ansible配置及简单操作，ansible配置

ansible配置及简单操作，ansible配置

ansible配置及简单操作


一、免密SSH密钥
1、在Ansible服务端生成密钥，并且复制公钥到节点中。
[root@elb ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
89:13:34:37:96:34:ae:38:1e:c9:de:cf:d2:87:d3:e1 root@elb
The key's randomart image is:
+--[ RSA 2048]----+
|      o.*.       |
|     . =.o       |
|      . .        |
|   . o + .       |
|    * + S        |
|   o + .  .      |
|    o .. + .     |
|      .o+ E      |
|       .oo       |
+-----------------+


2、使用ssh-copy-id命令来复制Ansible公钥到节点中。
客户端主机
192.168.3.49
192.168.3.62
[root@elb ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.3.49
The authenticity of host '192.168.3.49 (192.168.3.49)' can't be established.
RSA key fingerprint is 5f:73:2a:96:12:c8:1d:af:d8:d4:a7:0d:53:db:0c:81.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.3.49' (RSA) to the list of known hosts.
root@192.168.3.49's password: 
Now try logging into the machine, with "ssh 'root@192.168.3.49'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[root@elb ~]# 
[root@elb ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.3.62
The authenticity of host '192.168.3.62 (192.168.3.62)' can't be established.
RSA key fingerprint is 50:d1:85:98:0c:9f:b8:04:9e:01:c9:94:79:9e:a6:f1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.3.62' (RSA) to the list of known hosts.
root@192.168.3.62's password: 
Now try logging into the machine, with "ssh 'root@192.168.3.62'", and check in:


  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

测试免密登录
[root@elb ~]# ssh 192.168.3.49
Last login: Thu Jan  5 08:49:13 2017 from 192.168.3.41
[root@nginx ~]# exit
logout
Connection to 192.168.3.49 closed.
[root@elb ~]# ssh 192.168.3.62
Last login: Mon Nov 14 20:53:20 2016 from 192.168.3.41
[root@mysql ~]# exit
logout
Connection to 192.168.3.62 closed.

二、为Ansible定义节点的清单
[root@elb ~]# vi /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the '#' character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups


# Ex 1: Ungrouped hosts, specify before any group headers.


## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10

# Ex 2: A collection of hosts belonging to the 'webservers' group

[webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
192.168.3.49
# If you have multiple hosts following a pattern you can specify
# them like this:


## www[001:006].example.com

# Ex 3: A collection of database servers in the 'dbservers' group

[dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
192.168.3.62
# Here's another example of host ranges, this time there are no
# leading 0s:


## db-[99:101]-node.example.com

三、在Ansible服务端运行命令
需要在远程执行一个个命令来管理远程服务器；
远程执行命令的模块有command、shell、scripts、以及raw模块；

官方http://docs.ansible.com/ansible/list_of_commands_modules.html

command模块
使用ping检查webservers、dbservers或者ansible节点的连通性
ansible -m ping 'dbservers'

[root@elb ~]# ansible -m ping 'webservers'
192.168.3.49 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
[root@elb ~]# ansible -m ping 'dbservers'
192.168.3.62 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}


例子1：检查Ansible节点的运行时间（uptime）
ansible -m command -a "uptime" 'webservers'

[root@elb ~]# ansible -m command -a "uptime" 'webservers'
192.168.3.49 | SUCCESS | rc=0 >>
 09:11:49 up  3:25,  5 users,  load average: 0.08, 0.02, 0.01

[root@elb ~]# ansible -m command -a "uptime" 'dbservers' 
192.168.3.62 | SUCCESS | rc=0 >>
 21:05:37 up 10:58,  6 users,  load average: 0.00, 0.00, 0.00

[root@elb ~]# 

例子2：检查节点的内核版本
ansible -m command -a "uname -r" 'webservers'
ansible -m command -a "uname -r" 'dbservers' 

[root@elb ~]# ansible -m command -a "uname -r" 'webservers'
192.168.3.49 | SUCCESS | rc=0 >>
2.6.32-642.6.2.el6.x86_64

[root@elb ~]# ansible -m command -a "uname -r" 'dbservers' 
192.168.3.62 | SUCCESS | rc=0 >>
2.6.32-642.6.2.el6.x86_64


例子3：给节点增加用户
ansible -m command -a "useradd wolf" 'webservers'
ansible -m command -a "useradd wolf" 'dbservers' 

[root@elb ~]# ansible -m command -a "useradd wolf" 'webservers'
192.168.3.49 | SUCCESS | rc=0 >>

[root@elb ~]# ansible -m command -a "useradd wolf" 'dbservers' 
192.168.3.62 | SUCCESS | rc=0 >>

ansible -m command -a "grep wolf /etc/passwd" 'webservers'
ansible -m command -a "grep wolf /etc/passwd" 'dbservers' 

例子4：重定向输出到文件中
ansible -m command -a "df -Th" 'webservers'>/tmp/command-output.txt
ansible -m command -a "df -Th" 'dbservers'>>/tmp/command-output.txt

[root@elb ~]# ansible -m command -a "df -Th" 'webservers'>/tmp/command-output.txt
[root@elb ~]# cat /tmp/command-output.txt
192.168.3.49 | SUCCESS | rc=0 >>
Filesystem           Type     Size  Used Avail Use% Mounted on
/dev/mapper/vg_nginx-lv_root
                     ext4      18G  5.6G   11G  34% /
tmpfs                tmpfs    491M  228K  491M   1% /dev/shm
/dev/sda1            ext4     477M   60M  392M  14% /boot
/dev/sr0             iso9660  4.2G  4.2G     0 100% /media/CentOS_6.5_Final
[root@elb ~]# ansible -m command -a "df -Th" 'dbservers'>>/tmp/command-output.txt
[root@elb ~]# cat /tmp/command-output.txt                                        
192.168.3.49 | SUCCESS | rc=0 >>
Filesystem           Type     Size  Used Avail Use% Mounted on
/dev/mapper/vg_nginx-lv_root
                     ext4      18G  5.6G   11G  34% /
tmpfs                tmpfs    491M  228K  491M   1% /dev/shm
/dev/sda1            ext4     477M   60M  392M  14% /boot
/dev/sr0             iso9660  4.2G  4.2G     0 100% /media/CentOS_6.5_Final
192.168.3.62 | SUCCESS | rc=0 >>
Filesystem           Type   Size  Used Avail Use% Mounted on
/dev/mapper/vg_mysql-lv_root
                     ext4    18G  7.1G  9.3G  44% /
tmpfs                tmpfs  931M  320K  931M   1% /dev/shm
/dev/sda1            ext4   477M   60M  392M  14% /boot


copy模块
ansible 'webservers' -m copy -a "src=/root/wolf.txt dest=~/"
ansible 'dbservers' -m copy -a "src=/root/wolf.txt dest=~/"


[root@elb ~]# ansible 'webservers' -m copy -a "src=/root/wolf.txt dest=~/"
192.168.3.49 | SUCCESS => {
    "changed": true, 
    "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", 
    "dest": "/root/wolf.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "d41d8cd98f00b204e9800998ecf8427e", 
    "mode": "0644", 
    "owner": "root", 
    "size": 0, 
    "src": "/root/.ansible/tmp/ansible-tmp-1480402539.29-166423323929037/source", 
    "state": "file", 
    "uid": 0
}
[root@elb ~]# ansible 'dbservers' -m copy -a "src=/root/wolf.txt dest=~/"
192.168.3.62 | SUCCESS => {
    "changed": true, 
    "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", 
    "dest": "/root/wolf.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "d41d8cd98f00b204e9800998ecf8427e", 
    "mode": "0644", 
    "owner": "root", 
    "size": 0, 
    "src": "/root/.ansible/tmp/ansible-tmp-1480402545.85-144739460041681/source", 
    "state": "file", 
    "uid": 0
}


shell模块
执行shell命令
ansible 'webservers'  -a "ps -fe |grep nginx" -m shell
ansible 'dbservers'  -a "ps -fe |grep mysql" -m shell
[root@elb ~]# ansible 'dbservers'  -a "ps -fe |grep mysql" -m shell
192.168.3.62 | SUCCESS | rc=0 >>
root      95353  95352  0 22:12 pts/1    00:00:00 /bin/sh -c ps -fe |grep mysql
root      95355  95353  0 22:12 pts/1    00:00:00 grep mysql
root     100297      1  0 12:07 ?        00:00:00 /bin/sh /soft/mysql5.1.72/bin/mysqld_safe --datadir=/soft/mysql5.1.72/data --pid-file=/soft/mysql5.1.72/data/mysql.pid
mysql    100414 100297  0 12:07 ?        00:00:14 /soft/mysql5.1.72/libexec/mysqld --basedir=/soft/mysql5.1.72 --datadir=/soft/mysql5.1.72/data --user=mysql --log-error=/soft/mysql5.1.72/data/mysql.err --pid-file=/soft/mysql5.1.72/data/mysql.pid --socket=/soft/mysql5.1.72/tmp/mysql.sock --port=3306


[root@elb ~]# ansible 'webservers'  -a "ps -fe |grep nginx" -m shell
192.168.3.49 | SUCCESS | rc=0 >>
root       1992      1  0 05:47 ?        00:00:00 /bin/sh /data/mysql/bin/mysqld_safe --datadir=/data/db --pid-file=/data/db/nginx.pid
mysql      2320   1992  0 05:47 ?        00:00:11 /data/mysql/bin/mysqld --basedir=/data/mysql --datadir=/data/db --plugin-dir=/data/mysql/lib/plugin --user=mysql --log-error=/data/db/nginx.err --pid-file=/data/db/nginx.pid --socket=/tmp/mysql.sock --port=3306
nginx      2325   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2326   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2327   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2328   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2329   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2330   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2331   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2332   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2333   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2334   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2335   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2336   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2337   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2338   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2339   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
nginx      2340   2324  0 05:47 ?        00:00:00 php-fpm: pool www     
root       2342      1  0 05:47 ?        00:00:00 nginx: master process /data/nginx/sbin/nginx
nginx      2345   2342  0 05:47 ?        00:00:01 nginx: worker process 
nginx      2346   2342  0 05:47 ?        00:00:00 nginx: worker process 
root       6726   6725  0 10:18 pts/1    00:00:00 /bin/sh -c ps -fe |grep nginx
root       6728   6726  0 10:18 pts/1    00:00:00 grep nginx

scripts模块
[root@elb ~]# vi ll.sh 
ls
[root@elb ~]# sh ll.sh 
anaconda-ks.cfg  Desktop  Documents  Downloads  install.log  install.log.syslog  ll.sh  Music  Pictures  Public  Templates  Videos  wolf.txt


ansible webservers  -m script -a "/root/ll.sh"
ansible dbservers  -m script -a "/root/ll.sh"


webservers 上
[root@nginx ~]# touch 111
dbservers上
[root@mysql ~]# touch 132
[root@elb ~]# ansible webservers  -m script -a "/root/ll.sh"
192.168.3.49 | SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.3.49 closed.\r\n", 
    "stdout": "111\t\t Documents    install.log.syslog  Public     wolf.txt\r\nanaconda-ks.cfg  Downloads    Music\t\t  Templates\r\nDesktop\t\t install.log  Pictures\t\t  Videos\r\n", 
    "stdout_lines": [
        "111\t\t Documents    install.log.syslog  Public     wolf.txt", 
        "anaconda-ks.cfg  Downloads    Music\t\t  Templates", 
        "Desktop\t\t install.log  Pictures\t\t  Videos"
    ]
}
[root@elb ~]# ansible dbservers  -m script -a "/root/ll.sh" 
192.168.3.62 | SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.3.62 closed.\r\n", 
    "stdout": "132\t\t Documents    install.log.syslog  Public     Videos\r\nanaconda-ks.cfg  Downloads    Music\t\t  soft\t     wolf.txt\r\nDesktop\t\t install.log  Pictures\t\t  Templates\r\n", 
    "stdout_lines": [
        "132\t\t Documents    install.log.syslog  Public     Videos", 
        "anaconda-ks.cfg  Downloads    Music\t\t  soft\t     wolf.txt", 
        "Desktop\t\t install.log  Pictures\t\t  Templates"
    ]
}