由于线上用的一直是ansible,但是时常的操作也就那么点儿。今儿总结
之前用过saltstack,不可否认saltstack还是遇到各种小问题;后来开始转向研究一下ansible,一来是他不用像saltstack一样每个都要去部署一个客户端,而且有些操作系统.至于执行速度显然不做更多的说法,其实线上三位级别的服务
器,ansible也不慢。
saltstack死活装不上;二来是ansible操作简单,API也是非常的简便。可能跟我掌握不深有关系:
一、ansible安装:
centos6 安装epel源:
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
二、安装ansible非常简便:
yum install ansbile
三、设置主机互信;这样就不用每次执行时候都加用户名密码:
ansible服务端执行:
ssh-keygen -t rsa -P '' ssh-copy-id -i /root/.ssh/id_rsa.pub root@clientIP
使用ansible:
1、配置/etc/ansible/hosts:默认已经给出示例;我们注释掉:
vim /etc/ansible/hosts :%s/^\(\)/\#1/g
添加主机组:
[client] 192.168.63.192 192.168.63.198
2、测试是否成功添加:
[root@hashlinux ansible]# ansible client -m ping 192.168.63.192 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.63.198 | SUCCESS => { "changed": false, "ping": "pong" }
当然也支持单台主机或者正则:
[root@hashlinux ansible]# ansible 192.168.63.* -m ping 192.168.63.192 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.63.198 | SUCCESS => { "changed": false, "ping": "pong" }
3、帮助文档查看:
[root@hashlinux ansible]# ansible-doc -l
具体单个模块帮助
[root@hashlinux ansible]# ansible-doc -s copy
4、远程命令模块默认什么都不加是执行commond模块,还有shell模块,raw模块:
[root@hashlinux ansible]# ansible client -a "uptime" 192.168.63.192 | SUCCESS | rc=0 >> 10:46:54 up 37 min, 1 user, load average: 0.00, 0.01, 0.05 192.168.63.198 | SUCCESS | rc=0 >> 10:46:55 up 40 min, 1 user, load average: 0.00, 0.01, 0.05 [root@hashlinux ansible]# ansible client -m shell -a "uptime" 192.168.63.198 | SUCCESS | rc=0 >> 10:48:28 up 41 min, 1 user, load average: 0.00, 0.01, 0.05 192.168.63.192 | SUCCESS | rc=0 >> 10:48:27 up 38 min, 1 user, load average: 0.00, 0.01, 0.05
raw模块中间是可以加管道的:
[root@hashlinux ansible]# ansible client -m raw -a "ps -ef | grep xinetd" 192.168.63.192 | SUCCESS | rc=0 >> root 983 1 0 10:10 ? 00:00:00 /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid root 2632 2608 0 10:49 pts/0 00:00:00 bash -c ps -ef | grep xinetd 192.168.63.198 | SUCCESS | rc=0 >> root 998 1 0 10:07 ? 00:00:00 /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid root 2653 2629 0 10:49 pts/0 00:00:00 bash -c ps -ef | grep xinetd
5、yum模块远程安装服务:
[root@hashlinux ansible]# ansible client -m yum -a "name=httpd state=present"
远程shell方式启动服务:
[root@hashlinux ansible]#ansible keepalived -m shell -a "service httpd restart"
以service模块来管理启动:
[root@hashlinux ansible]# ansible client -m service -a "name=httpd state=restarted"
6、推送文件模块:
[root@hashlinux ~]# ansible client -m copy -a "src=/root/hashlinux.txt dest=/tmp" 192.168.63.192 | SUCCESS => { "changed": true, "checksum": "4ecf4faee5813e8d0fd9c4d94ed93306c0ac0527", "dest": "/tmp/hashlinux.txt", "gid": 0, "group": "root", "md5sum": "fdf76f6cfbca661e39e0bf710ae8b310", "mode": "0755", "owner": "root", "size": 13, "src": "/root/.ansible/tmp/ansible-tmp-1458448180.46-3214309858488/source", "state": "file", "uid": 0 }
远程查看文件:
[root@hashlinux ~]# ansible client -a "cat /tmp/hashlinux.txt" 192.168.63.198 | SUCCESS | rc=0 >> hashlinux.text 192.168.63.192 | SUCCESS | rc=0 >> hashlinux.text
7、修改用户的权限:
远程查看文件权限:
[root@hashlinux ~]# ansible client -a "ls -l /tmp/hashlinux.txt" 192.168.63.198 | SUCCESS | rc=0 >> -rwxr-xr-x 1 root root 13 Mar 22 11:19 /tmp/hashlinux.txt 192.168.63.192 | SUCCESS | rc=0 >> -rwxr-xr-x 1 root root 13 Mar 22 11:19 /tmp/hashlinux.txt
修改所属组和用户:
[root@hashlinux ~]# ansible client -m file -a "dest=/tmp/hashlinux.txt mode=755 owner=hashlinux group=hashlinux" 192.168.63.192 | SUCCESS => { "changed": true, "gid": 1002, "group": "hashlinux", "mode": "0755", "owner": "hashlinux", "path": "/tmp/hashlinux.txt", "size": 13, "state": "file", "uid": 1002 } 192.168.63.198 | SUCCESS => { "changed": false, "gid": 1002, "group": "hashlinux", "mode": "0755", "owner": "hashlinux", "path": "/tmp/hashlinux.txt", "size": 13, "state": "file", "uid": 1002 }
查看权限修改:
[root@hashlinux ~]# ansible client -a "ls -l /tmp/hashlinux.txt" 192.168.63.198 | SUCCESS | rc=0 >>-rwxr-xr-x 1 hashlinux hashlinux 13 Mar 22 11:19 /tmp/hashlinux.txt 192.168.63.192 | SUCCESS | rc=0 >>-rwxr-xr-x 1 hashlinux hashlinux 13 Mar 22 11:19 /tmp/hashlinux.txt
8、客户端数据采集类似saltstack 的grain模块(只是显示一部分):
[root@hashlinux ansible]# ansible client -m setup 192.168.63.198 | SUCCESS => { "ansible_facts": { "ansible_all_ipv4_addresses": [ "172.17.2.1", "192.168.63.198" ], "ansible_all_ipv6_addresses": [ "fe80::20c:29ff:fe86:7901" ], "ansible_architecture": "x86_64", "ansible_bios_date": "06/02/2011", "ansible_bios_version": "6.00", "ansible_cmdline": { "BOOT_IMAGE": "/vmlinuz-3.10.0-327.el7.x86_64", "LANG": "en_US.UTF-8", "crashkernel": "auto", "quiet": true, "rd.lvm.lv": "centos/swap", "rhgb": true, "ro": true, "root": "/dev/mapper/centos-root" },
一些常用操作:
ansible ctx_gs -m shell -a "uptime" |grep "average:"|ansible ctx_gs -m shell -a "uptime" |grep "load average"|awk '{print $10,$11,$12}‘ ansible ctx_gs -m shell -a "sed -n '8'p /home/tomcat/qmctx/gs/gs.cfg" ansible ctx_gs -m shell -a "ps -ef |grep java |grep -v grep " ........................
’还有很多模块,这里只是一小部分,当然还有一个强大的playbook后续继续更新。