Ansible SSH连接/入门/资产
Ansible管理节点与被管理节点建立ssh信任
首先在管理节点中创建密钥对:
[root@localhost ~]# ssh-keygen -t rsa
被管理节点地址:
[root@iZbp1c824n8qxlt2sn9bheZ ~]# hostname -i
需要将本地公钥传输到被管理节点:
ssh-copy-id root@xxxx #被管理的节点
测试能否登录:
[root@localhost ~]# ssh 'root@120.55.65.27'
Last login: Thu Apr 6 20:23:38 2023 from 123.138.15.66
Welcome to Alibaba Cloud Elastic Compute Service !
快速入门
在管理节点上,测试与所有被管理节点的网络连通性:
ansible all -i ip地址1,ip地址2.. -m ping
[root@localhost ~]# ansible all -i 120.55.65.27, -m ping
120.55.65.27 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
在管理节点上,确保/tmp/a.conf发布到所有被管理节点/tmp路径下 /tmp/a.conf:
[root@localhost ~]# touch /tmp/a.conf
[root@localhost ~]# ll /tmp/a.conf
-rw-r--r--. 1 root root 0 4月 6 21:06 /tmp/a.conf
管理节点:
[root@localhost ~]# ansible all -i 120.55.65.27, -m copy -a "src=/tmp/a.conf dest=/tmp/a.conf"
120.55.65.27 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/a.conf",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1680786639.81-4800-940584741955/source",
"state": "file",
"uid": 0
}
被管理节点,查看:
[root@iZbp1c824n8qxlt2sn9bheZ ~]# ll /tmp
total 4
-rw------- 1 root root 0 Apr 6 20:12 AliyunAssistClientSingleLock.lock
srwxr-xr-x 1 root root 0 Apr 6 20:18 aliyun_assist_service.sock
-rw------- 1 root root 0 Apr 6 20:13 ecsgo-helper.lock
drwx------ 3 root root 4096 Apr 6 20:17 systemd-private-ec3f5c0afd2a4e50a058ebb269481eb7-chronyd.service-Jg3ytz
[root@iZbp1c824n8qxlt2sn9bheZ ~]# ll /tmp
total 4
-rw-r--r-- 1 root root 0 Apr 6 21:10 a.conf
-rw------- 1 root root 0 Apr 6 20:12 AliyunAssistClientSingleLock.lock
srwxr-xr-x 1 root root 0 Apr 6 20:18 aliyun_assist_service.sock
-rw------- 1 root root 0 Apr 6 20:13 ecsgo-helper.lock
drwx------ 3 root root 4096 Apr 6 20:17 systemd-private-ec3f5c0afd2a4e50a058ebb269481eb7-chronyd.service-Jg3ytz
文件已被传输到被管理节点
自定义资产
资产就是被管理节点,资产分为静态资产和动态资产
静态资产
本身是文本文件,格式类似于ini的文件.
默认情况下,Ansible资产文件位于/etc/ansible/hosts 。pip安装可能没有,创建即可
新建一个文件:
[root@localhost ~]# cat inventory.ini
1.1.1.1
2.2.2.2
3.3.3.[1:15]
www.baidu.com
[web_servers]
192.168.1.2
192.168.1.3
[db_servers]
192.168.2.2
192.168.2.3
[all_servers]
[all_servers:children]
db_servers
web_servers
列出资产的所有主机:
[root@localhost ~]# ansible all -i inventory.ini --list-hosts
hosts (22):
1.1.1.1
2.2.2.2
3.3.3.1
3.3.3.2
3.3.3.3
3.3.3.4
3.3.3.5
3.3.3.6
3.3.3.7
3.3.3.8
3.3.3.9
3.3.3.10
3.3.3.11
3.3.3.12
3.3.3.13
3.3.3.14
3.3.3.15
www.baidu.com
192.168.2.2
192.168.2.3
192.168.1.2
192.168.1.3
列出某个组成员:
[root@localhost ~]# ansible db_servers -i inventory.ini --list-hosts
hosts (2):
192.168.2.2
192.168.2.3
资产选择器
选择你部分资产的主机去实现任务
基本格式:
ansible PATTERN -i inventory -m module -a argument
选择一台或几台服务器
[root@localhost ~]# ansible 1.1.1.1 -i inventory.ini --list-hosts
hosts (1):
1.1.1.1
[root@localhost ~]# ansible www.baidu.com -i inventory.ini --list-hosts
hosts (1):
www.baidu.com
[root@localhost ~]# ansible db_servers -i inventory.ini --list-hosts
hosts (2):
192.168.2.2
192.168.2.3
[root@localhost ~]# ansible all_servers -i inventory.ini --list-hosts
hosts (4):
192.168.2.2
192.168.2.3
192.168.1.2
192.168.1.3
还可以用 *号匹配
[root@localhost ~]# ansible 192.168.2.* -i inventory.ini --list-hosts
hosts (2):
192.168.2.2
192.168.2.3
使用逻辑匹配
#两个集合并集
[root@localhost ~]# ansible 'web_servers:db_servers' -i inventory.ini --list-hosts
hosts (4):
192.168.1.2
192.168.1.3
192.168.2.2
192.168.2.3
#交集
[root@localhost ~]# ansible 'web_servers:&db_servers' -i inventory.ini --list-hosts
[WARNING]: No hosts matched, nothing to do
hosts (0):
#只在web_servers不在db_servers
[root@localhost ~]# ansible 'web_servers:!db_servers' -i inventory.ini --list-hosts
hosts (2):
192.168.1.2
192.168.1.3
Ad-Hoc
相当于执行一条shell命令,可执行一些临时命令,playbook相当于一次执行多条命令,相当于shell脚本。
ansible配置文件路径:
/etc/ansible/ansible.cfg
可以进入配置文件里修改属性。