配置文件详解：

1，主配置文件：/etc/asiable/ansiable.cfg

module_name =command   ##ansible的默认模块是command模块，但是在使用的时候非常的有局限性，建议改成shell模块
host_key_checking = False  ##检查对应要控制主机的的host_key，建议取消注释，以减轻管理时需要输入的密码
log_path = /var/log/ansible.log  ##ansible的登录日志文件所在的位置
executable = /bin/sh  ##默认登录到对方用户下面使用的shell版本

2，被管理主机的配置文件：/etc/ansible/hosts

green.example.com  ##定义单个被管理的主机，可以是FQDN，也可以是IP地址
[webservers]  ##把被管理的主机放在一个组中
alpha.example.org
www[001:006].example.com  ##支持类似通配符写法，此项代表从www001.ex ample.com到www006.ex ample.com
之间的所有主机

ansible的使用用法：

前提：

由于ansible默认是基于ssh服务来管理主机的，所以首先要在管理的主机上生成公钥文件，并传递给要管理的主机
之上，才能实现基于密钥的管理

1，在管理者的主机上生成公钥文件

[root@localhost ~] ssh-keygen -t rsa  ##生成对称密钥，出现提示选择默认即可
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:06qoPmoSy7UGkKie95RnHn6bPOFEnusk/B0m+/+g8C0 root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|..               |
|+        o       |
|o       S o      |
|o. .  o  B       |
|oo+ .o *++oo .   |
|o=.+..=.*=OE+ .  |
|+o=oo..ooB+=oo.. |
+----[SHA256]-----+

2，把公钥传递给被管理的主机上

[root@localhost ~] ssh-copy-id -i 192.168.1.20  ##传递到远程的主机上进行管理
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.20 (192.168.1.20)' can't be established.
ECDSA key fingerprint is SHA256:htIQABZZdudyHVZbppjWeY2d/pQQ0km8k+i/39SZ04Q.
ECDSA key fingerprint is MD5:78:6e:b3:3d:fc:29:b2:b0:fc:2f:6d:d6:ff:3c:63:1a.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.20's password: 
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh '192.168.1.20'"
and check to make sure that only the key(s) you wanted were added.

3，把被管理的主机加入到/etc/ansible/hosts文件中

[web]  ##给被管理的主机进行分组
192.168.1.19
192.168.1.20
[db]
192.168.1.21

基于模块的使用方法：

1，ping模块：查看被管理主机的模块是否处于在线状态、

[root@localhost ~] ansible db -m ping  ##查看db组中被管理的主机是否在线
192.168.1.21 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
[root@localhost ~] ansible all -m ping  ##all代表所有被管理的主机
192.168.1.21 | SUCCESS => {
    "changed": false, 
    "ping": "pong"  ##如果处于在线状态，会放回一个pong的提示
}
192.168.1.19 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.1.20 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

2，user模块：在远程主机上创建用户

[root@localhost ~] ansible db -m user -a 'name=mysql state=present'  ##present表示建立，创建一个用户名为mysql
的用户
192.168.1.21 | CHANGED => {
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1000, 
    "home": "/home/mysql", 
    "name": "mysql", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 1000
}
[root@localhost ~] ansible db -m user -a 'name=mariadb state=present system=yes'  ##创建一个用户名为mariadb的
系统用户
192.168.1.21 | CHANGED => {
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 994, 
    "home": "/home/mariadb", 
    "name": "mariadb", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": true, 
    "uid": 997
}
[root@localhost ~] ansible db -m user -a 'name=mysql state=absent' ##absent代表移除，删除用户名为mysql的用户
192.168.1.21 | CHANGED => {
    "changed": true, 
    "force": false, 
    "name": "mysql", 
    "remove": false, 
    "state": "absent"
}

3，group模块：在远程主机上创建用户组

[root@localhost ~] ansible db -m group -a 'name=tomcat state=present'  ##创建组和创建用户的方法差不多，只是用
的模块上有些差异，此命令为创建一个普通的用户组
192.168.1.21 | CHANGED => {
    "changed": true, 
    "gid": 1000, 
    "name": "tomcat", 
    "state": "present", 
    "system": false
}
[root@localhost ~] ansible db -m group -a 'name=tomcat state=absent'  ##移除用户组
192.168.1.21 | CHANGED => {
    "changed": true, 
    "name": "tomcat", 
    "state": "absent"
}

4，copy模块：拷贝文件到远程主机

[root@localhost ~] ansible db -m copy -a 'src=/root/test dest=/root/'  ##拷贝一个test文件到对方主机的root目录下，src
指定源文件，dest指定目标文件的存放目录
192.168.1.21 | CHANGED => {
    "changed": true, 
    "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", 
    "dest": "/root/test", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "d41d8cd98f00b204e9800998ecf8427e", 
    "mode": "0644", 
    "owner": "root", 
    "size": 0, 
    "src": "/root/.ansible/tmp/ansible-tmp-1556108167.92-277769296604040/source", 
    "state": "file", 
    "uid": 0
}

5，yum模块：在远程主机上安装软件（需要在远程主机上安装好yum源，才能够安装软件）

[root@localhost ~] ansible db -m yum -a "name=vsftpd"  ##安装vsftpd
192.168.1.21 | CHANGED => {
    "ansible_facts": {
        "pkg_mgr": "yum"
    }, 
    "changed": true, 
    "msg": "Repository 'cdrom' is missing name in configuration, using id\n", 
"rc": 0, ##rc返回值为0代表执行成功
......
[root@localhost ~] ansible db -m yum -a 'name=vsftpd state=absent'  ##删除已安装的软件包
192.168.1.21 | CHANGED => {
    "ansible_facts": {
        "pkg_mgr": "yum"
    }, 
    "changed": true, 
    "msg": "Repository 'cdrom' is missing name in configuration, using id\n", 
    "rc": 0, 
    "results": [
        ......

6，shell模块：可以在远程主机上执行shell命令

[root@localhost ~] ansible db -m shell -a 'hostname'  ##在远程主机上执行hostname命令
192.168.1.21 | CHANGED | rc=0 >>
localhost.localdomain

7，script模块：在远程主机上执行shell脚本，不用把脚本传递到远程主机上即可执行

编写一个test脚本

[root@localhost ~] vim test.sh
#!/bin/bash
wall hello word

不用给创建的脚本执行权限，就可以使远程主机执行脚本

[root@localhost ~] ansible db -m script -a /root/test.sh  ##让远程主机执行脚本
192.168.1.21 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.1.21 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to 192.168.1.21 closed."
    ], 
    "stdout": "", 
    "stdout_lines": []
}

8，File：设置文件属性

[root@localhost ~] ansible db -m file -a 'path=/root/test owner=mariadb mode=700'  ##给远程主机的文件设置属主，
和权限
192.168.1.21 | CHANGED => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0700", 
    "owner": "mariadb", 
    "path": "/root/test", 
    "size": 0, 
    "state": "file", 
    "uid": 997
}
[root@localhost ~] ansible db -m file -a 'src=/root/test dest=/root/test-link state=link'
192.168.1.21 | CHANGED => {  ##给文件创建软链接，当然也可以创建名为test-link硬链接，需要把link改成hard
    "changed": true, 
    "dest": "/root/test-link", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "size": 10, 
    "src": "/root/test", 
    "state": "link", 
    "uid": 0
}

9，Cron：计划任务

[root@localhost ~] ansible db -m shell -a 'rpm -qa | grep crontabs'  ##查看被管理的主机是否安装crontabs软件
[root@localhost ~] ansible db -m shell -a 'systemctl status crond'  ##查看计划任务服务是否启动
[root@localhost ~] ansible db -m cron -a 'minute=*/5 job="/usr/bin/wall hello word"' ##设置计划任务，每五分钟执行一
次hello word，还可以指定小时，天，月，星期，如果没指定，默认是*

在对方主机上执行查看是否有计划任务

[root@localhost ~] crontab -l 
#Ansible: None
*/5 * * * * /usr/bin/wall hello word

10，service模块

[root@localhost ~] ansible db -m service  -a 'name=httpd state=started'  #安装http服务
192.168.1.21 | CHANGED => {
    "changed": true, 
    "name": "httpd", 
    "state": "started", 
    "status": {
        "ActiveEnterTimestampMonotonic": "0", 
        "ActiveExitTimestampMonotonic": "0",
......
[root@localhost ~] ansible db -a 'systemctl status httpd'  #查看http服务是否启动
192.168.1.21 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2019-04-24 21:54:56 EDT; 42s ago
......
[root@localhost ~] ansible db -m service  -a 'name=httpd state=stopped'  #停止http服务
192.168.1.21 | CHANGED => {
    "changed": true, 
    "name": "httpd", 
    "state": "stopped", 
    "status": {
......

转载于//blog.51cto.com/14163901/2384320