m0
[root@localhost ~]# yum -y install ansible
[root@localhost ~]# ansible --version
ansible 2.9.27
[root@localhost ~]# ssh-keygen
[root@localhost ~]# ssh-copy-id 192.168.1.31
[root@localhost ~]# ssh-copy-id 192.168.1.32
[root@localhost ~]# vim /etc/ansible/hosts
[group01]
192.168.1.31
192.168.1.32
[group02]
192.168.1.31
192.168.1.32
192.168.1.41
[root@localhost ~]# ansible 192.168.1.31 -m ping
192.168.1.31 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@localhost ~]# ansible group01 -m ping
192.168.1.31 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.1.32 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@localhost ~]# ansible group02 -m ping
The authenticity of host '192.168.1.41 (192.168.1.41)' can't be established.
ECDSA key fingerprint is SHA256:7AcgA+ICA7nAIGHgupALnjIdI5QMGOVv/qOmgBsQyjc.
ECDSA key fingerprint is MD5:88:ca:ca:06:1e:be:21:1f:eb:0a:ca:d4:e8:e1:4a:50.
Are you sure you want to continue connecting (yes/no)? 192.168.1.32 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.1.31 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
yes
192.168.1.41 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.1.41' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
[root@localhost ~]# vim /etc/ansible/hosts
[group01]
192.168.1.31
192.168.1.32
other ansible_ssh_host=192.168.1.41 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=1
[group02]
192.168.1.31
192.168.1.32
other
[root@localhost ~]# ansible group02 -m ping
192.168.1.32 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.1.31 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
other | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@localhost ~]# ansible other -m ping
other | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
ansible模块
[root@localhost ~]# ansible-doc -l //查看文档
[root@localhost ~]# ansible group02 -m hostname -a 'name=ansible02' //修改组内主机名称
[root@localhost ~]# ansible group01 -m file -a 'path=/tmp/abc state=directory' //创建目录
[root@localhost ~]# ansible group02 -m file -a 'path=/tmp/abc/def state=touch' //创建文件
[root@localhost ~]# ansible group02 -m file -a 'path=/tmp/abc recurse=yes owner=bin group=daemon mode=1777' //修改权限
[root@localhost ~]# ansible group02 -m file -a 'path=/tmp/abc state=absent' //删除目录、文件
[root@localhost ~]# ansible group02 -m file -a 'path=/tmp/aaaa state=touch owner=bin group=daemon mode=1777' //创建文件并修改权限
[root@localhost ~]# ansible group02 -m file -a 'src=/etc/fstab path=/tmp/xxx state=link' //创建软链接
[root@localhost ~]# ansible group02 -m file -a 'src=/etc/fstab path=/tmp/xxx02 state=hard' //创建硬链接
#path=文件的地址;state=方法(directory:创建目录、touch:创建文件、absent:删除文件、link:创建软链接、hard:创建硬链接)
recurse
copy模块
[root@localhost ~]# ansible group02 -m stat -a 'path=/etc/fstab' //获取/etc/fstab⽂件的状态信息
[root@localhost ~]# ansible group02 -m copy -a 'src=./mysql57.tar.gz dest=~' //拷⻉此⽂件到group01的所有机器上
[root@localhost ~]# echo master > /tmp/222
[root@localhost ~]# ansible group02 -m copy -a 'src=/tmp/222 dest=/tmp/333'
[root@localhost ~]# ansible group02 -m copy -a 'content="haha\n" dest=/tmp/333' //使⽤content参数直接往远程⽂件⾥写内容(会覆盖原内容)
使⽤force参数控制是否强制覆盖
[root@localhost ~]# ansible group02 -m copy -a 'src=/tmp/222 dest=/tmp/333 force=no' //如果⽬标⽂件已经存在,则不覆盖
[root@localhost ~]# ansible group02 -m copy -a 'src=/tmp/222 dest=/tmp/333 force=yes' //如果⽬标⽂件已经存在,则会强制覆盖
使⽤backup参数控制是否备份⽂件
[root@localhost ~]# ansible group02 -m copy -a 'src=/etc/fstab dest=/tmp/333 backup=yes owner=bin group=daemon mode=1777' //backup=yes表示如果拷⻉的⽂件内容与原内容不⼀样,则会备份⼀份
copy模块拷⻉时要注意拷⻉⽬录后⾯是否带"/"符号
/etc/yum.repos.d后⾯不带/符号,则表示把/etc/yum.repos.d整个⽬录拷⻉到/tmp/⽬录下
/etc/yum.repos.d/后⾯带/符号,则表示把/etc/yum.repos.d/⽬录⾥的所有⽂件拷⻉到/tmp/⽬录下
fetch模块与copy模块类似,但作⽤相反。⽤于把远程机器的⽂件拷⻉到本地。
[root@localhost ~]# ansible group02 -m fetch -a 'src=/tmp/333 dest=/tmp'
[root@localhost ~]# ls /tmp/
192.168.1.31
192.168.1.32
other
user模块
user模块⽤于管理⽤户账号和⽤户属性。
[root@localhost ~]# ansible group02 -m user -a 'name=aaa state=present' //创建aaa⽤户,默认为普通⽤户,创建家⽬录
[root@localhost ~]# ansible group02 -m user -a 'name=mysql state=present system=yes shell="/sbin/nologin"' //创建mysql系统⽤户,并且登录shell环境为/sbin/nologin
[root@localhost ~]# ansible group02 -m file -a 'path=/usr/local/mysql/mysql-files state=directory owner=mysql group=mysql mode=1777'
[root@localhost ~]# ansible group02 -m user -a 'name=ccc uid=2000 state=present password="ccc"' //创建ccc⽤户, 使⽤uid参数指定uid, 使⽤password参数传密码
[root@localhost ~]# ansible group02 -m user -a 'name=hadoop generate_ssh_key=yes'//创建⼀个普通⽤户叫hadoop,并产⽣空密码密钥对
[root@localhost ~]# ansible group02 -m user -a 'name=aaa state=absent' //删除aaa⽤户,但家⽬录默认没有删除
[root@localhost ~]# ansible group02 -m user -a 'name=mysql state=absent remove=yes' //删除bbb⽤户,使⽤remove=yes参数让其删除⽤户的同时也删除家⽬录
group模块
[root@localhost ~]# ansible group02 -m group -a 'name=groupagid=3000 state=present' //创建组
[root@localhost ~]# ansible group02 -m group -a 'name=groupastate=absent' //删除组(如果有⽤户的gid为此组,则删除不了)
cron模块
cron模块⽤于管理周期性时间任务
[root@localhost ~]# ansible group02 -m cron -a 'name="testcron1" user=root job="touch /tmp/111" minute=*/2' //创建⼀个cron任务,不指定user的话,默认就是root
[root@localhost ~]# ansible group02 -m cron -a 'name="testcron1" state=absent' //删除cron任务
yum_repository模块
yum_repository模块⽤于配置yum仓库。
[root@localhost ~]# ansible group02 -m yum_repository -a "name=local description=localyum baseurl=file:///mnt/ enabled=yes gpgcheck=no" //增加⼀个/etc/yum.repos.d/local.repo配置⽂件
注意:此模块只帮助配置yum仓库,但如果仓库⾥没有软件包,安装⼀样会失败。所以可以⼿动去挂载光驱到/mnt⽬录
[root@localhost ~]# ansible group02 -m yum_repository -a "name=local state=absent" //删除/etc/yum.repos.d/local.repo配置⽂件
yum模块
yum模块⽤于使⽤yum命令来实现软件包的安装与卸载。
[root@localhost ~]# ansible group02 -m yum -a 'name=vsftpd state=present' //使⽤yum安装⼀个软件(前提:group02的机器上的yum配置都已经OK)
[root@localhost ~]# ansible group02 -m yum -a 'name=httpd,httpddevel state=latest' //使⽤yum安装httpd,httpd-devel软件,state=latest表示安装最新版本
[root@localhost ~]# ansible group02 -m yum -a 'name=httpd,httpddevel state=absent' //使⽤yum卸载httpd,httpd-devel软件
service模块
service模块⽤于控制服务的启动,关闭,开机⾃启动等。
[root@localhost ~]# ansible group02 -m service -a 'name=vsftpd state=started enabled=on' //启动vsftpd服务,并设为开机⾃动启动
[root@localhost ~]# ansible group02 -m service -a 'name=vsftpd state=stopped enabled=false' //关闭vsftpd服务,并设为开机不⾃动启动