1.Ansible的安装
网上下载epel源并安装
dnf install sshpass-1.06-9.el8.x86_64.rpm -y
dnf install ansible-2.9.11-1.el8.noarch.rpm -y
ansible --version查看Ansible信息
ansible的基本信息:
/etc/ansible/ansible.conf?? ??? ?##全局配置文件,默认很少修改
/etc/ansible/hosts?? ??? ??? ?##全局主机清单清单文件
2.构建Anisble清单
清单就是ansible控制主机的列表
/etc/ansible/hosts????????????????????? ##全局清单文件
#1.直接书写受管主机名或ip,每行一个
vim /etc/ansible/hosts
172.25.254.239
?
#受控主机:为了安全不能直接控制root创建新用户tutu来控制,并设置密码为westos
useradd tutu
echo westos | passwd --setden tutu
下放权力并免秘设置
visudo
100行 加? tutu??? ALL=(ALL)?????? NOPASSWD: ALL
#ansible主机:
ssh-keygen
ssh-copy-id -i /root/.ssh/id_rsa.pub tutu@172.25.254.239
ansible 172.25.254.239 -m ping -k 控制239
?
设定受管主机的组[组名称]
#清单查看:
ansible 清单中组名称 [-i 清单文件]? --list-hosts
ansible ungrouped --list-hosts
ansible all --list-hosts
vim hosts:
#单层清单#
[list1]
node1.westos.com
node2.westos.com
[list2]
node2.westos.com
[list3]
172.25.254.240
#嵌套清单#
[westos:children]
list1
list3
#3.主机规格的范围化操作#
#通过指定主机名称或IP的范围可以简化Ansible主机清单
#语法:
#[start:end]
[westostest]
172.25.254.[100:108]
#4.指定其他清单文件
vim inventory
172.25.254.239
[westostest]
172.25.254.100
172.25.254.200
ansible all -i inventory? --list-hosts
ansible westostest -i inventory? --list-hosts
ansible ungrouped -i inventory? --list-hosts
#ansible命令指定清单的正则表达式
*?? ??? ?##所有
?? ??? ?##172.25.254.*
?? ??? ?##westos*
:?? ??? ?##逻辑或
?? ??? ?##westos1:linux
?? ??? ?##172.25.254.100:172.25.254.200
:&?? ??? ?##逻辑与
?? ??? ?##westos1:&linux
?? ??? ?##主机即在westos1清单也在linux清单中
:!?? ??? ?##逻辑非
?? ??? ?##westos1:!linux
?? ??? ?##在westos1中不在linux中
~?? ??? ?##以关键字开头
~(str1|str2)?? ?##以条件1或者条件2开头?? ??? ?
####Ansible配置文件参数详解####
#
ansible 清单中组名称 -m 模块 -u remote_user
#
#1.配置文件的分类与优先级
/etc/ansible/ansible.cfg?? ??? ?#基本配置文件,找不到其他配置文件此文件生效
~/.ansible.cfg?? ??? ??? ??? ?#用户当前目录中没有ansible.cfg此文件生效
./ansible.cfg?? ??? ??? ??? ?#优先级最高
#2.常用配置参数
#[default]?? ??? ??? ??? ?##基本信息设定
inventory=?? ??? ??? ??? ?##指定清单路径
remote_user=?? ??? ??? ??? ?##在受管主机上登陆的用户名称,未指定使用当前用户
ask_pass=?? ??? ??? ??? ?##是否提示输入SSH密码,如果公钥登陆设定为false
library=?? ??? ??? ??? ?##库文件存放目录
local_tmp=?? ??? ??? ??? ?##本机临时命令执行目录
remote_tmp=?? ??? ??? ??? ?##远程主机临时py命令文件存放目录
forks=?? ??? ??? ??? ??? ?##默认并发数量
host_key_checking=?? ??? ??? ?##第一次连接受管主机时是否要输入yes建立host_key
sudo_user=?? ??? ??? ??? ?##默认sudo用户
ask_sudo_pass=?? ??? ??? ??? ?##每次在受控主机执行ansible命令时是否询问sudo密码
module_name=?? ??? ??? ??? ?##默认模块,默认使用command,可以修改为shell
log_path=?? ??? ??? ??? ?##日志文件路径
[privilege_escalation]?? ??? ??? ?##身份信息设定
become=?? ??? ??? ??? ??? ?##连接后是否自动切换用户
become_method=?? ??? ??? ??? ?##设定切换用户的方式,通常用sudo
become_user=?? ??? ??? ??? ?##在受管主机中切换到的用户,通常为root
become_ask_pass?? ??? ??? ??? ?##是否需要为become_method提示输入密码,默认为false
####构建用户级Ansible操作环境####
useradd tutu
echo westos | passwd --stdin tutu
visudo(权力下放)
100行 ? tutu? ALL=(ALL)?????? NOPASSWD: ALL
useradd lee
echo westos | passwd --stdin lee
ssh-keygen
ssh-copy-id -i /root/.ssh/id_rsa.pub tutu@172.25.254.239
ssh-keygen
ssh-copy-id -i /root/.ssh/id_rsa.pub tutu@172.25.254.139
su - lee
scp root@172.25.254.139:/root/.ssh/id_rsa /home/lee/.ssh
mkdir ansible
cd ansible/
vim ansible.cfg
[defaults]
inventory?????????????? =~/ansible/inventory
host_key_checking?????? =False
ask_pass??????????????? =False
#roles_pash???????????? =
remote_user???????????? =tutu
module_name???????????? =shell
[privilege_escalation]
become????????????????? =True
become_method?????????? =sudo
become_user???????????? =root
become_ask_pass???????? =False
vim inventory
[westos]
172.25.254.139
172.25.254.239
ansible westos -m ping
?