ansible的简单入门

环境准备

ip hostname 192.168.1.108 master 控制节点 192.168.1.107 slave 192.168.1.109 slave1

---

配置 EPEL源

第一种安装ansible方法
yum install epel-release
yum install ansible

第二种安装ansible方法
yum -y install python-pip
pip install ansible
pip install –upgrade pip

检查是否安装成功:

[root@master ~]# ansible --versionansible 2.3.1.0  config file = /etc/ansible/ansible.cfg  configured module search path = Default w/o overrides  python version = 2.7.5 (default, Nov  6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]

ansible相关配置

[root@master ~]# ls /etc/ansible/ansible.cfg  hosts  roles

ansible读取变量是这样子的:
1.先查找环境变量 ANSIBLE_CONFIG 有没有值，如果没有转2
2.当前目录中的./ansible.cfg 没有转3
3.用户家目录中的~/ansible.cfg
4.最后才找/etc/ansible/ansible.cfg

...[defaults]# some basic default values...#inventory      = /etc/ansible/hosts 管理的hosts#library        = /usr/share/my_modules/ brary 存放Ansible模块的目录。Ansible对被管理主机的操作都使用一小段代码来执行，这小段代码就是Ansible模块，默认值 /usr/share/ansible。配置多个目录的话可以以冒号:隔开，同时会检查palybook同目录下的./library目录#module_utils   = /usr/share/my_module_utils/#remote_tmp     = ~/.ansible/tmp#local_tmp      = ~/.ansible/tmp#forks          = 5#poll_interval  = 15#sudo_user      = root 用户#ask_sudo_pass = True #ask_pass      = True#transport      = smart#remote_port    = 22 远程主机的端口#module_lang    = C#module_set_locale = False...

配置控制节点到各节点SSH无密访问
在各节点上创建ansible用户，并设置该用户的密码，并确保每个节点ansible用户有root权限：

useradd -d /var/lib/ansible ansible
passwd ansible
echo “ansible ALL = (root) NOPASSWD:ALL”| sudo tee /etc/sudoers.d/ansible

root@slave ~]# useradd  -d /var/lib/ansible ansible[root@slave ~]# passwd ansible 更改用户 ansible 的密码 。新的 密码：无效的密码： 密码未通过字典检查 - 过于简单化/系统化重新输入新的 密码：passwd：所有的身份验证令牌已经成功更新。[root@slave ~]# echo "ansible ALL = (root) NOPASSWD:ALL"| sudo tee /etc/sudoers.d/ansibleansible ALL = (root) NOPASSWD:ALL[root@master ansible]# su ansible[ansible@master ~]$ pwd/var/lib/ansible[ansible@master ~]$ ssh-keygen Generating public/private rsa key pair.Enter file in which to save the key (/var/lib/ansible/.ssh/id_rsa): Created directory '/var/lib/ansible/.ssh'.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /var/lib/ansible/.ssh/id_rsa.Your public key has been saved in /var/lib/ansible/.ssh/id_rsa.pub.The key fingerprint is:2a:81:f2:39:bf:a3:45:c7:ce:42:f0:3a:5f:a8:d8:a6 ansible@masterThe key's randomart image is:+--[ RSA 2048]----+|                 ||                 ||  .              ||   + .           ||. . = o S        || o = * .         ||  * = =          || o.B.+           ||Eo+.+o           |+-----------------+[ansible@master ~]$ ls ~/.ssh/id_rsa  id_rsa.pub

接下来下发密钥，把公钥id_rsa.pub拷贝到各节点

ssh-copy-id ansible@slavessh-copy-id ansible@slave1

修改/etc/ansible/ansible.cfg：

[defaults]sudo_user=ansibleremote_user=ansible

修改/etc/ansible/hosts[k8s-nodes]slaveslave1

下面我们使用ping模块对受管主机进行ping操作,以及验证是否可以管理

[ansible@master ~]$ ansible slave1 -m pingslave1 | SUCCESS => {    "changed": false,     "ping": "pong"}[ansible@master ~]$ ansible k8s-nodes -m pingslave1 | SUCCESS => {    "changed": false,     "ping": "pong"}slave | SUCCESS => {    "changed": false,     "ping": "pong"}[ansible@master ~]$ ansible all -m command -a "date"slave | SUCCESS | rc=0 >>2017年 06月 25日 星期日 17:23:50 CSTslave1 | SUCCESS | rc=0 >>2017年 06月 25日 星期日 17:23:50 CST

ansible-doc 是命令行帮助
end