managed node配置
安装openssh-server,用ps -elf | grep sshd查看,如未启动,使用
sudo service ssh restart
或
sudo /etc/init.d/ssh restart
配置ansible
编辑/etc/ansible/hosts
[ubuntu14]
192.168.199.179 ansible_sudo_pass=’XXXX’
[ubuntu18]
192.168.199.151 ansible_sudo_pass=’XXXX’
拷贝公钥
在control machine上生成公私钥对:
ssh-keygen
拷贝公钥到远端机器,运行过程中会要求输入远端机器的密码(默认使用跟control machine相同的用户名):
ssh-copy-id -i ~/.ssh/id_rsa.pub
adhoc命令
adhoc就是单条命令模式。
ansible有许多模块,默认是 ‘command’,也就是命令模块,我们可以通过 -m 选项来指定不同的模块.
ping测试
测试managed node是否ssh可达:
ansible all -m ping
如成功,返回:
192.168.199.179 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
拷贝文件到managed node
ansible all -m copy -a “src=/home/uniquelip/1.txt dest=/tmp/1.txt”
底层使用的是scp命令。
验证一下是否拷贝成功:
ansible all -m shell -a “cat /tmp/1.txt”
结果是:
192.168.199.179 | SUCCESS | rc=0 >>
hello,world
注意:~目录,在sudo的情况下代表的是/root!
查看managed node系统信息
ansible all -m setup
确认软件是否安装
ansible all -m apt -a “name=python state=present”
python是装了的,因此返回:
192.168.199.179 | SUCCESS => {
“cache_update_time”: 1414588478,
“cache_updated”: false,
“changed”: false
}
ansible all -m apt -a “name=ruby state=present”
ruby没装,也未使用sudo,因此返回安装失败:
192.168.199.179 | FAILED! => {
“cache_update_time”: 1414588478,
“cache_updated”: false,
“changed”: false,
“msg”: “’/usr/bin/apt-get -y -o \”Dpkg::Options::=–force-confdef\” -o \”Dpkg::Options::=–force-confold\” install ‘ruby” failed: E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)\nE: Unable to lock the administration directory (/var/lib/dpkg/), are you root?\n”,
“rc”: 100,
“stderr”: “E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)\nE: Unable to lock the administration directory (/var/lib/dpkg/), are you root?\n”,
“stderr_lines”: [
“E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)”,
“E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?”
],
“stdout”: “”,
“stdout_lines”: []
}
要安装最新的ruby可使用–sudo选项:
ansible all -m apt -a “name=ruby state=latest” -u USER –sudo –ask-sudo-pass
–ask-sudo-pass选项会在运行中要求你输入USER的密码。
【注意】
在有些比较罕见的情况下,一些用户会受到安全规则的限制,使用 sudo 切换时只能运行指定的命令.这与 ansible的 no-bootstrapping 思想相悖,而且 ansible 有几百个模块,在这种限制下无法进行正常的工作. 所以执行 ansible 命令时,应使用一个没有受到这种限制的账号来执行
确认ftpd服务是否启动
ansible all -m service -a “name=pure-ftpd state=started”
若启动,返回:
192.168.199.179 | SUCCESS => {
“changed”: false,
“name”: “pure-ftpd”,
“state”: “started”
}
否则,返回:
192.168.199.179 | FAILED! => {
“changed”: false,
“msg”: “Could not find the requested service pure-ftpd: host”
}
playbook
playbook就是批量命令模式。
安装python ply包
---
- hosts: all
vars:
pypkg: ply
remote_user: uniquelip
sudo: yes
tasks:
- name: mkdir
file: dest=~/.pip state=directory
- name: copy pip ini
copy: src=~/.pip/pip.conf dest=~/.pip/pip.conf
- name: install {{pypkg}}
command: pip install {{pypkg}}
- name: ensure {{pypkg}} is installed
shell: pip list | grep {{pypkg}}
执行一个playbook:
ansible-playbook test.yml
调试
使用debug模块,类似python里的print,定位问题时非常有效:
- name: mkdir software
file: dest=~/software state=directory
register: result
- name: print vars
debug: var=result
忽略错误的命令
通常情况下, 当出现失败时 Ansible 会停止在宿主机上执行.有时候,你会想要继续执行下去.为此 你需要像这样编写任务:
- name: check whether ansible is installed
shell: pip list | grep ansible
register: ansible_installed #record the command result
# if ansible NOT installed, task will fail, so we need ignore
ignore_errors: yes
# - name: print vars
# debug: var=ansible_installed
- name: install ansible
command: pip install ansible
when: ansible_installed.stdout == ''
如果一个python模块未安装,pip list | grep ansible会失败,导致ansible停止执行,这不符合我们的要求,所以用ignore_errors让ansible继续执行,并将是否安装的结果记录到ansible_installed变量里。随后的步骤会使用when来判断这个变量是否满足条件(ansible未安装),只有满足条件,才会真正安装ansible。
ansible模块
可通过ansible-doc -s 模块名
查看模块信息。