1. Ansible is a configuration management and configuration tool. It uses SSH to connect to the server and run the configured tasks. You only need to open ssh on the server, and all the work is handed over to ansible on the client side.

2. When we need to deploy in batches, we can write scripts ourselves, but Ansible is more recommended. Using Ansible requires no coding and only needs to configure yaml files, and Ansible has built-in functions such as idempotency and concurrency control, which greatly reduces the workload of batch deployment.

3. Ansible is a new automated operation and maintenance tool. Based on Python development, it integrates the advantages of many operation and maintenance tools (puppet, cfengine, chef, func, fabric), and realizes batch system configuration, batch program deployment, and batch operation commands. Function.

4. Ansible works based on modules, and it does not have the ability to deploy in batches. What really has batch deployment is the modules run by ansible, and ansible just provides a framework. mainly include:

(1), link plug-in connection plugins: responsible for communicating with the monitored terminal;

(2), host inventory: The host for the specified operation is a host defined in a configuration file for monitoring;

(3), various modules core module, command module, custom module;

(4), with the help of plug-ins to complete functions such as recording log emails;

(5), playbook: When the script executes multiple tasks, it is not necessary to allow the node to run multiple tasks at one time.

GitHub address: https://github.com/ansible/ansible/

Official website address: https://docs.ansible.com

Online playbook sharing platform: https://galaxy.ansible.com

(2) Features

1. no agents: no client needs to be installed on the controlled host;

2. no server: no server, just run the command directly when using it;

3. modules in any languages: Based on the module work, modules can be developed in any language;

4. yaml, not code: use yaml language to customize the script playbook;

5. ssh by default: work based on SSH;

6. Strong multi-tier solution: It can realize multi-level command.

(3) Advantages

1. Lightweight, there is no need to install an agent on the client side. When updating, only one update is required on the operating machine;

2. Batch task execution can be written into scripts, and can be executed without distributing to remote;

3. It is written in python, which is easier to maintain, and the syntax of ruby is too complicated;

4. Support sudo.

(4) Basic structure

1. Core engine: ansible

2. Core modules:

These are modules that come with ansible, and ansible module resources are distributed to remote nodes to perform specific tasks or match a specific state.

3. Custom modules:

If the core module is not enough to complete a certain function, you can add a custom module.

4. Plug-ins:

Completing the supplement of module functions, with the help of plug-ins to complete functions such as recording logs and emails

5. Playbook:

The configuration file that defines the ansible task can define multiple tasks in a script, which is automatically executed by ansible. The script execution supports multiple tasks, and the control host can run multiple tasks and manage multiple remote hosts at the same time.

6. Playbook is ansible's configuration, deployment and orchestration language, which can describe a remote system execution strategy you want, or the usual process of a set of steps. If the ansible module is your studio tool, the playbook is the design solution. At a basic level, playbooks can be used to manage configuration and deploy to remote machines. In more advanced applications, multi-tier applications and rolling updates can be sequenced, and actions can be delegated to other hosts, interacting with monitoring servers and load balancers.

7. Connection plugins:

Ansible is linked to each host based on the link plug-in, and is responsible for communicating with the managed nodes. Although ansible uses ssh to connect to each managed node, it also supports other connection methods, so a connection plug-in is required.

8. Host inventory:

Define the host policy managed by ansible. By default, the managed node is defined in the hosts configuration file of ansible. It also supports customizing the dynamic host list and specifying the configuration file path.

9. Ansible uses the paramiko protocol library (Fabric also uses this), and connects to the host through ssh or ZeroMQ. Ansible pushes the ansible module to the managed node through the ssh protocol (or Kerberos, LDAP) on the control host for execution, and automatically deletes it after execution. The control host and the managed node support three link methods: local, SSH, and ZeroMQ, and the link based on SSH is used by default. Using the ZeroMQ connection method in a large-scale situation will significantly improve the execution speed.

(5) Task Execution Mode

1. The ansible system can be divided into two types by the control host to operate the managed nodes, namely ad-hoc and playbook.

2. The ad-hoc mode uses a single module and supports batch execution of single commands.

3. The playbook mode is the main management method of ansible. A type of function is completed through a collection of multiple tasks, which can be simply understood as a configuration file that combines multiple ad-hoc operations.

(6) Comparison between ansible and other configuration management software

Comparison of technical characteristics:

project	Puppet	Salt stack	Ansible
Development language	Ruby	Python	Python
Is there a client	yes	yes	no
Whether to support secondary development	not support	support	support
Whether the server and the remote machine authenticate each other	yes	yes	yes
Whether the communication between the server and the remote machine is encrypted	Yes, standard SSL protocol	Yes, use AES encryption	Yes, using OpenSSH
Whether to provide WEB UI	supply	supply	Provided, but commercial version
Configuration file format	Ruby syntax	YAML	YAML
command line execution	Not supported, but can be implemented through the configuration module	support	support

2. Introduction to ansible components

（一）ansible inventory

In large-scale configuration management work, we need to manage machines of different businesses. The information of these machines is stored in the inventory component of ansible. In our work, the host for configuration and deployment must be stored in the inventory first, so that ansible can be used to operate it. The default ansible inventory is a static ini file /etc/ansible/hosts. It can also be specified through the ANSIBLE_HOSTS environment variable or temporarily set with the -i parameter when the command is run.

(2) Reference example

Define hosts and host groups

1、100.0.0.1 ansible_ssh_pass='123456'

2、100.0.0.2 ansible_ssh_pass='123456'

3、[docker]

4、100.0.0.1[1:3]

5、[docker:vars]

6、ansible_ssh_pass='123456'

7、[ansible:children]

8、docker

Lines 1 and 2 define a host and specify the ssh login password

Line 3 defines a group called docker

Line 4 defines the four hosts under the docker group from 100.0.0.11-100.0.0.13

Lines 5 and 6 define the ssh login password of the docker group

Lines 7 and 8 define the ansible group, which contains the docker group

(3) Inventory built-in parameters

reference	explain	example
ansible_ssh_host	The name of the remote host to be connected. If it is different from the alias of the host you want to set, it can be set through this variable.	ansible_ssh_host=192.169.1.123
ansible_ssh_port	ssh port number. If it is not the default port number, set it through this variable.	ansible_ssh_port=5000
ansible_ssh_user	default ssh username	ansible_ssh_user=cxpadmin
ansible_ssh_pass	ssh password (this method is not secure, we strongly recommend using --ask-pass or SSH key)	ansible_ssh_pass=’123456’
ansible_sudo_pass	sudo password (this method is not safe, we strongly recommend using --ask-sudo-pass)	ansible_sudo_pass=’123456’
ansible_sudo_exe	sudo command path (for 1.8 and above)	ansible_sudo_exe=/usr/bin/sudo
ansible_connection	The connection type with the host. For example: local, ssh or paramiko. Before Ansible 1.2, paramiko was used by default. After 1.2, 'smart' is used by default. The 'smart' method will judge whether the 'ssh' method is feasible according to whether it supports ControlPersist.	ansible_connection=local
ansible_ssh_private_key_file	The private key file used by ssh. It is suitable for situations where there are multiple keys and you don't want to use SSH agent.	ansible_ssh_private_key_file=/root/key
ansible_shell_type	The shell type of the target system. By default, the execution of the command uses the 'sh' syntax, which can be set to 'csh' or 'fish'.	ansible_shell_type=zsh
ansible_python_interpreter	The python path of the target host. Applicable situations: There are multiple Pythons in the system, or the command path is not "/usr/bin/python", such as \*BSD, or /usr/bin/python is not a 2.X version of Python .We don't use the "/usr/bin/env" mechanism, because it requires the path of the remote user to be set correctly, and the name of the "python" executable program cannot be a name other than python (the actual name may be python26).	ansible_python_interpreter=/usr/bin/python2.6
ansible_*_interpreter	Define the rest of the language interpreters	ansible_*_interpreter=/usr/bin/ruby
ansible_sudo	Define sudo user	ansible_sudo=cxpadmin

Note: Starting from ansible2.0, ansible_ssh_user, ansible_ssh_host, ansible_ssh_port have been changed to ansible_user, ansible_host, ansible_port.

For details, refer to the official website http://docs.ansible.com/ansible/latest/intro_inventory.html

(4) ansible ad-hoc command

We often use the ansible module through the command line. Ansible comes with many modules, which can be used directly. At present, ansible has built-in 200+ modules, we can use ansible-doc -l to display all built-in modules, and also use ansible-doc module name to view the introduction and case of the module. It should be noted that if you use the ad-hoc command, some plug-in functions of ansible cannot be used, such as the loop facts function.

Command usage: ansible <host-pattern> [options]

(5) Introduction to frequently used modules

1. ping module

The role of the ping module is the same as its name, that is, to judge whether the network of the remote host is unblocked

Example: ansible cluster_hosts -m ping

2. copy module

The role of the copy module in ansible is to copy the files on the ansible execution machine to the remote node. The opposite operation to the fetch module.

① Frequently used module parameters

parameter name	Is it necessary	Defaults	options	illustrate
src	no			It is used to locate the file on the machine where ansible is executed, and an absolute path is required. If the copy is a folder, then the folder will be copied as a whole, if the end is "/", then only the contents of the folder will be tested. Everything feels a lot like rsync
content	no			Used to replace src, used to copy the content of the specified file to the remote file
dest	yes			For locating files on remote nodes, absolute paths are required. If src points to a folder, this parameter must also point to a folder
backup	no	no	yes/no	Back up the original files on the remote node, before copying. If something unexpected happens, the original file can still be used.
directory_mode	no			This parameter can only be used when copying a folder. After this setting, the newly created files in the folder will be copied. and the old ones are not copied
follow	no	no	yes/no	When there is a link in the copied folder, the copied folder will also have a link
force	no	yes	yes/no	The default is yes, which will overwrite remote files with different content (maybe the same file name). If it is no, the file will not be copied, if there is this file remotely
group	no			Set a group to have permission to copy files to remote nodes
mode	no			Equivalent to chmod, the parameter can be "u+rwx or u=rw,g=r,o=r"
owner	no			设定一个用户拥有拷贝到远程节点的文件权限

②示例：将文件copy到测试主机

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

[root@node1 ansible]# ansible testservers -m copy -a 'src=/root/install.log dest=/tmp/install.log owner=testuser group=testgroup'
192.168.100.131 | success >> {
"changed": true,
"checksum": "7b3626c84bb02d12472c03d2ece878fdc4756c94",
"dest": "/tmp/install.log",
"gid": 1100,
"group": "testgroup",
"md5sum": "c7d8a01a077940859e773b7770d2e07e",
"mode": "0644",
"owner": "testuser",
"size": 9458,
"src": "/root/.ansible/tmp/ansible-tmp-1456387213.94-229503410500766/source",
"state": "file",
"uid": 1000
}

192.168.100.132 | success >> {
"changed": true,
"checksum": "7b3626c84bb02d12472c03d2ece878fdc4756c94",
"dest": "/tmp/install.log",
"gid": 1100,
"group": "testgroup",
"md5sum": "c7d8a01a077940859e773b7770d2e07e",
"mode": "0644",
"owner": "testuser",
"size": 9458,
"src": "/root/.ansible/tmp/ansible-tmp-1456387213.94-186055595812050/source",
"state": "file",
"uid": 1000
}

③示例：copy 前先备份

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

[root@node1 ansible]# echo "test " >> /root/install.log
[root@node1 ansible]# ansible testservers -m copy -a 'src=/root/install.log dest=/tmp/install.log owner=testuser group=testgroup backup=yes'
192.168.100.132 | success >> {
"backup_file": "/tmp/install.log.2016-02-25@16:01:26~",
"changed": true,
"checksum": "b5da7af32ad02eb98f77395b28f281a965b4c1f5",
"dest": "/tmp/install.log",
"gid": 1100,
"group": "testgroup",
"md5sum": "d39956add30a18019cb5ad2381a0cd43",
"mode": "0644",
"owner": "testuser",
"size": 9464,
"src": "/root/.ansible/tmp/ansible-tmp-1456387285.87-128685659798967/source",
"state": "file",
"uid": 1000
}

192.168.100.131 | success >> {
"backup_file": "/tmp/install.log.2016-02-25@16:01:26~",
"changed": true,
"checksum": "b5da7af32ad02eb98f77395b28f281a965b4c1f5",
"dest": "/tmp/install.log",
"gid": 1100,
"group": "testgroup",
"md5sum": "d39956add30a18019cb5ad2381a0cd43",
"mode": "0644",
"owner": "testuser",
"size": 9464,
"src": "/root/.ansible/tmp/ansible-tmp-1456387285.86-134452201968647/source",
"state": "file",
"uid": 1000
}

[root@node1 ansible]# ansible testservers -m raw -a 'ls -lrth /tmp/install*'
192.168.100.131 | success | rc=0 >>
-rw-r--r-- 1 root root 9.3K 2 25 16:00 /tmp/install.log.2016-02-25@16:01:26~
-rw-r--r-- 1 testuser testgroup 9.3K 2 25 16:01 /tmp/install.log

192.168.100.132 | success | rc=0 >>
-rw-r--r-- 1 root root 9.3K 2 25 16:00 /tmp/install.log.2016-02-25@16:01:26~
-rw-r--r-- 1 testuser testgroup 9.3K 2 25 16:01 /tmp/install.log

④示例：将目录copy过去

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

[root@node1 ansible]# tree testdir
testdir
├── a
│ ├── e
│ │ └── ansible.cfg
│ ├── f
│ └── g
├── b
│ ├── e
│ ├── f
│ └── g
└── c
├── ansible.cfg
├── e
├── f
└── g

[root@node1 ansible]# ansible testservers -m copy -a 'src=/etc/ansible/testdir dest=/tmp/ owner=testuser group=testgroup backup=yes'
192.168.100.131 | success >> {
"changed": true,
"dest": "/tmp/",
"src": "/etc/ansible/testdir"
}

192.168.100.132 | success >> {
"changed": true,
"dest": "/tmp/",
"src": "/etc/ansible/testdir"
}

[root@node1 ansible]# ansible testservers -m command -a 'tree /tmp/testdir'
192.168.100.131 | success | rc=0 >>
/tmp/testdir
|-- a
| `-- e
| `-- ansible.cfg
|-- b
| `-- e
| `-- hosts
`-- c
`-- ansible.cfg

5 directories, 3 files

192.168.100.132 | success | rc=0 >>
/tmp/testdir
|-- a
| `-- e
| `-- ansible.cfg
|-- b
| `-- e
| `-- hosts
`-- c
`-- ansible.cfg

5 directories, 3 files

注意：发现有文件的目录copy成功，空的目录没有copy过去

⑤经常使用参数返回值

参数名	参数说明	返回值	返回值类型	样例
src	位于ansible执行机上的位置	changed	string	/home/httpd/.ansible/tmp/ansible-tmp-1423796390.97-147729857856000/source
backup_file	将原文件备份	changed and if backup=yes	string	/path/to/file.txt.2015-02-12@22:09~
uid	在执行后，拥有者的ID	success	int	100
dest	远程节点的目标目录或文件	success	string	/path/to/file.txt
checksum	拷贝文件后的checksum值	success	string	6e642bb8dd5c2e027bf21dd923337cbb4214f827
md5sum	拷贝文件后的md5 checksum值	when supported	string	2a5aeecc61dc98c4d780b14b330e3282
state	执行后的状态	success	string	file
gid	执行后拥有文件夹、文件的群组ID	success	int	100
mode	执行后文件的权限	success	string	0644
owner	执行后文件全部者的名字	success	string	httpd
group	执行后文件全部群组的名字	success	string	httpd
size	执行后文件大小	success	int	1220

3、shell模块

它负责在被ansible控制的节点（服务器）执行命令行。shell 模块是经过/bin/sh进行执行，因此shell 模块能够执行任何命令，就像在本机执行同样。

①经常使用参数

参数	是否必须	默认值	选项	说明
chdir	no			跟command同样的，运行shell以前cd到某个目录
creates	no			跟command同样的，若是某个文件存在则不运行shell
removes	no			跟command同样的，若是某个文件不存在则不运行shell

②示例1:

让全部节点运行somescript.sh并把log输出到somelog.txt。

$ ansible -i hosts all -m shell -a "sh somescript.sh >> somelog.txt"

③示例2:

先进入somedir/ ，再在somedir/目录下让全部节点运行somescript.sh并把log输出到somelog.txt。

$ ansible -i hosts all -m shell -a "somescript.sh >> somelog.txt" chdir=somedir/

④示例3:

先cd到某个须要编译的目录，执行condifgure而后,编译，而后安装。

$ ansible -i hosts all -m shell -a "./configure && make && make insatll" chdir=/xxx/yyy/

4、command模块

command 模块用于运行系统命令。不支持管道符和变量等（"<", ">", "|", and "&"等），若是要使用这些，那么可使用shell模块。在使用ansible中的时候，默认的模块是-m command，从而模块的参数不须要填写，直接使用便可。

①经常使用参数

参数	是否必须	默认值	选项	说明
chdir	no			运行command命令前先cd到这个目录
creates	no			若是这个参数对应的文件存在，就不运行command
executable	no			将shell切换为command执行，这里的全部命令须要使用绝对路径
removes	no			若是这个参数对应的文件不存在，就不运行command

②示例1：

#ansible 命令调用command: ansible -i hosts all -m command -a "/sbin/shutdown -t now"

ansible命令行调用-m command模块 -a表示使用参数 “”内的为执行的command命令，该命令为关机。

那么对应的节点(192.168.10.12,127.152.112.13)都会执行关机。

③示例2：

# Run the command if the specified file does not exist. ansible -i hosts all -m command -a "/usr/bin/make_database.sh arg1 arg2 creates=/path/to/database"

利用creates参数，判断/path/to/database这个文件是否存在，存在就跳过command命令，不存在就执行command命令。

5、raw模块

raw模块的功能与shell和command相似。但raw模块运行时不须要在远程主机上配置python环境。

示例：

在10.1.1.113节点上运行hostname命令

ansible 10.1.1.113 -m raw-a 'hostname|tee'

6、fetch模块

文件拉取模块主要是将远程主机中的文件拷贝到本机中，和copy模块的做用刚刚相反，而且在保存的时候使用hostname来进行保存，当文件不存在的时候，会出现错误，除非设置了选项fail_on_missing为yes

①经常使用参数

参数	必填	默认值	选项	说明
Dest	Yes			用来存放文件的目录，例如存放目录为backup，源文件名称为/etc/profile在主机pythonserver中，那么保存为/backup/pythonserver/etc/profile
Fail_on_missing	No	No	Yes/no	当源文件不存在的时候，标识为失败
Flat	No			容许覆盖默认行为从hostname/path到/file的，若是dest以/结尾，它将使用源文件的基础名称
Src	Yes			在远程拉取的文件，而且必须是一个file，不能是目录
Validate_checksum	No	Yes	Yes/no	当文件fetch以后进行md5检查

②示例1

fetch一个文件保存，src表示为远程主机上须要传送的文件路径，dest表示为本机上的路径，在传送过来的文件，是按照IP地址进行分类，而后路径是源文件的路径。在拉取文件的时候，必须拉取的是文件，不能拉取文件夹。

[root@ansibleserver ~]# ansible pythonserver -m fetch -a "src=/root/123 dest=/root"

SSH password:

192.168.1.60 | success >> {

"changed": true,

"dest": "/root/192.168.1.60/root/123",

"md5sum": "31be5a34915d52fe0a433d9278e99cac",

"remote_md5sum": "31be5a34915d52fe0a433d9278e99cac"

}

③示例2：

指定路径目录进行保存。在使用参数为flat的时候，若是dest的后缀名为/，那么就会保存在目录中，而后直接保存为文件名；当dest后缀不为/的时候，那么就会直接保存为kel的文件。主要是在于dest是否已/结尾，从而来区分这是个目录仍是路径。

[root@ansibleserver ~]# ansible pythonserver -m fetch -a "src=/root/Ssh.py dest=/root/kel/ flat=yes"

SSH password:

192.168.1.60 | success >> {

"changed": true,

"dest": "/root/kel/Ssh.py",

"md5sum": "63f8a200d1d52d41f6258b41d7f8432c",

"remote_md5sum": "63f8a200d1d52d41f6258b41d7f8432c"

}

7、file模块

主要用来设置文件、连接、目录的属性，或者移除文件、连接、目录，不少其余的模块也会包含这种做用，例如copy，assemble和template。

①经常使用参数

参数	必填	默认	选项	说明
Follow	No	No	Yes/no	这个标识说明这是系统连接文件，若是存在，应该遵循
Force	No	No	Yes/no	强制建立连接在两种状况下：源文件不存在（过会会存在）；目标存在可是是文件（建立连接文件替代）
Group	No			文件所属用户组
Mode	No			文件所属权限
Owner	No			文件所属用户
Path	Yes			要控制文件的路径
Recurse	No	No	Yes/no	当文件为目录时，是否进行递归设置权限
Src	No			文件连接路径，只有状态为link的时候，才会设置，能够是绝对相对不存在的路径
State	No	File	File/link Directory Hard/touch Absent	若是是目录不存在，那么会建立目录；若是是文件不存在，那么不会建立文件；若是是link，那么软连接会被建立或者修改；若是是absent，那么目录下的全部文件都会被删除，若是是touch，会建立不存在的目录和文件

②示例1：

设置文件属性。文件路径为path，表示文件路径，设定所属用户和所属用户组，权限为0644。文件路径为path，使用文件夹进行递归修改权限，使用的参数为recurse表示为递归。

[root@ansibleserver ~]# ansible pythonserver -m file -a "path=/root/123 owner=kel group=kel mode=0644"

SSH password:

192.168.1.60 | success >> {

"changed": true,

"gid": 500,

"group": "kel",

"mode": "0644",

"owner": "kel",

"path": "/root/123",

"size": 294,

"state": "file",

"uid": 500

}

[root@ansibleserver ~]# ansible pythonserver -m file -a "path=/tmp/kel/ owner=kel group=kel mode=0644 recurse=yes"

SSH password:

192.168.1.60 | success >> {

"changed": true,

"gid": 500,

"group": "kel",

"mode": "0644",

"owner": "kel",

"path": "/tmp/kel/",

"size": 4096,

"state": "directory",

"uid": 500

}

③示例2：

建立目录。建立目录，使用的参数主要是state为directory。

[root@ansibleserver ~]# ansible pythonserver -m file -a "path=/tmp/kel state=directory mode=0755"

SSH password:

192.168.1.60 | success >> {

"changed": true,

"gid": 0,

"group": "root",

"mode": "0755",

"owner": "root",

"path": "/tmp/kel",

"size": 4096,

"state": "directory",

"uid": 0

}

④示例3：

修改权限。直接使用mode来进行修改权限。

[root@ansibleserver ~]# ansible pythonserver -m file -a "path=/tmp/kel mode=0444"

SSH password:

192.168.1.60 | success >> {

"changed": true,

"gid": 0,

"group": "root",

"mode": "0444",

"owner": "root",

"path": "/tmp/kel",

"size": 4096,

"state": "directory",

"uid": 0

}

⑤示例4：

建立软链接。 src表示已经存在的文件，dest表示建立的软链接的文件名，最后的state状态为link。

root@ansibleserver tmp]# ansible pythonserver -m file -a "src=/tmp/1 dest=/tmp/2 owner=kel state=link"

SSH password:

192.168.1.60 | success >> {

"changed": true,

"dest": "/tmp/2",

"gid": 0,

"group": "root",

"mode": "0777",

"owner": "kel",

"size": 6,

"src": "/tmp/1",

"state": "link",

"uid": 500

}

8、yum模块

Yum（全称为 Yellow dog Updater, Modified）是一个在Fedora和RedHat以及CentOS中的Shell前端软件包管理器。即安装包管理模块。

①经常使用参数

参数名	是否必须	默认值	选项值	参数说明
conf_file	no			设定远程yum执行时所依赖的yum配置文件
disable_gpg_check	no	No	Yes/No	在安装包前检查包，只会影响state参数为present或者latest的时候
list	No			只能由ansible调用，不支持playbook，这个干啥的你们都懂
name	Yes			你须要安装的包的名字，也能如此使用name=python=2.7安装python2.7
state	no	present	present/latest/absent	用于描述安装包最终状态，present/latest用于安装包，absent用于remove安装包
update_cache	no	no	yes/no	用于安装包前执行更新list,只会影响state参数为present/latest的时候

②示例1：

安装httpd包

ansible host31 -m yum -a “name=httpd”

host31 | SUCCESS => {

“changed”: true,

“msg”: “”,

“rc”: 0,

“results”: [ xxxxx ]

③示例2：

删除httpd包

ansible host31 -m yum -a "name=httpd state=absent" host31 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ xxxx ]

9、service模块

service模块其实就是linux下的service命令。用于service服务管理。

①经常使用参数

参数名	是否必须	默认值	选项	说明
enabled	no		yes/no	启动os后启动对应service的选项。使用service模块的时候，enabled和state至少要有一个被定义
name	yes			须要进行操做的service名字
state	no		stared/stoped/restarted/reloaded	service最终操做后的状态。

②示例1：

启动服务。

ansible host31 -m service -a "name=httpd state=started" host31 | SUCCESS => { "changed": true, "name": "httpd", "state": "started" }

③示例2：

中止服务。

ansible host31 -m service -a "name=httpd state=stopped" host31 | SUCCESS => { "changed": true, "name": "httpd", "state": "stopped" }

④示例3：

设置服务开机自启动。

[root@host31 ~]# ansible host31 -m service -a "name=httpd enabled=yes state=restarted" host31 | SUCCESS => { "changed": true, "enabled": true, "name": "httpd", "state": "started" }

10、cron模块

①cron模块用于管理计划任务。

参数名	是否必须	默认值	选项	说明
backup				对远程主机上的原任务计划内容修改以前作备份
cron_file				若是指定该选项，则用该文件替换远程主机上的cron.d目录下的用户的任务计划
day				日（1-31，，/2,……）
hour				小时（0-23，，/2，……）
minute				分钟（0-59，，/2，……）
month				月（1-12，，/2，……）
weekday				周（0-7，*，……）
job				要执行的任务，依赖于state=present
name				该任务的描述
special_time				指定何时执行，参数：reboot,yearly,annually,monthly,weekly,daily,hourly
state				确认该任务计划是建立仍是删除
user				以哪一个用户的身份执行

②示例：

ansible test -m cron -a 'name="a job for reboot" special_time=reboot job="/some/job.sh"'

ansible test -m cron -a 'name="yum autoupdate" weekday="2" minute=0 hour=12 user="root

ansible test -m cron -a 'backup="True" name="test" minute="0" hour="5,2" job="ls -alh > /dev/null"'

ansilbe test -m cron -a 'cron_file=ansible_yum-autoupdate state=absent'

11、user模块

user模块是请求的是useradd, userdel, usermod三个指令。

①经常使用参数

参数名	是否必须	默认值	选项	说明
home				指定用户的家目录，须要与createhome配合使
groups				指定用户的属组
uid				指定用的uid
password				指定用户的密码
name				指定用户名
createhome				是否建立家目录 yes\|no
system				是否为系统用户
remove				当state=absent时，remove=yes则表示连同家目录一块儿删除，等价于userdel -r
state				是建立仍是删除
shell				指定用户的shell环境

指定password参数时，不能使用明文密码，由于后面这一串密码会被直接传送到被管理主机的/etc/shadow文件中，因此须要先将密码字符串进行加密处理。而后将获得的字符串放到password中便可。不一样的发行版默认使用的加密方式可能会有区别，具体能够查看/etc/login.defs文件确认，centos 6.5版本使用的是SHA512加密算法。

②示例1：

目的：在指定节点上建立一个用户名为nolinux，组为nolinux的用户

命令：ansible 10.1.1.113 -m user -a 'name=nolinux groups=nolinux state=present'

③示例2：

删除用户

命令：ansible 10.1.1.113 -m user -a 'name=nolinux groups=nolinux state=absent remove=yes'

12、group模块

goup模块请求的是groupadd, groupdel, groupmod 三个指令。

参数参考ansible-hoc group

示例：

目的：在全部节点上建立一个组名为nolinux，gid为2014的组

命令：ansible all -m group -a 'gid=2014 name=nolinux'

13、script模块

script模块将控制节点的脚本执行在被控节点上。

示例：

[root@host31 ~]# ansible host32 -m script -a /tmp/hello.sh host32 | SUCCESS => { "changed": true, "rc": 0, "stderr": "", "stdout": "this is test from host32\r\n", "stdout_lines": [ "this is test from host32" ->执行结果 ] }

14、get_url模块

该模块主要用于从http、ftp、https服务器上下载文件（相似于wget）

①经常使用参数

参数名	是否必须	默认值	选项	说明
sha256sum				下载完成后进行sha256 check；
timeout				下载超时时间，默认10s
url				下载的URL
url_password、url_username				主要用于须要用户名密码进行验证的状况
use_proxy				是事使用代理，代理需事先在环境变动中定义

②示例：

目的：将 http://10.1.1.116/favicon.ico文件下载到指定节点的/tmp目录下

命令：ansible 10.1.1.113 -m get_url -a 'url= http://10.1.1.116/favicon.ico dest=/tmp'

15、synchronize模块

①使用rsync同步文件。

参数名	是否必须	默认值	选项	说明
archive				归档，至关于同时开启recursive(递归)、links、perms、times、owner、group、-D选项都为yes ，默认该项为开启
checksum				跳过检测sum值，默认关闭
compress				是否开启压缩
copy_links				复制连接文件，默认为no ，注意后面还有一个links参数
delete				删除不存在的文件，默认no
dest				目录路径
dest_port				dest_port：默认目录主机上的端口，默认是22，走的ssh协议
dirs				传速目录不进行递归，默认为no，即进行目录递归
rsync_opts				rsync参数部分
set_remote_user				主要用于/etc/ansible/hosts中定义或默认使用的用户与rsync使用的用户不一样的状况
mode				push或pull 模块，push模的话，通常用于从本机向远程主机上传文件，pull 模式用于从远程主机上取文件

②示例1：

目的：将主控方/root/a目录推送到指定节点的/tmp目录下

命令：ansible 10.1.1.113 -m synchronize -a 'src=/root/a dest=/tmp/ compress=yes'

delete=yes 使两边的内容同样（即以推送方为主）

compress=yes 开启压缩，默认为开启

--exclude=. Git 忽略同步. git结尾的文件

因为模块，默认都是推送push。所以，若是你在使用拉取pull功能的时候，能够参考以下来实现

mode=pull 更改推送模式为拉取模式

③示例2：

目的：将10.1.1.113节点的/tmp/a目录拉取到主控节点的/root目录下

命令：ansible 10.1.1.113 -m synchronize -a 'mode=pull src=/tmp/a dest=/root/'

④示例3：

因为模块默认启用了archive参数，该参数默认开启了recursive, links, perms, times, owner，group和-D参数。若是你将该参数设置为no，那么你将中止不少参数，好比会致使以下目的递归失败，致使没法拉取

16、其余模块：

mount模块：配置挂载点

unarchive模块：解压文件模块

三、核心模块playbook介绍

ansible的playbook的文件格式为YAML格式，因此但愿你们在学习playbook以前先对YAML语法有必定的了解，不然在运行playbook的过程当中会常常碰到莫名其妙的语法错误。

这边以一个例子简单介绍一下playbook。

示例目的：指定一个主机名，对这个主机进行配置操做。

先展现目录结构

config-ansible

|___config_hosts.yml

|___roles

|___config_hosts

|___tasks

|___main.yml

|___config.yml

总共3个YAML文件，其中config_hosts.yml为总入口，在这个文件里调用roles/config_hosts/tasks目录下的脚本。执行命令ansible-playbook config_hosts.yml 运行剧本。

config_hosts.yml内容为

1. ---

2. - hosts: node1

3. roles:

4. - config_hosts

第1行表示该文件是YAML文件，非必须。

第2行定义该playbook针对的目标主机。

第三、4行指定角色目录，具体操做在角色中定义。

main.yml的内容为

1. ---

2. - include: config.yml

第2行指定此roles要导入的task文件。

config.yml的内容为

1. ---

2. - name: copy test.file

3. copy:

4. src: /home/test.file

5. dest: /home/test.file

6. owner: root

7. group: root

8. mode: 0777

9. force: yes

10.

11. - name: exec hello world script

12. script: /home/helloworld.sh

13.

14.- name: rm test.file

15. file: path=/home/test.file state=absent

config.yml文件内的代码才是真正执行的任务代码。总共有3个任务，第一个把/home目录的test.file文件拷贝到目标主机的相同路径下，第二个在目标主机执行/home目录下的helloworld.sh，helloworld.sh的内容就是打印一条helloworld信息，第三个任务是使用file模块把目标主机的/home/test.file文件删除。

其实playbook就是各个模块的组装，此处只是抛砖引玉，其余模块在playbook中的使用可自行学习，就再也不介绍循环、条件判断等功能的实现了。

Automated operation and maintenance tool-Ansible detailed explanation

1. Introduction to Ansible

(1) Introduction

(2) Features

(3) Advantages

(4) Basic structure

(5) Task Execution Mode

(6) Comparison between ansible and other configuration management software

2. Introduction to ansible components

（一）ansible inventory

(2) Reference example

(3) Inventory built-in parameters

(4) ansible ad-hoc command

(5) Introduction to frequently used modules

1. ping module

2. copy module

① Frequently used module parameters

②示例：将文件copy到测试主机

③示例：copy 前先备份

④示例：将目录copy过去

⑤经常使用参数返回值

3、shell模块

①经常使用参数

②示例1:

③示例2:

④示例3:

4、command模块

①经常使用参数

②示例1：

③示例2：

5、raw模块

6、fetch模块

①经常使用参数

②示例1

③示例2：

7、file模块

①经常使用参数

②示例1：

③示例2：

④示例3：

⑤示例4：

8、yum模块

①经常使用参数

②示例1：

③示例2：

9、service模块

①经常使用参数

②示例1：

③示例2：

④示例3：

10、cron模块

①cron模块用于管理计划任务。

②示例：

11、user模块

①经常使用参数

②示例1：

③示例2：

12、group模块

13、script模块

14、get_url模块

①经常使用参数

②示例：

15、synchronize模块

①使用rsync同步文件。

②示例1：

③示例2：

④示例3：

16、其余模块：

三、核心模块playbook介绍

Guess you like