1.ansible的安裝方式
1).rpm安裝(一般使用yum安裝) (推薦使用)
# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
# yum -y install ansible
# 或著
# yum install epel-release
# yum -y install ansible

2).pip安裝(比較麻煩)
# yum install python3 python3-deve1 python3-pip -y
# pip3 install --upgrade pip -i https://pypi.douban.com/simple/
# pip3 install ansible -i https://pypi.douban.com/simple/
# /usr/local/bin/ansible --version

推薦使用yum安裝，因?yàn)槭褂胊nsible就是因?yàn)樗暮唵?、方便，如果為了使用它，僅安裝就大費(fèi)周折，還不如不用

2.確認(rèn)ansible是否安裝和版本號
[root@localhost ~]# ansible --version ? ? ? ? ? ? ?#查看是否安裝和版本號
ansible 2.9.27
?config file = /etc/ansible/ansible.cfg
?configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
?ansible python module location = /usr/lib/python2.7/site-packages/ansible
?executable location = /usr/bin/ansible
?python version = 2.7.5 (default, Oct 14 2020, 14:45:30) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]

[root@localhost ~]# ansible localhost -m ping ? ?#調(diào)用模塊測試
localhost | SUCCESS => {
? ?"changed": false,
? ?"ping": "pong"
}

3.ansible的安裝
[root@localhost ~]# yum -y install epel-release ? ? ? ?#先安裝epel-release
[root@localhost ~]# yum -y install ansible
[root@localhost ~]# ansible --version
ansible 2.9.27
?config file = /etc/ansible/ansible.cfg
?configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
?ansible python module location = /usr/lib/python2.7/site-packages/ansible
?executable location = /usr/bin/ansible
?python version = 2.7.5 (default, Oct 14 2020, 14:45:30) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]

4.ansible的基本配置
1)管理端配置主機(jī)管理: ?在hosts文件中添加被管理主機(jī)的IP地址列表：
[root@localhost ~]# vim /etc/ansible/hosts
……
[test] ? ? ? ? ? ? ? ? ? ? ? ? ? #添加一個組名
192.168.171.129 ? ? ? ? ? #添加被管理主機(jī)的IP
192.168.171.130 ? ? ? ? ? #添加被管理主機(jī)的IP

2).修改ansible的配置文件
[root@localhost ~]# vim /etc/ansible/ansible.cfg
……
host_key_checking = False ? ? ? ?#禁用每次執(zhí)行ansbile命令檢查ssh key host?,默認(rèn)注釋,開啟即可
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? #首次連接是否需要檢查key認(rèn)證，建議放開注釋設(shè)為False
log_path = /var/log/ansible.log ? #開啟日志記錄, 默認(rèn)注釋,開啟即可
……
[accelerate]
accelerate_port = 5099 ? ? ? ? ? ? #加速連接端口，釋放，默認(rèn)注釋，也可改變端口號，此處沒改
#accelerate_timeout = 30
#accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
#accelerate_daemon_timeout = 30
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
accelerate_multi_key = yes ? ? ?#釋放，默認(rèn)注釋
[root@localhost ~]# cat /etc/ansible/ansible.cfg |grep "/etc/ansible/hosts" ? ?#查看Inventory定義的被管理主機(jī)清單文件
#inventory ? ? ?= /etc/ansible/hosts ? ?#Inventory文件主要用來填寫被管理主機(jī)列表信息,默認(rèn)Inventory 文件為/etc/ansible/hosts
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? #當(dāng)然也可以自定義一個文件，當(dāng)執(zhí)行ansible 命令時使用-i選項(xiàng)指定Inventory文件位置也可
? ? ? ? ? ? ? ? ? ? ?
3).配置管理端到被管理端的免密登錄，以方便ansible進(jìn)行管理
管理端機(jī)器上生成ssh密鑰對,實(shí)現(xiàn)能無密碼連接登錄到被管理機(jī)器:
[root@localhost ~]# ssh-keygen -t rsa ?#下面一路回車，不用輸密碼
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rZn0m2eUdeYzqZUEYE2W8cAZJ2ElF/6/XvvP7aoq7EQ root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| ? ? ? ? ? o=@B=.|
| ? ? ? ? ?. o*O ?|
| ? ? ? ? ? ? ?.o |
| ? ? ? ? . ? ?..+|
| ? ? ? ?E . ?o.++|
| ? ? ? o = ?o ?*o|
| ? ? ? .= .. ?o =|
| ? ? ? .o ?oo. .=|
| ? ? ? ...++..o*O|
+----[SHA256]-----+
[root@localhost ~]# ls /root/.ssh/
id_rsa ?id_rsa.pub
[root@localhost ~]# yum ?-y install openssh openssh-clients openssh-server #若沒有ssh命令和ssh-copy-id等時候的安裝
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.171.129 #或僅IP也可
#第一次需要輸入對方用戶密碼：123456
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.171.130 #或僅IP也可
#第一次需要輸入對方用戶密碼：123456
[root@localhost ~]# ssh root@192.168.171.129 ifconfig |head -3
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> ?mtu 1500
? ? ? ?inet 192.168.171.129 ?netmask 255.255.255.0 ?broadcast 192.168.171.255
? ? ? ?inet6 fe80::2fab:326:734f:2936 ?prefixlen 64 ?scopeid 0x20<link>
[root@localhost ~]# ssh root@192.168.171.130 ifconfig |head -3
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> ?mtu 1500
? ? ? ?inet 192.168.171.130 ?netmask 255.255.255.0 ?broadcast 192.168.171.255
? ? ? ?inet6 fe80::eaa2:384e:60ac:87b1 ?prefixlen 64 ?scopeid 0x20<link>
注意:ssh-copy命令格式有兩種：
1)ssh-copy-id ?遠(yuǎn)端用戶@遠(yuǎn)端IP ?#或僅IP
2)ssh-copy-id -i /root/.ssh/id_rsa.pub ?遠(yuǎn)端用戶@遠(yuǎn)端IP ? ? #或僅IP

4).配置管理端到被管理端的登錄另一種方式(無需免密，將密碼直接寫入ansible配置文件方式)，以方便ansible進(jìn)行管理
被管理機(jī)器的密碼也可（不過第一次連接時需要輸入yes確認(rèn)，后面就不需要了）
格式例子如：
[root@keeper-01 ~]# cat /etc/ansible/hosts ? ? ssh默認(rèn)22端口時候
[maya]
keeper-01 ansible_ssh_host="192.168.14.128" ?ansible_ssh_user="root" ansible_ssh_pass="123456"
maya-001-129 ansible_ssh_host="192.168.14.129" ?ansible_ssh_user="root" ansible_ssh_pass="123456"
[mem]
mem1 ansible_ssh_host="192.168.14.130" ? ansible_ssh_user="root" ansible_ssh_pass="123456"
mem2 ansible_ssh_host="192.168.14.131" ? ansible_ssh_user="root" ansible_ssh_pass="123456"

格式例子2又如： ansible批量發(fā)送文件時，遠(yuǎn)端機(jī)器ssh的端口號不是22，而是已經(jīng)改變了的22115時候的配置
[root@keeper-01 ~]# cat /etc/ansible/hosts ?ssh端口改變時候
[app-girl]
app-girl1 ansible_ssh_host="172.17.133.212" ?ansible_ssh_user="root" ansible_ssh_pass="b6eMWV2VQQ" ansible_ssh_port=22115
app-girl2 ansible_ssh_host="172.17.133.213" ?ansible_ssh_user="root" ansible_ssh_pass="C4NMcSyBrQ" ansible_ssh_port=22115