ansible

实验环境

centos6.9_x64

ansible_server  192.168.1.12

ansible_slave    192.168.1.13

实验软件

ansible-2.6.8-1.el6.noarch

sshpass-1.06-1.el6.x86_64

ansible-tower-setup-latest.tar.gz

软件安装

cp -pv /etc/hosts /etc/hosts.bak

echo  192.168.1.12 an1  >> /etc/hosts

echo  192.168.1.13 an2  >> /etc/hosts

sed -i.bak 's/centos6/an1/g'  /etc/sysconfig/network

yum install  -y  lsof  iftop  ntp axel   python-scp openssh-server  openssh-clients

yum install -y   ansible expect  openssl openssl-devel epel-release

yum install -y  supervisor   mailcap 

yum install -y  centos-release-scl-rh centos-release-scl

sed -i 's/^mirrorlist=https/mirrorlist=http/' /etc/yum.repos.d/epel.repo   master/slave端操作

sed -i 's#mirror.centos.org#centos.ustc.edu.cn#g' /etc/yum.repos.d/centos-sclo-scl.repo

sed -i 's#mirror.centos.org#centos.ustc.edu.cn#g' /etc/yum.repos.d/centos-sclo-scl-rh.repo

service ntpd restart && ntpdate 192.168.1.12  &&  chkconfig --level 35 ntpd on && clock -w

service iptables stop  && chkconfig --level 35 iptables off

ssh [email protected] 'service ntpd restart && ntpdate 192.168.1.12  &&  chkconfig --level 35 ntpd on && clock -w'

scp  -pr /etc/hosts [email protected]:/etc/hosts

scp  -pr /etc/sysconfig/network  [email protected]:/etc/sysconfig/network   an1操作

sed -i.bak 's/an1/an2/g'  /etc/sysconfig/network                                                an1操作

ansible --version

ansible 2.6.20

cp -pv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak    开启ssh持久化

echo clientaliveinterval 600 >> /etc/ssh/sshd_config

echo clientalivecountmax 100 >> /etc/ssh/sshd_config

service sshd restart && chkconfig --level 35 sshd on

scp -pr  /etc/ssh/sshd_config [email protected]:/etc/ssh/

cp -pv  /etc/ansible/hosts /etc/ansible/hosts.bak  &&  touch /var/log/ansible.log

cp -pv  /etc/ansible/ansible.cfg /etc/ansible/ansible.cfg.bak

sed -i 's/#log_path/log_path/g' /etc/ansible/ansible.cfg

sed -i 's/#inventory/inventory/g' /etc/ansible/ansible.cfg

sed -i 's/#remote_user/remote_user/g' /etc/ansible/ansible.cfg

sed -i 's/#host_key_checking /host_key_checking/g' /etc/ansible/ansible.cfg

sed -i 's/# command_warnings/command_warnings/g' /etc/ansible/ansible.cfg

mkpasswd -l 10 -c 5   生成密码

bx6{ivgdk4

openssl passwd 123456   生成密文密码

3bhmtzgncvrks

cat /etc/ansible/hosts

[server]                                                                                         模块可自定义

192.168.1.12  ansible_ssh_user=root ansible_ssh_port=22 ansible_ssh_pass=3bhmtzgncvrks    指定用户名 ip  端口号  密码 

192.168.1.13 ansible_ssh_user=root ansible_ssh_port=22 ansible_ssh_pass=3bhmtzgncvrks

ansible all -m ping

192.168.1.12 | success => {

    "changed": false, 

    "ping": "pong"

}          

192.168.1.13 | success => {

}             

ansible all -a 'uptime'           ls cp等均可实现

192.168.1.12 | success | rc=0 >>

09:43:36 up 29 min,  3 users,  load average: 0.00, 0.02, 0.00

192.168.1.13 | success | rc=0 >>

ansibles设置加密

cat /etc/ansible/hosts                                                                                          

[servers]

192.168.1.12  ansible_ssh_user=root ansible_ssh_port=22 ansible_ssh_pass=1

192.168.1.13  ansible_ssh_user=root ansible_ssh_port=22 ansible_ssh_pass=1             可以看见密码尚未加密

ansible-vault encrypt /etc/ansible/hosts         加密密码123456 需要两次输入确定

$ansible_vault;1.1;aes256

64386266306265646465366334626236343734636330663735656261386534343761333039633134

6635313862343930383161353864666636363435626539370a653238663037643538306331366361     无法看见明文密码加密成功

ansible -i  /etc/ansible/hosts server -m ping --ask-vault-pass    server为分组

vault password: 

}

ansible-doc -l                            查看功能模块 

ansible-doc -l | grep copy         查看具体功能模块 

-m                                           添加模块执行

-a '命令' 

ansible all                               所有主机

ansible server                         自定义分组批量执行命令

ansible server -m copy  -a  "src=/home/test.sh  dest=/tmp/ owner=root group=root mode=0755" 批量复制脚本 

ansible server -m shell -a   "/bin/sh /tmp/test.sh"                              执行脚本

ansible java   -m shell -a   "/bin/sh /tmp/test.sh"  --sudo                       sudo提权执行脚本

ansible server -m file  -a  "dest=/home/test.txt state=touch"    创建文件

ansible server -m copy -a "src=/root/tests/  dest=/root/tests force=no"  复制文件

ansible server -m file -a "dest=/home/test.txt state=absent"      删除文件

ansible server -m file -a "dest=/home/tests  mode=755 owner=root group=root state=directory"  建立目录

ansible server -m unarchive  -a "src=/root/test1.tar.gz  dest=/root/tests mode=0755     force=yes  copy=yes"  远程解压覆盖文件

ansible server -m file -a "dest=/home/tests state=absent"       删除目录

 ansible server -m yum   -a "name=httpd"  安装服务

ansible server -m yum   -a "name=vsftpd" 

ansible server -m service -a "name=httpd state=started/restarted/stopped enabled=yes"   远程启动服务

ansible server -m service -a "name=vsftpd state=started enabled=yes"

openssl passwd -1 -salt 123.com    123.com 为用户密码，opnenssl生成密文密码

ansible server -m user -a 'name=test comment="add a test user" password="$1$123.com$6oaka602q3mp5w4zaugbb0"'  建立用户设置密码

ansible server -m group -a "name=g1 gid=666 state=present system=yes"  新建组 g1位组名

ansible server -m group -a "name=g1 state=absent"                删除组 

ansible server -m command -a "id test01" 查看用户

ansible server -m user -a "name=test01 state=absent remove=yes"   删除用户

ansible server -a "uptime"  执行命令

ansible server -m raw -a "ifconfig eth0"              查看主机ip地址

ansible server -m raw -a "tail /etc/group | grep g1"  查看组

ansible java   -m setup -a "filter=ansible_eth[0-1]"  查看ip地址

ansible all  -m ping       查看主机存活情况

ansible server -m setup      系统信息收集

ansible server --list      查看分组主机

ansible test -u root -m setup  查看系统信息

ansible server   -a "rpm -qa  vsftpd"  查看安装rpm包

ansible server   -a "lsof -i:21"      查看服务状态

ansible server   -a "netstat -tuplna | grep vsftpd"

ansible all -a "/sbin/reboot" -f 10 --sudo -k  重启 --sudo 为普通用户sudo权限

ansibles配置playbook

touch /etc/ansible/roles/mysql.yml

cat /etc/ansible/roles/mysql.yml 

- hosts: server

  remote_user: root

  tasks:

    - name: install mysql-server package

      yum: name=mysql-server state=present

    - name: starting mysqld service

      service: name=mysql state=started

ansible-playbook /etc/ansible/roles/mysql.yml --syntax-check

playbook: /etc/ansible/roles/mysql.yml

ansible-playbook /etc/ansible/roles/mysql.yml 

service rh-postgresql10-postgresql  restart && chkconfig --level 35   rh-postgresql10-postgresql  on

service  supervisord restart && chkconfig --level 35    supervisord  on 

tar zxvf ansible-tower-setup-latest.tar.gz        配置图形化管理工具

mv  ansible-tower-setup-3.8.0-1 /usr/local/tower

cd /usr/local/tower

cp -pv inventory inventory.bak

sed -i "s#password=''#password='admin'#g" inventory

sed -i "s#host=''#host='127.0.0.1'#g" inventory

sed -i "s#port=''#port='5432'#g" inventory

./setup.sh 

https://serverip/#/login   admin/admin

ps -aux | grep ansible

warning: bad syntax, perhaps a bogus '-'? see /usr/share/doc/procps-3.2.8/faq

root      2372  0.0  0.0 103332   884 pts/0    s+   09:37   0:00 grep ansible

netstat -tuplna | grep 5432

tcp        0      0 127.0.0.1:5432          0.0.0.0:*               listen      10335/postmaster    

tcp6       0      0 ::1:5432                :::*                    listen      10335/postmaster

ps  -ef | grep supervisord

root       1623      1  0 22:41 ?        00:00:00 /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf

root       1635   1390  0 22:42 pts/1    00:00:00 grep --color=auto supervisord

netstat -tuplna | grep 80

tcp        0      0 0.0.0.0:80              0.0.0.0:*               listen      16003/nginx: master 

tcp6       0      0 :::80                   :::*                    listen      16003/nginx: master         

netstat -tuplna | grep 443

tcp        0      0 0.0.0.0:443             0.0.0.0:*               listen      16003/nginx: master 

tcp6       0      0 :::443                  :::*                    listen      16003/nginx: master