Ansible介紹和實踐
開場Ansible和Saltstack區別
Ansible是一個批量運維管理框架
Saltstack和ansible相類似
相同:
Saltstack和ansible都是由python編寫的
Saltstack和ansible功能也很類似
不同:
Saltstack
Master
Minion
類socket通信zeromq
Yaml
Ansible
只有master(server)端
Yaml語言
配置文件
pip install pyaml
Paramiko
SSH遠程登錄
一 Ansible yum 安裝
1, 確保yum完好
2, wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-noarch.rpm
3, yum –y install ansible
二,測試環境配置
註意:192.168.100.201這臺機器是主控機,剩下的192.168.100.202、192.168.100.203、192.168.100.210均為測試主機。
# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 82:68:12:6c:a7:62:24:15:7c:e4:6f:92:42:3a:64:66 root@node1 The key‘s randomart image is: +--[ RSA 2048]----+ | .oo. | |..... | |oE.o. | |O+o. + | |=o+ + + S | |o+ . o . | | | | | | | +-----------------+ # ssh-copy-id -i .ssh/id_rsa.pub [email protected] The authenticity of host ‘192.168.100.202 (192.168.100.202)‘ can‘t be established. RSA key fingerprint is c4:4c:b0:22:d2:20:46:98:43:8c:19:fc:98:88:eb:9b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘192.168.100.202‘ (RSA) to the list of known hosts. [email protected]‘s password: Now try logging into the machine, with "ssh ‘[email protected]‘", and check in: .ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting. # ssh-copy-id -i .ssh/id_rsa.pub [email protected] # ssh-copy-id -i .ssh/id_rsa.pub [email protected]
主控機配置
# tail -5 /etc/ansible/hosts [web] 192.168.100.202 192.168.100.203 [db] 192.168.100.210
測試
# ansible all -m ping
192.168.100.202 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.100.203 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.100.210 | SUCCESS => {
"changed": false,
"ping": "pong"
}命令參數
-a MODULE_ARGS, --args=MODULE_ARGS:模塊參數
--ask-vault-pass:加密playbook文件時提示輸入密碼
-B SECONDS, --background=SECONDS:後臺執行命令,超過SECONDS秒後終止正在執行的命令
-D, --diff:當更新的文件數及內容較少時,該選項可顯示這些文件不同的地方
-e EXTRA_VARS, --extra-vars=EXTRA_VARS:在playbook中引入外部變量
-f FORKS, --forks=FORKS:並發線程數,默認是5個
-i INVENTORY, --inventory-file=INVENTORY:指定要讀取的inventory文件
-l SUBSET, --limit=SUBSET:指定運行的主機(正則)
--list-hosts:列出符合條件的主機列表,不執行任何命令
-m MODULE_NAME, --module-name=MODULE_NAME:指定執行使用的模塊
-M MODULE_PATH, --module-path=MODULE_PATH:指定模塊存放路徑,默認/usr/share/ansible,也可以通過ANSIBLE_LIBRARY設定默認路徑
-P POLL_INTERVAL, --poll=POLL_INTERVAL:定期返回後臺認任務進度
--syntax-check:檢測playbook中的語法書寫
-t TREE, --tree=TREE:輸出信息至TREE目錄中,結果文件以遠程主機名命名
-v, --verbose:輸出更詳細的執行過程信息,-vvv可得到執行過程所有信息
-k, --ask-pass:認證密碼
--private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE:指定密鑰文件
-u REMOTE_USER, --user=REMOTE_USER:指定遠程主機以REMOTE_USER運行命令
-c CONNECTION, --connection=CONNECTION:指定連接方式
-T TIMEOUT, --timeout=TIMEOUT:指定連接遠程主機的最大超時,單位是秒
-s, --sudo:相當於Linux下的sudo命令
-U SUDO_USER, --sudo-user=SUDO_USER:使用sudo相當於Linux下的sudo命令
常用模塊
shell
默認情況下,ansible使用的module 是 command,這個模塊並不支持 shell 變量和管道等,若想使用shell 來執行模塊,請使用-m 參數指定 shell 模塊,但是值得註意的是普通的命令執行模塊是通過python的ssh執行。
舉例
# ansible all -m shell -a ‘ps aux |grep nginx‘ 192.168.100.202 | SUCCESS | rc=0 >> root 1896 0.0 0.1 44728 1096 ? Ss 12:06 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf nginx 1899 0.0 0.1 45172 1672 ? S 12:06 0:00 nginx: worker process root 3311 0.0 0.1 106092 1120 pts/1 S+ 16:56 0:00 /bin/sh -c ps aux |grep nginx root 3313 0.0 0.0 103324 864 pts/1 S+ 16:56 0:00 grep nginx 192.168.100.203 | SUCCESS | rc=0 >> root 3585 0.0 0.1 106092 1120 pts/1 S+ 20:24 0:00 /bin/sh -c ps aux |grep nginx root 3587 0.0 0.0 103324 860 pts/1 S+ 20:24 0:00 grep nginx 192.168.100.210 | SUCCESS | rc=0 >> root 7344 0.0 0.1 106092 1128 pts/1 S+ 20:24 0:00 /bin/sh -c ps aux |grep nginx root 7346 0.0 0.0 103320 856 pts/1 S+ 20:24 0:00 grep nginx
copy
實現主控端向目標主機拷貝文件,類似於scp的功能。
舉例
# ansible web -m copy -a "src=/etc/fstab dest=/tmp mode=0600" # ansible web -m command -a ‘ls -l /tmp/fstab‘ 192.168.100.203 | SUCCESS | rc=0 >> -rw------- 1 root root 871 3月 12 20:31 /tmp/fstab 192.168.100.202 | SUCCESS | rc=0 >> -rw------- 1 root root 871 3月 12 17:03 /tmp/fstab
file
file模塊稱之為文件屬性模塊,可以做的操作如下:
使用 file 模塊創建目錄:
# ansible db -m file -a "dest=/tmp/study mode=700 owner=root group=ftp state=directory"
192.168.100.210 | SUCCESS => {
"changed": true,
"gid": 50,
"group": "ftp",
"mode": "0700",
"owner": "root",
"path": "/tmp/study",
"size": 4096,
"state": "directory",
"uid": 0
}
# ansible db -m command -a ‘ls -dl /tmp/study‘
192.168.100.210 | SUCCESS | rc=0 >>
drwx------ 2 root ftp 4096 3月 12 20:44 /tmp/study創建文件:
# ansible db -m file -a ‘dest=/tmp/study/1.txt state=touch mode=600‘
192.168.100.210 | SUCCESS => {
"changed": true,
"dest": "/tmp/study/1.txt",
"gid": 0,
"group": "root",
"mode": "0600",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
# ansible db -m command -a ‘ls -l /tmp/study/1.txt‘
192.168.100.210 | SUCCESS | rc=0 >>
-rw------- 1 root root 0 3月 12 21:00 /tmp/study/1.txt刪除文件
# ansible db -m file -a ‘dest=/tmp/study/1.txt state=absent‘
192.168.100.210 | SUCCESS => {
"changed": true,
"path": "/tmp/study/1.txt",
"state": "absent"
}stat
獲取遠程文件狀態信息,包含atime、ctime、mtime、md5、uid、gid等:
# ansible db -m stat -a ‘path=/tmp/study‘
yum
- name: install the latest version of Apache yum: name=httpd state=latest - name: remove the Apache package yum: name=httpd state=absent - name: install the latest version of Apache from the testing repo yum: name=httpd enablerepo=testing state=present - name: install one specific version of Apache yum: name=httpd-2.2.29-1.4.amzn1 state=present - name: upgrade all packages yum: name=* state=latest - name: install the nginx rpm from a remote repo yum: name=http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm state=present - name: install nginx rpm from a local file yum: name=/usr/local/src/nginx-release-centos-6-0.el6.ngx.noarch.rpm state=present - name: install the ‘Development tools‘ package group yum: name="@Development tools" state=present - name: install the ‘Gnome desktop‘ environment group yum: name="@^gnome-desktop-environment" state=present
cron
在指定節點上定義一個計劃任務,每隔3分鐘到主控端更新一次時間:
ansible all -m cron -a ‘name="ntp date" minute=*/5 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 1.asia.pool.ntp.org"‘
192.168.100.210 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"ntp date"
]
}
192.168.100.203 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"ntp date"
]
}
192.168.100.202 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"ntp date"
]
}
# ansible all -m command -a ‘crontab -l‘
192.168.100.203 | SUCCESS | rc=0 >>
#Ansible: ntp date
*/5 * * * * /usr/sbin/ntpdate 1.asia.pool.ntp.org
192.168.100.202 | SUCCESS | rc=0 >>
#Ansible: ntp date
*/5 * * * * /usr/sbin/ntpdate 1.asia.pool.ntp.org
192.168.100.210 | SUCCESS | rc=0 >>
#Ansible: ntp date
*/5 * * * * /usr/sbin/ntpdate 1.asia.pool.ntp.orgservice
啟動指定節點上的 httpd 服務,並讓其開機自啟動:
# ansible web -a ‘rpm -qa httpd‘
192.168.100.203 | SUCCESS | rc=0 >>
httpd-2.2.15-55.el6.centos.2.x86_64
192.168.100.202 | SUCCESS | rc=0 >>
httpd-2.2.15-56.el6.centos.3.x86_64
# ansible web -a ‘chkconfig --list httpd‘
192.168.100.202 | SUCCESS | rc=0 >>
httpd 0:關閉 1:關閉 2:關閉 3:關閉 4:關閉 5:關閉 6:關閉
192.168.100.203 | SUCCESS | rc=0 >>
httpd 0:關閉 1:關閉 2:關閉 3:關閉 4:關閉 5:關閉 6:關閉
# ansible web -a ‘/etc/init.d/httpd status‘
192.168.100.202 | FAILED | rc=3 >>
httpd 已停
192.168.100.203 | FAILED | rc=3 >>
httpd 已停
# ansible web -m service -a ‘name=httpd state=started enabled=yes‘
192.168.100.202 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
192.168.100.203 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
# ansible web -a ‘/etc/init.d/httpd status‘
192.168.100.203 | SUCCESS | rc=0 >>
httpd (pid 4901) 正在運行...
192.168.100.202 | SUCCESS | rc=0 >>
httpd (pid 4688) 正在運行...
# ansible web -a ‘chkconfig --list httpd‘
192.168.100.202 | SUCCESS | rc=0 >>
httpd 0:關閉 1:關閉 2:啟用 3:啟用 4:啟用 5:啟用 6:關閉
192.168.100.203 | SUCCESS | rc=0 >>
httpd 0:關閉 1:關閉 2:啟用 3:啟用 4:啟用 5:啟用 6:關閉script
在指定節點上執行/root/test.sh腳本(該腳本是在ansible控制節點上的):
# cat test.sh
#!/bin/bash
uptime
echo "Hello world!"
# ansible db -m script -a ‘/root/test.sh‘
192.168.100.210 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.100.210 closed.\r\n",
"stdout": " 21:43:11 up 4:35, 2 users, load average: 0.16, 0.03, 0.01\r\nHello world!\r\n",
"stdout_lines": [
" 21:43:11 up 4:35, 2 users, load average: 0.16, 0.03, 0.01",
"Hello world!"
]
}get_url
下載lrzsz到web組機器的/tmp目錄中:
# ansible web -m get_url -a ‘url=https://mirrors.aliyun.com/centos/6.8/os/x86_64/Packages/lrzsz-0.12.20-27.1.el6.x86_64.rpm dest=/tmp/‘
192.168.100.203 | SUCCESS => {
"changed": false,
"checksum_dest": "5fa0cc444e4474cab0198af83e405224b6130c7b",
"checksum_src": "5fa0cc444e4474cab0198af83e405224b6130c7b",
"dest": "/tmp/lrzsz-0.12.20-27.1.el6.x86_64.rpm",
"gid": 0,
"group": "root",
"md5sum": "2cc2edecc0e4f553a4ec0e5db49c1ec6",
"mode": "0644",
"msg": "OK (72436 bytes)",
"owner": "root",
"size": 72436,
"src": "/tmp/tmp1WXVKL",
"state": "file",
"uid": 0,
"url": "https://mirrors.aliyun.com/centos/6.8/os/x86_64/Packages/lrzsz-0.12.20-27.1.el6.x86_64.rpm"
}
192.168.100.202 | SUCCESS => {
"changed": false,
"checksum_dest": "5fa0cc444e4474cab0198af83e405224b6130c7b",
"checksum_src": "5fa0cc444e4474cab0198af83e405224b6130c7b",
"dest": "/tmp/lrzsz-0.12.20-27.1.el6.x86_64.rpm",
"gid": 0,
"group": "root",
"md5sum": "2cc2edecc0e4f553a4ec0e5db49c1ec6",
"mode": "0644",
"msg": "OK (72436 bytes)",
"owner": "root",
"size": 72436,
"src": "/tmp/tmpMxIP4A",
"state": "file",
"uid": 0,
"url": "https://mirrors.aliyun.com/centos/6.8/os/x86_64/Packages/lrzsz-0.12.20-27.1.el6.x86_64.rpm"
}本文出自 “探尋之路” 博客,請務必保留此出處http://oybw88.blog.51cto.com/2486740/1981697
Ansible介紹和實踐