部署Ansible

• 1. Ansible清单
• • 1.1 定义清单
  • 1.2 自定义清单文件
• 2. 管理Ansible配置文件
• • 2.1 配置文件优先级
  • 2.2 Ansible配置文件
  • 2.3 配置文件注释
• 3. 查看帮助文档
• 4. 模块的使用
• • 4.1 user模块
  • 4.2 hostname模块
  • 4.3 group模块
  • 4.4 command模块

1. Ansible清单

1.1 定义清单

主机清单：告诉ansible需要管理哪些主机，和主机的分类和分组信息。可以根据你自己的需要分类，也可以按照功能的不同分类。

Ansible 通过读取默认的主机清单配置/etc/ansible/hosts，可以同时连接到多个远程主机上执行任务， 默认路径可以通过修改 ansible.cfg 的 hostfile 参数指定路径。也可以通过命令行选项指定其它的清单文件-i <path>。

1.2 自定义清单文件

在/etc/ansible/目录中，创建一个名为inventory的自定义静态清单文件。

[root@133 ansible]# touch  inventory
[root@133 ansible]# ls
ansible.cfg  hosts  inventory  roles

#写入配置文件
[root@133 ansible]# vim ansible.cfg
inventory      = /etc/ansible/inventory

#添加主机
[root@133 ansible]# cat inventory 
[web]
192.168.172.167

使用以下命令列出默认清单文件中的所有受管主机：

ansible all -i /etc/ansible/inventory --list-hosts

执行以下命令列出web组中的所有受管主机：

ansible web -i /etc/ansible/inventory --list-hosts

2. 管理Ansible配置文件

2.1 配置文件优先级

ANSIBLE_CONFIG环境变量指定的任何文件将覆盖所有其他配置文件。如果没有设置该变量，则接下来检查运行ansible命令的目录中是否有ansible.cfg文件。如果不存在该文件，则检查用户的家目录是否有.ansible.cfg文件。只有在找不到其他配置文件时，才使用全局/etc/ansible/ansible.cfg文件。如果/etc/ansible/ansible.cfg配置文件不存在，Ansible包含它使用的默认值。
ANSIBLE_CONFIG环境变量 > ./ansible.cfg(当前所在目录) > ~/.ansible.cfg(家目录中.ansible) > /etc/ansible/ansible.cfg

2.2 Ansible配置文件

默认配置文件路径：/etc/ansible/ansible.cfg

#inventory      = /etc/ansible/hosts					//主机列表配置文件
inventory      = /etc/ansible/inventory					//自定义清单
#library        = /usr/share/my_modules/					//库文件存放目录
#module_utils   = /usr/share/my_module_utils/					//模块应用程序路径
#remote_tmp     = ~/.ansible/tmp					//临时文件远程主机存放目录
#local_tmp      = ~/.ansible/tmp					//临时文件本地存放目录
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml					//插件过滤器
#forks          = 5					//默认开启的并发数
#poll_interval  = 15					//默认轮询时间间隔
#sudo_user      = root					//默认sudo用户
#ask_sudo_pass = True					//是否需要sudo密码
#ask_pass      = True					//是否需要密码
#transport      = smart					//连接方式，多数ssh
#remote_port    = 22					//远程默认端口
#module_lang    = C					//模块和系统之间通信的计算机语言，默认C语言
#module_set_locale = False

[privilege_escalation]
#become=True					//连接后是否自动在受管主机上切换用户（通常切换为root）这也可以通过play来指定
#become_method=sudo					//如何切换用户。默认为sudo，但可选择su
#become_user=root					//要在受管主机上切换到的用户，默认root
#become_ask_pass=False					//是否需要为become_method提示输入密码。默认为false

2.3 配置文件注释

Ansible配置文件允许使用两种注释字符：井号或分号。

位于行开头的#号会注释掉整行。它不能和指令位于同一行中。

分号字符可以注释掉所在行中其右侧的所有内容。它可以和指令位于同一行中，只要该指令在其左侧。

3. 查看帮助文档

查看用户模块帮助文档``ansible-doc user```

> USER    (/usr/lib/python3.6/site-packages/ansible/modules/system/user.py)

        Manage user accounts and user attributes. For Windows targets, use the [win_user]
        module instead.

  * This module is maintained by The Ansible Core Team
OPTIONS (= is mandatory):

- append
        If `yes', add the user to the groups specified in `groups'.
        If `no', user will only be added to the groups specified in `groups', removing them
        from all other groups.
        Mutually exclusive with `local'
        [Default: False]
        type: bool

- authorization
        Sets the authorization of the user.
        Does nothing when used with other platforms.
        Can set multiple authorizations using comma separation.
        To delete all authorizations, use `authorization='''.
        Currently supported on Illumos/Solaris.
        [Default: (null)]
        type: str
        version_added: 2.8
 ......

4. 模块的使用

语法：ansible [主机] -m [模块] -a [参数]

4.1 user模块

给web组的 主机创建名为 test1 的用户。

[root@133 ansible]# ansible web -m user -a "name=test1"
192.168.172.167 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "comment": "",
    "create_home": true,
    "group": 1041,
    "home": "/home/test1",
    "name": "test1",
    "shell": "/bin/bash",
    "state": "present",
    "system": false,
    "uid": 1041
}

删除web组主机上的test1用户，并删除该用户家目录

[root@133 ansible]# ansible web -m user -a "name=test1 state=absent remove=yes"
192.168.172.167 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "force": false,
    "name": "test1",
    "remove": true,
    "state": "absent"
}

更改web组主机用户xx的组为root，uid为1010

[root@167 ~]# id xx 
uid=1004(xx) gid=1004(xx) 组=1004(xx)

[root@133 ansible]# ansible web -m user -a "name=xx uid=1010 group=root"
192.168.172.167 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "append": false,
    "changed": true,
    "comment": "",
    "group": 0,
    "home": "/home/xx",
    "move_home": false,
    "name": "xx",
    "shell": "/bin/bash",
    "state": "present",
    "uid": 1010
}

[root@167 ~]# id xx 
uid=1010(xx) gid=0(root) 组=0(root)

4.2 hostname模块

[root@133 ansible]# ansible localhost -m hostname -a "name=localhost"
localhost | CHANGED => {
    "ansible_facts": {
        "ansible_domain": "localdomain",
        "ansible_fqdn": "localhost.localdomain",
        "ansible_hostname": "localhost",
        "ansible_nodename": "localhost"
    },
    "changed": true,
    "name": "localhost"
}
[root@133 ansible]# bash
[root@localhost ansible]# 

4.3 group模块

//创建组
[root@localhost ansible]# ansible web -m group -a "name=group1 state=present"
192.168.172.167 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "gid": 1006,
    "name": "group1",
    "state": "present",
    "system": false
}

//修改组
[root@localhost ansible]# ansible web -m group -a "name=group1 gid=1010"
192.168.172.167 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "gid": 1010,
    "name": "group1",
    "state": "present",
    "system": false
}

//删除组
[root@localhost ansible]# ansible web -m group -a "name=group1 state=absent"
192.168.172.167 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "name": "group1",
    "state": "absent"
}

4.4 command模块

//本机创建fffff目录
[root@localhost ansible]# ansible localhost -m command -a"mkdir fffff"
[WARNING]: Consider using the file module with state=directory rather than running 'mkdir'.  If you need to use
command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False'
in ansible.cfg to get rid of this message.
localhost | CHANGED | rc=0 >>

[root@localhost ansible]# ls
ansible.cfg  fffff  hosts  inventory  roles


//查看受控主机的/tmp目录内容
[root@localhost ansible]# ansible web -m command -a "ls /tmp"
192.168.172.167 | CHANGED | rc=0 >>
ansible_command_payload_b919b8m6
systemd-private-abfe5b4b8a4a4dc68357fda2861d10ff-bluetooth.service-diIiX9
systemd-private-abfe5b4b8a4a4dc68357fda2861d10ff-colord.service-co5VGy
systemd-private-abfe5b4b8a4a4dc68357fda2861d10ff-ModemManager.service-YsQkIM
systemd-private-abfe5b4b8a4a4dc68357fda2861d10ff-rtkit-daemon.service-ISjg3p
tracker-extract-files.0
vmware-root_1002-2957518059
vmware-root_1013-4290232108
vmware-root_1018-2990547707
vmware-root_1019-4256676133