标签:ansible
Ansible
===========================================================================
概述:
===========================================================================
★运维工具的分类:
gent:基于专用的agent程序完成管理功能,puppet, func, zabbix, ...
agentless:基于ssh服务完成管理,ansible, fabric, ...
★ansible属于Configuration、Command and Control工具
★简介
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。
★架构
连接插件(connection plugins):负责和被监控端实现通信;
host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
各种模块核心模块、command模块、自定义模块;
借助于插件完成记录日志邮件等功能;
playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
附图:
架构图
★特性:
模块化:调用特定的模块,完成特定的任务;
基于Python语言研发,由Paramiko, PyYAML和Jinja2三个核心库实现;
部署简单:agentless;
支持自定义模块,使用任意编程语言;
强大的playbook机制;
幂等性;
★优点
轻量级,无需在客户端安装agent,更新时,只需在操作机上进行一次更新即可;
批量任务执行可以写成脚本,而且不用分发到远程就可以执行;
使用python编写,维护更简单,ruby语法过于复杂;
支持sudo。
★任务执行流程
说明:
(1)以上内容大多是基于他人分享的基础上总结而来,学习借鉴之用;
(2)本次安装基于 CentOS 7.2 系统环境。
1.安装及程序环境:
★安装:
# yum install ansible -y (epel仓库中)
★程序:
ansible
ansible-playbook //唱剧本
ansible-doc //获取帮助文档
★配置文件
/etc/ansible/ansible.cfg //核心配置文件
★主机清单:
/etc/ansible/hosts
★插件目录:
/usr/share/ansible_plugins/
2.基本使用入门
★ansible命令
语法格式(Usage):
ansible <host-pattern> [options]
选项:
-m MOD_NAME(指明调用的模块名称)
-a MOD_ARGS(指明调用模块的参数)
★配置Host Inventory(主机清单)
/etc/ansible/hosts //文件路径
格式:
★模块:
获取模块列表:ansible-doc -l
获取指定模块的使用帮助:ansible-doc -s MOD_NAME
实验:
1.演示环境
准备四台虚拟主机,这里我有3台CentOS 7和1台CentOS 6;
ip为10.1.252.153的CentOS 7主机模拟ansible的管理端,其余的CentOS 7和6模拟为被管理端;
演示过程如下:(分模块进行)
1.首先进到/etc/ansible的配置文件中,做备份,然后配置主机清单
[root@centos7 ~]# cd /etc/ansible/
[root@centos7 ansible]# ls
ansible.cfg hosts roles
[root@centos7 ansible]# cp ansible.cfg{,.bak}
[root@centos7 ansible]# cp hosts{,.bak}
[root@centos7 ansible]# ls
ansible.cfg ansible.cfg.bak hosts hosts.bak roles
[root@centos7 ansible]# vim hosts
[websrvs] # 定义websrvs组
10.1.252.156 # CentOS 7 主机
10.1.252.161 # CentOS 7 主机
[dbsrvs] # 定义数据库组
10.1.252.205 # CentOS 6 主机
10.1.252.161 #一台主机可以属于多个组2.获取模块列表和使用帮助
[root@centos7 ansible]# ansible-doc -h Usage: ansible-doc [options] [module...] Options: -h, --help show this help message and exit -l, --list List available modules # 获取模块列表 -M MODULE_PATH, --module-path=MODULE_PATH specify path(s) to module library (default=None) -s, --snippet Show playbook snippet for specified module(s) # 获取指定模块简单用法 -v, --verbose verbose mode (-vvv for more, -vvvv to enable # 获取详细用法 connection debugging) --version show program‘s version number and exit
3.配置好基于秘钥认证连接被管控主机
# 在管控端生成ssh服务的秘钥对 [root@centos7 ~]# ssh-keygen -t rsa -P ‘‘ Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 87:ef:0c:65:de:13:08:fe:0c:ea:23:3e:75:01:f5:b6 root@centos7 The key‘s randomart image is: +--[ RSA 2048]----+ | .. | | . . | | .. o | | ..+ o | | S.E . | | ...X . . | | .... = o | | o.. + . | | ..o.. o | +-----------------+ [root@centos7 ~]# cd .ssh [root@centos7 .ssh]# ls authorized_keys id_rsa id_rsa.pub known_hosts
把生成的密钥对传给其他被管控端(比较安全的做法)
[root@centos7 ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.1.252.161 The authenticity of host ‘10.1.252.161 (10.1.252.161)‘ can‘t be established. ECDSA key fingerprint is 56:78:d2:e8:41:b0:62:ad:4f:47:90:75:01:a4:fa:8c. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@10.1.252.161‘s password: # 第一次需要输入密码 Number of key(s) added: 1 Now try logging into the machine, with: "ssh ‘root@10.1.252.161‘" and check to make sure that only the key(s) you wanted were added. # 测试连接被管控主机,发现可以不用密码就能获取信息 [root@centos7 ~]# ssh 10.1.252.161 ‘ifconfig‘ eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.1.252.161 netmask 255.255.0.0 broadcast 10.1.255.255 inet6 fe80::20c:29ff:fed6:e460 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:d6:e4:60 txqueuelen 1000 (Ethernet) RX packets 24229 bytes 1996170 (1.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 672 bytes 91700 (89.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 68 bytes 5588 (5.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 68 bytes 5588 (5.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
1.ping:
作用:探测目标主机是否存活;
演示:
[root@centos7 ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong‘ on success.
action: ping
# 连接websrvs组的主机,探测是否OK
[root@centos7 ~]# ansible websrvs -m ping
10.1.252.156 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.1.252.161 | SUCCESS => {
"changed": false,
"ping": "pong"
}
# 探测所有的主机是否OK
[root@centos7 ~]# ansible all -m ping
10.1.252.156 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.1.252.161 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.1.252.205 | SUCCESS => {
"changed": false,
"ping": "pong"
}2.command:
作用:在远程主机执行命令;
演示:
[root@centos7 ~]# ansible all -m command -a "ifconfig" # 获取所有主机的ip地址 10.1.252.205 | SUCCESS | rc=0 >> eth0 Link encap:Ethernet HWaddr 00:0C:29:CB:50:90 inet addr:10.1.252.205 Bcast:10.1.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fecb:5090/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:345117 errors:0 dropped:0 overruns:0 frame:0 TX packets:1571 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:39948104 (38.0 MiB) TX bytes:148792 (145.3 KiB) 10.1.252.156 | SUCCESS | rc=0 >> eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.1.252.156 netmask 255.255.0.0 broadcast 10.1.255.255 inet6 fe80::20c:29ff:fe16:ed45 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:16:ed:45 txqueuelen 1000 (Ethernet) RX packets 31117 bytes 2793084 (2.6 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 571 bytes 104372 (101.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 10.1.252.161 | SUCCESS | rc=0 >> eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.1.252.161 netmask 255.255.0.0 broadcast 10.1.255.255 inet6 fe80::20c:29ff:fed6:e460 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:d6:e4:60 txqueuelen 1000 (Ethernet) RX packets 30903 bytes 2725577 (2.5 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 950 bytes 134392 (131.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 同时在3台被管控主机上创建“centos”的用户 [root@centos7 ~]# ansible all -m command -a "useradd centos" 10.1.252.156 | SUCCESS | rc=0 >> 10.1.252.205 | SUCCESS | rc=0 >> 10.1.252.161 | SUCCESS | rc=0 >> # 查看3台主机centos 用户的id [root@centos7 ~]# ansible all -m command -a "id centos" 10.1.252.205 | SUCCESS | rc=0 >> uid=500(centos) gid=500(centos) groups=500(centos) 10.1.252.156 | SUCCESS | rc=0 >> uid=1003(centos) gid=1003(centos) groups=1003(centos) 10.1.252.161 | SUCCESS | rc=0 >> uid=1001(centos) gid=1001(centos) groups=1001(centos) # 为3台主机centos用户设定密码为123456(通过管道传送),发现command模块只识别最左侧命令,这时要使用shell模块 [root@centos7 ~]# ansible all -m command -a "echo ‘123456‘ |passwd --stdin centos" 10.1.252.205 | SUCCESS | rc=0 >> 123456 |passwd --stdin centos # 可以看到只是执行了echo命令 10.1.252.156 | SUCCESS | rc=0 >> 123456 |passwd --stdin centos 10.1.252.161 | SUCCESS | rc=0 >> 123456 |passwd --stdin centos
3.shell:
作用:在远程主机上调用shell解释器运行命令,支持shell的各种功能,例如管道等 ;
注意:
command和shell模块的核心参数直接为命令本身;而其它模块的参数通常为“key=value”格式;
演示:
[root@centos7 ~]# ansible all -m shell -a "echo ‘123456‘ |passwd --stdin centos" 10.1.252.205 | SUCCESS | rc=0 >> Changing password for user centos. passwd: all authentication tokens updated successfully. # 命令正常的执行结果 10.1.252.156 | SUCCESS | rc=0 >> Changing password for user centos. passwd: all authentication tokens updated successfully. 10.1.252.161 | SUCCESS | rc=0 >> Changing password for user centos. passwd: all authentication tokens updated successfully.
4.copy:
作用:复制ansible主机上的文件到远程控制主机;
用法:
复制文件
-a "src=\‘#\‘" "
给定内容生成文件
-a "content= dest= "
其它参数:
mode, owner, group, ...
演示:
1)复制源文件到目标文件,可以给定权限等
# 复制一个文件到远程的3个主机,权限为640
[root@centos7 ~]# ansible all -m copy -a "src=/etc/fstab dest=/tmp/fstab.ansible mode=640"
10.1.252.205 | SUCCESS => {
"changed": true,
"checksum": "421fa89581f3b00d98daf454970270bc61e5ceb6", # 校验码
"dest": "/tmp/fstab.ansible", # 目标文件
"gid": 0,
"group": "root",
"md5sum": "54f0b2c85cffa2102495c84d75f1f369",
"mode": "0640", # 权限
"owner": "root",
"size": 690, # 大小
"src": "/root/.ansible/tmp/ansible-tmp-1478696569.63-274366424153403/source", # 源文件
"state": "file",
"uid": 0
}
[root@centos7 ~]# ansible all -m shell -a "ls -l /tmp/fstab.ansible"
10.1.252.205 | SUCCESS | rc=0 >>
-rw-r----- 1 root root 690 Nov 9 20:28 /tmp/fstab.ansible # 执行成功
10.1.252.156 | SUCCESS | rc=0 >>
-rw-r----- 1 root root 690 Nov 9 21:32 /tmp/fstab.ansible
10.1.252.161 | SUCCESS | rc=0 >>
-rw-r----- 1 root root 690 Nov 9 21:32 /tmp/fstab.ansible 2)给定内容生成文件
[root@centos7 ~]# ansible all -m copy -a "content=‘hello\nword\n‘ dest=/tmp/test.ansible mode=640"
10.1.252.205 | SUCCESS => {
"changed": true,
"checksum": "96e066939172dfddcfaef89de00ad9a78ca6a774",
"dest": "/tmp/test.ansible",
"gid": 0,
"group": "root",
"md5sum": "d98af44a9c199b9a1ed0ddb0f492f133",
"mode": "0640",
"owner": "root",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1478697113.75-159001268829457/source",
"state": "file",
"uid": 0
}
[root@centos7 ~]# ansible all -m command -a "cat /tmp/test.ansible "
10.1.252.205 | SUCCESS | rc=0 >>
hello
word
10.1.252.156 | SUCCESS | rc=0 >>
hello
word
10.1.252.161 | SUCCESS | rc=0 >>
hello
word5.file:
作用:设置文件属性;
用法:
创建目录: -a "path= state=directory"
创建链接文件:-a "path= src=\‘#\‘" /span>
删除文件: -a "path= state=absent“
演示:
1)修改文件属主
[root@centos7 ~]# ansible all -m file -a "path=/tmp/fstab.ansible owner=centos"
10.1.252.205 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0640",
"owner": "centos",
"path": "/tmp/fstab.ansible",
"size": 690,
"state": "file",
"uid": 500
}2)删除文件
# state 用来定义其目标状态
[root@centos7 ~]# ansible all -m file -a "path=/tmp/fstab.ansible state=absent"
10.1.252.205 | SUCCESS => {
"changed": true,
"path": "/tmp/fstab.ansible",
"state": "absent"
}
10.1.252.156 | SUCCESS => {
"changed": true,
"path": "/tmp/fstab.ansible",
"state": "absent"
}
10.1.252.161 | SUCCESS => {
"changed": true,
"path": "/tmp/fstab.ansible",
"state": "absent"
}3)创建目录文件
[root@centos7 ~]# ansible all -m file -a "path=/tmp/dir.ansible state=directory"
10.1.252.205 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/dir.ansible",
"size": 4096,
"state": "directory",
"uid": 0
}4)创建链接文件
[root@centos7 ~]# ansible all -m file -a "path=/tmp/test.ansible.link src=/tmp/test.ansible state=link"
10.1.252.205 | SUCCESS => {
"changed": true,
"dest": "/tmp/test.ansible.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 17,
"src": "/tmp/test.ansible",
"state": "link",
"uid": 0
}
# 远程主机查看,成功创建链接文件
[root@CentOS6 ~]# ls /tmp
dir.ansible ks-script-OR__dn ks-script-OR__dn.log test.ansible test.ansible.link yum.log1.
★
标签:ansible
原文地址:http://1992tao.blog.51cto.com/11606804/1871264
