1，主配置文件：/etc/asiable/ansiable.cfg

module_name =command   ##ansible的默认模块是command模块，但是在使用的时候非常的有局限性，建议改成shell模块

host_key_checking = False  ##检查对应要控制主机的的host_key，建议取消注释，以减轻管理时需要输入的密码

log_path = /var/log/ansible.log  ##ansible的登录日志文件所在的位置

executable = /bin/sh  ##默认登录到对方用户下面使用的shell版本

2，被管理主机的配置文件：/etc/ansible/hosts

green.example.com  ##定义单个被管理的主机，可以是FQDN，也可以是IP地址

[webservers]  ##把被管理的主机放在一个组中
alpha.example.org

www[001:006].example.com  ##支持类似通配符写法，此项代表从www001.ex ample.com到www006.ex ample.com
之间的所有主机

ansible的使用用法：

前提：

由于ansible默认是基于ssh服务来管理主机的，所以首先要在管理的主机上生成公钥文件，并传递给要管理的主机
之上，才能实现基于密钥的管理

1，在管理者的主机上生成公钥文件

[[email?protected] ~] ssh-keygen -t rsa  ##生成对称密钥，出现提示选择默认即可
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:06qoPmoSy7UGkKie95RnHn6bPOFEnusk/B0m+/+g8C0 [email?protected]
The key‘s randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|..               |
|+        o       |
|o       S o      |
|o. .  o  B       |
|oo+ .o *++oo .   |
|o=.+..=.*=OE+ .  |
|+o=oo..ooB+=oo.. |
+----[SHA256]-----+

2，把公钥传递给被管理的主机上

[[email?protected] ~] ssh-copy-id -i 192.168.1.20  ##传递到远程的主机上进行管理
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host ‘192.168.1.20 (192.168.1.20)‘ can‘t be established.
ECDSA key fingerprint is SHA256:htIQABZZdudyHVZbppjWeY2d/pQQ0km8k+i/39SZ04Q.
ECDSA key fingerprint is MD5:78:6e:b3:3d:fc:29:b2:b0:fc:2f:6d:d6:ff:3c:63:1a.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email?protected]‘s password: 

Number of key(s) added: 1

Now try logging into the machine,with:   "ssh ‘192.168.1.20‘"
and check to make sure that only the key(s) you wanted were added.

3，把被管理的主机加入到/etc/ansible/hosts文件中

[web]  ##给被管理的主机进行分组
192.168.1.19
192.168.1.20
[db]
192.168.1.21

基于模块的使用方法：

1，ping模块：查看被管理主机的模块是否处于在线状态、

[[email?protected] ~] ansible db -m ping  ##查看db组中被管理的主机是否在线

192.168.1.21 | SUCCESS => {
    "changed": false,"ping": "pong"
}

[[email?protected] ~] ansible all -m ping  ##all代表所有被管理的主机
192.168.1.21 | SUCCESS => {
    "changed": false,"ping": "pong"  ##如果处于在线状态，会放回一个pong的提示
}
192.168.1.19 | SUCCESS => {
    "changed": false,"ping": "pong"
}
192.168.1.20 | SUCCESS => {
    "changed": false,"ping": "pong"
}

2，user模块：在远程主机上创建用户

[[email?protected] ~] ansible db -m user -a ‘name=mysql state=present‘  ##present表示建立，创建一个用户名为mysql
的用户
192.168.1.21 | CHANGED => {
    "changed": true,"comment": "","create_home": true,"group": 1000,"home": "/home/mysql","name": "mysql","shell": "/bin/bash","state": "present","system": false,"uid": 1000
}

[[email?protected] ~] ansible db -m user -a ‘name=mariadb state=present system=yes‘  ##创建一个用户名为mariadb的
系统用户
192.168.1.21 | CHANGED => {
    "changed": true,"group": 994,"home": "/home/mariadb","name": "mariadb","system": true,"uid": 997
}

[[email?protected] ~] ansible db -m user -a ‘name=mysql state=absent‘ ##absent代表移除，删除用户名为mysql的用户
192.168.1.21 | CHANGED => {
    "changed": true,"force": false,"remove": false,"state": "absent"
}

3，group模块：在远程主机上创建用户组

[[email?protected] ~] ansible db -m group -a ‘name=tomcat state=present‘  ##创建组和创建用户的方法差不多，只是用
的模块上有些差异，此命令为创建一个普通的用户组
192.168.1.21 | CHANGED => {
    "changed": true,"gid": 1000,"name": "tomcat","system": false
}

[[email?protected] ~] ansible db -m group -a ‘name=tomcat state=absent‘  ##移除用户组
192.168.1.21 | CHANGED => {
    "changed": true,"state": "absent"
}

4，copy模块：拷贝文件到远程主机

[[email?protected] ~] ansible db -m copy -a ‘src=/root/test dest=/root/‘  ##拷贝一个test文件到对方主机的root目录下，src
指定源文件，dest指定目标文件的存放目录
192.168.1.21 | CHANGED => {
    "changed": true,"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709","dest": "/root/test","gid": 0,"group": "root","md5sum": "d41d8cd98f00b204e9800998ecf8427e","mode": "0644","owner": "root","size": 0,"src": "/root/.ansible/tmp/ansible-tmp-1556108167.92-277769296604040/source","state": "file","uid": 0
}

5，yum模块：在远程主机上安装软件（需要在远程主机上安装好yum源，才能够安装软件）

[[email?protected] ~] ansible db -m yum -a "name=vsftpd"  ##安装vsftpd
192.168.1.21 | CHANGED => {
    "ansible_facts": {
        "pkg_mgr": "yum"
    },"changed": true,"msg": "Repository ‘cdrom‘ is missing name in configuration,using idn","rc": 0,##rc返回值为0代表执行成功
......

[[email?protected] ~] ansible db -m yum -a ‘name=vsftpd state=absent‘  ##删除已安装的软件包
192.168.1.21 | CHANGED => {
    "ansible_facts": {
        "pkg_mgr": "yum"
    },"results": [
        ......

6，shell模块：可以在远程主机上执行shell命令

[[email?protected] ~] ansible db -m shell -a ‘hostname‘  ##在远程主机上执行hostname命令
192.168.1.21 | CHANGED | rc=0 >>
localhost.localdomain

7，script模块：在远程主机上执行shell脚本，不用把脚本传递到远程主机上即可执行

编写一个test脚本

[[email?protected] ~] vim test.sh
#!/bin/bash
wall hello word

不用给创建的脚本执行权限，就可以使远程主机执行脚本

[[email?protected] ~] ansible db -m script -a /root/test.sh  ##让远程主机执行脚本
192.168.1.21 | CHANGED => {
    "changed": true,"stderr": "Shared connection to 192.168.1.21 closed.rn","stderr_lines": [
        "Shared connection to 192.168.1.21 closed."
    ],"stdout": "","stdout_lines": []
}

8，File：设置文件属性

[[email?protected] ~] ansible db -m file -a ‘path=/root/test owner=mariadb mode=700‘  ##给远程主机的文件设置属主，
和权限
192.168.1.21 | CHANGED => {
    "changed": true,"mode": "0700","owner": "mariadb","path": "/root/test","uid": 997
}

[[email?protected] ~] ansible db -m file -a ‘src=/root/test dest=/root/test-link state=link‘
192.168.1.21 | CHANGED => {  ##给文件创建软链接，当然也可以创建名为test-link硬链接，需要把link改成hard
    "changed": true,"dest": "/root/test-link","mode": "0777","size": 10,"src": "/root/test","state": "link","uid": 0
}

9，Cron：计划任务

[[email?protected] ~] ansible db -m shell -a ‘rpm -qa | grep crontabs‘  ##查看被管理的主机是否安装crontabs软件
[[email?protected] ~] ansible db -m shell -a ‘systemctl status crond‘  ##查看计划任务服务是否启动
[[email?protected] ~] ansible db -m cron -a ‘minute=*/5 job="/usr/bin/wall hello word"‘ ##设置计划任务，每五分钟执行一
次hello word，还可以指定小时，天，月，星期，如果没指定，默认是*

在对方主机上执行查看是否有计划任务

[[email?protected] ~] crontab -l 
#Ansible: None
*/5 * * * * /usr/bin/wall hello word

10，service模块

[[email?protected] ~] ansible db -m service  -a ‘name=httpd state=started‘  #安装http服务
192.168.1.21 | CHANGED => {
    "changed": true,"name": "httpd","state": "started","status": {
        "ActiveEnterTimestampMonotonic": "0","ActiveExitTimestampMonotonic": "0",......

[[email?protected] ~] ansible db -a ‘systemctl status httpd‘  #查看http服务是否启动
192.168.1.21 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2019-04-24 21:54:56 EDT; 42s ago
......

[[email?protected] ~] ansible db -m service  -a ‘name=httpd state=stopped‘  #停止http服务
192.168.1.21 | CHANGED => {
    "changed": true,"state": "stopped","status": {
......