Ansible - [02] 基础配置以及常用操作场景

 

Ansible 基础配置

• 主配置文件：/etc/ansible/ansible.cfg
• ansible配置文件查找顺序
  
  • 首先检测ANSIBLE_CONFIG变量定义的配置
  • 其次检查当前目录下的./ansible.cfg文件（可以在任意目录创建ansible目录，并参考默认ansible.cfg文件配置ansible.cfg文件）
  • 再次检查当前用户家目录下~/ansible.cfg文件
  • 最后检查/etc/ansible/ansible.cfg文件

 

Ansible 配置案例

1、在/root目录下创建ansible目录，并参考/etc/ansible/ansible.cfg配置对应的cfg文件

mkdir -p /root/ansible
cd /root/ansible
vim ansible.cfg

2、ansible.cfg 参数解析

[defaults]
inventory      = ~/ansible/hosts
#forks          = 5
#ask_pass      = True
#remote_port    = 22
#host_key_checking = False

inventory：主机清单配置文件

forks：ssh并发数量

ask_pass：使用密钥还是密码远程

host_key_checking：是否校验秘钥

3、配置 ~/ansible/hosts

[root@node01 ansible]# pwd
/root/ansible
[root@node01 ansible]# cat hosts
[master]
node01
[agent]
node02
[webserver]
node0[3:4]
[database]
node05
[cluster:children]
webserver
database

[master]：中括号可以设置主机组，组名任意

[cluster:children]：嵌套组，可以在主机组cluster下配置子组（PS：children是关键字）

4、如果没有配置SSH免密可以在hosts文件中进行以下配置

[root@node01 ansible]# cat hosts
[master]
node01
[agent]
node02,node03,node04

[master:vars]
ansible_ssh_user=root
ansible_ssh_pass=123456
ansible_become_pass=123456

[master:vars]：vars是关键字，给主机组master配置对应的参数

ansible_ssh_user：执行ansible命令时，配置使用的用户是root还是其他用户

ansible_ssh_pass：执行ansible命令时，配置root或其他用户对应的密码

ansible_become_pass：这个参数是在执行ansible命令遇到需要提升权限（例如sudo）时，sudo用户的密码（root用户的密码）

 

Ansible 使用场景

1、查看所有主机列表

[root@node01 ansible]# ansible all --list-hosts
  hosts (4):
    node01
    node02
    node03
    node04

2、测试网络连通情况

# 可以根据主机名进行测ping
[root@node01 ansible]# ansible node01 -m ping
node01 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
# 也可以根据主机组名进行测ping
[root@node01 ansible]# ansible agent -m ping
node02,node03,node04 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname node02,node03,node04: Name or service not known",
    "unreachable": true
}

3、执行shell命令，查看seliux的配置

[root@node01 ansible]# ansible master -m shell -a "cat /etc/selinux/config"
node01 | CHANGED | rc=0 >>

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

4、通过嵌套主机组对多个主机组进行操作

[root@node01 ansible]# ansible cluster -m ping
node01 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
node02 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
node04 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
node03 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
[root@node01 ansible]#
[root@node01 ansible]#
[root@node01 ansible]# cat hosts
[master]
node01
[agent]
node02
node03
node04
[master:vars]
ansible_ssh_user=root
ansible_ssh_pass=123456
ansible_become_pass=123456
[agent:vars]
ansible_ssh_user=root
ansible_ssh_pass=123456
ansible_become_pass=123456
[cluster:children]
master
agent