簡介
-
ansible
inventory
組
子組
被管理節點機器
/etc/ansible/hosts
-i
指定其他清單檔案
inventory (INI格式)示例
- 我們在 ansible自動化運維工具環境準備 這一篇文章中,已經把
node1
node2
node3
[vagrant@controller my_ansible_dir]$ cat /etc/hosts | tail -n 3
192.168.56.6 node1
192.168.56.7 node2
192.168.56.4 node3 複制
-
沒有配置
使用IP
node1 ansible_connection=ssh ansible_user=vagrant ansible_ssh_pass=vagrant
node2 ansible_connection=ssh ansible_user=vagrant ansible_ssh_pass=vagrant
node3 ansible_connection=ssh ansible_user=vagrant ansible_ssh_pass=vagrant 複制
- 使用
ping
[vagrant@controller inventory]$ pwd
/data/my_ansible_dir/inventory
[vagrant@controller inventory]$ ansible all -m ping -i inventory.ini
node3 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
node2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
} 複制
- 當然我們也可以對單一的節點伺服器使用
ping
[vagrant@controller inventory]$ ansible node1 -m ping -i inventory.ini
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
} 複制
- 亦或者我們可以對節點伺服器進行分組以及按分組檢查伺服器存活(inventory.ini)
[web1]
node1 ansible_connection=ssh ansible_user=vagrant ansible_ssh_pass=vagrant
node2 ansible_connection=ssh ansible_user=vagrant ansible_ssh_pass=vagrant
[web2]
node3 ansible_connection=ssh ansible_user=vagrant ansible_ssh_pass=vagrant 複制
[vagrant@controller inventory]$ ansible web1 -m ping -i inventory.ini
node2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[vagrant@controller inventory]$ ansible web2 -m ping -i inventory.ini
node3 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong" 複制
- 我們還可以使用類似正規表達式的方法來配置節點伺服器清單
# 假如我們web1分組有3個節點伺服器
[web1]
node[1:3] ansible_connection=ssh ansible_user=vagrant ansible_ssh_pass=vagrant 複制
免密登陸
- 配置管理節點免密登陸,設定用于節點鑒權的SSH密鑰
- 密碼寫到
inventory.ini
- 其實ansible自動化運維工具環境準備 這一篇文章中,我們已經通過腳本實作了免密登陸,這裡我再單獨拿出來做個簡單的示範。
ssh-keygen 或者 ssh-keygen -t rsa -b 2048
ssh-copy-id vagrant@node1
ssh-copy-id vagrant@node2
ssh-copy-id vagrant@node3 複制
- 如果感覺需要互動麻煩的話可以使用腳本expect工具免互動式執行
- 需要安裝expect工具
sudo yum -y install expect 或者 sudo apt update && sudo apt-get -y install expect
- 需要了解expect工具的可以移步 Linux之expect工具免互動式shell腳本執行 檢視
touch ssh_key.sh && chmod +x ssh_key.sh
./shh_key.sh node1 node2 node3 複制
- 腳本内容
#!/usr/bin/sh
run_ssh_keygen(){
rm -rf $rsa_pub
/usr/bin/expect<<EOF
set timeout 10
spawn ssh-keygen -t rsa -b 2048
expect {
"Enter file in" {send "\n"; exp_continue}
"Overwrite (y/n)" {send "y\n"; exp_continue}
"Enter passphrase" {send "\n"; exp_continue}
"passphrase again" {send "\n"; exp_continue}
}
EOF
}
send_ssh_key(){
pwd=vagrant
/usr/bin/expect<<EOF
set timeout 30
spawn ssh-copy-id vagrant@$1
expect {
"connecting (yes/no)?" {send "yes\n"; exp_continue}
"password:" {send "$pwd\n"; exp_continue}
}
EOF
}
rsa_pub=$HOME/.ssh/id_rsa.pub
if [ ! -f $rsa_pub ]; then
run_ssh_keygen
fi
nodes=${@:-node1 node2 node3}
if [ -f $rsa_pub ]; then
for node in $nodes
do
send_ssh_key $node
done
fi 複制
- 修改 inventory.ini
[web1]
node1 ansible_connection=ssh
node2 ansible_connection=ssh
[web2]
node3 ansible_connection=ssh 複制
- 使用
ping
[vagrant@controller inventory]$ ansible all -m ping -i inventory.ini
node3 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
node2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
} 複制