Ansible - 配置管理工具Ansible简介
1 - 配置管理工具
配置管理工具(SCM,Software Configuration Management)可以将代码、软件方式实现的基础设施配置信息保存,也可以根据需求变化反复进行变更。
相关工具包括Ansible、Chef、Puppet、SaltStack等,版本管理工具有Git、Subversion等。
配置管理工具的特征
- 声明式:通过配置信息对当前配置对象的具体状态进行明确描述,并管理这个状态;形式简单、易于理解;
- 抽象化:配置信息能涵盖细微的环境差异,不需要根据配置对象所在环境的细微差别而分开编写配置信息,消除代码执行时的特殊性;
- 收敛性:不管对象的状态如何,最终都会变为指定的期望状态
- 幂等性:无论执行多少次都能得到相同的结果
- 省时省力:配置信息轻量,易于传输,可以提高审查速度,能够快速回滚到上一个版本;开源;可通过自动化进行快速设置;
2 - Ansible简介
Ansible是基于python语言开发的一种开源的自动化运维工具和平台,集合了众多运维工具的优点,实现了批量配置管理、批量应用部署和运行命令执行特定任务等功能。
Ansible基于SSH来和远程主机通讯,不需要在远程主机上安装client/agents。
配置信息语法规则简单,命令简洁,容易入门。
Ansible只是提供一种框架,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块。主要包括:
- 连接插件connection plugins:负责和被监控端实现通信
- host inventory:指定操作的主机,是一个配置文件里面定义监控的主机
- 各种模块核心模块、command模块、自定义模块
- 借助于插件完成记录日志邮件等功能
- playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务
- 具备管理Docker容器的功能
Ansible官网与教程
- HomePage:https://www.ansible.com/
- Ansible中文权威指南:http://ansible.com.cn/
- Ansible自动化运维教程:https://www.w3cschool.cn/automate_with_ansible/
3 - Ansible安装
操作简单,例如在CentOS7中安装Ansible只需执行yum -y install epel-release和yum -y install ansible就可以。
3.1 Ansible命令参数
[root@localhost ~]# ansible
usage: ansible [-h] [--version] [-v] [-b] [--become-method BECOME_METHOD]
[--become-user BECOME_USER] [-K] [-i INVENTORY] [--list-hosts]
[-l SUBSET] [-P POLL_INTERVAL] [-B SECONDS] [-o] [-t TREE] [-k]
[--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER]
[-c CONNECTION] [-T TIMEOUT]
[--ssh-common-args SSH_COMMON_ARGS]
[--sftp-extra-args SFTP_EXTRA_ARGS]
[--scp-extra-args SCP_EXTRA_ARGS]
[--ssh-extra-args SSH_EXTRA_ARGS] [-C] [--syntax-check] [-D]
[-e EXTRA_VARS] [--vault-id VAULT_IDS]
[--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES]
[-f FORKS] [-M MODULE_PATH] [--playbook-dir BASEDIR]
[-a MODULE_ARGS] [-m MODULE_NAME]
pattern
ansible: error: too few arguments
[root@localhost ~]#
[root@localhost ~]# ansible --version
ansible 2.9.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
[root@localhost ~]#
[root@localhost ~]# ll /etc/ansible/
total 24
-rw-r--r-- 1 root root 19985 Nov 9 05:11 ansible.cfg
-rw-r--r-- 1 root root 1016 Nov 9 05:11 hosts
drwxr-xr-x 2 root root 6 Nov 9 05:11 roles
[root@localhost ~]#
3.2 Inventory文件
默认是“/etc/ansible/hosts文件,定义了Ansible进行远程控制的对象服务器列表。
也可以在运行时使用-i参数指定其他文件作为Inventory文件。
[root@localhost ~]# sh -c "echo \"localhost\" >> /etc/ansible/hosts"
4 Ansible示例
4.1 安装并启动Nginx
# yum -y install epel-release
# yum -y install nginx
# echo "hello, Nginx" > /usr/share/nginx/html/index.html
# systemctl start nginx
[root@localhost ~]# systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2019-11-19 16:54:56 CST; 7min ago
Process: 6752 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 6749 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 6747 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 6754 (nginx)
Tasks: 3
CGroup: /system.slice/nginx.service
├─6754 nginx: master process /usr/sbin/nginx
├─6755 nginx: worker process
└─6756 nginx: worker process
Nov 19 16:54:56 localhost.localdomain systemd[1]: Starting The nginx HTTP and reverse proxy server...
Nov 19 16:54:56 localhost.localdomain nginx[6749]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Nov 19 16:54:56 localhost.localdomain nginx[6749]: nginx: configuration file /etc/nginx/nginx.conf test is su...sful
Nov 19 16:54:56 localhost.localdomain systemd[1]: Started The nginx HTTP and reverse proxy server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]#
[root@localhost ~]# curl http://192.168.16.101
hello, Nginx
4.2示例 - 启动已经运行的Nginx服务
[root@localhost ~]# ansible localhost -b -c local -m service -a "name=nginx state=started"
localhost | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"name": "nginx",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Tue 2019-11-19 17:08:33 CST",
"ActiveEnterTimestampMonotonic": "8773946590",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
......
......
......
"WatchdogTimestamp": "Tue 2019-11-19 16:54:56 CST",
"WatchdogTimestampMonotonic": "7957241107",
"WatchdogUSec": "0"
}
}
[root@localhost ~]#
4.3示例 - 启动并未运行的Nginx服务
[root@localhost ~]# systemctl stop nginx.service
[root@localhost ~]#
[root@localhost ~]# ansible localhost -b -c local -m service -a "name=nginx state=started"
localhost | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "nginx",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
......
......
......
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
[root@localhost ~]#
5 - ansible-playbook
5.1 ansible-playbook简介
使用ansible-playbook命令能够以分组的方式处理或者操作对象,执行从安装、配置到启动等一系列操作。
这一系列操作(构建信息)必须提前定义在playbook文件中,然后通过指定playbook文件自动开始执行构建。
- playbook文件(YAML格式,后缀名为.yml)指定角色(roles)
- roles目录中的tasks具体定义一系列操作
- group_vars目录和roles下中templates目录为不同的环境设置变量值
命令参数
通过ansible-playbook -h可以查看相关参数
dry-run模式
用于预先验证要做的更改操作是否和预期一致。
在此模式下,Ansible不会真正在实际环境中执行更改操作,而是事先显示在实际执行时那些内容会被更改。
具体使用方法就是同时使用“--check”和“--diff”选项,表示以dry-run模式运行并显示详细的变更内容。
5.2 示例文件
下载地址:https://github.com/devops-book/ansible-playbook-sample
[root@localhost ansible-playbook-sample]# ll
total 12
-rw-r--r-- 1 root root 81 Nov 19 17:25 development
drwxr-xr-x 2 root root 73 Nov 19 17:25 group_vars
-rw-r--r-- 1 root root 79 Nov 19 17:25 production
drwxr-xr-x 7 root root 91 Nov 19 17:25 roles
-rw-r--r-- 1 root root 150 Nov 19 17:25 site.yml
[root@localhost ansible-playbook-sample]#
[root@localhost ansible-playbook-sample]# cat site.yml
---
- hosts: webservers
become: yes
connection: local
roles:
- common
- nginx
# - serverspec
# - serverspec_sample
# - jenkins
[root@localhost ansible-playbook-sample]#
[root@localhost ansible-playbook-sample]# tree
.
├── development
├── group_vars
│ ├── development-webservers.yml
│ └── production-webservers.yml
├── production
├── roles
│ ├── common
│ │ ├── meta
│ │ │ └── main.yml
│ │ └── tasks
│ │ └── main.yml
│ ├── jenkins
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── meta
│ │ │ └── main.yml
│ │ ├── README.md
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── tests
│ │ │ ├── inventory
│ │ │ └── test.yml
│ │ └── vars
│ │ └── main.yml
│ ├── nginx
│ │ ├── meta
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ └── index.html.j2
│ ├── serverspec
│ │ ├── meta
│ │ │ └── main.yml
│ │ └── tasks
│ │ └── main.yml
│ └── serverspec_sample
│ ├── files
│ │ └── serverspec_sample
│ │ ├── Rakefile
│ │ └── spec
│ │ ├── localhost
│ │ └── spec_helper.rb
│ ├── meta
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ │ ├── nginx_spec.rb.j2
│ │ └── web_spec.rb.j2
│ └── vars
│ └── main.yml
└── site.yml
28 directories, 27 files
[root@localhost ansible-playbook-sample]#
5.3 示例 - 构建development环境
[root@localhost ansible-playbook-sample]# cat development
[development-webservers]
localhost
[webservers:children]
development-webservers
[root@localhost ansible-playbook-sample]#
[root@localhost ansible-playbook-sample]# ansible-playbook -i development site.yml
PLAY [webservers] **************************************************************************************************
TASK [Gathering Facts] *********************************************************************************************
ok: [localhost]
TASK [common : install epel] ***************************************************************************************
ok: [localhost]
TASK [nginx : install nginx] ***************************************************************************************
ok: [localhost]
TASK [nginx : replace index.html] **********************************************************************************
changed: [localhost]
TASK [nginx : nginx start] *****************************************************************************************
changed: [localhost]
PLAY RECAP *********************************************************************************************************
localhost : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@localhost ansible-playbook-sample]#
[root@localhost ansible-playbook-sample]# curl localhost
hello, development ansible
[root@localhost ansible-playbook-sample]# curl 192.168.16.101
hello, development ansible
[root@localhost ansible-playbook-sample]#
5.4示例 - 构建product环境
[root@localhost ansible-playbook-sample]# cat production
[production-webservers]
localhost
[webservers:children]
production-webservers
[root@localhost ansible-playbook-sample]#
[root@localhost ansible-playbook-sample]# ansible-playbook -i production site.yml
PLAY [webservers] *****************************************************************************************
TASK [Gathering Facts] ************************************************************************************
ok: [localhost]
TASK [common : install epel] ******************************************************************************
ok: [localhost]
TASK [nginx : install nginx] ******************************************************************************
ok: [localhost]
TASK [nginx : replace index.html] *************************************************************************
changed: [localhost]
TASK [nginx : nginx start] ********************************************************************************
ok: [localhost]
PLAY RECAP *********************************************************************************************************************************************************************************************************************************
localhost : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@localhost ansible-playbook-sample]#
root@localhost ansible-playbook-sample]# curl 192.168.16.101
hello, production ansible
[root@localhost ansible-playbook-sample]#
6 - Ansible进阶
- 常用模块:Ansible功能的实现依赖于具体的模块
- Tag:只执行指定的任务
- Dynamic Inventory:从外部动态获取Inventory(主机列表)
- Ansible Galaxy:从网络获取使用roles并使用
- Ansible Tower:基于web的仪表板以及通过REST API对Ansible操作
行动是绝望的解药!
欢迎转载和引用,但请在明显处保留原文链接和原作者信息!
本博客内容多为个人工作与学习的记录,少数内容来自于网络并略有修改,已尽力标明原文链接和转载说明。如有冒犯,即刻删除!
以所舍,求所得,有所获,方所成。
