Ansible

Ansible安装

环境准备

yum install -y ansible

配置机器间无密钥

aming-01上生成密钥对 ssh-keygen -t rsa

// -t rsa表示生成的类型为rsa的类型

ssh-copy-id

拷贝/root/.ssh/id_rsa.pub的内容，把公钥放到aming-02上，设置密钥认证

写入文件：vim .ssh/authorized_keys

编辑hosts

vi /etc/ansible/hosts //增加

[testhost]

127.0.0.1

192.168.133.132

说明： testhost为主机组名字，自定义的。下面两个ip为组内的机器ip。

使用Ansible远程执行命令-command模块

使用的command模块

批量执行命令

ansible testhost -m command -a 'w'

使用命令错误：

[root@ansible1 ~]# ansible testhost -m command -a 'w'
ERROR! Unexpected Exception, this is probably a bug: (cryptography 0.8.2 (/usr/lib64/python2.7/site-packages), Requirement.parse('cryptography>=1.1'))
the full traceback was:

Traceback (most recent call last):
File "/usr/bin/ansible", line 85, in <module>
    mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
File "/usr/lib/python2.7/site-packages/ansible/cli/__init__.py", line 38, in <module>
    from ansible.inventory.manager import InventoryManager
File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/__init__.py", line 7, in <module>
    import pkg_resources
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 3011, in <module>
    parse_requirements(__requires__), Environment()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 630, in resolve
    raise VersionConflict(dist,req) # XXX put more info here
VersionConflict: (cryptography 0.8.2 (/usr/lib64/python2.7/site-packages), Requirement.parse('cryptography>=1.1'))
[root@ansible1 ~]#

解决：

[root@kazihuo ~]# yum -y remove python-cryptography

[root@kazihuo ~]# yum -y install ansible

需重新配置host

执行命令结果：

[root@ansible1 ~]# ansible testhost -m command -a 'w'
172.16.51.134 | SUCCESS | rc=0 >>
00:38:30 up 2:28, 4 users, load average: 0.27, 0.28, 0.18
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     :0       :0               22:13   ?xdm? 46.60s 0.12s gdm-session-worker [pam/gdm-password]
root     pts/0    :0               22:14    2:24m 0.02s 0.02s /bin/bash
root     pts/1    172.16.51.133    00:38    0.00s 0.16s 0.09s w
root     pts/2    172.16.51.1      22:18    5:10   0.24s 0.24s -bash

127.0.0.1 | SUCCESS | rc=0 >>
00:38:31 up 9:32, 4 users, load average: 0.13, 0.08, 0.06
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     :0       :0               Tue23   ?xdm?   1:50   0.16s gdm-session-worker [pam/gdm-password]
root     pts/0    :0               Tue23   24:40m 0.02s 0.02s /bin/bash
root     pts/2    172.16.51.1      22:18    7.00s 0.67s 0.00s ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/21f0e6a9ae -tt 127.0.0.1 /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1573720709.53-5325938981603/command.py && sleep 0'
root     pts/3    localhost        00:38    0.00s 0.14s 0.09s w

[root@ansible1 ~]#

也可以直接写一个ip，针对某一台机器来执行命令。

ansible 127.0.0.1 -m command -a 'hostname'

[root@ansible1 ~]# ansible 127.0.0.1 -m command -a 'hostname'
127.0.0.1 | SUCCESS | rc=0 >>
ansible1

[root@ansible1 ~]#

错误： "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"

解决： yum install -y libselinux-python

Shell模块

还有一个模块就是shell同样也可以实现（shell模块一般用来远程执行一个shell脚本）

ansible testhost -m shell -a 'w'

Ansible拷贝文件或者目录

拷贝目录到一台机器

ansible 172.16.51.134 -m copy -a "src=/etc/ansible dest=/tmp/ansibletest owner=root group=root mode=0755"

（-m copy模块拷贝文件或目录，src指定来源的文件目录，owner指定目录的属主，group属组，mode指定权限）

[root@ansible1 ~]# ansible 172.16.51.134 -m copy -a "src=/etc/ansible dest=/tmp/ansibletest owner=root group=root mode=0755"
172.16.51.134 | SUCCESS => {
    "changed": true,
    "dest": "/tmp/ansibletest/",
    "src": "/etc/ansible"
}

[root@ansible2 ~]# ls /tmp/ansibletest/
ansible
[root@ansible2 ~]#
[root@ansible2 ~]#
[root@ansible2 ~]# cd /tmp/ansibletest/ansible/
[root@ansible2 ansible]# ls
ansible.cfg hosts hosts.rpmsave roles
[root@ansible2 ansible]#

注意：源目录会放到目标目录下面去，如果目标指定的目录不存在，它会自动创建。如果拷贝的是文件，dest指定的名字和源如果不同，并且它不是已经存在的目录，相当于拷贝过去后又重命名。但相反，如果desc是目标机器上已经存在的目录，则会直接把文件拷贝到该目录下面。

拷贝文件到host组

ansible testhost -m copy -a "src=/etc/passwd dest=/tmp/123"

这里的/tmp/123和源机器上的/etc/passwd是一致的，但如果目标机器上已经有/tmp/123目录，则会再/tmp/123目录下面建立passwd文件

[root@ansible1 ~]# ansible testhost -m copy -a "src=/etc/passwd dest=/tmp/123"
172.16.51.134 | SUCCESS => {
    "changed": true,
    "checksum": "4a66f34a51d3f37357691dc87cf80aa0c6c9f687",
    "dest": "/tmp/123",
    "gid": 0,
    "group": "root",
    "md5sum": "151b3ee1a43a03f70e6108d9f98c3af2",
    "mode": "0644",
    "owner": "root",
    "secontext": "unconfined_u:object_r:admin_home_t:s0",
    "size": 2309,
    "src": "/root/.ansible/tmp/ansible-tmp-1573721974.05-276680864345922/source",
    "state": "file",
    "uid": 0
}
127.0.0.1 | SUCCESS => {
    "changed": true,
    "checksum": "4a66f34a51d3f37357691dc87cf80aa0c6c9f687",
    "dest": "/tmp/123",
    "gid": 0,
    "group": "root",
    "md5sum": "151b3ee1a43a03f70e6108d9f98c3af2",
    "mode": "0644",
    "owner": "root",
    "secontext": "unconfined_u:object_r:admin_home_t:s0",
    "size": 2309,
    "src": "/root/.ansible/tmp/ansible-tmp-1573721974.02-223463635708862/source",
    "state": "file",
    "uid": 0
}
[root@ansible1 ~]#

Ansible远程执行脚本-shell模块

创建脚本

首先创建一个shell脚本

vim /tmp/test.sh //加入内容

#!/bin/bash

echo `date` > /tmp/ansible_test.txt

// 把系统的时间写入到文件里。

分发到机器

然后把该脚本分发到各个机器上

ansible testhost -m copy -a "src=/tmp/test.sh dest=/tmp/test.sh mode=0755"

批量执行

最后是批量执行该shell脚本

ansible testhost -m shell -a "/tmp/test.sh"

[root@ansible1 ~]# ansible testhost -m shell -a "/tmp/test.sh"
127.0.0.1 | SUCCESS | rc=0 >>

172.16.51.134 | SUCCESS | rc=0 >>

[root@ansible1 ~]#

支持管道

shell模块，还支持远程执行命令并且带管道（command模块不支持管道）

ansible testhost -m shell -a "cat /etc/passwd|wc -l "

ansible testhost -m command -a "cat /etc/passwd|wc -l " ----报错。

Ansible管理任务计划-cron模块

Ansible的任务计划，它用到的模块是cron。

任务计划

ansible testhost -m cron -a "name='test cron' job='/bin/touch /tmp/1212.txt' weekday=6"

[root@ansible1 ~]# ansible testhost -m cron -a "name='test cron' job='/bin/touch /tmp/1212.txt' weekday=6"
127.0.0.1 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": [
        "test cron"
    ]
}
172.16.51.134 | SUCCESS => {
    "changed": true,
    "envs": [],
    "jobs": [
        "test cron"
    ]
}
[root@ansible1 ~]# crontab -l
#Ansible: test cron
// 这个地方有个标记，就是我们的名字了。

* * * * 6 /bin/touch /tmp/1212.txt
[root@ansible1 ~]#

更改删除

ansible testhost -m cron -a "name='test cron' state=absent"

其他的时间表示：分钟 minute 小时 hour 日期 day 月份 month

Ansible安装rpm包/管理服务-yum模块-service模块

安装软件包：

用到模块是yum模块

ansible testhost -m yum -a "name=httpd"

卸载，在name后面还可以加上state=installed/removed

ansible testhost -m yum -a "name=httpd state=installed/removed" 卸载

管理服务：

把模块启动，用到的模块是service

ansible testhost -m service -a "name=httpd state=started enabled=yes"

[root@ansible1 ~]# ansible testhost -m service -a "name=httpd state=started enabled=yes"
127.0.0.1 | SUCCESS => {
    "changed": true,
    "enabled": true,
    "name": "httpd",
    "state": "started",
    "status": {
        "ActiveEnterTimestampMonotonic": "0",
        "ActiveExitTimestampMonotonic": "0",
        "ActiveState": "inactive",
        "After": "-.mount tmp.mount basic.target system.slice network.target systemd-journald.socket remote-fs.target nss-lookup.target",
        "AllowIsolate": "no",
………
        "ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
        "ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
        "ExecStop": "{ path=/bin/kill ; argv[]=/bin/kill -WINCH ${MAINPID} ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
        "FailureAction": "none",
        "FileDescriptorStoreMax": "0",
……
        "UnitFileState": "disabled",
        "WatchdogTimestampMonotonic": "0",
        "WatchdogUSec": "0"
    }
}
172.16.51.134 | SUCCESS => {
    "changed": true,
    "enabled": true,
    "name": "httpd",
    "state": "started",
    "status": {
        "ActiveEnterTimestampMonotonic": "0",
        "ActiveExitTimestampMonotonic": "0",
        "ActiveState": "inactive",
        "After": "network.target remote-fs.target nss-lookup.target systemd-journald.socket tmp.mount basic.target system.slice -.mount",
……..

        "ExecMainStatus": "0",
        "ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
        "ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
        "ExecStop": "{ path=/bin/kill ; argv[]=/bin/kill -WINCH ${MAINPID} ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
        "FailureAction": "none",
        "FileDescriptorStoreMax": "0",
        "FragmentPath": "/usr/lib/systemd/system/httpd.service",
…….
    }
}
[root@ansible1 ~]#

Ansible文档的使用

ansible-doc -l 列出所有的模块

// 常用的比较多的，类似shell，command，cron

ansible-doc cron 查看指定模块的文档

ansible-doc service 查看指定模块的文档