# 安装Ansible
$ sudo dnf install -y ansible
Last metadata expiration check: 0:45:23 ago on Fri 04 Apr 2026 01:55:15 AM CST.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
ansible noarch 1:7.5.0-1.el9 appstream 15 M

Transaction Summary
================================================================================
Install 1 Package

Total download size: 15 M
Installed size: 100 M
Downloading Packages:
ansible-7.5.0-1.el9.noarch.rpm 15 MB/s | 15 MB 00:01
——————————————————————————–
Total 15 MB/s | 15 MB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : ansible-1:7.5.0-1.el9.noarch 1/1
Running scriptlet: ansible-1:7.5.0-1.el9.noarch 1/1
Verifying : ansible-1:7.5.更多视频教程www.fgedu.net.cn0-1.el9.noarch 1/1

Installed:
ansible-1:7.5.0-1.el9.noarch

Complete!

# 查看版本
$ ansible –version
ansible [core 2.14.5]
config file = /etc/ansible/ansible.cfg
configured module search path = [‘/root/.ansible/plugins/modules’, ‘/usr/share/ansible/plugins/modules’]
ansible python module locati学习交流加群风哥QQ113257174on = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.9.16 (main, Dec 8 2022, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)]
jinja version = 3.1.2
libyaml = True

# 配置主机清单
$ sudo tee /etc/ansible/hosts << EOF [webservers] web1 ansible_host=192.168.1.20 web2学习交流加群风哥微信: 更多学习教程公众号风哥教程itpux_comitpux-com ansible_host=192.168.1.21 web3 ansible_host=192.168.1.22 [dbservers] db1 ansible_host=192.168.1.30 db2 ansible_host=192.168.1.31 [all:vars] ansible_user=root ansible_ssh_private_key_file=/root/.ssh/id_rsa EOF # 配置SSH密钥 $ ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsa -N "" $ ssh-copy-id root@192.168.1.20 $ ssh-copy-id root@192.168.1.21 $ ssh-copy-id root@192.168.1.22 # 测试连接 $ ansible all -m ping web1 | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: false,
“ping”: “pong”
}
web2 | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: false,
“ping”: “pong”
}
web3 | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: false,
“ping”: “pong”
}

# 执行命令
$ ansible webservers -m command -a “uptime”
web1 | CHANGED | rc=0 >>
01:56:00 up 1 day, 2:30, 2 users, load average: 0.00, 0.01, 0.05

# 安装软件包
$ ansible webservers -m dnf -a “name=nginx state=latest” -b
web1 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: true,
“msg”: “”,
“rc”: 0,
“results”: [
“Installed: nginx-1:1.20.1-14.el9.x86_64”
]
}

# 启动服务
$ ansible webservers -m systemd -a “name=nginx state=started enabled=yes” -b
web1 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: true,
“enabled”: true,
“name”: “nginx”,
“state”: “started”,
“status”: {
“ActiveEnterTimestamp”: “Fri 2026-04-04 01:56:00 CST”,
“ActiveState”: “active”
}
}

# 复制文件
$ ansible webservers -m copy -a “src=/etc/hosts dest=/etc/hosts backup=yes” -b
web1 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: true,
“checksum”: “1234567890abcdef1234567890abcdef12345678”,
“dest”: “/etc/hosts”,
“gid”: 0,
“group”: “root”,
“md5sum”: “1234567890abcdef1234567890abcdef”,
“mode”: “0644”,
“owner”: “root”,
“size”: 1234,
“src”: “/root/.ansible/tmp/ansible-tmp-1234567890.12-12345-123456789012345/source”,
“state”: “file”,
“uid”: 0
}

# 创建用户
$ ansible webservers -m user -a “name=webadmin group=nginx shell=/bin/bash” -b
web1 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: true,
“comment”: “”,
“create_home”: true,
“group”: 123,
“home”: “/home/webadmin”,
“name”: “webadmin”,
“shell”: “/bin/bash”,
“state”: “present”,
“system”: false,
“uid”: 1001
}

# 配置防火墙
$ ansible webservers -m firewalld -a “service=http permanent=yes state=enabled immediate=yes” -b
web1 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: true,
“msg”: “Permanent operation, Changed service http to enabled”
}

# 创建Playbook
$ cat > /etc/ansible/playbooks/deploy_web.yml << 'EOF' --- - name: Deploy Web Servers hosts: webservers become: yes vars: nginx_port: 80 nginx_user: nginx document_root: /var/www/html tasks: - name: Install Nginx dnf: name: nginx state: latest - name: Start Nginx systemd: name: nginx state: started enabled: yes - name: Configure Nginx template: src: templates/nginx.conf.j2 dest: /etc/nginx/nginx.conf backup: yes notify: Restart Nginx - name: Create document root file: path: "{{ document_root }}" state: directory owner: "{{ nginx_user }}" group: "{{ nginx_user }}" mode: '0755' - name: Deploy index.html copy: src: files/index.html dest: "{{ document_root }}/index.html" owner: "{{ nginx_user }}" group: "{{ nginx_user }}" mode: '0644' - name: Open firewall firewalld: service: http permanent: yes state: enabled immediate: yes handlers: - name: Restart Nginx systemd: name: nginx state: restarted EOF # 创建模板文件 $ mkdir -p /etc/ansible/playbooks/templates $ cat > /etc/ansible/playbooks/templates/nginx.conf.j2 << 'EOF' user {{ nginx_user }}; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; server { listen {{ nginx_port }} default_server; server_name _; root {{ document_root }}; location / { index index.html index.htm; } } } EOF # 创建文件 $ mkdir -p /etc/ansible/playbooks/files $ cat > /etc/ansible/playbooks/files/index.html << 'EOF'

Welcome to {{ ansible_hostname }}

EOF

# 执行Playbook
$ ansible-playbook /etc/ansible/playbooks/deploy_web.yml

PLAY [Deploy Web Servers] ********************************************************

TASK [Gathering Facts] **********************************************************
ok: [web1]
ok: [web2]
ok: [web3]

TASK [Install Nginx] ************************************************************
changed: [web1]
changed: [web2]
changed: [web3]

TASK [Start Nginx] **************************************************************
changed: [web1]
changed: [web2]
changed: [web3]

TASK [Configure Nginx] **********************************************************
changed: [web1]
changed: [web2]
changed: [web3]

TASK [Create document root] *****************************************************
changed: [web1]
changed: [web2]
changed: [web3]

TASK [Deploy index.html] ********************************************************
changed: [web1]
changed: [web2]
changed: [web3]

TASK [Open firewall] ************************************************************
changed: [web1]
changed: [web2]
changed: [web3]

RUNNING HANDLER [Restart Nginx] *************************************************
changed: [web1]
changed: [web2]
changed: [web3]

PLAY RECAP **********************************************************************
web1 : ok=8 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
web2 : ok=8 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
web3 : ok=8 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

# 创建Role目录结构
$ mkdir -p /etc/ansible/roles/nginx/{tasks,handlers,templates,files,vars,defaults,meta}

# 创建tasks文件
$ cat > /etc/ansible/roles/nginx/tasks/main.yml << 'EOF' --- - name: Install Nginx dnf: name: nginx state: latest - name: Start Nginx systemd: name: nginx state: started enabled: yes - from PG视频:www.itpux.comname: Configure Nginx template: src: nginx.conf.j2 dest: /etc/nginx/nginx.conf backup: yes notify: Restart Nginx - name: Open firewall firewalld: service: http permanent: yes state: enabled immediate: yes EOF # 创建handlers文件 $ cat > /etc/ansible/roles/nginx/handlers/main.yml << 'EOF' --- - name: Restart Nginx systemd: name: nginx state: restarted EOF # 创建模板文件 $ cat > /etc/ansible/roles/nginx/templates/nginx.conf.j2 << 'EOF' user {{ nginx_user }}; worker_processes auto; events { worker_connections 1024; } http { server { listen {{ nginx_port }}; root {{ document_root }}; } } EOF # 创建变量文件 $ cat > /etc/ansible/roles/nginx/defaults/main.yml << 'EOF' --- nginx_user: nginx nginx_port: 80 document_root: /var/www/html EOF # 使用Role $ cat > /etc/ansible/playbooks/site.yml << 'EOF' --- - name: Deploy Web Servers hosts: webservers become: yes roles: - nginx EOF # 执行Playbook $ ansible-playbook /etc/ansible/playbooks/site.yml

# 创建加密文件
$ ansible-vault create /etc/ansible/vars/secrets.yml
New Vault password:
Confirm New Vault password:
db_password: MySecretPassword123
api_key: abc123def456

# 加密现有文件
$ ansible-vault encrypt /etc/ansible/vars/passwords.yml
New Vault password:
Confirm New Vault password:
Encryption successful

# 查看加密文件
$ ansible-vault view /etc/ansible/vars/secrets.yml
Vault password:
db_password: MySecretPassword123
api_key: abc123def456

# 编辑加密文件
$ ansible-vault edit /etc/ansible/vars/secrets.yml
Vault password:

# 解密文件
$ ansible-vault decrypt /etc/ansible/vars/secrets.yml
Vault password:
Decryption successful

# 在Playbook中使用加密变量
$ cat > /etc/ansible/playbooks/deploy_db.yml << 'EOF' --- - name: Deploy Database hosts: dbservers become: yes vars_files: - /etc/ansible/vars/secrets.yml tasks: - name: Install MySQL dnf: name: mysql-server state: latest - name: Configure MySQL template: src: my.cnf.j2 dest: /etc/my.cnf EOF # 执行Playbook $ ansible-playbook /etc/ansible/playbooks/deploy_db.yml --ask-vault-pass Vault password: