简介

ansible是基于Python开发的自动化运维工具,集合了众多运维工具的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能,ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架,通过SSHD协议来管理多台的客户机

实验部署

1、实验规划

主机名

IP地址

ansible(管理端)

192.168.7.192

client1(被管理端)

192.168.7.189

client2(被管理端)

192.168.7.134

2、安装ansible服务

#安装epel源
[root@ansible ~]# yum install -y epel-release
#安装ansible
[root@ansible ~]# yum install ansible -y
#查看版本
[root@ansible ~]# ansible --version
ansible 2.9.10
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
#ansible的工作目录
[root@ansible ~]# tree /etc/ansible/
/etc/ansible/
├── ansible.cfg	#ansible的配置文件
├── hosts	 	#ansible的主仓库,用于存储需要管理的远程主机的相关信息
└── roles		#角色
#更改配置主机清单
[root@ansible ~]# vim /etc/ansible/hosts
#添加如下部分
[client1]
192.168.7.189
[client2]
192.168.7.134

3、配置ssh免交互登陆

[root@ansible ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:GQr5RqmhTULNgMirHxqonG2NjQXnId8W36FNB3rQJKA root@ansible
The key's randomart image is:
+---[RSA 2048]----+
|o.o+   ...o.     |
|oo  o... ..o     |
|  o =Eo . o .    |
| . B O o + + .   |
|o . O * S * o    |
|+ .  = o o o     |
|o+o.* .          |
|oo.= o           |
|  .              |
+----[SHA256]-----+
[root@ansible ~]# ssh-copy-id root@192.168.7.189
[root@ansible ~]# ssh-copy-id root@192.168.7.134
#配置免交互代理
[root@ansible ~]# ssh-agent bash
[root@ansible ~]# ssh-add
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)

4、ansible命令行模块
(1)command模块

#命令格式
ansible [主机] [-m 模块] [-a args]
#举例
[root@ansible ~]# ansible client1 -m command -a 'date'
192.168.7.189 | CHANGED | rc=0 >>
2020年 07月 11日 星期六 16:17:58 CST
#如果不加-m模块,则默认运行command模块
#所有hosts主机执行命令,主机名使用all
[root@ansible ~]# ansible all -a 'date'
192.168.7.134 | CHANGED | rc=0 >>
2020年 07月 11日 星期六 16:19:12 CST
192.168.7.189 | CHANGED | rc=0 >>
2020年 07月 11日 星期六 16:19:12 CST

(2)cron模块

  • 计划性任务,可在目标主机添加计划性任务
  • 两种状态(state):
    present表示添加(可以省略)
    absent表示移除
#举例
[root@ansible ~]# ansible client1 -m cron -a \
> 'minute="*/1" \
> job="/usr/bin/echo hello >> /opt/hello.txt" \
> name="test cron job"'
192.168.7.189 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": [
        "test cron job"
    ]
}
[root@ansible ~]# ansible client1 -a 'crontab -l'
192.168.7.189 | CHANGED | rc=0 >>
#Ansible: test cron job
*/1 * * * * /usr/bin/echo hello >> /opt/hello.txt
#移除计划性任务
#计划任务,假如该计划任务没有取名字,name=None即可
[root@ansible ~]# ansible client1 -m cron -a 'name="test cron job" state=absent'
192.168.7.189 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": []
}
[root@ansible ~]# ansible client1 -a 'crontab -l'
192.168.7.189 | CHANGED | rc=0 >>

(3)user模块

  • user模块是请求的是useradd, userdel, usermod三个指令
#举例
#添加用户test1
[root@ansible ~]# ansible client1 -m user -a 'name="test1"'
#查看用户已经创建完成
[root@ansible ~]# ansible client -a 'tail -3 /etc/passwd'
[WARNING]: Could not match supplied host pattern, ignoring: client
[WARNING]: No hosts matched, nothing to do
[root@ansible ~]# ansible client1 -a 'tail -3 /etc/passwd'
192.168.7.189 | CHANGED | rc=0 >>
tcpdump:x:72:72::/:/sbin/nologin
larry:x:1000:1000:Larry:/home/larry:/bin/bash
test1:x:1001:1001::/home/test1:/bin/bash
#移除用户test1
[root@ansible ~]# ansible client1 -m user -a 'name="test1" state=absent'
192.168.7.189 | CHANGED => {
[root@ansible ~]# ansible client1 -a 'tail -3 /etc/passwd'
192.168.7.189 | CHANGED | rc=0 >>
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
larry:x:1000:1000:Larry:/home/larry:/bin/bash

(4)group模块

  • group模块请求的是groupadd, groupdel, groupmod 三个指令
#举例
[root@ansible ~]# ansible client1 -m group -a 'name=client1 gid=306 system=yes'
[root@ansible ~]# ansible client1 -a 'tail -3 /etc/group'
192.168.7.189 | CHANGED | rc=0 >>
tcpdump:x:72:
larry:x:1000:
client1:x:306:
[root@ansible ~]# ansible client1 -m user -a 'name=test01 uid=306 system=yes 
[root@ansible ~]# ansible client1 -a 'tail -3 /etc/passwd'
192.168.7.189 | CHANGED | rc=0 >>
tcpdump:x:72:72::/:/sbin/nologin
larry:x:1000:1000:Larry:/home/larry:/bin/bash
test01:x:306:306::/home/test01:/bin/bash
[root@ansible ~]# ansible client1 -a 'id test01'    
192.168.7.189 | CHANGED | rc=0 >>
uid=306(test01) gid=306(client1) 组=306(client1)

(5)copy模块

#举例
[root@ansible ~]# ansible client1 -m copy -a 'src=/etc/fstab dest=/opt/fstab.back'
[root@ansible ~]# ansible client1 -a 'ls -l /opt'
192.168.7.189 | CHANGED | rc=0 >>
总用量 4
-rw-r-----. 1 root root 595 7月  11 16:46 fstab.back
#将hello 写入/opt/fstab.back
[root@ansible ~]# ansible client1 -m copy -a \
> 'content="hello" dest=/opt/fstab.back'
[root@ansible ~]# ansible client1 -a 'cat /opt/fstab.back' 
192.168.7.189 | CHANGED | rc=0 >>
hello

(5)file模块

#举例
[root@ansible ~]# ansible client1 -m user -a 'name=client1 system=yes'
[root@ansible ~]# ansible client1 -m group -a 'name=client1 system=yes'
#更改文件的属主和属组权限
[root@ansible ~]# ansible client1 -m file -a 'owner=client1 group=client1 mode=644 path=/opt/fstab.back'
[root@ansible ~]# ansible client1 -a 'ls -l /opt'
192.168.7.189 | CHANGED | rc=0 >>
总用量 4
-rw-r--r--. 1 client1 client1 5 7月  11 16:50 fstab.back
#设置/opt/fstab.link为/opt/fstab.back的链接文件
[root@ansible ~]# ansible client1 -m file -a 'path=/opt/fstab.link src=/opt/fstab.back state=link' 
[root@ansible ~]# ansible client1 -a 'ls -l /opt'
192.168.7.189 | CHANGED | rc=0 >>
总用量 4
-rw-r--r--. 1 client1 client1  5 7月  11 16:50 fstab.back
lrwxrwxrwx. 1 root    root    15 7月  11 16:56 fstab.link -> /opt/fstab.back
#删除一个文件
[root@ansible ~]# ansible client1 -m file -a "path=/opt/fstab.link state=absent"
#创建一个文件
[root@ansible ~]# ansible client1 -m file -a "path=/opt/test state=touch"
#创建目录
[root@ansible ~]# ansible client1 -m file -a 'path=/opt/dir state=directory mode=755'

(6)ping模块

#举例
[root@ansible ~]# ansible all -m ping
192.168.7.189 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.7.134 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

(7)yum模块

#举例
#yum安装httpd
[root@ansible ~]# ansible client2 -m yum -a 'name=httpd'
#在client2上查看
[root@client2 ~]# rpm -q httpd
httpd-2.4.6-93.el7.centos.x86_64
#卸载httpd
[root@ansible ~]# ansible client2 -m yum -a 'name=httpd state=absent'
#在client2上查看
[root@client2 ~]# rpm -q httpd
未安装软件包 httpd

(8)service模块

#举例
#安装并开启httpd服务
[root@ansible ~]# ansible client2 -m yum -a 'name=httpd'
[root@ansible ~]# ansible client2 -a 'systemctl status httpd'
192.168.7.134 | FAILED | rc=3 >>
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:httpd(8)
           man:apachectl(8)non-zero return code
[root@ansible ~]# ansible client2 -m service -a 'name=httpd state=started'
[root@ansible ~]# ansible client2 -a 'systemctl status httpd'
192.168.7.134 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since 六 2020-07-11 17:15:16 CST; 25s ago
#关闭防火墙服务
[root@ansible ~]# ansible client2 -m service -a 'name=firewalld state=stopped'

(9)shell模块

#举例
#创建用户使用无交互模式给用户设置密码
[root@ansible ~]# ansible client1 -m shell -a 'echo abc123 | passwd --stdin client1'
192.168.7.189 | CHANGED | rc=0 >>
更改用户 client1 的密码 。
passwd:所有的身份验证令牌已经成功更新。

(10)script模块

#举例
#在管理端创建脚本文件,赋予权限
[root@ansible ~]# vim test.sh
#!/bin/bash
echo "hello ansible from script"> /opt/script.txt
[root@ansible ~]# chmod +x test.sh 
#执行脚本文件到client1
[root@ansible ~]# ansible client1 -m script -a 'test.sh'
#查看文件
[root@ansible ~]# ansible client1 -a 'cat /opt/script.txt'
192.168.7.189 | CHANGED | rc=0 >>
hello ansible from script