目录
3 增加端口 ansible_ssh_port='2222'
5. 子分组 (将不同的分组进行组合) [webserver:children]
6.可自定义主机列表 ansible -i hostlist dockers -m ping -o (hostlist:当前路径下的文件名 docket主机组)
2.用户模块 user state=present/absent append=yes
一.ansible简介:
实现了批量系统配置、批量程序部署、批量运行命令等功能。无客户端。
二.ansible部署:
ansible服务器:192.168.31.153
ansible客户机:192.168.31.154 192.168.31.155 192.168.31.156 192.168.31.157
ansible服务器:域名解析 vim /etc/hosts
192.168.31.153 ansible 192.168.31.154 host1 192.168.31.155 host2 192.168.31.156 host3 192.168.31.157 host4
ansible客户机无需操作
安装ansible
ansible服务器:
1.安装epel源,使用下方阿里YUM
rm -rf /etc/yum.repos.d/* wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
2.安装ansible
yum install -y ansible
3.查看ansible配置
列出所有文件 rpm -ql ansible
查看配置文件 rpm-qc ansible
查看ansible帮助 ansible --help
看所有模块 ansible-doc -l(l也可是具体模块)
三.ssh-key(可选)
免密码ssh-key的方式:
ssh-keygen ssh-copy-id IP地址
此时只做了host1的密钥传输
四.ansible基础
1.定义主机清单
vim /etc/ansible/hosts host1 host2 host3 host4
2.测试连通性
ansible host1 -m ping //测试host1连通性
3.简洁输出
ansible host1 -m ping -o
4.ansible ping模块
ansible host2 -m ping 失败了 ansible host2 -m ping -u root -k -o -u 增加用户名选项 -k增加密码选项
此时会有yes/no的询问
去掉ssh连接(yes/no)的询问
vim /etc/ssh/ssh_config StrictHostKeyChecking no systemctl restart sshd
ansible host2 -m ping -u root -k -o 成功
5.ansible的ping模块
ping ICMP:网际消息管理协议
结论ansible的ping,是探测ssh程序是否连接。不是icmp协议
五.ansible主机清单
1 增加主机组
vim /etc/ansible/hosts [webserver] host1 host2 host3 host4
2 增加用户名 密码
vim /etc/ansible/hosts [webserver] host[1:4] ansible_ssh_user='root' ansible_ssh_pass='666666'
ansible webservers -m ping -o 免用户名和密码成功
主机和主机的用户名密码不同。如何设置
[webservers] host1 ansible_ssh_user='root' ansible_ssh_pass='777777' host[2:4] ansible_ssh_user='root' ansible_ssh_pass='666666'
3 增加端口 ansible_ssh_port='2222'
1.将host1的sshd程序端口修改为2222
# vim /etc/ssh/sshd_config Port 2222 # systemctl restart sshd
2.ansible webservers -m ping -o
此时ping host1失败 ssh默认端口为22
3.vim /etc/ansible/hosts
[webserver] host1 ansible_ssh_user='root' ansible_ssh_pass='777777' ansible_ssh_port='2222' host[2:4] ansible_ssh_user='root' ansible_ssh_pass='666666'
4.修改回去,host1端口改为22
[webservers] host1 ansible_ssh_user='root' ansible_ssh_pass='777777' host[2:4] ansible_ssh_user='root' ansible_ssh_pass='666666'
4.变量 [webserver:vars]
vim /etc/ansible/hosts
[webserver] host[1:4] [webserver:vars] ansible_ssh_user='root' ansible_ssh_pass='666666'
常用变量
5. 子分组 (将不同的分组进行组合) [webserver:children]
vim /etc/ansible/hosts
[apache] host[1:2] [nginx] host[3:4] [webserver:children] apache nginx [webserver:vars] ansible_ssh_user='root' ansible_ssh_pass='666666'
6.可自定义主机列表 ansible -i hostlist dockers -m ping -o (hostlist:当前路径下的文件名 docket主机组)
vim hostlist
[dockers] host1 host2 [dockers:vars] ansible_ssh_user='root' ansible_ssh_pass='666666'
ansible -i hostlist dockers -m ping -o
六.Ad-Hoc-点对点模式
介绍:临时的,在ansible中是指需要快速执行的单条命令,并且不需要保存的命令。对于复杂的命令则为 playbook。
1.复制模块 copy
帮助 # ansible-doc copy
案例:src=ansible服务器文件 dest=ansible客户机具体路径下的文件名 backup=是否备份
# ansible webserver -m copy -a 'src=/etc/hosts dest=/tmp/2.txt owner=root group=bin mode=777' # ansible webserver -m copy -a 'src=/etc/hosts dest=/tmp/2.txt owner=root group=bin mode=777 backup=yes' //如果文件有多份,可以进行备份。
2.用户模块 user state=present/absent append=yes
帮助 # ansible-doc user
A.创建用户
# ansible webserver -m user -a 'name=why state=present' //创建一个why用户
B. 修改密码
前提:生成加密密码
# echo '123456' | openssl passwd -1 -stdin //openssl 生成加密密码 $1$zMEBVnYC$hxrJ/gKY88o9dHXmdpPiB1
修改密码
# ansible webserver -m user -a 'user=why passwd="$1$zMEBVnYC$hxrJ/gKY88o9dHXmdpPiB1" '
C.修改shell
# ansible webserver -m user -a 'name=qianfeng shell=/sbin/nologin append=yes' 追加
D.删除用户
# ansible webserver -m user -a 'user=why state=absent'
3.软件包管理yum
帮助 # ansible-doc yum
# ansible host1 -m yum -a 'name="*" state=latest' //升级所有包 # ansible host2 -m yum -a 'name="httpd" state=latest' //安装apache # ansible host2 -m yum -a 'name="httpd" state=absent' //卸载apache
4.服务模块service
ansible webserver -m service -a 'name=httpd state=started' //启动 ansible webserver -m service -a 'name=httpd enable=yes' //开机自启 ansible webserver -m service -a 'name=httpd state=stopped' //停止 ansible host2 -m service -a 'name=httpd state=started enabled=no' //开机禁止启动
5.文件模块 file
# ansible host1 -m file -a 'path=/tmp/88.txt mode=777 state=touch' //创建文件 # ansible host1 -m file -a 'path=/tmp/99 mode=777 state=directory' //创建目录 # ansible host1 -m file -a 'src=/tmp/88.txt dest=/root/88 state=link' //创建软连接
6.收集模块setup
ansible host3 -m setup //查询所有信息 ansible host3 -m setup -a 'filter=ansible_all_ipv4_addresses' //过滤
7.shell模块
ansible webserver -m shell -a 'hostname' -o //获取主机名 ansible webserver -m shell -a 'hostname' -o -f 2 //-f 2 指定线程数 ansible host2 -m shell -a 'yum -y install httpd' -o //部署apache ansible host3 -m shell -a 'uptime' -o 查询系统负载
七.YAML(非标记语言)
列表,字典
示例:通过YAML编写一个简单的剧本,完成web的部署,配置,启动的全过程。
1.准备工作:清理之前安装的环境
# ansible all -m yum -a 'name=httpd state=removed' -o
2.在ansible服务器上安装httpd,准备配置文件
# yum install -y httpd # mkdir apache # cd apache # cp -rf /etc/httpd/conf/httpd.conf . # sed -ri 's/^Listen.*/Listen 8080/' httpd.conf //修改端口配置,用作推送
3.编写剧本 vim apache.yaml
-hosts: host1 tasks: -name: install apache yum: name=httpd state=present -name: copy apache conf copy: src=/root/apache/httpd.conf dest=/etc/httpd/conf/httpd.conf -name: ensure apache is runing service: name=httpd state=started enabled=yes
4.测试
ansible-playbook apache.yaml --syntax-check 检验语法 ansible-playbook apache.yaml --list-tasks 列出任务 ansible-playbook apache.yaml --list-hosts 列出主机 ansible-playbook apache.yaml 执行 http://192.168.2.142:8080/ 注意端口
5.handlers
配置文件发生修改 Listen 9000
再次执行
# ansible-playbook apache.yaml 再次执行,命令成功,但配置未生效,所以要增加处理程序。设置触发器
vim apache.yaml (notify: restart apache service handlers:)
- name: copy apache conf copy: src=./httpd.conf dest=/etc/httpd/conf/httpd.conf notify: restart apache service - name: ensure apache is running service: name=httpd state=started enabled=yes handlers: - name: restart apache service service: name=httpd state=restarted
如果配置文件再发生变化。 Listen 9080
ansible-playbook apache.yaml 再次执行,配置生效,触发成功
八.role(剧本)
介绍
roles则是在ansible中,playbooks的目录组织结构。将代码或文件进行模块化,成为roles的文件目录组织结构,
易读,代码可重用,层次清晰。目标:通过role远程部署nginx并配置
1.目录结构:
创建文件
# mkdir roles/nginx/{files,handlers,tasks,templates,vars} -p # touch roles/site.yaml roles/nginx/{handlers,tasks,vars}/main.yaml # echo 1234 > roles/nginx/files/index.html # yum install -y nginx && cp /etc/nginx/nginx.conf roles/nginx/templates/nginx.conf.j2
2.编写任务
# vim roles/nginx/tasks/main.yaml (注意空格)
--- - name: install epel-release packge yum: name=epel-release state=latest - name: install nginx package yum: name=nginx state=latest - name: copy nginx.html copy: src=index.html dest=/usr/share/nginx/html/index.html - name: copy nginx.conf template template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf notify: make sure nginx is running - name: make sure nginx is running service: name=nginx state=started enabled=yes
3.准备配置文件
# vim roles/nginx/templates/nginx.conf.j2
worker_processes {{ ansible_processor_cores }}; 调用内部已知变量 worker_connections {{ worker_connections }}; 自定义变量
4.编写变量
# vim roles/nginx/vars/main.yaml
worker_connections: 10240
5.编写处理程序
# vim roles/nginx/handlers/main.yaml
--- - name: restart nginx service: name=nginx state=restarted
6.编写剧本
# vim roles/site.yaml
- hosts: webserver roles: - nginx
7.实施
# cd roles # ansible-playbook site.yaml --syntax-check 测试 # ansible-playbook site.yaml 实施
练习
1.如何在ansible中,使用不同的用户登录不同的主机?
# vim /etc/ansible/hosts
[webservers`] asdf.example.com ansible_port=5000 ansible_user=alice ansible_pass=123456 jkl.example.com ansible_port=5001 ansible_user=bob ansible_pass=654321
2.如何加密hosts主机清单文件
# ansible-vault encrypt hosts
# cat hosts
ansible-playbook hosts --ask-vault-pass
执行加密文件输入验证密码
ansible-vault decrypt hosts
对加密文件取消加密
ansible-vault create secfile
在一开始就创建加密文件ansible-vault view secfile
浏览文件ansible-vault rekey secfile
改密码3.判断主机地址为192.168.31.155的主机。关闭该主机
- hosts: webserver tasks: - name: "shut down 10.18.46.37 systems" command: /usr/sbin/init 0 when: ansible_all_ipv4_addresses == "10.18.46.37"
4.循环创建多个用户
- hosts: host2 tasks: - name: add several users user: name={{ item }} state=present groups=wheel with_items: - testuser1 - testuser2