一、ansible的安装部署

本案例要求准备ansible的基础环境：启动6台虚拟机；禁用selinux和firewalld；编辑/etc/hosts；配置yum扩展源并在管理节点安装ansible。

1、基础环境准备
[root@room9pc01 ~]# tar -xf ansible_soft.tar.xz
[root@room9pc01 ~]# cd ansible_soft/
[root@room9pc01 ansible_soft]# mkdir /var/ftp/ansible
[root@room9pc01 ansible_soft]# cp * /var/ftp/ansible
[root@room9pc01 ansible_soft]# createrepo /var/ftp/ansible

2、修改主机名（容易区分，6台机器都需要修改）这里以ansible主机为例子
[root@localhost ~]# echo ansible > /etc/hostname
[root@localhost ~]# hostname ansible

3、配置ip（6台机器都需要配置），这里以ansible主机为例子
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
‘# Generated by dracut initrd
DEVICE=“eth0”
ONBOOT=“yes”
IPV6INIT=“no”
IPV4_FAILURE_FATAL=“no”
NM_CONTROLLED=“no”
TYPE=“Ethernet”
BOOTPROTO=“static”
IPADDR=192.168.1.51
PREFIX=24
GATEWAY=192.168.1.254
[root@localhost ~]# systemctl restart network
[root@localhost ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.51 netmask 255.255.255.0 broadcast 192.168.1.255
ether 52:54:00:b2:69:9e txqueuelen 1000 (Ethernet)
RX packets 234 bytes 16379 (15.9 KiB)
RX errors 0 dropped 36 overruns 0 frame 0
TX packets 31 bytes 2618 (2.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

4、配置yum客户端，在管理节点ansible上面配置
[root@ansible ~]# vim /etc/yum.repos.d/local.repo
[local_repo]
name=CentOS-$releasever - Base
baseurl=“ftp://192.168.1.254/system”
enabled=1
gpgcheck=1
[local]
name=local
baseurl=“ftp://192.168.1.254/ansible”
enabled=1
gpgcheck=0
[root@ansible ~]# yum clean all
[root@ansible ~]# yum repolist
[root@ansible ~]# yum -y install ansible
[root@ansible ~]# ansible --version
ansible 2.4.2.0 //显示版本说明安装成功
config file = /etc/ansible/ansible.cfg
configured module search path = [u’/root/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

二、ansible的配置文件修改

1、修改ansible的配置文件/etc/ansible/ansible.cfg
[root@ansible ~]# cd /etc/ansible/
[root@ansible ansible]# ls
ansible.cfg hosts roles
[root@ansible ansible]# vim ansible.cfg
#inventory = /etc/ansible/hosts //指定分组文件路径，主机的分组文件hosts
[selinux] //组名称，selinux的相关选项在这个下面配置
[colors] //组名称，colors的相关选项在这个下面配置

2、静态主机的定义
[root@ansible ansible]# vim hosts
[web]
web1
web2
[db]
db[1:2] //1:2为db1到db2两台主机，1:20为db1到db20多台主机
[other]
cache

3、查看组内主机有哪些？
[root@ansible ansible]# ansible web --list-host //显示web组的主机
hosts (2):
web1
web2
[root@ansible ansible]# ansible db --list-host
hosts (2):
db1
db2
[root@ansible ansible]# ansible other --list-host
hosts (1):
cache
[root@ansible ansible]# ansible all --list-host //显示所有组的主机
hosts (5):
web1
web2
cache
db1
db2

4、测试
[root@ansible ansible]# ansible cache -m ping
//测试是否可以连接，若失败颜色为红色
cache | UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: ssh: Could not resolve hostname cache: Name or service not known\r\n”,
“unreachable”: true
}
修改后测试
[root@ansible ansible]# vi hosts
[other]
cache ansible_ssh_user=“root” ansible_ssh_pass="a"
[root@ansible ansible]# ansible other -m ping //测试成功，颜色为绿色
cache | SUCCESS => {
“changed”: false,
“ping”: “pong”
}

5、不检测主机的sshkey，在第一次连接的时候不用输入yes
[root@ansible ansible]# vim ansible.cfg //修改配置文件
host_key_checking = False
[root@ansible ansible]# vim hosts
[web]
web1
web2
[web:vars] //web组:变量(vars不改)，web组的多台机器共用一个用户名和密码
ansible_ssh_user=“root”
ansible_ssh_pass="a"
[root@ansible ansible]# ansible web -m ping
web2 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
web1 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}

6、定义子组
[root@ansible ansible]# vi hosts
[app:children] //指定子分组(app可改:children不改)，web，db是提前分好的组
web
db
[app:vars]
ansible_ssh_user=“root”
ansible_ssh_pass=“a”
[root@ansible ansible]# ansible app --list-host //查看
hosts (4):
web1
web2
db1
db2
[root@ansible ansible]# ansible app -m ping //测试
web1 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
web2 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
db1 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
db2 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}

7、多路径练习
自定义的ansible文件只在当前路径生效
[root@ansible ~]# mkdir aaa
[root@ansible ~]# cd aaa/
[root@ansible aaa]# vim myhost
[app1]
web1
db1
[app2]
web2
db2
[app:children]
app1
app2
[other]
cache
[app:vars]
ansible_ssh_user=“root”
ansible_ssh_pass=“a”
[root@ansible aaa]# touch ansible.cfg
[root@ansible aaa]# grep -Ev “$” /etc/ansible/ansible.cfg
[defaults]
roles_path = /etc/ansible/roles:/usr/share/ansible/roles
host_key_checking = False
[inventory]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]
[diff]
[root@ansible aaa]# vim ansible.cfg
[defaults]
inventory = myhost
host_key_checking = False
测试结果 （当前目录）
[root@ansible aaa]# ansible app1 -m ping
web1 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
db1 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
[root@ansible aaa]# ansible app --list-host
hosts (4):
web1
db1
web2
db2
[root@ansible aaa]# cd
[root@ansible ~]# ansible app1 --list-host //切换到别的目录，测试失败
[WARNING]: Could not match supplied host pattern, ignoring: app1
[WARNING]: No hosts matched, nothing to do
hosts (0):

8、动态主机
[root@ansible aaa]# vim my.sh
#!/bin/bash
echo ’
{ “aa”: {
“hosts”:
[“192.168.1.55”, “192.168.1.56”],
“vars”: {
“ansible_ssh_user”: “root”,
“ansible_ssh_pass”: “a”}
},
}’
[root@ansible aaa]# chmod 755 my.sh
[root@ansible aaa]# ./my.sh
{ “aa”: {
“hosts”:
[“192.168.1.55”, “192.168.1.56”],
“vars”: {
“ansible_ssh_user”: “root”,
“ansible_ssh_pass”: “a”}
},
}
[root@ansible aaa]# vim ansible.cfg
[defaults]
inventory = my.sh
host_key_checking = False
[root@ansible aaa]# ansible aa -m ping
192.168.1.55 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
192.168.1.56 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}

三、ansible常用模块的使用：批量执行

ansible-doc //模块的手册，相当于man
ansible-doc -l //列出所有模块
ansible-doc 模块名 //查看指定模块的帮助信息

1、查看负载
[root@ansible aaa]# ansible app -m command -a 'uptime’

2、查看时间
[root@ansible aaa]# ansible app -m command -a ‘date +%F\ %T’

3、批量部署证书文件
[root@ansible .ssh]# ssh-keygen -t rsa -b 2048 -N ‘’ //创建密钥
[root@ansible .ssh]# ansible all -m authorized_key -a “user=root exclusive=true manage_dir=true key=’$(< /root/.ssh/id_rsa.pub)’” -k
SSH password: //输入密码
[root@ansible .ssh]# ansible all -m ping //成功

《模块的使用》

1、command
[root@ansible .ssh]# ansible web1 -m command -a ‘chdir=/tmp touch f1’ //创建成功

2、shell 和 row模块
[root@ansible .ssh]# ansible web1 -m shell -a ‘chdir=/tmp touch f2’ //创建成功
[root@ansible .ssh]# ansible web1 -m raw -a ‘chdir=/tmp touch f3’
//文件可以创建，但无法切换目录，文件在用户家目录下生成

3、script模块
在web1主机上创建zhangsan3用户，修改zhangsan3的密码为123456，设置zhangsan3第一次登陆必须修改密码

用命令写：
[root@ansible .ssh]# ansible web1 -m shell -a ‘useradd zhangsan3’
[root@ansible .ssh]# ansible web1 -m shell -a ‘echo 123456 | passwd --stdin zhangsan3’
[root@ansible .ssh]# ssh -l zhangsan3 web1
zhangsan3@web1’s password: //输入zhangsan3的密码
[root@ansible .ssh]# ansible web1 -m shell -a ‘chage -d 0 zhangsan3’
[root@ansible .ssh]# ssh -l zhangsan3 web1

用脚本写，script模块执行：
[root@ansible .ssh]# vim user.sh
#!/bin/bash
useradd lisi
echo 123456 | passwd --stdin lisi
chage -d 0 lisi
echo
[root@ansible .ssh]# ansible web1 -m script -a ‘./user.sh’
[root@ansible .ssh]# ssh -l lisi web1

4、copy模块
[root@ansible ~]# ansible cache -m copy -a ‘src=/root/index.html dest=/var/www/html/index.html’ ///root/index.html这个页面可以自己写

5、lineinfile 和 replace模块
[root@ansible ~]# ansible cache -m lineinfile -a ‘path="/etc/httpd/conf/httpd.conf" regexp="^ServerName " line=“ServerName 0.0.0.0”’
[root@ansible ~]# ansible cache -m lineinfile -a ‘path="/etc/httpd/conf/httpd.conf" regexp="^Listen " line=“Listen 8080”’
[root@ansible ~]# ansible cache -m replace -a ‘path=/etc/sysconfig/network-scripts/ifcfg-eth0 regexp="^(ONBOOT=).*" replace="\1"yes""’

6、yum 模块
[root@ansible ~]# ansible other -m yum -a ‘name=“lrzsz” state=removed’
//lrzsz软件包名，removed=absent删除
[root@ansible ~]# ansible other -m yum -a ‘name=“lrzsz,lftp” state=installed’
//安装多个软件包，不写state默认为安装

7、service模块
[root@ansible ~]# ansible other -m service -a ‘name=“sshd” enabled=“yes” state=“started”’ //sshd服务名，开机启动同时启动这个服务

8、setup模块
[root@ansible ~]# ansible cache -m setup -a ‘filter=ansible_distribution’
cache | SUCCESS => {
“ansible_facts”: {
“ansible_distribution”: “CentOS”
},
“changed”: false
}