ip | 主机名 |
---|---|
192.168.174.128 | ansible |
192.168.174.129 | client |
1 安装
[root@ansible ~]#yum install -y epel-release //安装epel扩展源
[root@ansible ~]#yum install -y ansible //安装ansible
##配置免密登陆
[root@ansible ~]# ssh-keygen //生成密钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
fa:59:c3:c4:97:51:4f:89:95:87:18:34:fd:15:f0:5f root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| .+==+=|
| .++=o|
| . oE|
| . o +|
| S o o .|
| . o . |
| . + |
| . o . |
| o |
+-----------------+
[root@ansible ~]# ssh-copy-id 192.168.174.129 //添加密钥到192.168.174.129主机上
The authenticity of host '192.168.174.129 (192.168.174.129)' can't be established.
ECDSA key fingerprint is 72:ce:89:6f:18:10:11:fa:57:a2:ba:fe:23:f1:ad:66.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.174.129's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.174.129'"
and check to make sure that only the key(s) you wanted were added.
[root@ansible ~]# ssh-copy-id 127.0.0.1 //添加密钥到自己的主机上
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@127.0.0.1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '127.0.0.1'"
and check to make sure that only the key(s) you wanted were added.
[root@ansible ~]# grep -Ev "^$|#" /etc/ansible/hosts //配置主机清单
[testhost]
127.0.0.1
192.168.174.129
2 模块使用
命令格式: ansible testhost -m command -a ‘w’ 这里的testhost为主机组名,-m后边是模块名字,-a后面是命令。当然我们也可以直接写一个ip,针对某一台机器来执行命令。
ansible-doc -l 列出所有的模块
ansible-doc cron 查看指定模块的文档
##查看主机名
[root@ansible ~]# ansible 192.168.174.129 -m command -a 'hostname' //指定ip使用
192.168.174.129 | CHANGED | rc=0 >>
client
[root@ansible ~]# ansible testhost -m command -a 'hostname' //指定模块使用
192.168.174.129 | CHANGED | rc=0 >>
client
127.0.0.1 | CHANGED | rc=0 >>
ansible
##拷贝(copy模块)
[root@ansible ~]# ansible testhost -m copy -a "src=/etc/passwd dest=/tmp/passwd" //从src拷贝到dest中
127.0.0.1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "8f3ebea24b1558e6207af80195aa12931d96345f",
"dest": "/tmp/passwd",
"gid": 0,
"group": "root",
"md5sum": "ca8f3327c9a73cb6fd96ba88ec4d18ee",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 1040,
"src": "/root/.ansible/tmp/ansible-tmp-1583074714.27-10075-235705010258721/source",
"state": "file",
"uid": 0
}
192.168.174.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "8f3ebea24b1558e6207af80195aa12931d96345f",
"dest": "/tmp/passwd",
"gid": 0,
"group": "root",
"md5sum": "ca8f3327c9a73cb6fd96ba88ec4d18ee",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 1040,
"src": "/root/.ansible/tmp/ansible-tmp-1583074714.33-10077-246508468819999/source",
"state": "file",
"uid": 0
}
##远程执行脚本(shell模块)
[root@ansible ~]# cat /tmp/test.sh //脚本文件
#!/bin/bash
echo `date > /tmp/ansible_test.txt`
[root@ansible ~]# ansible testhost -m copy -a "src=/tmp/test.sh dest=/opt/test.sh mode=0755" //复制脚本,并赋予0755权限
127.0.0.1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "d244de2bbd61030a2908d277bf0b2e47fcd3e25a",
"dest": "/opt/test.sh",
"gid": 0,
"group": "root",
"md5sum": "a7f883107269effe337d13e720a873c9",
"mode": "0755",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 49,
"src": "/root/.ansible/tmp/ansible-tmp-1583075291.39-10344-5051262086172/source",
"state": "file",
"uid": 0
}
192.168.174.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "d244de2bbd61030a2908d277bf0b2e47fcd3e25a",
"dest": "/opt/test.sh",
"gid": 0,
"group": "root",
"md5sum": "a7f883107269effe337d13e720a873c9",
"mode": "0755",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 49,
"src": "/root/.ansible/tmp/ansible-tmp-1583075291.43-10346-139360040779559/source",
"state": "file",
"uid": 0
}
[root@ansible ~]# ansible testhost -m shell -a "/opt/test.sh" //执行脚本
127.0.0.1 | CHANGED | rc=0 >>
192.168.174.129 | CHANGED | rc=0 >>
[root@ansible ~]# cat /tmp/ansible_test.txt //查看生成文件
Sun Mar 1 10:09:26 EST 2020
[root@client ~]# cat /tmp/ansible_test.txt //查看生成文件,时间有先后,说明不是同时执行
Fri Feb 28 10:10:09 EST 2020
##任务计划模块(cron)
[root@ansible ~]# ansible testhost -m cron -a "name='test cron' job='/bin/touch /tmp/test1.txt' weekday=6" //创建任务计划
192.168.174.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
127.0.0.1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
[root@ansible ~]# crontab -l //查看任务计划
#Ansible: test cron
* * * * 6 /bin/touch /tmp/test1.txt
[root@client ~]# crontab -l //查看任务计划
#Ansible: test cron
* * * * 6 /bin/touch /tmp/test1.txt
其他的时间表示:分钟 minute 小时 hour 日期 day 月份 month
[root@ansible ~]# ansible testhost -m cron -a "name='test cron' state=absent" //删除任务计划 state=absent
127.0.0.1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
192.168.174.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
##yum模块的使用
[root@ansible ~]# ansible testhost -m yum -a "name=vim" //在testhost主机清单中的主机安装vim
##service模块
[root@ansible ~]# ansible testhost -m service -a "name=firewalld state=stopped enabled=false" //关闭防火墙,并关闭开机自启