ansible介绍:

  ansible是一个基于python开发的轻量级自动化运维管理工具,可以用来批量执行命令,安装程序,支持playbook编排。它通过ssh协议来连接主机,省去了在每一台主机安装客户端的麻烦,相对比puppet和saltstack,显得更为简单和轻量。


ansible命令参数:

Usage: ansible  [options]
Options:
  -a MODULE_ARGS, --args=MODULE_ARGS                                           模块的参数   
                        module arguments
  --ask-vault-pass      ask for vault password
  -B SECONDS, --background=SECONDS                                            异步运行,在X秒后失效
                        run asynchronously, failing after X seconds
                        (default=N/A)
  -C, --check           don't make any changes; instead, try to predict some                 测试运行后改变的内容,不会执行
                        of the changes that may occur
  -D, --diff            when changing (small) files and templates, show the                在更改文件时,可以显示文件的不同
                        differences in those files; works great with --check
  -e EXTRA_VARS, --extra-vars=EXTRA_VARS
                        set additional variables as key=value or YAML/JSON
  -f FORKS, --forks=FORKS
                        specify number of parallel processes to use
                        (default=5)
  -h, --help            show this help message and exit
  -i INVENTORY, --inventory-file=INVENTORY                                        指定hosts文件路径,默认为/etc/ansible/hosts
                        specify inventory host path
                        (default=/etc/ansible/hosts) or comma separated host
                        list.
  -l SUBSET, --limit=SUBSET                                                    指定pattern,对已经匹配的主机再过滤一次
                        further limit selected hosts to an additional pattern
  --list-hosts          outputs a list of matching hosts; does not execute                   打印匹配的主机,不执行命令
                        anything else
  -m MODULE_NAME, --module-name=MODULE_NAME                                        要执行的模块名字,默认模块为command
                        module name to execute (default=command)
  -M MODULE_PATH, --module-path=MODULE_PATH                                       要执行的模块路径,默认为/usr/share/ansible
                        specify path(s) to module library (default=None)
  --new-vault-password-file=NEW_VAULT_PASSWORD_FILE
                        new vault password file for rekey
  -o, --one-line        condense output                                      压缩输出
  --output=OUTPUT_FILE  output file name for encrypt or decrypt; use - for
                        stdout
  -P POLL_INTERVAL, --poll=POLL_INTERVAL
                        set the poll interval if using -B (default=15)
  --syntax-check        perform a syntax check on the playbook, but do not                    对playbook进行语法检测,不执行该playbook
                        execute it
  -t TREE, --tree=TREE  log output to this directory                                       把日志输出到该目录
  --vault-password-file=VAULT_PASSWORD_FILE
                        vault password file
  -v, --verbose         verbose mode (-vvv for more, -vvvv to enable
                        connection debugging)
  --version             show program's version number and exit
Connection Options:
    control as whom and how to connect to hosts
    -k, --ask-pass      ask for connection password                                       当使用密码验证登录的时候,提示输入ssh登录密码
    --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE                            私钥路径
                        use this file to authenticate the connection
    -u REMOTE_USER, --user=REMOTE_USER                                                 ssh连接的用户名,默认root
                        connect as this user (default=None)
    -c CONNECTION, --connection=CONNECTION
                        connection type to use (default=smart)
    -T TIMEOUT, --timeout=TIMEOUT                                                   ssh连接超时时间,默认10秒
                        override the connection timeout in seconds
                        (default=10)
    --ssh-common-args=SSH_COMMON_ARGS
                        specify common arguments to pass to sftp/scp/ssh (e.g.
                        ProxyCommand)
    --sftp-extra-args=SFTP_EXTRA_ARGS
                        specify extra arguments to pass to sftp only (e.g. -f,
                        -l)
    --scp-extra-args=SCP_EXTRA_ARGS
                        specify extra arguments to pass to scp only (e.g. -l)
    --ssh-extra-args=SSH_EXTRA_ARGS
                        specify extra arguments to pass to ssh only (e.g. -R)
  Privilege Escalation Options:
    control how and which user you become as on target hosts
    -s, --sudo          run operations with sudo (nopasswd) (deprecated, use  sudo运行
                        become)
    -U SUDO_USER, --sudo-user=SUDO_USER                                       sudo到哪个用户,默认为root
                        desired sudo user (default=root) (deprecated, use
                        become)
    -S, --su            run operations with su (deprecated, use become)
    -R SU_USER, --su-user=SU_USER
                        run operations with su as this user (default=root)
                        (deprecated, use become)
    -b, --become        run operations with become (does not imply password
                        prompting)
    --become-method=BECOME_METHOD
                        privilege escalation method to use (default=sudo),
                        valid choices: [ sudo | su | pbrun | pfexec | doas |
                        dzdo | ksu ]
    --become-user=BECOME_USER
                        run operations as this user (default=root)
    --ask-sudo-pass     ask for sudo password (deprecated, use become)
    --ask-su-pass       ask for su password (deprecated, use become)
    -K, --ask-become-pass



部署:

ansible环境:

  控制端:192.168.52.128

  节点:  192.168.52.128

       192.168.52.135


ansible安装:

# yum -y install ansible


ansible管理端ssh免认证登陆主机:

# ssh-keygen
# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]


配置Inventory主机清单:

# vim /etc/ansible/hosts
[testservers]
192.168.52.128
192.168.52.135


尝试ping模块,测试客户端连通性:  

# ansible all -m ping
192.168.52.135 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.52.128 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}


ansible常用模块:

执行命令:

shell和command:这两个模块都是运行命令的模块,区别是command模块不支持shell变量和管道。
# ansible all -m command -a "free -m"
192.168.52.135 | SUCCESS | rc=0 >>
             total       used       free     shared    buffers     cached
Mem:          1869       1481        388          1        190        572
-/+ buffers/cache:        718       1150 
Swap:         4047          5       4042 
192.168.52.128 | SUCCESS | rc=0 >>
             total       used       free     shared    buffers     cached
Mem:          1869       1771         98          0        153        472
-/+ buffers/cache:       1145        723 
Swap:         4047        216       3831 

# ansible all -m shell -a "free -m"       
192.168.52.135 | SUCCESS | rc=0 >>
             total       used       free     shared    buffers     cached
Mem:          1869       1481        388          1        190        572
-/+ buffers/cache:        718       1151 
Swap:         4047          5       4042 
192.168.52.128 | SUCCESS | rc=0 >>
             total       used       free     shared    buffers     cached
Mem:          1869       1779         90          0        153        472
-/+ buffers/cache:       1153        716 
Swap:         4047        216       3831 

# ansible all -m command -a "free -m | grep Swap"     
192.168.52.135 | SUCCESS | rc=0 >>
             total       used       free     shared    buffers     cached
Mem:          1869       1481        388          1        190        572
-/+ buffers/cache:        718       1151 
Swap:         4047          5       4042 
192.168.52.128 | SUCCESS | rc=0 >>
             total       used       free     shared    buffers     cached
Mem:          1869       1771         98          0        153        472
-/+ buffers/cache:       1145        724 
Swap:         4047        216       3831 

# ansible all -m shell -a "free -m | grep Swap"       
192.168.52.135 | SUCCESS | rc=0 >>
Swap:         4047          5       4042 
192.168.52.128 | SUCCESS | rc=0 >>
Swap:         4047        216       3831

  可以看到在不使用管道的时候shell和command两个模块是没有分别的,但是使用了管道,可以看到command的管道是不生效的。


文件与目录操作:

copy:拷贝文件。
把/root/test.txt文件拷贝到各服务器的/tmp/test.txt:
# ansible all -m copy -a "src=/root/test.txt dest=/tmp/test.txt"
192.168.52.135 | SUCCESS => {
    "changed": true,
    "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
    "dest": "/tmp/test.txt",
    "gid": 0,
    "group": "root",
    "md5sum": "d41d8cd98f00b204e9800998ecf8427e",
    "mode": "0644",
    "owner": "root",
    "size": 0,
    "src": "/root/.ansible/tmp/ansible-tmp-1480249794.2678375-25305071473517/source",
    "state": "file",
    "uid": 0
}
192.168.52.128 | SUCCESS => {
    "changed": true,
    "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
    "dest": "/tmp/test.txt",
    "gid": 0,
    "group": "root",
    "md5sum": "d41d8cd98f00b204e9800998ecf8427e",
    "mode": "0644",
    "owner": "root",
    "size": 0,
    "src": "/root/.ansible/tmp/ansible-tmp-1480249794.341813-178065622105186/source",
    "state": "file",
    "uid": 0
}

[root@192_168_52_128 ~ 20:29]# ll /tmp/test.txt 
-rw-r--r-- 1 root root 0 Nov 27 20:29 /tmp/test.txt、

[root@192_168_52_135 ~/.ssh 17:09]# ll /tmp/test.txt 
-rw-r--r-- 1 root root 0 Nov  8 18:14 /tmp/test.txt

file:更改文件的用户及权限,创建或删除文件和目录。
修改所有服务器的/tmp/test.txt文件的权限为755:
# ansible all -m file -a "dest=/tmp/test.txt mode=755"
192.168.52.135 | SUCCESS => {
    "changed": true,
    "gid": 0,
    "group": "root",
    "mode": "0755",
    "owner": "root",
    "path": "/tmp/test.txt",
    "size": 0,
    "state": "file",
    "uid": 0
}
192.168.52.128 | SUCCESS => {
    "changed": true,
    "gid": 0,
    "group": "root",
    "mode": "0755",
    "owner": "root",
    "path": "/tmp/test.txt",
    "size": 0,
    "state": "file",
    "uid": 0
}

[root@192_168_52_128 ~ 20:33]# ll /tmp/test.txt 
-rwxr-xr-x 1 root root 0 Nov 27 20:29 /tmp/test.txt

[root@192_168_52_135 /tmp 18:15]# ll test.txt 
-rwxr-xr-x 1 root root 0 Nov  8 18:14 test.txt

创建/tmp/test目录:
# ansible testservers -m file -a "dest=/tmp/test mode=755 owner=root group=root state=directory"
192.168.52.135 | SUCCESS => {
    "changed": true,
    "gid": 0,
    "group": "root",
    "mode": "0755",
    "owner": "root",
    "path": "/tmp/test",
    "size": 4096,
    "state": "directory",
    "uid": 0
}
192.168.52.128 | SUCCESS => {
    "changed": true,
    "gid": 0,
    "group": "root",
    "mode": "0755",
    "owner": "root",
    "path": "/tmp/test",
    "size": 4096,
    "state": "directory",
    "uid": 0
}

删除/tmp/test目录:
# ansible testservers -m file -a "dest=/tmp/test state=absent"
192.168.52.135 | SUCCESS => {
    "changed": true,
    "path": "/tmp/test",
    "state": "absent"
}
192.168.52.128 | SUCCESS => {
    "changed": true,
    "path": "/tmp/test",
    "state": "absent"
}

删除/tmp/test.txt文件
# ansible testservers -m file -a "dest=/tmp/test.txt state=absent"
192.168.52.135 | SUCCESS => {
    "changed": true,
    "path": "/tmp/test.txt",
    "state": "absent"
}
192.168.52.128 | SUCCESS => {
    "changed": true,
    "path": "/tmp/test.txt",
    "state": "absent"
}


软件包管理:

atp(ubuntu),yum(redhat):
安装一个软件包(links):
# ansible testservers -m yum -a "name=links state=present"
192.168.52.135 | SUCCESS => {
    "changed": true,
    "msg": "",
    "rc": 0,
    "results": [
        "Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: ftp.sjtu.edu.cn\n * epel: mirrors.tuna.tsinghua.edu.cn\n * extras: ftp.sjtu.edu.cn\n * rpmforge: mirrors.tuna.tsinghua.edu.cn\n * updates: ftp.sjtu.edu.cn\nResolving Dependencies\n--> Running transaction check\n---> Package links.x86_64 1:2.13-1.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package         Arch             Version                  Repository      Size\n================================================================================\nInstalling:\n links           x86_64           1:2.13-1.el6             epel           2.8 M\n\nTransaction Summary\n================================================================================\nInstall       1 Package(s)\n\nTotal download size: 2.8 M\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r  Installing : 1:links-2.13-1.el6.x86_64                                    1/1 \n\r  Verifying  : 1:links-2.13-1.el6.x86_64                                    1/1 \n\nInstalled:\n  links.x86_64 1:2.13-1.el6                                                     \n\nComplete!\n"
    ]
}
192.168.52.128 | SUCCESS => {
    "changed": true,
    "msg": "",
    "rc": 0,
    "results": [
        "Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: mirrors.zju.edu.cn\n * epel: mirror.pregi.net\n * extras: mirror.bit.edu.cn\n * rpmforge: miroir.univ-paris13.fr\n * updates: mirrors.zju.edu.cn\nResolving Dependencies\n--> Running transaction check\n---> Package links.x86_64 1:2.13-1.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package         Arch             Version                  Repository      Size\n================================================================================\nInstalling:\n links           x86_64           1:2.13-1.el6             epel           2.8 M\n\nTransaction Summary\n================================================================================\nInstall       1 Package(s)\n\nTotal download size: 2.8 M\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r  Installing : 1:links-2.13-1.el6.x86_64                                    1/1 \n\r  Verifying  : 1:links-2.13-1.el6.x86_64                                    1/1 \n\nInstalled:\n  links.x86_64 1:2.13-1.el6                                                     \n\nComplete!\n"
    ]
}

# ansible testservers -m yum -a "name=links state=present"
192.168.52.128 | SUCCESS => {
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "links-1:2.13-1.el6.x86_64 providing links is already installed"
    ]
}
192.168.52.135 | SUCCESS => {
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "links-1:2.13-1.el6.x86_64 providing links is already installed"
    ]
}

安装软件到最新版本
# ansible testservers -m yum -a "name=links state=latest" 
192.168.52.135 | SUCCESS => {
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "All packages providing links are up to date",
        ""
    ]
}
192.168.52.128 | SUCCESS => {
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "All packages providing links are up to date",
        ""
    ]
}

删除一个软件包:
# ansible testservers -m yum -a "name=links state=absent"
192.168.52.135 | SUCCESS => {
    "changed": true,
    "msg": "",
    "rc": 0,
    "results": [
        "Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Remove Process\nResolving Dependencies\n--> Running transaction check\n---> Package links.x86_64 1:2.13-1.el6 will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package         Arch             Version                 Repository       Size\n================================================================================\nRemoving:\n links           x86_64           1:2.13-1.el6            @epel           4.5 M\n\nTransaction Summary\n================================================================================\nRemove        1 Package(s)\n\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r  Erasing    : 1:links-2.13-1.el6.x86_64                                    1/1 \n\r  Verifying  : 1:links-2.13-1.el6.x86_64                                    1/1 \n\nRemoved:\n  links.x86_64 1:2.13-1.el6                                                     \n\nComplete!\n"
    ]
}
192.168.52.128 | SUCCESS => {
    "changed": true,
    "msg": "",
    "rc": 0,
    "results": [
        "Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Remove Process\nResolving Dependencies\n--> Running transaction check\n---> Package links.x86_64 1:2.13-1.el6 will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package         Arch             Version                 Repository       Size\n================================================================================\nRemoving:\n links           x86_64           1:2.13-1.el6            @epel           4.5 M\n\nTransaction Summary\n================================================================================\nRemove        1 Package(s)\n\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r  Erasing    : 1:links-2.13-1.el6.x86_64                                    1/1 \n\r  Verifying  : 1:links-2.13-1.el6.x86_64                                    1/1 \n\nRemoved:\n  links.x86_64 1:2.13-1.el6                                                     \n\nComplete!\n"
    ]
}
# ansible testservers -m yum -a "name=links state=absent"
192.168.52.128 | SUCCESS => {
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "links is not installed"
    ]
}
192.168.52.135 | SUCCESS => {
    "changed": false,
    "msg": "",
    "rc": 0,
    "results": [
        "links is not installed"
    ]
}


用户和用户组:

user:创建,修改,删除用户。
创建cmh用户:
# ansible all -m user -a "name=cmh password=123456"
192.168.52.128 | SUCCESS => {
    "append": false,
    "changed": true,
    "comment": "",
    "group": 501,
    "home": "/home/cmh",
    "move_home": false,
    "name": "cmh",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/bash",
    "state": "present",
    "uid": 501
}
192.168.52.135 | SUCCESS => {
    "append": false,
    "changed": true,
    "comment": "",
    "group": 501,
    "home": "/home/cmh",
    "move_home": false,
    "name": "cmh",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/bash",
    "state": "present",
    "uid": 501
}

查看用户:
[root@192_168_52_128 ~ 23:03]# id cmh
uid=501(cmh) gid=501(cmh) groups=501(cmh)

删除cmh用户:
# ansible all -m user -a "name=cmh state=absent"   
192.168.52.128 | SUCCESS => {
    "changed": true,
    "force": false,
    "name": "cmh",
    "remove": false,
    "state": "absent"
}
192.168.52.135 | SUCCESS => {
    "changed": true,
    "force": false,
    "name": "cmh",
    "remove": false,
    "state": "absent"
}

[root@192_168_52_128 ~ 23:03]# id cmh
id: cmh: No such user


服务管理:

service:启动,重启,关闭系统服务。
关闭服务:
# ansible testservers -m service -a "name=nfs state=stopped"
192.168.52.135 | SUCCESS => {
    "changed": true,
    "name": "nfs",
    "state": "stopped"
}
192.168.52.128 | SUCCESS => {
    "changed": true,
    "name": "nfs",
    "state": "stopped"
}

开启服务:
# ansible testservers -m service -a "name=nfs state=started"
192.168.52.135 | SUCCESS => {
    "changed": true,
    "name": "nfs",
    "state": "started"
}
192.168.52.128 | SUCCESS => {
    "changed": true,
    "name": "nfs",
    "state": "started"
}

重启或者重新加载服务:
# ansible testservers -m service -a "name=nfs state=restarted"
# ansible testservers -m service -a "name=nfs state=reloaded"


收集系统信息:

收集匹配主机的所有信息:
# ansible all -m setup

收集信息并以主机名为文件保存在指定目录中:
# ansible all -m setup --tree /tmp/facts
# tree /tmp/facts/
/tmp/facts/
├── 192.168.52.128
└── 192.168.52.135
0 directories, 2 files

过滤信息:(收集内存相关)
# ansible all -m setup -a 'filter=ansible_*_mb'
192.168.52.135 | SUCCESS => {
    "ansible_facts": {
        "ansible_memfree_mb": 355,
        "ansible_memory_mb": {
            "nocache": {
                "free": 1140,
                "used": 729
            },
            "real": {
                "free": 355,
                "total": 1869,
                "used": 1514
            },
            "swap": {
                "cached": 2,
                "free": 4035,
                "total": 4047,
                "used": 12
            }
        },
        "ansible_memtotal_mb": 1869,
        "ansible_swapfree_mb": 4035,
        "ansible_swaptotal_mb": 4047
    },
    "changed": false
}
192.168.52.128 | SUCCESS => {
    "ansible_facts": {
        "ansible_memfree_mb": 219,
        "ansible_memory_mb": {
            "nocache": {
                "free": 727,
                "used": 1142
            },
            "real": {
                "free": 219,
                "total": 1869,
                "used": 1650
            },
            "swap": {
                "cached": 13,
                "free": 3829,
                "total": 4047,
                "used": 218
            }
        },
        "ansible_memtotal_mb": 1869,
        "ansible_swapfree_mb": 3829,
        "ansible_swaptotal_mb": 4047
    },
    "changed": false
}

            

后记:

  这里只是列举了一些ansible最基础的用法,就是入个门,之后会研究一下playbooks的使用,以及怎么利用playbooks的role功能安装一整套服务。