ICode9
精准搜索请尝试: 精确搜索
首页
编程语言>
数据库
系统相关
互联网
其他分享
Python
Java
JavaScript
android
PHP
首页 > 其他分享> 文章详细

ansible

2022-05-29 23:00:26  阅读:186  来源: 互联网

标签:changed ansible yaoguang Ansible ssh root


概述

Ansible是一个开源配置管理工具,可以使用它来自动化任务,部署应用程序实现IT基础架构。Ansible可以用来自动化日常任务,比如,服务器的初始化配置、安全基线配置、更新和打补丁系统,安装软件包等。Ansible架构相对比较简单,仅需通过SSH连接客户机执行任务即可:

概念术语介绍

Ansible的与节点有关的重要术语包括控制节点,受管节点,清单和主机文件:

  • 控制节点(Control node):指安装了Ansible的主机,也叫Ansible服务器端,管理机。 Ansible控制节点主要用于发布运行任务,执行控制命令。Ansible的程序都安装在控制节点上,控制节点需要安装Python和Ansible所需的各种依赖库。

  • 受控节点(Managed nodes):也叫客户机,就是想用Ansible执行任务的客户服务器。

  • 清单(Inventory):受控节点的列表,就是所有要管理的主机列表。

  • host文件:清单列表通常保存在一个名为host文件中。在host文件中,可以使用IP地址或者主机名来表示具体的管理主机和认证信息,并可以根据主机的用户进行分组。缺省文件:/etc/ansible/hosts,可以通过-i指定自定义的host文件。

  • 模块(Modules):模块是Ansible执行特定任务的代码块。比如:添加用户,上传文件和对客户机执行ping操作等。Ansible现在默认自带450多个模块,,Ansible Galaxy公共存储库则包含大约1600个模块。

  • 任务(Task):是Ansible客户机上执行的操作。可以使用ad-hoc单行命令执行一个任务。

  • 剧本(Playbook):是利用YAML标记语言编写的可重复执行的任务的列表,playbook实现任务的更便捷的读写和贡献。比如,在Github上有大量的Ansible playbooks共享,你要你有一双善于发现的眼睛你就能找到大量的宝藏。

  • 角色(roles):角色是Ansible 1.2版本引入的新特性,用于层次性、结构化地组织playbook。roles能够根据层次型结构自动装载变量文件、tasks以及handlers等。

安装ansible

[root@yaoguang ~]# yum install -y epel-release

[root@yaoguang ~]# yum install -y ansible

设置ssh免密登录

[root@yaoguang ~]# ssh-keygen		#在本地主机生成密钥对,一直回车

[root@yaoguang ~]# ls -a
.  ..  .ansible  .bash_history  .bash_logout  .bash_profile  .bashrc  .cshrc  .history  .pki  .ssh  .tcshrc  .viminfo
[root@yaoguang ~]# ls .ssh
authorized_keys  id_rsa  id_rsa.pub

[root@yaoguang ~]# cd .ssh
[root@yaoguang .ssh]# ssh-copy-id -i id_rsa.pub root@119.3.70.78		#将公钥复制到需要控制的主机上(这个地方的ip写的是主机清单里面的IP,因为我只有一台虚拟机,所以就写的本机的IP)
Now try logging into the machine, with:   "ssh 'root@119.3.70.78'"
and check to make sure that only the key(s) you wanted were added.

[root@yaoguang .ssh]# ssh 119.3.70.78		#免密登录
Last login: Sun May 29 09:48:46 2022 from 1.80.145.182
	
	Welcome to Huawei Cloud Service

命令管理主机

ansible命令格式

ansible [hosts] [options]

检查ansible安装环境

ansible all -m ping -u root #-m:指定要使用的模块,-u:指定用什么身份去运行,-a:给模块传递参数

[root@yaoguang ~]# ansible text -m ping
q | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname q: Name or service not known", 
    "unreachable": true
}
119.3.70.78 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

[root@yaoguang ~]# ansible all -a "echo hello world"
q | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname q: Name or service not known", 
    "unreachable": true
}
119.3.70.78 | CHANGED | rc=0 >>
hello world

复制文件

[root@yaoguang ~]# ansible text -m copy -a "src=/etc/passwd dest=/opt/passwd"
q | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname q: 
Name or service not known",     "unreachable": true
}
119.3.70.78 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "checksum": "e5a17ba2ff6cbc8b98fe92c3b47c1d4fec506cfe", 
    "dest": "/opt/passwd", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "7a768a8eaf7804135d2152f23fb643bd", 
    "mode": "0644", 
    "owner": "root", 
    "size": 879, 
    "src": "/root/.ansible/tmp/ansible-tmp-1653831974.08-14463-52461083675877/source",
     "state": "file", 
    "uid": 0
}

安装软件

[root@yaoguang ~]# ansible text -m yum -a "name=lrzsz"
q | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname q: 
Name or service not known",     "unreachable": true
}
119.3.70.78 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "changes": {
        "installed": [
            "lrzsz"
        ]
    }, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\nRe
solving Dependencies\n--> Running transaction check\n---> Package lrzsz.x86_64 0:0.12.20-36.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package         Arch             Version                  Repository      Size\n================================================================================\nInstalling:\n lrzsz           x86_64           0.12.20-36.el7           base            78 k\n\nTransaction Summary\n================================================================================\nInstall  1 Package\n\nTotal download size: 78 k\nInstalled size: 181 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n  Installing : lrzsz-0.12.20-36.el7.x86_64                                  1/1 \n  Verifying  : lrzsz-0.12.20-36.el7.x86_64                                  1/1 \n\nInstalled:\n  lrzsz.x86_64 0:0.12.20-36.el7                                                 \n\nComplete!\n"    ]
}
[root@yaoguang ~]# rpm -qa | grep lrzsz
lrzsz-0.12.20-36.el7.x86_64

添加用户

[root@yaoguang ~]# ansible text -m user -a "name=zhangsan password=123456"
q | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname q: Name or service not known", 
    "unreachable": true
}
[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work
properly.
119.3.70.78 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1000, 
    "home": "/home/zhangsan", 
    "name": "zhangsan", 
    "password": "NOT_LOGGING_PASSWORD", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 1000
}

启动服务

[root@yaoguang ~]# ansible text -m service -a "name=sshd state=started"
q | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname q: Name or service not known", 
    "unreachable": true
}
119.3.70.78 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "name": "sshd", 
    "state": "started",

并行执行

[root@yaoguang ~]# ansible text -a "echo hello world" -f 10		#-f:指定并行的数量
q | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname q: Name or service not known", 
    "unreachable": true
}
119.3.70.78 | CHANGED | rc=0 >>
hello world

获取系统信息

[root@yaoguang ~]# ansible text -m setup

标签:changed,ansible,yaoguang,Ansible,ssh,root
来源: https://www.cnblogs.com/yaoguang0618/p/16323814.html

本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享;
2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关;
3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关;
4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除;
5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。

关于我们 | 联系我们 | 留言反馈

专注分享技术,共同学习,共同进步。侵权联系[81616952@qq.com]

Copyright (C)ICode9.com, All Rights Reserved.

ICode9版权所有