一、免密SSH密钥
1、在Ansible服务端生成密钥,并且复制公钥到节点中。
[root@elb ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
89:13:34:37:96:34:ae:38:1e:c9:de:cf:d2:87:d3:e1 root@elb
The key's randomart image is:
+--[ RSA 2048]----+
| o.*. |
| . =.o |
| . . |
| . o + . |
| * + S |
| o + . . |
| o .. + . |
| .o+ E |
| .oo |
+-----------------+
2、使用ssh-copy-id命令来复制Ansible公钥到节点中。
客户端主机
192.168.3.49
192.168.3.62
[root@elb ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.3.49
The authenticity of host '192.168.3.49 (192.168.3.49)' can't be established.
RSA key fingerprint is 5f:73:2a:96:12:c8:1d:af:d8:d4:a7:0d:53:db:0c:81.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.3.49' (RSA) to the list of known hosts.
root@192.168.3.49's password:
Now try logging into the machine, with "ssh 'root@192.168.3.49'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@elb ~]#
[root@elb ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.3.62
The authenticity of host '192.168.3.62 (192.168.3.62)' can't be established.
RSA key fingerprint is 50:d1:85:98:0c:9f:b8:04:9e:01:c9:94:79:9e:a6:f1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.3.62' (RSA) to the list of known hosts.
root@192.168.3.62's password:
Now try logging into the machine, with "ssh 'root@192.168.3.62'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
测试免密登录
[root@elb ~]# ssh 192.168.3.49
Last login: Thu Jan 5 08:49:13 2017 from 192.168.3.41
[root@nginx ~]# exit
logout
Connection to 192.168.3.49 closed.
[root@elb ~]# ssh 192.168.3.62
Last login: Mon Nov 14 20:53:20 2016 from 192.168.3.41
[root@mysql ~]# exit
logout
Connection to 192.168.3.62 closed.
二、为Ansible定义节点的清单
[root@elb ~]# vi /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
[webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
192.168.3.49
# If you have multiple hosts following a pattern you can specify
# them like this:
## www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
[dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
192.168.3.62
# Here's another example of host ranges, this time there are no
# leading 0s:
## db-[99:101]-node.example.com
三、在Ansible服务端运行命令
需要在远程执行一个个命令来管理远程服务器;
远程执行命令的模块有command、shell、scripts、以及raw模块;
官方http://docs.ansible.com/ansible/list_of_commands_modules.html
使用ping检查webservers、dbservers或者ansible节点的连通性
ansible -m ping 'dbservers'
[root@elb ~]# ansible -m ping 'webservers'
192.168.3.49 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@elb ~]# ansible -m ping 'dbservers'
192.168.3.62 | SUCCESS => {
"changed": false,
"ping": "pong"
}
例子1:检查Ansible节点的运行时间(uptime)
ansible -m command -a "uptime" 'webservers'
[root@elb ~]# ansible -m command -a "uptime" 'webservers'
192.168.3.49 | SUCCESS | rc=0 >>
09:11:49 up 3:25, 5 users, load average: 0.08, 0.02, 0.01
[root@elb ~]# ansible -m command -a "uptime" 'dbservers'
192.168.3.62 | SUCCESS | rc=0 >>
21:05:37 up 10:58, 6 users, load average: 0.00, 0.00, 0.00
[root@elb ~]#
例子2:检查节点的内核版本
ansible -m command -a "uname -r" 'webservers'
ansible -m command -a "uname -r" 'dbservers'
[root@elb ~]# ansible -m command -a "uname -r" 'webservers'
192.168.3.49 | SUCCESS | rc=0 >>
2.6.32-642.6.2.el6.x86_64
[root@elb ~]# ansible -m command -a "uname -r" 'dbservers'
192.168.3.62 | SUCCESS | rc=0 >>
2.6.32-642.6.2.el6.x86_64
例子3:给节点增加用户
ansible -m command -a "useradd wolf" 'webservers'
ansible -m command -a "useradd wolf" 'dbservers'
[root@elb ~]# ansible -m command -a "useradd wolf" 'webservers'
192.168.3.49 | SUCCESS | rc=0 >>
[root@elb ~]# ansible -m command -a "useradd wolf" 'dbservers'
192.168.3.62 | SUCCESS | rc=0 >>
ansible -m command -a "grep wolf /etc/passwd" 'webservers'
ansible -m command -a "grep wolf /etc/passwd" 'dbservers'
例子4:重定向输出到文件中
ansible -m command -a "df -Th" 'webservers'>/tmp/command-output.txt
ansible -m command -a "df -Th" 'dbservers'>>/tmp/command-output.txt
[root@elb ~]# ansible -m command -a "df -Th" 'webservers'>/tmp/command-output.txt
[root@elb ~]# cat /tmp/command-output.txt
192.168.3.49 | SUCCESS | rc=0 >>
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/vg_nginx-lv_root
ext4 18G 5.6G 11G 34% /
tmpfs tmpfs 491M 228K 491M 1% /dev/shm
/dev/sda1 ext4 477M 60M 392M 14% /boot
/dev/sr0 iso9660 4.2G 4.2G 0 100% /media/CentOS_6.5_Final
[root@elb ~]# ansible -m command -a "df -Th" 'dbservers'>>/tmp/command-output.txt
[root@elb ~]# cat /tmp/command-output.txt
192.168.3.49 | SUCCESS | rc=0 >>
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/vg_nginx-lv_root
ext4 18G 5.6G 11G 34% /
tmpfs tmpfs 491M 228K 491M 1% /dev/shm
/dev/sda1 ext4 477M 60M 392M 14% /boot
/dev/sr0 iso9660 4.2G 4.2G 0 100% /media/CentOS_6.5_Final
192.168.3.62 | SUCCESS | rc=0 >>
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/vg_mysql-lv_root
ext4 18G 7.1G 9.3G 44% /
tmpfs tmpfs 931M 320K 931M 1% /dev/shm
/dev/sda1 ext4 477M 60M 392M 14% /boot
copy模块
ansible 'webservers' -m copy -a "src=/root/wolf.txt dest=~/"
ansible 'dbservers' -m copy -a "src=/root/wolf.txt dest=~/"
[root@elb ~]# ansible 'webservers' -m copy -a "src=/root/wolf.txt dest=~/"
192.168.3.49 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/root/wolf.txt",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1480402539.29-166423323929037/source",
"state": "file",
"uid": 0
}
[root@elb ~]# ansible 'dbservers' -m copy -a "src=/root/wolf.txt dest=~/"
192.168.3.62 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/root/wolf.txt",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1480402545.85-144739460041681/source",
"state": "file",
"uid": 0
}
shell模块
执行shell命令
ansible 'webservers' -a "ps -fe |grep nginx" -m shell
ansible 'dbservers' -a "ps -fe |grep mysql" -m shell
[root@elb ~]# ansible 'dbservers' -a "ps -fe |grep mysql" -m shell
192.168.3.62 | SUCCESS | rc=0 >>
root 95353 95352 0 22:12 pts/1 00:00:00 /bin/sh -c ps -fe |grep mysql
root 95355 95353 0 22:12 pts/1 00:00:00 grep mysql
root 100297 1 0 12:07 ? 00:00:00 /bin/sh /soft/mysql5.1.72/bin/mysqld_safe --datadir=/soft/mysql5.1.72/data --pid-file=/soft/mysql5.1.72/data/mysql.pid
mysql 100414 100297 0 12:07 ? 00:00:14 /soft/mysql5.1.72/libexec/mysqld --basedir=/soft/mysql5.1.72 --datadir=/soft/mysql5.1.72/data --user=mysql --log-error=/soft/mysql5.1.72/data/mysql.err --pid-file=/soft/mysql5.1.72/data/mysql.pid --socket=/soft/mysql5.1.72/tmp/mysql.sock --port=3306
[root@elb ~]# ansible 'webservers' -a "ps -fe |grep nginx" -m shell
192.168.3.49 | SUCCESS | rc=0 >>
root 1992 1 0 05:47 ? 00:00:00 /bin/sh /data/mysql/bin/mysqld_safe --datadir=/data/db --pid-file=/data/db/nginx.pid
mysql 2320 1992 0 05:47 ? 00:00:11 /data/mysql/bin/mysqld --basedir=/data/mysql --datadir=/data/db --plugin-dir=/data/mysql/lib/plugin --user=mysql --log-error=/data/db/nginx.err --pid-file=/data/db/nginx.pid --socket=/tmp/mysql.sock --port=3306
nginx 2325 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2326 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2327 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2328 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2329 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2330 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2331 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2332 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2333 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2334 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2335 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2336 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2337 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2338 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2339 2324 0 05:47 ? 00:00:00 php-fpm: pool www
nginx 2340 2324 0 05:47 ? 00:00:00 php-fpm: pool www
root 2342 1 0 05:47 ? 00:00:00 nginx: master process /data/nginx/sbin/nginx
nginx 2345 2342 0 05:47 ? 00:00:01 nginx: worker process
nginx 2346 2342 0 05:47 ? 00:00:00 nginx: worker process
root 6726 6725 0 10:18 pts/1 00:00:00 /bin/sh -c ps -fe |grep nginx
root 6728 6726 0 10:18 pts/1 00:00:00 grep nginx
scripts模块
[root@elb ~]# vi ll.sh
ls
[root@elb ~]# sh ll.sh
anaconda-ks.cfg Desktop Documents Downloads install.log install.log.syslog ll.sh Music Pictures Public Templates Videos wolf.txt
ansible webservers -m script -a "/root/ll.sh"
ansible dbservers -m script -a "/root/ll.sh"
webservers 上
[root@nginx ~]# touch 111
dbservers上
[root@mysql ~]# touch 132
[root@elb ~]# ansible webservers -m script -a "/root/ll.sh"
192.168.3.49 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.3.49 closed.\r\n",
"stdout": "111\t\t Documents install.log.syslog Public wolf.txt\r\nanaconda-ks.cfg Downloads Music\t\t Templates\r\nDesktop\t\t install.log Pictures\t\t Videos\r\n",
"stdout_lines": [
"111\t\t Documents install.log.syslog Public wolf.txt",
"anaconda-ks.cfg Downloads Music\t\t Templates",
"Desktop\t\t install.log Pictures\t\t Videos"
]
}
[root@elb ~]# ansible dbservers -m script -a "/root/ll.sh"
192.168.3.62 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.3.62 closed.\r\n",
"stdout": "132\t\t Documents install.log.syslog Public Videos\r\nanaconda-ks.cfg Downloads Music\t\t soft\t wolf.txt\r\nDesktop\t\t install.log Pictures\t\t Templates\r\n",
"stdout_lines": [
"132\t\t Documents install.log.syslog Public Videos",
"anaconda-ks.cfg Downloads Music\t\t soft\t wolf.txt",
"Desktop\t\t install.log Pictures\t\t Templates"
]
}