Ansible
1. 主机规划
IP
主机名
节点
192.168.237.162
ansible-test1
主机
192.168.237.163
ansible-test2
从机
2. Ansible安装
2.1 ansible-test环境准备
[ root@ansible- test1 ~ ] # systemctl stop firewalld
[ root@ansible- test1 ~ ] # systemctl disable firewalld
Removed symlink / etc/ systemd/ system/ dbus- org. fedoraprojecvit. FirewallD1. service.
Removed symlink / etc/ systemd/ system/ basic. target. wants/ firewalld. service.
[ root@ansible- test1 ~ ] # setenforce 0
[ root@ansible- test1 ~ ] # cat / etc/ selinux/ config
…
# disabled - No SELinux policy is loaded.
SELINUX= disabled
# SELINUXTYPE= can take one of three two values:
…
[ root@ansible- test1 ~ ] # cat / etc/ hosts
127.0 .0 .1 localhost localhost. localdomain localhost4 localhost4. localdomain4
:: 1 localhost localhost. localdomain localhost6 localhost6. localdomain6
192.168 .237 .162 ansible- test1
192.168 .237 .163 ansible- test2
2.2 安装Ansible
[ root@ansible- test1 ~ ] # yum install epel- release - y
[ root@ansible- test1 ~ ] # yum install - y ansible
[ root@ansible- test1 ~ ] # ansible -- version
ansible 2.9 .10
config file = / etc/ ansible/ ansible. cfg
configured module search path = [ u'/root/.ansible/plugins/modules' , u'/ usr/ share/ ansible/ plugins/ modules']
ansible python module location = / usr/ lib/ python2. 7 / site- packages/ ansible
executable location = / usr/ bin/ ansible
python version = 2.7 .5 ( default , Nov 20 2015 , 02 : 00 : 19 ) [ GCC 4.8 .5 20150623 ( Red Hat 4.8 .5 - 4 ) ]
2.3 免密配置
[ root@ansible- test1 ~ ] # ssh- keygen - t rsa
Generating public/ private rsa key pair.
Enter file in which to save the key ( / root/ . ssh/ id_rsa) :
Created directory '/root/.ssh' .
Enter passphrase ( empty for no passphrase) :
Enter same passphrase again:
Your identification has been saved in / root/ . ssh/ id_rsa.
Your public key has been saved in / root/ . ssh/ id_rsa. pub.
The key fingerprint is:
0 a: 47 : 86 : 44 : 83 : a2: 7 c: c3: 0 c: 1 b: 33 : 1 c: 03 : 88 : 0 c: 09 root@ansible- test1
The key's randomart image is:
+ -- [ RSA 2048 ] -- -- +
| E+ . o+ |
|= Bo. o |
| o. O . o |
| . o = o |
| . o . S |
| o . |
| . |
| |
| |
+ -- -- -- -- -- -- -- -- - +
[ root@ansible- test1 ~ ] # ssh- copy- id 192.168 .237 .163
The authenticity of host '192.168.2.20 (192.168.2.20)' can't be established.
ECDSA key fingerprint is dc: a5: 08 : 4 d: 9 a: 40 : 8 a: be: ee: 68 : dd: 41 : 61 : 7 d: d7: 05.
Are you sure you want to continue connecting ( yes/ no) ? yes
/ usr/ bin/ ssh- copy- id: INFO: attempting to log in with the new key ( s) , to filter out any that are already installed
/ usr/ bin/ ssh- copy- id: INFO: 1 key ( s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168 .237 .163 's password:
Number of key ( s) added: 1
Now try logging into the machine, with: "ssh '192.168.2.20'"
and check to make sure that only the key ( s) you wanted were added.
[ root@ansible- test1 ~ ] # ssh 192.168 .237 .163
Last login: Sat Oct 8 10 : 27 : 48 2022 from 192.168 .237 .1
[ root@ansible- test2 ~ ] # 登出
Connection to 192.168 .237 .163 closed.
2.4 主机组设置
[ root@ansible- test1 ~ ] # vi / etc/ ansible/ hosts
在文件最后添加
[ testhost]
127.0 .0 .1 ansible_ssh_port= 22 ansible_ssh_user= root ansible_ssh_pass= 123456
192.168 .237 .163
2.5 Ansible远程执行命令
[ root@ansible- test1 ~ ] # ansible testhost - m command - a "hostname"
192.168 .237 .163 | CHANGED | rc= 0 >>
ansible- test2
127.0 .0 .1 | CHANGED | rc= 0 >>
ansible- test1
[ root@ansible- test1 ~ ] # ansible 192.168 .237 .163 - m command - a "hostname"
192.168 .237 .163 | CHANGED | rc= 0 >>
ansible- test2
2.6 Ansible拷贝文件或目录
[ root@ansible- test1 ~ ] # ansible 192.168 .237 .163 - m copy - a "src= / etc/ passwd
> dest= / tmp/ 123 "^ C
192.168 .237 .163 | CHANGED = > {
"ansible_facts" : {
"discovered_interpreter_python" : "/usr/bin/python"
} ,
"changed" : true,
"checksum" : "e628e77a8fbf6a980df0fc025d8530886da0ab86" ,
"dest" : "/tmp/123^C" ,
"gid" : 0 ,
"group" : "root" ,
"md5sum" : "62508ff337e1551d5d36c67ad6a28d27" ,
"mode" : "0644" ,
"owner" : "root" ,
"secontext" : "unconfined_u:object_r:admin_home_t:s0" ,
"size" : 899 ,
"src" : "/root/.ansible/tmp/ansible-tmp-1665199261.75-3530-125987653052387/source" ,
"state" : "file" ,
"uid" : 0
}
[ root@ansible- test1 ~ ] #
2.7 Ansible远程执行脚本
[ root@ansible- test1 ~ ] # cat / tmp/ test. sh
#! / bin/ bash
echo `date` > / tmp/ ansible_test. txt
[ root@ansible- test1 ~ ] # ansible testhost - m copy - a "src= / tmp/ test. sh
> dest= / tmp/ test. sh
> mode= 0755 "
127.0 .0 .1 | SUCCESS = > {
"ansible_facts" : {
"discovered_interpreter_python" : "/usr/bin/python"
} ,
"changed" : false,
"checksum" : "1a6e4af02dba1bda6fc8e23031d4447efeba0ade" ,
"dest" : "/tmp/test.sh" ,
"gid" : 0 ,
"group" : "root" ,
"mode" : "0755" ,
"owner" : "root" ,
"path" : "/tmp/test.sh" ,
"secontext" : "unconfined_u:object_r:user_tmp_t:s0" ,
"size" : 48 ,
"state" : "file" ,
"uid" : 0
}
192.168 .237 .163 | SUCCESS = > {
"ansible_facts" : {
"discovered_interpreter_python" : "/usr/bin/python"
} ,
"changed" : false,
"checksum" : "1a6e4af02dba1bda6fc8e23031d4447efeba0ade" ,
"dest" : "/tmp/test.sh" ,
"gid" : 0 ,
"group" : "root" ,
"mode" : "0755" ,
"owner" : "root" ,
"path" : "/tmp/test.sh" ,
"secontext" : "unconfined_u:object_r:admin_home_t:s0" ,
"size" : 48 ,
"state" : "file" ,
"uid" : 0
}
[ root@ansible- test1 ~ ] # ansible testhost - m shell - a "cat /etc/passwd |wc -l "
192.168 .237 .163 | CHANGED | rc= 0 >>
20
127.0 .0 .1 | CHANGED | rc= 0 >>
20
[ root@ansible- test1 ~ ] # cat / tmp/ ansible_test. txt
2022 年 10 月 08 日 星期六 10 : 54 : 04 CST
2.8 Ansible管理任务计划
[ root@ansible- test1 ~ ] # ansible testhost - m cron - a "name= 'test cron'
> job= '/ bin/ bash
> / tmp/ test. sh' weekday= 6 "
192.168 .237 .163 | FAILED! = > {
"ansible_facts" : {
"discovered_interpreter_python" : "/usr/bin/python"
} ,
"changed" : false,
"msg" : "\"/tmp/crontabgYSMXH\":3: bad minute\nerrors in crontab file, can't install.\n"
}
127.0 .0 .1 | FAILED! = > {
"ansible_facts" : {
"discovered_interpreter_python" : "/usr/bin/python"
} ,
"changed" : false,
"msg" : "\"/tmp/crontabFa3Xur\":3: bad minute\nerrors in crontab file, can't install.\n"
}
[ root@ansible- test1 ~ ] # ansible testhost - m cron - a "name= 'test cron'
> state= absent"
192.168 .237 .163 | SUCCESS = > {
"ansible_facts" : {
"discovered_interpreter_python" : "/usr/bin/python"
} ,
"changed" : false,
"envs" : [ ] ,
"jobs" : [ ]
}
127.0 .0 .1 | SUCCESS = > {
"ansible_facts" : {
"discovered_interpreter_python" : "/usr/bin/python"
} ,
"changed" : false,
"envs" : [ ] ,
"jobs" : [ ]
}
2.9 Ansible安装RPM包/管理服务
[ root@ansible- test1 ~ ] # ansible testhost - m yum - a "name=httpd"
192.168 .237 .163 | SUCCESS = > {
"ansible_facts" : {
"discovered_interpreter_python" : "/usr/bin/python"
} ,
"changed" : false,
"msg" : "" ,
"rc" : 0 ,
"results" : [
"httpd-2.4.6-97.el7.centos.5.x86_64 providing httpd is already installed"
]
}
127.0 .0 .1 | SUCCESS = > {
"ansible_facts" : {
"discovered_interpreter_python" : "/usr/bin/python"
} ,
"changed" : false,
"msg" : "" ,
"rc" : 0 ,
"results" : [
"httpd-2.4.6-97.el7.centos.5.x86_64 providing httpd is already installed"
]
}
> 这里的name是CentOS系统里的服务名,可以通过chkconfig –list命令查到
[ root@ansible- test1 ~ ] # ansible testhost - m service - a "name= httpd state= started
> enabled= yes"
192.168 .237 .163 | SUCCESS = > {
"ansible_facts" : {
"discovered_interpreter_python" : "/usr/bin/python"
} ,
"changed" : false,
"enabled" : true,
"name" : "httpd" ,
"state" : "started" ,
"status" : {
"ActiveEnterTimestamp" : "六 2022-10-08 10:56:53 CST" ,
"ActiveEnterTimestampMonotonic" : "1789797574" ,
"ActiveExitTimestampMonotonic" : "0" ,
"ActiveState" : "active" ,
"After" : "systemd-journald.socket basic.target -.mount remote-fs.target network.target tmp.mount nss-lookup.target system.slice"