背景
你厌恶要手动操作多台机器进行某些重复的操作吗?想象一下,在周五的晚上你想要下班了,但是你得在很多台机器手动发布一些东西,每台机器都要整半小时,整整8台机器,一晚上几个小时可以预见又没了。
ansible使你解脱。写一些配置文件,一条命令执行它,然后等待所有机器同时工作,确认一下没问题,然后举杯庆祝。
一、配置windows主机
1、改powerShell的策略为remotesigned,否则运行不了powerShell脚本文件。
|----------------------------------------------------------------------|
| #检查 get-executionpolicy #设置 set-executionpolicy remotesigned |
2、检查powershell的版本是否超过3.0,没有就更新
|---------------------------------------|
| #检查 $PSVersionTable.PSVersion |
3、配置远程控制
|---------------------------------------------------------------------------------------------------------------------------------------------------------|
| # 启动 winrm winrm qc # 设置相关的配置 winrm set winrm/config/service '@{AllowUnencrypted="true"}' winrm set winrm/config/service/auth '@{Basic="true"}' |
4、查看winrm配置信息
|----------------------------------------------|
| # 查看winrm配置信息 winrm get winrm/config |
二、配置Linux
1、ubuntu安装ansible
|-------------------------------------------|
| apt update && apt install ansible |
2、修改主机清单内容
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| # 编辑配置文件 $ sudo vim /etc/ansible/hosts #输入以下内容 [win] 10.11.20.20 [win:vars] ansible_ssh_pass=your_password ansible_ssh_user=your_user ansible_connection=winrm ansible_winrm_transport=ntlm ansible_ssh_port=5985 ansible_winrm_server_cert_validation=ignore |
3、检查是否能联通
|-------------------------------------------------------------------------------------------------|
| # 查看是否ping通 ansible all -m win_ping #在命令后面加上-vvv可以看到更详细的信息 ansible all -m win_ping -vvv |
如果成功
10.11.20.20 | SUCCESS => { "changed": false, "ping": "pong" }
常用模块
win_shell,在双引号里面写入你要的命令即可
|-------------------------------------------|
| ansible win -m win_shell -a "dir" |
失败排查
1、如果提示
ansible-win | UNREACHABLE! => { "changed": false, "msg": "plaintext: the specified credentials were rejected by the server", "unreachable": true }
那么在配置主机时,增加
|--------------------------------------|
| ansible_winrm_transport=ntlm |
2、如果你的winrm起不来,提示要把网络连接从公共改为专用
win+R快捷键,输入secpol.msc->网络列表管理器策略->所有网络->右键属性->网络位置设置为"用户可以更改"->在网络和internet设置->以太网->点击当前网络->从公共勾选为专用 并且把所有其他的网络名称属性里的位置,都设置成专用
3、如果控制节点ping不通目标节点,将目标节点的防火墙关闭,或配置防火墙出入口策略,比如打开5985出入口
4、执行一些启动命令会启动进程的,要注意两点:
4.1 要使用async异步来执行,不然控制端会一直卡住
4.2 设置async等待时间不能太短、poll不能设置为0,因为太短的话进程还没启动完,这边的命令就中断了,那就不会成功启动;而poll为0,就会马上调到下一个命令,所以不能设置为0
案例:控制rpa部署指令
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| - name: windows commands hosts: 10.11.20.20 tasks: - name: show dir win_shell: pwd args: chdir: "D:\\myproject\\pythonproject" - name: Run git pull win_shell: | git pull "https://user:pass@git.com/your_repo.git" --allow-unrelated-histories master args: chdir: "D:\\myproject\\pythonproject" executable: cmd.exe - name: update requirements win_shell: "pip install -r D:\\myproject\\pythonproject\\pythonrequirements.txt" args: chdir: "D:\\myproject\\pythonproject" executable: cmd.exe - name: stop client win_shell: for /f "tokens=2" %i in ('tasklist /v ^| findstr /R "cmd.exe"') do taskkill /T /F /PID %i args: chdir: "D:\\myproject\\pythonproject" executable: cmd.exe ignore_errors: yes - name: stop machine win_shell: for /f "tokens=2" %i in ('tasklist /v ^| findstr /R /C:"python.*\.exe"') do taskkill /T /F /PID %i args: chdir: "D:\\myproject\\pythonproject" executable: cmd.exe ignore_errors: yes - name: start machine win_shell: "python command.py >> output.txt" async: 30 poll: 2 register: task_result args: chdir: "D:\\myproject\\pythonproject" ignore_errors: yes - name: start client win_shell: curl www.baidu.com args: executable: cmd.exe |
这个案例是写在一个叫windows_commands.yml文件里的,
写好之后,用ansible-playbook windows_commands.yml -vvv 执行就行了