Ansible组件说明

1.Ansible Inventory

工作当中有不同的业务主机，我们需要在把这些机器信息存放在inventory里面，ansible默认的inventory的文件是/etc/ansible/hosts，也可以通过ANSIBLE_HOSTS环境变量来指定或者运行ansible和ansible-playbook的时候用-i参数临时设置。

1.1 定义主机和主机组

复制代码

[root@ansible01 ansible]# cat /etc/ansible/hosts |grep -v "^#"|grep -v "^$"
11.0.1.18 ansible_ssh_pass='123456'
11.0.1.19 ansible_ssh_pass='123456'
[docker]
11.0.1.1[2:4]
[docker:vars]
ansible_ssh_pass='123456'
[ansible:children]
docker

第1,2行定义了主机为：11.0.1.18/19，使用Inventory的内置变量ansible_ssh_pass定义ssh登录密码

第3行定义主机组，名为docker

第4行定义了docker组下的3台主机，从11.0.1.12到11.0.1.14

第5行和第6行针对docker组使用了Inventory的内置变量ansible_ssh_pass定义ssh登录密码

第7行和第8行定义了一个组叫ansible，这个组包含docker组

1.2 多个Inventory列表

我们新增inventory目录，如下

复制代码

[root@ansible01 inventory]# tree /etc/ansible/inventory/
/etc/ansible/inventory/
├── docker
└── hosts

0 directories, 2 files
[root@ansible01 inventory]# cat /etc/ansible/inventory/hosts 
11.0.1.18 ansible_ssh_pass='123456'
11.0.1.19 ansible_ssh_pass='123456'
[root@ansible01 inventory]# cat /etc/ansible/inventory/docker 
[docker]
11.0.1.1[2:4]
[docker:vars]
ansible_ssh_pass='123456'
[ansible:children]
docker

这样还未生效，我们还得再主配置文件ansible.cfg修改inventory指定目录，如下：

复制代码

[root@ansible01 ansible]# cat /etc/ansible/ansible.cfg |grep inventory|grep -v "^#"
inventory      = /etc/ansible/inventory/
[inventory]

验证下：

复制代码

[root@ansible01 ansible]# ansible docker --list-hosts
  hosts (3):
    11.0.1.12
    11.0.1.13
    11.0.1.14
[root@ansible01 ansible]# ansible ansible --list-hosts
  hosts (3):
    11.0.1.12
    11.0.1.13
    11.0.1.14
[root@ansible01 ansible]# ansible 11.0.1.18:11.0.1.19 --list-hosts
  hosts (2):
    11.0.1.18
    11.0.1.19

1.3 动态Inventory（了解即可）

在实际应用部署中会有大量的主机列表，手动维护这些列表会是一件很繁琐的事情，动态Inventory可以帮我们解决这些问题，动态Inventory就是Ansible所有的Inventory文件里面的主机列表和变量信息都支持从外部拉取进来，比如我们可以从CMDB系统和Zabbix监控系统拉取所有的主机信息，然后使用Ansible进行管理。

方法：修改主配置文件ansible.cfg中inventory的定义值改成一个脚本运行。

1.4 Inventory内置参数

2.Ansible AD-Hoc命令

我们经常会通过命令的形式来使用ansible模块，目前为止ansible自带了259个模块，我们可以使用ansible-doc -l来显示自带的模块，也可以用ansible-doc 模块名，来查看模块，下面我们介绍下常用AD-Hoc命令。

2.1 执行命令

Ansible命令都是并发执行的，默认的并发数是由ansible.cfg中的forks值来控制，也可以在运行ansible命令时通过-f参数来指定并发数。

复制代码

[root@ansible01 inventory]# ansible docker -m shell -a "hostname" -o
11.0.1.19 | CHANGED | rc=0 | (stdout) ansible02
11.0.1.18 | CHANGED | rc=0 | (stdout) ansible01
[root@ansible01 inventory]# ansible docker -m shell -a "uname -r" -f 2 -o
11.0.1.19 | CHANGED | rc=0 | (stdout) 3.10.0-327.el7.x86_64
11.0.1.18 | CHANGED | rc=0 | (stdout) 3.10.0-1160.el7.x86_64

2.2 复制文件

我们还可以使用copy模块来批量下发文件，文件的变化是通过MD5值来判断的

复制代码

#1.使用copy复制test.txt文件
[root@ansible01 inventory]# ansible docker -m copy -a 'src=/test.txt dest=/root/test.txt owner=root group=root mode=644 backup=yes' -o
11.0.1.19 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "dest": "/root/test.txt", "gid": 0, "group": "root", "md5sum": "d41d8cd98f00b204e9800998ecf8427e", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:admin_home_t:s0", "size": 0, "src": "/root/.ansible/tmp/ansible-tmp-1713505961.01-99673-167875618419234/source", "state": "file", "uid": 0}
#2.用md5sum来验证md5值
[root@ansible01 inventory]# ansible docker -m shell -a 'md5sum /root/test.txt' -o
11.0.1.19 | CHANGED | rc=0 | (stdout) d41d8cd98f00b204e9800998ecf8427e  /root/test.txt
[root@ansible01 inventory]# md5sum /test.txt 
d41d8cd98f00b204e9800998ecf8427e  /test.txt

2.3 包和服务管理

我们可以使用yum模块来管理包和服务

复制代码

#1.yum模块安装httpd
[root@ansible01 inventory]# ansible docker -m yum -a 'name=httpd state=latest' -o
11.0.1.19 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "changes": {"installed": ["httpd"], "updated": []}, "msg": "", "obsoletes": {"NetworkManager": {"dist": "x86_64", "repo": "@anaconda/7.2", "version": "1:1.0.6-27.el7"}, "grub2": {"dist": "x86_64", "repo": "@anaconda/7.2", "version": "1:2.02-0.29.el7"}, "grub2-tools": {"dist": "x86_64", "repo": "@anaconda/7.2", "version": "1:2.02-0.29.el7"}, "iwl7265-firmware": {"dist": "noarch", "repo": "@anaconda/7.2", "version": "22.0.7.0-43.el7"}, "pygobject3-base": {"dist": "x86_64", "repo": "@anaconda/7.2", "version": "3.14.0-3.el7"}, "python-rhsm": {"dist": "x86_64", "repo": "@anaconda/7.2", "version": "1.15.4-5.el7"}, "rdma": {"dist": "noarch", "repo": "@anaconda/7.2", "version": "7.2_4.1_rc6-1.el7"}, "redhat-access-insights": {"dist": "noarch", "repo": "@anaconda/7.2", "version": "1.0.6-0.el7"}}, "rc": 0, "results": ["Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-\n              : manager\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-99.el7_9.1 will be installed\n--> Processing Dependency: httpd-tools = 2.4.6-99.el7_9.1 for package: httpd-2.4.6-99.el7_9.1.x86_64\n--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-99.el7_9.1.x86_64\n--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-99.el7_9.1.x86_64\n--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-99.el7_9.1.x86_64\n--> Running transaction check\n---> Package apr.x86_64 0:1.4.8-7.el7 will be installed\n---> Package apr-util.x86_64 0:1.5.2-6.el7_9.1 will be installed\n---> Package httpd-tools.x86_64 0:2.4.6-99.el7_9.1 will be installed\n---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package         Arch       Version                Repository              Size\n================================================================================\nInstalling:\n httpd           x86_64     2.4.6-99.el7_9.1       rhel-7-server-rpms     1.2 M\nInstalling for dependencies:\n apr             x86_64     1.4.8-7.el7            rhel-7-server-rpms     104 k\n apr-util        x86_64     1.5.2-6.el7_9.1        rhel-7-server-rpms      92 k\n httpd-tools     x86_64     2.4.6-99.el7_9.1       rhel-7-server-rpms      94 k\n mailcap         noarch     2.1.41-2.el7           rhel-7-server-rpms      31 k\n\nTransaction Summary\n================================================================================\nInstall  1 Package (+4 Dependent packages)\n\nTotal download size: 1.5 M\nInstalled size: 4.3 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal                                              198 kB/s | 1.5 MB  00:07     \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n  Installing : apr-1.4.8-7.el7.x86_64                                       1/5 \n  Installing : apr-util-1.5.2-6.el7_9.1.x86_64                              2/5 \n  Installing : httpd-tools-2.4.6-99.el7_9.1.x86_64                          3/5 \n  Installing : mailcap-2.1.41-2.el7.noarch                                  4/5 \n  Installing : httpd-2.4.6-99.el7_9.1.x86_64                                5/5 \n  Verifying  : httpd-tools-2.4.6-99.el7_9.1.x86_64                          1/5 \n  Verifying  : apr-1.4.8-7.el7.x86_64                                       2/5 \n  Verifying  : mailcap-2.1.41-2.el7.noarch                                  3/5 \n  Verifying  : httpd-2.4.6-99.el7_9.1.x86_64                                4/5 \n  Verifying  : apr-util-1.5.2-6.el7_9.1.x86_64                              5/5 \n\nInstalled:\n  httpd.x86_64 0:2.4.6-99.el7_9.1                                               \n\nDependency Installed:\n  apr.x86_64 0:1.4.8-7.el7                 apr-util.x86_64 0:1.5.2-6.el7_9.1   \n  httpd-tools.x86_64 0:2.4.6-99.el7_9.1    mailcap.noarch 0:2.1.41-2.el7       \n\nComplete!\n"]}
#2.查看httpd是否安装
[root@ansible01 inventory]# ansible docker -m shell -a 'rpm -qa httpd' -o
11.0.1.19 | CHANGED | rc=0 | (stdout) httpd-2.4.6-99.el7_9.1.x86_64