本文编写于 727 天前,最后修改于 727 天前,其中某些信息可能已经过时。
ansible配置文件初识
ansible安装
1.先安装epel源(提供最新的ansible)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
2.安装Ansible
yum install ansible -y
查看ansible的版本
[root@m01 ~]# ansible --version
ansible 2.7.7
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
ansible配置文件介绍
- Ansible的配置文件,配置文件可以随意放,但有查找顺序
$ANSIBLE_CONFIG
ansible.cfg #当前目录下面查找
.ansible.cfg #当前用户的家目录下查找
/etc/ansible/ansible.cfg
- ansible.cfg介绍
[root@m01 ~]# cat /etc/ansible/ansible.cfg
#inventory = /etc/ansible/hosts #主机列表配置文件
#library = /usr/share/my_modules/ #库文件存放目录
#remote_tmp = ~/.ansible/tmp #临时py文件存放在远程主机目录
#local_tmp = ~/.ansible/tmp #本机的临时执行目录
#forks = 5 #默认并发数
#sudo_user = root #默认sudo用户
#ask_sudo_pass = True #每次执行是否询问sudo的ssh密码
#ask_pass = True #每次执行是否询问ssh密码
#remote_port = 22 #远程主机端口
host_key_checking = False #跳过检查主机指纹
log_path = /var/log/ansible.log #ansible日志
[privilege_escalation] #如果是普通用户则需要配置提权
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False
Ineventory主机清单,hosts文件
1.场景一、基于密码连接
[root@oldboy.com ~]# cat /etc/ansible/hosts
#方式一、主机+端口+密码
[webservers]
172.16.1.7 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='123456'
172.16.1.8 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='123456'
#方式二、主机+端口+密码
[webservers]
web[1:2].oldboy.com ansible_ssh_pass='123456'
#方式三、主机+端口+密码
[webservers]
web[1:2].oldboy.com
[webservers:vars]
ansible_ssh_pass='123456'
2.场景二、基于密钥连接,需要先创建公钥和私钥,并下发公钥至被控端
[root@m01 ~]# ssh-keygen
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.7
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.8
-----------------------------------------------------------
[root@m01 ~]# cat hosts
#方式一、主机+端口+密钥
[webservers]
172.16.1.7
172.16.1.8
[root@m01 ~]# ansible webservers -m ping -i ./hosts
172.16.1.8 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.1.7 | SUCCESS => {
"changed": false,
"ping": "pong"
}
-----------------------------------------------------------
[root@m01 ~]# cat hosts
#方式二、别名+主机+端口+密钥
[webservers]
web01 ansible_ssh_host=172.16.1.7 ansible_ssh_port=22
web02 ansible_ssh_host=172.16.1.8
[root@m01 ~]# ansible webservers -m ping -i ./hosts
web02 | SUCCESS => {
"changed": false,
"ping": "pong"
}
web01 | SUCCESS => {
"changed": false,
"ping": "pong"
}
--------------------------------------------------
3.场景三、主机组使用方式
#1.定义两个组
[lbservers]
172.16.1.5
172.16.1.6
[webservers]
172.16.1.7
172.16.1.8
#2.servers组包括两个子组[lbservers,webserver]
[servers:children]
[lbservers]
[webserver]
#列出当前某个组有多少台主机
[root@m01 ~]# ansible lbservers -m ping -i ./hosts --list-hosts
hosts (1):
web01
[root@m01 ~]# ansible webservers -m ping -i ./hosts --list-hosts
hosts (1):
web02
[root@m01 ~]# ansible servers -m ping -i ./hosts --list-hosts
hosts (2):
web01
web02
[root@m01 ~]# ansible all -m ping -i ./hosts --list-hosts
hosts (3):
web03
web02
web01
注意:
如果控制端和被控制端第一次通讯,需要先添加指纹信息,那如果机器特别多少的情况下怎么办?
仅需开启ansible中的 host_key_checking = False