1.Ansible Inventory
工作当中有不同的业务主机,我们需要在把这些机器信息存放在inventory里面,ansible默认的inventory的文件是/etc/ansible/hosts,也可以通过ANSIBLE_HOSTS环境变量来指定或者运行ansible和ansible-playbook的时候用-i参数临时设置。
1.1 定义主机和主机组
[root@ansible01 ansible]# cat /etc/ansible/hosts |grep -v "^#"|grep -v "^$"
11.0.1.18 ansible_ssh_pass='123456'
11.0.1.19 ansible_ssh_pass='123456'
[docker]
11.0.1.1[2:4]
[docker:vars]
ansible_ssh_pass='123456'
[ansible:children]
docker
第1,2行定义了主机为:11.0.1.18/19,使用Inventory的内置变量ansible_ssh_pass定义ssh登录密码
第3行定义主机组,名为docker
第4行定义了docker组下的3台主机,从11.0.1.12到11.0.1.14
第5行和第6行针对docker组使用了Inventory的内置变量ansible_ssh_pass定义ssh登录密码
第7行和第8行定义了一个组叫ansible,这个组包含docker组
1.2 多个Inventory列表
我们新增inventory目录,如下
[root@ansible01 inventory]# tree /etc/ansible/inventory/
/etc/ansible/inventory/
├── docker
└── hosts0 directories, 2 files
[root@ansible01 inventory]# cat /etc/ansible/inventory/hosts
11.0.1.18 ansible_ssh_pass='123456'
11.0.1.19 ansible_ssh_pass='123456'
[root@ansible01 inventory]# cat /etc/ansible/inventory/docker
[docker]
11.0.1.1[2:4]
[docker:vars]
ansible_ssh_pass='123456'
[ansible:children]
docker
这样还未生效,我们还得再主配置文件ansible.cfg修改inventory指定目录,如下:
[root@ansible01 ansible]# cat /etc/ansible/ansible.cfg |grep inventory|grep -v "^#"
inventory = /etc/ansible/inventory/
[inventory]
验证下:
[root@ansible01 ansible]# ansible docker --list-hostshosts (3):11.0.1.1211.0.1.1311.0.1.14
[root@ansible01 ansible]# ansible ansible --list-hostshosts (3):11.0.1.1211.0.1.1311.0.1.14
[root@ansible01 ansible]# ansible 11.0.1.18:11.0.1.19 --list-hostshosts (2):11.0.1.1811.0.1.19
1.3 动态Inventory(了解即可)
在实际应用部署中会有大量的主机列表,手动维护这些列表会是一件很繁琐的事情,动态Inventory可以帮我们解决这些问题,动态Inventory就是Ansible所有的Inventory文件里面的主机列表和变量信息都支持从外部拉取进来,比如我们可以从CMDB系统和Zabbix监控系统拉取所有的主机信息,然后使用Ansible进行管理。
方法:修改主配置文件ansible.cfg中inventory的定义值改成一个脚本运行。
1.4 Inventory内置参数
2.Ansible AD-Hoc命令
我们经常会通过命令的形式来使用ansible模块,目前为止ansible自带了259个模块,我们可以使用ansible-doc -l来显示自带的模块,也可以用ansible-doc 模块名,来查看模块,下面我们介绍下常用AD-Hoc命令。
2.1 执行命令
Ansible命令都是并发执行的,默认的并发数是由ansible.cfg中的forks值来控制,也可以在运行ansible命令时通过-f参数来指定并发数。
[root@ansible01 inventory]# ansible docker -m shell -a "hostname" -o
11.0.1.19 | CHANGED | rc=0 | (stdout) ansible02
11.0.1.18 | CHANGED | rc=0 | (stdout) ansible01
[root@ansible01 inventory]# ansible docker -m shell -a "uname -r" -f 2 -o
11.0.1.19 | CHANGED | rc=0 | (stdout) 3.10.0-327.el7.x86_64
11.0.1.18 | CHANGED | rc=0 | (stdout) 3.10.0-1160.el7.x86_64
2.2 复制文件
我们还可以使用copy模块来批量下发文件,文件的变化是通过MD5值来判断的
#1.使用copy复制test.txt文件
[root@ansible01 inventory]# ansible docker -m copy -a 'src=/test.txt dest=/root/test.txt owner=root group=root mode=644 backup=yes' -o
11.0.1.19 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "dest": "/root/test.txt", "gid": 0, "group": "root", "md5sum": "d41d8cd98f00b204e9800998ecf8427e", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:admin_home_t:s0", "size": 0, "src": "/root/.ansible/tmp/ansible-tmp-1713505961.01-99673-167875618419234/source", "state": "file", "uid": 0}
#2.用md5sum来验证md5值
[root@ansible01 inventory]# ansible docker -m shell -a 'md5sum /root/test.txt' -o
11.0.1.19 | CHANGED | rc=0 | (stdout) d41d8cd98f00b204e9800998ecf8427e /root/test.txt
[root@ansible01 inventory]# md5sum /test.txt
d41d8cd98f00b204e9800998ecf8427e /test.txt
2.3 包和服务管理
我们可以使用yum模块来管理包和服务
#1.yum模块安装httpd
[root@ansible01 inventory]# ansible docker -m yum -a 'name=httpd state=latest' -o
11.0.1.19 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "changes": {"installed": ["httpd"], "updated": []}, "msg": "", "obsoletes": {"NetworkManager": {"dist": "x86_64", "repo": "@anaconda/7.2", "version": "1:1.0.6-27.el7"}, "grub2": {"dist": "x86_64", "repo": "@anaconda/7.2", "version": "1:2.02-0.29.el7"}, "grub2-tools": {"dist": "x86_64", "repo": "@anaconda/7.2", "version": "1:2.02-0.29.el7"}, "iwl7265-firmware": {"dist": "noarch", "repo": "@anaconda/7.2", "version": "22.0.7.0-43.el7"}, "pygobject3-base": {"dist": "x86_64", "repo": "@anaconda/7.2", "version": "3.14.0-3.el7"}, "python-rhsm": {"dist": "x86_64", "repo": "@anaconda/7.2", "version": "1.15.4-5.el7"}, "rdma": {"dist": "noarch", "repo": "@anaconda/7.2", "version": "7.2_4.1_rc6-1.el7"}, "redhat-access-insights": {"dist": "noarch", "repo": "@anaconda/7.2", "version": "1.0.6-0.el7"}}, "rc": 0, "results": ["Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-\n : manager\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-99.el7_9.1 will be installed\n--> Processing Dependency: httpd-tools = 2.4.6-99.el7_9.1 for package: httpd-2.4.6-99.el7_9.1.x86_64\n--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-99.el7_9.1.x86_64\n--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-99.el7_9.1.x86_64\n--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-99.el7_9.1.x86_64\n--> Running transaction check\n---> Package apr.x86_64 0:1.4.8-7.el7 will be installed\n---> Package apr-util.x86_64 0:1.5.2-6.el7_9.1 will be installed\n---> Package httpd-tools.x86_64 0:2.4.6-99.el7_9.1 will be installed\n---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n httpd x86_64 2.4.6-99.el7_9.1 rhel-7-server-rpms 1.2 M\nInstalling for dependencies:\n apr x86_64 1.4.8-7.el7 rhel-7-server-rpms 104 k\n apr-util x86_64 1.5.2-6.el7_9.1 rhel-7-server-rpms 92 k\n httpd-tools x86_64 2.4.6-99.el7_9.1 rhel-7-server-rpms 94 k\n mailcap noarch 2.1.41-2.el7 rhel-7-server-rpms 31 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+4 Dependent packages)\n\nTotal download size: 1.5 M\nInstalled size: 4.3 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 198 kB/s | 1.5 MB 00:07 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : apr-1.4.8-7.el7.x86_64 1/5 \n Installing : apr-util-1.5.2-6.el7_9.1.x86_64 2/5 \n Installing : httpd-tools-2.4.6-99.el7_9.1.x86_64 3/5 \n Installing : mailcap-2.1.41-2.el7.noarch 4/5 \n Installing : httpd-2.4.6-99.el7_9.1.x86_64 5/5 \n Verifying : httpd-tools-2.4.6-99.el7_9.1.x86_64 1/5 \n Verifying : apr-1.4.8-7.el7.x86_64 2/5 \n Verifying : mailcap-2.1.41-2.el7.noarch 3/5 \n Verifying : httpd-2.4.6-99.el7_9.1.x86_64 4/5 \n Verifying : apr-util-1.5.2-6.el7_9.1.x86_64 5/5 \n\nInstalled:\n httpd.x86_64 0:2.4.6-99.el7_9.1 \n\nDependency Installed:\n apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7_9.1 \n httpd-tools.x86_64 0:2.4.6-99.el7_9.1 mailcap.noarch 0:2.1.41-2.el7 \n\nComplete!\n"]}
#2.查看httpd是否安装
[root@ansible01 inventory]# ansible docker -m shell -a 'rpm -qa httpd' -o
11.0.1.19 | CHANGED | rc=0 | (stdout) httpd-2.4.6-99.el7_9.1.x86_64