Ansible —- 安装配置

黑色的粗字体,是需要执行的命令,其它的普通的字体是演示效果

Ansible —- 常用命令:http://www.01wneo.xin/?p=458

基础环境:

centos7.3 四台 1c 512m 20g d 192.168.1.2 192.168.1.3 192.168.1.4 192.168.1.5

[root@1-2 ~]# yum install ansible* -y
[root@1-2 ~]# hostname www-jfedu-net
[root@1-2 ~]# su
[root@www-jfedu-net ~]# echo 192.168.1.2 `hostname` >>/etc/hosts
[root@www-jfedu-net ~]# cat /etc/hosts
127.0.0.1 wanglei wanglei
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.2 www-jfedu-net
[root@www-jfedu-net ~]# cd /etc/ansible/
[root@www-jfedu-net ansible]# ll
总用量 24
-rw-r--r--. 1 root root 19179 1月 30 04:15 ansible.cfg # ansible 主配置文件
-rw-r--r--. 1 root root 1016 1月 30 04:15 hosts # 管理配置的客户端,要监控的客户端写这里
drwxr-xr-x. 2 root root 6 1月 30 04:15 roles # 角色文件
[root@www-jfedu-net ansible]# cp hosts hosts.bak
[root@www-jfedu-net ansible]# vim hosts # 清空文件内容,并自定义
[web]
192.168.1.3
192.168.1.4
192.168.1.5
[db]
192.168.1.2
192.168.1.3
[root@www-jfedu-net ansible]# cat hosts
[web]
192.168.1.3
192.168.1.4
192.168.1.5
[db]
192.168.1.2
192.168.1.3

# 使用ansible-doc -l|more查看ansible支持的模块
[root@www-jfedu-net ansible]# ansible-doc -l | grep more
[root@www-jfedu-net ansible]# ansible-doc -l | wc -l # 统计 ansible 命令个数
1378
[root@www-jfedu-net ansible]# ansible -k web -m ping # ping 模块(无法使用,需要修改配置文件)
SSH password: 
192.168.1.3 | FAILED! => {
 "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
}
192.168.1.5 | FAILED! => {
 "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
}
192.168.1.4 | FAILED! => {
 "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
}
[root@www-jfedu-net ansible]# ansible-doc yum # 查看命令的用法

[root@www-jfedu-net ansible]# vim ansible.cfg
host_key_checking = False # 解开此行注释,不检查主机的 key
[root@www-jfedu-net ansible]# ansible -k web -m ping # 正常显示
SSH password: 
192.168.1.5 | SUCCESS => {
 "changed": false, 
 "ping": "pong"
}
192.168.1.3 | SUCCESS => {
 "changed": false, 
 "ping": "pong"
}
192.168.1.4 | SUCCESS => {
 "changed": false, 
 "ping": "pong"
}

# 免秘钥登陆服务器
[root@www-jfedu-net ansible]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
6b:12:45:ac:eb:73:93:0c:ce:c6:3f:be:5e:63:d2:fa root@www-jfedu-net
The key's randomart image is:
+--[ RSA 2048]----+
|       ..        |
|       ..        |
|       ..        |
|      ..         |
|      ..S        |
|      o. o       |
|     =.o+.=      |
|      Bo*= .     |
|     . **=E      |
+-----------------+
[root@www-jfedu-net ansible]# cd /root/.ssh/
[root@www-jfedu-net .ssh]# ll
总用量 12
-rw-------. 1 root root 1679 2月  14 13:11 id_rsa
-rw-r--r--. 1 root root  400 2月  14 13:11 id_rsa.pub
-rw-r--r--. 1 root root  519 2月  14 12:47 known_hosts
[root@www-jfedu-net .ssh]# ssh-copy-id -i id_rsa.pub 192.168.1.3
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.3's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.1.3'"
and check to make sure that only the key(s) you wanted were added.

[root@www-jfedu-net .ssh]# ssh-copy-id -i id_rsa.pub 192.168.1.4
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.4's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.1.4'"
and check to make sure that only the key(s) you wanted were added.

[root@www-jfedu-net .ssh]# ssh-copy-id -i id_rsa.pub 192.168.1.5
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.5's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.1.5'"
and check to make sure that only the key(s) you wanted were added.

[root@www-jfedu-net .ssh]# ssh-copy-id -i id_rsa.pub 192.168.1.2
The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established.
ECDSA key fingerprint is 4a:c1:c3:bd:7a:e0:85:c5:b0:94:43:0c:04:58:e4:09.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.2's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.1.2'"
and check to make sure that only the key(s) you wanted were added.

[root@www-jfedu-net .ssh]# ssh -l root 192.168.1.2 # 登陆时不再需要密码
Last login: Wed Feb 14 10:37:28 2018
[root@www-jfedu-net ~]# exit
登出
Connection to 192.168.1.2 closed.
192.168.1.5 df -h
[root@www-jfedu-net .ssh]# for i in 2 3 4 5;do ssh -l root "192.168.1."$i "df -h";done # 批量查看主机的磁盘容量 for 循环是串行的 ansible 是并行的
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/cl-root 18G 1.3G 17G 7% /
devtmpfs 226M 0 226M 0% /dev
tmpfs 237M 0 237M 0% /dev/shm
tmpfs 237M 4.5M 232M 2% /run
tmpfs 237M 0 237M 0% /sys/fs/cgroup
/dev/sda1 1014M 139M 876M 14% /boot
tmpfs 48M 0 48M 0% /run/user/0
...
[root@www-jfedu-net .ssh]# for i in 2 3 4 5;do echo 192.168.1."$i";ssh -l root "192.168.1."$i "df -h";done
192.168.1.2
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/cl-root 18G 1.3G 17G 7% /
devtmpfs 226M 0 226M 0% /dev
tmpfs 237M 0 237M 0% /dev/shm
tmpfs 237M 4.5M 232M 2% /run
tmpfs 237M 0 237M 0% /sys/fs/cgroup
/dev/sda1 1014M 139M 876M 14% /boot
tmpfs 48M 0 48M 0% /run/user/0
...
[root@www-jfedu-net .ssh]# for i in 2 3 4 5;do echo "The Result 192.168.1.$i to command:";ssh -l root "192.168.1."$i "df -h";done
The Result 192.168.1.2 to command:
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/cl-root 18G 1.3G 17G 7% /
devtmpfs 226M 0 226M 0% /dev
tmpfs 237M 0 237M 0% /dev/shm
tmpfs 237M 4.5M 232M 2% /run
tmpfs 237M 0 237M 0% /sys/fs/cgroup
/dev/sda1 1014M 139M 876M 14% /boot
tmpfs 48M 0 48M 0% /run/user/0
...
[root@www-jfedu-net .ssh]# for i in 2 3 4 5;do echo -e "\033[32m The 192.168.1.$i to command for result:\033[0m";ssh -l root "192.168.1."$i "df -h";done
 The 192.168.1.2 to command for result:
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/cl-root 18G 1.3G 17G 7% /
devtmpfs 226M 0 226M 0% /dev
tmpfs 237M 0 237M 0% /dev/shm
tmpfs 237M 4.5M 232M 2% /run
tmpfs 237M 0 237M 0% /sys/fs/cgroup
/dev/sda1 1014M 139M 876M 14% /boot
tmpfs 48M 0 48M 0% /run/user/0
...
# 查看每台服务器的负载 for 循环是串行的 ansible 是并行的
[root@www-jfedu-net .ssh]# for i in 2 3 4 5;do echo -e "\033[32m The 192.168.1.$i to command for result:\033[0m";ssh -l root "192.168.1."$i "uptime";done
# 查看每台服务器的时间 for 循环是串行的 ansible 是并行的
[root@www-jfedu-net .ssh]# for i in 2 3 4 5;do echo -e "\033[32m The 192.168.1.$i to command for result:\033[0m";ssh -l root "192.168.1."$i "date";done
# 批量安装应用 for 循环是串行的 ansible 是并行的
[root@www-jfedu-net .ssh]# for i in 2 3 4 5;do echo -e "\033[32m The 192.168.1.$i to command for result:\033[0m";ssh -l root "192.168.1."$i "yum install ntpdate -y";done
# 同步每台服务器的时间 for 循环是串行的 ansible 是并行的
[root@www-jfedu-net .ssh]# for i in 2 3 4 5;do echo -e "\033[32m The 192.168.1.$i to command for result:\033[0m";ssh -l root "192.168.1."$i "ntpdate pool.ntp.org;date";done
# 查看时间
[root@www-jfedu-net .ssh]# ansible db -m command -a "date" # ansible 是并行的 -m command 是默认参数可以不加
192.168.1.3 | SUCCESS | rc=0 >>
2018年 02月 14日 星期三 14:10:56 CST
192.168.1.2 | SUCCESS | rc=0 >>
2018年 02月 14日 星期三 14:10:56 CST
[root@www-jfedu-net .ssh]# ansible web -m command -a "date" # ansible 是并行的 -m command 是默认参数可以不加
192.168.1.3 | SUCCESS | rc=0 >>
2018年 02月 14日 星期三 14:11:11 CST
192.168.1.4 | SUCCESS | rc=0 >>
2018年 02月 14日 星期三 14:11:11 CST
192.168.1.5 | SUCCESS | rc=0 >>
2018年 02月 14日 星期三 14:11:11 CST
# hosts 被修改后,ansible 命令无法执行,可以引用文件
[root@www-jfedu-net ~]# cd /etc/ansible/
[root@www-jfedu-net ansible]# ls
ansible.cfg hosts hosts.bak roles
[root@www-jfedu-net ansible]# mv hosts list.txt
[root@www-jfedu-net ansible]# ansible web -m command -a "date" # 默认的命令会报错 -m command 是默认参数可以不加
 [WARNING]: Unable to parse /etc/ansible/hosts as an inventory source
 [WARNING]: No inventory was parsed, only implicit localhost is available
 [WARNING]: Could not match supplied host pattern, ignoring: all
 [WARNING]: provided hosts list is empty, only localhost is available
 [WARNING]: Could not match supplied host pattern, ignoring: web
 [WARNING]: No hosts matched, nothing to do
[root@www-jfedu-net ansible]# ansible -i /etc/ansible/list.txt web -m command -a "date" # 引用主机列表文件 -m command 是默认参数可以不加
192.168.1.3 | SUCCESS | rc=0 >>
2018年 02月 14日 星期三 14:16:57 CST
192.168.1.4 | SUCCESS | rc=0 >>
2018年 02月 14日 星期三 14:16:57 CST
192.168.1.5 | SUCCESS | rc=0 >>
2018年 02月 14日 星期三 14:16:57 CST
# 删除 tmp 目录下文件
[root@www-jfedu-net tmp]# ansible 192.168.1.2 -m command -a "rm -rf /tmp/" # -m command 是默认参数可以不加
 [WARNING]: Consider using file module with state=absent rather than running rm
192.168.1.2 | FAILED | rc=1 >>
rm: 无法删除"/tmp/": 设备或资源忙non-zero return code
[root@www-jfedu-net tmp]# ls -al
总用量 0
drwxrwxrwt. 2 root root 6 2月 14 14:28 .
dr-xr-xr-x. 17 root root 224 2月 5 22:00 ..

# 使用 shell 模块执行命令
[root@www-jfedu-net tmp]# ansible 192.168.1.2 -m shell -a "rm -rf /tmp/*"
 [WARNING]: Consider using file module with state=absent rather than running rm
192.168.1.2 | SUCCESS | rc=0 >>

[root@www-jfedu-net tmp]# ll
总用量 0

# 显示执行命令详细过程
[root@www-jfedu-net tmp]# ansible -Cvvv 192.168.1.2 -m shell -a "rm -rf /tmp/*"

# 删除所有服务器 tmp 目录下的所有文件,但不包括.开头的文件
[root@www-jfedu-net tmp]# ansible all -m shell -a "rm -rf /tmp/*"

# 可以使用多个命令组合,使用分号隔开
[root@www-jfedu-net tmp]# ansible all -m shell -a "ls /tmp/ | grep -v ansible | wc -l;date;df -h"

# 批量安装 Apache,启动后查看 Apache 进程
[root@www-jfedu-net tmp]# ansible all -m shell -a "yum install httpd;service httpd restart;ps -ef | grep httpd"

# 批量添加 linux 任务计划
[root@www-jfedu-net tmp]# ansible all -m shell -a "echo '0 0 * * * /usr/sbin/ntpdate pool.ntp.org >>/tmp/ntp.log 2>2>&1' >>/var/spool/cron/root;crontab -l"

# 批量修改任务计划
[root@www-jfedu-net ~]# ansible all -m shell -a "sed -i '/ntpdate/s/0 0/0 1/g' /var/spool/cron/root;crontab -l"

# 批量删除任务计划
[root@www-jfedu-net ~]# ansible all -m shell -a "sed -i '/ntpdate/d' /var/spool/cron/root;crontab -l"

---------------------------------------------------------------<<
# 管理由 docker 创建的多台服务器 50 台
[root@www-jfedu-net network-scripts]# for i in `seq 1 20`;do docker run --name=jfedu_$i -itd centos68 /bin/bash;done
[root@www-jfedu-net network-scripts]# for i in `seq 21 50`;do docker run --name=jfedu_$i -itd centos68 /bin/bash;done

# 启动所有 docker
[root@www-jfedu-net ~]# for i in `docker ps -aq`;do docker start $i;done

# 查看启动的50台服务器的IP地址
[root@www-jfedu-net network-scripts]# for i in `docker ps -aq`;do echo $i;docker inspect $i | grep -i ipadd | tail -1;done

# 启动50台服务器的ssh服务
[root@www-jfedu-net network-scripts]# for i in `docker ps -aq`;do docker exec $i /etc/init.d/sshd start;done

# 获取50台服务器的ip地址
[root@www-jfedu-net ~]# for i in `docker ps -aq`;do docker exec $i ifconfig eth0;done

# 将50台服务器的ip地址追加到ansible的主机列表中(添加[docker]组)
[root@www-jfedu-net ~]# echo;for i in `docker ps -aq`;do docker exec $i ifconfig eth0 | grep "Bcast" | awk '{print $2}' | awk -F: '{print $2}';done >>/etc/ansible/hosts

# 查看 50 台服务器的 ssh 端口
[root@www-jfedu-net ~]# ansible -k docker -m shell -a "netstat -ntlp"

# 批量修改服务器的主机名
[root@www-jfedu-net ~]# ansible -k docker -m shell -a "cp /etc/skel/.bash* /root/;su"

# 指定服务器的主机名
[root@ace322556dc8 ~]# ifconfig | grep Bcast | awk '{print $2}' | awk -F. '{print "BJ-IDC-WEB-"$(NF-1)"-"$NF"-JFEDU-COM"}'

# 修改服务器的主机名
[root@BJ-IDC-WEB-1-39-JFEDU-COM ~]# hostname `ifconfig | grep Bcast | awk '{print $2}' | awk -F. '{print "BJ-IDC-WEB-"$(NF-1)"-"$NF"-JFEDU-COM"}'`;echo "127.0.0.1 `hostname`" >> /etc/hosts;su

# 批量修改服务器的主机名
# 分解内容
[root@www-jfedu-net ~]# ansible -k docker_test -m shell -a "ifconfig|grep Bcast|awk '{print "'$2'"}'|awk -F. '{print \"BJ-IDC-WEB-\""'$3'"\"-\""'$4'"\"-JFEDU.COM\"}'"
[root@www-jfedu-net ~]# ansible -k docker_test -m shell -a "A=\`ifconfig|grep Bcast|awk '{print "'$2'"}'|awk -F. '{print \"BJ-IDC-WEB-\""'$3'"\"-\""'$4'"\"-JFEDU.COM\"}'\`;echo "'$A'""
[root@www-jfedu-net ~]# ansible -k docker_test -m shell -a "A=\`ifconfig|grep Bcast|awk '{print "'$2'"}'|awk -F. '{print \"BJ-IDC-WEB-\""'$3'"\"-\""'$4'"\"-JFEDU.COM\"}'\`;hostname "'$A'""
# 最终方法
[root@www-jfedu-net ~]# ansible -k docker_test -m shell -a "A=\`ifconfig|grep Bcast|awk '{print "'$2'"}'|awk -F. '{print \"BJ-IDC-WEB-\""'$3'"\"-\""'$4'"\"-JFEDU.COM\"}'\`;hostname "'$A'";echo 127.0.0.1 \`hostname\` >>/etc/hosts"

# 拷贝文件到服务器
[root@www-jfedu-net ~]# ansible -k docker_test -m copy -a 'content="Hello World" dest=/tmp/jfedu.txt mode=755 owner=root'

# 拷贝文件到服务器 并备份
[root@www-jfedu-net ~]# ansible -k docker_test -m copy -a 'content="Hello World www.jd.com" dest=/tmp/jfedu.txt backup=yes mode=755 owner=root'

----------------------------------------------------
# 安装 screen 命令
#- 使用 shell 模块
[root@www-jfedu-net .ssh]# ansible web -m shell -a "yum remove screen -y" # 卸载
[root@www-jfedu-net .ssh]# ansible web -m shell -a "yum install screen -y" # 安装
#- 使用 ansible yum 模块
[root@www-jfedu-net ~]# ansible web -m yum -a "name=screen state=installed" # 安装
[root@www-jfedu-net ~]# ansible web -m yum -a "name=screen state=removed" # 卸载
[root@www-jfedu-net ~]# ansible web -m yum -a "name=screen state=installed disable_gpg_check=no" # 安装软件包之前是否坚持gpg

# 创建今天日期的文件夹
#- 使用 shell 模块
[root@www-jfedu-net ~]# ansible web -m shell -a "mkdir -p /tmp/`date +%F`"
#- 使用 ansible yum 模块
[root@www-jfedu-net ~]# ansible web -m file -a 'path=/tmp/2018-2-27-16-19-06.txt state=touch mode=644 owner=root'

# 向文件中追加内容并查看 
#- 使用 shell 模块
[root@www-jfedu-net ~]# ansible web -m shell -a "echo \"1234123412341234123\" >>/tmp/jfedu.txt;cat /tmp/jfedu.txt"

# user 模块
[root@www-jfedu-net ~]# ansible web -m user -a "name=jfedu002 home=/tmp/" # 创建用户指定家目录
[root@www-jfedu-net ~]# ansible web -m shell -a "tail -1 /etc/passwd" # 查看用户
[root@www-jfedu-net ~]# ansible web -m user -a "name=jfedu002 state=absent force=yes" # 强制删除用户
[root@www-jfedu-net ~]# ansible web -m user -a "name=jfedu001 force=yes system=yes" # 创建系统用户

# cron 模块
[root@www-jfedu-net ~]# ansible web -m cron -a "minute=0 hour=0 day=* month=* weekday=* name='Ntpdate server for sync time' job='/usr/sbin/ntpdate 139.224.227.121'" # 添加同步时间任务计划
#- 通过 shell 模块
[root@www-jfedu-net ~]# ansible web -m shell -a "echo '0 0 * * * /usr/sbin/ntpdate pool.ntp.org >/tmp/ntp.org 2>&1'>/var/spool/cron/root"
[root@www-jfedu-net ~]# ansible web -m shell -a "sed -i '/ntpdate/d' /var/spool/cron/root" # 删除任务计划

# synchronize 模块(同步)
[root@www-jfedu-net tmp]# yum -y install rsync
[root@www-jfedu-net tmp]# ansible web -m shell -a 'yum -y install rsync'
[root@www-jfedu-net tmp]# ansible web -m synchronize -a 'src=/tmp/ dest=/tmp/' # 使用 synchronize 模块(同步) 同步文件
[root@www-jfedu-net tmp]# ansible web -m synchronize -a 'src=/tmp/ dest=/tmp/ delete=yes' # 强制使源主机和目标主机的文件相同(目标主机会生成 ansible 临时文件)

# ansible playbook 的应用
[root@www-jfedu-net ~]# vim nginx_install.yaml # 自动部署 nginx
- hosts: 192.168.1.3
 remote_user: root
 tasks:
 - name: Jfedu Pcre-devel and Zlib LIB Install.
 yum: name=pcre-devel,pcre,zlib-devel state=installed
 - name: Jfedu Nginx WEB Server Install Process.
 shell: cd /tmp;rm -rf nginx-1.12.0.tar.gz;wget http://nginx.org/download/nginx-1.12.0.tar.gz;tar xzf nginx-1.12.0.tar.g
z;cd nginx-1.12.0;./configure --prefix=/usr/local/nginx;make;make install
[root@www-jfedu-net ~]# ansible-playbook nginx_install.yaml
[root@BJ-IDC-WEB-1-3-JFEDU ~]# /usr/local/nginx/sbin/nginx # 启动目标主机的 nginx 通过浏览器访问 nginx 主页

# 基于列表items多个值创建用户,通过{{}}定义列表变量,with_items选项传入变量的值
[root@www-jfedu-net ~]# vim useradd.yaml
- hosts: 192.168.1.3
 remote_user: root
 tasks:
 - name: Linux system Add User list.
 user: name={{ item }} state=present
 with_items:
 - jfedu1
 - jfedu2
 - jfedu3
 - jfedu4
[root@www-jfedu-net ~]# ansible-playbook useradd.yaml
[root@BJ-IDC-WEB-1-3-JFEDU ~]# tail -5 /etc/passwd
jfedu001:x:500:500::/tmp/:/bin/bash
jfedu1:x:501:501::/home/jfedu1:/bin/bash
jfedu2:x:502:502::/home/jfedu2:/bin/bash
jfedu3:x:503:503::/home/jfedu3:/bin/bash
jfedu4:x:504:504::/home/jfedu4:/bin/bash

# 修改 ansible 默认模块
[root@www-jfedu-net ansible]# vim ansible.cfg
...
104 module_name = shell # 打开此行注释,并修改 command 为 shell
...
[root@www-jfedu-net ansible]# ansible web -a "ps -ef | grep nginx" # 通过含有管道符的命令,查看默认模块是否修改成功

# rsync 同步 增量更新
[root@www-jfedu-net ~]# rsync -aP /root/ root@192.168.1.3:/root/
# scp 每次拷贝,都会覆盖之前的内容
[root@www-jfedu-net ~]# scp -r /root/ root@192.168.1.3:/root/ 

 

 

发表评论

zh_CNChinese
zh_CNChinese