ansible自动化运维1

文章目录

  • 1, 安装ansible
    • 查看使用帮助: command,shell,file,copy,fetch,yum,service,systemd
  • 2, ansible基础模块:command,shell,script,yum
    • a, command模块(普通shell命令)
    • b, shell模块(复杂shell命令)
    • c, script模块:远程其他主机,运行本地的脚步
    • d, yum模块: 软件管理
    • e, service模块:start,stop,restart, 服务开机启动
  • 3, ansible 文件管理模块:file, copy, fetch
    • a, 文件/目录(file):基本操作(touch, ln ,rm, chmod, chown)
    • b, 上传数据到远程主机(copy):文件/目录
    • c, 下载远程主机文件(fetch)
  • 4, ansible 获取远程主机信息:setup
  • 5, ansible以普通用户登录远程主机并使用sudo命令

ansible只需要在任意的控制节点安装一个ansible后,即可通过ssh 连接来控制/etc/ansible/hosts配置的所有节点(所以只要事先建立了控制节点到所有其他主机的免密码登录,即可立马使用ansible)

1, 安装ansible

#centos
sudo yum -y install epel-release
sudo yum - y install ansible 
#仅下载安装包(以备离线使用): yum会自动创建指定的下载目录
# yum -y install ansible  --downloadonly --downloaddir=ansible_rpms

#ubuntu
sudo apt install ansible -y 

配置此控制节点ssh免密码登录其他节点,并配置那些节点的ip

#1,ssh-copy-id 所有的节点
#2,  配置/etc/ansible/hosts文件:比如有分三个组(hdfs, yarn, hbase)
cat   >>/etc/ansible/hosts <<EOF
docker  ansible_ssh_host=192.168.56.201
[hdfs]
192.168.56.100
192.168.56.101
                                                                                                      
[host2]                                                                                                     
c[1:6]                                                                                                      
192.168.56.1[60:70]                                                                                         
                                                                                                            
[cdh]                                                                                                       
c6 ansible_port=22 ansible_host=192.168.56.160 ansible_ssh_user="root" ansible_ssh_pass="vagrant"           
EOF

查看使用帮助: command,shell,file,copy,fetch,yum,service,systemd

[root@eadage ~]# ansible-doc 
Usage: ansible-doc [-l|-F|-s] [options] [-t <plugin type> ] [plugin]
plugin documentation tool

Options:
  -a, --all             **For internal testing only** Show documentation for
                        all plugins.
  -h, --help            show this help message and exit
  -j, --json            **For internal testing only** Dump json metadata for
                        all plugins.
  -l, --list            List available plugins
  -F, --list_files      Show plugin names and their source files without
                        summaries (implies --list)
  -M MODULE_PATH, --module-path=MODULE_PATH
                        prepend colon-separated path(s) to module library
                        (default=[u'/root/.ansible/plugins/modules',
                        u'/usr/share/ansible/plugins/modules'])
  -s, --snippet         Show playbook snippet for specified plugin(s)
  -t TYPE, --type=TYPE  Choose which plugin type (defaults to "module")
  -v, --verbose         verbose mode (-vvv for more, -vvvv to enable
                        connection debugging)
  --version             show program's version number and exit

See man pages for Ansible CLI options or website for tutorials
https://docs.ansible.com
ERROR! Incorrect options passed


## 1,查看基本模块
[root@eadage ~]# ansible-doc -l |grep -E "^(command|shell|file|copy|fetch|yum|service|systemd) "
command                                              Executes a command on a remote node                                                                                
copy                                                 Copies files to remote locations                                                                                   
fetch                                                Fetches a file from remote nodes                                                                                   
file                                                 Sets attributes of files                                                                                           
service                                              Manage services                                                                                                    
shell                                                Execute commands in nodes.                                                                                         
systemd                                              Manage services                                                                                                    
yum                                                  Manages packages with the `yum' package manager                                                                    

## 2,查看模块使用帮助
[root@eadage ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
  ping:
      data:                  # Data to return for the `ping' return value. If this parameter is set to `crash', the module will cause an exception.
You have mail in /var/spool/mail/root
# 测试基本语法:ping所有节点
[root@docker ansible]# ansible all -m ping
192.168.56.100 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

2, ansible基础模块:command,shell,script,yum

  • 命令使用:ansible 【节点ip】 -m 【command模块】 -a(参数args) ‘echo hello!’

a, command模块(普通shell命令)

普通命令:cp,cat ,ls, date

# 远程控制其他节点:执行简单shell命令
#--------------- 以单个ip为单元,一一执行命令
[root@docker ansible]# ansible 192.168.56.144  -m command -a 'echo hello!' 
#简写为:              ansible 192.168.56.100             -a 'echo a' 
192.168.56.100 | SUCCESS | rc=0 >>
a

#--------------- 以组为单元,批量执行命令
[root@docker ansible]# ansible hdfs -a 'date'
192.168.56.100 | SUCCESS | rc=0 >>
2019年 08月 12日 星期一 11:02:03 CST
....

### 以指定的普通用户远程控制节点
[root@eadage ansible]# ansible docker -u docker  -a 'ls ~ '
192.168.56.201 | SUCCESS | rc=0 >>

### 以用户 sudo权限远程控制节点
[root@eadage ansible]# ansible docker --become  -a 'ls /root/.ssh '
192.168.56.201 | SUCCESS | rc=0 >>
authorized_keys

b, shell模块(复杂shell命令)

复杂命令: 多条命令组合,重定向,用户管理

[root@eadage ansible]# ansible docker -m shell -u docker -a 'cd ~; pwd '
192.168.56.201 | SUCCESS | rc=0 >>
/home/docker


#原有一个a.txt 文件:内容是 abc, 通过shell模块修改为123
[root@eadage ansible]# ansible docker -m shell -a 'cat /root/a.txt; echo 123 >/root/a.txt ;cat /root/a.txt '
192.168.56.201 | SUCCESS | rc=0 >>
abc
123

c, script模块:远程其他主机,运行本地的脚步

有时在远程时,命令太多,不方便在命令行直接写,可以在本地写好后,使用script模块直接运行该脚步,以传入命令

#1, 编写本地的脚本文件
[root@eadage ~]# cat a.sh 
echo `date` >/a.txt
cat /a.txt

#2,ansible 执行脚步
[root@eadage ~]# ansible node2 -a 'cat /a.txt'
node2 | FAILED | rc=1 >>
cat: /a.txt: 没有那个文件或目录non-zero return code

[root@eadage ~]# ansible node2 -m script -a 'a.sh'
node2 | SUCCESS => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to node2 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to node2 closed."
    ], 
    "stdout": "2019年 08月 12日 星期一 12:37:19 CST\r\n", 
    "stdout_lines": [
        "2019年 08月 12日 星期一 12:37:19 CST"
    ]
}

[root@eadage ~]# ansible node2 -a 'cat /a.txt'
node2 | SUCCESS | rc=0 >>
2019年 08月 12日 星期一 12:37:19 CST

d, yum模块: 软件管理

#---------------安装软件
[root@eadage ansible]# ansible docker -m yum -a 'name=httpd state=installed' #latest, present
192.168.56.150 | SUCCESS => {
    "changed": false, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "httpd-2.4.6-89.el7.centos.1.x86_64 providing httpd is already installed"
    ]
}

#---------------卸载软件
[root@eadage ansible]# ansible docker -m yum -a 'name=httpd state=absent'
192.168.56.100 | SUCCESS => {
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "...正在删除    : httpd-2.4.6-89.el7.centos.1.x86_64              1/1 \n  验证中      : httpd-2.4.6-89.el7.centos.1.x86_64                1/1 \n\n删除:\n  httpd.x86_64 0:2.4.6-89.el7.centos.1                                          \n\n完毕!\n"
    ]
}

e, service模块:start,stop,restart, 服务开机启动

## 启动服务
[root@eadage ~]# ansible docker2 -m service -a "name=httpd state=started enabled=yes"
docker2 | SUCCESS => {
    "changed": true, 
    "enabled": true, 
    "name": "httpd", 
    "state": "started", 
    "status": {
        "ActiveEnterTimestampMonotonic": "0", 
     .....
[root@eadage ~]# ansible docker2 -m shell -a "ss -nltp |grep :80"
docker2 | SUCCESS | rc=0 >>
LISTEN     0      128         :::80                      :::*                   users:(("httpd",pid=10907,fd=4),("httpd",pid=10906,fd=4),("httpd",pid=10905,fd=4),("httpd",pid=10904,fd=4),("httpd",pid=10903,fd=4),("httpd",pid=10783,fd=4))        

3, ansible 文件管理模块:file, copy, fetch

a, 文件/目录(file):基本操作(touch, ln ,rm, chmod, chown)

  • 格式: -m file -a “path=xxx state=file, directory, link, hard, touch, absent force=yes recurse=yes”
## 创建空文件:指定文件属性(属主,属组,访问权限)
[root@eadage ~]# ansible docker2 -m file -a 'path=/tmp/file.txt state=touch owner=docker group=docker mode=600'
docker2 | SUCCESS => {
    "changed": true, 
    "dest": "/tmp/file.txt", 
    "gid": 994, 
    "group": "docker", 
    "mode": "0600", 
    "owner": "docker", 
    "size": 0, 
    "state": "file", 
    "uid": 1002
}
## 软链接
[root@eadage ~]# ansible docker2 -m file -a 'path=/tmp/txtlink2 state=link src=/tmp/txt force=yes'
docker2 | SUCCESS => {
    "changed": true, 
    "dest": "/tmp/txtlink2", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "size": 8, 
    "src": "/tmp/txt", 
    "state": "link", 
    "uid": 0
}
## 递归 创建目录
[root@eadage ~]# ansible docker2 -m file -a 'path=/tmp/x/y/z state=directory recurse=yes'
docker2 | SUCCESS => {
    "changed": false, 
    "gid": 994, 
    "group": "docker", 
    "mode": "0700", 
    "owner": "docker", 
    "path": "/tmp/x/y/z", 
    "size": 6, 
    "state": "directory", 
    "uid": 1002
}

b, 上传数据到远程主机(copy):文件/目录

## 复制文件:指定数据内容
[root@eadage ~]# ansible docker2 -m copy -a "content='aaa\nbbb\nccc' dest=/tmp/txt/a.txt"
docker2 | SUCCESS => {
    "changed": true, 
    "checksum": "b84f2bbcb7f61aeb6ba000b64c880381ea003f2a", 
    "dest": "/tmp/txt/a.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "d6b3c89fb1fd34be8efa2c861fc2afaf", 
    "mode": "0644", 
    "owner": "root", 
    "size": 11, 
    "src": "/root/.ansible/tmp/ansible-tmp-1582876822.58-58901067897468/source", 
    "state": "file", 
    "uid": 0
}
[root@eadage ~]# ansible docker2 -a "cat /tmp/txt/a.txt"
docker2 | SUCCESS | rc=0 >>
aaa
bbb
ccc

##复制本机文件 到 远程主机
[root@eadage ~]# cat /a.sh 
echo 123
hostname
date
docker ps
[root@eadage ~]# ansible docker2 -m copy -a "src=/a.sh dest=/tmp/txt/a.sh"
docker2 | SUCCESS => {
    "changed": true, 
    "checksum": "9eb7ec6de992e871a41ae322bbc243841c506c81", 
    "dest": "/tmp/txt/a.sh", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "7bd58928da98293184a47026cba64c4b", 
    "mode": "0644", 
    "owner": "root", 
    "size": 33, 
    "src": "/root/.ansible/tmp/ansible-tmp-1582877022.12-32612697492794/source", 
    "state": "file", 
    "uid": 0
}
[root@eadage ~]# ansible docker2 -a "cat /tmp/txt/a.sh"
docker2 | SUCCESS | rc=0 >>
echo 123
hostname
date
docker ps

##拷贝目录
[root@eadage ~]# ls aa
libaio-0.3.109-13.el7.x86_64.rpm
[root@eadage ~]# ansible docker2 -m copy -a "src=aa dest=/tmp/txt/"
docker2 | SUCCESS => {
    "changed": true, 
    "checksum": "d4f3116170a0fd27bf76be1a89b0b60fdc837351", 
    "dest": "/tmp/txt/aa/libaio-0.3.109-13.el7.x86_64.rpm", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "dd64d6583be1c37187a8cd93a3f6b4dd", 
    "mode": "0644", 
    "owner": "root", 
    "size": 21708, 
    "src": "/root/.ansible/tmp/ansible-tmp-1582877460.12-164061754058809/source", 
    "state": "file", 
    "uid": 0
}
You have mail in /var/spool/mail/root
[root@eadage ~]# ansible docker2 -a "ls /tmp/txt/aa"
docker2 | SUCCESS | rc=0 >>
libaio-0.3.109-13.el7.x86_64.rpm

c, 下载远程主机文件(fetch)

[root@eadage ~]# ansible docker2 -m fetch -a "src=/tmp/txt/aa/libaio-0.3.109-13.el7.x86_64.rpm dest=/aa/ "
docker2 | SUCCESS => {
    "changed": true, 
    "checksum": "d4f3116170a0fd27bf76be1a89b0b60fdc837351", 
    "dest": "/aa/docker2/tmp/txt/aa/libaio-0.3.109-13.el7.x86_64.rpm", 
    "md5sum": "dd64d6583be1c37187a8cd93a3f6b4dd", 
    "remote_checksum": "d4f3116170a0fd27bf76be1a89b0b60fdc837351", 
    "remote_md5sum": null
}
[root@eadage ~]# ls /aa/docker2/tmp/txt/aa/
libaio-0.3.109-13.el7.x86_64.rpm

[root@eadage ~]# ansible docker2 -m fetch -a "src=/tmp/txt/aa/libaio-0.3.109-13.el7.x86_64.rpm dest=/aa/ flat=yes "
docker2 | SUCCESS => {
    "changed": true, 
    "checksum": "d4f3116170a0fd27bf76be1a89b0b60fdc837351", 
    "dest": "/aa/libaio-0.3.109-13.el7.x86_64.rpm", 
    "md5sum": "dd64d6583be1c37187a8cd93a3f6b4dd", 
    "remote_checksum": "d4f3116170a0fd27bf76be1a89b0b60fdc837351", 
    "remote_md5sum": null
}
[root@eadage ~]# ls /aa/
docker2  libaio-0.3.109-13.el7.x86_64.rpm

4, ansible 获取远程主机信息:setup

  • 获取远程主机的:IP, 主机名, 操作系统类型, cpu数量…
[root@eadage ~]# ansible docker2 -m setup -a 'filter=ansible_default_ipv4'
docker2 | SUCCESS => {
    "ansible_facts": {
        "ansible_default_ipv4": {
            "address": "172.16.189.142", 
            "alias": "ens33", 
            "broadcast": "172.16.189.255", 
            "gateway": "172.16.189.2", 
            "interface": "ens33", 
            "macaddress": "00:0c:29:6b:2d:20", 
            "mtu": 1500, 
            "netmask": "255.255.255.0", 
            "network": "172.16.189.0", 
            "type": "ether"
        }
    }, 
    "changed": false
}

[root@eadage ~]# ansible docker2 -m setup
docker2 | SUCCESS => {
 "ansible_facts": {
        "ansible_all_ipv4_addresses": [
            "172.30.0.1", 
            "172.18.0.1", 
            "172.17.0.1", 
            "172.16.189.142", 
            "172.16.98.184", 
            "172.19.0.1", 
            "172.20.0.1", 
            "172.21.0.1"
        ], 
        .....
        "ansible_nodename": "docker2", 
        "ansible_os_family": "RedHat", 
        "ansible_pkg_mgr": "yum", 

        "ansible_processor_cores": 2, 
        "ansible_processor_count": 8, 
        "ansible_processor_vcpus": 16,
        ....

5, ansible以普通用户登录远程主机并使用sudo命令

###1, 配置远程主机的: 登录用户名,密码/ssh私钥文件,sudo密码
wang@wang-T58-V:~/vagrant/c6$ tail -2 /etc/ansible/hosts
#c6 ansible_ssh_host=192.168.56.66 ansible_ssh_user="test" ansible_ssh_pass="test" ansible_sudo_pass="test"
#c6 ansible_ssh_host=192.168.56.66 ansible_ssh_user="test" ansible_ssh_private_key_file="id_rsa"  ansible_sudo_pass="test"
c6 ansible_ssh_host=192.168.56.66 ansible_ssh_user="test" ansible_ssh_private_key_file="id_rsa"

###2, 以普通用户test登录远程主机,执行sudo命令
# sudo apt install sshpass #在使用密码登录远程主机时,会提示需要安装此包
wang@wang-T58-V:~/vagrant/c6$ ls
id_rsa  Vagrantfile

wang@wang-T58-V:~/vagrant/c6$ ansible c6 -a 'whoami'
c6 | SUCCESS | rc=0 >>
test

wang@wang-T58-V:~/vagrant/c6$ ansible c6 -s --ask-su-pass -a 'whoami'
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6. 
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: The su command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6. 
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
SUDO password: #输入远程主机test用户的sudo密码
c6 | SUCCESS | rc=0 >>
root

你可能感兴趣的:(linux系统)