标签:ansible介绍和实践
开场Ansible和Saltstack区别
Ansible是一个批量运维管理框架
Saltstack和ansible相类似
相同:
Saltstack和ansible都是由python编写的
Saltstack和ansible功能也很类似
不同:
Saltstack
Master
Minion
类socket通信zeromq
Yaml
Ansible
只有master(server)端
Yaml语言
配置文件
pip install pyaml
Paramiko
SSH远程登录
一 Ansible yum 安装
1, 确保yum完好
2, wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-noarch.rpm
3, yum –y install ansible
二,测试环境配置
注意:192.168.100.201这台机器是主控机,剩下的192.168.100.202、192.168.100.203、192.168.100.210均为测试主机。
# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 82:68:12:6c:a7:62:24:15:7c:e4:6f:92:42:3a:64:66 root@node1 The key‘s randomart image is: +--[ RSA 2048]----+ | .oo. | |..... | |oE.o. | |O+o. + | |=o+ + + S | |o+ . o . | | | | | | | +-----------------+ # ssh-copy-id -i .ssh/id_rsa.pub root@192.168.100.202 The authenticity of host ‘192.168.100.202 (192.168.100.202)‘ can‘t be established. RSA key fingerprint is c4:4c:b0:22:d2:20:46:98:43:8c:19:fc:98:88:eb:9b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘192.168.100.202‘ (RSA) to the list of known hosts. root@192.168.100.202‘s password: Now try logging into the machine, with "ssh ‘root@192.168.100.202‘", and check in: .ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting. # ssh-copy-id -i .ssh/id_rsa.pub root@192.168.100.203 # ssh-copy-id -i .ssh/id_rsa.pub root@192.168.100.210
# tail -5 /etc/ansible/hosts [web] 192.168.100.202 192.168.100.203 [db] 192.168.100.210
# ansible all -m ping 192.168.100.202 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.100.203 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.100.210 | SUCCESS => { "changed": false, "ping": "pong" }
-a MODULE_ARGS, --args=MODULE_ARGS:模块参数
--ask-vault-pass:加密playbook文件时提示输入密码
-B SECONDS, --background=SECONDS:后台执行命令,超过SECONDS秒后终止正在执行的命令
-D, --diff:当更新的文件数及内容较少时,该选项可显示这些文件不同的地方
-e EXTRA_VARS, --extra-vars=EXTRA_VARS:在playbook中引入外部变量
-f FORKS, --forks=FORKS:并发线程数,默认是5个
-i INVENTORY, --inventory-file=INVENTORY:指定要读取的inventory文件
-l SUBSET, --limit=SUBSET:指定运行的主机(正则)
--list-hosts:列出符合条件的主机列表,不执行任何命令
-m MODULE_NAME, --module-name=MODULE_NAME:指定执行使用的模块
-M MODULE_PATH, --module-path=MODULE_PATH:指定模块存放路径,默认/usr/share/ansible,也可以通过ANSIBLE_LIBRARY设定默认路径
-P POLL_INTERVAL, --poll=POLL_INTERVAL:定期返回后台认任务进度
--syntax-check:检测playbook中的语法书写
-t TREE, --tree=TREE:输出信息至TREE目录中,结果文件以远程主机名命名
-v, --verbose:输出更详细的执行过程信息,-vvv可得到执行过程所有信息
-k, --ask-pass:认证密码
--private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE:指定密钥文件
-u REMOTE_USER, --user=REMOTE_USER:指定远程主机以REMOTE_USER运行命令
-c CONNECTION, --connection=CONNECTION:指定连接方式
-T TIMEOUT, --timeout=TIMEOUT:指定连接远程主机的最大超时,单位是秒
-s, --sudo:相当于Linux下的sudo命令
-U SUDO_USER, --sudo-user=SUDO_USER:使用sudo相当于Linux下的sudo命令
默认情况下,ansible使用的module 是 command,这个模块并不支持 shell 变量和管道等,若想使用shell 来执行模块,请使用-m 参数指定 shell 模块,但是值得注意的是普通的命令执行模块是通过python的ssh执行。
举例
# ansible all -m shell -a ‘ps aux |grep nginx‘ 192.168.100.202 | SUCCESS | rc=0 >> root 1896 0.0 0.1 44728 1096 ? Ss 12:06 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf nginx 1899 0.0 0.1 45172 1672 ? S 12:06 0:00 nginx: worker process root 3311 0.0 0.1 106092 1120 pts/1 S+ 16:56 0:00 /bin/sh -c ps aux |grep nginx root 3313 0.0 0.0 103324 864 pts/1 S+ 16:56 0:00 grep nginx 192.168.100.203 | SUCCESS | rc=0 >> root 3585 0.0 0.1 106092 1120 pts/1 S+ 20:24 0:00 /bin/sh -c ps aux |grep nginx root 3587 0.0 0.0 103324 860 pts/1 S+ 20:24 0:00 grep nginx 192.168.100.210 | SUCCESS | rc=0 >> root 7344 0.0 0.1 106092 1128 pts/1 S+ 20:24 0:00 /bin/sh -c ps aux |grep nginx root 7346 0.0 0.0 103320 856 pts/1 S+ 20:24 0:00 grep nginx
实现主控端向目标主机拷贝文件,类似于scp的功能。
举例
# ansible web -m copy -a "src=/etc/fstab dest=/tmp mode=0600" # ansible web -m command -a ‘ls -l /tmp/fstab‘ 192.168.100.203 | SUCCESS | rc=0 >> -rw------- 1 root root 871 3月 12 20:31 /tmp/fstab 192.168.100.202 | SUCCESS | rc=0 >> -rw------- 1 root root 871 3月 12 17:03 /tmp/fstab
file模块称之为文件属性模块,可以做的操作如下:
使用 file 模块创建目录:
# ansible db -m file -a "dest=/tmp/study mode=700 owner=root group=ftp state=directory" 192.168.100.210 | SUCCESS => { "changed": true, "gid": 50, "group": "ftp", "mode": "0700", "owner": "root", "path": "/tmp/study", "size": 4096, "state": "directory", "uid": 0 } # ansible db -m command -a ‘ls -dl /tmp/study‘ 192.168.100.210 | SUCCESS | rc=0 >> drwx------ 2 root ftp 4096 3月 12 20:44 /tmp/study
创建文件:
# ansible db -m file -a ‘dest=/tmp/study/1.txt state=touch mode=600‘ 192.168.100.210 | SUCCESS => { "changed": true, "dest": "/tmp/study/1.txt", "gid": 0, "group": "root", "mode": "0600", "owner": "root", "size": 0, "state": "file", "uid": 0 } # ansible db -m command -a ‘ls -l /tmp/study/1.txt‘ 192.168.100.210 | SUCCESS | rc=0 >> -rw------- 1 root root 0 3月 12 21:00 /tmp/study/1.txt
删除文件
# ansible db -m file -a ‘dest=/tmp/study/1.txt state=absent‘ 192.168.100.210 | SUCCESS => { "changed": true, "path": "/tmp/study/1.txt", "state": "absent" }
获取远程文件状态信息,包含atime、ctime、mtime、md5、uid、gid等:
# ansible db -m stat -a ‘path=/tmp/study‘
- name: install the latest version of Apache yum: name=httpd state=latest - name: remove the Apache package yum: name=httpd state=absent - name: install the latest version of Apache from the testing repo yum: name=httpd enablerepo=testing state=present - name: install one specific version of Apache yum: name=httpd-2.2.29-1.4.amzn1 state=present - name: upgrade all packages yum: name=* state=latest - name: install the nginx rpm from a remote repo yum: name=http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm state=present - name: install nginx rpm from a local file yum: name=/usr/local/src/nginx-release-centos-6-0.el6.ngx.noarch.rpm state=present - name: install the ‘Development tools‘ package group yum: name="@Development tools" state=present - name: install the ‘Gnome desktop‘ environment group yum: name="@^gnome-desktop-environment" state=present
在指定节点上定义一个计划任务,每隔3分钟到主控端更新一次时间:
ansible all -m cron -a ‘name="ntp date" minute=*/5 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 1.asia.pool.ntp.org"‘ 192.168.100.210 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "ntp date" ] } 192.168.100.203 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "ntp date" ] } 192.168.100.202 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "ntp date" ] } # ansible all -m command -a ‘crontab -l‘ 192.168.100.203 | SUCCESS | rc=0 >> #Ansible: ntp date */5 * * * * /usr/sbin/ntpdate 1.asia.pool.ntp.org 192.168.100.202 | SUCCESS | rc=0 >> #Ansible: ntp date */5 * * * * /usr/sbin/ntpdate 1.asia.pool.ntp.org 192.168.100.210 | SUCCESS | rc=0 >> #Ansible: ntp date */5 * * * * /usr/sbin/ntpdate 1.asia.pool.ntp.org
启动指定节点上的 httpd 服务,并让其开机自启动:
# ansible web -a ‘rpm -qa httpd‘ 192.168.100.203 | SUCCESS | rc=0 >> httpd-2.2.15-55.el6.centos.2.x86_64 192.168.100.202 | SUCCESS | rc=0 >> httpd-2.2.15-56.el6.centos.3.x86_64 # ansible web -a ‘chkconfig --list httpd‘ 192.168.100.202 | SUCCESS | rc=0 >> httpd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭 192.168.100.203 | SUCCESS | rc=0 >> httpd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭 # ansible web -a ‘/etc/init.d/httpd status‘ 192.168.100.202 | FAILED | rc=3 >> httpd 已停 192.168.100.203 | FAILED | rc=3 >> httpd 已停 # ansible web -m service -a ‘name=httpd state=started enabled=yes‘ 192.168.100.202 | SUCCESS => { "changed": true, "enabled": true, "name": "httpd", "state": "started" } 192.168.100.203 | SUCCESS => { "changed": true, "enabled": true, "name": "httpd", "state": "started" } # ansible web -a ‘/etc/init.d/httpd status‘ 192.168.100.203 | SUCCESS | rc=0 >> httpd (pid 4901) 正在运行... 192.168.100.202 | SUCCESS | rc=0 >> httpd (pid 4688) 正在运行... # ansible web -a ‘chkconfig --list httpd‘ 192.168.100.202 | SUCCESS | rc=0 >> httpd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭 192.168.100.203 | SUCCESS | rc=0 >> httpd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
在指定节点上执行/root/test.sh脚本(该脚本是在ansible控制节点上的):
# cat test.sh #!/bin/bash uptime echo "Hello world!" # ansible db -m script -a ‘/root/test.sh‘ 192.168.100.210 | SUCCESS => { "changed": true, "rc": 0, "stderr": "Shared connection to 192.168.100.210 closed.\r\n", "stdout": " 21:43:11 up 4:35, 2 users, load average: 0.16, 0.03, 0.01\r\nHello world!\r\n", "stdout_lines": [ " 21:43:11 up 4:35, 2 users, load average: 0.16, 0.03, 0.01", "Hello world!" ] }
下载lrzsz到web组机器的/tmp目录中:
# ansible web -m get_url -a ‘url=https://mirrors.aliyun.com/centos/6.8/os/x86_64/Packages/lrzsz-0.12.20-27.1.el6.x86_64.rpm dest=/tmp/‘ 192.168.100.203 | SUCCESS => { "changed": false, "checksum_dest": "5fa0cc444e4474cab0198af83e405224b6130c7b", "checksum_src": "5fa0cc444e4474cab0198af83e405224b6130c7b", "dest": "/tmp/lrzsz-0.12.20-27.1.el6.x86_64.rpm", "gid": 0, "group": "root", "md5sum": "2cc2edecc0e4f553a4ec0e5db49c1ec6", "mode": "0644", "msg": "OK (72436 bytes)", "owner": "root", "size": 72436, "src": "/tmp/tmp1WXVKL", "state": "file", "uid": 0, "url": "https://mirrors.aliyun.com/centos/6.8/os/x86_64/Packages/lrzsz-0.12.20-27.1.el6.x86_64.rpm" } 192.168.100.202 | SUCCESS => { "changed": false, "checksum_dest": "5fa0cc444e4474cab0198af83e405224b6130c7b", "checksum_src": "5fa0cc444e4474cab0198af83e405224b6130c7b", "dest": "/tmp/lrzsz-0.12.20-27.1.el6.x86_64.rpm", "gid": 0, "group": "root", "md5sum": "2cc2edecc0e4f553a4ec0e5db49c1ec6", "mode": "0644", "msg": "OK (72436 bytes)", "owner": "root", "size": 72436, "src": "/tmp/tmpMxIP4A", "state": "file", "uid": 0, "url": "https://mirrors.aliyun.com/centos/6.8/os/x86_64/Packages/lrzsz-0.12.20-27.1.el6.x86_64.rpm" }
本文出自 “探寻之路” 博客,请务必保留此出处http://oybw88.blog.51cto.com/2486740/1981697
标签:ansible介绍和实践
原文地址:http://oybw88.blog.51cto.com/2486740/1981697