ansible

ansible源码安装

yum -y install python-jinja2 PyPAML python-parmiko python-babel python-crypto
tar -zxf ansible-1.5.4.tar.gz
cd ansible-1.5.4
python setup.py build
python setup.py install
mkdir /etc/ansible
cp - examples/* /etc/ansible

ansible yum安装

cd /etc/yum.repos.d/
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.rep

yum -y install python-jinja2 PyPAML python-parmiko python-babel python-crypto ansible

ansible 配置文件的作用
rpm -ql ansible

/etc/ansible/ansible.cfg
/etc/ansible/hosts #配置文件，定义了识别的所有主机
/etc/ansible/roles
/usr/bin/ansible
/usr/bin/ansible-console
/usr/bin/ansible-doc #文档
/usr/bin/ansible-galaxy
/usr/bin/ansible-playbook ###剧本

ansible配置 /etc/ansible/hosts (连接的主机)

cat /etc/ansible/hosts

[webserver]
192.168.1.104

[dbserver]
192.168.1.105

ansible ssh免密码认证

ssh-kengen -t rsa

ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.104
ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.105

ansible 命令使用

使用 -m ping模块，判断客户机是否在线
ansible all -m ping

查看主机时间
ansible all -m command -a "date"

查看ansilbe 使用方法
man ansible

ansible基本语法

ansible <host-pattern> [-m module_name] [-a args] [options]

-m command 默认模块，可以不用写。

查看docker服务器是否启用

ansible all -m command -a "systemctl status docker.service"

ansible 所有模块

ansible-doc -l 查看ansilbe所有模块

ansible copy模块使用方法、

ansible-doc -s copy

[root@localhost yum.repos.d]# ansible-doc -s copy
- name: Copies files to remote locations.
action: copy
backup # Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.
content # When used instead of 'src', sets the contents of a file directly to the specified value. This is for simple values, for anything complex or with
formatting please switch to the template module.
dest= # Remote absolute path where the file should be copied to. If src is a directory, this must be a directory too.
directory_mode # When doing a recursive copy set the mode for the directories. If this is not set we will use the system defaults. The mode is only set on directories
which are newly created, and will not affect those that already existed.
follow # This flag indicates that filesystem links, if they exist, should be followed.
force # the default is `yes', which will replace the remote file when contents are different than the source. If `no', the file will only be transferred if the
destination does not exist.
group # name of the group that should own the file/directory, as would be fed to `chown'
mode # mode the file or directory should be. For those used to `/usr/bin/chmod' remember that modes are actually octal numbers (like 0644). Leaving off the
leading zero will likely have unexpected results. As of version 1.8, the mode may be specified as a symbolic mode (for
example, `u+rwx' or `u=rw,g=r,o=r').
owner # name of the user that should own the file/directory, as would be fed to `chown'
remote_src # If False, it will search for src at originating/master machine, if True it will go to the remote/target machine for the src. Default is False.
Currently remote_src does not support recursive copying.
selevel # level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the `range'. `_default' feature works as for `seuser'.
serole # role part of SELinux file context, `_default' feature works as for `seuser'.
setype # type part of SELinux file context, `_default' feature works as for `seuser'.
seuser # user part of SELinux file context. Will default to system policy, if applicable. If set to `_default', it will use the `user' portion of the policy if
available
src # Local path to a file to copy to the remote server; can be absolute or relative. If path is a directory, it is copied recursively. In this case, if path
ends with "/", only inside contents of that directory are copied to destination. Otherwise, if it does not end with "/",
the directory itself with all contents is copied. This behavior is similar to Rsync.
validate # The validation command to run before copying into place. The path to the file to validate is passed in via '%s' which must be present as in the example
below. The command is passed securely so shell features like expansion and pipes won't work.

拷贝命令
ansible all -m copy -a "src=/etc/yum.repos.d/epel-7.repo dest=/tmp"

检查拷贝是否成功
ansible all -m command -a "ls /tmp/"

ansible 使用cron 模块，定义每3分钟同步以下时间
[root@localhost yum.repos.d]# ansible-doc -s cron

1. 放置到/etc/crontab文件下
ansible all -m cron -a "name='sutom job' cron_file=/etc/crontab user=root minute=*/3 hour=* day=* month=* weekday=* job='/usr/sbin/ntpdate 192.168.1.1'"

2. 第二种方法
ansible all -m cron -a "name='sutom job' user=root minute=*/3 hour=* day=* month=* weekday=* job='/usr/sbin/ntpdate 192.168.1.1'"

3. 验证crontab 是否添加
ansible all -m command -a "crontab -l"

使用group模块新建mysql组
ansible all -m group -a "gid=306 system=yes name=mysql"

使用user模块新建mysql用户
ansible all -m user -a "group=mysql home=/home/mysql name=mysql createhome=yes"

通过ansible使用yum模块
ansible-doc -s yum

ansible all -m yum -a "state=present name=python-devel"

通过ansible使用service模块
ansible all -m service -a "state=started name=docker enabled=yes"

检查服务器启动状态
ansible all -m command -c "systemctl list-unit-files docker.service"

ansible playbooks
例子：

[root@localhost ~]# cat nginx.yaml
- hosts: all
remote_user: root
tasks:
- name: install nginx latest version
yum: state=latest name=nginx
- name: copy nginx configure file to hosts
copy: src=/root/nginx.conf dest=/etc/nginx/ force=yes
notify:
- restart nginx
handlers:
- name: restart nginx
service: state=restarted name=nginx.service