Ansible安装
(1)环境准备
在两台机器上关闭防火墙和SELinux,并修改/etc/hosts文件。
[root@ansible-test1 ~]# systemctl stop firewalld [root@ansible-test1 ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service. [root@ansible-test1 ~]# setenforce 0 [root@ansible-test1 ~]# cat /etc/selinux/config … # disabled - No SELinux policy is loaded. SELINUX=disabled //将此处改为disabled # SELINUXTYPE= can take one of three two values: … [root@ansible-test1 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.2.10 ansible-test1 //添加两台主机的IP和主机名 192.168.2.20 ansible-test2
(2)安装Ansible
准备两台机器anisble-01和anisble-02,只需要在anisble-01上安装Ansible,先安装epel仓库。
[root@ansible-test1 ~]# yum install epel-release -y [root@ansible-test1 ~]# yum install -y ansible [root@ansible-test1 ~]# ansible --version ansible 2.9.10 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Nov 20 2015, 02:00:19) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]
(3)免密配置
anisble-01上生成密钥对ssh-keygen -t rsa,把公钥放到anisble-02上,设置密钥认证。
注意:需要将本机也配置免密。
[root@ansible-test1 ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 0a:47:86:44:83:a2:7c:c3:0c:1b:33:1c:03:88:0c:09 root@ansible-test1 The key's randomart image is: +--[ RSA 2048]----+ |E+.o+ | |=Bo. o | |o.O . o | |.o = o | | . o . S | | o . | | . | | | | | +-----------------+ [root@ansible-test1 ~]# ssh-copy-id 192.168.2.20 The authenticity of host '192.168.2.20 (192.168.2.20)' can't be established. ECDSA key fingerprint is dc:a5:08:4d:9a:40:8a:be:ee:68:dd:41:61:7d:d7:05. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.2.20's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '192.168.2.20'" and check to make sure that only the key(s) you wanted were added. [root@ansible-test1 ~]# ssh 192.168.2.20 Last login: Sat Jul 4 16:49:18 2020 from 192.168.2.3 [root@ansible-test2 ~]# 登出 Connection to 192.168.2.20 closed.
(4)主机组设置
在/etc/ansible/hosts文件中添加本机和另一台机器的IP:
root@ansible-test1 ~]# grep ^[^#] /etc/ansible/hosts [testhost] 127.0.0.1 192.168.2.20
说明:testhost为自定义的主机组名字,下面两个IP为组内的机器IP。
2.3 Ansible远程执行命令
这样就可以批量执行命令了。这里的testhost为主机组名,-m后边是模块名字,-a后面是命令。当然我们也可以直接写一个IP,针对某一台机器来执行命令。
[root@ansible-test1 ~]# ansible testhost -m command -a "hostname" 127.0.0.1 | CHANGED | rc=0 >> ansible-test1 192.168.2.20 | CHANGED | rc=0 >> ansible-test2 [root@ansible-test1 ~]# ansible 192.168.2.20 -m command -a "hostname" 192.168.2.20 | CHANGED | rc=0 >> ansible-test2
2.4 Ansible拷贝文件或目录
源目录会放到目标目录下面去,如果目标指定的目录不存在,它会自动创建。如果拷贝的是文件,如果dest指定的名字和源不同,并且它不是已经存在的目录,相当于拷贝过去后又重命名。但相反,如果desc是目标机器上已经存在的目录,则会直接把文件拷贝到该目录下面。
[root@ansible-test1 ~]# ansible 192.168.2.20 -m copy -a "src=/etc/passwd dest=/tmp/123" 192.168.2.20 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "8f3ebea24b1558e6207af80195aa12931d96345f", "dest": "/tmp/123", "gid": 0, "group": "root", "md5sum": "ca8f3327c9a73cb6fd96ba88ec4d18ee", "mode": "0644", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 1040, "src": "/root/.ansible/tmp/ansible-tmp-1593856449.24-11462-53060923085626/source", "state": "file", "uid": 0 }
这里的/tmp/123和源机器上的/etc/passwd是一致的,但如果目标机器上已经有/tmp/123目录,则会再/tmp/123目录下面建立passwd文件。
2.5 Ansible远程执行脚本
首先创建一个shell脚本。
[root@ansible-test1 ~]# cat /tmp/test.sh #!/bin/bash echo `date` > /tmp/ansible_test.txt
然后把该脚本分发到各个机器上。
[root@ansible-test1 ~]# ansible testhost -m copy -a "src=/tmp/test.sh dest=/tmp/test.sh mode=0755" 192.168.2.20 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "1a6e4af02dba1bda6fc8e23031d4447efeba0ade", "dest": "/tmp/test.sh", "gid": 0, "group": "root", "md5sum": "edfaa4371316af8c5ba354e708fe8a97", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 48, "src": "/root/.ansible/tmp/ansible-tmp-1593856700.7-11499-220274653312920/source", "state": "file", "uid": 0 } 127.0.0.1 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "1a6e4af02dba1bda6fc8e23031d4447efeba0ade", "dest": "/tmp/test.sh", "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/test.sh", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 48, "state": "file", "uid": 0 }
最后是批量执行该shell脚本。
[root@ansible-test1 ~]# ansible testhost -m shell -a "/tmp/test.sh" 127.0.0.1 | CHANGED | rc=0 >> 192.168.2.20 | CHANGED | rc=0 >>
shell模块,还支持远程执行命令并且带管道。
[root@ansible-test1 ~]# ansible testhost -m shell -a "cat /etc/passwd |wc -l " 127.0.0.1 | CHANGED | rc=0 >> 21 192.168.2.20 | CHANGED | rc=0 >> 21 [root@ansible-test1 ~]# cat /tmp/ansible_test.txt // 2020年 07月 04日 星期六 18:00:51 CST
运行成功。
浙公网安备 33010602011771号