LINUX——關於ansible批量控制,批量命令及部署的使用
ansible是一款自動化運維工具,基於Python開發,集合了眾多運維工具(puppet,cfengine,chef,func,fabric)的優點,實現了批量(系統配置,程序部署,運行命令)等功能
並且ansible是基於模塊工作的,本身沒有批量部署的能力,真正具有批量部署的是ansible所運行的模塊,ansible只是提供一種框架。主要包括:
1.連接插件connetion plugins:負責和被監控端實現通訊; 2.host inventory:指定操作的主機,是一個配置文件裏面定義監控的主機; 3.各種模塊核心模塊,command模塊,自定義模塊; 4.借助於插件完成紀錄日誌郵件等功能; 5.playbook:劇本執行多個任務時,非必需可以讓節點一次性運行多個任務。
ansible架構圖
Ansible有很多配置參數,以下是幾個默認的配置參數:
inventory = /root/ansible/hosts
library = /usr/share/my_modules/
forks = 5
sudo_user = root
remote_port = 22
host_key_checking = False
timeout = 20
log_path = /var/log/ansible.log
inventory:該參數表示inventory文件的位置,資源清單(inventory)就是Ansible需要連接管理的一些主機列表。 library:Ansible的所有操作都使用模塊來執行實現,這個library參數就是指向存放Ansible模塊的目錄。 forks:設置默認情況下Ansible最多能有多少個進程同時工作,默認5個進程並行處理。具體需要設置多少個,可以根據控制端性能和被管理節點的數量來確定。 sudo_user:設置默認執行命令的用戶,也可以在playbook中重新設置這個參數。 remote_port:指定連接被管理節點的管理端口,默認是22,除非設置了特殊的SSH端口,否則不需要修改此參數。 host_key_checking:設置是否檢查SSH主機的密鑰。可以設置為True或False。即ssh的主機再次驗證。 timeout:設置SSH連接的超時間隔,單位是秒。 log_path:Ansible默認不記錄日誌,如果想把Ansible系統的輸出記錄到日誌文件中,需要設置log_path。需要註意,模塊將會調用被管節點的(r)syslog來記錄,執行Ansible的用戶需要有寫入日誌的權限。
ansible安裝
配置安裝163的源 [root@localhost ~]# cd /etc/yum.repos.d/ //創建備份目錄 [root@localhost yum.repos.d]# mkdir /etc/repo-bf //將原yum倉庫的文件備份到repo-bf [root@localhost yum.repos.d]# mv * /etc/repo-bf //下載163的源到yum倉庫 [root@localhost yum.repos.d]# curl -o 163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo //將改為版本的7 [root@localhost yum.repos.d]# sed -i ‘s/\$releasever/7/g‘ /etc/yum.repos.d/163.repo [root@localhost yum.repos.d]# sed -i ‘s/enabled=0/enabled=1/g‘ /etc/yum.repos.d/163.repo //自動配置yum的軟件倉庫,也可以自己配置 [root@localhost yum.repos.d]# yum -y install epel-release [root@localhost yum.repos.d]# yum -y install ansible ansible-doc [root@localhost yum.repos.d]# yum clean all //查看ansible版本 [root@localhost yum.repos.d]# ansible --version ansible 2.6.3 config file = /etc/ansible/ansible.cfg configured module search path = [u‘/root/.ansible/plugins/modules‘, u‘/usr/share/ansible/plugins/modules‘] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] //設置環境 [root@localhost yum.repos.d]# yum -y install wget [root@localhost yum.repos.d]# cd
ansible配置
配置文件:
ansible主配置文件 /etc/ansible/ansible.cfg
受控主機清單 /etc/ansible/hosts
受控主機清單配置方式
* 分組配置 一個組下添加多個ip
* ip配置 也可以網段,例:192.168.56.[1-254]
* 域名配置
* 通配符配置 [001:006], 1到6 (例:www.001.xxx.com ...)
分組設置,例:
[abc]
192.168.56.123
192.168.56.138
ansible通過ssh來控制遠程主機,所以要配置ssh互信,否則將會提示你輸入密碼。
ssh-keygen -t rsa //生成密鑰
[root@localhost ~]# ls .ssh/
id_rsa id_rsa.pub
ssh-copy-id -i ~/.ssh/id_rsa.pub root@(需要免密的受控端ip)
ansible如何獲取幫助
ansible通過ansible-doc命令來獲取幫助信息,可以使用此命令的-s選項來獲取指定模塊的幫助信息
//查詢ping模塊的幫助文檔
[root@localhost ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong‘ on success
ping:
data: # Data to return for the `ping‘ return value. If this parameter is set
to `crash‘, the module will cause an
exception.
ansible常用模塊使用詳解
ansible常用模塊有:
* ping
* yum
* template
* copy
* user
* group
* service
* raw
* command
* shell
* script
ansible常用模塊raw,command,shell的區別:
* shell模塊調用的/bin/sh指令執行
* command模塊不是調用的shell的指令,所以沒有bash的環境變量
* raw很多地方和shell類似,更多地方建議使用shell和conmmand模塊。但是如果是使用老版本python,需要用到raw,又後者是客戶端是路由器,因為沒有安裝python模塊,那就需要使用raw模塊了
ansible常用之ping
ping模塊常用於檢查指定節點機器是否連通,用法簡單,不涉及參數,主機如果在線,則回復pong
[root@localhost ~]# ansible [all或你設置組,ip等] -m ping
例:
[root@localhost ~]# ansible abc -m ping
192.168.56.123 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.56.138 | SUCCESS => {
"changed": false,
"ping": "pong"
}
ansible常用模塊之command
command模塊用於在遠程主機上執行命令,ansible默認就是使用command模塊
command模塊有一個缺陷就是不能使用管道符和重定向功能,這裏不做示範
//查看受控機的/tmp目錄內容
[root@localhost ~]# ansible abc -a ‘ls /tmp‘
192.168.56.123 | SUCCESS | rc=0 >>
ansible_bWbAQA
ks-script-FJMsU1
systemd-private-d64c48c29b014817892ff2b800ef4fdf-chronyd.service-SQE1dO
systemd-private-d64c48c29b014817892ff2b800ef4fdf-httpd.service-REOrV8
systemd-private-d64c48c29b014817892ff2b800ef4fdf-vgauthd.service-AEDF9T
systemd-private-d64c48c29b014817892ff2b800ef4fdf-vmtoolsd.service-7FRejI
systemd-private-e09517bf16f64a2fbe7372b98204716d-chronyd.service-nkIAuP
systemd-private-e09517bf16f64a2fbe7372b98204716d-vgauthd.service-r1RS7D
systemd-private-e09517bf16f64a2fbe7372b98204716d-vmtoolsd.service-QXRPMs
yum.log
192.168.56.138 | SUCCESS | rc=0 >>
ansible__mXwII
ks-script-Q6MuAp
systemd-private-5895f3e39f304700829d55b9a5234b36-chronyd.service-O9f5LP
systemd-private-5895f3e39f304700829d55b9a5234b36-vgauthd.service-bfquyZ
systemd-private-5895f3e39f304700829d55b9a5234b36-vmtoolsd.service-Z2u8r9
yum.log
//在受控主機上新建個文件
[root@localhost ~]# ansible abc -a ‘touch /tmp/123‘
//受控機上查看
[root@localhost ~]# ls /tmp/
123
**ansible常用模塊之raw
raw模塊用於在遠程主機上執行命令,支持管道符與重定向***
//查看
[root@localhost ~]# ansible abc -m raw -a ‘cat /tmp/123‘
192.168.56.123 | SUCCESS | rc=0 >>
123456
Shared connection to 192.168.56.123 closed.
...
//支持管道符
[root@localhost ~]# ansible abc -m raw -a ‘cat /tmp/123|grep 123‘
192.168.56.123 | SUCCESS | rc=0 >>
123456
Shared connection to 192.168.56.123 closed.
ansible常用模塊之shell
shell模塊用於在受控機上執行受控機上的腳本,也可直接在受控機上執行命令
支持管道和重定向
//查看受控機的腳本(自編)
[root@localhost ~]# cat /etc/aaa.sh
#!/bin/bash
for i in {1..10};do
echo $i
done
使用shell模塊在受控機上執行的腳本
[root@localhost ~]# ansible abc -m shell -a ‘bash /etc/aaa.sh|grep 1 &>/tmp/123‘
[root@localhost ~]# ansible abc -m shell -a ‘cat /tmp/123‘
192.168.56.138 | SUCCESS | rc=0 >>
1
10
...
ansible常用模塊之script
scrip模塊在受控機上執行主控上的腳本
[root@localhost ~]# scp [email protected]:/etc/aaa.sh /root
[root@localhost ~]# mv aaa.sh a123.sh
[root@localhost ~]# ansible abc -m script -a ‘a123.sh &> /tmp/123‘
192.168.56.123 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.56.123 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.56.123 closed."
],
"stdout": "",
"stdout_lines": []
}
...
//受控機查看
[root@localhost ~]# cat /tmp/123
1
2
3
...
可見在受控機上執行了主控機上的腳本,並紀錄到了受控機。
ansible常用模塊之template
template模塊用於生成一個模板,並可將其傳輸至遠程主機上
//下載並設置163的源
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost ~]# curl -o CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
[root@localhost ~]# sed -i ‘s/\$releasever/7/g‘ /etc/yum.repos.d/CentOS7-Base-163.repo
[root@localhost ~]# sed -i ‘s/^enabled=.*/enabled=1/g‘ /etc/yum.repos.d/CentOS7-Base-163.repo
//將設置好的163源傳到受控機
[root@localhost ~]# ansible abc -m template -a ‘src=/etc/yum.repos.d/CentOS7-Base-163.repo dest=/etc/yum.repos.d/163.repo‘
192.168.56.123 | SUCCESS => {
"changed": true,
"checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
"dest": "/etc/yum.repos.d/163.repo",
"gid": 0,
"group": "root",
"md5sum": "5a3e688854d9ceccf327b953dab55b21",
"mode": "0644",
"owner": "root",
"size": 1462,
"src": "/root/.ansible/tmp/ansible-tmp-1536578876.83-251571075139699/source",
"state": "file",
"uid": 0
}
...
//受控機查看
[root@localhost ~]# ls /etc/yum.repos.d/
163.repo
ansible常用模板之yum
yum模板用於在指定節點機器上通過yum管理軟件,其支持的參數主要有兩個
* name:要管理的包名
* state:要進行的操作
state常用的值:
- latest:安裝軟件
- installed:安裝軟件
- present:安裝軟件
- removed:卸載軟件
- absent:卸載軟件
若想使用yum來管理軟件,請確保受控機上的yum源無異常
//在受控和機上查詢vsftpd軟件是否安裝
[root@localhost ~]# rpm -qa|grep vsftpd
在ansible主機上使用yum模塊在受控機上安裝vsftpd
[root@localhost ~]# ansible abc -m yum -a ‘name=vsftpd state=present‘
192.168.56.123 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"vsftpd-3.0.2-22.el7.x86_64 providing vsftpd is already installed"
]
}
...
//檢查vsftpd
[root@localhost ~]# ansible abc -m shell -a ‘rpm -qa|grep vsftpd‘
192.168.56.123 | SUCCESS | rc=0 >>
vsftpd-3.0.2-22.el7.x86_64
192.168.56.138 | SUCCESS | rc=0 >>
vsftpd-3.0.2-22.el7.x86_64
ansible常用模塊之copy
copy模塊用於復制文件至遠程受控機
[root@localhost ~]# ls
a123.sh
將主控機root下的a123.sh復制到受控機的root/
[root@localhost ~]# ansible abc -m copy -a ‘src=a123.sh dest=root/‘
192.168.56.123 | SUCCESS => {
"changed": true,
"checksum": "dd788902d7b36afedee8f2087a3e93b4047d33de",
"dest": "root/a123.sh",
"gid": 0,
"group": "root",
"md5sum": "84f03ff2c65a9b9bfea41587ad43e533",
"mode": "0644",
"owner": "root",
"size": 45,
"src": "/root/.ansible/tmp/ansible-tmp-1536584403.91-155709823063677/source",
"state": "file",
"uid": 0
}
...
//受控機查看
[root@localhost ~]# ansible abc -m shell -a ‘ls root/‘
192.168.56.123 | SUCCESS | rc=0 >>
a123.sh
192.168.56.138 | SUCCESS | rc=0 >>
a123.sh
ansible常用模塊之group
group模塊用於在受控機上添加或者刪除組
//在受控機上添加一個系統組,gid為306,組名mysql
[root@localhost ~]# ansible abc -m group -a ‘name=mysql gid=306 state=present‘
192.168.56.123 | SUCCESS => {
"changed": true,
"gid": 306,
"name": "mysql",
"state": "present",
"system": false
}
...
在/etc/group裏過濾初mysql
[root@localhost ~]# ansible abc -m shell -a ‘grep mysql /etc/group‘
192.168.56.123 | SUCCESS | rc=0 >>
mysql:x:306:
...
//刪除受控機上的mysql組
[root@localhost ~]# ansible abc -m group -a ‘name=mysql state=absent‘
192.168.56.123 | SUCCESS => {
"changed": true,
"name": "mysql",
"state": "absent"
}
...
//受控機查看
[root@localhost ~]# ansible abc -m shell -a ‘grep mysql /etc/group‘
192.168.56.123 | FAILED | rc=1 >>
non-zero return code
ansible常用模塊之user
user模塊用於管理受控機的用戶賬號
//在受控機上添加一個系統賬戶,用戶名為mysql,uid為306,設置shell為/sbin/nologin,無家目錄
[root@localhost ~]# ansible abc -m user -a ‘name=mysql uid=306 system=yes create_home=no shell=/sbin/nologin state=present‘
192.168.56.123 | SUCCESS => {
"changed": true,
"comment": "",
"create_home": false,
"group": 306,
"home": "/home/mysql",
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 306
}
...
//檢查受控機
[root@localhost ~]# ansible abc -m shell -a ‘grep mysql /etc/group‘
192.168.56.123 | SUCCESS | rc=0 >>
mysql:x:306:
192.168.56.138 | SUCCESS | rc=0 >>
mysql:x:306:
查看用戶
[root@localhost ~]# ansible abc -m shell -a ‘ls /home‘
192.168.56.123 | SUCCESS | rc=0 >>
1
192.168.56.138 | SUCCESS | rc=0 >>
1
//修改mysql用戶的uid為366
[root@localhost ~]# ansible abc -m user -a ‘name=mysql uid=366‘
192.168.56.123 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 306,
"home": "/home/mysql",
"move_home": false,
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"uid": 366
}
...
//受控機查看用戶
[root@localhost ~]# ansible abc -m shell -a ‘grep mysql /etc/passwd‘
192.168.56.123 | SUCCESS | rc=0 >>
mysql:x:366:306::/home/mysql:/sbin/nologin
192.168.56.138 | SUCCESS | rc=0 >>
mysql:x:366:306::/home/mysql:/sbin/nologin
//刪除受控機上的mysql用戶
[root@localhost ~]# ansible abc -m user -a ‘name=mysql state=absent‘
192.168.56.123 | SUCCESS => {
"changed": true,
"force": false,
"name": "mysql",
"remove": false,
"state": "absent"
}
...
//受控機查看用戶
[root@localhost ~]# ansible abc -m shell -a ‘grep mysql /etc/passwd‘
192.168.56.123 | FAILED | rc=1 >>
non-zero return code
...
ansible常用模塊之service
service模塊用於管理受控機上的服務
//查看受控機上的vsftp服務是否啟動
[root@localhost ~]# ansible abc -m shell -a ‘systemctl is-active vsftpd‘
192.168.56.123 | FAILED | rc=3 >>
unknownnon-zero return code
//啟動受控機上的vsftp服務
[root@localhost ~]# ansible abc -m service -a ‘name=vsftpd state=started‘
...
//查看受控機上的vsftpd服務是否啟動
[root@localhost ~]# ansible abc -m shell -a ‘systemctl is-active vsftpd‘
192.168.56.123 | SUCCESS | rc=0 >>
active
192.168.56.138 | SUCCESS | rc=0 >>
active
//查看受控機上的vsftpd服務是否開機自啟動
[root@localhost ~]# ansible abc -m shell -a ‘systemctl is-enabled vsftpd‘
192.168.56.123 | FAILED | rc=1 >>
disablednon-zero return code
//設置受控機上的vsftpd服務開機自動啟動
[root@localhost ~]# ansible abc -m service -a ‘name=vsftpd enabled=yes‘
192.168.56.123 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "vsftpd",
"status": {
...
//查看受控機上的vsftpd服務是否開機自啟動
[root@localhost ~]# ansible abc -m shell -a ‘systemctl is-enabled vsftpd‘
192.168.56.123 | SUCCESS | rc=0 >>
enabled
...
//停止受控機上的vsftpd服務
[root@localhost ~]# ansible abc -m service -a ‘name=vsftpd state=stopped‘
192.168.56.123 | SUCCESS => {
"changed": true,
"name": "vsftpd",
"state": "stopped",
"status": {
...
//查看受控機上的vsftpd服務是否啟動
[root@localhost ~]# ansible abc -m shell -a ‘systemctl is-active vsftpd‘
192.168.56.123 | FAILED | rc=3 >>
inactivenon-zero return code
//查看端口
[root@localhost ~]# ansible abc -m shell -a ‘ss -anlt‘
192.168.56.123 | SUCCESS | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LINUX——關於ansible批量控制,批量命令及部署的使用