Ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
(1)、连接插件connection plugins:负责和被监控端实现通信;
(2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3)、各种模块核心模块、command模块、自定义模块;
(4)、借助于插件完成记录日志邮件等功能;
(5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
一、系统安装
[root@centos6 ~]# cat /etc/issue
CentOS release 6.5 (Final)
[root@centos6 ~]# uname -r
2.6.32-431.el6.x86_64
二、软件安装
[root@centos6 ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
[root@centos6 ~]# yum install ansible -y
[root@centos6 ~]# ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.6.6 (r266:84292, Aug 18 2016, 15:13:37) [GCC 4.4.7 20120313 (Red Hat 4.4.7-17)]
三、ansible配置介绍
配置文件目录:/etc/ansible/
执行文件目录:/usr/bin/
Lib库依赖目录:/usr/lib/pythonX.X/site-packages/ansible/
Help文档目录:/usr/share/doc/ansible-X.X.X/
Man 文档目录:/usr/share/man/man1
ansible软件颜色信息:
绿色: 表示查看信息,对远程主机未做改动的命令
红色: 批量管理产生错误信息
×××: 对远程主机做了相应改动
粉色: 对操作提出建议或忠告

ansible系统命令帮助文档查看方法:

ansible-doc -l --- 列出所有可用的模块信息

ansible-doc -s cron --- 查看指定模块的参数信息

ansible mount -m setup -vvvv --- 主要用于排查ansible批量管理错误(输出详细信息)

ansible软件命令参数总结(最常用)

-k, --ask-pass ask for connection password

以交互方式输入密码,进行远程管理

开始之前需要给客户端做SSH认证,在/etc/ansible/hosts 配置一个test组,里面填写主机IP
[test]
192.168.0.24
192.168.0.151

备注:需要熟练掌握/etc/ansible/,主要功能是:Inventory主机信息配置、Ansible工具功能配置等。
执行文件目录:/usr/bin/,主要功能是:Ansible系列命令默认存放目录。Ansible所有的可执行文件存放在该目录下。
四、ansible基本配置模块或者说是常用模块
1,copy 模块
2,file 模块
3,cron 模块
4,group 模块
5,user 模块
6,yum 模块
7,service 模块
8,script 模块
9,ping 模块
10,command 模块
11,raw 模块
12,get_url 模块
13,synchronize 模块

4.1)copy 模块:
目的:把主控端/data下的nagios-3.5.1.tar.gz文件拷贝到【test】组节点上
命令参数:ansible test -m copy -a 'src=/data/nagios-3.5.1.tar.gz dest=/data/'
[root@Ansible data]# ansible test -m copy -a 'src=/data/nagios-3.5.1.tar.gz dest=/data/'
192.168.0.24 | SUCCESS => {
"changed": true,
"checksum": "486fd6c75db47000b96d6eebb1654c30d5e9bc72",
"dest": "/data/nagios-3.5.1.tar.gz",
"gid": 0,
"group": "root",
"md5sum": "9947ed3d220b4da86710884260d42856",
"mode": "0644",
"owner": "root",
"size": 1763584,
"src": "/root/.ansible/tmp/ansible-tmp-1521010564.77-89092202669155/source",
"state": "file",
"uid": 0
}
192.168.0.151 | SUCCESS => {
"changed": true,
"checksum": "486fd6c75db47000b96d6eebb1654c30d5e9bc72",
"dest": "/data/nagios-3.5.1.tar.gz",
"gid": 0,
"group": "root",
"md5sum": "9947ed3d220b4da86710884260d42856",
"mode": "0644",
"owner": "root",
"size": 1763584,
"src": "/root/.ansible/tmp/ansible-tmp-1521010564.78-232268640712511/source",
"state": "file",
"uid": 0
}

4.2)file模块:
目的:更改指定【test】组节点上/tmp/t.sh的权限为755,属主和属组为root
命令参数:ansible test -m file -a "dest=/soft mode=755 owner=root group=root"
[root@Ansible data]# ansible test -m file -a "dest=/soft mode=755 owner=root group=root"
192.168.0.24 | SUCCESS => {
"changed": false,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/soft",
"size": 4096,
"state": "directory",
"uid": 0
}
192.168.0.151 | SUCCESS => {
"changed": false,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/soft",
"size": 4096,
"state": "directory",
"uid": 0
}

4.3)cron模块:
目的:在指定【test】组节点上定义一个计划任务,每隔5分钟到NTPserver上更新一次时间
命令:ansible test -m cron -a 'name="#time sync by tony at 2018-01-29 " minute=/5 hour= day= month= weekday= job="/usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1"'
[root@Ansible ~]# ansible test -m cron -a 'name="#time sync by tony at 2018-01-29 " minute=
/5 hour= day= month= weekday= job="/usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1"'
192.168.0.24 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"#time sync by tony at 2018-01-29 "
]
}

4.4)group模块:
目的:在指定【test】组节点上创建一个组名为steki,gid为2018的组
命令:ansible test -m group -a 'gid=2018 name=steki'
[root@Ansible data]# ansible test -m group -a 'gid=2018 name=steki'
192.168.0.24 | SUCCESS => {
"changed": true,
"gid": 2018,
"name": "steki",
"state": "present",
"system": false
}
192.168.0.151 | SUCCESS => {
"changed": true,
"gid": 2018,
"name": "steki",
"state": "present",
"system": false
}

4.5.1)user模块:
目的:在指定【test】组节点上创建一个用户名为steki,组为steki的用户
命令:ansible test -m user -a 'name=steki group=steki state=present'
[root@Ansible data]# ansible test -m user -a 'name=steki group=steki state=present'
192.168.0.24 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 2018,
"home": "/home/steki",
"name": "steki",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 501
}
192.168.0.151 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 2018,
"home": "/home/steki",
"name": "steki",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 501
}
4.5.2)删除用户:
命令:ansible test -m user -a 'name=tom group=tom state=absent remove=yes'
[root@Ansible data]# ansible test -m user -a 'name=tom group=tom state=absent remove=yes'

192.168.0.24 | SUCCESS => {
"changed": true,
"force": false,
"name": "tom",
"remove": true,
"state": "absent"
}
192.168.0.151 | SUCCESS => {
"changed": true,
"force": false,
"name": "tom",
"remove": true,
"state": "absent"
}

4.6)yum模块:
目的:在指定【test】组节点上安装nmap服务
命令:ansible test -m yum -a "state=present name=nmap"
[root@Ansible data]# ansible test -m yum -a "state=present name=nmap"
192.168.0.151 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"2:nmap-5.51-6.el6.x86_64 providing nmap is already installed"
]
}

192.168.0.24 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: aliases, changelog, downloadonly, fastestmirror, kabi, presto,\n
: security, tmprepo, verify, versionlock\nLoading support for CentOS kernel ABI\nLoading mirror
speeds from cached hostfile\n base: mirrors.aliyun.com\n epel: mirror01.idc.hinet.net\n extras:
mirrors.aliyun.com\n
updates: mirrors.aliyun.com\nSetting up Install
Process\nResolving Dependencies\n--> Running transaction check\n--->
Package nmap.x86_64 2:5.51-6.el6 will be installed\n-->
Finished Dependency Resolution\n\nDependencies Resolved\n\n
================================================================================\n Package
Arch Version Repository
Size\n================================================================================\nInstalling:\n nmap
x86_64 2:5.51-6.el6 base
2.8 M\n\nTransaction Summary\n================================================================================\nInstall
1 Package(s)\n\nTotal download size: 2.8 M\nInstalled size: 9.7 M\nDownloading Packages:\nSetting up and reading Presto
delta metadata\nProcessing delta metadata\nPackage(s) data still to download: 2.8 M\nRunning rpm_check_debug\nRunning
Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : 2:nmap-5.51-6.el6.x86_64 1/1 \n\r Verifying : 2:nmap-5.51-6.el6.x86_64 1/1 \n\nInstalled:\n nmap.x86_64 2:5.51-6.el6 \n\nComplete!\n"
]
}
一般安装完软件后需要启动服务,你可以使用一下命令;如:
[root@Ansible ~]# ansible 192.168.0.24 -m command -a '/etc/init.d/mysqld start'
4.7)service模块:
目的:启动指定【test】组节点上的httpd 服务,并让其开机自启动
命令:ansible 10.1.1.113 -m service -a 'name=httpd state=restarted enabled=yes'
[root@Ansible data]# ansible test -m service -a 'name=httpd state=restarted enabled=yes'
192.168.0.24 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
192.168.0.151 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}

4.8)script模块:
目的:在指定【test】组节点上执行/root/a.sh脚本(该脚本是在ansible控制节点上的)
命令:ansible 10.1.1.113 -m script -a '/root/a.sh'

4.9)ping模块:
目的:启动指定【test】组节点上机器是否还能连通
命令:ansible test -m ping
[root@Ansible data]# ansible test -m ping
192.168.0.24 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.0.151 | SUCCESS => {
"changed": false,
"ping": "pong"
}

4.10)command模块:
目的:启动指定【test】组节点上机器。
命令:ansible test -m command -a 'ifconfig'
[root@Ansible ~]# ansible test -m command -a 'ifconfig'
192.168.0.24 | SUCCESS | rc=0 >>
eth0 Link encap:Ethernet HWaddr 00:0C:29:78:5F:F7
inet addr:192.168.0.24 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe78:5ff7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:357529 errors:0 dropped:0 overruns:0 frame:0
TX packets:29159 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:167617670 (159.8 MiB) TX bytes:2146356 (2.0 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:612 (612.0 b) TX bytes:612 (612.0 b)

192.168.0.151 | SUCCESS | rc=0 >>
eth0 Link encap:Ethernet HWaddr 00:0C:29:4C:57:41
inet addr:192.168.0.151 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe4c:5741/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1957267 errors:0 dropped:0 overruns:0 frame:0
TX packets:968117 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:141562715 (135.0 MiB) TX bytes:1266001670 (1.1 GiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:31005 errors:0 dropped:0 overruns:0 frame:0
TX packets:31005 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4433126 (4.2 MiB) TX bytes:4433126 (4.2 MiB)

4.11)raw模块:
目的:在指定【test】组节点上运行hostname命令
命令:ansible test -m raw -a 'hostname'
[root@Ansible ~]# ansible test -m raw -a 'hostname'
192.168.0.24 | SUCCESS | rc=0 >>
Ansible

192.168.0.151 | SUCCESS | rc=0 >>
Nagios-Server

查看3306服务端口有没有启动。
[root@Ansible ~]# ansible test -m raw -a "netstat -lntup |grep 3306"
192.168.0.151 | SUCCESS | rc=0 >>
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 9217/mysqld

192.168.0.24 | SUCCESS | rc=0 >>
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 33502/mysqld

4.12)get_url模块:
目的:将http://192.168.0.22/download/cmake-2.8.8.tar.gz文件下载到指定【test】组节点的/data目录下
命令:ansible test -m get_url -a 'url=http://192.168.0.22/download/cmake-2.8.8.tar.gz dest=/data'
[root@Ansible ~]# ansible test -m get_url -a 'url=http://192.168.0.22/download/cmake-2.8.8.tar.gz dest=/data'
192.168.0.24 | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "a74dfc3e0a0d7f857ac5dda03bb99ebf07676da1",
"dest": "/data/cmake-2.8.8.tar.gz",
"gid": 0,
"group": "root",
"md5sum": "ba74b22c788a0c8547976b880cd02b17",
"mode": "0644",
"msg": "OK (5691656 bytes)",
"owner": "root",
"size": 5691656,
"src": "/tmp/tmpGRtAis",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "http://192.168.0.22/download/cmake-2.8.8.tar.gz"
}
192.168.0.151 | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "a74dfc3e0a0d7f857ac5dda03bb99ebf07676da1",
"dest": "/data/cmake-2.8.8.tar.gz",
"gid": 0,
"group": "root",
"md5sum": "ba74b22c788a0c8547976b880cd02b17",
"mode": "0644",
"msg": "OK (5691656 bytes)",
"owner": "root",
"size": 5691656,
"src": "/tmp/tmpLdf_hW",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "http://192.168.0.22/download/cmake-2.8.8.tar.gz"
}
完成后查看一下你下载的文件:
[root@Ansible ~]# ansible test -m command -a 'ls /data'
4.13)synchronize模块
目的:将主控方/data目录推送到指定节点的/tmp目录下
命令:ansible test -m synchronize -a 'src=/data/soft dest=/tmp/ compress=yes'
delete=yes 使两边的内容一样(即以推送方为主)
compress=yes 开启压缩,默认为开启
--exclude=.git 忽略同步.git结尾的文件
[root@Ansible ~]# ansible test -m synchronize -a 'src=/data/soft dest=/tmp/ compress=yes'
192.168.0.24 | SUCCESS => {
"changed": true,
"cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh=/usr/bin/ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --out-format=<>%i %n%L /data/soft 192.168.0.24:/tmp/",
"msg": "cd+++++++++ soft/\n"rc": 0,
"stdout_lines": [
"cd+++++++++ soft/",
"""""""""""""""]
}
192.168.0.151 | SUCCESS => {
"changed": true,
"cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh=/usr/bin/ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --out-format=<>%i %n%L /data/soft 192.168.0.151:/tmp/",
"msg": "cd+++++++++ soft/\n"rc": 0,
"stdout_lines": [
"cd+++++++++ soft/",
"""""""""""""""]
}
完成后查看一下你推送的文件:
[root@Ansible ~]# ansible test -m command -a 'ls /tmp'
192.168.0.24 | SUCCESS | rc=0 >>
ansible_88QywI
soft

192.168.0.151 | SUCCESS | rc=0 >>
ansible_lFLfGd
soft