ansible 安装&测试

本文所有资料和实例是结合官方文档，以及自己实际测试所得。
原始资料：http://ansible.cc/docs/
测试时所用系统centos6u2，使用python2.6.6，所用账户为yakamoz，yakamoz具有无密码使用sudo命令的权限

一、ansible 安装
1、软件包安装
EPEL已经提供了ansible所需的所有支持软件包，所以在这里使用epel源进行安装：   
$sudo rpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
安装ansible
$sudo yum install ansible -y
===============================================================================
 Package                        Arch                  Version                      Repository           Size
===============================================================================
Installing:
 ansible                        noarch                1.0-1.el6                    epel                336 k
Installing for dependencies:
 PyYAML                         x86_64                3.10-3.el6                   epel                157 k
 libyaml                        x86_64                0.1.3-1.el6                  epel                 52 k
 python-babel                   noarch                0.9.4-5.1.el6                base                1.4 M
 python-crypto                  x86_64                2.0.1-22.el6                 base                159 k
 python-jinja2                  x86_64                2.2.1-1.el6                  base                465 k
 python-paramiko                noarch                1.7.5-2.1.el6                base                728 k
Transaction Summary
===============================================================================
Install       7 Package(s)
Total download size: 3.3 M
Installed size: 17 M

2、免密钥
在master服务器生成ssh-key，并分发到所有客户端（在这里也许你有更好的方法，至少目前该方法是最简单的实现方式）
$ssh-keygen -t rsa  【一路回车】
$ssh-copy-id -i ~/.ssh/id_rsa.pub【客户端IP地址】

在此过程提示输入客户端密码

3、建立hosts文件
ansible的hosts默认在/etc/ansible/目录中，采用rpm安装的ansible会将该hosts作为范例，其中提示ansible是支持域名和ip两种客户端命名格式的【经过测试是没有问题的】，还介绍了不同的安装分组方法，建议好好看看：
在这里一共两台服务器master和slave，分为两组
$vim /etc/ansbile/hosts
[localhost]
127.0.0.1
[slave]
192.168.30.3

4、测试ansible的使用
在这里使用 ping模块
$ansible slave -i /etc/ansible/hosts -m ping  
192.168.30.3 | success >> {
    "changed": false, 
    "ping": "pong"
}
解读：从返回值分析，ansible slave节点192.168.30.3的ping值成功。说明ansible的已经能够使用！

二、基本功能模块测试
1、ansible命令格式
$ansible --help
Usage: ansible <host-pattern> [options]
Options:
  -a MODULE_ARGS, --args=MODULE_ARGS
                        module arguments
  -k, --ask-pass        ask for SSH password
  -K, --ask-sudo-pass   ask for sudo password
  -B SECONDS, --background=SECONDS
                        run asynchronously, failing after X seconds
                        (default=N/A)
  -c CONNECTION, --connection=CONNECTION
                        connection type to use (default=paramiko)
  -f FORKS, --forks=FORKS
                        specify number of parallel processes to use
                        (default=5)
  -h, --help            show this help message and exit
  -i INVENTORY, --inventory-file=INVENTORY
                        specify inventory host file
                        (default=/etc/ansible/hosts)
  -l SUBSET, --limit=SUBSET
                        further limit selected hosts to an additional pattern
  --list-hosts          dump out a list of hosts matching input pattern, does
                        not execute any modules!
  -m MODULE_NAME, --module-name=MODULE_NAME
                        module name to execute (default=command)
  -M MODULE_PATH, --module-path=MODULE_PATH
                        specify path(s) to module library
                        (default=/usr/share/ansible)
  -o, --one-line        condense output
  -P POLL_INTERVAL, --poll=POLL_INTERVAL
                        set the poll interval if using -B (default=15)
  --private-key=PRIVATE_KEY_FILE
                        use this file to authenticate the connection
  -s, --sudo            run operations with sudo (nopasswd)
  -U SUDO_USER, --sudo-user=SUDO_USER
                        desired sudo user (default=root)
  -T TIMEOUT, --timeout=TIMEOUT
                        override the SSH timeout in seconds (default=10)
  -t TREE, --tree=TREE  log output to this directory
  -u REMOTE_USER, --user=REMOTE_USER
                        connect as this user (default=yakamoz)
  -v, --verbose         verbose mode (-vvv for more)
  --version             show program's version number and exit

2、模块测试
各模块位置(default=/usr/share/ansible)
各模块使用说明可以用“$ansible-doc 【模块名称】”的方式查询
【copy】
测试文件test.sh
$vim test.sh
#!/bin/sh
Time=`date +"%m-%d %H:%M"`

echo "$Time script testing success!"
测试copy
$ansible all -m copy -a "src=/home/yakamoz/test.sh dest=/tmp/"
192.168.30.3 | success >> {
    "changed": true, 
    "dest": "/tmp/test.sh", 
    "group": "yakamoz", 
    "md5sum": "6c366d017bfc9191113141e8deeda7cd", 
    "mode": "0664", 
    "owner": "yakamoz", 
    "secontext": "unconfined_u:object_r:user_tmp_t:s0", 
    "src": "/home/yakamoz/.ansible/tmp/ansible-1366256450.22-43393541768920/test.sh", 
    "state": "file"
}
127.0.0.1 | success >> {
    "changed": true, 
    "dest": "/tmp/test.sh", 
    "group": "yakamoz", 
    "md5sum": "6c366d017bfc9191113141e8deeda7cd", 
    "mode": "0664", 
    "owner": "yakamoz", 
    "secontext": "unconfined_u:object_r:user_tmp_t:s0", 
    "src": "/home/yakamoz/.ansible/tmp/ansible-1366256450.68-90526948213754/test.sh", 
    "state": "file"
}
测试检查
[yakamoz@ansible-slave1 ~]$ ll /tmp/test.sh 
-rw-rw-r--. 1 yakamoz yakamoz 75 Apr 17 20:40 /tmp/test.sh
【file】
调用-s 参数，需要客户端能够无密码使用sudo命令；
$ ansible slave -m file -a "dest=/tmp/test.sh mode=755 owner=root group=root" -s
192.168.30.3 | success >> {
    "changed": true, 
    "group": "root", 
    "mode": "0755", 
    "owner": "root", 
    "path": "/tmp/test.sh", 
    "secontext": "unconfined_u:object_r:user_tmp_t:s0", 
    "state": "file"
}
【script】
$ ansible slave -m script -a "/tmp/test.sh"           
192.168.30.3 | success >> {
    "rc": 0, 
    "stderr": "", 
    "stdout": "04-17 22:09 script testing success!\r\n"
}
【shell】
$ ansible slave -m shell -a "/tmp/test.sh"          
192.168.30.3 | success | rc=0 >>
04-17 22:10 script testing success!
【group】
$ ansible all -m group -a "name=zj state=present" -s               
192.168.30.3 | success >> {
    "changed": true, 
    "gid": 501, 
    "name": "zj", 
    "state": "present", 
    "system": "no"
}

127.0.0.1 | success >> {
    "changed": true, 
    "gid": 501, 
    "name": "zj", 
    "state": "present", 
    "system": "no"
}
【user】
$ ansible all -m user -a "name=zj group=zj home=/root/zj state=present" -s
192.168.30.3 | success >> {
    "changed": true, 
    "comment": "", 
    "createhome": true, 
    "group": 501, 
    "home": "/root/zj", 
    "name": "zj", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 501
}

127.0.0.1 | success >> {
    "changed": true, 
    "comment": "", 
    "createhome": true, 
    "group": 501, 
    "home": "/root/zj", 
    "name": "zj", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 501
}
【yum】
可以提供的status：absent,present,installed,removed,latest
ansible slave -m yum -a "name=httpd state=latest" -s 
192.168.30.3 | success >> {
    "changed": true, 
    "msg": "Warning: RPMDB altered outside of yum.\n", 
    "rc": 0, 
    "results": [
        "\n================================================================================\n Package            Arch          Version                     Repository   Size\n================================================================================\nUpdating:\n httpd              x86_64        2.2.15-26.el6.centos        base        821 k\nUpdating for dependencies:\n httpd-tools        x86_64        2.2.15-26.el6.centos        base         72 k\n\nTransaction Summary\n================================================================================\nUpgrade       2 Package(s)\n\nTotal download size: 893 k\n\nUpdated:\n  httpd.x86_64 0:2.2.15-26.el6.centos                                           \n\nDependency Updated:\n  httpd-tools.x86_64 0:2.2.15-26.el6.centos                                     \n\n"
    ]
}
将results结果在echo中显示，结果如下：
================================================================================
 Package            Arch          Version                     Repository   Size
================================================================================
Updating:
 httpd              x86_64        2.2.15-26.el6.centos        base        821 k
Updating for dependencies:
 httpd-tools        x86_64        2.2.15-26.el6.centos        base         72 k

Transaction Summary
================================================================================
Upgrade       2 Package(s)

Total download size: 893 k

Updated:
  httpd.x86_64 0:2.2.15-26.el6.centos                                           

Dependency Updated:
  httpd-tools.x86_64 0:2.2.15-26.el6.centos      
【server】
可以提供的status：running,started,stopped,restarted,reloaded
$ ansible slave -m service -a "name=httpd state=running" -s  
192.168.30.3 | success >> {
    "changed": true, 
    "name": "httpd", 
    "state": "running"
}

二、测试ansible-play
$vim test.yml
---
- hosts: slave
  user: yakamoz
  sudo: yes
  tasks:
  - name: no selinux
    action: command /usr/sbin/setenforce 0
  - name: no iptables
    action: service name=iptables state=stopped
  - name: success
    action: command /bin/bash executable=/tmp/test.sh
$ansible-playbook test.yml -s

PLAY [slave] ********************* 

GATHERING FACTS ********************* 
ok: [192.168.30.3]

TASK: [no selinux] ********************* 
changed: [192.168.30.3]

TASK: [no iptables] ********************* 
ok: [192.168.30.3]

TASK: [success] ********************* 
changed: [192.168.30.3]

PLAY RECAP ********************* 
192.168.30.3                   : ok=4    changed=2    unreachable=0    failed=0    

检查结果
[root@ansible-slave1 ~]# tail -f /var/log/messages
Apr 18 00:05:51 localhost ansible-setup: Invoked
Apr 18 00:05:52 localhost ansible-command: Invoked with args=/usr/sbin/setenforce 0 executable=None shell=False chdir=None 
Apr 18 00:05:53 localhost ansible-service: Invoked with pattern=None state=stopped enabled=None name=iptables arguments= 
Apr 18 00:05:53 localhost ansible-command: Invoked with args=/bin/bash executable=/tmp/test.sh shell=False chdir=None