ansible介绍:
ansible是一个基于python开发的轻量级自动化运维管理工具,可以用来批量执行命令,安装程序,支持playbook编排。它通过ssh协议来连接主机,省去了在每一台主机安装客户端的麻烦,相对比puppet和saltstack,显得更为简单和轻量。
ansible命令参数:
Usage: ansible[options] Options: -a MODULE_ARGS, --args=MODULE_ARGS 模块的参数 module arguments --ask-vault-pass ask for vault password -B SECONDS, --background=SECONDS 异步运行,在X秒后失效 run asynchronously, failing after X seconds (default=N/A) -C, --check don't make any changes; instead, try to predict some 测试运行后改变的内容,不会执行 of the changes that may occur -D, --diff when changing (small) files and templates, show the 在更改文件时,可以显示文件的不同 differences in those files; works great with --check -e EXTRA_VARS, --extra-vars=EXTRA_VARS set additional variables as key=value or YAML/JSON -f FORKS, --forks=FORKS specify number of parallel processes to use (default=5) -h, --help show this help message and exit -i INVENTORY, --inventory-file=INVENTORY 指定hosts文件路径,默认为/etc/ansible/hosts specify inventory host path (default=/etc/ansible/hosts) or comma separated host list. -l SUBSET, --limit=SUBSET 指定pattern,对已经匹配的主机再过滤一次 further limit selected hosts to an additional pattern --list-hosts outputs a list of matching hosts; does not execute 打印匹配的主机,不执行命令 anything else -m MODULE_NAME, --module-name=MODULE_NAME 要执行的模块名字,默认模块为command module name to execute (default=command) -M MODULE_PATH, --module-path=MODULE_PATH 要执行的模块路径,默认为/usr/share/ansible specify path(s) to module library (default=None) --new-vault-password-file=NEW_VAULT_PASSWORD_FILE new vault password file for rekey -o, --one-line condense output 压缩输出 --output=OUTPUT_FILE output file name for encrypt or decrypt; use - for stdout -P POLL_INTERVAL, --poll=POLL_INTERVAL set the poll interval if using -B (default=15) --syntax-check perform a syntax check on the playbook, but do not 对playbook进行语法检测,不执行该playbook execute it -t TREE, --tree=TREE log output to this directory 把日志输出到该目录 --vault-password-file=VAULT_PASSWORD_FILE vault password file -v, --verbose verbose mode (-vvv for more, -vvvv to enable connection debugging) --version show program's version number and exit Connection Options: control as whom and how to connect to hosts -k, --ask-pass ask for connection password 当使用密码验证登录的时候,提示输入ssh登录密码 --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE 私钥路径 use this file to authenticate the connection -u REMOTE_USER, --user=REMOTE_USER ssh连接的用户名,默认root connect as this user (default=None) -c CONNECTION, --connection=CONNECTION connection type to use (default=smart) -T TIMEOUT, --timeout=TIMEOUT ssh连接超时时间,默认10秒 override the connection timeout in seconds (default=10) --ssh-common-args=SSH_COMMON_ARGS specify common arguments to pass to sftp/scp/ssh (e.g. ProxyCommand) --sftp-extra-args=SFTP_EXTRA_ARGS specify extra arguments to pass to sftp only (e.g. -f, -l) --scp-extra-args=SCP_EXTRA_ARGS specify extra arguments to pass to scp only (e.g. -l) --ssh-extra-args=SSH_EXTRA_ARGS specify extra arguments to pass to ssh only (e.g. -R) Privilege Escalation Options: control how and which user you become as on target hosts -s, --sudo run operations with sudo (nopasswd) (deprecated, use sudo运行 become) -U SUDO_USER, --sudo-user=SUDO_USER sudo到哪个用户,默认为root desired sudo user (default=root) (deprecated, use become) -S, --su run operations with su (deprecated, use become) -R SU_USER, --su-user=SU_USER run operations with su as this user (default=root) (deprecated, use become) -b, --become run operations with become (does not imply password prompting) --become-method=BECOME_METHOD privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | doas | dzdo | ksu ] --become-user=BECOME_USER run operations as this user (default=root) --ask-sudo-pass ask for sudo password (deprecated, use become) --ask-su-pass ask for su password (deprecated, use become) -K, --ask-become-pass
部署:
ansible环境:
控制端:192.168.52.128
节点: 192.168.52.128
192.168.52.135
ansible安装:
# yum -y install ansible
ansible管理端ssh免认证登陆主机:
# ssh-keygen # ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected] # ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
配置Inventory主机清单:
# vim /etc/ansible/hosts [testservers] 192.168.52.128 192.168.52.135
尝试ping模块,测试客户端连通性:
# ansible all -m ping 192.168.52.135 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.52.128 | SUCCESS => { "changed": false, "ping": "pong" }
ansible常用模块:
执行命令:
shell和command:这两个模块都是运行命令的模块,区别是command模块不支持shell变量和管道。 # ansible all -m command -a "free -m" 192.168.52.135 | SUCCESS | rc=0 >> total used free shared buffers cached Mem: 1869 1481 388 1 190 572 -/+ buffers/cache: 718 1150 Swap: 4047 5 4042 192.168.52.128 | SUCCESS | rc=0 >> total used free shared buffers cached Mem: 1869 1771 98 0 153 472 -/+ buffers/cache: 1145 723 Swap: 4047 216 3831 # ansible all -m shell -a "free -m" 192.168.52.135 | SUCCESS | rc=0 >> total used free shared buffers cached Mem: 1869 1481 388 1 190 572 -/+ buffers/cache: 718 1151 Swap: 4047 5 4042 192.168.52.128 | SUCCESS | rc=0 >> total used free shared buffers cached Mem: 1869 1779 90 0 153 472 -/+ buffers/cache: 1153 716 Swap: 4047 216 3831 # ansible all -m command -a "free -m | grep Swap" 192.168.52.135 | SUCCESS | rc=0 >> total used free shared buffers cached Mem: 1869 1481 388 1 190 572 -/+ buffers/cache: 718 1151 Swap: 4047 5 4042 192.168.52.128 | SUCCESS | rc=0 >> total used free shared buffers cached Mem: 1869 1771 98 0 153 472 -/+ buffers/cache: 1145 724 Swap: 4047 216 3831 # ansible all -m shell -a "free -m | grep Swap" 192.168.52.135 | SUCCESS | rc=0 >> Swap: 4047 5 4042 192.168.52.128 | SUCCESS | rc=0 >> Swap: 4047 216 3831
可以看到在不使用管道的时候shell和command两个模块是没有分别的,但是使用了管道,可以看到command的管道是不生效的。
文件与目录操作:
copy:拷贝文件。 把/root/test.txt文件拷贝到各服务器的/tmp/test.txt: # ansible all -m copy -a "src=/root/test.txt dest=/tmp/test.txt" 192.168.52.135 | SUCCESS => { "changed": true, "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "dest": "/tmp/test.txt", "gid": 0, "group": "root", "md5sum": "d41d8cd98f00b204e9800998ecf8427e", "mode": "0644", "owner": "root", "size": 0, "src": "/root/.ansible/tmp/ansible-tmp-1480249794.2678375-25305071473517/source", "state": "file", "uid": 0 } 192.168.52.128 | SUCCESS => { "changed": true, "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "dest": "/tmp/test.txt", "gid": 0, "group": "root", "md5sum": "d41d8cd98f00b204e9800998ecf8427e", "mode": "0644", "owner": "root", "size": 0, "src": "/root/.ansible/tmp/ansible-tmp-1480249794.341813-178065622105186/source", "state": "file", "uid": 0 } [root@192_168_52_128 ~ 20:29]# ll /tmp/test.txt -rw-r--r-- 1 root root 0 Nov 27 20:29 /tmp/test.txt、 [root@192_168_52_135 ~/.ssh 17:09]# ll /tmp/test.txt -rw-r--r-- 1 root root 0 Nov 8 18:14 /tmp/test.txt file:更改文件的用户及权限,创建或删除文件和目录。 修改所有服务器的/tmp/test.txt文件的权限为755: # ansible all -m file -a "dest=/tmp/test.txt mode=755" 192.168.52.135 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/test.txt", "size": 0, "state": "file", "uid": 0 } 192.168.52.128 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/test.txt", "size": 0, "state": "file", "uid": 0 } [root@192_168_52_128 ~ 20:33]# ll /tmp/test.txt -rwxr-xr-x 1 root root 0 Nov 27 20:29 /tmp/test.txt [root@192_168_52_135 /tmp 18:15]# ll test.txt -rwxr-xr-x 1 root root 0 Nov 8 18:14 test.txt 创建/tmp/test目录: # ansible testservers -m file -a "dest=/tmp/test mode=755 owner=root group=root state=directory" 192.168.52.135 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/test", "size": 4096, "state": "directory", "uid": 0 } 192.168.52.128 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/test", "size": 4096, "state": "directory", "uid": 0 } 删除/tmp/test目录: # ansible testservers -m file -a "dest=/tmp/test state=absent" 192.168.52.135 | SUCCESS => { "changed": true, "path": "/tmp/test", "state": "absent" } 192.168.52.128 | SUCCESS => { "changed": true, "path": "/tmp/test", "state": "absent" } 删除/tmp/test.txt文件 # ansible testservers -m file -a "dest=/tmp/test.txt state=absent" 192.168.52.135 | SUCCESS => { "changed": true, "path": "/tmp/test.txt", "state": "absent" } 192.168.52.128 | SUCCESS => { "changed": true, "path": "/tmp/test.txt", "state": "absent" }
软件包管理:
atp(ubuntu),yum(redhat): 安装一个软件包(links): # ansible testservers -m yum -a "name=links state=present" 192.168.52.135 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: ftp.sjtu.edu.cn\n * epel: mirrors.tuna.tsinghua.edu.cn\n * extras: ftp.sjtu.edu.cn\n * rpmforge: mirrors.tuna.tsinghua.edu.cn\n * updates: ftp.sjtu.edu.cn\nResolving Dependencies\n--> Running transaction check\n---> Package links.x86_64 1:2.13-1.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n links x86_64 1:2.13-1.el6 epel 2.8 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 2.8 M\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : 1:links-2.13-1.el6.x86_64 1/1 \n\r Verifying : 1:links-2.13-1.el6.x86_64 1/1 \n\nInstalled:\n links.x86_64 1:2.13-1.el6 \n\nComplete!\n" ] } 192.168.52.128 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: mirrors.zju.edu.cn\n * epel: mirror.pregi.net\n * extras: mirror.bit.edu.cn\n * rpmforge: miroir.univ-paris13.fr\n * updates: mirrors.zju.edu.cn\nResolving Dependencies\n--> Running transaction check\n---> Package links.x86_64 1:2.13-1.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n links x86_64 1:2.13-1.el6 epel 2.8 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 2.8 M\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : 1:links-2.13-1.el6.x86_64 1/1 \n\r Verifying : 1:links-2.13-1.el6.x86_64 1/1 \n\nInstalled:\n links.x86_64 1:2.13-1.el6 \n\nComplete!\n" ] } # ansible testservers -m yum -a "name=links state=present" 192.168.52.128 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "links-1:2.13-1.el6.x86_64 providing links is already installed" ] } 192.168.52.135 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "links-1:2.13-1.el6.x86_64 providing links is already installed" ] } 安装软件到最新版本 # ansible testservers -m yum -a "name=links state=latest" 192.168.52.135 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "All packages providing links are up to date", "" ] } 192.168.52.128 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "All packages providing links are up to date", "" ] } 删除一个软件包: # ansible testservers -m yum -a "name=links state=absent" 192.168.52.135 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Remove Process\nResolving Dependencies\n--> Running transaction check\n---> Package links.x86_64 1:2.13-1.el6 will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n links x86_64 1:2.13-1.el6 @epel 4.5 M\n\nTransaction Summary\n================================================================================\nRemove 1 Package(s)\n\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Erasing : 1:links-2.13-1.el6.x86_64 1/1 \n\r Verifying : 1:links-2.13-1.el6.x86_64 1/1 \n\nRemoved:\n links.x86_64 1:2.13-1.el6 \n\nComplete!\n" ] } 192.168.52.128 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Remove Process\nResolving Dependencies\n--> Running transaction check\n---> Package links.x86_64 1:2.13-1.el6 will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n links x86_64 1:2.13-1.el6 @epel 4.5 M\n\nTransaction Summary\n================================================================================\nRemove 1 Package(s)\n\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Erasing : 1:links-2.13-1.el6.x86_64 1/1 \n\r Verifying : 1:links-2.13-1.el6.x86_64 1/1 \n\nRemoved:\n links.x86_64 1:2.13-1.el6 \n\nComplete!\n" ] } # ansible testservers -m yum -a "name=links state=absent" 192.168.52.128 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "links is not installed" ] } 192.168.52.135 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "links is not installed" ] }
用户和用户组:
user:创建,修改,删除用户。 创建cmh用户: # ansible all -m user -a "name=cmh password=123456" 192.168.52.128 | SUCCESS => { "append": false, "changed": true, "comment": "", "group": 501, "home": "/home/cmh", "move_home": false, "name": "cmh", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "uid": 501 } 192.168.52.135 | SUCCESS => { "append": false, "changed": true, "comment": "", "group": 501, "home": "/home/cmh", "move_home": false, "name": "cmh", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "uid": 501 } 查看用户: [root@192_168_52_128 ~ 23:03]# id cmh uid=501(cmh) gid=501(cmh) groups=501(cmh) 删除cmh用户: # ansible all -m user -a "name=cmh state=absent" 192.168.52.128 | SUCCESS => { "changed": true, "force": false, "name": "cmh", "remove": false, "state": "absent" } 192.168.52.135 | SUCCESS => { "changed": true, "force": false, "name": "cmh", "remove": false, "state": "absent" } [root@192_168_52_128 ~ 23:03]# id cmh id: cmh: No such user
服务管理:
service:启动,重启,关闭系统服务。 关闭服务: # ansible testservers -m service -a "name=nfs state=stopped" 192.168.52.135 | SUCCESS => { "changed": true, "name": "nfs", "state": "stopped" } 192.168.52.128 | SUCCESS => { "changed": true, "name": "nfs", "state": "stopped" } 开启服务: # ansible testservers -m service -a "name=nfs state=started" 192.168.52.135 | SUCCESS => { "changed": true, "name": "nfs", "state": "started" } 192.168.52.128 | SUCCESS => { "changed": true, "name": "nfs", "state": "started" } 重启或者重新加载服务: # ansible testservers -m service -a "name=nfs state=restarted" # ansible testservers -m service -a "name=nfs state=reloaded"
收集系统信息:
收集匹配主机的所有信息: # ansible all -m setup 收集信息并以主机名为文件保存在指定目录中: # ansible all -m setup --tree /tmp/facts # tree /tmp/facts/ /tmp/facts/ ├── 192.168.52.128 └── 192.168.52.135 0 directories, 2 files 过滤信息:(收集内存相关) # ansible all -m setup -a 'filter=ansible_*_mb' 192.168.52.135 | SUCCESS => { "ansible_facts": { "ansible_memfree_mb": 355, "ansible_memory_mb": { "nocache": { "free": 1140, "used": 729 }, "real": { "free": 355, "total": 1869, "used": 1514 }, "swap": { "cached": 2, "free": 4035, "total": 4047, "used": 12 } }, "ansible_memtotal_mb": 1869, "ansible_swapfree_mb": 4035, "ansible_swaptotal_mb": 4047 }, "changed": false } 192.168.52.128 | SUCCESS => { "ansible_facts": { "ansible_memfree_mb": 219, "ansible_memory_mb": { "nocache": { "free": 727, "used": 1142 }, "real": { "free": 219, "total": 1869, "used": 1650 }, "swap": { "cached": 13, "free": 3829, "total": 4047, "used": 218 } }, "ansible_memtotal_mb": 1869, "ansible_swapfree_mb": 3829, "ansible_swaptotal_mb": 4047 }, "changed": false }
后记:
这里只是列举了一些ansible最基础的用法,就是入个门,之后会研究一下playbooks的使用,以及怎么利用playbooks的role功能安装一整套服务。