Ansible----- -172.25.33.1
node1---------172.25.33.2
node2---------172.25.33.3
Ansible节点安装需要的软件包
所有节点创建普通用户devops
useradd devops
passwd devops
使用ansible节点普通用户devops做免密
su - devops
ssh keygen
ssh-copy-id devops@server1
ssh-copy-id devops@server2
Ansible节点切换至普通用户,并创建相应的ansible目录和文件
mkdir ansible
touch ansible.cfg
touch inventory
vim ansible/ansible.cfg
[defaults]
inventory = /home/devops/ansible/inventory
[devops@server1 ~]$ vim ansible/inventory
[test]
server2
[production]
server3
测试
ansible all -m ping
相关指令
指定用户 -u
ansible all -m ping -u devops
执行sudo -u
ansible all -m ping -u devops -b
现在在node1、node2节点配置/etc/sudoers文件
devops ALL=(ALL) NOPASSWD:ALL
再次在ansible节点测试
ansible all -m ping -u devops -b
copy命令
复制到/tmp(普通用户可以写)
ansible test(主机组) -m copy -a "src=/etc/passwd dest=/tmp/passwd"
复制到/mnt下(普通用户不可写)
ansible test -m copy -a "src=/etc/passwd dest=/mnt" -b
执行命令的方式
ansible test -a "ls /mnt" -b
ansible test -a "rm /mnt/passwd" -b
配置文件实现-b参数
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
再次执行(不需要-b参数)
ansible test -a "ls /mnt"
设置主机变量
[test]
server1 http_port=80
server2 https_port=443
设置组变量
[test]
server1
server2
[test:vars]
http_port=80
设置多组变量
[test]
server1
server2
[test1]
server3
server4
[server:children]
test
test1
[server:vars]
http_port=80
设置变量的独立保存文件(格式为yaml)
正则的使用
asible "*" -m ping 匹配所有组所有主机
ansible 'test:production' -m ping 匹配两个组的主机
ansible 'test:!production' -m ping 匹配在test但不在production的主机
软件的安装
ansible test -m yum -a "name=mariadb state=present"
指定版本name=acme-1.5
软件的卸载
服务状态的修改
ansible test -m service -a "name=mariadb state=started"
ansible test -m service -a "name=mariadb state=restarted"
ansible test -m service -a "name=mariadb state=stopped"
添加用户和组
ansible test -m user -a "name=foo password=westos state=present shell=/bin/bash groups=users,wheel append=yes"
加密添加用户
ansible test -m user -a "name=foo password={{'westos'|password_hash('sha512','salt')}}"
修改文件
ansible test -m file -a "dest=/tmp/passwd mode=600 owner=root group=root"
创建目录
ansible test -m file -a "dest=/tmp/file/file mode=755 state=directory owner=root group=root"
帮助文档
ansible-doc 模块名