一、安装
yum install ansible
二、配置文件
- 优先使用
/etc/ansible/ansible.cfg
; - 其次,使用
~/.ansible.cfg
; - 再其次,使用
./ansible.cfg
。
如果在ansible命令执行的目录存在ansible.cfg文件,那么将使用该文件而不是用全局配置文件和用户配置文件。
这允许管理员根据不同的环境和项目,创建独立的目录,每个目录下都包含唯一的配置。
通过如下命令,可以查看使用的配置文件
ansible --version
ansible all --list-hosts -v
- 创建用户
ansible
- 拷贝配置文件到 ansible 用户目录,并修改权限
cp -rf /etc/ansible/* /home/ansible/
chown -R ansible:ansible /home/ansible/
- 查看使用的配置文件
[ansible@VM-201-5-centos ~]$ pwd
/home/ansible
[ansible@VM-201-5-centos ~]$ ls
ansible.cfg hosts roles
[ansible@VM-201-5-centos ~]$ ansible --version
ansible 2.9.25
config file = /home/ansible/ansible.cfg
configured module search path = [u'/home/ansible/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Apr 2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
- 修改配置文件
修改内容:
- inventory 路径
- roles_path 路径
- 设置允许密码,不强制使用key
cat ansible.cfg |grep -v '#' |sed '/^$/d'
[defaults]
inventory = hosts
roles_path = /opt/ansible-playbook
host_key_checking = False
[inventory]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]
[diff]
三、测试
- 测试执行命令
修改当前目录hosts,添加 ip 10.99.201.11 。测试 ping:
[ansible@VM-201-5-centos ~]$ ansible all -m ping -u root -k
SSH password:
10.99.201.11 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
- 测试执行 ansible-playbook
[ansible@VM-201-5-centos ~]$ ansible-playbook /opt/ansible-playbook/ping_pong.yml -u root -k
SSH password:
... 略
- 测试执行 roles
准备工作:下载自定义playbook到
/opt
目录git clone https://git.xxx.com/awx/ansible-playbook.git
[root@VM-201-5-centos opt]# ls ansible-playbook/ 01_passwd 02_lvm 03_3_jdk8 04_2_tomcat8 06_bareos_agent_install >09_modifyfile 12_issueRsyslogAgent ansible-manage-lvm-master.zip Deploy_01_Core ping_pong.yml 01_secure 03_1_jdk_with_shell 03_4_openjdk11 04_3_tomcat9 07_filebeat_agent_install 10_upgradeSudo 13_addAuditaccount ansible-role-lvm-partition-master.zip Deploy.xlsx README.md 01_secure_analyze 03_2_jdk7 04_1_tomcat7 05_zabbix_agent_install 08_ignite 11_upgradeOpenssh8.8 14_modifyfile ansible-role-tomcat-master.zip hello_world.yml yum_install_暂未用 [root@VM-201-5-centos opt]# ls ansible-playbook/01_secure group_vars hardening.md.txt roles secure.yml site.yml 加固说明.txt 加固说明.xlsx
[ansible@VM-201-5-centos ~]$ ansible-playbook /opt/ansible-playbook/01_secure/site.yml -u root -k
SSH password:
... 略
- 测试指定hosts的roles,并以sudo执行
当前目录创建 hostdir/sales,将ip写入该文件
[ansible@VM-201-5-centos ~]$ ansible-playbook -i hostdir/sales /opt/ansible-playbook/03_3_jdk8/jdk-install.yml -u sysadmin -k -b -K
SSH password:
BECOME password[defaults to SSH password]:
... 略
会输入两次密码,一次用于远程连接,一次用于sudo