学习

  • ansible core : ansible 自身核心模块
  • host inventory: 主机库,定义可管控的主机列表
  • connection plugins: 连接插件,一般默认基于 ssh 协议连接
  • modules:core modules ( 自带模块 ) 、 custom modules ( 自定义模块 )
  • playbooks :剧本,按照所设定编排的顺序执行完成安排任务

安装

install

# python --version
# Python 2.7.5
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python get-pip.py
# 
# DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
####
# get-pip.py options
# do not attempt to install setuptools
--no-setuptools
# do not attempt to install wheel
--no-wheel
# Install to the user site
--user
# install ansible
sudo pip install ansible
# 
ansible --version
ansible 2.7.10
  config file = None
  configured module search path = [u'/home/vagrant/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Apr  9 2019, 14:30:50) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
# 如果用pip安装完ansible之后,config file是None的。也就是说不存在/etc/ansible这个配置文件夹,需要自己创建。


curl -sSfLk -o https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.9.3-1.el7.ans.noarch.rpm
yum localinstall ansible-2.9.3-1.el7.ans.noarch.rpm -y

生成密钥

# 创建ssh密钥
mkdir ~/.ssh;
cd ~/.ssh/
# 都按回车
ssh-keygen -t rsa
# 加入授权
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
# 修改文件权限
chmod 600 ~/.ssh/authorized_keys
# 授权登录
ssh-copy-id -i ~/.ssh/id_rsa.pub vagrant@n55
ssh-copy-id -i ~/.ssh/id_rsa.pub vagrant@n56

常用命令

ansible --version
ansible -m
ansible-doc -s command
absible-galaxy
ansible-link
ansible-init playbook.yml
ansible-playbook
ansible-pull
ansible-vault
tree /etc/ansible/
/etc/ansible/
├── ansible.cfg
├── hosts
└── roles
ansible 192.168.33.56 -m ping -vvv
ansible webservers -m ping -vvv
ansible -m command -a '/bin/echo hello ansible!'
ansible 192.168.33.56 -m command -a 'sudo yum install -y bridge-utils bind-utils psmisc'

错误

192.168.33.55 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
    "unreachable": true
}

192.168.33.55 | FAILED! => {
    "msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"
}

192.168.33.27 | FAILED | rc=1 >>
error: garbage option

Usage:
 ps [options]

 Try 'ps --help <simple|list|output|threads|misc|all>'
  or 'ps --help <s|l|o|t|m|a>'
 for additional help text.

For more details see ps(1).non-zero return code
## command不支持管道命令

ansible hosts

## 正常写法,name1为别名:
[test1]
name1 ansible_ssh_host=192.168.1.111 ansible_ssh_user="root" ansible_ssh_pass="1234" ansible_ssh_port=22
name2 ansible_ssh_host=192.168.1.222  ansible_ssh_user="root" ansible_ssh_pass="1234" ansible_ssh_port=22

## 连续的IP写法,表示192.168.1.20到192.168.1.50,共31台主机:
[test1]
name1 ansible_ssh_host=192.168.1.[20:50] ansible_ssh_user="root" ansible_ssh_pass="1234" ansible_ssh_port=22

## 带参数的群组,vars底下为群组共同便变量,包括已定义变量和自定义变量:
[test1]
name1 ansible_ssh_host=192.168.1.[20:50]

[test1:vars]
ansible_ssh_user=root
ansible_ssh_pass="1234"
testvar="test"

## 群组整合,children底下为父群组test的子群组,调用方式为ansible test -m ping:
[dbtest]
name1 ansible_ssh_host=192.168.1.[20:50] ansible_ssh_user="root" ansible_ssh_pass="1234" ansible_ssh_port=22
[webtest]
name2 ansible_ssh_host=192.168.2.[20:50] ansible_ssh_user="root" ansible_ssh_pass="1234" ansible_ssh_port=22
[test:children]
dbtest
webtest

## 调用两个主机组的写法,以下webservers和dbservers都会被调用:
ansible webservers:dbservers -m ping

## 在webservers组中但不在dbsersers中的调用:
ansible webservers:!dbservers -m win_ping

## 在webservers组中并且在dbservers组中的才会调用:
ansible webservers:&dbservers -m ping

## 在调用前加~,代表正则表达式:
ansible ~(web|db).*.91it.org -m win_ping

参考