.cnf dest=/etc/my.cnf
tags:
- myconf
notify:
- restart mariadb
- name: start mariadb
service: name=mariadb enabled=true state=started
handlers-->main.yml
- name: restart mariadb
service: name=mariadb state=restarted
files-->httpd.conf
运行playbook
man ansible-playbook
ansible-playbook site.yml