Ansible学习-认识
运维工具-批量处理工具ansible
ansible是基于SSH程序及协议、端口来运行的,所以ansible并没有守护进程,也没有独立的端口号;ansible是python语言开发的,他的所有模块都是python语言来开发的。
安装:yum install -y ansible
1. 配置文件:/etc/ansible/ansible.cfg
[defaults] # some basic default values... #inventory = /etc/ansible/hosts #清单文件 #library = /usr/share/my_modules/ #module_utils = /usr/share/my_module_utils/ #remote_tmp = ~/.ansible/tmp #远程主机的临时文件,主要存储python模块的 #local_tmp = ~/.ansible/tmp #本地主机的临时文件,会在ansible程序运行时产生文件。 #plugin_filters_cfg = /etc/ansible/plugin_filters.yml #forks = 5 #并发数量 #poll_interval = 15 #sudo_user = root #ask_sudo_pass = True #ask_pass = True #transport = smart #remote_port = 22 #可以定义远程主机的ssh端口,这个变量是全局的,如果是个别的主机ssh端口不一致,可以在hosts文件里定义:IP+PORT #module_lang = C #module_set_locale = False #host_key_checking = False #连接时是否检查密钥,也可以编辑/etc/ssh/ssh_config文件的ScriptHostKeyChecking选项 #log_path = /var/log/ansible.log #日志文件,建议打开
2. 清单文件:/etc/ansible/hosts
[server] #分组,假设这里是server组 192.168.3.[100:102] #这里定义主机名或ip,可以使用通配符
可以使用命令--list查看
[root@master01 ~]# ansible all --list #all表示所有分组 hosts (3): 192.168.3.100 192.168.3.101 192.168.3.102 [root@master01 ~]# ansible server --list #server表示该分组 hosts (3): 192.168.3.100 192.168.3.101 192.168.3.102
现在使用ansible命令批量处理就可以了:
[root@master01 ~]# ansible-doc -s ping #ansible-doc 为帮助文件,-s为轻量级输出 Ping为一个python语言写的模块,调用这个模块可以测试主机连通性 - name: Try to connect to host, verify a usable python and return `pong' on success ping: data: # Data to return for the `ping' return value. If this parameter is set to `crash', the module will cause an exception. # pong为连通状态,SUCCESS
由于没有做ssh密钥认证,所以执行结果为:
[root@master01 ~]# ansible all -m ping 192.168.3.100 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.3.100' (ECDSA) to the list of known hosts.\r\nroot@192.168.3.100: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true } 192.168.3.101 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.3.101' (ECDSA) to the list of known hosts.\r\nroot@192.168.3.101: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true } 192.168.3.102 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.3.102' (ECDSA) to the list of known hosts.\r\nroot@192.168.3.102: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true } #结果显示为不认识主机,被权限阻止了。
那么就写一个脚本,使用sshpass(dnf install sshpass)命令来批量添加主机ssh密钥:
[root@master01 ansible]# cat ssh-script.sh #!/bin/bash sed -i 's/^#.*StrictHostKeyChecking ask$/StrictHostKeyChecking no/' /etc/ssh/ssh_config #修改ssh连接远程主机时查看key的请求 ssh-keygen -f /root/.ssh/id_rsa -P '' #无交互式创建ssh私钥 IP=192.168.3 for i in {100..102};do sshpass -p wuhuanchn ssh-copy-id $IP.$i #sshpass实现无交互式发送ssh密钥,主要用于批量处理 done # for循环批量处理
验证:
[root@master01 ansible]# cat /root/.ssh/known_hosts 192.168.3.100 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFYjmWK67S8vN9laDK3bAR/zudMbMmDvy6nWfpK8Kle6Tjv6i9vzKm8RblA8PAmI+nbnwoxSyu5Iuo3koXzOFqE= 192.168.3.101 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPHyFtTGduOh9w1/0miX2GAwQ0VsUQ3EQlUKR5pHPk5HU4b8w/isNSrUD39CLhlKq5qMfY+xKYC2ezzQjCfQ770= 192.168.3.102 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBM4HhlXlkNvNKel+IpDUtKY1a31r6OQzrhpTn09fTMyMuJXVKII7vVyvmlxlkRP7ESuoLmHZ+p1uT4+F3jTM7ec=
确实已完成主机添加,再次执行ping命令:
[root@master01 ansible]# ansible all -m ping 192.168.3.100 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } 192.168.3.101 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } 192.168.3.102 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" }
至此,我们基本完成了ansible的环境配置,下面再介绍一个ansible的重要命令:
1. ansible-galaxy,galaxy为一整套playbook的集合,详细查询galaxy的访问地址:
https://galaxy.ansible.com/
基本用法:
[root@master01 ansible]# ansible-galaxy collection install ericsysmin.docker Process install dependency map Starting collection install process Installing 'ericsysmin.docker:0.1.1' to '/root/.ansible/collections/ansible_collections/ericsysmin/docker' #其实install命令也只是下载,下载目录就是:/root/.ansible/collections/ansible_collections/ericsysmin/docker
后面继续介绍
2. ansible-vault:可以给自己写的Playbook文件进行加密
[root@master01 ~]# ansible-vault --help
encrypt #加密
decrypt #解密
3. ansible-console命令,是一个交互式命令,进入后显示信息为:[user用户名]@分组[默认为all](主机数量)[f:5(forks数量为5)]
以上均可以修改,分组可以使用cd 组名来修改;list查看分组下哪些主机。forks可以直接用forks 10来进行修改
[root@master01 ~]# ansible-console Welcome to the ansible console. Type help or ? to list commands. root@all (3)[f:5]$ list 192.168.3.100 192.168.3.101 192.168.3.102 root@all (3)[f:5]$ cd server root@server (3)[f:5]$ list 192.168.3.100 192.168.3.101 192.168.3.102 root@server (3)[f:5]$ forks 1 root@server (3)[f:1]$ forks 10 root@server (3)[f:10]$ cat /etc/redhat-release 192.168.3.100 | CHANGED | rc=0 >> CentOS Linux release 8.4.2105 192.168.3.101 | CHANGED | rc=0 >> CentOS Linux release 8.4.2105 192.168.3.102 | CHANGED | rc=0 >> CentOS Linux release 8.4.2105
收集3台主机内存使用信息,均使用的是默认模块【command】:
root@server (3)[f:10]$ free -h
192.168.3.100 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 7.6Gi 2.0Gi 148Mi 65Mi 5.4Gi 5.3Gi
Swap: 0B 0B 0B
192.168.3.101 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 7.6Gi 1.6Gi 340Mi 26Mi 5.6Gi 5.6Gi
Swap: 0B 0B 0B
192.168.3.102 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 7.6Gi 4.2Gi 613Mi 56Mi 2.7Gi 3.0Gi
Swap: 0B 0B 0B
关于模块介绍,将重新开一个博客
浙公网安备 33010602011771号