配置文件
/etc/ansible/ansible.cfg //主配置文件,配置ansible工作特性(一般无需修改)
/etc/ansible/hosts //主机清单(将被管理的主机放到此文件)
/etc/ansible/roles/ //存放角色的目录
程序
/usr/bin/ansible //主程序,临时命令执行工具
/usr/bin/ansible-doc //查看配置文档,模块功能查看工具
/usr/bin/ansible-galaxy //下载/上传优秀代码或Roles模块的官网平台
/usr/bin/ansible-playbook //定制自动化任务,编排剧本工具
/usr/bin/ansible-pull //远程执行命令的工具
/usr/bin/ansible-vault //文件加密工具
/usr/bin/ansible-console //基于Console界面与用户交互的执行工
ansible 10.0.24.* -m ping //根据主机列表去查找符合网段的ip
ansible "*" -m ping
ansible "10.0.24.10:10.0.24.17" -m ping //:或的关系
ansible "主机组名:&主机组名" -m ping //:&与的关系在两个中都存在
ansible '主机组名:!主机组名' -m ping //:!在左侧不在右侧主机组中的机器
ansible '~(web|db).*\.test\.com' -m ping //正则
ansible执行过程
1、先加载配置文件
2、加载模块文件
3、把ansible模块或者命令对应的临时文件,并传输到远程主机上的/root/.ansible/tmp下(执行很快的话看不到文件但是会有目录遗留,可以加-v执行查看v越多执行过程越详细,不过好像最多三个)
4、给文件执行权限
5、执行并返回结果
6、删除临时文件退出
ansible-galaxy 就是roles或者白话文就是剧本包
[root@master ~]# tree roles/
roles/
`-- httpd
|-- files
| `-- index.html
|-- handlers
| `-- main.yaml
|-- service
| `-- start.yaml
|-- tasks
| |-- config.yaml
| |-- index.yaml
| |-- install.yaml
| `-- main.yml
|-- templates
| `-- httpd.conf.j2
`-- vars
`-- httpd_port.yaml
7 directories, 9 files
[root@master ~]# cat roles/httpd/files/index.html
<h1>welcome to apache</h1>
//handlers中的文件必须是main名字的不知道为啥后面探究(不是main报错)
[root@master ~]# cat roles/httpd/handlers/main.yaml
- name: restart httpd
service: name={{ pkg }} state=restarted
[root@master ~]# cat roles/httpd/tasks/config.yaml
- name: config httpd
template: src=/root/roles/httpd/templates/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf mode=0644 backup=yes
when: ansible_distribution_version == "7.6"
notify: restart httpd
[root@master ~]# cat roles/httpd/tasks/index.yaml
- name: index html
copy: src=index.html dest=/var/www/html/index.html
[root@master ~]# cat roles/httpd/tasks/install.yaml
- name: instanll httpd
yum: name={{ pkg }}
tags: httpd
when: ansible_distribution_version == "7.6"
[root@master ~]# cat roles/httpd/tasks/main.yml
- include: install.yaml
- include: config.yaml
- include: index.yaml
- include: service/start.yaml
//单纯的配置文件我只改了端口号{{ port }}变量
[root@master ~]# ls roles/httpd/templates/httpd.conf.j2
roles/httpd/templates/httpd.conf.j2
[root@master ~]# cat roles/httpd/vars/httpd_port.yaml
---
pkg: httpd
port: 8080
//必须和roles同级或者说是相同目录
[root@master ~]# cat http_role.yaml
---
- hosts: tencent
remote_user: root
gather_facts: yes
vars_files:
- /root/roles/httpd/vars/httpd_port.yaml
roles:
- httpd
[root@master ~]# ls
http_role.yaml roles test
[root@master ~]# tree
.
|-- http_role.yaml
|-- roles
| `-- httpd
| |-- files
| | `-- index.html
| |-- handlers
| | `-- main.yaml
| |-- service
| | `-- start.yaml
| |-- tasks
| | |-- config.yaml
| | |-- index.yaml
| | |-- install.yaml
| | `-- main.yml
| |-- templates
| | `-- httpd.conf.j2
| `-- vars
| | `-- httpd_port.yaml
[root@master ~]# ansible-playbook http_role.yaml
[WARNING]: Found variable using reserved name: port
PLAY [tencent] ***********************************************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************************************
ok: [10.0.24.17]
TASK [instanll httpd] ****************************************************************************************************************************************
ok: [10.0.24.17]
TASK [config httpd] ******************************************************************************************************************************************
ok: [10.0.24.17]
TASK [httpd : index html] ************************************************************************************************************************************
changed: [10.0.24.17]
TASK [start httpd] *******************************************************************************************************************************************
changed: [10.0.24.17]
PLAY RECAP ***************************************************************************************************************************************************
10.0.24.17 : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@master ~]# ansible tencent -a "netstat -lntp"
10.0.24.17 | CHANGED | rc=0 >>
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 20205/sshd
tcp 0 0 0.0.0.0:179 0.0.0.0:* LISTEN 5126/bird
tcp 0 0 127.0.0.1:38790 0.0.0.0:* LISTEN 1065/containerd
tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN 4131/kube-proxy
tcp 0 0 127.0.0.1:9099 0.0.0.0:* LISTEN 4957/calico-node
tcp6 0 0 :::2222 :::* LISTEN 20205/sshd
tcp6 0 0 :::8080 :::* LISTEN 12273/httpd
tcp6 0 0 :::10256 :::* LISTEN 4131/kube-proxy
[root@master ~]# ansible tencent -a "curl 127.0.0.1:8080"
[WARNING]: Consider using the get_url or uri module rather than running 'curl'. If you need to use command because get_url or uri is insufficient you can
add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
10.0.24.17 | CHANGED | rc=0 >>
<h1>welcome to apache</h1> % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 27 100 27 0 0 22632 0 --:--:-- --:--:-- --:--:-- 27000
针对,生活我不是想赢。我只是不想输!
