1.anisble 简介
anisble 是一款自动化运维工具,基于Python开发,集合了众多运维工具(puppet、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
ansible只是提供一种框架。主要包括:
(1)连接插件:负责和被监控端实现通信;
(2)host inventory :指定操作的主机,是一个配置文件里面定义监控的主机
(3)各种模块核心模块,command 模块,自定义模块。
(4)借助于插件完成记录日志邮件等功能;
(5)playbook :剧本执行多个任务时,非必要可以让节点一次性运行多个任务。

ansible 架构图:
自动化运维工具ansible详细介绍以模块的使用_第1张图片
上图中我们看到的主要模块如下:

Ansible:Ansible核心程序。
HostInventory:记录由Ansible管理的主机信息,包括端口、密码、ip等。
Playbooks:“剧本”YAML格式文件,多个任务定义在一个文件中,定义主机需要调用哪些模块来完成的功能。
CoreModules:核心模块,主要操作是通过调用核心模块来完成管理任务。
CustomModules:自定义模块,完成核心模块无法完成的功能,支持多种语言。
ConnectionPlugins:连接插件,Ansible和Host通信使用

ansible安装
实验说明

服务角色 ip 系统及所需软件
主控主机 192.168.55.130 centos7 ansible
受控主机 192.168.55.129 centos7 
安装yum源
[root@yanyinglai ~]# cd /etc/yum.repos.d/
[root@yanyinglai yum.repos.d]# curl -o 163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
[root@yanyinglai yum.repos.d]# sed -i 's/\$releasever/7/g' 163.repo
[root@yanyinglai yum.repos.d]# sed -i 's/^enabled=.*/enabled=1/g' 163.repo
[root@yanyinglai yum.repos.d]# yum -y install epel-release

安装ansible
[root@yanyinglai yum.repos.d]# yum -y install ansible ansible-doc

查看ansible的版本
[root@yanyinglai yum.repos.d]# ansible --version
ansible 2.6.3
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

ansible配置
ansible配置文件:
配置文件                                               说明
/etc/ansible/ansible.cfg                      ansible主配置文件
/etc/ansible/hosts                               受控主机清单

受控主机清单配置方式:
•分组配置
•ip配置
•域名配置
•通配符配置
ansible通过ssh来控制远程主机,所以要配置ssh互信,否则将会提示你输入密码

[root@yanyinglai ~]# ssh-keygen -t rsa   //使用ssh-keygen 创建公钥-私钥对
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:CibhCzCCgPi1gjIm4ypUWJhkyDCp8Mj1QudN2Wu/akg root@yanyinglai
The key's randomart image is:
+---[RSA 2048]----+
|@+o     o        |
|X= +.. o .       |
|O=*.+.o   .      |
|@*++.o . o       |
|*o+.+   S .      |
| + + . E   .     |
|o .   o .   .    |
|o      . . .     |
|.       ...      |
+----[SHA256]-----+

[root@yanyinglai ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]        //使用 ssh-copy-id 将公钥复制到受控上的正确位置
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.55.129 (192.168.55.129)' can't be established.
ECDSA key fingerprint is SHA256:7mLj77SFk7sPkhjpMPfdK3nZ98hOuyP4OKzjXeijSJ0.
ECDSA key fingerprint is MD5:a0:1b:eb:7f:f0:b6:7b:73:97:91:4c:f3:b1:89:d8:ea.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

将受控主机信息加入清单配置文件中
[root@yanyinglai ~]# vim /etc/ansible/hosts
//添加以下内容
[webservers] //组名
192.168.55.129//受控主机IP

ansible使用
ansible webservers组名或受控主机IP -m 模块名 -a ‘命令’

ansible如何获取帮助
ansible通过ansible-doc命令来获取帮助信息,可以使用此命令的-s选项来获取指定模块的帮助信息。
//查询service模块的帮助文档
[root@yanyinglai ~]# ansible-doc -s service
- name: Manage services
  service:
      arguments:             # Additional arguments provided on
                               line
      enabled:               # Whether the service should start
                               least one of
                               state and enabled
                               are required.*
      name:                  # (required) Name of the service.
      pattern:               # If the service does not respond
                               command, name a
                               substring to look
                               for as would be
                               found in the
                               output of the
                               `ps' command as a
                               stand-in for a

ansible常用模块使用详解
ansible常用模块有:
 ping
 yum
template
copy
user
group
service
raw
command
shell
script

ansible常用模块raw ,command,shell的区别

shell 模块调用的/bin/sh指令执行
command模块不是调用的shell的指令,所以没有bash的环境变量
raw很多地方和shell类似,更多地方建议使用shell和command模块。但是如果是使用老版本Python,需要用到raw,又或者是客户端是路由器,因为没有安装Python模块,那就需要使用raw模块了。

ansible常用模块之ping
ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong
[root@yanyinglai ~]# ansible all -m ping
192.168.55.129 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

ansible 常用模块之command
command模块用于在远程主机上执行命令,ansible默认就是使用command模块 
缺陷:就是不能使用管道符和重定向功能

查看受控主机的/tmp目录内容
[root@yanyinglai ~]# ansible 192.168.55.129 -a 'ls /tmp'
192.168.55.129 | SUCCESS | rc=0 >>
ansible_mHvKbh
ks-script-ubrQPY
systemd-private-d073b6cf2d8c4928a7ea533db6a27d95-chronyd.service-Z4raq3
systemd-private-d073b6cf2d8c4928a7ea533db6a27d95-systemd-hostnamed.service-HSwEIa

在受控主机的/tmp目录下新建一个文件test
[root@yanyinglai ~]# ansible 192.168.55.129 -a 'touch /tmp/test'
[WARNING]: Consider using the file module with state=touch rather than running
touch.  If you need to use command because file is insufficient you can add
warn=False to this command task or set command_warnings=False in ansible.cfg to
get rid of this message.

192.168.55.129 | SUCCESS | rc=0 >>

[root@yanyinglai ~]# ansible 192.168.55.129 -a 'ls /tmp'
192.168.55.129 | SUCCESS | rc=0 >>
ansible_Fl9jFS
ks-script-ubrQPY
systemd-private-d073b6cf2d8c4928a7ea533db6a27d95-chronyd.service-Z4raq3
systemd-private-d073b6cf2d8c4928a7ea533db6a27d95-systemd-hostnamed.service-HSwEIa
systemd-private-d073b6cf2d8c4928a7ea533db6a27d95-vgauthd.service-JcKLmk
systemd-private-d073b6cf2d8c4928a7ea533db6a27d95-vmtoolsd.service-taZqEB
systemd-private-ebf89dd80707441f87cc25628094a3ef-chronyd.service-7IFbjd
systemd-private-ebf89dd80707441f87cc25628094a3ef-vgauthd.service-j8UNnT
systemd-private-ebf89dd80707441f87cc25628094a3ef-vmtoolsd.service-rWMy2z
test

command模板不支持管道符,不支持重定向
[root@yanyinglai ~]# ansible 192.168.55.129 -a "echo 'hello world' > /tmp/test"
192.168.55.129 | SUCCESS | rc=0 >>
hello world > /tmp/test

[root@yanyinglai ~]# ansible 192.168.55.129 -a 'cat /tmp/test'
192.168.55.129 | SUCCESS | rc=0 >>

[root@yanyinglai ~]# ansible 192.168.55.129 -a 'ps -ef|grep vsftpd'
192.168.55.129 | FAILED | rc=1 >>
error: unsupported SysV option

Usage:
ps [options]

Try 'ps --help '
  or 'ps --help '
for additional help text.

For more details see ps(1).non-zero return code

ansible常用模块之raw

raw模块用于在受控主机上执行命令,其支持管道符与重定向

支持重定向
[root@yanyinglai ~]# ansible 192.168.55.129 -m raw -a 'echo "hello world" > /tmp/test'
192.168.55.129 | SUCCESS | rc=0 >>
Shared connection to 192.168.55.129 closed.

[root@yanyinglai ~]# ansible 192.168.55.129 -a 'cat /tmp/test'
192.168.55.129 | SUCCESS | rc=0 >>
hello world

支持管道符
[root@yanyinglai ~]# ansible 192.168.55.129 -m raw -a 'cat /tmp/test |grep -Eo hello'
192.168.55.129 | SUCCESS | rc=0 >>
hello
Shared connection to 192.168.55.129 closed.

ansible常用模块之shell

shell模块用于在受控主机上执行受控主机上的脚本,也可以直接在受控主机上执行命令
shell模块也支持管道与重定向
先受控主机建一个脚本
[root@yanyinglai ~]# mkdir /scripts
[root@yanyinglai ~]# cat /scripts/test.sh
#!/bin/bash

for i in $(seq 10);do
    echo $i
done

查看受控主机上的脚本
[root@yanyinglai ~]# ansible 192.168.55.129 -a 'ls -l /scripts/'
192.168.55.129 | SUCCESS | rc=0 >>
总用量 4
-rw-r--r--. 1 root root 52 9月  10 18:49 test.sh

使用shell模块在受控主机上执行受控机上的脚本
[root@yanyinglai ~]# ansible 192.168.55.129 -m shell -a '/bin/bash /scripts/test.sh'
192.168.55.129 | SUCCESS | rc=0 >>
1
2
3
4
5
6
7
8
9
10

ansible常用模块之script

script模块用于在受控机上执行主控主机上的脚本

[root@yanyinglai ~]# ansible 192.168.55.129 -m script -a '/scripts/yan.sh &> /tmp/users'
192.168.55.129 | SUCCESS => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 192.168.55.129 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 192.168.55.129 closed."
    ],
    "stdout": "",
    "stdout_lines": []
}

查看受控机上的/tmp/users文件内容
[root@yanyinglai ~]# ansible 192.168.55.129 -m shell -a 'cat /tmp/users'
192.168.55.129 | SUCCESS | rc=0 >>
root:x:0:0:root:/root:/bin/bash
----------------------
bin:x:1:1:bin:/bin:/sbin/nologin
----------------------
daemon:x:2:2:daemon:/sbin:/sbin/nologin
----------------------
adm:x:3:4:adm:/var/adm:/sbin/nologin
----------------------
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
----------------------
sync:x:5:0:sync:/sbin:/bin/sync
----------------------
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
----------------------
halt:x:7:0:halt:/sbin:/sbin/halt
----------------------
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
----------------------
operator:x:11:0:operator:/root:/sbin/nologin
----------------------
games:x:12:100:games:/usr/games:/sbin/nologin
----------------------
ftp:x:14:50:FTP
----------------------
User:/var/ftp:/sbin/nologin
----------------------
nobody:x:99:99:Nobody:/:/sbin/nologin
----------------------
systemd-network:x:192:192:systemd
----------------------
Network
----------------------
Management:/:/sbin/nologin
----------------------
dbus:x:81:81:System
----------------------
message
----------------------
bus:/:/sbin/nologin
----------------------
polkitd:x:999:997:User
----------------------
for
----------------------
polkitd:/:/sbin/nologin
----------------------
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
----------------------
sshd:x:74:74:Privilege-separated
----------------------
SSH:/var/empty/sshd:/sbin/nologin
----------------------
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
----------------------
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
----------------------

ansible常用模块之template

template模块用于生成一个模块,并将其传输到受控主机上

下载一个163源文件并开启此源

[root@yanyinglai ~]# cd /etc/yum.repos.d/
[root@yanyinglai yum.repos.d]# curl -o 163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:--100  1572  100  1572    0     0   5255      0 --:--:-- --:--:-- --:--:--  5383
[root@yanyinglai yum.repos.d]# sed -i 's/\$releasever/7/g' 163.repo
[root@yanyinglai yum.repos.d]#  sed -i 's/^enabled=.*/enabled=1/g' 163.repo

将设置好的163源传到受控主机上
[root@yanyinglai ~]# ansible 192.168.55.129  -m template -a 'src=/etc/yum.repos.d/163.repo dest=/etc/yum.repos.d/163.repo'
192.168.55.129 | SUCCESS => {
    "changed": true,
    "checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
    "dest": "/etc/yum.repos.d/163.repo",
    "gid": 0,
    "group": "root",
    "md5sum": "5a3e688854d9ceccf327b953dab55b21",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:system_conf_t:s0",
    "size": 1462,
    "src": "/root/.ansible/tmp/ansible-tmp-1536580825.25-219729472958888/source",
    "state": "file",
    "uid": 0
}

查看受控主机上是否有163源
[root@yanyinglai ~]# ansible 192.168.55.129 -a 'ls /etc/yum.repos.d/'
192.168.55.129 | SUCCESS | rc=0 >>
163.repo
CentOS-Base.repo
CentOS-CR.repo
CentOS-Debuginfo.repo
CentOS-fasttrack.repo
CentOS-Media.repo
CentOS-Sources.repo
CentOS-Vault.repo

ansible常用模块之yum

yum模块用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个
•name:要管理的包名
•state:要执行的操作
state常用的值:
•latest:安装软件
•installd:安装软件
•present :安装软件
•removed:卸载软件
•absent:卸载软件
如果想使用yum来管理软件,请确保受控主机上的yum源无异常

在受控机上查询vsftpd是否安装

[root@yanyinglai ~]# rpm -qa|grep vsftpd
[root@yanyinglai ~]#

在ansible主机上使用yum模块在受控机上安装vsftpd

[root@yanyinglai ~]# ansible 192.168.55.129 -m yum -a 'name=vsftpd state=present'
192.168.55.129 | SUCCESS => {
    "changed": true,
    "msg": "Repository base is listed more than once in the configuration\nRepository updates is listed more than once in the configuration\nRepository extras is listed more than once in the configuration\nRepository centosplus is listed more than once in the configuration\nfile:///mnt/repodata/repomd.xml: [Errno 14] curl#37 - \"Couldn't open file /mnt/repodata/repomd.xml\"\nTrying other mirror.\n",
    "rc": 0,
    "results": [
        "Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\nResolving Dependencies\n--> Running transaction check\n---> Package vsftpd.x86_64 0:3.0.2-22.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package          Arch             Version                 Repository      Size\n================================================================================\nInstalling:\n vsftpd           x86_64           3.0.2-22.el7            base           169 k\n\nTransaction Summary\n================================================================================\nInstall  1 Package\n\nTotal download size: 169 k\nInstalled size: 348 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n  Installing : vsftpd-3.0.2-22.el7.x86_64                                   1/1 \n  Verifying  : vsftpd-3.0.2-22.el7.x86_64                                   1/1 \n\nInstalled:\n  vsftpd.x86_64 0:3.0.2-22.el7                                                  \n\nComplete!\n"
    ]
}

查看受控机上是否安装了vsftpd
[root@yanyinglai ~]# rpm -qa|grep vsftpd
vsftpd-3.0.2-22.el7.x86_64

ansible常见模块之copy
copy模块用于复制文件至远程受控机
[root@yanyinglai ~]# ls
anaconda-ks.cfg
[root@yanyinglai ~]# ansible 192.168.55.129 -m copy -a 'src=/root/anaconda-ks.cfg dest=/tmp/yyl'
192.168.55.129 | SUCCESS => {
    "changed": true,
    "checksum": "1ac780f24dff3351db9322fdf9853ebbe27e39bd",
    "dest": "/tmp/yyl",
    "gid": 0,
    "group": "root",
    "md5sum": "8f8da0d3c4e5d61fa5496f12ee82b73f",
    "mode": "0644",
    "owner": "root",
    "secontext": "unconfined_u:object_r:admin_home_t:s0",
    "size": 1287,
    "src": "/root/.ansible/tmp/ansible-tmp-1536582597.03-118106324399653/source",
    "state": "file",
    "uid": 0
}
[root@yanyinglai ~]# ansible 192.168.55.129 -a 'ls /tmp'
192.168.55.129 | SUCCESS | rc=0 >>
ansible_xYcnC6
ks-script-ubrQPY
systemd-private-d073b6cf2d8c4928a7ea533db6a27d95-chronyd.service-Z4raq3
systemd-private-d073b6cf2d8c4928a7ea533db6a27d95-systemd-hostnamed.service-HSwEIa
systemd-private-d073b6cf2d8c4928a7ea533db6a27d95-vgauthd.service-JcKLmk
systemd-private-d073b6cf2d8c4928a7ea533db6a27d95-vmtoolsd.service-taZqEB
systemd-private-ebf89dd80707441f87cc25628094a3ef-chronyd.service-7IFbjd
systemd-private-ebf89dd80707441f87cc25628094a3ef-vgauthd.service-j8UNnT
systemd-private-ebf89dd80707441f87cc25628094a3ef-vmtoolsd.service-rWMy2z
test
users
yum.log
yyl
ansible常用模块之group

group模块用于受控主机上添加或删除组

在受控主机上添加一个系统组,gid为306,组名为mysql[root@yanyinglai ~]# ansible 192.168.55.129 -m group -a 'name=mysql gid=306 state=present'
192.168.55.129 | SUCCESS => {
    "changed": true,
    "gid": 306,
    "name": "mysql",
    "state": "present",
    "system": false
}删除受控主机上的mysql组
[root@yanyinglai ~]# ansible 192.168.55.129 -m group -a 'name=mysql gid=306 state=absent'
192.168.55.129 | SUCCESS => {
    "changed": true,
    "name": "mysql",
    "state": "absent"
}
[root@yanyinglai ~]# ansible 192.168.55.129 -a 'grep mysql /etc/group'
192.168.55.129 | FAILED | rc=1 >>
non-zero return code
ansible 常用模块之useruser模块用于管理受控主机上的用户账户在受控主机上添加一个系统用户,用户名为mysql,uid为306,设置其shell为/sbin/nologin 无家目录[root@yanyinglai ~]# ansible 192.168.55.129 -m user -a 'name=mysql uid=306 system=yes create_home=no shell=/sbin/nologin state=present'
192.168.55.129 | SUCCESS => {
    "changed": true,
    "comment": "",
    "create_home": false,
    "group": 306,
    "home": "/home/mysql",
    "name": "mysql",
    "shell": "/sbin/nologin",
    "state": "present",
    "system": true,
    "uid": 306
}[root@yanyinglai ~]# ansible 192.168.55.129 -m shell -a 'grep mysql /etc/passwd'
192.168.55.129 | SUCCESS | rc=0 >>
mysql:x:306:306::/home/mysql:/sbin/nologin
[root@yanyinglai ~]# ansible 192.168.55.129 -m shell -a 'ls /home'
192.168.55.129 | SUCCESS | rc=0 >>//修改mysql用户的uid为366[root@yanyinglai ~]# ansible 192.168.55.129 -m user -a 'name=mysql uid=366'
192.168.55.129 | SUCCESS => {
    "append": false,
    "changed": true,
    "comment": "",
    "group": 306,
    "home": "/home/mysql",
    "move_home": false,
    "name": "mysql",
    "shell": "/sbin/nologin",
    "state": "present",
    "uid": 366
}[root@yanyinglai ~]# ansible 192.168.55.129 -a 'grep mysql /etc/passwd'
192.168.55.129 | SUCCESS | rc=0 >>
mysql:x:366:306::/home/mysql:/sbin/nologin
删除受控主机上的mysql用户
[root@yanyinglai ~]# ansible 192.168.55.129 -m user -a 'name=mysql state=absent'
192.168.55.129 | SUCCESS => {
    "changed": true,
    "force": false,
    "name": "mysql",
    "remove": false,
    "state": "absent"
}

[root@yanyinglai ~]# ansible 192.168.55.129 -a 'grep mysql /etc/passwd'
192.168.55.129 | FAILED | rc=1 >>
non-zero return code
ansible常用模块之serviceservice模块用于管理受控机上的服务查看受控机上的vsftpd服务是否启动[root@yanyinglai ~]# ansible 192.168.55.129 -a 'systemctl is-active vsftpd'
192.168.55.129 | FAILED | rc=3 >>
unknownnon-zero return code
启动受控机上的vsftpd服务[root@yanyinglai ~]# ansible 192.168.55.129 -m service -a 'name=vsftpd state=started'
192.168.55.129 | SUCCESS => {
查看受控机上的vsftpd服务是否开机自启动[root@yanyinglai ~]# ansible 192.168.55.129 -a 'systemctl is-enabled vsftpd'
192.168.55.129 | FAILED | rc=1 >>
disablednon-zero return code
设置受控机上的vsftpd服务开机自动启动[root@yanyinglai ~]# ansible 192.168.55.129 -m service -a 'name=vsftpd enabled=yes'
192.168.55.129 | SUCCESS => {
    "changed": true,
    "enabled": true,
    "name": "vsftpd",
    "status": {        "ActiveEnterTimestamp": "一 2018-09-10 21:03:59 CST",
查看受控机上的vsftpd服务是否开机自动启动[root@yanyinglai ~]# ansible 192.168.55.129 -m shell -a 'systemctl is-enabled vsftpd'
192.168.55.129 | SUCCESS | rc=0 >>
enabled
停止受控机上的vsftpd服务[root@yanyinglai ~]# ansible 192.168.55.129 -m service -a 'name=vsftpd state=stopped'
192.168.55.129 | SUCCESS => {
    "changed": true,
    "name": "vsftpd",
    "state": "stopped",
[root@yanyinglai ~]# ansible 192.168.55.129 -m shell -a 'systemctl is-active vsftpd'
192.168.55.129 | FAILED | rc=3 >>
inactivenon-zero return code
[root@yanyinglai ~]# ansible 192.168.55.129 -m shell -a 'ss -antl'
192.168.55.129 | SUCCESS | rc=0 >>
State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN     0      128          *:22                       *:*                  
LISTEN     0      100    127.0.0.1:25                       *:*                  
LISTEN     0      128         :::22                      :::*                  
LISTEN     0      100        ::1:25                      :::*