Ansible運維的必備工具
ansible是基於模塊工作的,本身沒有批量部署的能力。真正具有批量部署的是ansible所運行的模塊,ansible只是提供一種框架。主要包括:
(1)、連接插件connection plugins:負責和被監控端實現通信;
(2)、host inventory:指定操作的主機,是一個配置文件裏面定義監控的主機;
(3)、各種模塊核心模塊、command模塊、自定義模塊;
(4)、借助於插件完成記錄日誌郵件等功能;
一、系統安裝
[root@centos6 ~]# cat /etc/issue
CentOS release 6.5 (Final)
[root@centos6 ~]# uname -r
2.6.32-431.el6.x86_64
二、軟件安裝
[root@centos6 ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
[root@centos6 ~]# yum install ansible -y
[root@centos6 ~]# ansible --version
config file = /etc/ansible/ansible.cfg
configured module search path = [u‘/root/.ansible/plugins/modules‘, u‘/usr/share/ansible/plugins/modules‘]
ansible python module location = /usr/lib/python2.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.6.6 (r266:84292, Aug 18 2016, 15:13:37) [GCC 4.4.7 20120313 (Red Hat 4.4.7-17)]
配置文件目錄:/etc/ansible/
執行文件目錄:/usr/bin/
Lib庫依賴目錄:/usr/lib/pythonX.X/site-packages/ansible/
Help文檔目錄:/usr/share/doc/ansible-X.X.X/
Man 文檔目錄:/usr/share/man/man1
ansible軟件顏色信息:
綠色: 表示查看信息,對遠程主機未做改動的命令
紅色: 批量管理產生錯誤信息
×××: 對遠程主機做了相應改動
粉色: 對操作提出建議或忠告
ansible系統命令幫助文檔查看方法:
ansible-doc -l --- 列出所有可用的模塊信息
ansible-doc -s cron --- 查看指定模塊的參數信息
ansible mount -m setup -vvvv --- 主要用於排查ansible批量管理錯誤(輸出詳細信息)
ansible軟件命令參數總結(最常用)
-k, --ask-pass ask for connection password
以交互方式輸入密碼,進行遠程管理
開始之前需要給客戶端做SSH認證,在/etc/ansible/hosts 配置一個test組,裏面填寫主機IP
[test]
192.168.0.24
192.168.0.151
備註:需要熟練掌握/etc/ansible/,主要功能是:Inventory主機信息配置、Ansible工具功能配置等。
執行文件目錄:/usr/bin/,主要功能是:Ansible系列命令默認存放目錄。Ansible所有的可執行文件存放在該目錄下。
四、ansible基本配置模塊或者說是常用模塊
1,copy 模塊
2,file 模塊
3,cron 模塊
4,group 模塊
5,user 模塊
6,yum 模塊
7,service 模塊
8,script 模塊
9,ping 模塊
10,command 模塊
11,raw 模塊
12,get_url 模塊
13,synchronize 模塊
4.1)copy 模塊:
目的:把主控端/data下的nagios-3.5.1.tar.gz文件拷貝到【test】組節點上
命令參數:ansible test -m copy -a ‘src=/data/nagios-3.5.1.tar.gz dest=/data/‘
[root@Ansible data]# ansible test -m copy -a ‘src=/data/nagios-3.5.1.tar.gz dest=/data/‘
192.168.0.24 | SUCCESS => {
"changed": true,
"checksum": "486fd6c75db47000b96d6eebb1654c30d5e9bc72",
"dest": "/data/nagios-3.5.1.tar.gz",
"gid": 0,
"group": "root",
"md5sum": "9947ed3d220b4da86710884260d42856",
"mode": "0644",
"owner": "root",
"size": 1763584,
"src": "/root/.ansible/tmp/ansible-tmp-1521010564.77-89092202669155/source",
"state": "file",
"uid": 0
}
192.168.0.151 | SUCCESS => {
"changed": true,
"checksum": "486fd6c75db47000b96d6eebb1654c30d5e9bc72",
"dest": "/data/nagios-3.5.1.tar.gz",
"gid": 0,
"group": "root",
"md5sum": "9947ed3d220b4da86710884260d42856",
"mode": "0644",
"owner": "root",
"size": 1763584,
"src": "/root/.ansible/tmp/ansible-tmp-1521010564.78-232268640712511/source",
"state": "file",
"uid": 0
}
4.2)file模塊:
目的:更改指定【test】組節點上/tmp/t.sh的權限為755,屬主和屬組為root
命令參數:ansible test -m file -a "dest=/soft mode=755 owner=root group=root"
[root@Ansible data]# ansible test -m file -a "dest=/soft mode=755 owner=root group=root"
192.168.0.24 | SUCCESS => {
"changed": false,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/soft",
"size": 4096,
"state": "directory",
"uid": 0
}
192.168.0.151 | SUCCESS => {
"changed": false,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/soft",
"size": 4096,
"state": "directory",
"uid": 0
}
4.3)cron模塊:
目的:在指定【test】組節點上定義一個計劃任務,每隔5分鐘到NTPserver上更新一次時間
命令:ansible test -m cron -a ‘name="#time sync by tony at 2018-01-29 " minute=/5 hour= day= month= weekday= job="/usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1"‘
[root@Ansible ~]# ansible test -m cron -a ‘name="#time sync by tony at 2018-01-29 " minute=/5 hour= day= month= weekday= job="/usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1"‘
192.168.0.24 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"#time sync by tony at 2018-01-29 "
]
}
4.4)group模塊:
目的:在指定【test】組節點上創建一個組名為steki,gid為2018的組
命令:ansible test -m group -a ‘gid=2018 name=steki‘
[root@Ansible data]# ansible test -m group -a ‘gid=2018 name=steki‘
192.168.0.24 | SUCCESS => {
"changed": true,
"gid": 2018,
"name": "steki",
"state": "present",
"system": false
}
192.168.0.151 | SUCCESS => {
"changed": true,
"gid": 2018,
"name": "steki",
"state": "present",
"system": false
}
4.5.1)user模塊:
目的:在指定【test】組節點上創建一個用戶名為steki,組為steki的用戶
命令:ansible test -m user -a ‘name=steki group=steki state=present‘
[root@Ansible data]# ansible test -m user -a ‘name=steki group=steki state=present‘
192.168.0.24 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 2018,
"home": "/home/steki",
"name": "steki",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 501
}
192.168.0.151 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 2018,
"home": "/home/steki",
"name": "steki",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 501
}
4.5.2)刪除用戶:
命令:ansible test -m user -a ‘name=tom group=tom state=absent remove=yes‘
[root@Ansible data]# ansible test -m user -a ‘name=tom group=tom state=absent remove=yes‘
192.168.0.24 | SUCCESS => {
"changed": true,
"force": false,
"name": "tom",
"remove": true,
"state": "absent"
}
192.168.0.151 | SUCCESS => {
"changed": true,
"force": false,
"name": "tom",
"remove": true,
"state": "absent"
}
4.6)yum模塊:
目的:在指定【test】組節點上安裝nmap服務
命令:ansible test -m yum -a "state=present name=nmap"
[root@Ansible data]# ansible test -m yum -a "state=present name=nmap"
192.168.0.151 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"2:nmap-5.51-6.el6.x86_64 providing nmap is already installed"
]
}
192.168.0.24 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: aliases, changelog, downloadonly, fastestmirror, kabi, presto,\n
: security, tmprepo, verify, versionlock\nLoading support for CentOS kernel ABI\nLoading mirror
speeds from cached hostfile\n base: mirrors.aliyun.com\n epel: mirror01.idc.hinet.net\n extras:
mirrors.aliyun.com\n updates: mirrors.aliyun.com\nSetting up Install
Process\nResolving Dependencies\n--> Running transaction check\n--->
Package nmap.x86_64 2:5.51-6.el6 will be installed\n-->
Finished Dependency Resolution\n\nDependencies Resolved\n\n
================================================================================\n Package
Arch Version Repository
Size\n================================================================================\nInstalling:\n nmap
x86_64 2:5.51-6.el6 base
2.8 M\n\nTransaction Summary\n================================================================================\nInstall
1 Package(s)\n\nTotal download size: 2.8 M\nInstalled size: 9.7 M\nDownloading Packages:\nSetting up and reading Presto
delta metadata\nProcessing delta metadata\nPackage(s) data still to download: 2.8 M\nRunning rpm_check_debug\nRunning
Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : 2:nmap-5.51-6.el6.x86_64 1/1 \n\r Verifying : 2:nmap-5.51-6.el6.x86_64 1/1 \n\nInstalled:\n nmap.x86_64 2:5.51-6.el6 \n\nComplete!\n"
]
}
一般安裝完軟件後需要啟動服務,你可以使用一下命令;如:
[root@Ansible ~]# ansible 192.168.0.24 -m command -a ‘/etc/init.d/mysqld start‘
4.7)service模塊:
目的:啟動指定【test】組節點上的httpd 服務,並讓其開機自啟動
命令:ansible 10.1.1.113 -m service -a ‘name=httpd state=restarted enabled=yes‘
[root@Ansible data]# ansible test -m service -a ‘name=httpd state=restarted enabled=yes‘
192.168.0.24 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
192.168.0.151 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
4.8)script模塊:
目的:在指定【test】組節點上執行/root/a.sh腳本(該腳本是在ansible控制節點上的)
命令:ansible 10.1.1.113 -m script -a ‘/root/a.sh‘
4.9)ping模塊:
目的:啟動指定【test】組節點上機器是否還能連通
命令:ansible test -m ping
[root@Ansible data]# ansible test -m ping
192.168.0.24 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.0.151 | SUCCESS => {
"changed": false,
"ping": "pong"
}
4.10)command模塊:
目的:啟動指定【test】組節點上機器。
命令:ansible test -m command -a ‘ifconfig‘
[root@Ansible ~]# ansible test -m command -a ‘ifconfig‘
192.168.0.24 | SUCCESS | rc=0 >>
eth0 Link encap:Ethernet HWaddr 00:0C:29:78:5F:F7
inet addr:192.168.0.24 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe78:5ff7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:357529 errors:0 dropped:0 overruns:0 frame:0
TX packets:29159 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:167617670 (159.8 MiB) TX bytes:2146356 (2.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:612 (612.0 b) TX bytes:612 (612.0 b)
192.168.0.151 | SUCCESS | rc=0 >>
eth0 Link encap:Ethernet HWaddr 00:0C:29:4C:57:41
inet addr:192.168.0.151 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe4c:5741/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1957267 errors:0 dropped:0 overruns:0 frame:0
TX packets:968117 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:141562715 (135.0 MiB) TX bytes:1266001670 (1.1 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:31005 errors:0 dropped:0 overruns:0 frame:0
TX packets:31005 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4433126 (4.2 MiB) TX bytes:4433126 (4.2 MiB)
4.11)raw模塊:
目的:在指定【test】組節點上運行hostname命令
命令:ansible test -m raw -a ‘hostname‘
[root@Ansible ~]# ansible test -m raw -a ‘hostname‘
192.168.0.24 | SUCCESS | rc=0 >>
Ansible
192.168.0.151 | SUCCESS | rc=0 >>
Nagios-Server
查看3306服務端口有沒有啟動。
[root@Ansible ~]# ansible test -m raw -a "netstat -lntup |grep 3306"
192.168.0.151 | SUCCESS | rc=0 >>
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 9217/mysqld
192.168.0.24 | SUCCESS | rc=0 >>
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 33502/mysqld
4.12)get_url模塊:
目的:將http://192.168.0.22/download/cmake-2.8.8.tar.gz文件下載到指定【test】組節點的/data目錄下
命令:ansible test -m get_url -a ‘url=http://192.168.0.22/download/cmake-2.8.8.tar.gz dest=/data‘
[root@Ansible ~]# ansible test -m get_url -a ‘url=http://192.168.0.22/download/cmake-2.8.8.tar.gz dest=/data‘
192.168.0.24 | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "a74dfc3e0a0d7f857ac5dda03bb99ebf07676da1",
"dest": "/data/cmake-2.8.8.tar.gz",
"gid": 0,
"group": "root",
"md5sum": "ba74b22c788a0c8547976b880cd02b17",
"mode": "0644",
"msg": "OK (5691656 bytes)",
"owner": "root",
"size": 5691656,
"src": "/tmp/tmpGRtAis",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "http://192.168.0.22/download/cmake-2.8.8.tar.gz"
}
192.168.0.151 | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "a74dfc3e0a0d7f857ac5dda03bb99ebf07676da1",
"dest": "/data/cmake-2.8.8.tar.gz",
"gid": 0,
"group": "root",
"md5sum": "ba74b22c788a0c8547976b880cd02b17",
"mode": "0644",
"msg": "OK (5691656 bytes)",
"owner": "root",
"size": 5691656,
"src": "/tmp/tmpLdf_hW",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "http://192.168.0.22/download/cmake-2.8.8.tar.gz"
}
完成後查看一下你下載的文件:
[root@Ansible ~]# ansible test -m command -a ‘ls /data‘
4.13)synchronize模塊
目的:將主控方/data目錄推送到指定節點的/tmp目錄下
命令:ansible test -m synchronize -a ‘src=/data/soft dest=/tmp/ compress=yes‘
delete=yes 使兩邊的內容一樣(即以推送方為主)
compress=yes 開啟壓縮,默認為開啟
--exclude=.git 忽略同步.git結尾的文件
[root@Ansible ~]# ansible test -m synchronize -a ‘src=/data/soft dest=/tmp/ compress=yes‘
192.168.0.24 | SUCCESS => {
"changed": true,
"cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh=/usr/bin/ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --out-format=<<CHANGED>>%i %n%L /data/soft 192.168.0.24:/tmp/",
"msg": "cd+++++++++ soft/\n<f+++++++++ soft/Class-Accessor-0.31.tar.gz\n<f+++++++++ soft/Config-Tiny-2.12.tar.gz\n<f+++++++++ soft/Math-Calc-Units-1.07.tar.gz\n<f+++++++++ soft/Nagios-Plugin-0.34.tar.gz\n<f+++++++++ soft/Params-Validate-0.91.tar.gz\n<f+++++++++ soft/Regexp-Common-2010010201.tar.gz\n<f+++++++++ soft/check_iostat\n<f+++++++++ soft/check_memory.pl\n<f+++++++++ soft/check_mysql\n<f+++++++++ soft/libart_lgpl-2.3.17.tar.gz\n<f+++++++++ soft/nagios-3.5.1.tar.gz\n<f+++++++++ soft/nagios-plugins-1.4.16.tar.gz\n<f+++++++++ soft/nrpe-2.12.tar.gz\n<f+++++++++ soft/pnp-0.4.14.tar.gz\n<f+++++++++ soft/rrdtool-1.2.14.tar.gz\n",
"rc": 0,
"stdout_lines": [
"cd+++++++++ soft/",
"<f+++++++++ soft/Class-Accessor-0.31.tar.gz",
"<f+++++++++ soft/Config-Tiny-2.12.tar.gz",
"<f+++++++++ soft/Math-Calc-Units-1.07.tar.gz",
"<f+++++++++ soft/Nagios-Plugin-0.34.tar.gz",
"<f+++++++++ soft/Params-Validate-0.91.tar.gz",
"<f+++++++++ soft/Regexp-Common-2010010201.tar.gz",
"<f+++++++++ soft/check_iostat",
"<f+++++++++ soft/check_memory.pl",
"<f+++++++++ soft/check_mysql",
"<f+++++++++ soft/libart_lgpl-2.3.17.tar.gz",
"<f+++++++++ soft/nagios-3.5.1.tar.gz",
"<f+++++++++ soft/nagios-plugins-1.4.16.tar.gz",
"<f+++++++++ soft/nrpe-2.12.tar.gz",
"<f+++++++++ soft/pnp-0.4.14.tar.gz",
"<f+++++++++ soft/rrdtool-1.2.14.tar.gz"
]
}
192.168.0.151 | SUCCESS => {
"changed": true,
"cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh=/usr/bin/ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --out-format=<<CHANGED>>%i %n%L /data/soft 192.168.0.151:/tmp/",
"msg": "cd+++++++++ soft/\n<f+++++++++ soft/Class-Accessor-0.31.tar.gz\n<f+++++++++ soft/Config-Tiny-2.12.tar.gz\n<f+++++++++ soft/Math-Calc-Units-1.07.tar.gz\n<f+++++++++ soft/Nagios-Plugin-0.34.tar.gz\n<f+++++++++ soft/Params-Validate-0.91.tar.gz\n<f+++++++++ soft/Regexp-Common-2010010201.tar.gz\n<f+++++++++ soft/check_iostat\n<f+++++++++ soft/check_memory.pl\n<f+++++++++ soft/check_mysql\n<f+++++++++ soft/libart_lgpl-2.3.17.tar.gz\n<f+++++++++ soft/nagios-3.5.1.tar.gz\n<f+++++++++ soft/nagios-plugins-1.4.16.tar.gz\n<f+++++++++ soft/nrpe-2.12.tar.gz\n<f+++++++++ soft/pnp-0.4.14.tar.gz\n<f+++++++++ soft/rrdtool-1.2.14.tar.gz\n",
"rc": 0,
"stdout_lines": [
"cd+++++++++ soft/",
"<f+++++++++ soft/Class-Accessor-0.31.tar.gz",
"<f+++++++++ soft/Config-Tiny-2.12.tar.gz",
"<f+++++++++ soft/Math-Calc-Units-1.07.tar.gz",
"<f+++++++++ soft/Nagios-Plugin-0.34.tar.gz",
"<f+++++++++ soft/Params-Validate-0.91.tar.gz",
"<f+++++++++ soft/Regexp-Common-2010010201.tar.gz",
"<f+++++++++ soft/check_iostat",
"<f+++++++++ soft/check_memory.pl",
"<f+++++++++ soft/check_mysql",
"<f+++++++++ soft/libart_lgpl-2.3.17.tar.gz",
"<f+++++++++ soft/nagios-3.5.1.tar.gz",
"<f+++++++++ soft/nagios-plugins-1.4.16.tar.gz",
"<f+++++++++ soft/nrpe-2.12.tar.gz",
"<f+++++++++ soft/pnp-0.4.14.tar.gz",
"<f+++++++++ soft/rrdtool-1.2.14.tar.gz"
]
}
完成後查看一下你推送的文件:
[root@Ansible ~]# ansible test -m command -a ‘ls /tmp‘
192.168.0.24 | SUCCESS | rc=0 >>
ansible_88QywI
soft
192.168.0.151 | SUCCESS | rc=0 >>
ansible_lFLfGd
soft
Ansible運維的必備工具