三、Ansible 安装和入门
3.1 Ansible 安装
ansible安装方法有多种
3.1.1 EPEl源的rpm包安装
yum -y install ansible
3.1.2 编译安装
yum -y install python-jinja2 PyYAML python-paramiko python-babe1 python-crypto
tar xf ansible-1.5.4.tar.gz
cd ansible-1.5.4
python setup.py build
python setup.py install
mkdir /etc/ansible
cp -r examples/* /etc/ansible
3.1.3 Git方式
git clone git:/github.com/ansible/ansible.git --recursive
cd ./ansible
source ./hacking/env-setup
3.1.4 pip 安装
pip是安装Python包的管理器,类似yum
yum -y install python-pip python-devel
yum -y install gcc glibc-devel zibl-devel rpm-build openssl-devel
pip install --upgrade pip
pip install ansible --upgrade
3.1.5 确认安装
ansible --version
[root@hdss7-11 ~]# ansible --version
ansible 2.9.23
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
一些查看目前centOS上面的都有哪些ansible版本的命令
yum -y install dnf
dnf info ansible ##可看出最新的是2.9.23
[root@hdss7-11 ~]# dnf info ansible
Repository base is listed more than once in the configuration
Docker CE Stable - x86_64 27 kB/s | 34 kB 00:01
Extra Packages for Enterprise Linux 7 - x86_64 4.4 MB/s | 17 MB 00:03
CentOS-7 - Base 3.9 MB/s | 10 MB 00:02
CentOS-7 - Updates 3.9 MB/s | 11 MB 00:02
CentOS-7 - Extras 760 kB/s | 292 kB 00:00
可安装的软件包
名称 : ansible
版本 : 2.9.23
发布 : 1.el7
架构 : noarch
大小 : 17 M
源 : ansible-2.9.23-1.el7.src.rpm
仓库 : epel
小结 : SSH-based configuration management, deployment, and task execution system
URL : http://ansible.com
协议 : GPLv3+
描述 : Ansible is a radically simple model-driven configuration management,
: multi-node deployment, and remote task execution system. Ansible works
: over SSH and does not require any software or daemons to be installed
: on remote nodes. Extension modules can be written in any language and
: are transferred to managed machines automatically.
3.2 Ansible 相关文件
查看相关的ansible的文件
[root@hdss7-11 ~]# rpm -ql ansible |less
/etc/ansible
/etc/ansible/ansible.cfg ##配置文件
/etc/ansible/hosts
/etc/ansible/roles
/usr/bin/ansible
/usr/bin/ansible-2
/usr/bin/ansible-2.7
/usr/bin/ansible-config
/usr/bin/ansible-connection
/usr/bin/ansible-console
/usr/bin/ansible-console-2
/usr/bin/ansible-console-2.7
/usr/bin/ansible-doc
/usr/bin/ansible-doc-2
/usr/bin/ansible-doc-2.7
/usr/bin/ansible-galaxy
/usr/bin/ansible-galaxy-2
/usr/bin/ansible-galaxy-2.7
/usr/bin/ansible-inventory
/usr/bin/ansible-playbook
/usr/bin/ansible-playbook-2
/usr/bin/ansible-playbook-2.7
/usr/bin/ansible-pull
/usr/bin/ansible-pull-2
/usr/bin/ansible-pull-2.7
/usr/bin/ansible-vault
/usr/bin/ansible-vault-2
/usr/bin/ansible-vault-2.7
/usr/lib/python2.7/site-packages/ansible
/usr/lib/python2.7/site-packages/ansible-2.9.23-py2.7.egg-info
/usr/lib/python2.7/site-packages/ansible-2.9.23-py2.7.egg-info/PKG-INFO
/usr/lib/python2.7/site-packages/ansible-2.9.23-py2.7.egg-info/SOURCES.txt
/usr/lib/python2.7/site-packages/ansible-2.9.23-py2.7.egg-info/dependency_links.txt
/usr/lib/python2.7/site-packages/ansible-2.9.23-py2.7.egg-info/not-zip-safe
/usr/lib/python2.7/site-packages/ansible-2.9.23-py2.7.egg-info/requires.txt
/usr/lib/python2.7/site-packages/ansible-2.9.23-py2.7.egg-info/top_level.txt
/usr/lib/python2.7/site-packages/ansible/__init__.py
/usr/lib/python2.7/site-packages/ansible/__init__.pyc
/usr/lib/python2.7/site-packages/ansible/__init__.pyo
ansible是是一个服务是没有service文件的,它就是一个管理工具,完成后就退出了,它是使用ssh协助走22端口
安装好后在/usr/bin/下面有ansible大量的工具
[root@hdss7-11 ~]# ll /usr/bin/ansible*
lrwxrwxrwx. 1 root root 20 8月 10 20:44 /usr/bin/ansible -> /usr/bin/ansible-2.7
lrwxrwxrwx. 1 root root 20 8月 10 20:44 /usr/bin/ansible-2 -> /usr/bin/ansible-2.7
-rwxr-xr-x. 1 root root 5933 6月 23 08:11 /usr/bin/ansible-2.7
lrwxrwxrwx. 1 root root 7 8月 10 20:44 /usr/bin/ansible-config -> ansible
-rwxr-xr-x. 1 root root 12914 6月 23 08:11 /usr/bin/ansible-connection
lrwxrwxrwx. 1 root root 28 8月 10 20:44 /usr/bin/ansible-console -> /usr/bin/ansible-console-2.7
lrwxrwxrwx. 1 root root 28 8月 10 20:44 /usr/bin/ansible-console-2 -> /usr/bin/ansible-console-2.7
lrwxrwxrwx. 1 root root 7 8月 10 20:44 /usr/bin/ansible-console-2.7 -> ansible
lrwxrwxrwx. 1 root root 24 8月 10 20:44 /usr/bin/ansible-doc -> /usr/bin/ansible-doc-2.7
lrwxrwxrwx. 1 root root 24 8月 10 20:44 /usr/bin/ansible-doc-2 -> /usr/bin/ansible-doc-2.7
lrwxrwxrwx. 1 root root 7 8月 10 20:44 /usr/bin/ansible-doc-2.7 -> ansible
lrwxrwxrwx. 1 root root 27 8月 10 20:44 /usr/bin/ansible-galaxy -> /usr/bin/ansible-galaxy-2.7
lrwxrwxrwx. 1 root root 27 8月 10 20:44 /usr/bin/ansible-galaxy-2 -> /usr/bin/ansible-galaxy-2.7
lrwxrwxrwx. 1 root root 7 8月 10 20:44 /usr/bin/ansible-galaxy-2.7 -> ansible
lrwxrwxrwx. 1 root root 7 8月 10 20:44 /usr/bin/ansible-inventory -> ansible
lrwxrwxrwx. 1 root root 29 8月 10 20:44 /usr/bin/ansible-playbook -> /usr/bin/ansible-playbook-2.7
lrwxrwxrwx. 1 root root 29 8月 10 20:44 /usr/bin/ansible-playbook-2 -> /usr/bin/ansible-playbook-2.7
lrwxrwxrwx. 1 root root 7 8月 10 20:44 /usr/bin/ansible-playbook-2.7 -> ansible
lrwxrwxrwx. 1 root root 25 8月 10 20:44 /usr/bin/ansible-pull -> /usr/bin/ansible-pull-2.7
lrwxrwxrwx. 1 root root 25 8月 10 20:44 /usr/bin/ansible-pull-2 -> /usr/bin/ansible-pull-2.7
lrwxrwxrwx. 1 root root 7 8月 10 20:44 /usr/bin/ansible-pull-2.7 -> ansible
lrwxrwxrwx. 1 root root 26 8月 10 20:44 /usr/bin/ansible-vault -> /usr/bin/ansible-vault-2.7
lrwxrwxrwx. 1 root root 26 8月 10 20:44 /usr/bin/ansible-vault-2 -> /usr/bin/ansible-vault-2.7
lrwxrwxrwx. 1 root root 7 8月 10 20:44 /usr/bin/ansible-vault-2.7 -> ansible
[root@hdss7-11 ~]#
其中可以看到ansible是通过poython写的.。所以你可以自己去更改为自己想要的目的,所以python是可以做二次研发的
[root@hdss7-11 ~]# file /usr/bin/ansible
/usr/bin/ansible: symbolic link to `/usr/bin/ansible-2.7'
[root@hdss7-11 ~]#
[root@hdss7-11 ~]# vim /usr/bin/ansible
#!/usr/bin/python2 可以看到python2
# -*- coding: utf-8 -*-
# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
#
# This file is part of Ansible
3.2.1 配置文件
- /etc/ansible/ansible.cfg 主配置文件,配置ansible工作特性
- /etc/ansible/hosts 主机清单
- /etc/ansible/roles 存放角色的目录
3.2.2 ansible 主配置文件
Ansible 的配置文件/etc/ansible/ansible.cfg 其中大部分的配置内容无需进行修改
vi /etc/ansible/ansible.cfg
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts ## 主机清单配置文件
#library = /usr/share/my_modules/ ##库文件存放目录
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp ## 临时py命令文件存放在远程主机目录
#local_tmp = ~/.ansible/tmp ## 本机临时命令执行目录
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5 # 默认并发数
#poll_interval = 15
#sudo_user = root # 默认sudo用户
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False # 检查对应服务器的host_key,建议取消注释
#log_path = /var/log/ansible.log ## 日志文件,建议启用
#module_name = command # 默认模块,可以修改shell模块
下面我们先去把日志文件启动起来
vi /etc/ansible/ansible.cfg
3.2.3 主机清单文件
ansible的主要功用在于批量主机操作,为了便捷地使用其中的部分主机,可以在inventory file中将其分组命令默认的inventory file为’/etc/ansible/hosts
inventory file可以有多个,且也可以通过Dynamic inventory来动态生成
主机清单文件格式
inventory文件遵循INI文件风格,中括号中的符号为组名,可以将同一个主机同时并到多个不同的组中
此外,当如若目标主机使用了非默认的SSH端口,还可以在主机名称之后使用冒号加端口号来标明
如果主机名称遵循相似的命令模式,还可以使用列表的方式标识各主机
范例
————————
目前的规划如下
10.4.7.11为主控端 10.4.7.12 、10.4.7.21、10.4.7.22为被控端
vi /etc/ansible/hosts
尾行添加下面内容
[websrvs]
10.4.7.[21:22]
[dbsrvs]
10.4.7.22
[appsrvs]
10.4.7.12
10.4.7.21
10.4.7.22
3.3 Ansible相关工具
- /usr/bin/ansible 主程序,临时命令执行工具
- /usr/bin/ansbile-doc 查看配置文档,模块功能查看工具
- /usr/bin/ansible-galaxy 下载/上传优秀代码或Roles模块的官网平台
- /usr/bin/ansible-playbook 定制自动化任务,编排剧本工具
- /usr/bin/ansible-pull 远程执行命令的工具
- /usr/bin/ansible-vault 文件加密工具
- /usr/bin/ansible-console 基于Console界面与用户交互的执行工具
利用ansible实现管理的主要方式
- Ad-Hoc 即利用ansible命令,主要用于临时命令使用场景
- Ansible-playbook 主要用于长期规划好的,大型项目的场景,需要有前期的规划过程
3.3.1 ansible-doc
此工具用来显示模块帮助
查了看目前有多少个目录
[root@hdss7-11 ~]# ansible-doc
[root@hdss7-11 ~]# ansible-doc -l |wc -l
3387
范例
——————
[root@hdss7-11 ~]# ansible-doc -l |grep ping
win_ping A windows version of the classic ping module
postgresql_ping Check remote PostgreSQL server availability
lambda_event Creates, updates or deletes AWS Lambda function event mappings
net_ping Tests reachability using ping from a network device
ping Try to connect to host, verify a usable python and return `pong' on success
fortios_system_switch_interface Configure software switch interfaces by grouping physical and WiFi interfaces in Fortinet's FortiO...
ibm_sa_vol_map Handles volume mapping on IBM Spectrum Accelerate Family storage systems
selogin Manages linux user to SELinux user mapping
pingdom Pause/unpause Pingdom alerts
fortios_firewall_shaping_profile Configure shaping profiles in Fortinet's FortiOS and FortiGate
nxos_igmp_snooping Manages IGMP snooping global configuration
sefcontext Manages SELinux file context mapping definitions
fortios_system_geoip_override Configure geographical location mapping for IP address(es) to override mappings from FortiGuard in...
fortios_firewall_shaping_policy Configure shaping policies in Fortinet's FortiOS and FortiGate
pn_igmp_snooping CLI command to modify igmp-snooping
nxos_ping Tests reachability using ping from Nexus switch
junos_ping Tests reachability using ping from devices running Juniper JUNOS
fortios_switch_controller_igmp_snooping Configure FortiSwitch IGMP snooping global settings in Fortinet's FortiOS and FortiGate
icx_ping Tests reachability using ping from Ruckus ICX 7000 series switches
ios_ping Tests reachability using ping from Cisco IOS network devices
vyos_ping Tests reachability using ping from VyOS network devices
netapp_e_lun_mapping NetApp E-Series create, delete, or modify lun mappings
详细看ping的用法的命令
[root@hdss7-11 ~]# ansible-doc ping
看帮助简单的看加-s
[root@hdss7-11 ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
ping:
data: # Data to return for the `ping' return value. If this parameter is set to `crash', the module will cause an exception.
3.3.2 ansible
此工具通过ssh协议,实现对远程主机的配置管理,应用部署,任务执行等功能
建议:使用此工具前,先配置ansible主控端能基于密钥认证的方式连接各个被管理节点
范例:利用sshpass批量实现基于key验证
ssh-keygen -f /root/.ssh/id_rsa -P ' '
NET=192.168.100
export SSHPASS=magedu
for IP in {1.200};do
sshpass -e ssh-copy-id $NET.$IP
done
格式
(ansible 主机清单 模块名 参数)
ansible <host-pattern> [-m module_name] [-a args]
说明
--version #显示版本
-m module #指定模块,默认为command
-v #详细过程,--vv --vvv更详细
--list-hosts #显示主机列表,可以简写 --list
-k , --ask-pass #提示ssh连接密码,默认key验证
-C , --check #检查,并不执行
-T , --timeout=TIMEOUT #执行命令的超时时间,默认为10s
-u ,--user= REMOTE_USER #执行远程执行的用户
-b , --become #代替旧版的sudo切换
--become-user=USERNAME #指定sudo的runas用户,默认为root
-K , --ask-bacome-pass #提示输入sudo时的口令
ansible的Host-pattern
用于匹配被控制的主机的列表
All : 表示所有lnventory中的所有主机
范例
————————
更改配合文件让ansible连接别的主机免敲yes
[root@hdss7-11 ~]# vim /etc/ansible/ansible.cfg
[root@hdss7-11 ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
ping:
data: # Data to return for the `ping' return value. If this parameter is set to `crash', the module will cause an exception.
[root@hdss7-11 ~]# ^C
[root@hdss7-11 ~]# ansible all -m ping
10.4.7.22 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
10.4.7.12 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
10.4.7.21 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
[root@hdss7-11 ~]# vim /etc/ansible/ansible.cfg
[root@hdss7-11 ~]# ^C
[root@hdss7-11 ~]# ansible all -k -m ping
SSH password:
10.4.7.22 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.4.7.12 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.4.7.21 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
-k 的时候被管理的主机密码都是必须一样的,这样的机制不方便
做免交互
[root@hdss7-11 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:SJ8QdlynZUk/9uuRcssXaXvsyNmxsp7lGpUiAMQH30o root@hdss7-11.host.com
The key's randomart image is:
+---[RSA 2048]----+
| ==o...=. |
| . ++..=.. |
| o .E.. + |
| . +..o . o.|
| . S. . . oo|
| . o+o|
| o.Oo|
| oX=O|
| .=BB=|
+----[SHA256]-----+
[root@hdss7-11 ~]# ssh-copy-id 10.4.7.12
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.4.7.12's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.4.7.12'"
and check to make sure that only the key(s) you wanted were added.
[root@hdss7-11 ~]# ssh-copy-id 10.4.7.21
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.4.7.21's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.4.7.21'"
and check to make sure that only the key(s) you wanted were added.
[root@hdss7-11 ~]# ssh-copy-id 10.4.7.22
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.4.7.22's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.4.7.22'"
and check to make sure that only the key(s) you wanted were added.
这个时候就不用-k了
查看管理的主机都是那些
[root@hdss7-11 ~]# ansible all --list-hosts
hosts (3):
10.4.7.12
10.4.7.21
10.4.7.22
[root@hdss7-11 ~]#
[root@hdss7-11 ~]# ansible websrvs --list-hosts
hosts (2):
10.4.7.21
10.4.7.22
在学习一个命令查看用户
[root@hdss7-11 ~]# getent passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
[root@hdss7-11 ~]# ansible all -u lai -m ping
10.4.7.12 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
10.4.7.22 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
10.4.7.21 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
[root@hdss7-11 ~]# ansible all -u lai -k -m ping
SSH password:
10.4.7.22 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.4.7.12 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.4.7.21 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
上面是用-u指定用户去操作
支持通配符的写法
[root@hdss7-11 ~]# ansible "*" --list-hosts
hosts (3):
10.4.7.12
10.4.7.21
10.4.7.22
也可以写地址段去连接
[root@hdss7-11 ~]# ansible 10.4.7.* --list-hosts
hosts (3):
10.4.7.21
10.4.7.12
10.4.7.22
也可以用冒号去分开写地址段 冒号表示的或的关系 或者用与
[root@hdss7-11 ~]# ansible "10.4.7.21:10.4.7.22" -m ping
[root@hdss7-11 ~]# ansible websrvs --list
hosts (2):
10.4.7.21
10.4.7.22
[root@hdss7-11 ~]# ansible dbsrvs --list
hosts (1):
10.4.7.22
[root@hdss7-11 ~]# ansible "websrvs:&dbsrvs" -m ping
10.4.7.22 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@hdss7-11 ~]#
或者用非的关系
[root@hdss7-11 ~]# ansible 'websrvs:!dbsrvs' -m ping
10.4.7.21 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
或者用正则表达式的发法
[root@hdss7-11 ~]# ansible "~(web|db)" -m ping
[root@hdss7-11 ~]# ansible "~(web|db)srvs" -m ping
ansible 命令执行过程
详细的看ansible执行过程的命令需要加-v
如下
[root@hdss7-11 ~]# ansible "~(web|db)srvs" -m ping
10.4.7.22 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.4.7.21 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@hdss7-11 ~]# ^C
[root@hdss7-11 ~]# ansible "~(web|db)srvs" -v -m ping
Using /etc/ansible/ansible.cfg as config file
10.4.7.22 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.4.7.21 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@hdss7-11 ~]# ansible "~(web|db)srvs" -vv -m ping
ansible 2.9.23
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Using /etc/ansible/ansible.cfg as config file
Skipping callback 'actionable', as we already have a stdout callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Skipping callback 'json', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'null', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Skipping callback 'selective', as we already have a stdout callback.
Skipping callback 'skippy', as we already have a stdout callback.
Skipping callback 'stderr', as we already have a stdout callback.
Skipping callback 'unixy', as we already have a stdout callback.
Skipping callback 'yaml', as we already have a stdout callback.
META: ran handlers
10.4.7.22 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.4.7.21 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
META: ran handlers
META: ran handlers
关于ansible执行结果后的不同颜色
绿色的 --------不进行修改只是查看往往成功了是绿色的
黄色的----------进行修改成功了往往是黄色的
红色的--------执行失败
当然也可以是自己去配置文件中定义
[root@hdss7-11 ~]# vi /etc/ansible/ansible.cfg
ansible 使用范例
3.3.3 ansible-galaxy
此工具会连接https://galaxy.ansible.com/下载相应的roles
范例
下面是下载文件后同时解压缩,解压到了那个目录下
[root@hdss7-11 mysql]# ansible-galaxy install geerlingguy.mysql - downloading role 'mysql', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-mysql/archive/3 .3.2.tar.gz
- extracting geerlingguy.mysql to /root/.ansible/roles/geerlingguy.mysql
- geerlingguy.mysql (3.3.2) was installed successfully
可以看出目录下有没有
这些就是一大堆目录的集合就是yaml每一个相对与一个脚本
[root@hdss7-11 mysql]# tree /root/.ansible/roles/geerlingguy.mysql
/root/.ansible/roles/geerlingguy.mysql
├── defaults
│ └── main.yml
├── handlers
│ └── main.yml
├── LICENSE
├── meta
│ └── main.yml
├── molecule
│ └── default
│ ├── converge.yml
│ └── molecule.yml
├── README.md
├── tasks
│ ├── configure.yml
│ ├── databases.yml
│ ├── main.yml
│ ├── replication.yml
│ ├── secure-installation.yml
│ ├── setup-Archlinux.yml
│ ├── setup-Debian.yml
│ ├── setup-RedHat.yml
│ ├── users.yml
│ └── variables.yml
├── templates
│ ├── my.cnf.j2
│ ├── root-my.cnf.j2
│ └── user-my.cnf.j2
└── vars
├── Archlinux.yml
├── Debian-10.yml
├── Debian.yml
├── RedHat-7.yml
└── RedHat-8.yml
8 directories, 25 files
存放角色的目录有很多个,你可以复制其中的一个
[root@hdss7-11 defaults]# ansible-galaxy list
# /root/.ansible/roles
- geerlingguy.mysql, 3.3.2
# /usr/share/ansible/roles
# /etc/ansible/roles
[root@hdss7-11 defaults]#
多复制一个
[root@hdss7-11 defaults]# ansible-galaxy list
# /root/.ansible/roles
- geerlingguy.mysql, 3.3.2
# /usr/share/ansible/roles
# /etc/ansible/roles
[root@hdss7-11 defaults]# ^C
[root@hdss7-11 defaults]# cd /root/.ansible/roles
[root@hdss7-11 roles]# ls
geerlingguy.mysql
[root@hdss7-11 roles]# cp -a geerlingguy.mysql/ lai.mysql
[root@hdss7-11 roles]# cd
[root@hdss7-11 ~]# ansible-galaxy list
# /root/.ansible/roles
- geerlingguy.mysql, 3.3.2
- lai.mysql, 3.3.2
# /usr/share/ansible/roles
# /etc/ansible/roles
删除角色
[root@hdss7-11 ~]# ansible-galaxy remove lai.mysql
- successfully removed lai.mysql
[root@hdss7-11 ~]# ansible-galaxy list
# /root/.ansible/roles
- geerlingguy.mysql, 3.3.2
# /usr/share/ansible/roles
# /etc/ansible/roles