本文所有资料和实例是结合官方文档,以及自己实际测试所得。
原始资料:
测试时所用系统centos6u2,使用python2.6.6,所用账户为yakamoz,yakamoz具有无密码使用sudo命令的权限
一、ansible 安装
1、软件包安装
EPEL已经提供了ansible所需的所有支持软件包,所以在这里使用epel源进行安装:
$sudo rpm -ivh
安装ansible
$sudo yum install ansible -y
===============================================================================
Package Arch Version Repository Size
===============================================================================
Installing:
ansible noarch 1.0-1.el6 epel 336 k
Installing for dependencies:
PyYAML x86_64 3.10-3.el6 epel 157 k
libyaml x86_64 0.1.3-1.el6 epel 52 k
python-babel noarch 0.9.4-5.1.el6 base 1.4 M
python-crypto x86_64 2.0.1-22.el6 base 159 k
python-jinja2 x86_64 2.2.1-1.el6 base 465 k
python-paramiko noarch 1.7.5-2.1.el6 base 728 k
Transaction Summary
===============================================================================
Install 7 Package(s)
Total download size: 3.3 M
Installed size: 17 M
2、免密钥
在master服务器生成ssh-key,并分发到所有客户端(在这里也许你有更好的方法,至少目前该方法是最简单的实现方式)
$ssh-keygen -t rsa 【一路回车】
$ssh-copy-id -i ~/.ssh/id_rsa.pub【客户端IP地址】
在此过程提示输入客户端密码
3、建立hosts文件
ansible的hosts默认在/etc/ansible/目录中,采用rpm安装的ansible会将该hosts作为范例,其中提示ansible是支持域名和ip两种客户端命名格式的【经过测试是没有问题的】,还介绍了不同的安装分组方法,建议好好看看:
在这里一共两台服务器master和slave,分为两组
$vim /etc/ansbile/hosts
[localhost]
127.0.0.1
[slave]
192.168.30.3
4、测试ansible的使用
在这里使用 ping模块
$ansible slave -i /etc/ansible/hosts -m ping
192.168.30.3 | success >> {
"changed": false,
"ping": "pong"
}
解读:从返回值分析,ansible slave节点192.168.30.3的ping值成功。说明ansible的已经能够使用!
二、基本功能模块测试
1、ansible命令格式
$ansible --help
Usage: ansible [options]
Options:
-a MODULE_ARGS, --args=MODULE_ARGS
module arguments
-k, --ask-pass ask for SSH password
-K, --ask-sudo-pass ask for sudo password
-B SECONDS, --background=SECONDS
run asynchronously, failing after X seconds
(default=N/A)
-c CONNECTION, --connection=CONNECTION
connection type to use (default=paramiko)
-f FORKS, --forks=FORKS
specify number of parallel processes to use
(default=5)
-h, --help show this help message and exit
-i INVENTORY, --inventory-file=INVENTORY
specify inventory host file
(default=/etc/ansible/hosts)
-l SUBSET, --limit=SUBSET
further limit selected hosts to an additional pattern
--list-hosts dump out a list of hosts matching input pattern, does
not execute any modules!
-m MODULE_NAME, --module-name=MODULE_NAME
module name to execute (default=command)
-M MODULE_PATH, --module-path=MODULE_PATH
specify path(s) to module library
(default=/usr/share/ansible)
-o, --one-line condense output
-P POLL_INTERVAL, --poll=POLL_INTERVAL
set the poll interval if using -B (default=15)
--private-key=PRIVATE_KEY_FILE
use this file to authenticate the connection
-s, --sudo run operations with sudo (nopasswd)
-U SUDO_USER, --sudo-user=SUDO_USER
desired sudo user (default=root)
-T TIMEOUT, --timeout=TIMEOUT
override the SSH timeout in seconds (default=10)
-t TREE, --tree=TREE log output to this directory
-u REMOTE_USER, --user=REMOTE_USER
connect as this user (default=yakamoz)
-v, --verbose verbose mode (-vvv for more)
--version show program's version number and exit
2、模块测试
各模块位置(default=/usr/share/ansible)
各模块使用说明可以用“$ansible-doc 【模块名称】”的方式查询
【copy】
测试文件test.sh
$vim test.sh
#!/bin/sh
Time=`date +"%m-%d %H:%M"`
echo "$Time script testing success!"
测试copy
$ansible all -m copy -a "src=/home/yakamoz/test.sh dest=/tmp/"
192.168.30.3 | success >> {
"changed": true,
"dest": "/tmp/test.sh",
"group": "yakamoz",
"md5sum": "6c366d017bfc9191113141e8deeda7cd",
"mode": "0664",
"owner": "yakamoz",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"src": "/home/yakamoz/.ansible/tmp/ansible-1366256450.22-43393541768920/test.sh",
"state": "file"
}
127.0.0.1 | success >> {
"changed": true,
"dest": "/tmp/test.sh",
"group": "yakamoz",
"md5sum": "6c366d017bfc9191113141e8deeda7cd",
"mode": "0664",
"owner": "yakamoz",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"src": "/home/yakamoz/.ansible/tmp/ansible-1366256450.68-90526948213754/test.sh",
"state": "file"
}
测试检查
[yakamoz@ansible-slave1 ~]$ ll /tmp/test.sh
-rw-rw-r--. 1 yakamoz yakamoz 75 Apr 17 20:40 /tmp/test.sh
【file】
调用-s 参数,需要客户端能够无密码使用sudo命令;
$ ansible slave -m file -a "dest=/tmp/test.sh mode=755 owner=root group=root" -s
192.168.30.3 | success >> {
"changed": true,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/test.sh",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"state": "file"
}
【script】
$ ansible slave -m script -a "/tmp/test.sh"
192.168.30.3 | success >> {
"rc": 0,
"stderr": "",
"stdout": "04-17 22:09 script testing success!\r\n"
}
【shell】
$ ansible slave -m shell -a "/tmp/test.sh"
192.168.30.3 | success | rc=0 >>
04-17 22:10 script testing success!
【group】
$ ansible all -m group -a "name=zj state=present" -s
192.168.30.3 | success >> {
"changed": true,
"gid": 501,
"name": "zj",
"state": "present",
"system": "no"
}
127.0.0.1 | success >> {
"changed": true,
"gid": 501,
"name": "zj",
"state": "present",
"system": "no"
}
【user】
$ ansible all -m user -a "name=zj group=zj home=/root/zj state=present" -s
192.168.30.3 | success >> {
"changed": true,
"comment": "",
"createhome": true,
"group": 501,
"home": "/root/zj",
"name": "zj",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 501
}
127.0.0.1 | success >> {
"changed": true,
"comment": "",
"createhome": true,
"group": 501,
"home": "/root/zj",
"name": "zj",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 501
}
【yum】
可以提供的status:absent,present,installed,removed,latest
ansible slave -m yum -a "name=httpd state=latest" -s
192.168.30.3 | success >> {
"changed": true,
"msg": "Warning: RPMDB altered outside of yum.\n",
"rc": 0,
"results": [
"\n================================================================================\n
Package Arch Version
Repository
Size\n================================================================================\nUpdating:\n
httpd x86_64 2.2.15-26.el6.centos
base 821 k\nUpdating for dependencies:\n httpd-tools
x86_64 2.2.15-26.el6.centos base 72
k\n\nTransaction
Summary\n================================================================================\nUpgrade
2 Package(s)\n\nTotal download size: 893 k\n\nUpdated:\n httpd.x86_64
0:2.2.15-26.el6.centos
\n\nDependency Updated:\n httpd-tools.x86_64
0:2.2.15-26.el6.centos \n\n"
]
}
将results结果在echo中显示,结果如下:
================================================================================
Package Arch Version Repository Size
================================================================================
Updating:
httpd x86_64 2.2.15-26.el6.centos base 821 k
Updating for dependencies:
httpd-tools x86_64 2.2.15-26.el6.centos base 72 k
Transaction Summary
================================================================================
Upgrade 2 Package(s)
Total download size: 893 k
Updated:
httpd.x86_64 0:2.2.15-26.el6.centos
Dependency Updated:
httpd-tools.x86_64 0:2.2.15-26.el6.centos
【server】
可以提供的status:running,started,stopped,restarted,reloaded
$ ansible slave -m service -a "name=httpd state=running" -s
192.168.30.3 | success >> {
"changed": true,
"name": "httpd",
"state": "running"
}
二、测试ansible-play
$vim test.yml
---
- hosts: slave
user: yakamoz
sudo: yes
tasks:
- name: no selinux
action: command /usr/sbin/setenforce 0
- name: no iptables
action: service name=iptables state=stopped
- name: success
action: command /bin/bash executable=/tmp/test.sh
$ansible-playbook test.yml -s
PLAY [slave] *********************
GATHERING FACTS *********************
ok: [192.168.30.3]
TASK: [no selinux] *********************
changed: [192.168.30.3]
TASK: [no iptables] *********************
ok: [192.168.30.3]
TASK: [success] *********************
changed: [192.168.30.3]
PLAY RECAP *********************
192.168.30.3 : ok=4 changed=2 unreachable=0 failed=0
检查结果
[root@ansible-slave1 ~]# tail -f /var/log/messages
Apr 18 00:05:51 localhost ansible-setup: Invoked
Apr 18 00:05:52 localhost ansible-command: Invoked with args=/usr/sbin/setenforce 0 executable=None shell=False chdir=None
Apr 18 00:05:53 localhost ansible-service: Invoked with pattern=None state=stopped enabled=None name=iptables arguments=
Apr 18 00:05:53 localhost ansible-command: Invoked with args=/bin/bash executable=/tmp/test.sh shell=False chdir=None