ansible在日常運維中經常使用,特別是批量執行多臺伺服器的時候,有效減小重複的操作成本,以下從安裝到使用僅講解工作中常用的幾種方式,模組很多功能很強大,但不做全面討論。
ansible安裝
在centos伺服器中安裝ansible很簡單,只需兩條命令:
yum install epel-release
yum -y install ansible
ansible --version
ansible 2.9.16
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
ansible配置
配置hosts,新增需要被管理的主機
[root@test01 ~]# cat /etc/ansible/hosts
[webservers]
10.124.59.82
10.124.59.83
[dbservers]
10.124.59.208
10.124.59.209
[ftp]
10.124.59.210
生成金鑰
[root@test01 ~]# ssh-keygen
使用ssh-copy-id命令來複制ansible公鑰到各個節點
[root@test01 ~]# ssh-copy-id [email protected]
[root@test01 ~]# ssh-copy-id [email protected]
[root@test01 ~]# ssh-copy-id [email protected]
[root@test01 ~]# ssh-copy-id [email protected]
[root@test01 ~]# ssh-copy-id [email protected]
執行ping命令測試
[root@test01 ~]# ansible all -m ping
10.124.59.210 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.124.59.209 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.124.59.82 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.124.59.83 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
10.124.59.208 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
success說明安裝配置成功。
ansible常用模組與使用
實際使用過程中,會有幾個模組經常用到,下面列出如下:
- ping模組
測試主機是否是通的,用法很簡單,不涉及引數
以上已經舉例,這裡不再贅述。
- command模組
ansible管理工具使用-m選項來指定使用模組,預設使用command模組,
即-m選項省略時會執行此模組,用於在被管理主機上執行命令。
遠端執行命令,但不支援管道。它是預設命令可不指明模組。
- shell模組
遠端執行命令,與command的不同在於可以使用管道。
- copy:拷貝檔案到遠端主機
用法:
src :本地檔案路徑,可以是絕對和相對
dest= :不可省,如果src是目錄,則dest也是目錄。只能是絕對路徑
group :指明檔案屬組
mode :指明許可權
owner :指明所有者
content :直接寫出內容,並將其複製給遠端主機
示例:
複製本地檔案到遠端主機
[root@test01 ~]# ansible all -m copy -a "src=/tmp/filebeat.yml dest=/tmp/ owner=ansible mode=600"
10.124.59.209 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "203e1c00bc853d638e8c00eaa4015be17ae26900",
"dest": "/tmp/filebeat.yml",
"gid": 1016,
"group": "mgadmin",
"md5sum": "fb66b0662ccea6dd9148d50ed2cdbdb3",
"mode": "0600",
"owner": "ansible",
"size": 10386,
"src": "/home/ansible/.ansible/tmp/ansible-tmp-1628185005.83-13684-201530439549721/source",
"state": "file",
"uid": 1020
}
10.124.59.210 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "203e1c00bc853d638e8c00eaa4015be17ae26900",
"dest": "/tmp/filebeat.yml",
"gid": 1016,
"group": "mgadmin",
"md5sum": "fb66b0662ccea6dd9148d50ed2cdbdb3",
"mode": "0600",
"owner": "ansible",
"size": 10386,
"src": "/home/ansible/.ansible/tmp/ansible-tmp-1628185005.82-13680-7844302613885/source",
"state": "file",
"uid": 1020
}
...省略
- fetch:從遠端主機獲取檔案到本地
用法:
src=遠端主機上的檔案。
dest=儲存檔案的目錄
示例
[root@test01 tmp]# ansible 10.124.59.83 -m fetch -a "dest=/tmp src=/tmp/filebeat.yml"
10.124.59.83 | CHANGED => {
"changed": true,
"checksum": "203e1c00bc853d638e8c00eaa4015be17ae26900",
"dest": "/tmp/10.124.59.83/tmp/filebeat.yml",
"md5sum": "fb66b0662ccea6dd9148d50ed2cdbdb3",
"remote_checksum": "203e1c00bc853d638e8c00eaa4015be17ae26900",
"remote_md5sum": null
}
注意:獲取的檔案存放路徑為dest_dir/IP|address/src_file
以上就是幾個經常使用的命令,另外一些少用的模組,需要的時候到官網或使用ansible-doc檢視幫助即可。
- 官方文件:https://docs.ansible.com/
- ansible-doc檢視模組幫助資訊的工具
Ansible-doc用來查詢ansible模組文件的說明,類似於man命令,針對每個模組都有詳細的用法說明及應用案例介紹,語法如下:
ansible-doc [options] [module……]
-l用來列出可使用的模組,
-s用來列出某個模組的描述資訊和使用示例。
[root@test01 tmp]# ansible-doc -s command
- name: Execute commands on targets
command:
argv: # Passes the command as a list rather than a string. Use `argv' to avoid quoting values that would otherwise be interpreted incorrectly (for example "user name"). Only the string or the
list form can be provided, not both. One or the other must be provided.
chdir: # Change into this directory before running the command.
cmd: # The command to run.
creates: # A filename or (since 2.0) glob pattern. If it already exists, this step *won't* be run.
free_form: # The command module takes a free form command to run. There is no actual parameter named 'free form'.
removes: # A filename or (since 2.0) glob pattern. If it already exists, this step *will* be run.
stdin: # Set the stdin of the command directly to the specified value.
stdin_add_newline: # If set to `yes', append a newline to stdin data.
strip_empty_ends: # Strip empty lines from the end of stdout/stderr in result.
warn: # Enable or disable task warnings.
---- 鋼鐵 [email protected] 2021.08.06
參考文獻
http://blog.itpub.net/29785807/viewspace-2700983/
https://www.huaweicloud.com/articles/cd442ec1b8aca5208f04555385362147.html