标签:私钥 运维 免费 exp import 环境变量 ... encoding comm
ansible 是一款轻量级自动化运维工具,由的 Python 语言开发,结合了多种自动化运维工具的特性,实现了批量系统配置,批量程序部署,批量命令执行等功能; ansible 是基于模块化实现批量操作的。
控制机器
pip install ansible==2.5.5
yum install sshpass
受控机器
yum install libselinux-python
yum install python2-simplejson
version<python2.4
测试
echo 127.0.0.1>host
ansible all -m ping -i hosts --ask -pass
Ansible 通过 ssh 协议对受控机器管理,可使用口令和秘钥对两种方式进行权限验证,默认使用密钥对方式。
秘钥对
1.在控制机器生成秘钥对
ssh -keygen -t rsa -b 4096 -C*kk
2.添加公钥到受控机器
拷贝添加:ssh-copy-id -i ~/.ssh/id_rsa.pub user@host
本地添加:cat ~/.ssh/id_rsa.pub>>~/.ssh/authorized_keys
3.测试
ssh user@host
ansible all -m ping -i hosts
1.ansible 管理主机信息的配置
2.配置文件格式
ini
yaml
3.配置文件路径
通过命令行参数制定:ansible -i
通过环境变量制定:export ANSIBLE_INVENTORY
默认配置路径:/ect/ansible/hosts
4.配置内容
4.1基本配置
host_v1.ini
127.0.0.1
ip
host_v1.yaml
---
all:
hosts:
127.0.0.1:
ip:
测试
ansible all -m ping -i hosts -i host_v1.ini
ansible all -m ping -i hosts -i host_v1.yaml
ansible 127.0.0.1 -m ping -i hosts -i host_v1.ini
ansible ip -m ping -i hosts -i host_v1.yaml
1.参数项
alias 主机别名
ansible_connection
默认 smart
可选值:local、smart、ssh、paramiko
ansilbe_host 登录主机地址
ansilbe_port 默认 22
ansilbe_user 登录主机用户名
ansible_become
是否启用 sudo 权限
默认: false
可选值 :true、false
ansible_become_pass
登录主机用户密码,用于切换 sudo 权限
建议使用 ansible 命令行参数 ask_become_pass 替换
ansible_become_user
切换 sudo 后 执行进程中使用的用户名
ansible_ssh_pass
登录主机使用密码
建议使用 ansible 命令行参数 ask_pass 替换
ansible_ssh_private_key_file
登录主机使用私钥
ansible_python_interpreter
受控机器执行 Python 解释器
默认 /bin/env/python
hosts_v2.ini
localhost ansible_connect=local
mystest ansible_connect=smart
ansible_host="ip"
ansible_port=22
ansible_user="silence"
ansible_become_user="root"
ansible_python_interpreter="/bin/env python2.6"
hosts_v2.yaml
---
all:
hosts:
localhost:
ansible_connect: local
mytest:
ansible_connect: smart
ansible_host: ip
ansible_port: 22
ansible_user: silence
ansible_become_user: root
ansible_python_interpreter: "/bin/env python2.6"
可对主机进行分组并命名,批量对主机进行操作
一个主机可属于多个组
host_v3.ini
localhost ansible_connect=local
[webserver]
mytest ansible_host="ip" ansible_user="silence"
[webserver:vars]
ansible_connect=smart
ansible_port=22
ansible_become_user="root"
ansible_python_interpreter="/bin/env python2.6"
host_v3.yaml
---
all:
hosts:
localhost:
ansible_connect: local
children:
webserver:
hosts:
mytest:
ansible_host: ip
ansible_user: silence
vars:
ansible_connect: smart
ansible_port: 22
ansible_become_user: root
ansible_python_interpreter: "/bin/env python2.6"
测试
ansible ip -m ping -i hosts -i host_v3.yaml
ansible webserver -m command -a ‘sleep 30‘ -i host_v3.ini --become --ask-become-pass
host_v4.ini
localhost ansible_connect=local
[webserver]
mytest ansible_host="ip" ansible_user="silence"
[webserver:vars]
ansible_connect=smart
ansible_port=22
ansible_become_user="root"
ansible_python_interpreter="/bin/env python2.6"
[test:children]
webserver
host_v4.yaml
---
all:
hosts:
localhost:
ansible_connect: local
children:
webserver:
hosts:
mytest:
ansible_host: ip
ansible_user: silence
vars:
ansible_connect: smart
ansible_port: 22
ansible_become_user: root
ansible_python_interpreter: "/bin/env python2.6"
test:
children:
webserver:
测试
ansible test --list hosts -i host_v4.yaml
ansible test -m ping -i hosts -i host_v4.yaml
配置分割
在 hosts 文件中值配置主机分组信息,主机配置与组配置分别存储在 host_vars 和 group_vars 目录
主机配置存储在 host_vars 目录中,文件名使用别名.yaml
组配置存储在 group_vars 目录中,文件名使用组名.yaml
host_v5.ini
localhost
[webserver]
mytest
[test:children]
webserver
host_v5.yaml
---
all:
hosts:
localhost:
children:
webserver:
hosts:
mytestm:
test:
children:
webserver:
host_vars/localhost.yaml
---
ansible_connect: local
host_vars/mytest.yaml
---
ansible_host: ip
ansible_user: silence
group_vars/webserver.yaml
---
ansible_connect: smart
ansible_port: 22
ansible_become_user: root
ansible_python_interpreter: "/bin/env python2.6"
测试
ansible test -m ping -i host_v5.yaml
ansible test -m setup -i host_v5.yaml
ansible test -m command -a ‘sleep 30‘ -i host_v5.ini --become --ask-become-pass
文件 inventory.py 脚本内容
#!/bin/env python3
#encoding: utf-8
inventory = {
‘_meta‘ : {
‘hostvars‘ : {
‘localhost‘ : {
‘ansible_connect‘ : ‘local‘,
},
‘51reboot‘ : {
‘ansible_host‘ : ‘112.74.164.107‘,
‘ansible_user‘ : ‘silence‘,
}
}
},
‘all‘ : {
‘hosts‘ : [
‘localhost‘
]
},
‘webserver‘ : {
‘hosts‘ : [
‘51reboot‘
],
‘vars‘ : {
‘ansible_connect‘ : ‘smart‘,
‘ansible_port‘ : 22,
‘ansible_become_user‘ : ‘root‘,
‘ansible_python_interpreter‘ : ‘/bin/env python2.6‘
}
}
}
if __name__ == ‘__main__‘:
import json, sys
print(json.dumps(inventory))
sys.exit(0)
初始化权限
xhmod +x inventory.py
测试
ansible all --list -hosts -i inventory.py
ansible all -m ping -i inventory.py
1.配置文件路径
export ANSIBLE_CONFIG=~/ansible.cfg
ansible.cfg
~/.ansible.cfg
/etc/ansible/ansible.cfg
2.默认配置
https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg
ansible-config list
ansible-config dump
3.配置项
host_key_checking
是否检查控制密钥存在于 know_hosts 列表
默认值 :true
可选值:true、false
未完待续......
第 19 期 Python 实战班正在火热招生中
第 8 期自动化运维班正在招生中
详情扫码咨询
点击这里阅读原文,看免费视频
标签:私钥 运维 免费 exp import 环境变量 ... encoding comm
原文地址:http://blog.51cto.com/51reboot/2135078