準備兩臺機器，一臺作為服務端，一臺作為客戶端

1、在其中一臺服務端上安裝ansible

[[email protected] ~]# yum install -y epel-release

[[email protected] ~]# yum install -y ansible

2、配置密鑰

在服務端生成密鑰對：

[[email protected] ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

7e:90:5c:3b:e2:71:4d:ed:e8:fc:ed:7b:21:42:c5:43 [email protected]

The key‘s randomart image is:

+--[ RSA 2048]----+

| oE |

| = |

| . o o |

| . o = o |

| S = o . |

| o = = . . |

| o . + . .|

| . . ..|

| .o=|

+-----------------+

把公鑰（id_rsa.pub）內容放到對方機器的/root/.ssh/authorized_keys，本機也要操作cat id_rsa.pub >>authorized_keys.

設置權限：chmod 600 authorized_keys

關閉selinux和iptables

3、測試服務端能ssh連接客戶端

/*如報錯msg則安裝libselinux-python包*/

4、修改ansible配置文件

vim /etc/ansible/hosts

添加

[testhosts]

127.0.0.1

192.168.44.131

保存退出

ansible默認使用root用戶登錄遠程服務，如生產機上環境進行了安全加固不允許root直接登錄，而許多命令又需要root用戶來執行，那麽可以通過一個普通賬戶先登錄，再su切換到root執行，希望在通過ansible執行的時候不需要交互輸入密碼，而是直接執行後的輸出結果。

那麽可從官網信息了解到，除了ansible_ssh_user、ansible_ssh_pass變量外，還為su切換提供了ansible_su_pass變量，通過該變量我們可以把root密碼直接寫到配置文件中。具體如下：

[[email protected] ~]# cat /etc/ansible/hosts

[testhosts]

192.168.44.134 ansible_ssh_user=test ansible_ssh_pass=111111 ansible_su_pass=*I2145

192.168.44.135 ansible_ssh_user=test ansible_ssh_pass=xyz123 ansible_su_pass=mn1Pokm

192.168.44.136 ansible_ssh_user=amos ansible_ssh_pass=asdf ansible_su_pass=xyzp)okm

5、在服務端使用ansible遠程執行命令

[[email protected] ~]# ansible 192.168.44.131 -m command -a "w"

192.168.44.131 | SUCCESS | rc=0 >>

10:40:12 up 50 min, 4 users, load average: 0.00, 0.04, 0.08

USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

root tty1 09:49 50:20 0.01s 0.01s -bash

root pts/0 192.168.44.1 09:50 4.00s 0.10s 0.03s ssh 192.168.44.131

root pts/1 192.168.44.131 10:35 4.00s 0.46s 0.00s ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/ansible-ssh-%h-%p-%r -tt 192.168.44.131 /bin/sh -c ‘/usr/bin/python /root/.ansible/tmp/ansible-tmp-1490020811.62-276287230088127/command.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1490020811.62-2762872

root pts/3 192.168.44.131 10:40 0.00s 0.10s 0.02s w

/*如報錯msg則安裝libselinux-python包*/

[[email protected] ~]# ansible 192.168.44.131 -m shell -a "hostname"

192.168.44.131 | SUCCESS | rc=0 >>

database

[[email protected] ~]# ansible 192.168.44.131 -m shell -a "cat /etc/passwd |grep root"

192.168.44.131 | SUCCESS | rc=0 >>

root:x:0:0:root:/root:/bin/bash

operator:x:11:0:operator:/root:/sbin/nologin

shell支持帶管道的命令，command是不支持的

shell能實現的功能command不一定能實現，command能實現的功能shell一定能實現。

6、ansible拷貝目錄或文件：

[[email protected] ~]# ansible 192.168.44.129 -m copy -a "src=/etc/ansible dest=/tmp/ansibletest owner=root group=root mode=0644"

192.168.44.129 | SUCCESS => {

"changed": false,

"dest": "/tmp/ansibletest/",

"src": "/etc/ansible"

}

7、遠程執行腳本

1）首先創建一個腳本

[[email protected] ~]# vim /tmp/test.sh

2）把腳本分發到各個機器上

[[email protected] ~]# ansible 192.168.44.129 -m copy -a "src=/tmp/test.sh dest=/tmp/test.sh mode=0755"

192.168.44.129 | SUCCESS => {

"changed": true,

"checksum": "36b1098c7103132b8b595e740a603b67f62daf18",

"dest": "/tmp/test.sh",

"gid": 0,

"group": "root",

"mode": "0755",

"owner": "root",

"path": "/tmp/test.sh",

"secontext": "unconfined_u:object_r:admin_home_t:s0",

"size": 46,

"state": "file",

"uid": 0

}

3）批量執行該shell腳本

[[email protected] ~]# ansible 192.168.44.129 -m shell -a "src=/tmp/test.sh"

192.168.44.129 | SUCCESS | rc=0 >>

8、ansible實現任務計劃

1）添加任務計劃

[[email protected] ~]# ansible 192.168.44.129 -m cron -a "name=‘test cron‘ job=‘/bin/bash /tmp/test.sh‘ weekday=6"

192.168.44.129 | SUCCESS => {

"changed": true,

"envs": [],

"jobs": [

"test cron"

]

}

————————————————————————

[[email protected] ~]# ansible 192.168.44.129 -m cron -a "name=‘test cron‘ job=‘/bin/bash /tmp/test.sh‘ day=‘1-10‘ weekday=6"

192.168.44.129 | SUCCESS => {

"changed": true,

"envs": [],

"jobs": [

"test cron"

]

}

[[email protected] ~]# ansible 192.168.44.129 -m cron -a "name=‘test cron‘ job=‘/bin/bash /tmp/test.sh‘ day=‘1,4,10‘ weekday=6"

192.168.44.129 | SUCCESS => {

"changed": true,

"envs": [],

"jobs": [

"test cron"

]

}

————————————————————————

2）刪除任務計劃

[[email protected] ~]# ansible 192.168.44.129 -m cron -a "name=‘test cron‘ state=absent"

192.168.44.129 | SUCCESS => {

"changed": true,

"envs": [],

"jobs": []

}

其他時間表示：分鐘minute，小時hour，日期day，月份month

9、ansible安裝rpm包 & 管理服務

[[email protected] ~]# ansible 192.168.44.129 -m yum -a "name=httpd"

192.168.44.129 | SUCCESS => {

"changed": false,

"msg": "",

"rc": 0,

"results": [

"httpd-2.4.6-45.el7.centos.x86_64 providing httpd is already installed"

]

}

[[email protected] ~]# ansible 192.168.44.129 -m yum -a "name=ntp"

192.168.44.129 | SUCCESS => {

"changed": true,

"msg": "",

"rc": 0,

"results": [

"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.btte.net\n * epel: mirror.premi.st\n * extras: mirrors.btte.net\n * updates: mirrors.btte.net\n * webtatic: uk.repo.webtatic.com\nResolving Dependencies\n--> Running transaction check\n---> Package ntp.x86_64 0:4.2.6p5-25.el7.centos.1 will be installed\n--> Processing Dependency: ntpdate = 4.2.6p5-25.el7.centos.1 for package: ntp-4.2.6p5-25.el7.centos.1.x86_64\n--> Processing Dependency: libopts.so.25()(64bit) for package: ntp-4.2.6p5-25.el7.centos.1.x86_64\n--> Running transaction check\n---> Package autogen-libopts.x86_64 0:5.18-5.el7 will be installed\n---> Package ntpdate.x86_64 0:4.2.6p5-25.el7.centos.1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n ntp x86_64 4.2.6p5-25.el7.centos.1 updates 547 k\nInstalling for dependencies:\n autogen-libopts x86_64 5.18-5.el7 base 66 k\n ntpdate x86_64 4.2.6p5-25.el7.centos.1 updates 85 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+2 Dependent packages)\n\nTotal download size: 699 k\nInstalled size: 1.6 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 58 kB/s | 699 kB 00:12 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : ntpdate-4.2.6p5-25.el7.centos.1.x86_64 1/3 \n Installing : autogen-libopts-5.18-5.el7.x86_64 2/3 \n Installing : ntp-4.2.6p5-25.el7.centos.1.x86_64 3/3 \n Verifying : ntp-4.2.6p5-25.el7.centos.1.x86_64 1/3 \n Verifying : autogen-libopts-5.18-5.el7.x86_64 2/3 \n Verifying : ntpdate-4.2.6p5-25.el7.centos.1.x86_64 3/3 \n\nInstalled:\n ntp.x86_64 0:4.2.6p5-25.el7.centos.1 \n\nDependency Installed:\n autogen-libopts.x86_64 0:5.18-5.el7 ntpdate.x86_64 0:4.2.6p5-25.el7.centos.1 \n\nComplete!\n"

]

}

示例：

[[email protected] ~]# ansible 192.168.44.129 -m yum -a "name=axel state=installed"

192.168.44.129 | SUCCESS => {

[[email protected] ~]# rpm -qa|grep axel

[[email protected] ~]# rpm -qa|grep axel

axel-2.4-9.el7.x86_64

10、ansible文檔的使用

列出所有模塊：

[[email protected] ~]# ansible-doc -l

查看指定模塊的文檔：

[[email protected] ~]# ansible-doc cron

自動化運維工具ansible的簡單使用