Ansible自动化运维实践指南-优快云博客

本文链接：https://blog.youkuaiyun.com/weixin_52623251/article/details/117227898

本文介绍了如何在Linux环境中使用Ansible进行自动化运维，包括安装Ansible、远程执行命令、拷贝文件或目录、执行脚本、管理任务计划以及安装RPM包和管理服务。通过实例演示了Ansible在多台机器上的应用。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

准备两台机器：
anisble-01 192.168.200.40
anisble-02 192.168.200.90

安装Ansible

40节点
安装epel仓库

[root@ansible-01 ~]# yum list |grep ansible
centos-release-ansible-27.noarch            1-1.el7                    extras   
centos-release-ansible-28.noarch            1-1.el7                    extras   
centos-release-ansible-29.noarch            1-1.el7                    extras   
centos-release-ansible26.noarch             1-3.el7.centos             extras  
[root@ansible-01 ~]# yum install -y epel-release

关闭防火墙和SELinux，并修改/etc/hosts文件

[root@ansible-01 ~]# systemctl stop firewalld
[root@ansible-01 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@ansible-01 ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled         将此处改为disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@ansible-01 ~]# setenforce 0

映射，安装Ansible

[root@ansible-01 ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.40 ansible-01
192.168.200.90 ansible-02
[root@ansible-01 ~]# yum install -y ansible

免密配置

[root@ansible-01 ~]# ssh-keygen -t rsa 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:zZUpi5mhwCDEq72zxXgbXsW8R99h762gwOxcJ/RFZ0w root@ansible-01
The key's randomart image is:
+---[RSA 2048]----+
|+..             E|
| o o         o o |
|  . o   . . + . +|
| .   . + B + . o |
|..    . S *   +  |
|. .o   + + o + o |
|  ..= . = + = . .|
|  o+ + o + + . ..|
|  .oo   o .   ..o|
+----[SHA256]-----+
[root@ansible-01 ~]# ssh-copy-id 192.168.200.90
Are you sure you want to continue connecting (yes/no)? yes
root@192.168.200.90's password: 
[root@ansible-01 ~]# vi /etc/ansible/hosts
# Ex 1: Ungrouped hosts, specify before any group headers.       添加如下内容
[testhost]   testhost为自定义的主机组名字
127.0.0.1         两个IP为组内的机器IP
192.168.200.90
[root@ansible-01 ~]# ssh-copy-id 127.0.0.1
Are you sure you want to continue connecting (yes/no)? yes
root@127.0.0.1's password: 
[root@ansible-01 ~]# ssh 192.168.200.90  连接测试
Last login: Fri Apr  9 05:18:04 2021 from 192.168.200.1
[root@ansible-02 ~]# 
[root@ansible-02 ~]# logout     退出ctrl+D
Connection to 192.168.200.90 closed.

90节点
关闭防火墙和SELinux，并修改/etc/hosts文件

[root@ansible-02 ~]# systemctl stop firewalld
[root@ansible-02 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@ansible-02 ~]# setenforce 0
[root@ansible-02 ~]# vi /etc/selinux/config
SELINUX=disabled         将此处改为disabled
[root@ansible-02 ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.40 ansible-01
192.168.200.90 ansible-02

Ansible远程执行命令

批量执行命令

[root@ansible-01 ~]# ansible 127.0.0.1 -m command -a 'hostname'
127.0.0.1 | CHANGED | rc=0 >>
ansible-01
[root@ansible-01 ~]# ansible 192.168.200.90 -m command -a 'hostname'        
192.168.200.90 | CHANGED | rc=0 >>
ansible-02
[root@ansible-01 ~]# ansible testhost -m command -a 'hostname'      对主机组批量执行        
192.168.200.90 | CHANGED | rc=0 >>
ansible-02
127.0.0.1 | CHANGED | rc=0 >>
ansible-01
[root@ansible-01 ~]# ansible testhost -m shell -a 'hostname'       shell也可以批量执行
192.168.200.90 | CHANGED | rc=0 >>
ansible-02
127.0.0.1 | CHANGED | rc=0 >>
ansible-01

在这里插入图片描述

Ansible拷贝文件或目录

1、40节点

[root@ansible-01 ~]# ls
anaconda-ks.cfg
[root@ansible-01 ~]# vi test.txt
123456
[root@ansible-01 ~]# ansible 192.168.200.90 -m copy -a "src=test.txt dest=/tmp/123"
192.168.200.90 | CHANGED => {
   
    "ansible_facts": {
   
        "discove