1-2 ansibe基本概述

1-3 Ansible组织架构

1-4 Ansible安装配置

Ansible安装

192.168.1.71       Ansible主控端

192.168.1.72       Ansible被控端

192.168.1.73       Ansible被控端

1、先安装epel源（提供最新的ansible）

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

2、安装Ansible

yum install ansible -y

3、Ansible的配置文件，配置文件可疑随意放，但有查找顺序

$ANSIBLE_CONFIG

ansible.cfg                             #当前目录下面查找

.ansible.cfg                            #当前用户家目录下面查找

 /etc/ansible/ansible.cfg

[root@wld-01-71 ~]# cat /etc/ansible/ansible.cfg

#inventory             = /etc/ansible/hosts                        #主机列表配置文件

#library                  = /usr/share/my_modules/             #库文件存放目录

#remote_tmp         = ~/.ansible/tmp                            #临时py文件存放在远程主机目录

#local_tmp             = ~/.ansible/tmp                            #本机的临时执行目录

#forks                    = 5                                                 #默认并发数

#sudo_user           = root          #默认sudo用户

#ask_sudo_pass   = True         #每次执行是否询问sudo的ssh密码

#ask_pass             = True         #每次执行是否询问ssh密码

#remote_port         = 22          #远程主机端口

host_key_checking =False         #跳过检查主机指纹

log_path = /var/log/ansible.log                                   #ansible日志

[privilege_escalation]                                                          #如果是普通用户则需配置提权 

#become=True

#become_method=sudo

#become_user=root

#become_ask_pass=False

--------------------------------------------------------------------------------------------------------

场景二、基于密钥链接，需要先创建公钥和私钥，并下发公钥至被控端

[root@wld-01-71 .ssh]# ssh-keygen

[root@wld-01-71 .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub  [email protected]

[root@wld-01-71 .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub  [email protected]

---------------------------------------------------------------------------------------------------------

#方式一、主机+端口+密钥

[webservers]

192.168.1.72或192.168.1.72:8888（不是22端口的）

192.168.1.73

结果：

[root@wld-01-71 ~]# ansible webservers -m ping -i ./hosts

192.168.1.72 | SUCCESS => {

    "changed": false,

    "ping": "pong"

}

192.168.1.73 | SUCCESS => {

    "changed": false,

    "ping": "pong"

}

#方式二、别名+主机+端口+密钥

[webservers]

web01 ansible_ssh_host=192.168.1.72 ansible_ssh_port=22

web01 ansible_ssh_host=192.168.1.73 ansible_ssh_port=22

结果：

[root@wld-01-71 ~]# ansible webservers1 -m ping -i ./hosts

web02 | SUCCESS => {

    "changed": false,

    "ping": "pong"

}

web01 | SUCCESS => {

    "changed": false,

    "ping": "pong"

}

---------------------------------------------------------------------------------------------------

场景三、主机组使用方式

#1、定义两个组

[webservers]

192.168.1.72

192.168.1.73

[lbservers]

192.168.1.74

192.168.1.75

结果：

[root@wld-01-71 ~]# ansible webservers -m ping -i ./hosts --list-hosts

  hosts (2):

    192.168.1.72

    192.168.1.73

#2、servers组包括两个子组[webservers,lbservers]

[webservers]

web01 ansible_ssh_host=192.168.1.72 ansible_ssh_port=22

[lbservers]

web02 ansible_ssh_host=192.168.1.73 ansible_ssh_port=22

[servers:children]

webservers

lbservers

结果：

[root@wld-01-71 ~]# ansible servers -m ping -i ./hosts --list-hosts

  hosts (2):

    web01

[root@wld-01-71 ~]# ansible all -m ping -i ./hosts --list-hosts

  hosts (3):

    web01

    web02

    web03

--------------------------------------------------------------------------------------------------------------------------