ansible安装多个rpm包 ansible rpm

ansible是一种服务器集中管理软件，默认使用ssh进行客户端的管理。ansible同样也是基于python编写的,有两个关键的模块paramiko和PyYAML组成。官方网址为http://www.ansibleworks.com。

ansible的安装

首先配置好eple源

cd /usr/local/src
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-10.noarch.rpm #下载rpm包
rpm -ivh epel-release-7-10.noarch.rpm #安装rpm包
yum clean all           #更新yum源
yum install ansible -y #安装ansible
ansible --version #查看ansible的版本
#结果如下
ansible 2.3.1.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides
  python version = 2.7.5 (default, Aug  2 2016, 04:20:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]

然后我们需要简单的进行配置

vim /etc/ansible/hosts #在这个文件中将主机的ip写入

修改如下

172.25.254.40
172.25.254.45

[webserver]  
172.25.254.40
172.25.254.45

然后需要定义主机与组规则
写在hosts文件中,然后使用

ansible -i /home/zyc/ansible/hosts bidder -m ping

来指定安装目录
在控制主机和业务机之间需要做好ssh的互信

ssh-keygen -t rsa
ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.45

ansible常用的模块

1.setup模块
可以用于获取完整的ansible客户端机器的详细信息

ansible 172.25.254.45 -m setup

返回为json格式

172.25.254.45 | SUCCESS => {
    "ansible_facts": {
        "ansible_all_ipv4_addresses": [
            "172.25.254.45"
        ], 
        "ansible_all_ipv6_addresses": [
            "fe80::5054:ff:fe94:74a8", 
            "fe80::5054:ff:fe7c:8370"
        ], 
        "ansible_apparmor": {
            "status": "disabled"
        }, 
        "ansible_architecture": "x86_64", 
        "ansible_bios_date": "01/01/2011", 
        "ansible_bios_version": "0.5.1", 
        "ansible_cmdline": {
            "BOOT_IMAGE": "/vmlinuz-3.10.0-514.el7.x86_64", 
            "LANG": "en_US.UTF-8", 
            "crashkernel": "auto", 
            "quiet": true, 
            "rd.lvm.lv": "rhel/swap", 
            "rhgb": true, 
            "ro": true, 
            "root": "/dev/mapper/rhel-root"
        }, 
        ...

2.copy模块与synchronize模块
可以进行对ansible主机的客户端传送文件的功能,与scp类似,在使用之前记得关闭selinux
例如我们需要同步解析文件hosts在两台主机上。

ansible 172.25.254.45 -m copy -a "src=/etc/hosts dest=/etc/hosts group=root mode=0755 force=yes"

返回结果为

172.25.254.45 | SUCCESS => {
    "changed": true, 
    "checksum": "6c2bdd6ccaabcd7b90187bbc72bde423b451d5b2", 
    "dest": "/etc/hosts", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "8b30c57b7aa2b9db5cc56933f4498f7a", 
    "mode": "0755", 
    "owner": "root", 
    "secontext": "system_u:object_r:net_conf_t:s0", 
    "size": 201, 
    "src": "/root/.ansible/tmp/ansible-tmp-1504160217.36-106928019645587/source", 
    "state": "file", 
    "uid": 0
}

如果出现因为selinux没有关闭而导致的fail，可以执行以下命令

ansible 172.25.254.45 -m command -a "yum install libselinux-python -y"

与copy模块类似的有synchronize模块，这个模块会调用rsync命令，将ansible指定的目录推送到客户机指定的目录下
所以我们也可以用这个模块来同步hosts解析文件

ansible 172.25.254.45 -m synchronize -a "src=/etc/hosts dest=/etc/hosts delete=yes compress=yes"

(delete=yes实现效果与rsync delete效果一样,compress =yes 为开启压缩，默认为yes)
3.command模块
用于执行shell命令并且返回相应的结果
例

ansible 172.25.254.45 -m command -a "ls"

结果如下

> hljs avrasm">anaconda-ks.cfg
redhat_dvd.repo
startdocker.sh

4.file模块
file模块主要用于修改文件的属性有很多的参数可以使用
group 修改文件的所有组
mode 定义文件的权限
owner 修改文件的所有者
path 文件的路径
state 文件的各种状态，接后面这些参数
link 创建软链接
hard 创建硬链接
file 文件不存在就不会被创建
touch 如果文件不存在就创建一个新文件

例
在客户机上创建一个文件指定用户和组

ansible 172.25.254.45 -m file -a 'path=/test.sh state=touch owner=root group=root mode=0755'

返回为如下

172.25.254.45 | SUCCESS => {
    "changed": true, 
    "dest": "/test.sh", 
    "gid": 0, 
    "group": "root", 
    "mode": "0755", 
    "owner": "root", 
    "secontext": "unconfined_u:object_r:etc_runtime_t:s0", 
    "size": 0, 
    "state": "file", 
    "uid": 0
}

5.ping模块
用于测试被控制端的机器的连同性
例

ansible 172.25.254.45 -m ping

返回的结果为如下，即能够ping通

172.25.254.45 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

6.group模块和user模块
这两个模块可以在所有节点上创建自己定义的组和用户
例:创建组

ansible 172.25.254.45 -m group -a 'gid=1234 name=test1' #创建一个名字为test，gid为1234的组

结果如下

172.25.254.45 | SUCCESS => {
    "changed": true, 
    "gid": 1234, 
    "name": "test1", 
    "state": "present", 
    "system": false
}

例，创建一个用户

ansible 172.25.254.45 -m user -a 'name=parameter group=test1' #创建一个名字为parameter的用户，所有组为之前创建的test1组

结果如下

172.25.254.45 | SUCCESS => {
    "changed": true, 
    "comment": "", 
    "createhome": true, 
    "group": 1234, 
    "home": "/home/parameter", 
    "name": "parameter", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 1001
}

7.script模块与shell模块
这两个模块不同的地方在于一个是执行控制端的脚本一个是执行本地的脚本.
shell是被控制端的脚本,例如我在172.25.254.45主机的mnt下编写一个test.sh如下

#!/bin/bash 
yum install httpd -y && systemctl start httpd

然后在控制端执行以下命令

ansible 172.25.254.45 -m shell -a "/mnt/test.sh"

返回结果为

172.25.254.45 | SUCCESS | rc=0 >>
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-45.el7 will be installed
--> Processing Dependency: httpd-tools = 2.4.6-45.el7 for package: httpd-2.4.6-45.el7.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-45.el7.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-45.el7.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-45.el7.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-45.el7 will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
--> Finished Dependency Resolution
...

即命令执行成功
然后script模块执行的脚本是在控制端主机上写好的
我们在控制端主机172.25.254.40的tmp下编写好一个test.sh文件

#!/bin/bash                                
systemctl stop httpd && yum remove httpd -y

然后即可在控制端执行以下命令

ansible 172.25.254.45 -m script -a "/tmp/test.sh"

返回结果如下

172.25.254.45 | SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 172.25.254.45 closed.\r\n", 
    "stdout": "Loaded plugins: product-id, search-disabled-repos, subscription-manager\r\nThis system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.\r\nResolving Dependencies\r\n--> Running transaction check\r\n---> Package httpd.x86_64 0:2.4.6-45.el7 will be erased\r\n--> Finished Dependency Resolution\r\n\r\nDependencies Resolved\r\n\r\n================================================================================\r\n Package         Arch             Version                Repository        Size\r\n================================================================================\r\nRemoving:\r\n httpd           x86_64           2.4.6-45.el7           @rhel7           3.7 M\r\n\r\nTransaction Summary\r\n================================================================================\r\nRe
...