ansible的安装
在网络通畅的Redhat企业8主机上执行以下命令安装EPEL
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm[root@westoslinxu112 mnt]# rpm -ivh epel-release-latest-8.noarch.rpm
[root@westoslinxu112 mnt]# dnf search ansible ?
[root@westoslinxu112 mnt]# dnf install ansible.noarch -y?????? 安装成功
用脚本进行免密认证
[root@westoslinxu112 mnt]# ssh-keygen
[root@westoslinxu112 mnt]# vim keygen_ssh.sh
[root@westoslinxu112 mnt]# cat keygen_ssh.sh
#!/bin/bash
AUTOSSH()
{
/usr/bin/expect << EOF
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub? root@172.25.254.$i
expect {
"yes/no" { send "yes\r"; exp_continue }
"password" { send "westos\r" }
}
expect eof
EOF
}for i in 212
do
? AUTOSSH?? ?
done?? ?
构建ansible清单
[root@westoslinxu112 mnt]# cd /etc/ansible
[root@westoslinxu112 ansible]# ls
ansible.cfg? hosts? roles
[root@westoslinxu112 ansible]# vim hosts[westos]
172.25.254.112[westos1]
172.25.254.212
172.25.254.112[root@westoslinxu112 ansible]# ansible all --list-hosts
? hosts (2):
??? 172.25.254.112
??? 172.25.254.212
[root@westoslinxu112 ansible]# ansible westos --list-hosts
? hosts (1):
??? 172.25.254.112
[root@westoslinxu112 ansible]# ansible westos1 --list-hosts
? hosts (2):
??? 172.25.254.212
??? 172.25.254.112[root@westoslinxu112 ansible]# vim hosts
[westos]
172.25.254.112[westos1]
172.25.254.212
172.25.254.112nodea.westos.org
[root@westoslinxu112 ansible]# ansible westos1 --list-hosts
? hosts (3):
??? 172.25.254.212
??? 172.25.254.112
??? nodea.westos.org
[root@westoslinxu112 ansible]# ansible westos --list-hosts
? hosts (1):
??? 172.25.254.112
[root@westoslinxu112 ansible]# ansible all --list-hosts
? hosts (3):
??? 172.25.254.112
??? 172.25.254.212
??? nodea.westos.org[root@westoslinxu112 ansible]# vim hosts
172.25.254.198
[westos]
172.25.254.112[westos1]
172.25.254.212
172.25.254.112nodea.westos.org
[root@westoslinxu112 ansible]# ansible all --list-hosts
? hosts (4):
??? 172.25.254.198
??? 172.25.254.112
??? 172.25.254.212
??? nodea.westos.org[root@westoslinxu112 ansible]# ansible ungrouped --list-hosts
? hosts (1):
??? 172.25.254.198
镶嵌清单
?[root@westoslinxu112 ansible]# vim hosts
[westosall:children]
westos
westos1[root@westoslinxu112 ansible]# ansible westosall --list
? hosts (3):
??? 172.25.254.112
??? 172.25.254.212
??? nodea.westos.org[root@westoslinxu112 ansible]# vim hosts
[westos1]
172.25.254.[100:110][root@westoslinxu112 ansible]# ansible westos1 --list
? hosts (11):
??? 172.25.254.100
??? 172.25.254.101
??? 172.25.254.102
??? 172.25.254.103
??? 172.25.254.104
??? 172.25.254.105
??? 172.25.254.106
??? 172.25.254.107
??? 172.25.254.108
??? 172.25.254.109
??? 172.25.254.110指定清单
[root@westoslinxu112 ansible]# cd /mnt
[root@westoslinxu112 ansible]# vim /mnt/westos
[lee1]
172.25.254.[200:210][lee2]
nodea.westos.org[root@westoslinxu112 mnt]# ansible -i /mnt/westos lee --list
[root@westoslinxu112 mnt]# ansible -i /mnt/westos lee1 --list
`? hosts (11):
??? 172.25.254.200
??? 172.25.254.201
??? 172.25.254.202
??? 172.25.254.203
??? 172.25.254.204
??? 172.25.254.205
??? 172.25.254.206
??? 172.25.254.207
??? 172.25.254.208
??? 172.25.254.209
??? 172.25.254.210
?ansible的正则表达式
ansible命令指定清单的正则表达式
*???????????????????????????????????????? ##所有
?????????????????????????????????????????? ##172.25.254.*
?????????????????????????????????????????? ##westos*:????????????????????????????????????????? ##逻辑或
?????????????????????????????????????????? ##westos1:linux
?????????????????????????????????????????? ##172.25.254.100:172.25.254.200:&???????????????????????????????????????? ##逻辑与
?????????????????????????????????????????? ? ##westos1:&linux
???????????????????????????????????????? ?? ##主机即在westos1清单也在linux清单中:! ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?? ##逻辑非
????????????????????????????????????????? ? ##westos1:!linux
?????????????????????????????????????? ? ?? ##在westos1中不在linux中~??????????????????????????????????????????? ##以关键字开头
~(str1|str2)???????????????????????????? ##以条件1或者条件2开头
[root@westoslinxu112 ansible]# ansible 172* --list
? hosts (2):
??? 172.25.254.212
??? 172.25.254.112
[root@westoslinxu112 ansible]# ansible node* --list
? hosts (1):
??? nodea.westos.org
[root@westoslinxu112 ansible]# ansible node*:172* --list
? hosts (3):
??? nodea.westos.org
??? 172.25.254.212
??? 172.25.254.112
[root@westoslinxu112 ansible]# ansible westos:westos1 --list
? hosts (3):
??? 172.25.254.212
??? 172.25.254.112
??? nodea.westos.org
[root@westoslinxu112 ansible]# ansible 'westos1:!westos' --list
? hosts (2):
??? 172.25.254.112
??? nodea.westos.org
[root@westoslinxu112 ansible]# ansible '~node' --list
? hosts (1):
??? nodea.westos.org
[root@westoslinxu112 ansible]# ansible 'westos*' --list
? hosts (3):
??? 172.25.254.212
??? 172.25.254.112
??? nodea.westos.org
[root@westoslinxu112 ansible]# ansible '*org' --list
? hosts (1):
??? nodea.westos.org
[root@westoslinxu112 ansible]# ansible '~(node|172)' --list
? hosts (3):
??? 172.25.254.212
??? 172.25.254.112
??? nodea.westos.org
?Ansible配置文件参数详解
?ansible 清单中组名称 -m 模块 -u remote_user
?1.配置文件的分类与优先级
/etc/ansible/ansible.cfg???????????? #基本配置文件,找不到其他配置文件此文件生效
~/.ansible.cfg????????????????????????????? #用户当前目录中没有ansible.cfg此文件生效
./ansible.cfg??????????????????????????????? #优先级最高?
?2.常用配置参数
?inventory? = /etc/ansible/hosts????????? 默认清单
remote_user = root??????????????? ? ? ? ? ? ? ? ?? 在受管主机上登陆的用户名称,未指定使用当前用户 ???
local_tmp????? = ~/.ansible/tmp??????????????? 本机临时命令执行目录
module_name = command??????????????????? 默认模块,默认使用command,可以修改为shel
host_key_checking = False????????????????? 第一次连接受管主机时是否要输入yes建立host_key
构建用户级Ansible操作环境
[root@westoslinxu112 ansible]# useradd devops
[root@westoslinxu112 ansible]# su - devops
[devops@westoslinxu112 ~]$ mkdir .ansible
[devops@westoslinxu112 ~]$ cd .ansible[devops@westoslinxu112 .ansible]$ vim inventory
[westos]
172.25.254.212[devops@westoslinxu112 .ansible]$ vim ansible.cfg
[defaults]
inventory= ~/.ansible/inventory???????? ~/?? 普通用户家目录
host_key_checking = False
remote_user = devops[devops@westoslinxu112 .ansible]$ ansible westos -m shell -a 'useradd devops' -k -u root
SSH password:
172.25.254.212 | CHANGED | rc=0 >>[devops@westoslinxu112 .ansible]$ ansible westos -m shell -a 'echo westos | passwd --stdin devops' -k -u root
SSH password:
172.25.254.212 | CHANGED | rc=0 >>
Changing password for user devops.
passwd: all authentication tokens updated successfully.
[devops@westoslinxu112 .ansible]$ ansible westos -m shell -a 'echo "devops ALL=(root) NOPASSWD: ALL" >>? /etc/sudoers' -k -u root
SSH password:
172.25.254.212 | CHANGED | rc=0 >>[devops@westoslinxu112 .ansible]$ vim ansible.cfg
[defaults]
inventory= ~/.ansible/inventory
host_key_checking = False
remote_user = devops
module_name = shell[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False[devops@westoslinxu112 .ansible]$ ansible westos -m shell -a 'mkdir -p /home/devops/.ssh' -k
SSH password:172.25.254.212 | CHANGED | rc=0 >>
[devops@westoslinxu112 .ansible]$ ansible westos -m shell -a 'chown devops.devops /home/devops/.ssh' -k
SSH password:172.25.254.212 | CHANGED | rc=0 >>
[devops@westoslinxu112 .ansible]$ ansible westos -m shell -a 'chmod 700 /home/devops/.ssh' -k
SSH password:172.25.254.212 | CHANGED | rc=0 >>
[devops@westoslinxu112 .ansible]$ ssh-keygen
[devops@westoslinxu112 .ansible]$ ansible westos -m copy -a 'src=/home/devops/.ssh/id_rsa.pub dest=/home/devops/.ssh/authorized_keys mode=0600 owner=devops group=devops' -k???????????????????? src? 发送密钥的来源? dest发送密钥的位置?? mode文件权限
[devops@westoslinxu112 .ansible]$ ansible westos -m ping
172.25.254.212 | SUCCESS => {
??? "ansible_facts": {
??????? "discovered_interpreter_python": "/usr/libexec/platform-python"
??? },
??? "changed": false,
??? "ping": "pong"???????????????????? ---------------------------> 成功
}
?
?
?
?
?
?
?