Ansible的简单配置及使用
1. 安装ansible
shell> yum install ansible -y
2. 配置ansible
shell> vim /etc/ansible/ansible.cfg
# 取消注释,默认情况下日志是开关的
log_path=/var/log/ansible.log
# 设置默认模块shell
module_name=shell
#禁用ssh检查
host_key_checking=False
3. 设置主机及分组
shell> vim /etc/ansible/hosts
# 分组名称
[web]
# 组内成员(ip地址或域名)
192.168.37.102
192.168.37.103
[master]
192.168.37.1014. 查看模块 ansible-doc
ansible-doc [options] [module...]
-a 显示所有模块的文档
-l, --list 列出可用模块
-s, --snippet显示指定模块的playbook片段
5. ansible方法
ansible <host-pattern> [-m module_name] [-a args]
--version 显示版本
-m module 指定模块,默认为command
-v 详细过程 –vv -vvv更详细
--list-hosts 显示主机列表,可简写 --list
-k, --ask-pass 提示输入ssh连接密码,默认Key验证
-K, --ask-become-pass 提示输入sudo时的口令
-C, --check 检查,并不执行
-T, --timeout=TIMEOUT 执行命令的超时时间,默认10s
-u, --user=REMOTE_USER 执行远程执行的用户
-b, --become 代替旧版的sudo 切换
--become-user=USERNAME 指定sudo的runas用户,默认为root
6. 基于key验证,及公钥分发
# 使用 ssh-kengen 会在~/.ssh/目录下生成两个文件,不指定文件名和密钥类型的时候,默认生成的两个文件是:id_rsa,id_rsa.pub
shell> ssh-kengen
# ssh-copy-id 将本机的公钥复制到远程机器的authorized_keys文件中,ssh-copy-id也能让你有到远程机器的home, ~./ssh , 和 ~/.ssh/authorized_keys的权利
shell> ssh-copy-id 192.168.37.102
shell> ssh-copy-id 192.168.37.103
7. 模块的使用
# 文件复制copy模块 src:本机文件地址 dest:目标主机地址 backup:如何目标主机文件存在,生成备份
shell> ansible web copy -a 'src=/etc/selinux/config dest=/data/ backup=yes'
# 生成文件内容
shell> ansible app -m copy -a 'content="line1\nline2\nline3\n" dest=/data/content.txt'
案例一:自建YUM源
# 自建源
ansible app -a 'mkdir /etc/yum.repos.d/repo'
ansible app -a 'mv /etc/yum.repos.d/*.repo /etc/yum.repos/repo'
ansible app -m copy -a 'content="
[base]\nname=CentOS\nbaseurl=file:///misc/cd\ngpgcheck=0\n\n[epel]\nname=epel\nbaseurl=http
://mirrors.sohu.com/fedora-epel/7/x86_64/\ngpgcheck=0" dest=/etc/yum.repos.d/base.repo'
# 查看yum源
ansible all -a 'cat /etc/yum.repos.d/base.repo'
# 建立文件
ansible app -a 'touch /etc/yum.repos.d/repo1/f1'
# 抓取文件
ansible app -m fetch -a 'src=/etc/yum.repos.d/repo1/f1 dest=/data'
# 删除文件
ansible app -m file -a 'path=/etc/yum.repos.d/repo1/f1 state=absent'
# yum 安装和删除
ansible all -m yum -a 'name=bind'
ansible all -m yum -a 'name=bind state=absent'
# 53端口打开
ansible all -a 'ss -ntul|grep 53'
# 启动服务,开机启动服务
ansible all -a 'name=named state=started enabled=true'
案例二:使用二进制包安装mysql
# 使用ansible写一个roles的playbook,安装mysql
# 创建mysql的role目录
shell> tree
.
├── mysql-install.yml # 启动文件
└── roles
└── mysql
├── files # 二进制mysql安装包及my-huge.cnf配置文件
│ ├── mariadb-10.2.25-linux-x86_64.tar.gz
│ └── my-huge.cnf
├── handlers
├── tasks # 配置文件
│ ├── config.yml
│ ├── database.yml
│ ├── data_file.yml
│ ├── init.yml
│ ├── library.yml
│ ├── link.yml
│ ├── main.yml
│ ├── owner.yml
│ ├── path.yml
│ ├── start.yml
│ ├── uncompress.yml
│ └── user.yml
├── templates
└── vars
配置文件:
main.yml
# main.yum 软件安装顺序
- include: library.yml
- include: user.yml
- include: uncompress.yml
- include: link.yml
- include: data_file.yml
- include: owner.yml
- include: database.yml
- include: path.yml
- include: config.yml
- include: init.yml
- include: start.yml
library.yml
- name: "安装库文件"
yum: name=libaio
user.yml
- name: "创建用户"
user: name=mysql system=yes home=/data/mysql create_home=no shell=/sbin/nologin
uncompress.yml
- name: "解压mysql文件"
unarchive: src=/data/playbook/mariadb-10.2.25-linux-x86_64.tar.gz dest=/usr/local owner=root group=root
link.yml
- name: "创建mysql软链接"
file: src=/usr/local/mariadb-10.2.25-linux-x86_64 dest=/usr/local/mysql state=link
data_file.yml
- name: "创建data文件"
file: path=/data/mysql state=directory
owner.yml
- name: "设置data目录权限"
file: path=/data/mysql owner=mysql group=mysql
database.yml
- name: "切换目录,生成database库"
shell: chdir=/usr/local/mysql/ scripts/mysql_install_db --datadir=/data/mysql --user=mysql
path.yml
- name: "添加环境变量"
copy: content='PATH=/usr/local/mysql/bin:$PATH' dest=/etc/profile.d/mysql.sh
config.yml
- name: "复制配置文件"
copy: src=/data/playbook/my-huge.cnf dest=/etc/my.cnf
init.yml
- name: "复制启动文件到init.d"
shell: cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
start.yml
- name: "启动mysql服务"
shell: /etc/init.d/mysqld start
