目录
Ansible简介
什么是Ansible
- 批量管理主机软件
安装Ansible以及免密
- 2台,centos6或centos7
- 管理节点:192.168.72.4(A)
- 被管理节点:192.168.72.5(B)
- ansible的安装包在epel源中
在管理节点和被管理节点上安装ansible(AB)
阿里云:https://developer.aliyun.com/mirror/
在centos6上操作
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# rm -rf epel*
[root@localhost yum.repos.d]# yum -y install wget
[root@localhost yum.repos.d]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
[root@localhost yum.repos.d]# yum clean all
[root@localhost yum.repos.d]# yum -y install ansible
# 1)在管理节点,生成密钥对
[root@localhost yum.repos.d]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:lSFZHJ76dV4U1+/Md/eIwIHUzLlpc9HYbzvDehE2/jE root@1
The key's randomart image is:
+---[RSA 2048]----+
| .B+o + .o|
| oo*+o o +|
| . .=o . .o|
| .o* . =+|
| So +. ===|
| .o. o EB|
| .. .o.%|
| ....o|
| . |
+----[SHA256]-----+
# 2)将公钥文件发送到被管理节点
[root@localhost yum.repos.d]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.72.4
[root@localhost yum.repos.d]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.72.5
在centos7上操作
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# rm -rf epel*
[root@localhost yum.repos.d]# yum -y install wget
[root@localhost yum.repos.d]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@localhost yum.repos.d]# yum clean all
[root@localhost yum.repos.d]# yum -y install ansible
#也可以不用以上的下载 直接安装epel-release
[root@localhost ~]# yum -y install epel-release
[root@localhost ~]# yum -y install ansible
# 1)在管理节点,生成密钥对
[root@localhost yum.repos.d]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:lSFZHJ76dV4U1+/Md/eIwIHUzLlpc9HYbzvDehE2/jE root@1
The key's randomart image is:
+---[RSA 2048]----+
| .B+o + .o|
| oo*+o o +|
| . .=o . .o|
| .o* . =+|
| So +. ===|
| .o. o EB|
| .. .o.%|
| ....o|
| . |
+----[SHA256]-----+
# 2)将公钥文件发送到被管理节点
[root@localhost yum.repos.d]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.72.4
[root@localhost yum.repos.d]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.72.5
Ansible的简单使用
-
/etc/ansible/ansible.cfg:ansible的主配置文件
- 禁用查看指纹信息:host_key_checking = False
-
/etc/ansible/hosts:被管理主机清单文件
- 定义被管理节点的地址列表
- 主机数量多,需要定义主机组
修改主机清单文件
A上执行
[root@localhost ~]# vim /etc/ansible/hosts
[myserver]
192.168.31.64
192.168.31.65
检查被管理节点是否在线
A上执行
[root@localhost ~]# ansible myserver -m ping
192.168.72.5 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.72.4 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@localhost ~]#
在被管理节点安装apache
[root@localhost ~]# ansible myserver -a "yum -y install httpd"
[root@localhost ~]# ansible myserver -a "rpm -q httpd"
关闭被管理节点的防火墙和selinux
centos6
[root@localhost ~]# ansible myserver -a "service iptables stop"
[root@localhost ~]# ansible myserver -a "setenforce 0"
centos7
[root@localhost ~]# ansible myserver -a "systemctl stop firewalld"
[root@localhost ~]# ansible myserver -a "setenforce 0"
第一步:安装ansible
- 安装epel源
- 安装ansible
第二步:配置ansible - 定义主机清单文件
- 修改ansible的配置文件
- 做免密认证
第三步:使用ansible - 通过ansible来控制远程主机