安装前提条件:控制服务器可以通过 ssh 免密登录被控制服务器。
一、安装 Ansible
[root@xiejiaohui ~]# yum install -y ansible Loaded plugins: langpacks, search-disabled-repos ansible | 2.9 kB 00:00 rhel--server-dvd | 4.3 kB 00:00 rhel-7-server-extras-rpms | 2.9 kB 00:00 (1/4): ansible/primary_db | 5.3 kB 00:00 (2/4): rhel-7-server-extras-rpms/primary_db | 80 kB 00:00 (3/4): rhel--server-dvd/group_gz | 146 kB 00:00 (4/4): rhel--server-dvd/primary_db | 4.2 MB 00:00 Resolving Dependencies --> Running transaction check ---> Package ansible.noarch 0:2.7.1-1.el7ae will be installed --> Processing Dependency: sshpass for package: ansible-2.7.1-1.el7ae.noarch --> Processing Dependency: python-passlib for package: ansible-2.7.1-1.el7ae.noarch --> Processing Dependency: python-paramiko for package: ansible-2.7.1-1.el7ae.noarch --> Processing Dependency: python-jmespath for package: ansible-2.7.1-1.el7ae.noarch --> Processing Dependency: python-httplib2 for package: ansible-2.7.1-1.el7ae.noarch --> Processing Dependency: python-cryptography for package: ansible-2.7.1-1.el7ae.noarch --> Running transaction check ---> Package python-httplib2.noarch 0:0.9.2-1.el7 will be installed ---> Package python-paramiko.noarch 0:2.1.1-5.el7 will be installed --> Processing Dependency: python2-pyasn1 for package: python-paramiko-2.1.1-5.el7.noarch ---> Package python-passlib.noarch 0:1.6.5-2.el7 will be installed ---> Package python2-cryptography.x86_64 0:1.7.2-2.el7 will be installed --> Processing Dependency: python-cffi >= 1.4.1 for package: python2-cryptography-1.7.2-2.el7.x86_64 --> Processing Dependency: python-idna >= 2.0 for package: python2-cryptography-1.7.2-2.el7.x86_64 --> Processing Dependency: python-enum34 for package: python2-cryptography-1.7.2-2.el7.x86_64 ---> Package python2-jmespath.noarch 0:0.9.0-4.el7ae will be installed ---> Package sshpass.x86_64 0:1.06-2.el7 will be installed --> Running transaction check ---> Package python-cffi.x86_64 0:1.6.0-5.el7 will be installed --> Processing Dependency: python-pycparser for package: python-cffi-1.6.0-5.el7.x86_64 ---> Package python-enum34.noarch 0:1.0.4-1.el7 will be installed ---> Package python-idna.noarch 0:2.4-1.el7 will be installed ---> Package python2-pyasn1.noarch 0:0.1.9-7.el7 will be installed --> Running transaction check ---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed --> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch --> Running transaction check ---> Package python-ply.noarch 0:3.4-11.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: ansible noarch 2.7.1-1.el7ae ansible 11 M Installing for dependencies: python-cffi x86_64 1.6.0-5.el7 rhel--server-dvd 218 k python-enum34 noarch 1.0.4-1.el7 rhel--server-dvd 52 k python-httplib2 noarch 0.9.2-1.el7 rhel-7-server-extras-rpms 115 k python-idna noarch 2.4-1.el7 rhel--server-dvd 94 k python-paramiko noarch 2.1.1-5.el7 rhel--server-dvd 268 k python-passlib noarch 1.6.5-2.el7 rhel-7-server-extras-rpms 488 k python-ply noarch 3.4-11.el7 rhel--server-dvd 123 k python-pycparser noarch 2.14-1.el7 rhel--server-dvd 105 k python2-cryptography x86_64 1.7.2-2.el7 rhel--server-dvd 503 k python2-jmespath noarch 0.9.0-4.el7ae ansible 39 k python2-pyasn1 noarch 0.1.9-7.el7 rhel--server-dvd 100 k sshpass x86_64 1.06-2.el7 rhel-7-server-extras-rpms 21 k Transaction Summary ================================================================================ Install 1 Package (+12 Dependent packages) Total download size: 13 M Installed size: 70 M Downloading packages: (1/13): python-enum34-1.0.4-1.el7.noarch.rpm | 52 kB 00:00 (2/13): python-cffi-1.6.0-5.el7.x86_64.rpm | 218 kB 00:00 (3/13): python-idna-2.4-1.el7.noarch.rpm | 94 kB 00:00 (4/13): python-httplib2-0.9.2-1.el7.noarch.rpm | 115 kB 00:00 (5/13): python-paramiko-2.1.1-5.el7.noarch.rpm | 268 kB 00:00 (6/13): python-ply-3.4-11.el7.noarch.rpm | 123 kB 00:00 (7/13): python-pycparser-2.14-1.el7.noarch.rpm | 105 kB 00:00 (8/13): python2-cryptography-1.7.2-2.el7.x86_64.rpm | 503 kB 00:00 (9/13): python-passlib-1.6.5-2.el7.noarch.rpm | 488 kB 00:00 (10/13): sshpass-1.06-2.el7.x86_64.rpm | 21 kB 00:00 (11/13): ansible-2.7.1-1.el7ae.noarch.rpm | 11 MB 00:00 (12/13): python2-jmespath-0.9.0-4.el7ae.noarch.rpm | 39 kB 00:00 (13/13): python2-pyasn1-0.1.9-7.el7.noarch.rpm | 100 kB 00:00 -------------------------------------------------------------------------------- Total 37 MB/s | 13 MB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : python2-pyasn1-0.1.9-7.el7.noarch 1/13 Installing : python2-jmespath-0.9.0-4.el7ae.noarch 2/13 Installing : python-httplib2-0.9.2-1.el7.noarch 3/13 Installing : sshpass-1.06-2.el7.x86_64 4/13 Installing : python-enum34-1.0.4-1.el7.noarch 5/13 Installing : python-passlib-1.6.5-2.el7.noarch 6/13 Installing : python-ply-3.4-11.el7.noarch 7/13 Installing : python-pycparser-2.14-1.el7.noarch 8/13 Installing : python-cffi-1.6.0-5.el7.x86_64 9/13 Installing : python-idna-2.4-1.el7.noarch 10/13 Installing : python2-cryptography-1.7.2-2.el7.x86_64 11/13 Installing : python-paramiko-2.1.1-5.el7.noarch 12/13 Installing : ansible-2.7.1-1.el7ae.noarch 13/13 Verifying : python-idna-2.4-1.el7.noarch 1/13 Verifying : python-pycparser-2.14-1.el7.noarch 2/13 Verifying : python-paramiko-2.1.1-5.el7.noarch 3/13 Verifying : python-ply-3.4-11.el7.noarch 4/13 Verifying : python-passlib-1.6.5-2.el7.noarch 5/13 Verifying : python-enum34-1.0.4-1.el7.noarch 6/13 Verifying : ansible-2.7.1-1.el7ae.noarch 7/13 Verifying : python-cffi-1.6.0-5.el7.x86_64 8/13 Verifying : sshpass-1.06-2.el7.x86_64 9/13 Verifying : python-httplib2-0.9.2-1.el7.noarch 10/13 Verifying : python2-pyasn1-0.1.9-7.el7.noarch 11/13 Verifying : python2-jmespath-0.9.0-4.el7ae.noarch 12/13 Verifying : python2-cryptography-1.7.2-2.el7.x86_64 13/13 Installed: ansible.noarch 0:2.7.1-1.el7ae Dependency Installed: python-cffi.x86_64 0:1.6.0-5.el7 python-enum34.noarch 0:1.0.4-1.el7 python-httplib2.noarch 0:0.9.2-1.el7 python-idna.noarch 0:2.4-1.el7 python-paramiko.noarch 0:2.1.1-5.el7 python-passlib.noarch 0:1.6.5-2.el7 python-ply.noarch 0:3.4-11.el7 python-pycparser.noarch 0:2.14-1.el7 python2-cryptography.x86_64 0:1.7.2-2.el7 python2-jmespath.noarch 0:0.9.0-4.el7ae python2-pyasn1.noarch 0:0.1.9-7.el7 sshpass.x86_64 0:1.06-2.el7 Complete! [root@xiejiaohui ~]#
二、修改配置文件ansible.cfg
[root@workstation ~]# su - student [student@workstation ~]$ cd [student@workstation ~]$ pwd /home/student [student@workstation ~]$ mkdir ansible [student@workstation ~]$ cd ansible/ [student@workstation ansible]$ cp /etc/ansible/ansible.cfg /home/student/ansible/ [student@workstation ansible]$ vim ansible.cfg [student@workstation ansible]$ cat ansible.cfg |grep -v ^#|grep -v ^$ [defaults] inventory = /home/student/ansible/inventory ask_pass = False roles_path = /home/student/ansible/roles:/etc/ansible/roles:/usr/share/ansible/roles remote_user = student [inventory] [privilege_escalation] become=True become_method=sudo become_user=root become_ask_pass=False [paramiko_connection] [ssh_connection] [persistent_connection] [accelerate] [selinux] [colors] [diff] [student@workstation ansible]$
三、配置 inventory 文件
[student@workstation ansible]$ vim inventory [student@workstation ansible]$ cat inventory [dev] servera [test] serverb [prod] serverc serverd [webservers:children] prod [student@workstation ansible]$
四、修改客户端 sudoers 文件
登录被控制的电脑
$ssh root@servera
servera 修改文件 /etc/sudoers 在最后新增一行
student ALL=(ALL) NOPASSWD: ALL
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) #includedir /etc/sudoers.d student ALL=(ALL) NOPASSWD: ALL
五、验证是否配置正确,通过ping 命令测试
[student@workstation ansible]$ ansible all -m ping servera | SUCCESS => { "changed": false, "ping": "pong" } serverb | SUCCESS => { "changed": false, "ping": "pong" } serverc | SUCCESS => { "changed": false, "ping": "pong" } serverd | SUCCESS => { "changed": false, "ping": "pong" } [student@workstation ansible]$ ansible dev -m ping servera | SUCCESS => { "changed": false, "ping": "pong" } [student@workstation ansible]$ ansible test -m ping serverb | SUCCESS => { "changed": false, "ping": "pong" } [student@workstation ansible]$ ansible prod -m ping serverd | SUCCESS => { "changed": false, "ping": "pong" } serverc | SUCCESS => { "changed": false, "ping": "pong" } [student@workstation ansible]$ ansible webservers -m ping serverd | SUCCESS => { "changed": false, "ping": "pong" } serverc | SUCCESS => { "changed": false, "ping": "pong" } [student@workstation ansible]$
列出所有主机
[student@workstation ansible]$ ansible all --list-hosts hosts (4): servera serverb serverc serverd [student@workstation ansible]$