Article Directory
- ansible installation:
- Master and client ssh are not encrypted:
- /etc/ansible/hosts file configuration
- Ansible common module usage:
-
- Use the ping module to check whether the server is connected normally:
- Ansible module command (pipes are not supported, not recommended):
- Ansible module shell (supports pipes, supports redirection):
- Ansible module raw, the most primitive way to run commands (does not rely on python, only through ssh):
- Ansible's copy module distributes files or folders in batches:
- Ansible's script module runs scripts in batches:
- Ansible error summary:
ansible installation:
ignore
Master and client ssh are not encrypted:
Need to modify the ssh configuration file /etc/ssh/ssh_config
1. #进行ping模块的连接测试
3. [root@ansible python]# ansible nginx -m ping
4. webB | FAILED! => {
#我们发现webB还是没链接成功,这是因为本机的known_hosts文件还没有记录对方主机的信息。
5. "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
6. }
想要解决known_hosts的问题,只需要修改ssh的配置文件/etc/ssh/ssh_config即可
1. #修改ssh配置文件
2. [root@ansible .ssh]# sed -n '35p' /etc/ssh/ssh_config
3. # StrictHostKeyChecking ask
4. [root@ansible .ssh]# vim /etc/ssh/ssh_config
5. [root@ansible .ssh]# sed -n '35p' /etc/ssh/ssh_config
6. StrictHostKeyChecking no #去掉注释,修改成这样
7.
8. #重启ssh服务
9. [root@ansible .ssh]# systemctl reload sshd.service
/etc/ansible/hosts file configuration
Setting method one:
4. [all_remote] #被管理的主机组名称
5. webA ansible_ssh_host=192.168.200.132 ansible_ssh_port=22 ansible_ssh_user=root #第一台主机
6. webB ansible_ssh_host=192.168.200.138 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=666666 #第二台主机
7.
8. 【注意】
9. 如果是免密的那么铭文密码就不需要了
10. ansible_ssh_pass=
Execution command demonstration:
ansible all_remote -m shell -a "pushd ~/;ls /etc | tail -3;popd"
Setting method two:
[all_remote]
#当前面是ansible_ssh_host=,需要前面加上web01等等
web01 ansible_ssh_host=11.222.76.9 ansible_ssh_port=22
#默认前面直接加ip,后面指定端口可以使用ansible_ssh_port或者ansible_port
11.222.76.9 ansible_ssh_port=22
Execution command demonstration:
ansible all_remote -m shell -a "pushd ~/;ls /etc | tail -3;popd" -u myuser
【注意】
由于hosts没有指定用户,所有命令行-u来指定
Parameter Description:
8. 特别提示:
9. WebA ===> 主机名
10. ansible_ssh_host ===>主机IP
11. ansible_ssh_port ===>ssh的默认端口
12. ansible_ssh_user ===>ssh的用户名
13. ansible_ssh_pass ===>ssh的用户的连接密码
Ansible common module usage:
Use the ping module to check whether the server is connected normally:
ansible -i /etc/ansible/hosts web01:web02 -m ping -u user
[Parameter]:
-i specifies the path of the hosts
web01:web02 is the web01 and web02 machines in the specified hosts
ansible all_remote:!web01 -m ping -u user
[parameters]:
!web01 refers to the troubleshooting web01 machine
ansible webA:webB -m ping -u user
Ansible module command (pipes are not supported, not recommended):
#Correct usage: ansible all_remote -m command -a “pwd”
#command module does not support pipe operation:
[error] ansible all -m command -a "echo test | grep t"
The command module does not support redirection operation
[error] ansible all -m command -a "echo bb >> /tmp/test
Ansible module shell (supports pipes, supports redirection):
#shell module supports pipe characters
[correct] ansible all -m shell -a "echo albitest | grep a"
#shell support redirection
[correct] ansible all -m shell -a "echo bb >> /tmp/testansib
#If you encounter special symbols, you need to add \ escape, so that ansible can run normally
[correct]
ansible all -m shell -a "cat /etc/passwd | awk -F":"'{print $1}'"
Ansible module raw, the most primitive way to run commands (does not rely on python, only through ssh):
#Clear yum cache ansible all -m raw -a “yum -y clean all”
Create yum cache
ansible all -m raw -a "yum makecache"
#yum装nmap包
ansible all -m raw -a “yum -y install nmap”
Ansible's copy module distributes files or folders in batches:
The parameters of the copy module, ansible host group -m module -a command
•
o src:指定源文件或目录
o dest:指定目标服务器的文件或目录
o backup:是否要备份
o owner:拷贝到目标服务器后,文件或目录的所属用户
o group:拷贝到目标服务器后,文件或目录的所属群组
o mode:文件或目录的权限
src===>Source file path dest=Target path location:
ansible all -m copy -a “src=/root/test.txt dest=/tmp/”
The copy module copies the folder:
特别提示:
如果目标路径里有与我拷贝的文件同名文件的话,会直接覆盖目标路径下的文件
#拷贝/service/scripts/ 目录下所有内容到dest的路径下(注意两条命令的对比)
ansible webA -m copy -a "src=/service/scripts/ dest=/service/scripts/"
#拷贝/service/scripts目录本身及其内部的所有内容到dest的路径下(注意两条命令的对比)
ansible webA -m copy -a "src=/service/scripts dest=/service/scripts/ backup=yes"
Use the copy module to enter data for the remote machine file (created if it does not exist):
ansible -i /etc/ansible/hosts web01 -m copy -a "content="haha" dest=/root/dockerfile" -u user
When copying a file, the copy module specifies the owner of the file. Note that the corresponding user must exist on the remote host:
ansible ansible-demo3 -m copy -a "src=/testdir/copytest dest=/testdir/ owner=jenkins"
When the copy module copies files, specify file permissions:
ansible ansible-demo3 -m copy -a "src=/testdir/copytest dest=/testdir/ mode=0644
Ansible's script module runs scripts in batches:
Ansible's script module enables remote servers to run local shell scripts in batches
34. ansible $Group -m script -a "/service/scripts/auto_nginx.sh"
Ansible error summary:
Permission problem: (ansible user problem)
[root@VM20201125-0 ~]# ansible -i /etc/ansible/hosts all_remote -m ping
11.269.21.21 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: [email protected]: Permission denied (publickey,password).",
"unreachable": true
}
【注意】
原因可能是hosts中没有设置ansible_host_user或者命令行执行ansible没有执行-u +用户
The /etc/ansible/hosts file was not found correctly
[root@kVM20208925-0 ~]# ansible -i /etc/ansible/hostss all_remote -m ping -u myself
[WARNING]: Unable to parse /etc/ansible/hostss as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: all_remote