ansible简介
官方的title是“Ansible is Simple IT Automation”——简单的自动化IT工具。
Ansible跟其他IT自动化技术的区别在于其关注点并非配置管理、应用部署或IT流程工作流,而是提供一个统一的界面来协调所有的IT自动化功能,因此Ansible的系统更加易用,部署更快。
Ansible可以让用户避免编写脚本或代码来管理应用,同时还能搭建工作流实现IT任务的自动化执行。IT自动化可以降低技术门槛及对传统IT的依赖,从而加快项目的交付速度。
ansible安装方式
ansible安装常用两种方式,yum安装和pip程序安装
这里提供二种安装方式,任选一种即可:
1、使用yum安装
yum install epel-release -y
yum install ansible –y2、 使用pip(python的包管理模块)安装
pip install ansible#如果没pip,需先安装pip.yum可直接安装:
yum install python-pip
pip install ansibleansible --version
环境:
ansible server:192.168.3.15
Client: 192.168.3.33
在ansible server端 生成秘钥 ssh-keygen,一路回车就可以了,生成的秘钥会在/root/.ssh/下,有1个公钥和1个私秘文件,我们只需要把公钥推到要控制的服务器上的/root/.ssh/authorized_keys就可以了
[root@krankheit ~]# ssh-keygenGenerating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:CpUAWnsPrm7TjExFH7Fm1i9qXBXu1uw+LWB2ruJj+BA root@krankheit
The key's randomart image is:
+---[RSA 2048]----+
| o.. .. . |
| o ....+ . . |
|. ..o.B.. o |
| o.B. + o |
| .o E S + o |
| .. o = o+.. |
| o.+ *. o +.. |
| .= o...+ .+ . |
| ... +oo...o |
+----[SHA256]-----+[root@krankheit .ssh]# cd /root/.ssh/
[root@krankheit .ssh]# ls
authorized_keys id_rsa id_rsa.pubcd /etc/ansible/
vim hosts
[web]
# 主机组名
localhost ansible_ssh_host=192.168.3.33 ansible_ssh_pass="a123456"
#这行分别为,主机名,IP 地址,登录密码。
#多台主机可以这样写
[web2]
192.168.3.33
192.168.3.34
192.168.3.35
[web:vars]
ansible_ssh_pass="a123456"mkdir -p /etc/ansible/roles/ssh/files/
touch /etc/ansible/roles/ssh/files/authorized_keys #新建authorized_keys文件
cat /root/.ssh/id_rsa.pub >> /etc/ansible/roles/ssh/files/authorized_keys
#把生成的公钥写入到authorized_keys里cat /etc/ansible/roles/ssh/files/authorized_keys
vim /etc/ansible/ansible.cfg
host_key_checking = False #关闭密码登录确认mkdir -p /etc/ansible/playbooks/system
cd playbooks/system/
vim put_key.yml---
- hosts: "{{host}}"
gather_facts: False
remote_user: root
tasks:
- name: 在对端创建 .ssh 目录,有则跳过,无则创建
file:
path: /root/.ssh
state: directory
mode: 0700
- name: 把本端存放到 /etc/ansible/roles/ssh/files/authorized_keys 文件的公钥传输到对端 /root/.ssh/authorized_keys
copy:
src: /etc/ansible/roles/ssh/files/authorized_keys
dest: /root/.ssh/authorized_keys
force: yes
mode: 0600
#- name: 为安全起见,关闭密码登录功能,这条看自己需求,需不需要关闭被管理服务器端的密码登陆功能
#lineinfile:
#path: /etc/ssh/sshd_config
#state: present
#regexp: '^PasswordAuthentication'
#line: 'PasswordAuthentication no'
- name: 设置 DNS 为 no,加速登陆速度
lineinfile:
path: /etc/ssh/sshd_config
state: present
line: 'UseDNS no'
- name: 重启对端 ssh 服务
service:
name: sshd.service
state: restartedansible-playbook -e 'host=web' put_key.yml
#执行上面写好的剧本
#如果上面 - hosts: "{{host}}"是写给专用主机组使用的话,例如:- hosts: web
#就直接
ansible-playbook put_key.yml
#就是在web这个主机组执行剧本
推个测试文件看看
mkdir -p /usr/local/test
echo 'hello' >/usr/local/test/test
cd /etc/ansible/playbooks/system
vi test.yml
---
- hosts: "{{host}}"
gather_facts: False
remote_user: root
tasks:
- name: 在对端创建 /usr/local/test 目录,有则跳过,无则创建
file:
path: /usr/local/test
state: directory
mode: 0700
- name: 把本端存放到 /usr/local/test/test 的test文件传输到对端 /usr/local/test/test
copy:
src: /usr/local/test/test
dest: /usr/local/test/test
force: yes
mode: 0600
ansible-playbook -e 'host=localhost' test.yml
ansible 主机名/主机群组 -m 模块 -a 参数" "
ansible com -m copy -a "src=/usr/local/test dest=/usr/local/test force=yes mode=0600 "
看到是OK的。
叨叨几句... NOTHING