一 简介
在使用Ansible来批量管理主机的时候,通常我们需要先定义要管理哪些主机或者主机组,而这个用于管理主机与主机组的文件就叫做Inventory,也叫主机清单。该文件默认位于/etc/ansible/hosts。当然我们也可以通过修改ansible配置文件的hostfile配置项来修改默认inventory的位置。
二 定义主机和组
有四个主机
192.168.1.220 master 192.168.1.221 node01 192.168.1.222 node02 192.168.1.205 node03
[root@master ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:PrnxqgROP47Y0CON4i/MabOooigbCUhFO6A+0wVttmU root@master The key's randomart image is: +---[RSA 2048]----+ | ..+. | |. o o+ E | |.. oo.+ | |+ . o. | |o+ .o S | |..o* o . . | |* = = + = | |*X = = . = | |%+*.o o.o.. | +----[SHA256]-----+ [root@master ~]# ssh-copy-id root@192.168.1.221 [root@master ~]# ssh-copy-id root@192.168.1.222 [root@master ~]# ssh-copy-id root@192.168.1.205
2.2 简单实用ping模块检测连通性
2.4 hosts文件管理 使用主机名连接,则需要保证主机名可以被解析 [root@master ~]# vim /etc/ansible/hosts node02 ansible_ssh_host=192.168.1.221 192.168.1.220 192.168.1.221 192.168.1.222 192.168.1.205
[root@master ~]# ansible 192.168.1.221 -m ping 192.168.1.221 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" }
修改配置,可以输入密码
[root@master ~]# vim /etc/ansible/ansible.cfg # config file for ansible -- https://ansible.com/ # =============================================== # nearly all parameters can be overridden in ansible-playbook # or with command line flags. ansible will read ANSIBLE_CONFIG, # ansible.cfg in the current working directory, .ansible.cfg in # the home directory or /etc/ansible/ansible.cfg, whichever it # finds first [defaults] # some basic default values... #inventory = /etc/ansible/hosts #library = /usr/share/my_modules/ #module_utils = /usr/share/my_module_utils/ #remote_tmp = ~/.ansible/tmp #local_tmp = ~/.ansible/tmp #plugin_filters_cfg = /etc/ansible/plugin_filters.yml #forks = 5 #poll_interval = 15 #sudo_user = root #ask_sudo_pass = True ask_pass = True #开启 #transport = smart #remote_port = 22 #module_lang = C #module_set_locale = False
[root@master ~]# ansible 192.168.1.221 -m ping SSH password: #需要输入密码 192.168.1.221 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } [root@master ~]#
[root@master ~]# ansible node02 -m shell -a "whoami" node02 | CHANGED | rc=0 >> root
三 主机分组
配置都使用主机组
3.1 简答配置
[root@master ~]# vi /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.220 master 192.168.1.221 node01 192.168.1.222 node02 192.168.1.205 node03
[root@master ~]# vim /etc/ansible/hosts
[web]
node01
node02
[mysql]
node03
执行
[root@master ~]# ansible web -m ping node02 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } node01 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" }
[root@master ~]# ansible mysql -m ping node03 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" }
3.2 指定主机范围
# 下面指定了从web-node01到web-node50,webservers组共计50台主机;databases组有db-node-a到db-node-f共6台主机 [webservers] web-node[01:50].test.com [databases] db-node[a:f].test.com
[root@master ~]# ansible all --list-hosts hosts (59): node01 node02 web-node01.test.com web-node02.test.com web-node03.test.com web-node04.test.com web-node05.test.com web-node06.test.com web-node07.test.com web-node08.test.com web-node09.test.com web-node10.test.com web-node11.test.com web-node12.test.com web-node13.test.com web-node14.test.com web-node15.test.com web-node16.test.com web-node17.test.com web-node18.test.com web-node19.test.com web-node20.test.com web-node21.test.com web-node22.test.com web-node23.test.com web-node24.test.com web-node25.test.com web-node26.test.com web-node27.test.com web-node28.test.com web-node29.test.com web-node30.test.com web-node31.test.com web-node32.test.com web-node33.test.com web-node34.test.com web-node35.test.com web-node36.test.com web-node37.test.com web-node38.test.com web-node39.test.com web-node40.test.com web-node41.test.com web-node42.test.com web-node43.test.com web-node44.test.com web-node45.test.com web-node46.test.com web-node47.test.com web-node48.test.com web-node49.test.com web-node50.test.com node03 db-nodea.test.com db-nodeb.test.com db-nodec.test.com db-noded.test.com db-nodee.test.com db-nodef.test.com
4.3 匹配指定的主机或主机组
匹配单个组
[root@master ~]# ansible prod --list-hosts hosts (3): lb2.lab.example.com db1.example.com jupiter.lab.example.com
匹配单个主机
[root@master ~]# ansible db2.example.com --list-hosts hosts (1): db2.example.com
匹配多个主机
[root@master ~]# ansible 'lb1.lab.example.com,s1.lab.example.com,db1.example.com' --list-hosts hosts (3): lb1.lab.example.com s1.lab.example.com db1.example.com
匹配多个组
[root@master ~]# ansible 'london,boston' --list-hosts hosts (7): db2.example.com db3.example.com file1.lab.example.com lb1.lab.example.com db1.example.com jupiter.lab.example.com lb2.lab.example.com
匹配不属于任何组的主机
[root@master ~]# ansible ungrouped --list-hosts hosts (4): srv1.example.com srv2.example.com s1.lab.example.com s2.lab.example.com
4.4 通配符匹配
匹配'*.example.com':
[root@master ~]# ansible '*.example.com' --list-hosts hosts (14): s1.lab.example.com file1.lab.example.com lb1.lab.example.com srv2.example.com db3.example.com srv1.example.com web1.lab.example.com db2.example.com db1.example.com jupiter.lab.example.com lb2.lab.example.com file2.example.com s2.lab.example.com saturn.example.com
匹配172.25.*的主机:
[root@master ~]# ansible '172.25.*' --list-hosts hosts (2): 172.25.252.23 172.25.252.44
匹配以s开头的主机及主机组:
[root@master ~]# ansible 's*' --list-hosts hosts (7): file2.example.com db2.example.com s1.lab.example.com srv2.example.com srv1.example.com s2.lab.example.com saturn.example.com
4.5 通配符组合匹配
匹配包含*.example.com但不包含*.lab.example.com的主机:
[root@master ~]# ansible '*.example.com,!*.lab.example.com' --list-hosts hosts (7): srv2.example.com db3.example.com srv1.example.com db2.example.com db1.example.com file2.example.com saturn.example.com
匹配包含prod以及172开头、包含lab关键字的主机或组
[root@master ~]# ansible 'prod,172*,*lab*' --list-hosts hosts (10): lb2.lab.example.com db1.example.com jupiter.lab.example.com 172.25.252.23 172.25.252.44 s1.lab.example.com file1.lab.example.com lb1.lab.example.com web1.lab.example.com s2.lab.example.com
匹配属于db组同时还属于london组的主机:
[root@master ~]# ansible 'db,&london' --list-hosts hosts (2): db2.example.com db3.example.com
匹配在london组或者boston组,还必须在prod组中且必须不在lb组中的主机:
[root@master ~]# ansible 'boston,london,&prod,!lb' --list-hosts hosts (2): db1.example.com jupiter.lab.example.com
4.6 正则表达式匹配
在开头的地方使用”~”,用来表示这是一个正则表达式:
[root@master ~]# ansible '~(s|db).*example.com' --list-hosts hosts (8): s1.lab.example.com srv2.example.com db3.example.com srv1.example.com db2.example.com db1.example.com s2.lab.example.com saturn.example.com
4.7 通过--limit明确指定主机或组
通过--limit在选定的组中明确指定主机:
[root@master ~]# ansible ungrouped --limit srv1.example.com --list-hosts hosts (1): srv1.example.com
通过--limit参数,还可以指定一个文件,该文件中定义明确指定的主机的列表,定义一个retry_hosts.txt如下:
[root@master ~]# vim retry_hosts.txt srv1.example.com [root@master ~]# ansible ungrouped --limit @retry_hosts.txt --list-hosts hosts (1): srv1.example.com
4.8 通配符和正则表达式配合使用
[root@master ~]# ansible '~(s|db).*,prod,*.lab.example.com' --list-hosts hosts (14): db1.example.com db2.example.com db3.example.com file2.example.com s1.lab.example.com srv2.example.com srv1.example.com s2.lab.example.com saturn.example.com lb2.lab.example.com jupiter.lab.example.com file1.lab.example.com lb1.lab.example.com web1.lab.example.com