自動化運維工具ansible的簡單使用
準備兩臺機器,一臺作為服務端,一臺作為客戶端
1、在其中一臺服務端上安裝ansible
[[email protected] ~]# yum install -y epel-release
[[email protected] ~]# yum install -y ansible
2、配置密鑰
在服務端生成密鑰對:
[[email protected] ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
7e:90:5c:3b:e2:71:4d:ed:e8:fc:ed:7b:21:42:c5:43 [email protected]
The key‘s randomart image is:
+--[ RSA 2048]----+
| oE |
| = |
| . o o |
| . o = o |
| S = o . |
| o = = . . |
| o . + . .|
| . . ..|
| .o=|
+-----------------+
把公鑰(id_rsa.pub)內容放到對方機器的/root/.ssh/authorized_keys,本機也要操作cat id_rsa.pub >>authorized_keys.
設置權限:chmod 600 authorized_keys
關閉selinux和iptables
3、測試服務端能ssh連接客戶端
/*如報錯msg則安裝libselinux-python包*/
4、修改ansible配置文件
vim /etc/ansible/hosts
添加
[testhosts]
127.0.0.1
192.168.44.131
保存退出
ansible默認使用root用戶登錄遠程服務,如生產機上環境進行了安全加固不允許root直接登錄,而許多命令又需要root用戶來執行,那麽可以通過一個普通賬戶先登錄,再su切換到root執行,希望在通過ansible執行的時候不需要交互輸入密碼,而是直接執行後的輸出結果。
那麽可從官網信息了解到,除了ansible_ssh_user、ansible_ssh_pass變量外,還為su切換提供了ansible_su_pass變量,通過該變量我們可以把root密碼直接寫到配置文件中。具體如下:
[[email protected] ~]# cat /etc/ansible/hosts
[testhosts]
192.168.44.134 ansible_ssh_user=test ansible_ssh_pass=111111 ansible_su_pass=*I2145
192.168.44.135 ansible_ssh_user=test ansible_ssh_pass=xyz123 ansible_su_pass=mn1Pokm
192.168.44.136 ansible_ssh_user=amos ansible_ssh_pass=asdf ansible_su_pass=xyzp)okm
5、在服務端使用ansible遠程執行命令
[[email protected] ~]# ansible 192.168.44.131 -m command -a "w"
192.168.44.131 | SUCCESS | rc=0 >>
10:40:12 up 50 min, 4 users, load average: 0.00, 0.04, 0.08
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 09:49 50:20 0.01s 0.01s -bash
root pts/0 192.168.44.1 09:50 4.00s 0.10s 0.03s ssh 192.168.44.131
root pts/1 192.168.44.131 10:35 4.00s 0.46s 0.00s ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/ansible-ssh-%h-%p-%r -tt 192.168.44.131 /bin/sh -c ‘/usr/bin/python /root/.ansible/tmp/ansible-tmp-1490020811.62-276287230088127/command.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1490020811.62-2762872
root pts/3 192.168.44.131 10:40 0.00s 0.10s 0.02s w
/*如報錯msg則安裝libselinux-python包*/
[[email protected] ~]# ansible 192.168.44.131 -m shell -a "hostname"
192.168.44.131 | SUCCESS | rc=0 >>
database
[[email protected] ~]# ansible 192.168.44.131 -m shell -a "cat /etc/passwd |grep root"
192.168.44.131 | SUCCESS | rc=0 >>
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
shell支持帶管道的命令,command是不支持的
shell能實現的功能command不一定能實現,command能實現的功能shell一定能實現。
6、ansible拷貝目錄或文件:
[[email protected] ~]# ansible 192.168.44.129 -m copy -a "src=/etc/ansible dest=/tmp/ansibletest owner=root group=root mode=0644"
192.168.44.129 | SUCCESS => {
"changed": false,
"dest": "/tmp/ansibletest/",
"src": "/etc/ansible"
}
7、遠程執行腳本
1)首先創建一個腳本
[[email protected] ~]# vim /tmp/test.sh
2)把腳本分發到各個機器上
[[email protected] ~]# ansible 192.168.44.129 -m copy -a "src=/tmp/test.sh dest=/tmp/test.sh mode=0755"
192.168.44.129 | SUCCESS => {
"changed": true,
"checksum": "36b1098c7103132b8b595e740a603b67f62daf18",
"dest": "/tmp/test.sh",
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/test.sh",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 46,
"state": "file",
"uid": 0
}
3)批量執行該shell腳本
[[email protected] ~]# ansible 192.168.44.129 -m shell -a "src=/tmp/test.sh"
192.168.44.129 | SUCCESS | rc=0 >>
8、ansible實現任務計劃
1)添加任務計劃
[[email protected] ~]# ansible 192.168.44.129 -m cron -a "name=‘test cron‘ job=‘/bin/bash /tmp/test.sh‘ weekday=6"
192.168.44.129 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
————————————————————————
[[email protected] ~]# ansible 192.168.44.129 -m cron -a "name=‘test cron‘ job=‘/bin/bash /tmp/test.sh‘ day=‘1-10‘ weekday=6"
192.168.44.129 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
[[email protected] ~]# ansible 192.168.44.129 -m cron -a "name=‘test cron‘ job=‘/bin/bash /tmp/test.sh‘ day=‘1,4,10‘ weekday=6"
192.168.44.129 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
————————————————————————
2)刪除任務計劃
[[email protected] ~]# ansible 192.168.44.129 -m cron -a "name=‘test cron‘ state=absent"
192.168.44.129 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": []
}
其他時間表示:分鐘minute,小時hour,日期day,月份month
9、ansible安裝rpm包 & 管理服務
[[email protected] ~]# ansible 192.168.44.129 -m yum -a "name=httpd"
192.168.44.129 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"httpd-2.4.6-45.el7.centos.x86_64 providing httpd is already installed"
]
}
[[email protected] ~]# ansible 192.168.44.129 -m yum -a "name=ntp"
192.168.44.129 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.btte.net\n * epel: mirror.premi.st\n * extras: mirrors.btte.net\n * updates: mirrors.btte.net\n * webtatic: uk.repo.webtatic.com\nResolving Dependencies\n--> Running transaction check\n---> Package ntp.x86_64 0:4.2.6p5-25.el7.centos.1 will be installed\n--> Processing Dependency: ntpdate = 4.2.6p5-25.el7.centos.1 for package: ntp-4.2.6p5-25.el7.centos.1.x86_64\n--> Processing Dependency: libopts.so.25()(64bit) for package: ntp-4.2.6p5-25.el7.centos.1.x86_64\n--> Running transaction check\n---> Package autogen-libopts.x86_64 0:5.18-5.el7 will be installed\n---> Package ntpdate.x86_64 0:4.2.6p5-25.el7.centos.1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n ntp x86_64 4.2.6p5-25.el7.centos.1 updates 547 k\nInstalling for dependencies:\n autogen-libopts x86_64 5.18-5.el7 base 66 k\n ntpdate x86_64 4.2.6p5-25.el7.centos.1 updates 85 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+2 Dependent packages)\n\nTotal download size: 699 k\nInstalled size: 1.6 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 58 kB/s | 699 kB 00:12 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : ntpdate-4.2.6p5-25.el7.centos.1.x86_64 1/3 \n Installing : autogen-libopts-5.18-5.el7.x86_64 2/3 \n Installing : ntp-4.2.6p5-25.el7.centos.1.x86_64 3/3 \n Verifying : ntp-4.2.6p5-25.el7.centos.1.x86_64 1/3 \n Verifying : autogen-libopts-5.18-5.el7.x86_64 2/3 \n Verifying : ntpdate-4.2.6p5-25.el7.centos.1.x86_64 3/3 \n\nInstalled:\n ntp.x86_64 0:4.2.6p5-25.el7.centos.1 \n\nDependency Installed:\n autogen-libopts.x86_64 0:5.18-5.el7 ntpdate.x86_64 0:4.2.6p5-25.el7.centos.1 \n\nComplete!\n"
]
}
示例:
[[email protected] ~]# ansible 192.168.44.129 -m yum -a "name=axel state=installed"
192.168.44.129 | SUCCESS => {
[[email protected] ~]# rpm -qa|grep axel
[[email protected] ~]# rpm -qa|grep axel
axel-2.4-9.el7.x86_64
10、ansible文檔的使用
列出所有模塊:
[[email protected] ~]# ansible-doc -l
查看指定模塊的文檔:
[[email protected] ~]# ansible-doc cron
自動化運維工具ansible的簡單使用