Ansible 运维自动化 ( 配置管理工具 )
一、关于Ansible
Ansible是一个自动化部署工具;Ansible通过SSH协议实现远程节点和管理节点之间的通信。理论上说,只要管理员通过ssh登录到一台远程主机上能做的操作,Ansible都可以做到。Ansible是python开发的,故依赖一些python库和组件,如:paramiko,PyYaml和jinja三个关键组件。
1、安装epel源
RHEL/CentOS 6:
# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
RHEL/CentOS 7:
# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
2、安装Ansible
[root@n1 ~]# yum install ansible -y
3、目录结构
[root@n1 ~]# tree /etc/ansible/
/etc/ansible/
|-- ansible.cfg
|-- hosts
`-- roles
1 directory, 2 files
#Ansible 定义主机、组规则的配置文件
vim /etc/ansible/hosts www.abc.com # 定义域名 192.168.1.100 # 定义 IP 192.168.1.150:37268 # 指定端口号 [WebServer] # 定义分组 192.168.1.10 192.168.1.20 192.168.1.30 [DBServer] # 定义多个分组 192.168.1.50 192.168.1.60 Monitor ansible_ssh_port=12378 ansible_ssh_host=192.168.1.200 # 定义别名 # ansible_ssh_host 连接目标主机的地址 # ansible_ssh_port 连接目标主机的端口,默认 22 时无需指定 # ansible_ssh_user 连接目标主机默认用户 # ansible_ssh_pass 连接目标主机默认用户密码 # ansible_ssh_connection 目标主机连接类型,可以是 local 、ssh 或 paramiko # ansible_ssh_private_key_file 连接目标主机的 ssh 私钥 # ansible_*_interpreter 指定采用非 Python 的其他脚本语言,如 Ruby 、Perl 或其他类似 ansible_python_interpreter 解释器 [webservers] # 主机名支持正则描述 www[01:50].example.com [dbservers] db-[a:f].example.com
#ansible-doc 获取帮助信息
ansible模块比较多,可以通过ansible-doc --help 显示帮助信息 [root@n1 ~]# ansible-doc --help Usage: ansible-doc [-l|-F|-s] [options] [-t <plugin type> ] [plugin] plugin documentation tool Options: -a, --all **For internal testing only** Show documentation for all plugins. -h, --help show this help message and exit -j, --json **For internal testing only** Dump json metadata for all plugins. -l, --list List available plugins -F, --list_files Show plugin names and their source files without summaries (implies --list) -M MODULE_PATH, --module-path=MODULE_PATH prepend colon-separated path(s) to module library (default=[u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']) -s, --snippet Show playbook snippet for specified plugin(s) -t TYPE, --type=TYPE Choose which plugin type (defaults to "module") -v, --verbose verbose mode (-vvv for more, -vvvv to enable connection debugging) --version show program's version number and exit See man pages for Ansible CLI options or website for tutorials https://docs.ansible.com
4、查看ansible版本
[root@n1 ~]# ansible --version
ansible 2.6.4
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.6.6 (r266:84292, Aug 18 2016, 15:13:37) [GCC 4.4.7 20120313 (Red Hat 4.4.7-17)]
5、hosts 文件添加被管理机
[root@n1 ~]# vi /etc/ansible/hosts
# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
[webservers]
m1.gree.com
m2.gree.com
6、配置/etc/hosts
192.168.1.8 n1.gree.com 192.168.1.4 m1.gree.com 192.168.1.6 m2.gree.com
7、ssh-keygen认证
[root@n1 ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: f4:53:3b:17:15:4b:30:39:c5:1d:7e:bf:75:d7:cb:5d root@n1.gree.com The key's randomart image is: +--[ RSA 2048]----+ | o===| | o+oo| | . . oo.| | . . . . .+| | S o o . E| | . o. O| | +.| | | | | +-----------------+ [root@n1 ~]# ssh-copy-id -i ~/.ssh/id_rsa 192.168.1.4 The authenticity of host '192.168.1.4 (192.168.1.4)' can't be established. RSA key fingerprint is ac:e2:3b:c8:eb:4c:af:a2:83:ac:7c:51:13:22:95:5d. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.4' (RSA) to the list of known hosts. root@192.168.1.4's password: Now try logging into the machine, with "ssh '192.168.1.4'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. #测试登录 [root@n1 ~]# ssh m1.gree.com The authenticity of host 'm1.gree.com (192.168.1.4)' can't be established. RSA key fingerprint is ac:e2:3b:c8:eb:4c:af:a2:83:ac:7c:51:13:22:95:5d. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'm1.gree.com' (RSA) to the list of known hosts. Last login: Fri Nov 9 14:52:03 2018 from 120.236.245.14 [root@m1 ~]# exit
二、ansible常用模块
2.1、ansible 使用格式
HOST-PATTERN #匹配主机模式,如all表示所有主机
-m MOD_NAME #模块名 如:ping
-a MOD_ARGS #模块执行的参数
-f FORKS #生成几个子进行程执行
-C #(不执行,模拟跑)
-u Username #某主机的用户名
-c CONNection #连接方式(default smart) 示例:
#查看IP地址
[root@n1 ~]# ansible all -m shell -a "ifconfig"
m2.gree.com | SUCCESS | rc=0 >>
eth0 Link encap:Ethernet HWaddr 52:54:00:2F:CA:4A
inet addr:192.168.1.6 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60690 errors:0 dropped:0 overruns:0 frame:0
TX packets:53579 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15046135 (14.3 MiB) TX bytes:6350897 (6.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
m1.gree.com | SUCCESS | rc=0 >>
eth0 Link encap:Ethernet HWaddr 52:54:00:98:4B:1D
inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:42579 errors:0 dropped:0 overruns:0 frame:0
TX packets:32927 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:27319373 (26.0 MiB) TX bytes:5283478 (5.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
2.2、copy模块
从本地copy文件分发到目录主机路径
参数说明:
src= 源文件路径
dest= 目标路径
注意src= 路径后面带/ 表示带里面的所有内容复制到目标目录下,不带/是目录递归复制过去
content= 自行填充的文件内容
owner 属主
group 属组
mode权限
[root@n1 tmp]# ansible all -m copy -a "src=/tmp/1.txt dest=/tmp/1.txt mode=644"
m2.gree.com | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/1.txt",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1541754612.03-46738208597425/source",
"state": "file",
"uid": 0
}
m1.gree.com | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/1.txt",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1541754612.03-181393664674709/source",
"state": "file",
"uid": 0
}
2.3 fetch模块
从远程主机拉取文件到本地
示例
[root@n1 tmp]# ansible all -m fetch -a "src=/tmp/2.txt dest=/tmp"
m1.gree.com | SUCCESS => {
"changed": false,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/m1.gree.com/tmp/2.txt",
"file": "/tmp/2.txt",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e"
}
m2.gree.com | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/m2.gree.com/tmp/2.txt",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
[root@n1 tmp]# ll
total 24
-rw-r--r-- 1 root root 0 Nov 9 17:09 1.txt
-rw-r--r-- 1 root root 3018 Nov 9 14:48 cvm_init.log
drwxr-xr-x 3 root root 4096 Nov 9 17:19 m1.gree.com
drwxr-xr-x 3 root root 4096 Nov 9 17:20 m2.gree.com
-rw-r--r-- 1 root root 797 Nov 9 14:48 net_affinity.log
-rw-r--r-- 1 root root 26 Nov 9 14:48 nv_gpu_conf.log
-rw-r--r-- 1 root root 192 Nov 9 14:48 setRps.log
[root@n1 tmp]# cd m2.gree.com/
[root@n1 m2.gree.com]# ll
total 4
drwxr-xr-x 2 root root 4096 Nov 9 17:20 tmp
[root@n1 m2.gree.com]# cd tmp/
[root@n1 tmp]# ll
total 0
-rw-r--r-- 1 root root 0 Nov 9 17:20 2.txt
2.3、command模块
在远程主机上执行命令,属于裸执行,非键值对显示;不进行shell解析;
[root@n1 tmp]# ansible all -m command -a "ifconfig"
m2.gree.com | SUCCESS | rc=0 >>
eth0 Link encap:Ethernet HWaddr 52:54:00:2F:CA:4A
inet addr:192.168.1.6 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:85804 errors:0 dropped:0 overruns:0 frame:0
TX packets:78728 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17782454 (16.9 MiB) TX bytes:9652720 (9.2 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
2.4、shell模块
由于commnad只能执行裸命令(即系统环境中有支持的命令),至于管道之类的功能不支持,
shell模块可以做到
[root@n1 tmp]# ansible all -m shell -a "ifconfig|grep lo" m1.gree.com | SUCCESS | rc=0 >> lo Link encap:Local Loopback m2.gree.com | SUCCESS | rc=0 >> lo Link encap:Local Loopback
2.5、file模块
设置文件属性(创建文件)
常用参数:
path目标路径
state directory为目录,link为软件链接
group 目录属组
owner 属主
等,其他参数通过ansible-doc -s file 获取
示例1:创建目录
[root@n1 tmp]# ansible all -m file -a "path=/tmp/hello state=directory"
m1.gree.com | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/hello",
"size": 4096,
"state": "directory",
"uid": 0
}
2.6、
参考:
http://blog.51cto.com/dyc2005/2070729
https://www.cnblogs.com/wangxiaoqiangs/p/5685239.html
浙公网安备 33010602011771号