ansible的使用

最新推荐文章于 2024-06-21 22:32:11 发布

weixin_30528371

最新推荐文章于 2024-06-21 22:32:11 发布

阅读量195

点赞数

CC 4.0 BY-SA版权

文章标签：运维操作系统 python

原文链接：http://www.cnblogs.com/lulin9501/p/11174384.html

本文介绍了在CentOS 7.2.1511系统的实验环境中进行Ansible的安装与使用。包括在4台虚拟机上安装阿里的epel源，在主控端安装Ansible，还介绍了Ansible的基础命令、配置文件，以及基于ssh登录的两种方式和分组写法等内容。

实验环境

CentOS Linux release 7.2.1511 (Core)

ip 192,168,16,137 主控端

ip 192,168,16,138 被控端

ip 192,168,16,139 被控端

ip 192,168,16,140 被控端

1 安装elel源.

在4台虚拟机上安装阿里的epel源

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
2 安装ansible

在192,168,16,137 主控端安装 yum -y install ansible

3 ansible 基础命令

rpm -ql ansible 查看装完ansible后生成的文件

ansible --version 查看版本
ansible 2.8.1
ansible --help 查看帮助信息

　　-f 支持高并发 (-f 6 )

　　--list-hosts 列出匹配到的主机列表

　　-m 指定模块默认 command

　　--syntax-check 语法检查

　　-k 密码输入密码

ping 走的是ICMP协议

ansible的配置文件

/etc/ansible/ansible.cfg
/etc/ansible/hosts
/etc/ansible/roles

cat /etc/ansible/hosts

#   - Comments begin with the '#' character  #是注释
#   - Blank lines are ignored 空行忽略
#   - Groups of hosts are delimited by [header] elements  组应该在上面
#   - You can enter hostnames or ip addresses 你可以输入主机名或者ip地址 
#   - A hostname/ip can be a member of multiple groups 一个主机名或ip可以是一个组

ansible 192.168.16.138 -m ping

 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost
does not match 'all'

 [WARNING]: Could not match supplied host pattern, ignoring: 192.168.16.138

报这个错是因为没j将ip加入/etc/ansible/hosts

ansible 192.168.16.138 -m ping

192.168.16.138 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.16.138' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
    "unreachable": true
}

这个错误是没有加密码

ansible 192.168.16.138 -m ping -k
SSH password:
192.168.16.138 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

基于ssh登录有两种方式

1 基于用户名 密码
2 基于 秘钥

ssh-keygen 生成秘钥

ssh-copy-id 192.168.16.140 将秘钥传到其他服务器上,再次登录,不需要输入密码

sed -i "s@#UseDNS yes@UseDNS no@" /etc/ssh/sshd_config

systemctl restart sshd

ansible 192.168.16.138,192.168.16.139 -m ping -k

SSH password:
192.168.16.138 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
192.168.16.139 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

ansible 192.168.16.138,192.168.16.139 -m ping -k

ansible all -m ping -k

SSH password:
192.168.16.139 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
192.168.16.138 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
192.168.16.140 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}