ansible 是一款轻量级自动化运维工具，由的 Python 语言开发，结合了多种自动化运维工具的特性，实现了批量系统配置，批量程序部署，批量命令执行等功能; ansible 是基于模块化实现批量操作的。

一、安装

控制机器

pip install ansible==2.5.5

yum install sshpass

受控机器

yum install libselinux-python

yum install python2-simplejson

version<python2.4

测试

echo 127.0.0.1>host

ansible all -m ping -i hosts --ask -pass

二、管理协议

Ansible 通过 ssh 协议对受控机器管理，可使用口令和秘钥对两种方式进行权限验证，默认使用密钥对方式。

秘钥对

1.在控制机器生成秘钥对

ssh -keygen -t rsa -b 4096 -C*kk

2.添加公钥到受控机器

拷贝添加：ssh-copy-id -i ~/.ssh/id_rsa.pub user@host

本地添加：cat ~/.ssh/id_rsa.pub>>~/.ssh/authorized_keys

3.测试

ssh user@host

ansible all -m ping -i hosts

三、配置

inventory

1.ansible 管理主机信息的配置

2.配置文件格式

ini

yaml

3.配置文件路径

通过命令行参数制定：ansible -i

通过环境变量制定：export ANSIBLE_INVENTORY

默认配置路径：/ect/ansible/hosts

4.配置内容

4.1基本配置

host_v1.ini

127.0.0.1

ip

host_v1.yaml

---

all:

hosts:

127.0.0.1:

ip:

测试

ansible all -m ping -i hosts -i host_v1.ini

ansible all -m ping -i hosts -i host_v1.yaml

ansible 127.0.0.1 -m ping -i hosts -i host_v1.ini

ansible ip -m ping -i hosts -i host_v1.yaml

主机参数配置

1.参数项

alias 主机别名

ansible_connection

默认 smart

可选值：local、smart、ssh、paramiko

ansilbe_host 登录主机地址

ansilbe_port 默认 22

ansilbe_user 登录主机用户名

ansible_become

是否启用 sudo 权限

默认： false

可选值 ：true、false

ansible_become_pass

登录主机用户密码，用于切换 sudo 权限

建议使用 ansible 命令行参数 ask_become_pass 替换

ansible_become_user

切换 sudo 后 执行进程中使用的用户名

ansible_ssh_pass

登录主机使用密码

建议使用 ansible 命令行参数 ask_pass 替换

ansible_ssh_private_key_file

登录主机使用私钥

ansible_python_interpreter

受控机器执行 Python 解释器

默认 /bin/env/python

hosts_v2.ini

localhost ansible_connect=local

mystest ansible_connect=smart

ansible_host="ip"

ansible_port=22

ansible_user="silence"

ansible_become_user="root"

ansible_python_interpreter="/bin/env python2.6"

hosts_v2.yaml

---

all:

hosts:

localhost:

ansible_connect: local

mytest:

ansible_connect: smart

ansible_host: ip

ansible_port: 22

ansible_user: silence

ansible_become_user: root

ansible_python_interpreter: "/bin/env python2.6"

组&组变量

可对主机进行分组并命名，批量对主机进行操作

一个主机可属于多个组

host_v3.ini

localhost ansible_connect=local

[webserver]

mytest ansible_host="ip" ansible_user="silence"

[webserver:vars]

ansible_connect=smart

ansible_port=22

ansible_become_user="root"

ansible_python_interpreter="/bin/env python2.6"

host_v3.yaml

---

all:

hosts:

localhost:

ansible_connect: local

children:

webserver:

hosts:

mytest:

ansible_host: ip

ansible_user: silence

vars:

ansible_connect: smart

ansible_port: 22

ansible_become_user: root

ansible_python_interpreter: "/bin/env python2.6"

测试

ansible ip -m ping -i hosts -i host_v3.yaml

ansible webserver -m command -a 'sleep 30' -i host_v3.ini --become --ask-become-pass

组中组

host_v4.ini

localhost ansible_connect=local

[webserver]

mytest ansible_host="ip" ansible_user="silence"

[webserver:vars]

ansible_connect=smart

ansible_port=22

ansible_become_user="root"

ansible_python_interpreter="/bin/env python2.6"

[test:children]

webserver

host_v4.yaml

---

all:

hosts:

localhost:

ansible_connect: local

children:

webserver:

hosts:

mytest:

ansible_host: ip

ansible_user: silence

vars:

ansible_connect: smart

ansible_port: 22

ansible_become_user: root

ansible_python_interpreter: "/bin/env python2.6"

test:

children:

webserver:

测试

ansible test --list hosts -i host_v4.yaml

ansible test -m ping -i hosts -i host_v4.yaml

配置分割

在 hosts 文件中值配置主机分组信息，主机配置与组配置分别存储在 host_vars 和 group_vars 目录

主机配置存储在 host_vars 目录中，文件名使用别名.yaml

组配置存储在 group_vars 目录中，文件名使用组名.yaml

host_v5.ini

localhost

[webserver]

mytest

[test:children]

webserver

host_v5.yaml

---

all:

hosts:

localhost:

children:

webserver:

hosts:

mytestm:

test:

children:

webserver:

host_vars

host_vars/localhost.yaml

---

ansible_connect: local

host_vars/mytest.yaml

---

ansible_host: ip

ansible_user: silence

group_vars

group_vars/webserver.yaml

---

ansible_connect: smart

ansible_port: 22

ansible_become_user: root

ansible_python_interpreter: "/bin/env python2.6"

测试

ansible test -m ping -i host_v5.yaml

ansible test -m setup -i host_v5.yaml

ansible test -m command -a 'sleep 30' -i host_v5.ini --become --ask-become-pass

动态 inventory

文件 inventory.py 脚本内容

#!/bin/env python3

#encoding: utf-8

inventory = {

'_meta' : {

'hostvars' : {

'localhost' : {

'ansible_connect' : 'local',

},

'51reboot' : {

'ansible_host' : '112.74.164.107',

'ansible_user' : 'silence',

}

}

},

'all' : {

'hosts' : [

'localhost'

]

},

'webserver' : {

'hosts' : [

'51reboot'

],

'vars' : {

'ansible_connect' : 'smart',

'ansible_port' : 22,

'ansible_become_user' : 'root',

'ansible_python_interpreter' : '/bin/env python2.6'

}

}

}

if __name__ == '__main__':

import json, sys

print(json.dumps(inventory))

sys.exit(0)

初始化权限

xhmod +x inventory.py

测试

ansible all --list -hosts -i inventory.py

ansible all -m ping -i inventory.py

ansible.cfg

1.配置文件路径

export ANSIBLE_CONFIG=~/ansible.cfg

ansible.cfg

~/.ansible.cfg

/etc/ansible/ansible.cfg

2.默认配置

https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg

ansible-config list

ansible-config dump

3.配置项

host_key_checking

是否检查控制密钥存在于 know_hosts 列表

默认值 ：true

可选值：true、false

未完待续.......